Counting Points on Curves of the Form y m 1 = c 1x n 1 + c 2x n 2 y m 2

Similar documents
Equal Compositions of Rational Functions

Representations of Cherednik Algebras

Counting points on hyperelliptic curves

Computing L-series of geometrically hyperelliptic curves of genus three. David Harvey, Maike Massierer, Andrew V. Sutherland

Counting points on smooth plane quartics

A-2. Polynomials and Factoring. Section A-2 1

Elliptic Curves, Factorization, and Cryptography

FINITE GROUPS AND EQUATIONS OVER FINITE FIELDS A PROBLEM SET FOR ARIZONA WINTER SCHOOL 2016

Counting points on elliptic curves over F q

We say that a polynomial is in the standard form if it is written in the order of decreasing exponents of x. Operations on polynomials:

Commutators in the Steenrod algebra

HOME ASSIGNMENT: ELLIPTIC CURVES OVER FINITE FIELDS

Elliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.

Cryptography: Joining the RSA Cryptosystem

Lesson 3: Polynomials and Exponents, Part 1

20 The modular equation

Arithmétique et Cryptographie Asymétrique

Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring

Deterministic Polynomial Time Equivalence of Computing the RSA Secret Key and Factoring

Introduction to Elliptic Curve Cryptography. Anupam Datta

Factoring. there exists some 1 i < j l such that x i x j (mod p). (1) p gcd(x i x j, n).

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

20 The modular equation

Construction of latin squares of prime order

Unit 13: Polynomials and Exponents

Elliptic Curves and Mordell s Theorem

Introduction to Arithmetic Geometry

Hypersurfaces and the Weil conjectures

arithmetic properties of weighted catalan numbers

Theoretical Cryptography, Lecture 13

Elliptic Curves Spring 2013 Lecture #8 03/05/2013

Limits of Interlacing Eigenvalues in the Tridiagonal β-hermite Matrix Model

Elliptic Curves: Theory and Application

correlated to the Utah 2007 Secondary Math Core Curriculum Algebra 1

Distinguishing prime numbers from composite numbers: the state of the art. D. J. Bernstein University of Illinois at Chicago

NORTHWESTERN UNIVERSITY Thrusday, Oct 6th, 2011 ANSWERS FALL 2011 NU PUTNAM SELECTION TEST

arxiv: v1 [cs.sc] 17 Apr 2013

Number Fields Generated by Torsion Points on Elliptic Curves

Solving Quadratic Equations

How to write polynomials in standard form How to add, subtract, and multiply polynomials How to use special products to multiply polynomials

LESSON 7.2 FACTORING POLYNOMIALS II

{ independent variable some property or restriction about independent variable } where the vertical line is read such that.

CPSC 467b: Cryptography and Computer Security

PARALLEL MULTIPLICATION IN F 2

8 Elliptic Curve Cryptography

Counting Points on Curves using Monsky-Washnitzer Cohomology

review To find the coefficient of all the terms in 15ab + 60bc 17ca: Coefficient of ab = 15 Coefficient of bc = 60 Coefficient of ca = -17

9 Knapsack Cryptography

R.5 Factoring Polynomials 1

Simplifying Rational Expressions and Functions

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

HASSE-MINKOWSKI THEOREM

20A. Build. Build and add. Build a rectangle and find the area (product). l e s s o n p r a c t i c e 1. X X X 2 + 6X X

Unit 3 Vocabulary. An algebraic expression that can contains. variables, numbers and operators (like +, An equation is a math sentence stating

Degrees of Regularity of Colorings of the Integers

Higher Hasse Witt matrices. Masha Vlasenko. June 1, 2016 UAM Poznań

Definition For a set F, a polynomial over F with variable x is of the form

CPSC 467: Cryptography and Computer Security

Linear Algebra Section 2.6 : LU Decomposition Section 2.7 : Permutations and transposes Wednesday, February 13th Math 301 Week #4

Elliptic Curves over Finite Fields

Homework #2 solutions Due: June 15, 2012

Number, Number Sense, and Operations Data Analysis and Probability

Lesson 3 Algebraic expression: - the result obtained by applying operations (+, -,, ) to a collection of numbers and/or variables o

Distinguishing prime numbers from composite numbers: the state of the art. D. J. Bernstein University of Illinois at Chicago

Polynomial Interpolation in the Elliptic Curve Cryptosystem

William Stallings Copyright 2010

Discrete Math, Fourteenth Problem Set (July 18)

Subquadratic Space Complexity Multiplication over Binary Fields with Dickson Polynomial Representation

Shor s Prime Factorization Algorithm

Fields in Cryptography. Çetin Kaya Koç Winter / 30

AMICABLE PAIRS AND ALIQUOT CYCLES FOR ELLIPTIC CURVES OVER NUMBER FIELDS

Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi s RSA

Equidistributions in arithmetic geometry

Math 10-C Polynomials Concept Sheets

Math Lecture 18 Notes

On the Splitting of MO(2) over the Steenrod Algebra. Maurice Shih

Factoring Trinomials of the Form ax 2 + bx + c, a 1

Cylindric Young Tableaux and their Properties

MAT 1332: CALCULUS FOR LIFE SCIENCES. Contents. 1. Review: Linear Algebra II Vectors and matrices Definition. 1.2.

Multiplication of Polynomials

Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.

An Introduction to Elliptic Curve Cryptography

ZEROS OF POLYNOMIAL FUNCTIONS ALL I HAVE TO KNOW ABOUT POLYNOMIAL FUNCTIONS

A Variation of the nil-temperley-lieb algebras of type A

Scalar multiplication in compressed coordinates in the trace-zero subgroup

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Sums of Squares. Bianca Homberg and Minna Liu

Counting points on genus 2 curves over finite

Finding small factors of integers. Speed of the number-field sieve. D. J. Bernstein University of Illinois at Chicago

Computing zeta functions of certain varieties in larger characteristic

Identifying supersingular elliptic curves

27 Wyner Math 2 Spring 2019

Unit 1 Vocabulary. A function that contains 1 or more or terms. The variables may be to any non-negative power.

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

14 Ordinary and supersingular elliptic curves

Algebra I Unit Report Summary

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Lesson 2: Introduction to Variables

Transcription:

Counting Points on Curves of the Form y m 1 = c 1x n 1 + c 2x n 2 y m 2 Matthew Hase-Liu Mentor: Nicholas Triantafillou Sixth Annual Primes Conference 21 May 2016

Curves Definition A plane algebraic curve is defined as the set of points in a plane consisting of the zeroes of some polynomial in two variables.

Curves Definition A plane algebraic curve is defined as the set of points in a plane consisting of the zeroes of some polynomial in two variables. Example x 2 + y 2 = 1 over R 2 :

Curves Consider points with integer coordinates modulo a prime.

Curves Consider points with integer coordinates modulo a prime. Definition F p is the set of elements that consist of the integers modulo a prime p. Remark If you know what a field is, we are looking at plane algebraic curves over the finite field F p.

Curves Consider points with integer coordinates modulo a prime. Definition F p is the set of elements that consist of the integers modulo a prime p. Remark If you know what a field is, we are looking at plane algebraic curves over the finite field F p. Definition Given a curve C, define C (F p ) as the points that satisfy C (x, y) = 0, along with points at infinity.

Curves Well-known curves Elliptic curves: y 2 = x 3 + ax + b Hyperelliptic curves: y 2 = f (x), where deg (f ) > 4 Superelliptic curves: y m = f (x)

Curves Well-known curves Elliptic curves: y 2 = x 3 + ax + b Hyperelliptic curves: y 2 = f (x), where deg (f ) > 4 Superelliptic curves: y m = f (x) Curve of interest: y m 1 = c 1 x n 1 + c 2 x n 2 y m 2 (trinomial curve)

Curves Well-known curves Elliptic curves: y 2 = x 3 + ax + b Hyperelliptic curves: y 2 = f (x), where deg (f ) > 4 Superelliptic curves: y m = f (x) Curve of interest: y m 1 = c 1 x n 1 + c 2 x n 2 y m 2 (trinomial curve) y 2 = x 5 +5 y 2 = x 3 +2x+3 (F 263 ) y 2 = x 3 +2x+3 (F 2089 )

Main Problem Main Problem What is #C (F p )?

Main Problem Main Problem What is #C (F p )? Theorem (Hasse-Weil bound) Let C be the curve of interest: y m 1 = c 1 x n 1 + c 2 x n 2 y m 2. Then, #C (F p ) p 1 2g p, where g is some polynomial function of m 1, m 2, n 1, and n 2.

Main Problem Main Problem What is #C (F p )? Theorem (Hasse-Weil bound) Let C be the curve of interest: y m 1 = c 1 x n 1 + c 2 x n 2 y m 2. Then, #C (F p ) p 1 2g p, where g is some polynomial function of m 1, m 2, n 1, and n 2. Idea If p is large, then all we need is #C (F p ) (mod p).

Main Problem Main Problem What is #C (F p )? Naïve approach: try all values of (x, y) F 2 p (very slow) Better approach: find #C (F p ) (mod p) and use Hasse-Weil bound (much faster)

Hasse-Witt Matrix Definition (informal) Define H 1 (C, O C ) as the set of bivariate polynomials made from combining certain monomials modulo the equation of the curve.

Hasse-Witt Matrix Definition (informal) Define H 1 (C, O C ) as the set of bivariate polynomials made from combining certain monomials modulo the equation of the curve. Definition The Hasse-Witt matrix of a curve C is defined as the matrix corresponding to the pth power mapping on the vector space H 1 (C, O C ).

Hasse-Witt Matrix Theorem If A is the Hasse-Witt matrix of some curve C over some field F p, #C (F p ) 1 tr (A) (mod p). Remark If p is large, we only need to find tr (A) (mod p).

Hasse-Witt Matrix Example Hasse-Witt matrix of y 3 = x 6 + 1 over F 7 is ( ) 4 0 0 0 1 ( ) 2 0 0 0 1 ( ) 4 0 0 0 2 ( ) 4 0 0 0 3. #C (F 7 ) 1 (( ) 4 + 1 6 (mod 7). ( ) 2 + 1 ( ) 4 + 2 ( )) 4 (mod 7) 3

Counting Paths Instead of Points Definition Let C be a curve of the form y m 1 = c 1 x n 1 + c 2 x n 2 y m 2. Define S (C) to be the set of lattice points (i, j) such that i (m 1 m 2 ) + jn 2 < 0, im 1 + jn 1 > 0, 1 j m 1 1, and i 1. Remark (i, j) corresponds to x i y j H 1 (C, O C ). The monomials corresponding to points in S (C) give us a basis for H 1 (C, O C ).

Remark (i, j) corresponds to x i y j H 1 (C, O C ). The monomials corresponding to points in S (C) give us a basis for H 1 (C, O C ). Counting Paths Instead of Points Example S (C) for C : y 3 x 4 x = 0

Counting Paths Instead of Points Redefinition If x pi y pj =... + a u,v x u y v +..., the entry of the Hasse-Witt matrix in the i, j column and u, v row is a u,v.

Counting Paths Instead of Points Redefinition If x pi y pj =... + a u,v x u y v +..., the entry of the Hasse-Witt matrix in the i, j column and u, v row is a u,v. Example C : y 3 = x 4 + x, where p = 19 S (C) = {( 1, 1), ( 1, 2), ( 2, 2)}

Counting Paths Instead of Points Redefinition If x pi y pj =... + a u,v x u y v +..., the entry of the Hasse-Witt matrix in the i, j column and u, v row is a u,v. Example C : y 3 = x 4 + x, where p = 19 S (C) = {( 1, 1), ( 1, 2), ( 2, 2)} For ( 1, 1) : x 19 y 19 = x 19 y 16 y 3 = x 19 y 16 ( x 4 + x ). = x 15 y 16 + x 18 y 16 = x 11 y 13 + 2x 14 y 13 + x 17 y 13 =... + 15x 1 y +...

Counting Paths Instead of Points Example C : y 3 = x 4 + x, where p = 19 For ( 1, 1) : x 19 y 19 = x 19 y 16 y 3 = x 19 y 16 ( x 4 + x ) = x 15 y 16 + x 18 y 16 = x 11 y 13 + 2x 14 y 13 + x 17 y 13

Counting Paths Instead of Points Recall that the curve of interest is C : y m 1 = c 1 x n 1 + c 2 x n 2 y m 2.

Counting Paths Instead of Points Recall that the curve of interest is C : y m 1 = c 1 x n 1 + c 2 x n 2 y m 2. Question How many paths are there from (pi, pj) to (u, v) if only steps of n 1, m 1 and n 2, m 2 m 1 are allowed?

Counting Paths Instead of Points Recall that the curve of interest is C : y m 1 = c 1 x n 1 + c 2 x n 2 y m 2. Question How many paths are there from (pi, pj) to (u, v) if only steps of n 1, m 1 and n 2, m 2 m 1 are allowed? Answer Assume there are k 1 of ( n 1, m 1 ) and k 2 of n 2, m 2 m 1. Then, k1 + k 2 the number of paths is, where k 1 = (m 1 m 2 )(pi u) n 2 (pj v) m 1 n 1 m 1 n 2 m 2 n 1 k 1 and k 2 = n 1(pj v) m 1 (pi u) m 1 n 1 m 1 n 2 m 2 n 1.

Counting Paths Instead of Points Example Number of paths from ( 19, 19) to ( 1, 1) using 4, 3 and 1, 3. ( Requires ) four of 4, 3 and two of 1, 3, so number of paths is 6 = 15. 4

Number of Points Modulo p Diagonal entries of the Hasse-Witt matrix correspond to paths from (pi, pj) to (i, j).

Number of Points Modulo p Diagonal entries of the Hasse-Witt matrix correspond to paths from (pi, pj) to (i, j). Theorem (Hase-Liu) If C is the curve y m 1 = c 1 x n 1 + c 2 x n 2 y m 2, #C (F p ) 1 ( ) k1 + k 2 c k 1 1 ck 2 2 (mod p), (i,j) S(C) where k 1 = (p 1)(i(m 2 m 1 ) jn 2 ) m 1 n 1 m 1 n 2 m 2 n 1 and k 2 = (p 1)(jn 1+im 1 ) m 1 n 1 m 1 n 2 m 2 n 1. k 1

Summary Steps to computing #C (F p ): Find S (C)

Summary Steps to computing #C (F p ): Find S (C) Compute diagonal entries of Hasse-Witt matrix by finding number of paths from (pi, pj) to (i, j)

Summary Steps to computing #C (F p ): Find S (C) Compute diagonal entries of Hasse-Witt matrix by finding number of paths from (pi, pj) to (i, j) Use fact that #C (F p ) 1 tr (A) (mod p)

Summary Steps to computing #C (F p ): Find S (C) Compute diagonal entries of Hasse-Witt matrix by finding number of paths from (pi, pj) to (i, j) Use fact that #C (F p ) 1 tr (A) (mod p) Finish with Hasse-Weil bound

Demo Example C : y 3 x 4 x = 0, where p = 19 Allowed steps: 4, 3 and 1, 3

Demo Example S (C) for C : y 3 x 4 x = 0

Demo Example C : y 3 x 4 x = 0, where p = 19 Allowed steps: 4, 3 and 1, 3 S (C) = {( 1, 1), ( 1, 2), ( 2, 2)}

Demo Example Number of paths from ( 19, 19) to ( 1, 1) using 4, 3 and 1, 3. ( Requires ) four of 4, 3 and two of 1, 3, so number of paths is 6 = 15. 4

Demo Example C : y 3 x 4 x = 0, where p = 19 S (C) = {( 1, 1), ( 1, 2), ( 2, 2)} Allowed steps: 4, 3 and 1, 3 Number of paths from ( 19, 19) to ( 1, 1): Number of paths from ( 19, 38) to ( 1, 2): Number of paths from ( 38, 38) to ( 2, 2): ( ) 6 4 ( ) 12 2 ( ) 12 8

Demo Example C : y 3 x 4 x = 0, where p = 19 S (C) = {( 1, 1), ( 1, 2), ( 2, 2)} Allowed steps: 4, 3 and 1, 3 ( ) 6 Number of paths from ( 19, 19) to ( 1, 1): 4 ( ) 12 Number of paths from ( 19, 38) to ( 1, 2): 2 ( ) 12 Number of paths from ( 38, 38) to ( 2, 2): 8 #C (F p ) 1 (( ) 6 + 4 ( ) 12 + 2 ( )) 12 14 (mod 19) 8

Demo Example C : y 3 x 4 x = 0, where p = 19 To check, use brute force to find number of points directly (x, y) F 2 19 such that y 3 x 4 x = 0: (0, 0), (2, 8), (2, 12), (2, 18), (3, 2), (3, 3), (3, 14), (8, 0), (12, 0), (14, 10), (14, 13), (14, 15), (18, 0) (13 points)

Demo Example C : y 3 x 4 x = 0, where p = 19 To check, use brute force to find number of points directly (x, y) F 2 19 such that y 3 x 4 x = 0: (0, 0), (2, 8), (2, 12), (2, 18), (3, 2), (3, 3), (3, 14), (8, 0), (12, 0), (14, 10), (14, 13), (14, 15), (18, 0) (13 points) Must include point at infinity, for a total of 14 points (with multiplicity)

Time Complexity Definition Let M (n) = O (n log n log log n) be the time needed to multiply two n-digit numbers.

Time Complexity Definition Let M (n) = O (n log n log log n) be the time needed to multiply two n-digit numbers. Theorem (Fite and Sutherland) For the curves y 2 = x 8 + c and y 2 = x 7 cx, #C (F p ) can be computed (for certain values of m such that p 1 (mod m) ): Probabilistically in O (M (log p) log p) Deterministically in O ( M (log p) log 2 p log log p ), assuming generalized Riemann hypothesis Deterministically in O ( M ( log 3 p ) log 2 p/ log log p )

Time Complexity Definition Let M (n) = O (n log n log log n) be the time needed to multiply two n-digit numbers. Theorem (Fite and Sutherland) For the curves y 2 = x 8 + c and y 2 = x 7 cx, #C (F p ) can be computed (for certain values of m such that p 1 (mod m) ): Probabilistically in O (M (log p) log p) Deterministically in O ( M (log p) log 2 p log log p ), assuming generalized Riemann hypothesis Deterministically in O ( M ( log 3 p ) log 2 p/ log log p ) Theorem The theorem above also holds for curves of the form y m 1 = c 1 x n 1 + c 2 x n 2 y m 2.

Future Work Extending approach to more curves Working over different fields Computing #J C (F p ) Applications to cryptography

Acknowledgments Thanks to: Nicholas Triantafillou, my mentor, for patiently working with me every week and providing valuable advice Dr. Andrew Sutherland, for suggesting this project Dr. Tanya Khovanova, for her valuable suggestions The PRIMES program, for providing me with this opportunity My parents, for continually supporting me

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback