Computing the modular equation

Similar documents
Modular polynomials and isogeny volcanoes

Computing modular polynomials with the Chinese Remainder Theorem

On the evaluation of modular polynomials

Computing the endomorphism ring of an ordinary elliptic curve

Identifying supersingular elliptic curves

Elliptic Curves Spring 2015 Lecture #23 05/05/2015

Class invariants by the CRT method

ON THE EVALUATION OF MODULAR POLYNOMIALS

ISOGENY GRAPHS OF ORDINARY ABELIAN VARIETIES

Explicit Complex Multiplication

Counting points on elliptic curves over F q

Isogeny graphs, modular polynomials, and point counting for higher genus curves

Isogenies in a quantum world

COMPUTING MODULAR POLYNOMIALS

Elliptic curve cryptography in a post-quantum world: the mathematics of isogeny-based cryptography

Counting points on genus 2 curves over finite

arxiv: v3 [math.nt] 7 May 2013

Mappings of elliptic curves

Genus 2 Curves of p-rank 1 via CM method

Isogeny graphs of abelian varieties and applications to the Discrete Logarithm Problem

14 Ordinary and supersingular elliptic curves

Computing modular polynomials in dimension 2 ECC 2015, Bordeaux

ON ISOGENY GRAPHS OF SUPERSINGULAR ELLIPTIC CURVES OVER FINITE FIELDS

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker

COMPUTING MODULAR POLYNOMIALS

Constructing genus 2 curves over finite fields

Class polynomials for abelian surfaces

Computing the image of Galois

A Candidate Group with Infeasible Inversion

Graph structure of isogeny on elliptic curves

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

Igusa class polynomials

Igusa Class Polynomials

Igusa Class Polynomials

You could have invented Supersingular Isogeny Diffie-Hellman

Quaternions and Arithmetic. Colloquium, UCSD, October 27, 2005

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

Elliptic Curves Spring 2019 Problem Set #7 Due: 04/08/2019

20 The modular equation

Elliptic Curves Spring 2015 Problem Set #10 Due: 4/24/2015

A gentle introduction to isogeny-based cryptography

Evaluating Large Degree Isogenies between Elliptic Curves

arxiv: v3 [math.nt] 28 Jan 2015

arxiv: v1 [math.nt] 29 Oct 2013

20 The modular equation

Abstracts of papers. Amod Agashe

On the Computation of Modular Polynomials for Elliptic Curves

Tables of elliptic curves over number fields

Computing L-series coefficients of hyperelliptic curves

Addition sequences and numerical evaluation of modular forms

Efficient implementation of the Hardy-Ramanujan-Rademacher formula

A p-adic ALGORITHM TO COMPUTE THE HILBERT CLASS POLYNOMIAL. Reinier Bröker

Elliptic Curve Primality Proving

Independence of Heegner Points Joseph H. Silverman (Joint work with Michael Rosen)

A quantum algorithm for computing isogenies between supersingular elliptic curves

Imaginary Quadratic Fields With Isomorphic Abelian Galois Groups

Pairing the volcano. 1 Introduction. Sorina Ionica 1 and Antoine Joux 1,2

Computing isogeny graphs using CM lattices

Constructing Abelian Varieties for Pairing-Based Cryptography

Point counting and real multiplication on K3 surfaces

How many elliptic curves can have the same prime conductor? Alberta Number Theory Days, BIRS, 11 May Noam D. Elkies, Harvard University

Computing Hilbert Class Polynomials

Class invariants for quartic CM-fields

Elliptic Curves Spring 2015 Lecture #7 02/26/2015

ABSTRACT. Professor Lawrence Washington Department of Mathematics

Edwards Curves and the ECM Factorisation Method

Don Zagier s work on singular moduli

MA 162B LECTURE NOTES: THURSDAY, FEBRUARY 26

Hard Homogeneous Spaces

Even sharper upper bounds on the number of points on curves

The powers of logarithm for quadratic twists

An introduction to supersingular isogeny-based cryptography

Counting points on elliptic curves: Hasse s theorem and recent developments

Outline of the Seminar Topics on elliptic curves Saarbrücken,

Material covered: Class numbers of quadratic fields, Valuations, Completions of fields.

ON THE DISTRIBUTION OF CLASS GROUPS OF NUMBER FIELDS

Non-generic attacks on elliptic curve DLPs

Hard and Easy Problems for Supersingular Isogeny Graphs

The Sato-Tate conjecture for abelian varieties

Introduction to Elliptic Curves

Supersingular isogeny graphs and endomorphism rings: reductions and solutions

AN INTRODUCTION TO ELLIPTIC CURVES

A Course in Computational Algebraic Number Theory

Generation Methods of Elliptic Curves

this to include the explicit maps, please do so!

Four-Dimensional GLV Scalar Multiplication

PUBLIC-KEY CRYPTOSYSTEM BASED ON ISOGENIES

COMPUTING ENDOMORPHISM RINGS OF JACOBIANS OF GENUS 2 CURVES OVER FINITE FIELDS

On elliptic curves in characteristic 2 with wild additive reduction

On the zeros of certain modular forms

Alberta Number Theory Days X th meeting (18w2226) May 11 13, 2018

A numerically explicit Burgess inequality and an application to qua

CLASS FIELD THEORY AND COMPLEX MULTIPLICATION FOR ELLIPTIC CURVES

Cover Page. The handle holds various files of this Leiden University dissertation

1: Please compute the Jacobi symbol ( 99

w d : Y 0 (N) Y 0 (N)

Finding small factors of integers. Speed of the number-field sieve. D. J. Bernstein University of Illinois at Chicago

Quantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes

Elliptic Curves over Finite Fields

Explicit Representation of the Endomorphism Rings of Supersingular Elliptic Curves

Transcription:

Computing the modular equation Andrew V. Sutherland (MIT) Barcelona-Boston-Tokyo Number Theory Seminar in Memory of Fumiyuki Momose Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8

The modular polynomial Let j(z) denote the classical modular function j : H C with q-expansion j(z) = 1/q + 744 + 196884q +... For a positive integer N, the minimal polynomial of the function j(nz) over the field C(j) is the modular polynomial of level N. Its coefficients actually lie in C[j], so we may regard it as a polynomial Φ N (X, Y ) in two variables. Its coefficients are algebraic integers, and they are rational. So they lie in Z. Andrew V. Sutherland (MIT) Computing the modular equation of 8

The modular equation Over C, elliptic curves E 1 and E are related by a cyclic isogeny of degree N if and only if Φ N (j(e 1 ), j(e )) = 0. Thus Φ N parameterizes pairs of N-isogenous elliptic curves. It (canonically) defines the modular curve Y 0 (N) = Γ 0 (N)\H. The moduli interpretation of Φ N remains valid over any field of characteristic prime to N. Andrew V. Sutherland (MIT) Computing the modular equation 3 of 8

Practical applications of modular polynomials Examples: Point-counting (SEA). Computing the endomorphism ring of an elliptic curve. Constructing elliptic curves with the CM method. Computing discrete logarithms. Constructing Ramanujan graphs. In most applications N is a prime l, and we actually wish to compute Φ l over a finite field F q. Andrew V. Sutherland (MIT) Computing the modular equation 4 of 8

Explicit computations History: level person (machine) year N = Smith 1878 N = 3 Smith 1879 N = 5 Berwick 1916 N = 7 Herrmann 1974 N = 11 Kaltofen-Yui (VAX 11-780) 1984 Why is computing Φ N so difficult? Andrew V. Sutherland (MIT) Computing the modular equation 5 of 8

Explicit computations History: level person (machine) year N = Smith 1878 N = 3 Smith 1879 N = 5 Berwick 1916 N = 7 Herrmann 1974 N = 11 Kaltofen-Yui (VAX 11-780) 1984 Why is computing Φ N so difficult? Φ l is big: O(l 3 log l) bits. Andrew V. Sutherland (MIT) Computing the modular equation 5 of 8

Example: Φ 11 (X, Y ) X 1 + Y 1 X 11 Y 11 + 8184X 11 Y 10 878756X 11 Y 9 + 536868816X 11 Y 8 61058988656490X 11 Y 7 + 457039313564171X 11 Y 6 17899567883039048X 11 Y 5 + 497837387749846750X 11 Y 4 59134841844639613861795X 11 Y 3 + 7098116580566458155600X 11 Y 3746400635670139351581761X 11 Y + 9647090355405758300000X 11... 8 pages omitted... + 394334509457654908696... 100 digits omitted... 000 Andrew V. Sutherland (MIT) Computing the modular equation 6 of 8

l coefficients largest average total 17 858 7.5kb 5.3kb 5.5MB 51 31880 16kb 1kb 48MB 503 176 36kb 7kb 431MB 1009 510557 78kb 60kb 3.9GB 003 00901 166kb 13kb 33GB 3001 4507505 59kb 08kb 117GB 4001 8010005 356kb 87kb 87GB 5003 1551 454kb 369kb 577GB 10007 50085038 968kb 774kb 4.8TB* Size of Φ l (X, Y ) *Estimated Andrew V. Sutherland (MIT) Computing the modular equation 7 of 8

Algorithms to compute Φ l q-expansions: (Atkin?, Elkies 9, 98, LMMS 94, Ito 95, Morain 95, Müller 95, BCRS 99) Φ l : O(l 4 log 3+ɛ l) (via the CRT) Φ l mod q: O(l 3 log l log 1+ɛ q) (p > l + 1) Andrew V. Sutherland (MIT) Computing the modular equation 8 of 8

Algorithms to compute Φ l q-expansions: (Atkin?, Elkies 9, 98, LMMS 94, Ito 95, Morain 95, Müller 95, BCRS 99) Φ l : O(l 4 log 3+ɛ l) (via the CRT) Φ l mod q: O(l 3 log l log 1+ɛ q) (p > l + 1) isogenies: (Charles-Lauter 005) Φ l : O(l 5+ɛ ) (via the CRT) Φ l mod q: O(l 4+ɛ log +ɛ q) (q > 1l + 13) Andrew V. Sutherland (MIT) Computing the modular equation 8 of 8

Algorithms to compute Φ l q-expansions: (Atkin?, Elkies 9, 98, LMMS 94, Ito 95, Morain 95, Müller 95, BCRS 99) Φ l : O(l 4 log 3+ɛ l) (via the CRT) Φ l mod q: O(l 3 log l log 1+ɛ q) (p > l + 1) isogenies: (Charles-Lauter 005) Φ l : O(l 5+ɛ ) (via the CRT) Φ l mod q: O(l 4+ɛ log +ɛ q) (q > 1l + 13) evaluation-interpolation: (Enge 009) Φ l : O(l 3 log 4+ɛ l) (floating-point approx.) Φ l mod q: O(l 3 log 4+ɛ l) (reduces Φ l ) Andrew V. Sutherland (MIT) Computing the modular equation 8 of 8

A new algorithm to compute Φ l Bröker-Lauter-S (010), S (01) and Ono-S (in progress). We compute Φ l using isogenies and the CRT. Andrew V. Sutherland (MIT) Computing the modular equation 9 of 8

A new algorithm to compute Φ l Bröker-Lauter-S (010), S (01) and Ono-S (in progress). We compute Φ l using isogenies and the CRT. For suitable primes p we compute Φ l mod p in expected time O(l log 3+ɛ p). Andrew V. Sutherland (MIT) Computing the modular equation 9 of 8

A new algorithm to compute Φ l Bröker-Lauter-S (010), S (01) and Ono-S (in progress). We compute Φ l using isogenies and the CRT. For suitable primes p we compute Φ l mod p in expected time O(l log 3+ɛ p). Under the GRH, we find many suitable p with log p = O(log l). Φ l : O(l 3 log 3+ɛ l) (via the CRT) Φ l mod q: O(l 3 log 3+ɛ l) (via the explicit CRT) Computing Φ l mod q uses O(l log(lq)) space. Andrew V. Sutherland (MIT) Computing the modular equation 9 of 8

A new algorithm to compute Φ l Bröker-Lauter-S (010), S (01) and Ono-S (in progress). We compute Φ l using isogenies and the CRT. For suitable primes p we compute Φ l mod p in expected time O(l log 3+ɛ p). Under the GRH, we find many suitable p with log p = O(log l). Φ l : O(l 3 log 3+ɛ l) (via the CRT) Φ l mod q: O(l 3 log 3+ɛ l) (via the explicit CRT) Computing Φ l mod q uses O(l log(lq)) space. In practice the algorithm is much faster than other methods. It is probabilistic, but the output is unconditionally correct. Andrew V. Sutherland (MIT) Computing the modular equation 9 of 8

Some performance highlights Level records 1. 5003: Φ l. 0011: Φ l mod q 3. 60013: Φ f l Speed records 1. 51: Φ l in 8s Φ l mod q in 4.8s (vs 688s). 1009: Φ l in 830s Φ l mod q in 65s (vs 10700s) Single core CPU times (AMD 3.0 GHz), using prime q 56. Effective throughput when computing Φ 1009 mod q is 100Mb/s. Andrew V. Sutherland (MIT) Computing the modular equation 10 of 8

Isogenies For the rest of this talk l is a prime not equal to char F. Every l-isogeny φ : E 1 E is thus separable, and its kernel is a (cyclic) subgroup of E(F) of order l. Conversely, every subgroup of E(F) of order l is the kernel of an l-isogeny, which we may compute explicitly using Vélu s formulas (but this may be costly). Andrew V. Sutherland (MIT) Computing the modular equation 11 of 8

Isogenies For the rest of this talk l is a prime not equal to char F. Every l-isogeny φ : E 1 E is thus separable, and its kernel is a (cyclic) subgroup of E(F) of order l. Conversely, every subgroup of E(F) of order l is the kernel of an l-isogeny, which we may compute explicitly using Vélu s formulas (but this may be costly). We say that φ: E 1 E is horizontal if End(E 1 ) = End(E ). Otherwise φ is a vertical isogeny Horizontal isogenies are easy to compute. Vertical isogenies are not. Andrew V. Sutherland (MIT) Computing the modular equation 11 of 8

Complex multiplication Let E be an elliptic curve with End(E) O. For any (proper) O-ideal a, define the a-torsion subgroup E[a] = {P : αp = 0 for all α a}. E[a] is the kernel of an isogeny of degree N(a), and this yields a group action of the class group cl(o) on the set Ell O = {j(e) : End(E) O}. Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8

Complex multiplication Let E be an elliptic curve with End(E) O. For any (proper) O-ideal a, define the a-torsion subgroup E[a] = {P : αp = 0 for all α a}. E[a] is the kernel of an isogeny of degree N(a), and this yields a group action of the class group cl(o) on the set Ell O = {j(e) : End(E) O}. Horizontal l-isogenies are the action of an ideal with norm l. A horizontal isogeny of large degree may be equivalent to a product of isogenies of smaller degree, via relations in cl(o). Under the ERH, small is O(log D ), where D = disc(o). Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8

Isogeny graphs The l-isogeny graph G l has vertex set {j(e) : E/F q } and edges (j 1, j ) whenever Φ l (j 1, j ) = 0. The neighbors of j 1 F q are the roots of Φ l (j 1, Y ) that lie in F q. Andrew V. Sutherland (MIT) Computing the modular equation 13 of 8

Isogeny graphs The l-isogeny graph G l has vertex set {j(e) : E/F q } and edges (j 1, j ) whenever Φ l (j 1, j ) = 0. The neighbors of j 1 F q are the roots of Φ l (j 1, Y ) that lie in F q. Isogenous curves are either both ordinary or both supersingular, thus we may speak of the ordinary and supersingular components of G l. We will focus on the ordinary components of G l. We have an infinite family of graphs, one for each prime l, all with the same vertex set. Andrew V. Sutherland (MIT) Computing the modular equation 13 of 8

l-volcanoes An l-volcano is a connected undirected graph whose vertices are partitioned into levels V 0,..., V d. 1. The subgraph on V 0 (the surface) is a regular connected graph of degree at most. Andrew V. Sutherland (MIT) Computing the modular equation 14 of 8

l-volcanoes An l-volcano is a connected undirected graph whose vertices are partitioned into levels V 0,..., V d. 1. The subgraph on V 0 (the surface) is a regular connected graph of degree at most.. For i > 0, each v V i has exactly one neighbor in V i 1. All edges not on the surface arise in this manner. 3. For i < d, each v V i has degree l+1. Andrew V. Sutherland (MIT) Computing the modular equation 14 of 8

l-volcanoes An l-volcano is a connected undirected graph whose vertices are partitioned into levels V 0,..., V d. 1. The subgraph on V 0 (the surface) is a regular connected graph of degree at most.. For i > 0, each v V i has exactly one neighbor in V i 1. All edges not on the surface arise in this manner. 3. For i < d, each v V i has degree l+1. The integers l, d, and V 0 uniquely determine the shape. Andrew V. Sutherland (MIT) Computing the modular equation 14 of 8

The l-isogeny graph G l Some facts about G l (Kohel, Fouquet-Morain): The ordinary components of G l are l-volcanoes (provided they don t contain j = 0, 178). The curves in level V i of a given l-volcano all have the same endomorphism ring, isomorphic to an imaginary quadratic order O i. The order O 0 is maximal at l, and O i O 0 has index l i. Curves in the same l-volcano are necessarily isogenous, but isogenous curves need not lie in the same l-volcano. Andrew V. Sutherland (MIT) Computing the modular equation 15 of 8

A 3-volcano of depth Andrew V. Sutherland (MIT) Computing the modular equation 16 of 8

Running the rim

Running the rim

Running the rim

Running the rim

Running the rim

Running the rim

Running the rim

Mapping a volcano Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l 1. Find a root of H D (X) Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l 901 1. Find a root of H D (X): 901 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 = l 0 l, ( D ) = 1 l 0 901. Enumerate surface using the action of α l0 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 351. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 351 15. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 351 15 501. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 87 901 351 15 501. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 158 351 15 87 501. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 701 158 351 15 87 501. Enumerate surface using the action of α l0 901 158 501 351 701 87 15 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 701 158 351 15 87 501 3. Descend to the floor using Vélu s formula Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 701 158 351 15 87 501 3188 3. Descend to the floor using Vélu s formula: 901 5 3188 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3 l 0 l, ( D l 0 ) = 1, α l = α k l 0 901 701 158 351 15 87 501 3188 4. Enumerate floor using the action of β l0 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 55 3147 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 4. Enumerate floor using the action of β l0 3188 945 3144 3508 843 150 676 970 3497 1180 464 41 48 434 1478 344 55 976 3345 1064 1868 338 91 3147 566 4397 087 3341 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Mapping a volcano Example General requirements l = 5, p = 4451, D = 151 4p = t v l D, p 1 mod l t = 5, v =, h(d) = 7 l v, ( D ) = 1, h(d) l + l l 0 =, α 5 = α 3, β 5 = β 7 l 0 l, ( D ) = 1, α l l = α k 0 l, β 0 l = βl k 0 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 Andrew V. Sutherland (MIT) Computing the modular equation 18 of 8

Interpolation 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 Φ 5 (X, 901) = (X 701)(X 351)(X 3188)(X 970)(X 1478)(X 338) Φ 5 (X, 351) = (X 901)(X 15)(X 3508)(X 464)(X 976)(X 566) Φ 5 (X, 15) = (X 351)(X 501)(X 3341)(X 1868)(X 434)(X 676) Φ 5 (X, 501) = (X 15)(X 87)(X 3147)(X 55)(X 1180)(X 3144) Φ 5 (X, 87) = (X 501)(X 158)(X 150)(X 48)(X 1064)(X 087) Φ 5 (X, 158) = (X 87)(X 701)(X 945)(X 3497)(X 344)(X 91) Φ 5 (X, 701) = (X 158)(X 901)(X 843)(X 41)(X 3345)(X 4397) Andrew V. Sutherland (MIT) Computing the modular equation 19 of 8

Interpolation 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 Φ 5 (X, 901) = X 6 + 1337X 5 + 543X 4 + 497X 3 + 4391X + 3144X + 36 Φ 5 (X, 351) = X 6 + 3174X 5 + 1789X 4 + 3373X 3 + 397X + 93X + 4019 Φ 5 (X, 15) = X 6 + 18X 5 + 51X 4 + 435X 3 + 844X + 084X + 709 Φ 5 (X, 501) = X 6 + 991X 5 + 3075X 5 + 3918X 3 + 41X + 3755X + 1157 Φ 5 (X, 87) = X 6 + 389X 5 + 39X 4 + 3909X 3 + 161X + 1003X + 091 Φ 5 (X, 158) = X 6 + 1803X 5 + 794X 4 + 3584X 3 + 5X + 1530X + 1975 Φ 5 (X, 701) = X 6 + 515X 5 + 1419X 4 + 941X 3 + 4145X + 7X + 754 Andrew V. Sutherland (MIT) Computing the modular equation 19 of 8

Interpolation 901 701 158 351 15 87 501 3188 970 1478 338 3508 464 976 566 676 434 1868 3341 3144 1180 5 3147 Φ 5 (X, Y ) = X 6 + (4450Y 5 + 370Y 4 + 433Y 3 + 3499Y + 70Y + 397)X 5 (370Y 5 + 3683Y 4 + 348Y 3 + 808Y + 3745Y + 33)X 4 (433Y 5 + 348Y 4 + 08Y 3 + 05Y + 4006Y + 11)X 3 (3499Y 5 + 808Y 4 + 05Y 3 + 4378Y + 3886Y + 050)X ( 70Y 5 + 3745Y 4 + 4006Y 3 + 3886Y + 905Y + 091)X (Y 6 + 397Y 5 + 33Y 4 + 11Y 3 + 050Y + 091Y + 108) Andrew V. Sutherland (MIT) Computing the modular equation 19 of 8

Computing Φ l (X, Y ) mod p Assume D and p are suitably chosen with D = O(l ) and log p = O(log l), and that H D (X) has been precomputed. 1. Find a root of H D (X) over F p. O(l log 3+ɛ l). Enumerate the surface(s) using cl(d)-action. O(l log +ɛ l) 3. Descend to the floor using Vélu. O(l log 1+ɛ l) 4. Enumerate the floor using cl(l D)-action. O(l log +ɛ l) 5. Build each Φ l (X, j i ) from its roots. O(l log 3+ɛ l) 6. Interpolate Φ l (X, Y ) mod p. O(l log 3+ɛ l) Time complexity is O(l log 3+ɛ l). Space complexity is O(l log l). Andrew V. Sutherland (MIT) Computing the modular equation 0 of 8

After computing Φ 5 (X, Y ) mod p for the primes: 4451, 6911, 9551, 8111, 54851, 110051, 13491, 160591, 11711, 80451, 434111, 530851, 686051, 736511, we apply the CRT to obtain Φ 5 (X, Y ) = X 6 + Y 6 X 5 Y 5 + 370(X 5 Y 4 + X 4 Y 5 ) 4550940(X 5 Y 3 + X 3 Y 5 ) + 0855100(X 5 Y + X Y 5 ) 46683410950(X 5 Y + XY 5 ) + 19631148980(X 5 + Y 5 ) + 1665999364600X 4 Y 4 + 10787898185336800(X 4 Y 3 + X 3 Y 4 ) + 38308360977981115375(X 4 Y + X Y 4 ) + 1854179890688816384000(X 4 Y + XY 4 ) + 184733138414445653440(X 4 + Y 4 ) 4550940(X 3 Y 5 + X 5 Y 3 ) 441069655191483546100X 3 Y 3 + 689848885838073157741778000(X 3 Y + X Y 3 ) 19457934618989965510831168000(X 3 Y + XY 3 ) + 804477788439578043156597868800(X 3 + Y 3 ) + 511094177755418083110765199360000X Y + 3655473658394969957064733656640000(X Y + XY ) + 669500046799770848714941501506846700(X + Y ) 6407345707660596597157904797878949376XY + 5374330803444545040160733565091513000(X + Y ) + 141359947154713586977534746910713675100467000. Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8

After computing Φ 5 (X, Y ) mod p for the primes: 4451, 6911, 9551, 8111, 54851, 110051, 13491, 160591, 11711, 80451, 434111, 530851, 686051, 736511, we apply the CRT to obtain Φ 5 (X, Y ) = X 6 + Y 6 X 5 Y 5 + 370(X 5 Y 4 + X 4 Y 5 ) 4550940(X 5 Y 3 + X 3 Y 5 ) + 0855100(X 5 Y + X Y 5 ) 46683410950(X 5 Y + XY 5 ) + 19631148980(X 5 + Y 5 ) + 1665999364600X 4 Y 4 + 10787898185336800(X 4 Y 3 + X 3 Y 4 ) + 38308360977981115375(X 4 Y + X Y 4 ) + 1854179890688816384000(X 4 Y + XY 4 ) + 184733138414445653440(X 4 + Y 4 ) 4550940(X 3 Y 5 + X 5 Y 3 ) 441069655191483546100X 3 Y 3 + 689848885838073157741778000(X 3 Y + X Y 3 ) 19457934618989965510831168000(X 3 Y + XY 3 ) + 804477788439578043156597868800(X 3 + Y 3 ) + 511094177755418083110765199360000X Y + 3655473658394969957064733656640000(X Y + XY ) + 669500046799770848714941501506846700(X + Y ) 6407345707660596597157904797878949376XY + 5374330803444545040160733565091513000(X + Y ) + 141359947154713586977534746910713675100467000. (but note that Φ f 5 (X, Y ) = X 6 + Y 6 X 5 Y 5 + 4XY ). Andrew V. Sutherland (MIT) Computing the modular equation 1 of 8

The algorithm Given a prime l > and an integer q > 0: 1. Pick a discriminant D suitable for l.. Select a set of primes S suitable for l and D. 3. Precompute H D, cl(d), cl(l D), and CRT data. 4. For each p S, compute Φ l mod p and update CRT data. 5. Perform CRT postcomputation and output Φ l mod q. To compute Φ l over Z, just use q = p. For small q, use explicit CRT modq. For large q, standard CRT for large q. For q in between, use a hybrid approach. Andrew V. Sutherland (MIT) Computing the modular equation of 8

Explicit Chinese remainder theorem Suppose c c i mod p i for n distinct primes p i. Then c c i a i M i mod M, where M = p i, M i = M/p i and a i = 1/M i mod p i. If M > c, we can recover c Z. With M > 4 c, the explicit CRT computes c mod q directly via ( ) c = ci a i M i rm mod q, where r is the closest integer to c i a i /p i. Using an online algorithm, this can be applied to k coefficients c in parallel, using O ( log M + n log q + k(log q + log n) ) space. Montgomery-Silverman, Bernstein, S. Andrew V. Sutherland (MIT) Computing the modular equation 3 of 8

Complexity Theorem (GRH) For every prime l > there is a suitable discriminant D with D = O(l ) for which there are Ω(l 3 log 3 l) primes p = O(l 6 (log l) 4 ) that are suitable for l and D. Heuristically, p = O(l 4 ). In practice, lg p < 64. Theorem (GRH) The expected running time is O(l 3 log 3 l log log l). The space required is O(l log(lq)). Andrew V. Sutherland (MIT) Computing the modular equation 4 of 8

Complexity Theorem (GRH) For every prime l > there is a suitable discriminant D with D = O(l ) for which there are Ω(l 3 log 3 l) primes p = O(l 6 (log l) 4 ) that are suitable for l and D. Heuristically, p = O(l 4 ). In practice, lg p < 64. Theorem (GRH) The expected running time is O(l 3 log 3 l log log l). The space required is O(l log(lq)). The algorithm is trivial to parallelize. Andrew V. Sutherland (MIT) Computing the modular equation 4 of 8

An explicit height bound for Φ l Let l be a prime. Let h(φ l ) be the (natural) logarithmic height of Φ l. Asymptotic bound: h(φ l ) = 6l log l + O(l) (Paula Cohen 1984). Andrew V. Sutherland (MIT) Computing the modular equation 5 of 8

An explicit height bound for Φ l Let l be a prime. Let h(φ l ) be the (natural) logarithmic height of Φ l. Asymptotic bound: h(φ l ) = 6l log l + O(l) (Paula Cohen 1984). Explicit bound: h(φ l ) 6l log l + 18l (Bröker-S 009). Conjectural bound: h(φ l ) 6l log l + 1l (for l > 30). The explicit bound holds for all l. The conjectural bound is known to hold for 30 < l < 3600. Andrew V. Sutherland (MIT) Computing the modular equation 5 of 8

Other modular functions We can compute polynomials relating f (z) and f (lz) for other modular functions, including the Weber function f(τ) = η((τ + 1)/), ζ 48 η(τ) which satisfies j(τ) = (f(τ) 4 16) 3 /f(τ) 4. The coefficients of Φ f l are roughly 7 times smaller. This means we need 7 fewer primes. The polynomial Φ f l is roughly 4 times sparser. This means we need 4 times fewer interpolation points. Overall, we get nearly a 178-fold speedup using Φ f l. Andrew V. Sutherland (MIT) Computing the modular equation 6 of 8

Modular polynomials for l = 11 Classical: X 1 + Y 1 X 11 Y 11 + 8184X 11 Y 10 878756X 11 Y 9 + 536868816X 11 Y 8 61058988656490X 11 Y 7 + 457039313564171X 11 Y 6 17899567883039048X 11 Y 5 + 497837387749846750X 11 Y 4 59134841844639613861795X 11 Y 3 + 7098116580566458155600X 11 Y 3746400635670139351581761X 11 Y + 9647090355405758300000X 11... 8 pages omitted... + 394334509457654908696... 100 digits omitted... 000 Atkin: X 1 X 11 Y + 744X 11 + 196680X 10 + 187X 9 Y + 1354080X 9 + 506X 8 Y + 830467440X 8 11440X 7 Y + 1687537744X 7 5744X 6 Y + 08564958976X 6 + 184184X 5 Y + 16785887360X 5 + 1675784X 4 Y + 903155113600X 4 + 186771X 3 Y + 3349979904000X 3 85640X Y + 7446810880000X 19849600XY + 98997734400000X + Y 870000Y + 5841107000000 Weber: X 1 + Y 1 X 11 Y 11 + 11X 9 Y 9 44X 7 Y 7 + 88X 5 Y 5 88X 3 Y 3 + 3XY Andrew V. Sutherland (MIT) Computing the modular equation 7 of 8

Weber modular polynomials For l = 1009, the size of Φ f l is.3mb, versus 3.9GB for Φ l, and computing Φ f l takes.8s, versus 830s for Φ l. The current record is l = 60013. Working mod q, level l > 100019 has been achieved. The polynomials Φ f l for all l < 5000 are available for download: http://math.mit.edu/ drew Andrew V. Sutherland (MIT) Computing the modular equation 8 of 8

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback