point counting on hyperelliptic curves to genus 3 and
play

Point counting on hyperelliptic curves: to genus 3 and beyond Simon - PowerPoint PPT Presentation

Feb 15, 2024 •538 likes •907 views

Point counting on hyperelliptic curves: to genus 3 and beyond Simon Abelard Universit de Lorraine, Nancy Joint work with P. Gaudry and P.-J. Spaenlehauer January 25, 2018 CARAMBA /* */ E,C, /* */ c,r, /* */ u,l, e,s, i=5,

  1. Point counting on hyperelliptic curves: to genus 3 and beyond Simon Abelard Université de Lorraine, Nancy Joint work with P. Gaudry and P.-J. Spaenlehauer January 25, 2018 CARAMBA /* */ E,C, /* */ c,r, /* */ u,l, e,s, i=5, d[5],Q[999 ]={0};main(n ){for (;i--;e=scanf("%" "d",d+i));for(C =*d; ++i<C ;++Q[ i*i% C],c= i[Q]? c:i); for(;i --;) for(u =C;u --;n +=!u*Q [l%C ],e+= Q[(C +l*l- c*s* s%C) %C]) for( l=i,s=u,r=4;r;E= i*l+c*u*s,s=(u*l +i*s) %C,l=E%C+r --[d]);printf ("%d" "\n", (e+n* n)/2 /* cc caramba.c; echo f3 f2 f1 f0 p | ./a.out */ -C);} Simon Abelard Point counting January 25, 2018 1 / 18

  2. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Simon Abelard Point counting January 25, 2018 2 / 18

  3. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Curves and points Let f ∈ F q [ X ] be monic, squarefree of degree 2 g + 1. Equation Y 2 = f ( X ) → hyperelliptic curve C of genus g over F q . If C defined over F q , P = ( x , y ) ∈ C is rational if ( x , y ) ∈ ( F q ) 2 . Simon Abelard Point counting January 25, 2018 2 / 18

  4. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Curves and points Let f ∈ F q [ X ] be monic, squarefree of degree 2 g + 1. Equation Y 2 = f ( X ) → hyperelliptic curve C of genus g over F q . If C defined over F q , P = ( x , y ) ∈ C is rational if ( x , y ) ∈ ( F q ) 2 . � � ( x , y ) ∈ ( F q i ) 2 | y 2 = f ( x ) Let C ( F q i ) = ∪ {∞} . Point counting: computing # C ( F q i ) for 1 ≤ i ≤ g . Simon Abelard Point counting January 25, 2018 2 / 18

  5. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Simon Abelard Point counting January 25, 2018 3 / 18

  6. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Point counting Input: f ∈ F q [ X ] defining a hyperelliptic curve Output: the polynomial Λ Simon Abelard Point counting January 25, 2018 3 / 18

  7. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Point counting Input: f ∈ F q [ X ] defining a hyperelliptic curve Output: the polynomial Λ We study the complexity of such algorithms. Simon Abelard Point counting January 25, 2018 3 / 18

  8. A broad range of related problems Finding ‘nice’ curves Cryptography: g ≤ 2 and q large, needed to assess security. Error-correcting codes: need curves with many rational points. Arithmetic geometry Conjectures in number theory e.g. Sato -Tate in genus ≥ 2. p A p / p s with A p = # C ( F p ) / √ p . � L -functions associated: L ( s , C ) = Computing them relies on point-counting primitives. Simon Abelard Point counting January 25, 2018 4 / 18

  9. A broad range of related problems Finding ‘nice’ curves Cryptography: g ≤ 2 and q large, needed to assess security. Error-correcting codes: need curves with many rational points. Arithmetic geometry Conjectures in number theory e.g. Sato -Tate in genus ≥ 2. p A p / p s with A p = # C ( F p ) / √ p . � L -functions associated: L ( s , C ) = Computing them relies on point-counting primitives. Two families of algorithms p -adic methods: polynomial in g , exponential in log p Satoh’99, Kedlaya’01, Lauder’04 ℓ -adic methods: exponential in g , polynomial in log q Schoof’85, Gaudry-Schost’12 Simon Abelard Point counting January 25, 2018 4 / 18

  10. Overview and contributions Asymptotic complexities (hyperelliptic case) Our result Pila’90 Huang-Ierardi’98 Adleman-Huang’01 (log q ) O ( g 2 log g ) (log q ) g O (1) (log q ) O g (1) O g ((log q ) cg ) Simon Abelard Point counting January 25, 2018 5 / 18

  11. Overview and contributions Asymptotic complexities (hyperelliptic case) Our result Pila’90 Huang-Ierardi’98 Adleman-Huang’01 (log q ) O ( g 2 log g ) (log q ) g O (1) (log q ) O g (1) O g ((log q ) cg ) Practical algorithms Genus Complexity Authors O (log 4 q ) � g = 1 Schoof-Elkies-Atkin O (log 8 q ) � g = 2 Gaudry-Schost O (log 14 q ) ? � g = 3 O (log 5 q ) � g = 2 with RM Gaudry-Kohel-Smith O (log 6 q ) � g = 3 with RM Our result Simon Abelard Point counting January 25, 2018 5 / 18

  12. From curves to groups R R 2 Q Q 1 P 2 P R 1 P 1 Q 2 P + Q + R = 0 P 1 + P 2 + Q 1 + Q 2 + R 1 + R 2 = 0 Simon Abelard Point counting January 25, 2018 6 / 18

  13. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  14. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  15. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  16. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  17. Handling the torsion Goal: represent J [ ℓ ], ideal of ℓ -torsion. Method: write ℓ D = 0 formally, then ‘solve’ that system. Here comes trouble. . . How to model and solve it efficiently? Simon Abelard Point counting January 25, 2018 8 / 18

  18. Handling the torsion Goal: represent J [ ℓ ], ideal of ℓ -torsion. Method: write ℓ D = 0 formally, then ‘solve’ that system. Here comes trouble. . . How to model and solve it efficiently? − → multihomogeneous structure Simon Abelard Point counting January 25, 2018 8 / 18

  19. Modelling the ℓ -torsion Writing ℓ D = 0 Formally, D = P 1 + · · · + P g , coordinates of P i ( x i , y i ) are variables. Compute ℓ P i , then apply zero-test to ℓ D = � i ℓ P i . Simon Abelard Point counting January 25, 2018 9 / 18

  20. Modelling the ℓ -torsion Writing ℓ D = 0 Formally, D = P 1 + · · · + P g , coordinates of P i ( x i , y i ) are variables. Compute ℓ P i , then apply zero-test to ℓ D = � i ℓ P i . ⇒ there is a ϕ ( X , Y ) = P ( X ) + YQ ( X ) such that ℓ D = ( ϕ ). Simon Abelard Point counting January 25, 2018 9 / 18

Recommend

Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels

Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels

Genus 2, faster Gaudry, Kohel, Smith Genus 1 and 2 Point counting Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels Schoof complexity Pierrick Gaudry, David Kohel, Benjamin Smith BSGS Real

407 views • 18 slides
Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof

Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof

Genus 2, faster Gaudry, Kohel, Smith Genus 1 and 2 Point counting Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof complexity BSGS Pierrick Gaudry, David Kohel, Benjamin Smith Real multiplication

550 views • 20 slides
ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves

ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves

ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves F. Morain I. Introduction and motivations Goal: build an effective group of cryptographic strength, resisting all known attacks. Dream: find

834 views • 48 slides
Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault nicolast@exp-math.uni-essen.de University of Toronto / IEM Universitt DuisburgEssen Slide index Discrete Log Problem Large primes Hyperelliptic

927 views • 67 slides
Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus

Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus

Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus Bernardini 1 University of Campinas / Federal Institute of S ao Paulo (Joint work in progress with Fernando Torres 1 ) International Meeting on

779 views • 51 slides
Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA

Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA

Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA CNRS-INRIA UWO Thanks to Dan Bernstein and Nikki Pitcher Genus 2 curves and associated objects In what follows: C is the curve defined over F p by

425 views • 38 slides
Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange

Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange

Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange Eindhoven University Ruhr-Universitt of Technology Bochum Overview Elliptic Curves Hyperelliptic Curves HEC of Genus 2

473 views • 33 slides
Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of

Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of

Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org Arithmetic of Hyperelliptic Curves NATO Advanced Study Institute Ohrid, Macedonia, August

1.31k views • 88 slides
L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S.

L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S.

L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S. Kedlaya Department of Mathematics, University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org/slides/ Arithmetic of Hyperelliptic Curves

708 views • 48 slides
Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve Cryptography Nicolas Thriault ntheriau@fields.utoronto.ca Fields Institute Discrete Logarithms Suppose that G = a , an additive group of order

230 views • 21 slides
Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2

Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2

Background Hyperelliptic curves with moderately large rank over Q ( T ) Bias Conjecture Acknowledgements Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2 thammond@andrew.cmu.edu bcl5@williams.edu Joint with

426 views • 41 slides
Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar

Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar

Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar Jetchev 1 Damien Robert 2 1 EPF Lausanne 2 INRIA Bordeaux May 20, 2014 1/21 Introduction Elliptic and Hyperelliptic Curves Applications: Public key

1.13k views • 92 slides
Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on

Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on

Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on Elliptic Curve Cryptography ECC 2011 INRIA, Nancy, France Sep 19 21, 2011 Overview genus 1 genus 2 constructing curves part 1 part 2 smaller

428 views • 38 slides
Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011 Hyperelliptic curve 2 g + 1 C : y 2 = ( x a i ) i = 1 Riemann surface with two sheets. a i = branch points. color = argument of y

733 views • 28 slides
Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony

Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony

Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony Brook October 22, 2015 Abhinav Kumar Genus 2 curves with split Jacobians 1 / 33 Introduction Let C be a genus 2 curve over a field k , and J = Jac (

1.1k views • 88 slides
Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of

Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of

Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of L-functions and related topics 12 November 2015 Noam D. Elkies, Harvard University Update on Diophantine records for genus-3 curves ICERM workshop on

686 views • 20 slides
Solving p -adic differential equations in point counting algorithms Hendrik Hubrechts Katholieke

Solving p -adic differential equations in point counting algorithms Hendrik Hubrechts Katholieke

Solving p -adic differential equations in point counting algorithms Hendrik Hubrechts Katholieke Universiteit Leuven (Belgium) Oxford, March 16, 2010 Solving p -adic Computing the zeta function of a hyperelliptic curve (HEC) differential

364 views • 8 slides
Explicit Coleman integration for hyperelliptic curves Jennifer Balakrishnan 1 Robert Bradshaw 2

Explicit Coleman integration for hyperelliptic curves Jennifer Balakrishnan 1 Robert Bradshaw 2

Explicit Coleman integration for hyperelliptic curves Jennifer Balakrishnan 1 Robert Bradshaw 2 Kiran Kedlaya 1 1 Massachusetts Institute of Technology 2 University of Washington ANTS-IX INRIA Nancy, France Thursday, July 22, 2010 Balakrishnan,

630 views • 41 slides
Elliptic and Hyperelliptic Curves: a Practical Security Comparison &quot; Joppe W. Bos (Microsoft

Elliptic and Hyperelliptic Curves: a Practical Security Comparison &quot; Joppe W. Bos (Microsoft

Elliptic and Hyperelliptic Curves: a Practical Security Comparison &quot; Joppe W. Bos (Microsoft Research), Craig Costello (Microsoft Research), ! Andrea Miele (EPFL) &quot; &quot; 1/13 &quot; Motivation and Goal(s) ! Elliptic curves

314 views • 14 slides
Local heights on hyperelliptic curves Jennifer Balakrishnan MIT, Department of Mathematics E ff

Local heights on hyperelliptic curves Jennifer Balakrishnan MIT, Department of Mathematics E ff

Local heights on hyperelliptic curves Jennifer Balakrishnan MIT, Department of Mathematics E ff ective Methods in p -adic Cohomology Mathematical Institute, University of Oxford Tuesday, March 16, 2010 Jennifer Balakrishnan (MIT) Local heights

309 views • 14 slides
Elliptic factors in Jacobians of hyperelliptic curves with certain automorphism groups Jennifer

Elliptic factors in Jacobians of hyperelliptic curves with certain automorphism groups Jennifer

Elliptic factors in Jacobians of hyperelliptic curves with certain automorphism groups Jennifer Paulhus Grinnell College paulhusj@grinnell.edu www.math.grinnell.edu/ paulhusj My original interest in Jacobian variety decomposition was

343 views • 21 slides
The elliptic-curve zoo D. J. Bernstein University of Illinois at Chicago EC point counting 1983

The elliptic-curve zoo D. J. Bernstein University of Illinois at Chicago EC point counting 1983

The elliptic-curve zoo D. J. Bernstein University of Illinois at Chicago EC point counting 1983 (published 1985) Schoof: Algorithm to count points on elliptic curves over finite fields. Input: prime power q ; F q such that 6(4

784 views • 47 slides
Smaller class invariants for constructing curves of genus 2 Marco Streng Geocrypt Corsica June

Smaller class invariants for constructing curves of genus 2 Marco Streng Geocrypt Corsica June

Smaller class invariants for constructing curves of genus 2 Marco Streng Geocrypt Corsica June 2011 Overview genus 1 genus 2 constructing curves part 1 part 2 smaller class invariants part 3 part 4 Part 1: The Hilbert class polynomial

440 views • 43 slides
Serres obstruction for genus 3 curves Christophe Ritzenthaler Institut de Mathmatiques de

Serres obstruction for genus 3 curves Christophe Ritzenthaler Institut de Mathmatiques de

Serres obstruction for genus 3 curves Christophe Ritzenthaler Institut de Mathmatiques de Luminy, CNRS Geocrypt, Guadeloupe, April 27 - May 1, 2009 1 / 54 Outline Geometric versus arithmetic Torelli theorem 1 Siegel modular forms 2 A

720 views • 54 slides

More recommend