ALGORITHMS FOR p Luca De Feo 1 joint work with Javad Doliskani 2 - PowerPoint PPT Presentation

ALGORITHMS FOR ✖ ❋ p Luca De Feo 1 joint work with Javad Doliskani 2 and Éric Schost 2 1 Université de Versailles – Saint-Quentin-en-Yvelines 2 University of Western Ontario Séminaire BAC, September 20, 2013

What does ✖ ❋ p look like? ❋ ✭ 3 ✮ ❋ ✭ 5 ✮ p p ❋ p 9 ❋ p 25 ❋ ✭ ❵ ✮ p ❋ p ❵ 2 ❋ p 3 ❋ p 5 ❋ ✭ 2 ✮ p ❋ p 4 ❋ p ❵ ❋ ✭ ❵ ✮ ❬ ❂ ❋ p ❵ i ❀ p ❋ p 2 i ✕ 0 ❋ p ❋ ✭ ❵ ✮ ✖ ❖ ❋ p ✘ ❂ p ❵ prime Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 2 / 24

In software Definition (Compatible lattice) A collection of finite fields ❋ p n for any n ✕ 1 ; A collection of morphisms ❋ p m ✱ ✦ ❋ p n whenever m ❥ n . Fact Given a lattice, any element of ✖ ❋ p can be represented as an element of a finite field in the lattice. ✡✭ n 3 ✮ (Lenstra, De Smit & Lenstra) There exist a determinisitic algorithm that constructs a compatible lattice in time polynomial in log p and n , where n is the degree of the largest computed extension of ❋ p . Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 3 / 24

Our interest Efficient construction of lattices, Efficient field operations. Goals: Constructing fields: ■ Build irreducible polynomials in quasi-linear time. Describing embeddings: ■ Quasi-linear time and memory in the degree of the extension. Evaluating embeddings: ■ Replace linear algebra by polynomial arithmetic. Application examples: General: finite field arithmetic, unramified extensions of ◗ p . Computing isogenies between elliptic curves, DF, 2011. Point-counting in genus 2, Gaudry and Schost, 2012. Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 4 / 24

Known constructions Construct fields arbitrarily + compute embeddings Describe the embeddings ■ Factor minimal polynomials, ■ Allombert’s isomorphism algorithm (in Pari?). ■ Rains’ isomorphism algorithm (unpublished, in Magma), Evaluate the embeddings ■ Linear algebra, ■ Map generators (polynomial arithmetic). Construct fields defined by special polynomials (pseudo)-Conway polynomials, Cyclotomy theory (De Smit & Lenstra and generalizations), Fancy (and still limited) constructions (this talk). Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 5 / 24

Towers Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 6 / 24

✘ ✘ Univariate vs. Multivariate ❑ i ❋ q ❬ X i ❪ ❂ Q i ✭ X i ✮ ❑ 2 ☞ T i ✭ X i ❀ ✿ ✿ ✿ ❀ X 2 ❀ X 1 ✮ ❵ ☞ ☞ . ☞ . ☞ . ☞ ❑ 1 ❋ q ❬ X 1 ❀ X 2 ❀ ✿ ✿ ✿ ❀ X i ❪ ❂ ☞ ☞ T 2 ✭ X 2 ❀ X 1 ✮ ☞ ☞ ☞ T 1 ✭ X 1 ✮ ❵ ☞ ❋ q Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 7 / 24

✘ Univariate vs. Multivariate ❑ i ❋ q ❬ X i ❪ ❂ Q i ✭ X i ✮ ❑ 2 ✘ ☞ T i ✭ X i ❀ ✿ ✿ ✿ ❀ X 2 ❀ X 1 ✮ T 2 ❵ ☞ ☞ . ☞ . ☞ . ☞ ❑ 1 ❋ q ❬ X 1 ❀ X 2 ❀ ✿ ✿ ✿ ❀ X i ❪ ❂ ☞ ☞ T 2 ✭ X 2 ❀ X 1 ✮ ☞ ☞ T 1 ☞ T 1 ✭ X 1 ✮ ❵ ☞ ❋ q Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 7 / 24

✘ Univariate vs. Multivariate ✘ ❑ i ❋ q ❬ X i ❪ ❂ Q i ✭ X i ✮ Q i Embedding evaluation ❑ 2 Q 2 ☞ T i ✭ X i ❀ ✿ ✿ ✿ ❀ X 2 ❀ X 1 ✮ ❵ ☞ ☞ . ☞ . ☞ . ☞ ❑ 1 ❋ q ❬ X 1 ❀ X 2 ❀ ✿ ✿ ✿ ❀ X i ❪ ❂ ☞ Q 1 ☞ T 2 ✭ X 2 ❀ X 1 ✮ ☞ ☞ ☞ T 1 ✭ X 1 ✮ ❵ ☞ ❋ q Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 7 / 24

Summary of Main Results Previous work Artin-Schreier (Cantor, Couveignes, DF & Schost): q fixed, ❵ ❂ p small; Dyadic towers (Doliskani & Schost): q fixed, ❵ ❂ 2 ; ⑦ O ✭ ❵ i ✰ c ✮ operations in ❋ q , c ✷ ❢ 1 ❀ 2 ❣ . This work: objective q fixed, ❵ small: ⑦ O ✭ ❵ i ✮ operations in ❋ q ; Limit additional factors in ❵ and q as much as possible. Condition Initialization Q i ❀ T i Embedding eval. O ✭ ❵ i ✮ O ✭ ❵ i ✮ q ❂ 1 mod ❵ O ✭ 1 ✮ O ✭ ❵ i ✮ O ✭ M ✭ ❵ i ✮ log ✭ ❵ i ✮✮ q ❂ � 1 mod ❵ O ✭ 1 ✮ O ✭ ❵ 2 ✮ O ✭ M ✭ ❵ i ✰ 1 ✮ M ✭ ❵ ✮ log ✭ ❵ i ✮ 2 ✮ O ✭ M ✭ ❵ i ✰ 1 ✮ M ✭ ❵ ✮ log ✭ ❵ i ✮✮ � 4 ❵ ✔ q 1 ❂ 4 ⑦ O ✭ ❵ 3 ✮ (bit) O ✭ M ✭ ❵ i ✮ log ✭ ❵ i ✮✮ O ✭ M ✭ ❵ i ✮ log ✭ ❵ i ✮✮ ⑦ 4 ❵ ✔ q 1 ❂ 4 O ✭ M ✭ ❵ i ✮ log ✭ ❵ i ✮✮ O ✭ M ✭ ❵ i ✮ log ✭ ❵ i ✮✮ O ✭ M ✭ ❵ ✮✮ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 8 / 24

Quasi-cyclotomic towers (inspired by Shoup, Allombert, De Smit and Lenstra) ❋ q ✭ ✏ ❵ i ✮ Cyclotomic fields r ❋ q ✭ x i ✮ ❋ q ✭ ✏ ❵ 3 ✮ r ❥ ✭ ❵ � 1 ✮ ; x i ❂ Tr ❑ i ❂ ❋ q ❵ i ✭ ✏ ❵ i ✮ ; r ❵ ❋ q ✭ x 2 ✮ Both T i and Q i ❋ q ✭ ✏ ❵ 2 ✮ can be computed r ❵ by resultants. ❵ T 2 ❋ q ✭ x 1 ✮ ❋ q ✭ ✏ ❵ ✮ Q i r ❵ ❋ q Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 9 / 24

Quasi-cyclotomic towers (inspired by Shoup, Allombert, De Smit and Lenstra) ❋ q ✭ ✏ ❵ i ✮ Cyclotomic fields r ❋ q ✭ x i ✮ ❋ q ✭ ✏ ❵ 3 ✮ r ❥ ✭ ❵ � 1 ✮ ; x i ❂ Tr ❑ i ❂ ❋ q ❵ i ✭ ✏ ❵ i ✮ ; r ❵ ❋ q ✭ x 2 ✮ Both T i and Q i ❋ q ✭ ✏ ❵ 2 ✮ can be computed r ❵ by resultants. ❵ T 2 ❋ q ✭ x 1 ✮ ❋ q ✭ ✏ ❵ ✮ Q i r ❵ ❋ q Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 9 / 24

Quasi-cyclotomic towers Generic algorithm Perform all computations in the cyclotomic tower; Construction and embedding evaluation: penalty only ⑦ O ✭ ❵ 2 ✮ . Trivial case: ❵ ❥ ✭ q � 1 ✮ ✱ r ❂ 1 Kummer extensions Q i ❂ X ❵ i and T i ❂ X ❵ i � y 0 i � X i � 1 Embeddings are trivial. Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 10 / 24

Quasi-cyclotomic towers Generic algorithm Perform all computations in the cyclotomic tower; Construction and embedding evaluation: penalty only ⑦ O ✭ ❵ 2 ✮ . Special case: ❵ ❥ ✭ q ✰ 1 ✮ ✱ r ❂ 2 By direct resultant computation Q i ✭ X i ✮ ❂ Y ❵ i ✰ Y � ❵ i � x 0 mod Y 2 � X i Y ✰ 1 Similar form for T i . Q i can be computed in O ✭ M ✭ ❵ i ✮✮ ; a better algorithm later. Embeddings: later. Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 10 / 24

Towers from irreducible fibers (Cou- veignes and Lercier, 2011) ❵ ❥ ✭ q � 1 ✮ , consider the map ✣ ✿ x ✼✦ x ❵ ✖ ❋ ✄ q y 1 ✿ ✿ ✿ q not surjective; ✣ ❥ ❋ ✄ ✣ ✿ ● m ✦ ● m ❋ ✄ y 0 q ❵ surjective; Starting from y 0 , ❋ ✄ q every ✣ � 1 y i is an ✏ 2 ✏ 1 ❵ irreducible set of ✏ 3 ❵ ❵ cardinality ❵ . 1 ✏ 4 ❵ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 11 / 24

Towers from irreducible fibers (Cou- veignes and Lercier, 2011) ❵ ❥ ✭ q � 1 ✮ , consider the map ✣ ✿ x ✼✦ x ❵ ✖ ❋ ✄ q y 1 ✿ ✿ ✿ q not surjective; ✣ ❥ ❋ ✄ ✣ ✿ ● m ✦ ● m ❋ ✄ y 0 q ❵ surjective; Starting from y 0 , ❋ ✄ q every ✣ � 1 y i is an ✏ 2 ✏ 1 ❵ irreducible set of ✏ 3 ❵ ❵ cardinality ❵ . 1 ✏ 4 ❵ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 11 / 24

Towers from irreducible fibers (Cou- veignes and Lercier, 2011) ❵ ❥ ✭ q � 1 ✮ , consider the map ✣ ✿ x ✼✦ x ❵ ✖ ❋ ✄ q y 1 ✿ ✿ ✿ q not surjective; ✣ ❥ ❋ ✄ ✣ ✿ ● m ✦ ● m ❋ ✄ y 0 q ❵ surjective; Starting from y 0 , ❋ ✄ q every ✣ � 1 y i is an ✏ 2 ✏ 1 ❵ irreducible set of ✏ 3 ❵ ❵ cardinality ❵ . 1 ✏ 4 ❵ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 11 / 24

Towers from irreducible fibers (Cou- veignes and Lercier, 2011) ❵ ❥ ✭ q � 1 ✮ , consider the map ✣ ✿ x ✼✦ x ❵ ✖ ❋ ✄ q y 1 ✿ ✿ ✿ q not surjective; ✣ ❥ ❋ ✄ ✣ ✿ ● m ✦ ● m ❋ ✄ y 0 q ❵ surjective; Starting from y 0 , ❋ ✄ q every ✣ � 1 y i is an ✏ 2 ✏ 1 ❵ irreducible set of ✏ 3 ❵ ❵ cardinality ❵ . 1 ✏ 4 ❵ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 11 / 24

Towers from irreducible fibers (Cou- veignes and Lercier, 2011) ❵ ❥ ✭ q � 1 ✮ , consider the map ✣ ✿ x ✼✦ x ❵ ✖ ❋ ✄ q y 1 ✿ ✿ ✿ q not surjective; ✣ ❥ ❋ ✄ ✣ ✿ ● m ✦ ● m ❋ ✄ y 0 q ❵ surjective; Starting from y 0 , ❋ ✄ q every ✣ � 1 y i is an ✏ 2 ✏ 1 ❵ irreducible set of ✏ 3 ❵ ❵ cardinality ❵ . 1 ✏ 4 ❵ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 11 / 24

Chebyshev case: ❵ ❥ ✭ q ✰ 1 ✮ Consider the map ✣ ✿ x ✼✦ x ❵ q bijective; ✣ ❥ ❋ ✄ ❋ ✄ q q 2 non surjective; ✣ ❥ ❋ ✄ ❚ 2 ✚ ❋ ✄ q 2 algebraic torus of ❚ 2 cardinality q ✰ 1 . ❋ ✄ q 2 ❂ ❢ ☛ ✷ L ✄ ❥ N L ❂ F ✭ ☛ ✮ ❂ 1 for all k ✚ F ✭ L ❣ ✿ ❚ n ✭ k ✮ ✘ Algorithms for ✖ Luca De Feo (UVSQ) ❋ p BAC, Sep 20, 2013 12 / 24