Completeness Christophe Ritzenthaler Institut de Mathmatiques de - - PowerPoint PPT Presentation

Completeness

Christophe Ritzenthaler

Institut de Mathématiques de Luminy, CNRS

Montréal 04-10 e-mail: ritzenth@iml.univ-mrs.fr web: http://iml.univ-mrs.fr/∼ritzenth/

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 1 / 15

Edwards curves

Definition Let k be a field of char. = 2 and d ∈ k, d = 0, 1. An Edwards curve is defined by Ed : x2 + y2 = 1 + dx2y2. Elliptic curve: (1 : 0 : 0) and (0 : 1 : 0) singular. Theorem (Edwards 07) Let P = (x, y), P′ = (x′, y′) ∈ Ed two affine points. The group law is defined by P + P′ = xy′ + x′y 1 + dxx′yy′ , yy′ − xx′ 1 − dxx′yy′

• as soon as the denominators are defined.

Neutral element: O := (0, 1). Inverse: −(x, y) = (−x, y).

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 2 / 15

Why is this model interesting ?

Theorem (Bernstein, Lange 07) The addition law is defined for every affine rational couple of points on Ed if and only if d is not a square or Ed(k) = {(±1, 0), (0, ±1)}. Avoid side channel attacks. Operations are fast (the fastest ?). Fast pairing (the fastest ?). Cover all group orders of elliptic curves divisible by 4. Was it designed in this way ? No! It was found analytically. And the geometric interpretation doesn’t help. Rem: New interesting genus 1 examples have been found since (Bernstein, Kohel, Lange work in progress).

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 3 / 15

Generalization: the notion of addition laws

Let A be an abelian variety over a field k embedded in Pn by a morphism ι. Let m : A × A → A, (x, y) → x + y be the group law. Definition An addition law of bi-degree (µ, ν) p : Pn × Pn → Pn is an (n + 1)-tuple of polynomials p0, . . . , pn ∈ k[X0, . . . , Xn, Y0, . . . , Yn] not all zero, bihomogenous of degree µ in X0, . . . , Xn and of degree ν in Y0, . . . , Yn such that on a nonempty open set U ⊂ A × A ι(x + y) = (p0(ι(x), ι(y)) : . . . : pn(ι(x), ι(y))), ∀(x, y) ∈ U(¯ k).

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 4 / 15

Generalization: the notion of complete

Definition We say that p is complete if (A × A)(k) ⊂ U. We can extend the definition to complete set of addition laws. Moreover if A is considered over ¯ k we say that the law (or set of laws) is geometrically complete.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 5 / 15

Example (Kohel)

P1 × P1 − → A2 = {z = 1} × {w = 1} ⊂ P1 × P1 (x : z) × (y : w) → (xw)2 + (yz)2 = (zw)2 + d(xy)2 x2 + y 2 = 1 + d(xy)2 ↓

• X0X3 = X1X2,

X 2

1 + X 2 2 = X 2 3 + dX 2 0 ,

⊂ P3

with X0 = xy, X1 = xw, X2 = yz, X3 = zw. The addition law associate to ((u0 : u1 : u2 : u3), (v0 : v1 : v2 : v3)) the point with coordinates

• (u1v2 + v1u2) · (u2v2 − u1v1) :

(u1v2 + v1u2) · (u3v3 − du0v0) : (u2v2 − u1v1) · (u3v3 + du0v0) : (u3v3 + du0v0) · (u3v3 − du0v0)

• .

Completeness has nothing to do with singularities!

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 6 / 15

Our main results (Arène, Kohel, R.)

For simplicity and the purpose of the conference, assume k = Fq is a finite field (but, under mild assumptions, everything works for a global field). Theorem Every abelian variety over k has an embedding for which there exists a complete addition law of bi-degree (2, 2). Rem: for g = 1, this result has also been obtained over finite fields by Bernstein and Lange using explicit formulae. Theorem For genus 1 and q ≥ 5, this embedding can be the Weierstrass model; For genus 2 and q ≥ 5, this embedding is the classical embedding in P15 given by ThetaNullwerte. Rem: so far we cannot give them explicitly. . . and they are probably very ugly!

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 7 / 15

How to understand group laws ?

We assume that the embedding ι : A ֒ → Pn is given by a complete linear system |L| for some very ample line bundle L on A . Let p1, p2 : A × A → A be the projection maps on the first and second factor. Theorem (Lange, Ruppert 85) Let µ, ν be positive integers and M := m∗L−1 ⊗ p∗

1Lµ ⊗ p∗ 2Lν.

There is an addition law of bidegree (µ, ν) on A with respect to the embedding ι if and only if H0(A × A, M) = {0}; There is a geometrically complete set of addition laws of bidegree (µ, ν) with respect to the embedding ι if and only if |M| is base point-free.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 8 / 15

Geometric consequences

Corollary Assume that A is principally polarized (for instance a Jacobian). There exists an embedding of A for which there exists a geometrically complete set of addition laws (of bidegree (2, 2)) of order less than or equal to 3g. On the contrary, using intersection arguments: Proposition (Arène, Kohel, R.) If S is a geometrically complete set of addition laws, then #S > g. Rem (Bosma, Lenstra 95): for g = 1, there exists an explicit geometrically complete set of order 2.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 9 / 15

Ingredients of the proof: main observation

Lemma If M ≃ L(D) where D is an effective divisor on A × A, then the section of H0(A × A, M) with zero locus D defines an addition law on the open set U = A × A \ D. ⇒ To have a complete addition law, it is then sufficient (and necessary) to construct an ample rational divisor D on A × A such that D has no rational point.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 10 / 15

The case (2, 2)

Let π : A × A → A is (x, y) → x − y and let L = L(D0). Lemma (Lange, Ruppert 85) If the bidegree is (2, 2) then if L is symmetric (i.e. −D0 ∼ D0), then M ≃ π∗L; if not, then H0(A × A, M) = {0}. ⇒ To have a complete addition law of bidegree (2, 2) it is then sufficient (and necessary) to construct a very ample rational divisor D0 on A such that D0 has no rational point and L = L(D0) is symmetric. ⇒ construct D0 irreductible but not absolutely irreducible!

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 11 / 15

Construction: the genus 1 case

Lemma If q ≥ 5, there is a point P ∈ E(Fq3) \ E(Fq) such that P0 + P1 + P2 = O. The divisor D0 = P0 + P1 + P2 is rational; without rational point; very ample; and L = L(D0) is symmetric (since −D0 ∼ −3O ∼ 3O ∼ D0). Moreover since D0 ∼ 3O, the embedding is the Weierstrass model.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 12 / 15

Construction: the genus 2 case

Let C : y2 = f (x) be a genus 2 curve over k = Fq and be the canonical

• involution. Let K be the canonical divisor on C.

Lemma There exists a degree 1 divisor κ such that 2κ ∼ K. If deg f = 5, one can take κ = ∞. For all z ∈ Jac(C)(¯ k) there exists P, Q ∈ C(¯ k) such that z ∼ P − Q. Let Θ = C ⊂ Pic1(C). If z ∼ P − Q ∈ Jac(C)(¯ k) then Θ ∩ (z + Θ) = {P, Q}.

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 13 / 15

If q ≥ 5, there exists x0 ∈ Fq2 \ Fq such that y2 = f (x0) has no solution in Fq2. Let y0 be a solution in Fq4. Let P0 = (x0, y0), P1 = (x1, y1), P2 = (x0, −y0), P3 = (x1, −y1) be the Galois orbit. Let α0 = P0 + P1 − K, α1 = P1 + P2 − K, α2 = P2 + P3 − K and α3 = P3 + P0 − K. We can check that (Θ+α0)∩(Θ+α1) = {P2 +α0}, (Θ+α0)∩(Θ+α3) = {P3 +α0}. Hence D0 = (Θ − κ + αi) ⊂ Jac(C) is very ample, symmetric, rational but without any rational points. Rem: one can show that the translation divisors have to be general (i.e. not on Symr C ⊂ Picr(C) for r < g).

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 14 / 15

Construction: the general case

Let φ : A → Pn0 be a finite map. By Noether’s normalization theorem we may take n0 = g. Let α be a primitive element in an extension of k of degree r > n0 and α = α0, . . . , αr−1 its conjugates. Let D1 = φ∗( Hi) where ∀ i ≤ r − 1, Hi : X0 + αiX1 + . . . αn0

i Xn0 = 0.

D1 is rational, ample but without any rational point. take D0 = 2(−D1 + D1): very ample and symmetric.

Thanks!

Christophe Ritzenthaler (IML) Completeness Montréal 04-10 15 / 15