Completeness Christophe Ritzenthaler Institut de Mathmatiques de - PowerPoint PPT Presentation

Completeness Christophe Ritzenthaler Institut de Mathématiques de Luminy, CNRS Montréal 04-10 e-mail: ritzenth@iml.univ-mrs.fr web: http://iml.univ-mrs.fr/ ∼ ritzenth/ Christophe Ritzenthaler (IML) Completeness Montréal 04-10 1 / 15

Edwards curves Definition Let k be a field of char. � = 2 and d ∈ k , d � = 0 , 1. An Edwards curve is defined by E d : x 2 + y 2 = 1 + dx 2 y 2 . Elliptic curve: ( 1 : 0 : 0 ) and ( 0 : 1 : 0 ) singular. Theorem (Edwards 07) Let P = ( x , y ) , P ′ = ( x ′ , y ′ ) ∈ E d two affine points. The group law is defined by � xy ′ + x ′ y 1 + dxx ′ yy ′ , yy ′ − xx ′ � P + P ′ = 1 − dxx ′ yy ′ as soon as the denominators are defined. Neutral element: O := ( 0 , 1 ) . Inverse: − ( x , y ) = ( − x , y ) . Christophe Ritzenthaler (IML) Completeness Montréal 04-10 2 / 15

Why is this model interesting ? Theorem (Bernstein, Lange 07) The addition law is defined for every affine rational couple of points on E d if and only if d is not a square or E d ( k ) = { ( ± 1 , 0 ) , ( 0 , ± 1 ) } . Avoid side channel attacks. Operations are fast (the fastest ?). Fast pairing (the fastest ?). Cover all group orders of elliptic curves divisible by 4. Was it designed in this way ? No! It was found analytically. And the geometric interpretation doesn’t help. Rem: New interesting genus 1 examples have been found since (Bernstein, Kohel, Lange work in progress). Christophe Ritzenthaler (IML) Completeness Montréal 04-10 3 / 15

Generalization: the notion of addition laws Let A be an abelian variety over a field k embedded in P n by a morphism ι . Let m : A × A → A , ( x , y ) �→ x + y be the group law. Definition An addition law of bi-degree ( µ, ν ) p : P n × P n → P n is an ( n + 1 ) -tuple of polynomials p 0 , . . . , p n ∈ k [ X 0 , . . . , X n , Y 0 , . . . , Y n ] not all zero, bihomogenous of degree µ in X 0 , . . . , X n and of degree ν in Y 0 , . . . , Y n such that on a nonempty open set U ⊂ A × A ι ( x + y ) = ( p 0 ( ι ( x ) , ι ( y )) : . . . : p n ( ι ( x ) , ι ( y ))) , ∀ ( x , y ) ∈ U (¯ k ) . Christophe Ritzenthaler (IML) Completeness Montréal 04-10 4 / 15

Generalization: the notion of complete Definition We say that p is complete if ( A × A )( k ) ⊂ U . We can extend the definition to complete set of addition laws. Moreover if A is considered over ¯ k we say that the law (or set of laws) is geometrically complete. Christophe Ritzenthaler (IML) Completeness Montréal 04-10 5 / 15

Example (Kohel) P 1 × P 1 A 2 = { z = 1 } × { w = 1 } ⊂ P 1 × P 1 − → ( xw ) 2 + ( yz ) 2 = ( zw ) 2 + d ( xy ) 2 ( x : z ) × ( y : w ) �→ x 2 + y 2 + d ( xy ) 2 = 1 ↓ � X 0 X 3 = X 1 X 2 , P 3 ⊂ X 2 1 + X 2 2 = X 2 3 + dX 2 0 , with X 0 = xy , X 1 = xw , X 2 = yz , X 3 = zw . The addition law associate to (( u 0 : u 1 : u 2 : u 3 ) , ( v 0 : v 1 : v 2 : v 3 )) the point with coordinates � ( u 1 v 2 + v 1 u 2 ) · ( u 2 v 2 − u 1 v 1 ) : ( u 1 v 2 + v 1 u 2 ) · ( u 3 v 3 − du 0 v 0 ) : � ( u 2 v 2 − u 1 v 1 ) · ( u 3 v 3 + du 0 v 0 ) : ( u 3 v 3 + du 0 v 0 ) · ( u 3 v 3 − du 0 v 0 ) . Completeness has nothing to do with singularities! Christophe Ritzenthaler (IML) Completeness Montréal 04-10 6 / 15

Our main results (Arène, Kohel, R.) For simplicity and the purpose of the conference, assume k = F q is a finite field (but, under mild assumptions, everything works for a global field). Theorem Every abelian variety over k has an embedding for which there exists a complete addition law of bi-degree ( 2 , 2 ) . Rem: for g = 1, this result has also been obtained over finite fields by Bernstein and Lange using explicit formulae. Theorem For genus 1 and q ≥ 5 , this embedding can be the Weierstrass model; For genus 2 and q ≥ 5 , this embedding is the classical embedding in P 15 given by ThetaNullwerte. Rem: so far we cannot give them explicitly. . . and they are probably very ugly! Christophe Ritzenthaler (IML) Completeness Montréal 04-10 7 / 15

How to understand group laws ? → P n is given by a complete linear We assume that the embedding ι : A ֒ system | L | for some very ample line bundle L on A . Let p 1 , p 2 : A × A → A be the projection maps on the first and second factor. Theorem (Lange, Ruppert 85) Let µ, ν be positive integers and M := m ∗ L − 1 ⊗ p ∗ 1 L µ ⊗ p ∗ 2 L ν . There is an addition law of bidegree ( µ, ν ) on A with respect to the embedding ι if and only if H 0 ( A × A , M ) � = { 0 } ; There is a geometrically complete set of addition laws of bidegree ( µ, ν ) with respect to the embedding ι if and only if | M | is base point-free. Christophe Ritzenthaler (IML) Completeness Montréal 04-10 8 / 15

Geometric consequences Corollary Assume that A is principally polarized (for instance a Jacobian). There exists an embedding of A for which there exists a geometrically complete set of addition laws (of bidegree ( 2 , 2 ) ) of order less than or equal to 3 g . On the contrary, using intersection arguments: Proposition (Arène, Kohel, R.) If S is a geometrically complete set of addition laws, then # S > g. Rem (Bosma, Lenstra 95): for g = 1, there exists an explicit geometrically complete set of order 2. Christophe Ritzenthaler (IML) Completeness Montréal 04-10 9 / 15

Ingredients of the proof: main observation Lemma If M ≃ L ( D ) where D is an effective divisor on A × A, then the section of H 0 ( A × A , M ) with zero locus D defines an addition law on the open set U = A × A \ D. ⇒ To have a complete addition law, it is then sufficient (and necessary) to construct an ample rational divisor D on A × A such that D has no rational point. Christophe Ritzenthaler (IML) Completeness Montréal 04-10 10 / 15

The case ( 2 , 2 ) Let π : A × A → A is ( x , y ) �→ x − y and let L = L ( D 0 ) . Lemma (Lange, Ruppert 85) If the bidegree is ( 2 , 2 ) then if L is symmetric (i.e. − D 0 ∼ D 0 ), then M ≃ π ∗ L; if not, then H 0 ( A × A , M ) = { 0 } . ⇒ To have a complete addition law of bidegree ( 2 , 2 ) it is then sufficient (and necessary) to construct a very ample rational divisor D 0 on A such that D 0 has no rational point and L = L ( D 0 ) is symmetric. ⇒ construct D 0 irreductible but not absolutely irreducible! Christophe Ritzenthaler (IML) Completeness Montréal 04-10 11 / 15

Construction: the genus 1 case Lemma If q ≥ 5 , there is a point P ∈ E ( F q 3 ) \ E ( F q ) such that P 0 + P 1 + P 2 = O. The divisor D 0 = P 0 + P 1 + P 2 is rational; without rational point; very ample; and L = L ( D 0 ) is symmetric (since − D 0 ∼ − 3 O ∼ 3 O ∼ D 0 ). Moreover since D 0 ∼ 3 O , the embedding is the Weierstrass model. Christophe Ritzenthaler (IML) Completeness Montréal 04-10 12 / 15

Construction: the genus 2 case Let C : y 2 = f ( x ) be a genus 2 curve over k = F q and be the canonical involution. Let K be the canonical divisor on C . Lemma There exists a degree 1 divisor κ such that 2 κ ∼ K. If deg f = 5 , one can take κ = ∞ . For all z ∈ Jac ( C )(¯ k ) there exists P , Q ∈ C (¯ k ) such that z ∼ P − Q. Let Θ = C ⊂ Pic 1 ( C ) . If z ∼ P − Q ∈ Jac ( C )(¯ k ) then Θ ∩ ( z + Θ) = { P , Q } . Christophe Ritzenthaler (IML) Completeness Montréal 04-10 13 / 15

If q ≥ 5, there exists x 0 ∈ F q 2 \ F q such that y 2 = f ( x 0 ) has no solution in F q 2 . Let y 0 be a solution in F q 4 . Let P 0 = ( x 0 , y 0 ) , P 1 = ( x 1 , y 1 ) , P 2 = ( x 0 , − y 0 ) , P 3 = ( x 1 , − y 1 ) be the Galois orbit. Let α 0 = P 0 + P 1 − K , α 1 = P 1 + P 2 − K , α 2 = P 2 + P 3 − K and α 3 = P 3 + P 0 − K . We can check that (Θ+ α 0 ) ∩ (Θ+ α 1 ) = { P 2 + α 0 } , (Θ+ α 0 ) ∩ (Θ+ α 3 ) = { P 3 + α 0 } . Hence D 0 = � (Θ − κ + α i ) ⊂ Jac ( C ) is very ample, symmetric, rational but without any rational points. Rem: one can show that the translation divisors have to be general ( i.e. not on Sym r C ⊂ Pic r ( C ) for r < g ). Christophe Ritzenthaler (IML) Completeness Montréal 04-10 14 / 15

Construction: the general case Let φ : A → P n 0 be a finite map. By Noether’s normalization theorem we may take n 0 = g . Let α be a primitive element in an extension of k of degree r > n 0 and α = α 0 , . . . , α r − 1 its conjugates. Let D 1 = φ ∗ ( � H i ) where ∀ i ≤ r − 1 , H i : X 0 + α i X 1 + . . . α n 0 i X n 0 = 0 . D 1 is rational, ample but without any rational point. take D 0 = 2 ( − D 1 + D 1 ) : very ample and symmetric. Thanks! Christophe Ritzenthaler (IML) Completeness Montréal 04-10 15 / 15