Computation of Igusa class polynomials with the complex analytic - - PowerPoint PPT Presentation

▶

Feb 26, 2023 261 likes •564 views

Computation of Igusa class polynomials with the complex analytic method R. Dupont 1 , A. Enge 2 , E. Thom e 3 1 INRIA/TANC, Saclay ; 2 INRIA/LFANT, Bordeaux ; 3 INRIA/CARAMEL, Nancy. /* EPI CARAMEL */ C,A, /*

SLIDE 1

Computation of Igusa class polynomials with the complex analytic method

R. Dupont1, A. Enge2, E. Thom´

e3

1 INRIA/TANC, Saclay ; 2 INRIA/LFANT, Bordeaux ; 3 INRIA/CARAMEL, Nancy.

/* EPI CARAMEL */ C,A, /* Cryptologie, Arithmétique : */ R,a, /* Matériel et Logiciel */ M,E, L,i= 5,e, d[5],Q[999 ]={0};main(N ){for (;i--;e=scanf("%" "d",d+i));for(A =*d; ++i<A ;++Q[ i*i% A],R= i[Q]? R:i); for(;i --;) for(M =A;M

-;N +=!M*Q [E%A ],e+= Q[(A

+E*E- R*L* L%A) %A]) for( E=i,L=M,a=4;a;C= i*E+R*M*L,L=(M*E +i*L) %A,E=C%A+a --[d]);printf ("%d" "\n", (e+N* N)/2 /* cc caramel.c; echo f3 f2 f1 f0 p | ./a.out */ -A);}

Jun. 22nd, 2011

1 / 27

SLIDE 2

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

2 / 27

SLIDE 3

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

3 / 27

SLIDE 4

Genus 2 CM

Let K be a CM field. K K0 Q 2, totally imaginary g = 2, totally real The Igusa class polynomials give the invariants of genus 2 curves having CM by OK (extends Hilbert class polynomials for genus 1). More headaches. Three polynomials instead of one. Denominators. The larger the discriminants, the bigger the polynomials.

4 / 27

SLIDE 5

Existing work

Cryptographic target: C over Fq, known CM, known # JacC(Fq). Means of computing Igusa class polynomials. Complex analytic method: Spallek, Weng, Streng. p-adic: Gaudry, Houtmann, Kohel, Ritzenthaler, Weng, Carls, Lubicz. CRT: Eisentrager, Lauter, Br¨

ker, Gruenewald, Robert.

State of the art of “big” computations: echidna DBs. Focus here on the complex analytic method. Streng: complete algorithm, and complexity upper bounds. Improve on keypoint: computation of invariants analytically. Recognize irreducible factors of class polynomials.

5 / 27

SLIDE 6

Outline (1): period matrices and Θ-constants

PPAV= Z-lattice in C2 +Riemann form → period matrix τ =

τ3 τ3 τ2

∈ H2.

Theta constants for a = (a0, a1), b = (b0, b1), ai, bi ∈ {0, 1/2}: Θ[a,b](τ) =

n∈Z2

exp

iπ (n + a)τ(n + b)t + 2(n + a)bt .

Numbering (Dupont) Θ[a,b] = Θb0+2b1+4a0+8a1. 10 even theta constants: Θ0,1,2,3,4,6,8,9,12,15, other are 0.

6 / 27

SLIDE 7

Outline (2): invariants of genus 2 curves

The moduli space of 2-dimensional PPAVs has dimension 3. Igusa invariants can be computed from Θ0,1,2,3,4,6,8,9,12,15. Several invariant sets floating around. Some “smaller” than others. Define (i1, i2, i3) as those proposed by Streng. i1 = I4I′

I10 i2 = I2I2

I10 i3 = I5

I2

.

7 / 27

SLIDE 8

Outline (3): Class polynomials

Consider S(K) the set of PPAVs with CM by OK. The set {i1(τ), τ ∈ S(K)} is defined over Q. Minimal polynomials H1, H2, H3 in Q[x]. Better: {i1,2,3(τ)} a 0-dimensional set in C3, defined over Q. Triangular (Hecke) representation: H1, ˆ H2, ˆ H3, with: ˆ H2(i1) = H′

1(i1)i2.

The triple (H1, ˆ H2, ˆ H3) is our target. Obstacles: Large degree, (very) large coefficients. Need large precision for complex invariants, so that rational polynomials may be recognized.

8 / 27

SLIDE 9

Workplan

Enumerate PPAVs with CM by OK, with period matrices. Compute the theta constants and invariants in C. Compute their defining polynomials. Recognize these polynomials.

9 / 27

SLIDE 10

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

10 / 27

SLIDE 11

PPAVs with CM by OK

Let Φ a CM-type, and a ∈ I(OK) = {fractional OK-ideals}, s.t.: (a¯ aDK/Q)−1 = (ξ), with Φ(ξ) ∈ iR+∗. Φ(a) defines a 2g-dimensional lattice in C. E(Φ(α), Φ(β)) = Tr(ξα¯ β) integral on Φ(a) × Φ(a). Cg/Φ(a) is a PPAV with CM by OK (of type Φ). Conversely, all can be represented by such triples. Isomorphism relation: (Φ, a, ξ) ∼ (Φ, xa, (x¯ x)−1ξ) A triple (Φ, a, ξ) readily yields a period matrix Ω ∈ H2. S(K, Φ) = {PPAV with CM by OK of type Φ }, S(K, Φ′) = {PPAV with CM by OK of type Φ′ }. Easy plan: enumerate Cl(OK) to find S(K, Φ) and S(K, Φ′).

11 / 27

SLIDE 12

Considering smaller sets.

Let h1 = | Cl(K/Q)|

| Cl(K0/Q)|. We have |S(K, Φ)| = h1.

|S(K)| = 2h1 for K nonnormal (h1 for cyclic case). The invariants for S(K, Φ) form a set defined over K r

Hi factors over K r

Polynomials of smaller degree, but coefficients now over K r

H1 sometimes reducible. S(K, Φ) is a C(K)-torsor, for the Shimura group C(K). The reflex typenorm map isolates a subgroup G ⊳ C(K). Partition S(K, Φ) into G-orbits. These correspond to irreducible factors over K r

12 / 27

SLIDE 13

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

13 / 27

SLIDE 14

Computing theta constants

Input: τ ∈ F2, whose entries are algebraic numbers. Goal: theta constants Θ0,1,2,3,4,6,8,9,12,15 (and later i1,2,3). Large precision N needed to successful reconstruct H1, ˆ H2, ˆ H3. Upper bounds on N exist. Difficult to make it tight. Compute τ to precision N. few×M(N) log N. Use q-expansion of Θi: O(N) terms, total O(NM(N)). Θ[a,b](τ) =

n∈Z2

exp

iπ (n + a)τ(n + b)t + 2(n + a)bt .

q1,2,3 = exp(iπτ1,2,3). Better avoid Magma’s Theta code (excessively generic/slow). It is possible to compute theta-constants by Newton lifting.

14 / 27

SLIDE 15

Borchardt mean

Dupont defines a Borchardt sequence as ((xn, yn, zn, tn) ∈ C4): xn+1 = 1 4(x2

n + y2 n + z2 n + t2 n),

yn+1 = 1 2(√xn √yn + √zn √tn), zn+1 = 1 2(√xn √zn + √yn √tn), tn+1 = 1 2(√xn √tn + √yn √zn). Choice of √ at each iteration. Starting (x0, y0, z0, t0): set of possible limits B2(x0, y0, z0, t0). Forcing consistent choice of roots: B2(x, y, z, t) well defined. Let U = {τ ∈ H2, B2(Θ2

0,1,2,3(τ)) = 1}. At least F2 ⊂ U.

Homogeneity: B2(λx, λy, λz, λt) = λB2(x, y, z, t).

15 / 27

SLIDE 16

Exploiting action of Sp4(Z)

For some matrices of Γ2 = Sp4(Z)/±1: Θ2

0,1,2,3((JM1)2.τ) = Θ2 4,0,6,2(τ) · (iτ1),

Θ2

0,1,2,3((JM2)2.τ) = Θ2 8,9,0,1(τ) · (iτ2),

Θ2

0,1,2,3(J.τ) = Θ2 0,4,8,12(τ) · (τ 2 3 − τ1τ2)

If (JM1)2.τ ∈ U, then B2(Θ2

4,0,6,2(τ)) = 1 iτ1 .

In case (e.g) J.τ ∈ U: Need to find M in some subgroup such that MJ.τ ∈ U Then the result obtained is related to τ ′ = J−1MJ.τ: B2(Θ2

0,4,8,12) =

1 τ ′

3 2 − τ ′ 1τ ′ 2

.

16 / 27

SLIDE 17

Θ2

0,1,2,3 as solutions of an equation

Input: τ ∈ F2 known (to any precision we like). Initially: low-precision Θ2

0,1,2,3(τ).

Use duplication formulae to deduce Θ2

0,1,2,3,4,6,8,9,12,15(2τ).

Use B2 computations to deduce coefficients of 2τ. Conjectures: for τ ∈ F2:

(JM1)2.(2τ) ∈ U; (JM2)2.(2τ) ∈ U; One of {J.(2M−1,0,1

.τ)} is in U, with M3.τ =

τ3 + 1 τ3 + 1 τ2

Feedback: approximation of Θ2

0,1,2,3(τ) → τ + ǫ.

Newton: use this feedback loop to find Θ2

0,1,2,3(τ).

Keeping track of derivatives is messy.

17 / 27

SLIDE 18

Computation of Θ2

0,1,2,3 by Newton lifting

Convergence of the Newton iteration is quadratic: each iteration (almost) doubles the precision. it is possible to “lift higher” without restarting from scratch. Complexity of the algorithm: O(M(N) log N). C implementation. Experimentally, complexity about 800M(N) log N. Some caveats: CM points tend to wander close to boundaries. Choice of correcting factor M−1,0,1

must be constant.

18 / 27

SLIDE 19

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

19 / 27

SLIDE 20

Reconstruction

Given invariants for the chosen set of period matrices. Recoved H1, ˆ H2, ˆ H3 ∈ R[x] with product trees. Recognize x ∈ R as (a + bw)/c: find small lattice point of:

  

1 K w K x K

  

Success criterion: smooth denominators. Denominators can be predicted to some extent (not done here). While reconstruction fails, keep on lifting Θ2

0,1,2,3(τ).

20 / 27

SLIDE 21

Plan

Introduction General outline Principally polarized abelian varieties with CM by OK Computing complex invariants Recognizing algebraic numbers Computer experiments

21 / 27

SLIDE 22

Orders of magnitude

Number fields considered are tiny. Several “hardness” measures. Here we consider deg H1 = #G | h1. Algebraic preprocessing with Magma: cheap: x4 + 310x2 + 17644 (h1 = 3948): 5 minutes. Computation of invariants, reconstruction in C: h1 seconds (approx) 100 200 200 1000 400 10000 800 30000

22 / 27

SLIDE 23

Growth of computation time

Complexity estimates are backed by experiments. Needed precision for lifting is the average coefficient size.

23 / 27

SLIDE 24

Growth of computation time

Complexity estimates are backed by experiments. Needed precision for lifting is the average coefficient size. Time per invariant grows quasi-linearly with precision.

23 / 27

SLIDE 25

Growth of computation time

Complexity estimates are backed by experiments. Needed precision for lifting is the average coefficient size. Time per invariant grows quasi-linearly with precision. Reconstruction time takes a fraction of total time. Computation time quasi-linear in output size.

23 / 27

SLIDE 26

One jumbo experiment

K defined by x4 + 310x2 + 17644 (h1 = 3948). G = C(K) ∼ = Z/2Z ×Z/1974Z. Magma precomputation: 5 minutes. Computation of invariants, and reconstruction: Parallelize on all cores of a 24-core machine (E7540 @ 2GHz). Lifting precision 970, 000 bits Largest denominator prime 3, 116, 747 Wall-clock time 32h.

24 / 27

SLIDE 27

Leading coeff of H1 for [709, 310, 17644]

13288017143023650319826164867666716448327889288101390113448191158193324199166229212233522396027711228110230711834964367344013943344443744614846312446772479135491120 5038547645633456968577326134063196647152653326732126834070948727807398769407734879714082332827210839768776490756941169774099140100936104932106318010912109348 10974115328118181187321193321223161229321231401249121283161301241307161319321361441439281453241459761549441559521571815798160116160716160948165712169716 16992417334017478175320183140186790197381987819938205348208735208916213182153322161322179102293202309322351823718237732242340246782477162551362621826578 267136268724269382801428332428514287948295316316383167483181831918322924325163301163313163331433891234331634611635272435332435411635591236071236592372716 391112393184133164157843911644098442316451312460384651849994511385189125197165227165231805323145413205437456838569356573748585186073246089861738636132 6491865993266192466371667638677916679124685740690716694924697124703916720787211877274782316796388059248117881791683113285631292394933712973981000712 10069161007981009181013356101632103011610667161068712107111210831101093732112391211483281151981152712118218122632412269812329161241341254761261961272120 128231112923161294112133092413327413421813577813679814071414149814431161443741448981466924151871615199415307815427161558112156191615629161567181591312 166998168718169938170471617093161720361744981751911175734176098177134179218183538190811220021162032318206114206276207431220873821031322106182139112 214818215991621713821821242201324222594022283822613822697422741122354942408316241071624671825189425229425579826513162653982663312277018277398277638 27883827917828229828579162869782926942940116303198306491230763831091831541831769432323432479113277116332111033457433563183358143445743458983629343652716 369194375018401774405591640751442461164257184266744448364477184681784714312485235485638492974495494515214516474517194529198531014556675563698564538 57119457287357641859611862753863317463541463799166637346700386703346850786890347039387058987062787288357290147504112768011278877479939168067116828918 83063484299 85703487833888493495629896353896893496989810252341027634109379611043141106511011162341128598113117411346781160276118799412209921247034 124739612539941289034130621813268941330518135623413773741393034141257415124741519398153271416214341692834176489417704341790334182179818268741859878 18787141881792189199419649910196853820125110205763221569342234394229939822997922316138232753425440742580234263521426779142737194274441428041122829114 283051828645982893194304751433541163365994340007435837343660314379667238707743923834393929439473344097094433319444479144560074493919449642725055134 505537451343145377434550337457653926748794697787269854347015934719567474689127478634778439479655348622974885473489393928947312905299292615349302112 97640329793374997739210028174109145921121699211711232117253121194707212572512126886721390331214488272153133121579651217125312176909921789499219972672 215065122195243222720192245021922457971225471072262649922676731227233872286268323089627231167472

25 / 27

SLIDE 28

4-way split example [29, 42, 180], α = √ 5

(2 · 192 · 313 · 414 · 593 · 793 · 1313 · 1513 · 211 · 2714 · 6192)H1 = 20772112232155969101023863444509755934018443723645537162X 12 +(−80152938668148829793077066098993535453674791343657007241293695899183119023597420 + 35845466717992885802897623196925393182449529511950868669729891852239217291906276α)X 11 +(−485542822045574807609483267027515836071604856431540973613837859052701257582803313077588997790 + 217141351223640639049249907180438445923392900705932489952149138095368298237943730568996559510α)X 10 +(−354138299605648716808685769825165833041830880204959301692044569352976097814504423362170160697117400659400+

158375462270880180674821574334229731732747126940689051088889079117357912191913993535932202100321002181280α)X 9

+(−12344907214745500375573831104307711285521009799685413078580639062050851318969912341247264312840634659995027285037925+

5520810341619707139171407634828604883236284124331338894254066564750563059055800908472277889883570055935660571994375α)X 8

+(−67435925296732684682961982570381517531131191824966278405925924139037737594670617170676248794898970842888436339632647884000+

30158262617818355741836496003602999027399282530264580926332755734999022589286920620361169216257282472207902159371666461600α)X 7

+(−168942469209298693635750695489826914925427504125647840756178174609956080044217713010884041286268941265737659188767503106368916000+

75553369087732365431224253823854555448720199834228558415145346462676792415340108047182829505479285583986196531556191792160220000α)X 6

+(−56529183288734690846821217801270932303546632094835562647019588297308558103082210362682335675791434455186861350256880003074882891360000+

25280619309228896661662819188636062514404702932093111728206331986644114316849467353100675211130590647718363818851462864345910691360000α)X 5

+(−435519636340010539521693843071977135048928597654374785339132756676716165175410061804498790965131739242760712212093773662422099903394364960000+

194770302478448343511223812137652450852020632428467744935596571481524100161889847047718211855160342375157842355063845970830306370006888800000α)X 4

+(−4636137290504284838679291693645375382541612574917531068980716782415448232094527416127953700417661816914091830847261230386061852161311319974400000+

2073343626917892137908018724984794515165176296196473967600943523031757635638002910773573521370988089189812361616043734215645216543102139983360000α)X 3

+(−1019572981570036369781093840728603907543137989052941175988704407854543565094680857055017427084632306710954267263681847304305428207159797080079616000000+

455966898962547780773727242842371540034981792572559354520879373957124085603636457435614609054042767790661733826661683498163873691216507929157785600000α)X 2

+(−989755623613465656782922548336050444690139287467208458436671255921194592500147481883067164949784544720407750749871119711610884199684874701593395200000000+

442632171102481581929795460524177252735094872135666095868488828637588447621553088738451039939107686100438177490563715279207787896887725635957882880000000α)X

+(−518136123089064912998123924945094015669426441767880437169053617272258531123148110293149862693407189939024337331023666755676160241062574765810974720000000000+

231717518565069343450537504846219472784083807794567526421443591980746828759205574338118485311414767131117896563722782740278830405190231772212248576000000000α)

26 / 27

SLIDE 29

4-way split example [29, 42, 180], α = √ 5

1312 · 1512 · 2712 · H1 = 28736579143801X3+ (−26562730116782521146632372741880 − 11879214513306113836469992526568α)X2+ (5990974246433839852650110391082947569040 + 2679245133595909152965415345478662705600α)X+ (−3480604330303805262260482741199120111458868486400 − 1556573577068980473998916097703759097828035122560 414 · 592 · 151 · 211 · 2712 · H1 = 23016402013326325741X3+ (9257725299520525055412909924360 − 4142292063331002869676763774728α)X2+ (179099824341945882685979200041090000 + 72038950541358964140459108372177600α)X+ (−4434415394375288707691548835050092885600000 − 1983135079433372758059149231500269848880000α. 2 · 312 · 792 · 131 · 6192 · H1 = 602088260751382X3+ (−2323265507953477599376780839241175805570 + 1038995921112910845910309244805228580662α)X2+ (−14149414917013863823337186063655651741368792115 + 6327810719258509029228782366904607450149069375 (−35300109682030474197872270979347612753052234346771200 + 15786688972443725358635897938479042911445727409740320 2 · 192 · 31 · 592 · 79 · H1 =6155027618X3+ (16053413869234336169610 − 7179314262699413253006α)X2+ (150903572012642356883964135 − 67485955467102054333683715α)X+ (37505411639526461723399223957600 − 16772932345305004190900558870400α.

26 / 27

SLIDE 30

Conclusion

Theta evaluation no longer a computational problem. Some stuff would deserve proper proofs if possible. Database (2TB at the moment) currently at: http://barbecue.loria.fr:46015/ (temporary location. No real interface at the moment.)

27 / 27