Computation of Igusa class polynomials with the complex analytic - PowerPoint PPT Presentation

Computation of Igusa class polynomials with the complex analytic method R. Dupont 1 , A. Enge 2 , E. Thom´ e 3 1 INRIA/TANC, Saclay ; 2 INRIA/LFANT, Bordeaux ; 3 INRIA/CARAMEL, Nancy. /* EPI CARAMEL */ C,A, /* Cryptologie, Arithmétique : */ R,a, /* Matériel et Logiciel */ M,E, L,i= 5,e, d[5],Q[999 ]={0};main(N ){for (;i--;e=scanf("%" "d",d+i));for(A =*d; ++i<A ;++Q[ i*i% A],R= i[Q]? R:i); for(;i --;) for(M =A;M --;N +=!M*Q [E%A ],e+= Q[(A +E*E- R*L* L%A) %A]) for( E=i,L=M,a=4;a;C= i*E+R*M*L,L=(M*E +i*L) %A,E=C%A+a --[d]);printf ("%d" "\n", (e+N* N)/2 /* cc caramel.c; echo f3 f2 f1 f0 p | ./a.out */ -A);} Jun. 22nd, 2011 1 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 2 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 3 / 27

Genus 2 CM Let K be a CM field. K 2, totally imaginary K 0 g = 2, totally real Q The Igusa class polynomials give the invariants of genus 2 curves having CM by O K (extends Hilbert class polynomials for genus 1). More headaches. Three polynomials instead of one. Denominators. The larger the discriminants, the bigger the polynomials. 4 / 27

Existing work Cryptographic target: C over F q , known CM, known # Jac C ( F q ) . Means of computing Igusa class polynomials. Complex analytic method: Spallek, Weng, Streng. p -adic: Gaudry, Houtmann, Kohel, Ritzenthaler, Weng, Carls, Lubicz. CRT: Eisentrager, Lauter, Br¨ oker, Gruenewald, Robert. State of the art of “big” computations: echidna DBs. Focus here on the complex analytic method. Streng: complete algorithm, and complexity upper bounds. Improve on keypoint: computation of invariants analytically. Recognize irreducible factors of class polynomials. 5 / 27

Outline (1): period matrices and Θ -constants � � PPAV= Z -lattice in C 2 τ 1 τ 3 → period matrix τ = ∈ H 2 . +Riemann form τ 3 τ 2 Theta constants for a = ( a 0 , a 1 ) , b = ( b 0 , b 1 ) , a i , b i ∈ { 0 , 1 / 2 } : � ( n + a ) τ ( n + b ) t + 2 ( n + a ) b t �� . � Θ [ a , b ] ( τ ) = exp � i π n ∈ Z 2 Numbering (Dupont) Θ [ a , b ] = Θ b 0 + 2 b 1 + 4 a 0 + 8 a 1 . 10 even theta constants: Θ 0 , 1 , 2 , 3 , 4 , 6 , 8 , 9 , 12 , 15 , other are 0. 6 / 27

Outline (2): invariants of genus 2 curves The moduli space of 2-dimensional PPAVs has dimension 3. Igusa invariants can be computed from Θ 0 , 1 , 2 , 3 , 4 , 6 , 8 , 9 , 12 , 15 . Several invariant sets floating around. Some “smaller” than others. Define ( i 1 , i 2 , i 3 ) as those proposed by Streng. i 1 = I 4 I ′ i 2 = I 2 I 2 i 3 = I 5 6 4 4 . I 2 I 10 I 10 10 7 / 27

Outline (3): Class polynomials Consider S ( K ) the set of PPAVs with CM by O K . The set { i 1 ( τ ) , τ ∈ S ( K ) } is defined over Q . Minimal polynomials H 1 , H 2 , H 3 in Q [ x ] . Better: { i 1 , 2 , 3 ( τ ) } a 0-dimensional set in C 3 , defined over Q . Triangular (Hecke) representation: H 1 , ˆ H 2 , ˆ H 3 , with: ˆ H 2 ( i 1 ) = H ′ 1 ( i 1 ) i 2 . The triple ( H 1 , ˆ H 2 , ˆ H 3 ) is our target. Obstacles: Large degree, (very) large coefficients. Need large precision for complex invariants, so that rational polynomials may be recognized. 8 / 27

Workplan Enumerate PPAVs with CM by O K , with period matrices. Compute the theta constants and invariants in C . Compute their defining polynomials. Recognize these polynomials. 9 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 10 / 27

PPAVs with CM by O K Let Φ a CM-type, and a ∈ I ( O K ) = { fractional O K -ideals } , s.t.: a D K / Q ) − 1 = ( ξ ) , with Φ( ξ ) ∈ i R + ∗ . ( a ¯ Φ( a ) defines a 2 g -dimensional lattice in C . E (Φ( α ) , Φ( β )) = Tr ( ξα ¯ β ) integral on Φ( a ) × Φ( a ) . C g / Φ( a ) is a PPAV with CM by O K (of type Φ ). Conversely, all can be represented by such triples. x ) − 1 ξ ) Isomorphism relation: (Φ , a , ξ ) ∼ (Φ , x a , ( x ¯ A triple (Φ , a , ξ ) readily yields a period matrix Ω ∈ H 2 . S ( K , Φ) = { PPAV with CM by O K of type Φ } , S ( K , Φ ′ ) = { PPAV with CM by O K of type Φ ′ } . Easy plan: enumerate Cl ( O K ) to find S ( K , Φ) and S ( K , Φ ′ ) . 11 / 27

Considering smaller sets. Let h 1 = | Cl ( K / Q ) | | Cl ( K 0 / Q ) | . We have | S ( K , Φ) | = h 1 . | S ( K ) | = 2 h 1 for K nonnormal ( h 1 for cyclic case). The invariants for S ( K , Φ) form a set defined over K r 0 . H i factors over K r 0 . Polynomials of smaller degree, but coefficients now over K r 0 . H 1 sometimes reducible. S ( K , Φ) is a C ( K ) -torsor, for the Shimura group C ( K ) . The reflex typenorm map isolates a subgroup G ⊳ C ( K ) . Partition S ( K , Φ) into G -orbits. These correspond to irreducible factors over K r 0 . 12 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 13 / 27

Computing theta constants Input: τ ∈ F 2 , whose entries are algebraic numbers. Goal: theta constants Θ 0 , 1 , 2 , 3 , 4 , 6 , 8 , 9 , 12 , 15 (and later i 1 , 2 , 3 ). Large precision N needed to successful reconstruct H 1 , ˆ H 2 , ˆ H 3 . Upper bounds on N exist. Difficult to make it tight. Compute τ to precision N . few ×M ( N ) log N . Use q -expansion of Θ i : O ( N ) terms, total O ( N M ( N )) . � ( n + a ) τ ( n + b ) t + 2 ( n + a ) b t �� . � Θ [ a , b ] ( τ ) = exp � i π n ∈ Z 2 q 1 , 2 , 3 = exp ( i πτ 1 , 2 , 3 ) . Better avoid Magma ’s Theta code (excessively generic/slow). It is possible to compute theta-constants by Newton lifting. 14 / 27

Borchardt mean Dupont defines a Borchardt sequence as ( ( x n , y n , z n , t n ) ∈ C 4 ): x n + 1 = 1 y n + 1 = 1 2 ( √ x n √ y n + √ z n √ t n ) , 4 ( x 2 n + y 2 n + z 2 n + t 2 n ) , z n + 1 = 1 2 ( √ x n √ z n + √ y n √ t n ) , t n + 1 = 1 2 ( √ x n √ t n + √ y n √ z n ) . Choice of √ at each iteration. Starting ( x 0 , y 0 , z 0 , t 0 ) : set of possible limits B 2 ( x 0 , y 0 , z 0 , t 0 ) . Forcing consistent choice of roots: B 2 ( x , y , z , t ) well defined. Let U = { τ ∈ H 2 , B 2 (Θ 2 0 , 1 , 2 , 3 ( τ )) = 1 } . At least F 2 ⊂ U . Homogeneity: B 2 ( λ x , λ y , λ z , λ t ) = λ B 2 ( x , y , z , t ) . 15 / 27

Exploiting action of Sp 4 ( Z ) For some matrices of Γ 2 = Sp 4 ( Z ) / ± 1: Θ 2 0 , 1 , 2 , 3 (( JM 1 ) 2 .τ ) = Θ 2 4 , 0 , 6 , 2 ( τ ) · ( i τ 1 ) , Θ 2 0 , 1 , 2 , 3 (( JM 2 ) 2 .τ ) = Θ 2 8 , 9 , 0 , 1 ( τ ) · ( i τ 2 ) , Θ 2 0 , 1 , 2 , 3 ( J .τ ) = Θ 2 0 , 4 , 8 , 12 ( τ ) · ( τ 2 3 − τ 1 τ 2 ) If ( JM 1 ) 2 .τ ∈ U , then B 2 (Θ 2 1 4 , 0 , 6 , 2 ( τ )) = i τ 1 . In case (e.g) J .τ �∈ U : Need to find M in some subgroup such that M J .τ ∈ U Then the result obtained is related to τ ′ = J − 1 M J .τ : 1 B 2 (Θ 2 0 , 4 , 8 , 12 ) = . 2 − τ ′ τ ′ 1 τ ′ 3 2 16 / 27

Θ 2 0 , 1 , 2 , 3 as solutions of an equation Input: τ ∈ F 2 known (to any precision we like). Initially: low-precision Θ 2 0 , 1 , 2 , 3 ( τ ) . Use duplication formulae to deduce Θ 2 0 , 1 , 2 , 3 , 4 , 6 , 8 , 9 , 12 , 15 ( 2 τ ) . Use B 2 computations to deduce coefficients of 2 τ . Conjectures: for τ ∈ F 2 : ( JM 1 ) 2 . ( 2 τ ) ∈ U ; ( JM 2 ) 2 . ( 2 τ ) ∈ U ; � � τ 1 τ 3 + 1 One of { J . ( 2 M − 1 , 0 , 1 .τ ) } is in U , with M 3 .τ = . 3 τ 3 + 1 τ 2 Feedback: approximation of Θ 2 0 , 1 , 2 , 3 ( τ ) → τ + ǫ . Newton: use this feedback loop to find Θ 2 0 , 1 , 2 , 3 ( τ ) . Keeping track of derivatives is messy. 17 / 27

Computation of Θ 2 0 , 1 , 2 , 3 by Newton lifting Convergence of the Newton iteration is quadratic: each iteration (almost) doubles the precision. it is possible to “lift higher” without restarting from scratch. Complexity of the algorithm: O ( M ( N ) log N ) . C implementation. Experimentally, complexity about 800 M ( N ) log N . Some caveats: CM points tend to wander close to boundaries. Choice of correcting factor M − 1 , 0 , 1 must be constant. 3 18 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 19 / 27

Reconstruction Given invariants for the chosen set of period matrices. Recoved H 1 , ˆ H 2 , ˆ H 3 ∈ R [ x ] with product trees. Recognize x ∈ R as ( a + bw ) / c : find small lattice point of:   1 K 0 0 0 0 w K     x 0 0 K Success criterion: smooth denominators. Denominators can be predicted to some extent (not done here). While reconstruction fails, keep on lifting Θ 2 0 , 1 , 2 , 3 ( τ ) . 20 / 27

Plan Introduction General outline Principally polarized abelian varieties with CM by O K Computing complex invariants Recognizing algebraic numbers Computer experiments 21 / 27