Cup products on curves over finite fields Frauke Bleher joint with - PowerPoint PPT Presentation

Cup products on curves over finite fields Frauke Bleher joint with Ted Chinburg Maurice Auslander Distinguished Lectures and International Conference April 28, 2019 Frauke Bleher Cup products on curves over finite fields

Notation and ´ etale cohomology. ◮ k = F q finite field with q elements. ◮ C = smooth projective geometrically irreducible curve over k of genus g ≥ 1. ◮ k = algebraic closure of k , and C = C ⊗ k k . ◮ ℓ = odd prime, q ≡ 1 mod ℓ � k ∗ ⊇ µ ℓ ˜ ( ℓ th roots of 1 ). Let X be C or C , let η be a geometric point on X corresponding to an algebraic closure k ( X ) of the function field k ( X ), and let k ( X ) sep be the separable closure of k ( X ) inside k ( X ). The ´ etale fundamental group π 1 ( X , η ) is the quotient group of Gal ( k ( X ) sep / k ( X )) modulo the subgroup generated by all inertia groups associated to closed points of X . In other words, π 1 ( X , η ) is the profinite group that is the inverse limit of the Galois groups of all finite Galois covers of X that are flat and unramified (i.e. ´ etale). ∼ H r ( X , Z /ℓ ) H r ( π 1 ( X , η ) , Z /ℓ ) For all r ≥ 0: = � �� � � �� � ´ etale cohomology profinite group cohomology Frauke Bleher Cup products on curves over finite fields

Description of ´ etale cohomology groups. For X ∈ { C , C } , let Div ( X ) be the divisor group of X , and let Pic ( X ) = Div ( X ) / PrinDiv ( X ) be the Picard group of X . Assume: ℓ -torsion of the Jacobian of C over k is defined over k � Pic ( C )[ ℓ ] = Pic ( C )[ ℓ ] ∼ = ( Z /ℓ ) 2 g . 1 → k ∗ → k ( C ) ∗ div C − − − → Div ( C ) → Pic ( C ) → 0 is exact. Define D ( C ) := { a ∈ k ( C ) ∗ | div C ( a ) ∈ ℓ Div ( C ) } . We have: ( µ ℓ = sheaf of ℓ th roots of unity) ∼ H 1 ( C , Z /ℓ ) ( Z /ℓ ) 2 g +1 , = Hom ( Pic ( C ) , Z /ℓ ) = ∼ H 1 ( C , µ ℓ ) D ( C ) / ( k ( C ) ∗ ) ℓ ( Z /ℓ ) 2 g +1 , = = H 2 ( C , µ ℓ ) H 2 ( C , µ ⊗ 2 = Pic ( C ) /ℓ Pic ( C ) ℓ ) = Pic ( C ) ⊗ Z ˜ µ ℓ , � H 3 ( C , µ ⊗ 2 H 3 ( C , µ ℓ ) = Z /ℓ ℓ ) = ˜ µ ℓ . � ∼ H 1 ( C , µ ℓ ) ( Z /ℓ ) 2 g , = Pic ( C )[ ℓ ] = H 2 ( C , µ ⊗ 2 H 2 ( C , µ ℓ ) = Z /ℓ ℓ ) = ˜ µ ℓ . � Frauke Bleher Cup products on curves over finite fields

Triple cup products. Assume : q ≡ 1 mod ℓ and Pic ( C )[ ℓ ] = Pic ( C )[ ℓ ] ∼ = ( Z /ℓ ) 2 g . We consider the triple cup product of ´ etale cohomology groups ∪ ℓ ) ∼ F : H 1 ( C , Z /ℓ ) × H 1 ( C , µ ℓ ) × H 1 ( C , µ ℓ ) → H 3 ( C , µ ⊗ 2 − = ˜ µ ℓ . Significance of F : ◮ useful to get an explicit description of certain profinite groups ( ℓ -adic completions of the ´ etale fundamental group of C ) as quotients of pro-free groups modulo relations; ◮ potentially useful for cryptographic applications by restricting to triples of cyclic groups of order ℓ to get a trilinear map (if this map is “cryptographic” it would be a big step forward in the security of intellectual property). Frauke Bleher Cup products on curves over finite fields

Key sharing for 4 persons. Restrict the triple cup product F to f : G 1 × G 2 × G 3 → H = ˜ µ ℓ where G i is identified with a cyclic group G of order ℓ ( i = 1 , 2 , 3). Then f is trilinear in the sense that f ( g α 1 , g α 2 , g α 3 ) = f ( g , g , g ) α 1 α 2 α 3 when G = � g � and α i ∈ Z . Public information: generators g of G and h of H , and map f . Secrets: j th person ( j = 1 , . . . , 4) picks secret c j ∈ ( Z /ℓ ) ∗ and posts g c j . Decode: each of the 4 persons can compute f ( g , g , g ) c 1 c 2 c 3 c 4 : e.g., 4th person can compute f ( g c 1 , g c 2 , g c 3 ) c 4 . f is “cryptographic” if f is “easy to compute” and “hard to break” (this can be made precise in computer science terms). Frauke Bleher Cup products on curves over finite fields

Theorem: (B-Chinburg) Assume q ≡ 1 mod ℓ and Pic ( C )[ ℓ ] = Pic ( C )[ ℓ ]. The trilinear map given by the triple cup product ∪ H 1 ( C , Z /ℓ ) × H 1 ( C , µ ℓ ) × H 1 ( C , µ ℓ ) → H 3 ( C , µ ⊗ 2 F : − ℓ ) = ˜ µ ℓ is non-trivial. The total number of triples G = ( G 1 , G 2 , G 3 ) of subgroups of order ℓ in H 1 ( C , Z /ℓ ) , H 1 ( C , µ ℓ ) and H 1 ( C , µ ℓ ) , � ℓ 2 g +1 − 1 � 3 respectively, is N = . ℓ − 1 The number N ( C ) of triples G for which the restriction F G is non-degenerate satisfies N ( C ) ≥ N · (1 − ℓ − 1 ) 2 . More precisely, ℓ 4 g − 1 ( ℓ 3 − 1)( ℓ 2 g − 1) ≤ N ( C ) ≤ ℓ 2 g +1 ( ℓ 2 g +1 − 1)( ℓ 2 g − 1) . ( ℓ − 1) 2 ( ℓ − 1) 2 If k ′ is the extension of degree ℓ of k in k, then N ( C ⊗ k k ′ ) = ℓ 4 g − 1 ( ℓ 3 − 1)( ℓ 2 g − 1) . ( ℓ − 1) 2 Frauke Bleher Cup products on curves over finite fields

Example: elliptic curves. Let C be an elliptic curve. On choosing an isomorphism between Z /ℓ and ˜ µ ℓ , the previous theorem shows that the cup product ∪ H 1 ( C , Z /ℓ ) × H 1 ( C , Z /ℓ ) × H 1 ( C , Z /ℓ ) → H 3 ( C , ( Z /ℓ ) ⊗ 3 ) = Z /ℓ − is non-trivial. Since this cup product is alternating and H 1 ( C , Z /ℓ ) has dimension 3 over Z /ℓ , this trilinear map is, up to multiplication by a non-zero scalar, the unique non-trivial alternating form of degree three on H 1 ( C , Z /ℓ ). Hence the number N ( C ) of triples G for which the restriction F G is non-degenerate is therefore = ℓ 4 g − 1 ( ℓ 3 − 1)( ℓ 2 g − 1) N ( C ) = # GL 3 ( Z /ℓ ) ( ℓ − 1) 3 ( ℓ − 1) 2 when g = 1. Frauke Bleher Cup products on curves over finite fields

A formula for the triple cup product ∪ ℓ ) ∼ H 1 ( C , Z /ℓ ) × H 1 ( C , µ ℓ ) × H 1 ( C , µ ℓ ) → H 3 ( C , µ ⊗ 2 µ ℓ . − = ˜ Assumptions: q ≡ 1 mod ℓ and Pic ( C )[ ℓ ] = Pic ( C )[ ℓ ]. Recall: 1 → k ∗ → k ( C ) ∗ div C − − − → Div ( C ) → Pic ( C ) → 0 is exact. Define D ( C ) := { a ∈ k ( C ) ∗ | div C ( a ) ∈ ℓ Div ( C ) } . We have: = ( Z /ℓ ) 2 g +1 and ◮ H 1 ( C , Z /ℓ ) = Hom ( Pic ( C ) , Z /ℓ ) ∼ ∼ H 1 ( C , µ ℓ ) = D ( C ) / ( k ( C ) ∗ ) ℓ = ( Z /ℓ ) 2 g +1 . ◮ H 2 ( C , µ ℓ ) = Pic ( C ) /ℓ Pic ( C ) � H 2 ( C , µ ⊗ 2 ℓ ) = Pic ( C ) ⊗ Z ˜ µ ℓ . ◮ H 3 ( C , µ ℓ ) = Z /ℓ � H 3 ( C , µ ⊗ 2 ℓ ) = ˜ µ ℓ . Frauke Bleher Cup products on curves over finite fields

Assume q ≡ 1 mod ℓ and Pic ( C )[ ℓ ] ∼ Theorem: (B-Chinburg) = ( Z /ℓ ) 2 g . Suppose a , b ∈ D ( C ) define non-trivial classes [ a ] , [ b ] ∈ H 1 ( C , µ ℓ ) . Choose α ∈ k ( C ) sep with α ℓ = a. Then L = k ( C )( α ) is the function field of an irreducible smooth projective curve C ′ over k. There is an element γ ∈ L such that b = Norm L / k ( C ) ( γ ) . Write b = div C ( b ) /ℓ ∈ Div ( C ) , and let Gal ( L / k ( C )) = � σ � . Then there is a divisor c ∈ Div ( C ′ ) such that (1 − σ ) · c = div C ′ ( γ ) − π ∗ b where π : C ′ → C is the morphism associated with k ( C ) ֒ → L. We have ξ = σ ( α ) /α ∈ ˜ µ ℓ . We obtain µ ℓ = H 2 ( C , µ ⊗ 2 [ a ] ∪ [ b ] = [ Norm C ′ / C ( c )] ⊗ ξ ∈ Pic ( C ) ⊗ ˜ ℓ ) where [ d ] is the class in Pic ( C ) of a divisor d . If t ∈ H 1 ( C , Z /ℓ ) = Hom ( Pic ( C ) , Z /ℓ ) , then [ t ] ∪ [ a ] ∪ [ b ] = ξ t ([ Norm C ′ / C ( c )]) µ ℓ = H 3 ( C , µ ⊗ 2 ∈ ˜ ℓ ) . Frauke Bleher Cup products on curves over finite fields

Computability and restriction. ◮ This formula is based on a formula by McCallum-Sharifi for a cup product used in the context of Iwasawa theory. ◮ We do not know if this formula can in general be computed in polynomial time. We now consider the restriction of the cup product ∪ → H 3 ( C , µ ⊗ 2 ℓ ) ∼ H 1 ( C , Z /ℓ ) × H 1 ( C , µ ℓ ) × H 1 ( C , µ ℓ ) − = ˜ µ ℓ such that the third argument comes from H 1 ( k , µ ℓ ). Note: The group H 1 ( k , µ ℓ ) = k ∗ / ( k ∗ ) ℓ has order ℓ and is the kernel of the surjective restriction map H 1 ( C , µ ℓ ) � H 1 ( C , µ ℓ ) r : Hom ( Pic ( C ) , ˜ µ ℓ ) Hom ( Pic ( C ) , ˜ µ ℓ ) Frauke Bleher Cup products on curves over finite fields

Formula of the restriction of the triple cup product. As above, r : H 1 ( C , µ ℓ ) → H 1 ( C , µ ℓ ) is the surjective restriction map with kernel H 1 ( k , µ ℓ ) = k ∗ / ( k ∗ ) ℓ . Theorem: (B-Chinburg) Assume q ≡ 1 mod ℓ and Pic ( C )[ ℓ ] ∼ = ( Z /ℓ ) 2 g . Suppose a , b ∈ D ( C ) define non-trivial classes [ a ] , [ b ] ∈ H 1 ( C , µ ℓ ) , and suppose b ∈ k ∗ . Let t ∈ H 1 ( C , Z /ℓ ) = Hom ( Pic ( C ) , Z /ℓ ) . Then b ( q − 1) /ℓ ∈ ˜ µ ℓ and w = t ⊗ b ( q − 1) /ℓ ∈ H 1 ( C , Z /ℓ ) ⊗ ˜ µ ℓ = H 1 ( C , µ ℓ ) . One has ∈ H 2 ( C , µ ⊗ 2 [ t ] ∪ [ a ] ∪ [ b ] = � r ( w ) , r ([ a ]) � Weil ℓ ) = ˜ µ ℓ where � , � Weil : H 1 ( C , µ ℓ ) × H 1 ( C , µ ℓ ) → H 2 ( C , µ ⊗ 2 ℓ ) = ˜ µ ℓ is the Weil pairing, i.e. the non-degenerate cup product pairing associated to C. Frauke Bleher Cup products on curves over finite fields