point counting on hyperelliptic curves to genus 3 and
play

Point counting on hyperelliptic curves: to genus 3 and beyond Simon - PowerPoint PPT Presentation

Feb 15, 2024 •538 likes •907 views

Point counting on hyperelliptic curves: to genus 3 and beyond Simon Abelard Universit de Lorraine, Nancy Joint work with P. Gaudry and P.-J. Spaenlehauer January 25, 2018 CARAMBA /* */ E,C, /* */ c,r, /* */ u,l, e,s, i=5,

  1. Point counting on hyperelliptic curves: to genus 3 and beyond Simon Abelard Université de Lorraine, Nancy Joint work with P. Gaudry and P.-J. Spaenlehauer January 25, 2018 CARAMBA /* */ E,C, /* */ c,r, /* */ u,l, e,s, i=5, d[5],Q[999 ]={0};main(n ){for (;i--;e=scanf("%" "d",d+i));for(C =*d; ++i<C ;++Q[ i*i% C],c= i[Q]? c:i); for(;i --;) for(u =C;u --;n +=!u*Q [l%C ],e+= Q[(C +l*l- c*s* s%C) %C]) for( l=i,s=u,r=4;r;E= i*l+c*u*s,s=(u*l +i*s) %C,l=E%C+r --[d]);printf ("%d" "\n", (e+n* n)/2 /* cc caramba.c; echo f3 f2 f1 f0 p | ./a.out */ -C);} Simon Abelard Point counting January 25, 2018 1 / 18

  2. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Simon Abelard Point counting January 25, 2018 2 / 18

  3. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Curves and points Let f ∈ F q [ X ] be monic, squarefree of degree 2 g + 1. Equation Y 2 = f ( X ) → hyperelliptic curve C of genus g over F q . If C defined over F q , P = ( x , y ) ∈ C is rational if ( x , y ) ∈ ( F q ) 2 . Simon Abelard Point counting January 25, 2018 2 / 18

  4. It’s all about generating series. . . A first example How many solutions of y 2 = x 7 − 7 x 5 + 14 x 3 − 7 x + 1 in F 23 k ? Goal: generating series associated to these numbers of solutions. This series is rational so small k ’s are sufficient ( ≤ 3 in this case). Curves and points Let f ∈ F q [ X ] be monic, squarefree of degree 2 g + 1. Equation Y 2 = f ( X ) → hyperelliptic curve C of genus g over F q . If C defined over F q , P = ( x , y ) ∈ C is rational if ( x , y ) ∈ ( F q ) 2 . � � ( x , y ) ∈ ( F q i ) 2 | y 2 = f ( x ) Let C ( F q i ) = ∪ {∞} . Point counting: computing # C ( F q i ) for 1 ≤ i ≤ g . Simon Abelard Point counting January 25, 2018 2 / 18

  5. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Simon Abelard Point counting January 25, 2018 3 / 18

  6. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Point counting Input: f ∈ F q [ X ] defining a hyperelliptic curve Output: the polynomial Λ Simon Abelard Point counting January 25, 2018 3 / 18

  7. . . . Or rather polynomials Let C be a hyperelliptic curve of genus g . Weil conjectures to the rescue Point counting over F q is computing the local ζ function of C : �� � # C ( F q k ) s k Λ( s ) thm ζ ( s ) = exp = (1 − s )(1 − qs ) . k k With Λ ∈ Z [ X ] of degree 2 g having bounded coefficients. Point counting Input: f ∈ F q [ X ] defining a hyperelliptic curve Output: the polynomial Λ We study the complexity of such algorithms. Simon Abelard Point counting January 25, 2018 3 / 18

  8. A broad range of related problems Finding ‘nice’ curves Cryptography: g ≤ 2 and q large, needed to assess security. Error-correcting codes: need curves with many rational points. Arithmetic geometry Conjectures in number theory e.g. Sato -Tate in genus ≥ 2. p A p / p s with A p = # C ( F p ) / √ p . � L -functions associated: L ( s , C ) = Computing them relies on point-counting primitives. Simon Abelard Point counting January 25, 2018 4 / 18

  9. A broad range of related problems Finding ‘nice’ curves Cryptography: g ≤ 2 and q large, needed to assess security. Error-correcting codes: need curves with many rational points. Arithmetic geometry Conjectures in number theory e.g. Sato -Tate in genus ≥ 2. p A p / p s with A p = # C ( F p ) / √ p . � L -functions associated: L ( s , C ) = Computing them relies on point-counting primitives. Two families of algorithms p -adic methods: polynomial in g , exponential in log p Satoh’99, Kedlaya’01, Lauder’04 ℓ -adic methods: exponential in g , polynomial in log q Schoof’85, Gaudry-Schost’12 Simon Abelard Point counting January 25, 2018 4 / 18

  10. Overview and contributions Asymptotic complexities (hyperelliptic case) Our result Pila’90 Huang-Ierardi’98 Adleman-Huang’01 (log q ) O ( g 2 log g ) (log q ) g O (1) (log q ) O g (1) O g ((log q ) cg ) Simon Abelard Point counting January 25, 2018 5 / 18

  11. Overview and contributions Asymptotic complexities (hyperelliptic case) Our result Pila’90 Huang-Ierardi’98 Adleman-Huang’01 (log q ) O ( g 2 log g ) (log q ) g O (1) (log q ) O g (1) O g ((log q ) cg ) Practical algorithms Genus Complexity Authors O (log 4 q ) � g = 1 Schoof-Elkies-Atkin O (log 8 q ) � g = 2 Gaudry-Schost O (log 14 q ) ? � g = 3 O (log 5 q ) � g = 2 with RM Gaudry-Kohel-Smith O (log 6 q ) � g = 3 with RM Our result Simon Abelard Point counting January 25, 2018 5 / 18

  12. From curves to groups R R 2 Q Q 1 P 2 P R 1 P 1 Q 2 P + Q + R = 0 P 1 + P 2 + Q 1 + Q 2 + R 1 + R 2 = 0 Simon Abelard Point counting January 25, 2018 6 / 18

  13. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  14. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  15. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  16. Counting points on hyperelliptic curves Let C : y 2 = f ( x ) be a hyperelliptic curve over F q . Let J be its Jacobian and g its genus. (Hasse-Weil) coefficients of Λ are bounded integers. 1 ℓ -torsion J [ ℓ ] = { D ∈ J | ℓ D = 0 } ≃ ( Z /ℓ Z ) 2 g 2 Frobenius π : ( x , y ) �→ ( x q , y q ) acts linearly on J [ ℓ ] 3 For χ the char. polynomial of π , χ rev = Λ mod ℓ 4 Algorithm a la Schoof For each prime ℓ ≤ (9 g + 3) log q Describe I ℓ the ideal of ℓ -torsion Compute χ mod ℓ by testing char. eq. of π in I ℓ Deduce Λ mod ℓ Recover Λ by CRT Simon Abelard Point counting January 25, 2018 7 / 18

  17. Handling the torsion Goal: represent J [ ℓ ], ideal of ℓ -torsion. Method: write ℓ D = 0 formally, then ‘solve’ that system. Here comes trouble. . . How to model and solve it efficiently? Simon Abelard Point counting January 25, 2018 8 / 18

  18. Handling the torsion Goal: represent J [ ℓ ], ideal of ℓ -torsion. Method: write ℓ D = 0 formally, then ‘solve’ that system. Here comes trouble. . . How to model and solve it efficiently? − → multihomogeneous structure Simon Abelard Point counting January 25, 2018 8 / 18

  19. Modelling the ℓ -torsion Writing ℓ D = 0 Formally, D = P 1 + · · · + P g , coordinates of P i ( x i , y i ) are variables. Compute ℓ P i , then apply zero-test to ℓ D = � i ℓ P i . Simon Abelard Point counting January 25, 2018 9 / 18

  20. Modelling the ℓ -torsion Writing ℓ D = 0 Formally, D = P 1 + · · · + P g , coordinates of P i ( x i , y i ) are variables. Compute ℓ P i , then apply zero-test to ℓ D = � i ℓ P i . ⇒ there is a ϕ ( X , Y ) = P ( X ) + YQ ( X ) such that ℓ D = ( ϕ ). Simon Abelard Point counting January 25, 2018 9 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels

Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels

Genus 2, faster Gaudry, Kohel, Smith Genus 1 and 2 Point counting Point counting for genus 2 curves SchoofPila with real multiplication Division polys Kernels Schoof complexity Pierrick Gaudry, David Kohel, Benjamin Smith BSGS Real

407 views • 18 slides
Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof

Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof

Genus 2, faster Gaudry, Kohel, Smith Genus 1 and 2 Point counting Point Counting for Genus 2 Curves Division polys with Real Multiplication Kernels Schoof complexity BSGS Pierrick Gaudry, David Kohel, Benjamin Smith Real multiplication

550 views • 20 slides
ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves

ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves

ECC2011 summer school September 1516, 2011 Point counting algorithms on hyperelliptic curves F. Morain I. Introduction and motivations Goal: build an effective group of cryptographic strength, resisting all known attacks. Dream: find

834 views • 48 slides
Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault

Index Calculus Attack for Hyperelliptic Curves of Small Genus Nicolas Thriault nicolast@exp-math.uni-essen.de University of Toronto / IEM Universitt DuisburgEssen Slide index Discrete Log Problem Large primes Hyperelliptic

927 views • 67 slides
Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus

Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus

Counting numerical semigroups of a given genus by using -hyperelliptic semigroups Matheus Bernardini 1 University of Campinas / Federal Institute of S ao Paulo (Joint work in progress with Fernando Torres 1 ) International Meeting on

779 views • 51 slides
Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA

Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA

Point counting in genus 2: reaching 128 bits P. Gaudry E. Schost Cacao project ORCCA CNRS-INRIA UWO Thanks to Dan Bernstein and Nikki Pitcher Genus 2 curves and associated objects In what follows: C is the curve defined over F p by

425 views • 38 slides
Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange

Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange

Efficient Doubling on Genus Two Curves over Binary Fields (SAC 2004) Marc Stevens Tanja Lange Eindhoven University Ruhr-Universitt of Technology Bochum Overview Elliptic Curves Hyperelliptic Curves HEC of Genus 2

473 views • 33 slides
Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of

Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of

Sato-Tate groups of genus 2 curves Kiran S. Kedlaya Department of Mathematics, University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org Arithmetic of Hyperelliptic Curves NATO Advanced Study Institute Ohrid, Macedonia, August

1.31k views • 88 slides
L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S.

L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S.

L -functions via deformations: from hyperelliptic curves to hypergeometric motives Kiran S. Kedlaya Department of Mathematics, University of California, San Diego kedlaya@ucsd.edu http://kskedlaya.org/slides/ Arithmetic of Hyperelliptic Curves

708 views • 48 slides
Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve

Discrete Logs for Hyperelliptic Curves Summer School on Elliptic and Hyperelliptic Curve Cryptography Nicolas Thriault ntheriau@fields.utoronto.ca Fields Institute Discrete Logarithms Suppose that G = a , an additive group of order

230 views • 21 slides
Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2

Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2

Background Hyperelliptic curves with moderately large rank over Q ( T ) Bias Conjecture Acknowledgements Rank and Bias in Families of Hyperelliptic Curves Trajan Hammonds 1 Ben Logsdon 2 thammond@andrew.cmu.edu bcl5@williams.edu Joint with

426 views • 41 slides
Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar

Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar

Computing Cyclic Isogenies in Genus 2 with Applications in Cryptography Alina Dudeanu 1 Dimitar Jetchev 1 Damien Robert 2 1 EPF Lausanne 2 INRIA Bordeaux May 20, 2014 1/21 Introduction Elliptic and Hyperelliptic Curves Applications: Public key

1.13k views • 92 slides
Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on

Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on

Smaller class invariants for constructing curves of genus 2 Marco Streng The 15th workshop on Elliptic Curve Cryptography ECC 2011 INRIA, Nancy, France Sep 19 21, 2011 Overview genus 1 genus 2 constructing curves part 1 part 2 smaller

428 views • 38 slides
Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011

Abel-Jacobi map on complex hyperelliptic curves Pascal Molin CARAMEL, Loria Nancy june 2011 Hyperelliptic curve 2 g + 1 C : y 2 = ( x a i ) i = 1 Riemann surface with two sheets. a i = branch points. color = argument of y

733 views • 28 slides
Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony

Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony

Moduli spaces of genus 2 curves with split Jacobians through K3 surfaces Abhinav Kumar Stony Brook October 22, 2015 Abhinav Kumar Genus 2 curves with split Jacobians 1 / 33 Introduction Let C be a genus 2 curve over a field k , and J = Jac (

1.1k views • 88 slides
Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of

Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of

Update on Diophantine records for genus-3 curves ICERM workshop on Computational Aspects of L-functions and related topics 12 November 2015 Noam D. Elkies, Harvard University Update on Diophantine records for genus-3 curves ICERM workshop on

685 views • 20 slides
Garden of curves with many automorphisms G abor Korchm aros Universit` a degli Studi della

Garden of curves with many automorphisms G abor Korchm aros Universit` a degli Studi della

Garden of curves with many automorphisms G abor Korchm aros Universit` a degli Studi della Basilicata, Italy joint work with Massimo Giulietti Workshop on algebraic curves over finite fields, RICAM November 11-15 2013, Linz G abor

1.3k views • 126 slides
Local Analysis of 2D Curve Patches Local Analysis of 2D Curve Patches Topic 4.2: Topic 4.2:

Local Analysis of 2D Curve Patches Local Analysis of 2D Curve Patches Topic 4.2: Topic 4.2:

Local Analysis of 2D Curve Patches Local Analysis of 2D Curve Patches Topic 4.2: Topic 4.2: Local analysis of 2D curve Local analysis of 2D curve patches patches patches patches Representing 2D image curves Representing 2D image

1.3k views • 83 slides
GWA Advisory Committee October 10, 2018 Agenda Approval of September Meeting Minutes

GWA Advisory Committee October 10, 2018 Agenda Approval of September Meeting Minutes

GWA Advisory Committee October 10, 2018 Agenda Approval of September Meeting Minutes Announcement: Second Informational Meeting Projects and Management Actions Project Descriptions Develop Assessment Criteria

489 views • 36 slides
Klamath Project 2018 Hydrologic Update Meeting March 9, 2018 Jeff Nettleton Area Manager,

Klamath Project 2018 Hydrologic Update Meeting March 9, 2018 Jeff Nettleton Area Manager,

Klamath Project 2018 Hydrologic Update Meeting March 9, 2018 Jeff Nettleton Area Manager, Klamath Basin Area Office Overview 1. Welcome, Introductions, and Opening Statements 2. Current Water Conditions 3. Key Components for 2018 Water

348 views • 16 slides
Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari

Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari

Ceresa cycles of Fermat curves and Hodge theory of fundamental groups Payman Eskandari (University of Toronto) Fields Institute, Toronto August 12, 2020 Relations on algebraic cycles Recall that one has (among others) the notions of rational,

323 views • 21 slides
Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Overview Using Curve Implementation Lessons Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation Lessons Ninjas Shinobi Kun An John Chan David Mauskop Wisdom Omuya Zitong Wang Curve Ninjas

360 views • 17 slides
Chapter 4. Linear Models for Classification Wei Pan Division of Biostatistics, School of Public

Chapter 4. Linear Models for Classification Wei Pan Division of Biostatistics, School of Public

Chapter 4. Linear Models for Classification Wei Pan Division of Biostatistics, School of Public Health, University of Minnesota, Minneapolis, MN 55455 Email: weip@biostat.umn.edu PubH 7475/8475 Wei Pan c Linear Model and Least Squares

368 views • 19 slides
r t qt

r t qt

ss rts rs tts t ss r t qt

680 views • 26 slides

More recommend