Statistics for points on curves over finite fields Alina Bucur - - PowerPoint PPT Presentation

Statistics for points on curves over finite fields

Alina Bucur

Department of Mathematics, UCSD; alina@math.ucsd.edu

joint work with C. David (Concordia), B. Feigon (CCNY) and M. Lal´ ın (U. Montr´ eal) Conference on Geometry and Cryptography Tahiti, French Polynesia October 7-11, 2013

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 1 / 35

Setup

C smooth projective curve of genus g defined over finite field Fq ZC(u) def = exp ∞

• k=1

#C

• Fqk

uk k

• ZC(u) =

PC(u) (1 − u)(1 − qu) deg PC(u) = 2g

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 2 / 35

Setup

C smooth projective curve of genus g defined over finite field Fq ZC(u) def = exp ∞

• k=1

#C

• Fqk

uk k

• ZC(u) =

PC(u) (1 − u)(1 − qu) deg PC(u) = 2g Question What can we say about statistics for #C(Fq) as C and/or q varies? What can we say about statistics for zeros of ZC(u) as C and/or q varies? Recall: The zeroes are the reciprocals of the eigenvalues of the Frobenius automorphism #C(Fq) = q + 1 − Trace(FrobC)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 2 / 35

Geometric situation: Katz-Sarnak philosophy

Fix genus g, let q → ∞ When q → ∞, the (normalized) zeroes of ZC(u) of curves C in a family are distributed like the eigenvalues of random matrices in the monodromy group of the family.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 3 / 35

Geometric situation: Katz-Sarnak philosophy

Fix genus g, let q → ∞ When q → ∞, the (normalized) zeroes of ZC(u) of curves C in a family are distributed like the eigenvalues of random matrices in the monodromy group of the family. From the point of view of zeroes of ZC(u), hyperelliptic curves behave like general curves in the moduli space of all curves of genus g.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 3 / 35

Number of points

Probabilistic situation

Fix the finite field Fq and let g → ∞. Want the distribution of #C(Fq), as C runs through some family of curves whose genus grows to ∞.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 4 / 35

Number of points

Probabilistic situation

Fix the finite field Fq and let g → ∞. Want the distribution of #C(Fq), as C runs through some family of curves whose genus grows to ∞. In typical cases, the answer will be in terms of a sum of i.i.d. random variables.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 4 / 35

Number of points

A few examples

C : yp = f (x)

• ver Fq, q ≡ 1 (mod p)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 5 / 35

Number of points

A few examples

C : yp = f (x)

• ver Fq, q ≡ 1 (mod p)

#C(Fq) = q + 1 − (Sχ(f ) + Sχ2(f ) + . . . + Sχp−1(f )) where Sχ(f ) =

x∈P1(Fq) χ(f (x))

Then Prob(Sχ(f ) = t) ∼ Prob(X0 + . . . + Xq = t) Xj =      with probability p − 1 q + p − 1 pth roots of unity each with probability q p(q + p − 1) p = 2 Kurlberg-Rudnick p ≥ 3 Bucur-David-Feigon-Lal´ ın

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 5 / 35

Number of points

Compatibility with RMT: As both q, g → ∞, get real Gaussian N(0; 1) for hyperelliptic curves and complex Gaussian with probability measure 1 πe−(x2+y2)dxdy.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 6 / 35

Number of points

p = 3 : cyclic trigonal curves

y3 = f (x) Heuristically, one can compute using CRT the probability that a polynomial f (x) = f1(x)f 2

2 (x), with deg f1 = d1, deg f2 = d2 has no

repeated roots in Fq. And then the probability that such a polynomial takes a given set of values at the points of P1(Fq). They turn out to be exactly given exactly by i.i.d. random variables X0, X1, . . . , Xq.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points

p = 3 : cyclic trigonal curves

y3 = f (x) Heuristically, one can compute using CRT the probability that a polynomial f (x) = f1(x)f 2

2 (x), with deg f1 = d1, deg f2 = d2 has no

repeated roots in Fq. And then the probability that such a polynomial takes a given set of values at the points of P1(Fq). They turn out to be exactly given exactly by i.i.d. random variables X0, X1, . . . , Xq. Imposing the square-free condition cuts uniformly across these sets, and being square-free is an event independent of imposing values at a finite number of points.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points

p = 3 : cyclic trigonal curves

y3 = f (x) Heuristically, one can compute using CRT the probability that a polynomial f (x) = f1(x)f 2

2 (x), with deg f1 = d1, deg f2 = d2 has no

repeated roots in Fq. And then the probability that such a polynomial takes a given set of values at the points of P1(Fq). They turn out to be exactly given exactly by i.i.d. random variables X0, X1, . . . , Xq. Imposing the square-free condition cuts uniformly across these sets, and being square-free is an event independent of imposing values at a finite number of points. The error term occurs because if one interprets the square-free condition as a collection of conditions indexed by irreducible polynomials, these individual conditions are only jointly independent in small numbers.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 7 / 35

Number of points

Fibers over P1: Melanie Matchett-Wood

Can think of the previous situation as counting points in the fiber above each point of P1. For double covers, each fiber can have 2, 0 or 1 points.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 8 / 35

Number of points

Fibers over P1: Melanie Matchett-Wood

Can think of the previous situation as counting points in the fiber above each point of P1. For double covers, each fiber can have 2, 0 or 1 points. Tg is the moduli space of trigonal curves (degree 3 map to P1) Idea: relate trigonal curves to cubic extensions of function fields, and then use methods coming from number fields to count cubic extensions with every possible fiberwise behavior above each rational point of the base curve.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 8 / 35

Number of points

Fibers over P1: Melanie Matchett-Wood

If char Fq ≥ 5, as g → ∞, Prob(#C(Fq) = t) ∼ Prob(X0 + . . . + Xq = t) Xj =            with probability

2q2 6q2+6q+6

1 with probability

3q2+6 6q2+6q+6

2 with probability

6q 6q2+6q+6

3 with probability

q2 6q2+6q+6

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 9 / 35

Number of points

Plane curves: joint work with David, Feigon, Lal´ ın

Hf : f (X, Y , Z) = 0 deg f = d

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 10 / 35

Number of points

Plane curves: joint work with David, Feigon, Lal´ ın

Hf : f (X, Y , Z) = 0 deg f = d genus g = (d − 1)(d − 2)/2 for a smooth curve

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 10 / 35

Number of points

Poonen’s sieve

Theorem (Bertini with Taylor conditions: Poonen 2004) Let X be a quasi-projective subscheme of Pn over Fq, Z finite subscheme

• f Pn such that U = X \ (X ∩ Z) is smooth of dimension m. Fix

T ⊂ H0(Z, OZ). Given a homogeneous polynomial f of degree d, let f |Z denote the element of H0(Z, OZ) that on each connected component Zi equals the restriction of x−d

j

f to Zi, where j = j(i) is the smallest integer 0 ≤ j ≤ n such that the coordinate xj is invertible on Zi. Then, as d → ∞ #{f ∈ Sd; Hf ∩ U smooth, f |Z ∈ T} #Sd ∼ #T #H0(Z, OZ)ζU(m + 1)−1.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 11 / 35

Number of points

Poonen’s sieve for plane curves

X = P2 n = m = 2

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points

Poonen’s sieve for plane curves

X = P2 n = m = 2 Z : an m2

P neighborhood for each point P ∈ P2(Fq)

H0(Z, OZ) =

P OP/m2P

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points

Poonen’s sieve for plane curves

X = P2 n = m = 2 Z : an m2

P neighborhood for each point P ∈ P2(Fq)

H0(Z, OZ) =

P OP/m2P

Idea: the probability that Hf is smooth at a closed point P of the subscheme U is given by 1 − q−3 deg P

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points

Poonen’s sieve for plane curves

X = P2 n = m = 2 Z : an m2

P neighborhood for each point P ∈ P2(Fq)

H0(Z, OZ) =

P OP/m2P

Idea: the probability that Hf is smooth at a closed point P of the subscheme U is given by 1 − q−3 deg P If conditions were independent we would get that the probability that Hf is smooth was

• P closed point of U

(1 − q−3 deg P) = 1 ζU(3)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 12 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z) points of medium degree points of high degree

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z)

conditions at each point are indeed independent MAIN TERM

points of medium degree points of high degree

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z)

conditions at each point are indeed independent MAIN TERM

points of medium degree

probability predicted by the local factor crude estimate for each contribution + Weil estimates for their number

points of high degree

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z)

conditions at each point are indeed independent MAIN TERM

points of medium degree

probability predicted by the local factor crude estimate for each contribution + Weil estimates for their number

points of high degree

partially decouple the low-order Taylor coefficients

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z)

conditions at each point are indeed independent MAIN TERM

points of medium degree

probability predicted by the local factor crude estimate for each contribution + Weil estimates for their number

points of high degree

partially decouple the low-order Taylor coefficients dehomogenize and write f = f0 + x1f p

1 + x2f p 2 .

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Poonen’s sieve for plane curves

points of low degree (including the points of Z)

conditions at each point are indeed independent MAIN TERM

points of medium degree

probability predicted by the local factor crude estimate for each contribution + Weil estimates for their number

points of high degree

partially decouple the low-order Taylor coefficients dehomogenize and write f = f0 + x1f p

1 + x2f p 2 .

B´ ezout’s theorem to bound their number in terms of the degree of the Zariski closure of X in P2.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 13 / 35

Number of points

Theorem (Bucur-David-Feigon-Lal´ ın) Let X1, . . . , Xq2+q+1 be q2 + q + 1 i.i.d. Bernoulli random variables taking the value 1 with probability (q + 1)/(q2 + q + 1) and the value 0 with probability q2/(q2 + q + 1). Then, for 0 ≤ t ≤ q2 + q + 1, # {F ∈ Sns

d ; #CF(Fq) = t}

#Sns

d

= Prob

• X1 + · · · + Xq2+q+1 = t
• ×
• 1 + O
• qt
• d−1/3 + (d − 1)2q− min
• d

p

• +1, d

3

• + dq−
• d−1

p

• −1
• ,

where ⌊·⌋ denotes the integer part.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 14 / 35

Number of points

Kurlberg-Wigman 2010

Used Poonen’s sieve to construct a family of curves for which the point count statistics over Fp becomes Gaussian for p fixed. In particular, the average number of Fp-points tends to infinity. Idea: intersect projective surfaces Xi , chosen so that |Xi(Fp)| → ∞, with families of large degree hypersurfaces.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 15 / 35

Number of points

Generalization of Poonen’s work: joint with Kedlaya

X be a quasiprojective subscheme of dimension m ≥ 0 of the projective space Pn over some finite field Fq of characteristic p d = (d1, . . . , dk) a k-tuple of positive integers Sd = Sd1 × · · · × Sdk k-tuples of homogeneous polynomials in n + 1 variables for each f = (f1, . . . , fk) ∈ Sd, write Hf = Hf1 ∩ · · · ∩ Hfk We are now interested in the probability that for f ∈ Sd chosen uniformly, Hf ∩ X is smooth of dimension m − k and in the distribution of the number of points on such objects.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 16 / 35

Number of points

Theorem (Bucur-Kedlaya)

Let Z be a finite subscheme of X for which U = X \ Z is smooth of dimension m, and define z = dimFq H0(Z, OZ). Choose an integer k ∈ {1, . . . , m + 1}, z ≤ d1 ≤ · · · ≤ dk, and a subset T of H0(Z, OZ(d)). Pd = {f ∈ Sd : Hf ∩ U is smooth of dimension m − k, and f|Z ∈ T}. Then #Pd #Sd = #T qz

• x∈U◦
• 1 − q−k deg(x) + q−k deg(x)L(qdeg(x), m, k)
• + O((d1 − z + 1)−(2k−1)/m + dm

k q−d1/ max{m+1,p}),

where L(q, m, k) =

k−1

• j=0

(1 − q−(m−j)) denotes the probability that k randomly chosen vectors in Fm

q are linearly

independent.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 17 / 35

Number of points

Artin-Schreier covers

C : yp − y = f (x) f ∈ Fq(x), char Fq = p > 2

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 18 / 35

Number of points

Artin-Schreier covers

C : yp − y = f (x) f ∈ Fq(x), char Fq = p > 2 genus = p − 1 2  r − 1 +

r+1

• j=1

dj   when f has r + 1 poles of orders d1, . . . , dr+1

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 18 / 35

Number of points

Artin-Schreier covers

C : yp − y = f (x) f ∈ Fq(x), char Fq = p > 2 genus = p − 1 2  r − 1 +

r+1

• j=1

dj   when f has r + 1 poles of orders d1, . . . , dr+1 p-rank = r(p − 1)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 18 / 35

Number of points

Artin-Schreier covers

Cf : yp − y = f (x)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 19 / 35

Number of points

Artin-Schreier covers

Cf : yp − y = f (x) For each α ∈ P1(Fqk), the fiber above α on the curve Cf will have        1 point, if f (α) = ∞ p points, if trFqk /Fp(f (α)) = 0 0 points, if trFqk /Fp(f (α)) = 0 The expected number of points in the fiber is 1 · Prob(f (α) = ∞) +

• β:trk(β)=0

p · Prob(f (α) = β).

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 19 / 35

Number of points

Baby case: p-rank 0

Cf : yp − y = f (x) f ∈ Fq[x] without the terms xp, x2p, . . .

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 20 / 35

Number of points

Baby case: p-rank 0

Cf : yp − y = f (x) f ∈ Fq[x] without the terms xp, x2p, . . . genus = (deg f )(p − 1)/2

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 20 / 35

Number of points

Baby case: p-rank 0

Cf : yp − y = f (x) f ∈ Fq[x] without the terms xp, x2p, . . . genus = (deg f )(p − 1)/2 Prob(f (α) = ∞) =

• 1

α = ∞ α ∈ Fqk

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 20 / 35

Number of points

Baby case: p-rank 0

Cf : yp − y = f (x) f ∈ Fq[x] without the terms xp, x2p, . . . genus = (deg f )(p − 1)/2 Prob(f (α) = ∞) =

• 1

α = ∞ α ∈ Fqk Prob(f (α) = β) = q−d for all β = ∞

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 20 / 35

Number of points

Baby case: p-rank 0

Average number of points is p ∤ k :

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 21 / 35

Number of points

Baby case: p-rank 0

Average number of points is p ∤ k : 1 + qk

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 21 / 35

Number of points

Baby case: p-rank 0

Average number of points is p ∤ k : 1 + qk p | k :

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 21 / 35

Number of points

Baby case: p-rank 0

Average number of points is p ∤ k : 1 + qk p | k : 1 + qk + qk/p

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 21 / 35

Number of points

Ordinary Artin-Schreier covers

C : yp − y = f (x) f ∈ Fq(x) p-rank = r(p − 1) where r + 1 is the number of poles of f Need: only simple poles, genus = r(p − 1) even

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 22 / 35

Number of points

Ordinary Artin-Schreier covers

C : yp − y = f (x) f ∈ Fq(x) p-rank = r(p − 1) where r + 1 is the number of poles of f Need: only simple poles, genus = r(p − 1) even We have ordinary locus whenever the genus is even. Otherwise, the maximal p-rank is = genus− p−1

2 .

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 22 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

In order to find the distribution of the number of points as r → ∞ need to compute Prob(f (α) = β) = #Fr(α, β) #Fr where Fr is the family of rational functions over Fq with exactly r + 1 poles and Fr(α, β) = {f ∈ Fr; f (α) = β}

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 23 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

#Fr = q2r+4 H(1) ζ2

q(2) + O(q(3r+7)/2)

where H(1) =

• P
• 1 +

1 (|P| + 1)(|P|2 − 1)

• Alina Bucur (UCSD)

Curves over finite fields GeoCrypt 2013 24 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

#Fr = q2r+4 H(1) ζ2

q(2) + O(q(3r+7)/2)

where H(1) =

• P
• 1 +

1 (|P| + 1)(|P|2 − 1)

• #Fr(α, β) ∼

   q2r+4−u

H(1)(1−q−u) ζ2

q(2)(1+q−u−q−2u)

β = ∞ q2r+4−u

H(1) ζ2

q(2)(1+q−u−q−2u)

β ∈ Fqu where deg α = u.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 24 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

Average number of points over Fqk is p ∤ k :

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 25 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

Average number of points over Fqk is p ∤ k : ∼ 1 + qk

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 25 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

Average number of points over Fqk is p ∤ k : ∼ 1 + qk p | k :

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 25 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

Average number of points over Fqk is p ∤ k : ∼ 1 + qk p | k : ∼ 1 + qk + p − 1 1 + q−1 − q−2 +

• u| k

p

p − 1 1 + q−u − q−2u

• e|u

µ(e)qu/e

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 25 / 35

Number of points

Ordinary A-S covers: joint with David, Feigon, Lal´ ın, Sinha

Average number of points over Fqk is p ∤ k : ∼ 1 + qk p | k : ∼ 1 + qk + p − 1 1 + q−1 − q−2 +

• u| k

p

p − 1 1 + q−u − q−2u

• e|u

µ(e)qu/e p = k : ∼ 1 + qk + (p − 1)(qk/p + 1) 1 + q−1 − q−2 ∼ 1 + qk + (p − 1)qk/p

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 25 / 35

Number of points

Average number of points

cyclic p-fold covers of P1 : q + 1 (Kurlberg-Rudnick, Bucur-David-Feigon-Lal´ ın) Artin-Schreier covers with p-rank 0: q + 1 (exact!) plane curves: q + 1 (Bucur-David-Feigon-Lal´ ın)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 26 / 35

Number of points

Average number of points

cyclic p-fold covers of P1 : q + 1 (Kurlberg-Rudnick, Bucur-David-Feigon-Lal´ ın) Artin-Schreier covers with p-rank 0: q + 1 (exact!) plane curves: q + 1 (Bucur-David-Feigon-Lal´ ın) p-fold covers of P1: q + 2 −

1 q2+q+1 (Wood)

can have number of points → ∞ (Kurlberg-Wigman)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 26 / 35

Number of points

Average number of points

cyclic p-fold covers of P1 : q + 1 (Kurlberg-Rudnick, Bucur-David-Feigon-Lal´ ın) Artin-Schreier covers with p-rank 0: q + 1 (exact!) plane curves: q + 1 (Bucur-David-Feigon-Lal´ ın) p-fold covers of P1: q + 2 −

1 q2+q+1 (Wood)

can have number of points → ∞ (Kurlberg-Wigman)

• rdinary Artin-Schreier covers: remember previous slide?

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 26 / 35

Number of points

Average number of points

cyclic p-fold covers of P1 : q + 1 (Kurlberg-Rudnick, Bucur-David-Feigon-Lal´ ın) Artin-Schreier covers with p-rank 0: q + 1 (exact!) plane curves: q + 1 (Bucur-David-Feigon-Lal´ ın) p-fold covers of P1: q + 2 −

1 q2+q+1 (Wood)

can have number of points → ∞ (Kurlberg-Wigman)

• rdinary Artin-Schreier covers: remember previous slide?

intersection of two hypersurfaces in P3 : q + 1 − q−2(1+q−1)

1+q−2−q−5

(Bucur-Kedlaya)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 26 / 35

Distribution of zeroes

Zeroes

Fix the finite field Fq and let the genus g → ∞. ZC(u) = exp ∞

• k=1

#Cf

• Fqk

uk k

• =

PC(u) (1 − u)(1 − qu) PC(u) =

2g

• j=1

(1 − uαj(C)), αj(C) = √qe2πiθj(C) For an interval I ⊂ [−1/2, 1/2) we denote NI(C) = # {j; θj(C) ∈ I} We want to look at the statistics for NI(C).

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 27 / 35

Distribution of zeroes

Then, on average when C runs over a family F = Fg, we expect to have, as g → ∞, that NI(C) − 2g|I| σ should have a Gaussian distribution N(0; 1). This is compatible with Katz-Sarnak (taking the limit g → ∞). Known for e.g. hyperelliptic curves (Faifman-Rudnick)

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 28 / 35

Zeta zeroes for Artin-Schreier ordinary covers

More about the zeta function of Artin-Schreier covers

Cf : yp − y = f (x) The numerator is a polynomial of degree 2g that can be written as PCf (u) =

• ψ

L(u, f , ψ) where the product is taken over the non-trivial additive characters ψ of Fp. L(u, f , ψ) = exp ∞

• n=1

Sn(f , ψ)un n

• are polynomials of degree 2g/(p − 1).

Sn(f , ψ) =

• x∈P1(Fqn),f (x)=∞

ψ(trn(f (x))) where trn : Fqn → Fp.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 29 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Zeroes

L(u, f , ψ) =

• j

(1 − αj(f , ψ)u), we have that αj(f , ψ) = √qe2πiθj(f ,ψ) and θj(f , ψ) ∈ [−1/2, 1/2). For an interval I ⊂ [−1/2, 1/2), let NI(f , ψ) := #{j : θj(f , ψ) ∈ I}. Then NI(Cf ) =

p−1

• j=1

NI(f , ψj).

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 30 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Explicit formulas

We use a version of the explicit formulas due to Weil which relate a sum

• ver the zeroes of a L-function to a sum over the coefficients of the

L-function. We want a test function which detects if θj(f , ψ) ∈ I. We will use the Beurling-Selberg trigonometric polynomials which approximate well the characteristic function χI.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 31 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

• NI(f , ψ) −

2g p − 1|I| 2

Fr

leads us to consider averages of the type

• Sk1(f , ψ)Sk2(f , ¯

ψ)

• Fr .

Boils down to computing, for fixed α1, α2 of degrees u1, u2

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2)#Fr(α1, α2, β1, β2) #Fr where Fr(α1, α2, β1, β2) = {f ∈ Fr; f (α1) = β1, f (α2) = β2}

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 32 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

We expect

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2) to be 0 most of time as we run over all p-th roots of unity the same number of times.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 33 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

We expect

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2) to be 0 most of time as we run over all p-th roots of unity the same number of times. Except if

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 33 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

We expect

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2) to be 0 most of time as we run over all p-th roots of unity the same number of times. Except if p | k1, k2 and α1 ∈ Fqk1/p, α2 ∈ Fqk2/p. Then ψ(trk1 β1 − trk2 β2) = 1.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 33 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

We expect

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2) to be 0 most of time as we run over all p-th roots of unity the same number of times. Except if p | k1, k2 and α1 ∈ Fqk1/p, α2 ∈ Fqk2/p. Then ψ(trk1 β1 − trk2 β2) = 1. and Except if

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 33 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

We expect

• β1∈Fqu1 ,β2∈Fqu2

ψ(trk1 β1 − trk2 β2) to be 0 most of time as we run over all p-th roots of unity the same number of times. Except if p | k1, k2 and α1 ∈ Fqk1/p, α2 ∈ Fqk2/p. Then ψ(trk1 β1 − trk2 β2) = 1. and Except if α1 and α2 are Galois conjugates of degree u | (k1, k2). Then ψ(trk1 β1 − trk2 β2) = 1.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 33 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

It turns out that the only contributions to the main term of the second moments are those coming from α1, α2 conjugate of degree k1 = k2 = k, and those can be counted by counting the number of irreducible polynomials of degree k in Fq[X].

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 34 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Second moment - variance of Gaussian

It turns out that the only contributions to the main term of the second moments are those coming from α1, α2 conjugate of degree k1 = k2 = k, and those can be counted by counting the number of irreducible polynomials of degree k in Fq[X]. By the Prime Number Theorem, the numbers of such pairs is π(k)k2 ∼ kqk + O

• k2qk/2

. The main term is of the form

K

• k=1

ˆ I(k)2k ∼ 1 π2 log(K|I|), by properties of Beurling-Selberg polynomials.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 34 / 35

Zeta zeroes for Artin-Schreier ordinary covers

Theorem (BDFL) For any real numbers a < b and 0 < |I| < 1 either fixed or |I| → 0 while g|I| → ∞, lim

g→∞ ProbASg,g(Fqk )

 a < NI(Cf ) − 2g|I|

• 2(p−1)

π2

log (g|I|) < b   = 1 √ 2π b

a

e−x2/2dx.

Alina Bucur (UCSD) Curves over finite fields GeoCrypt 2013 35 / 35