the probability of primality of the order of a genus 2
play

The probability of primality of the order of a genus 2 curve - PowerPoint PPT Presentation

Apr 17, 2023 •28 likes •438 views

The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with Hendrik Hubrechts, Alessandra Rigato, Andrew Sutherland K.U. Leuven / M.I.T. ECC 2010, Redmond P (# Jac(genus 2 curve) is prime ) Wouter Castryck

  1. The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with Hendrik Hubrechts, Alessandra Rigato, Andrew Sutherland K.U. Leuven / M.I.T. ECC 2010, Redmond P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 1 / 41 ECC 2010, Redmond 1 / 41

  2. Contents Alternative heuristics for Galbraith-McKee (genus g = 1) 1 Adaptation to genus g = 2 2 Asymptotics for g → ∞ 3 Concluding remarks 4 P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 2 / 41 ECC 2010, Redmond 2 / 41

  3. g=1 (slides 2–16) The genus 1 case: Galbraith-McKee conjecture Let F q be a finite field of char ≥ 5. Let E : y 2 = x 3 + Ax + B be a random elliptic curve. I.e., ( A , B ) is taken from the set � 4 A 3 + 27 B 2 � = 0 ( A , B ) ∈ F 2 � � � q uniformly at random. Let N E = # E ( F q ) . Question: what is P ( N E is prime ) ? Motivation: cryptography. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 3 / 41 ECC 2010, Redmond 3 / 41

  4. g=1 (slides 2–16) The distribution of N E Hasse’s theorem: N E ∈ [ q + 1 − 2 √ q , q + 1 + 2 √ q ] . Let’s rescale this a bit. . . Trace of Frobenius: T E = q + 1 − N E ∈ [ − 2 √ q , 2 √ q ] . Normalized trace of Frobenius: t E = T E / 2 √ q ∈ [ − 1 , 1 ] . Birch, Yoshida, Katz-Sarnak: t E tends to follow a semicircular distribution, i.e. � b 2 1 − t 2 dt . q →∞ P ( a ≤ t E ≤ b ) = � lim π a a b P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 4 / 41 ECC 2010, Redmond 4 / 41

  5. g=1 (slides 2–16) The distribution of N E A histogram of 100.000 curves y 2 = x 3 + Ax + B over F 7 5 , with interval width 15. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 5 / 41 ECC 2010, Redmond 5 / 41

  6. g=1 (slides 2–16) Subtleties The limit dissolves the discrete nature of N E (or T E ). Same experiment, but now interval width 1: This doesn’t seem to converge to a semicircle very ‘smoothly’ (lots of peaks and valleys). Gaps at T E ≡ 0 mod 7 (supersingular curves). P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 6 / 41 ECC 2010, Redmond 6 / 41

  7. g=1 (slides 2–16) Subtleties The limit dissolves the discrete nature of N E (or T E ). Same experiment, but now interval width 1: This doesn’t seem to converge to a semicircle very ‘smoothly’ (lots of peaks and valleys). Gaps at T E ≡ 0 mod 7 (supersingular curves). P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 7 / 41 ECC 2010, Redmond 7 / 41

  8. g=1 (slides 2–16) Subtleties Easy fact (not very well-known): q →∞ P ( N E is even ) = 2 lim 3 . Proof: The completing-the-cube map { square-free x 3 + ax 2 + bx + c } → { square-free x 3 + Ax + B } is uniform. Thus we may assume that E is defined by y 2 = f ( x ) for a random square-free f ( x ) = x 3 + ax 2 + bx + c . N E is even ⇔ E ( F q ) has 2-torsion ⇔ f ( x ) is reducible. The irreducible f ( x ) are precisely the minimal polynomials of all θ ∈ F q 3 \ F q , and the correspondence is 3-to-1. Thus 3 ( q 3 − q ) 1 q 3 − O ( q 2 ) = 1 q →∞ P ( f ( x ) is irreducible ) = lim lim 3 . � q →∞ P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 8 / 41 ECC 2010, Redmond 8 / 41

  9. g=1 (slides 2–16) Subtleties Lenstra: in general, we have � � if q �≡ 1 mod ℓ � 1 P ( ℓ | N E ) − ℓ − 1 = 0 lim if q ≡ 1 mod ℓ ℓ q →∞ ℓ 2 − 1 for any prime number ℓ not dividing q . Thus: P ( ℓ | N E ) > 1 ℓ ≪ q = ⇒ ℓ . This suggests that P ( N E is prime ) is smaller than one would naively expect. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 9 / 41 ECC 2010, Redmond 9 / 41

  10. g=1 (slides 2–16) Galbraith-McKee conjecture Let’s try to quantify this (assume q = p is prime): Heuristically (but in fact wrong! ∼ Mertens’ theorem), ℓ − 1 1 P 1 ( p ) = P ( random number is prime ) ≈ � ≈ log p . ℓ ℓ ≤√ p + 1 Using Lenstra’s estimates, heuristically (‘equally wrong’), ℓ 2 − ℓ − 1 ℓ − 2 P 2 ( p ) = P ( N E is prime ) ≈ � � ℓ − 1 · . ℓ 2 − 1 ℓ ∤ p − 1 ℓ | p − 1 ℓ ≤ √ p + 1 ℓ ≤ √ p + 1 So: ℓ 2 − ℓ − 1 ℓ − 2 P 2 ( p ) � ℓ − 1 · � ℓ ∤ p − 1 ℓ | p − 1 ℓ 2 − 1 P 1 ( p ) ≈ . ℓ − 1 � ℓ ℓ P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 10 / 41 ECC 2010, Redmond 10 / 41

  11. g=1 (slides 2–16) Galbraith-McKee conjecture Rearranging terms gives: Conjecture (Galbraith-McKee, 2000): Let c p = 2 � 1 � � 1 � � � 3 · 1 − · 1 + , ( ℓ − 1 ) 2 ( ℓ + 1 )( ℓ − 2 ) ℓ | p − 1 , ℓ> 2 ℓ> 2 then p →∞ ( P 2 ( p ) / P 1 ( p ) − c p ) = 0 . lim c p ∈ [ 0 . 44 , 0 . 62 ] . Galbraith & McKee give a different heuristic argument! They use an analytic Hurwitz-Kronecker class number formula counting equivalence classes of bivariate quadratic forms with given discriminant. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 11 / 41 ECC 2010, Redmond 11 / 41

  12. g=1 (slides 2–16) Random matrices Let gcd ( n , q ) = 1. To an elliptic curve E / F q we can associate its n -torsion subgroup � nP = ∞ E [ n ] = P ∈ E � � � � � F q . It is well-known that E [ n ] ∼ = Z / ( n ) × Z / ( n ) . Let ( P , Q ) be a Z / ( n ) -module basis of E [ n ] , and let σ : E [ n ] → E [ n ] be q th power Frobenius. Then we can write P σ = [ α ] P + [ β ] Q , Q σ = [ γ ] P + [ δ ] Q . Fact: the matrix � α � β ∈ ( Z / ( n )) 2 × 2 γ δ has trace ≡ T E mod n and determinant ≡ q mod n . P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 12 / 41 ECC 2010, Redmond 12 / 41

  13. g=1 (slides 2–16) Random matrices Choosing another basis yields a GL 2 ( Z / ( n )) -conjugated matrix. Thus we can unambiguously associate to E a conjugacy class F E of matrices of Frobenius (all having trace T E and determinant q ). Let M q ⊂ GL 2 ( Z / ( n )) be the set of matrices of determinant q . Quasi-theorem: Let F be a conjugacy class of matrices of determinant q. Then � ≤ C n 2 � � � P ( F E = F ) − # F � � √ q . � � # M q This is likely to follow from: Chebotarev’s density theorem applied to X ( n ) → X ( 1 ) (in progress) Katz-Sarnak equidistribution as elaborated by Achter, currently modulo some hypotheses. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 13 / 41 ECC 2010, Redmond 13 / 41

  14. g=1 (slides 2–16) Example 1 What proportion of elliptic curves satisfies E [ ℓ ] ⊂ E ( F q ) ? E [ ℓ ] ⊂ E ( F q ) if and only if E [ ℓ ] has a basis consisting of F q -rational points P and Q . Thus: if and only if �� 1 �� 0 F E = . 0 1 By the random matrix theorem, the chance that this happens is �� �� 1 0 # 0 1 ≈ . # M q # M q = ℓ 3 − ℓ (exercise). Thus 1 P ( E [ ℓ ] ⊂ E ( F q )) ≈ ℓ 3 − ℓ. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 14 / 41 ECC 2010, Redmond 14 / 41

  15. g=1 (slides 2–16) Example 2 Alternative proof of q →∞ P ( N E is even ) = 2 lim 3 . There are 6 elements of ( Z / ( 2 )) 2 × 2 having determinant q ≡ 1: � � � � � � � � � � � � 1 0 1 1 1 0 0 1 1 1 0 1 , , , , , . 0 1 0 1 1 1 1 0 1 0 1 1 4 of them have trace 0. P ( N E is even ) = P ( q + 1 − T E is even ) = P ( T E is even ) = 4 / 6. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 15 / 41 ECC 2010, Redmond 15 / 41

  16. g=1 (slides 2–16) Example 2 More generally: let ℓ be a prime number not dividing q . Exercise: # { M ∈ M q | q + 1 − Tr ( M ) ≡ 0 } � ℓ 2 + ℓ if q �≡ 1 mod ℓ = if q ≡ 1 mod ℓ . ℓ 2 Recall: # M q = ℓ 3 − ℓ . Hence we recover Lenstra’s result: � ℓ 2 + ℓ if q �≡ 1 mod ℓ 1 ℓ 3 − ℓ = P ( ℓ | N E ) ≈ ℓ − 1 ℓ 2 if q ≡ 1 mod ℓ . ℓ ℓ 3 − ℓ = ℓ 2 − 1 P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 16 / 41 ECC 2010, Redmond 16 / 41

  17. Contents Alternative heuristics for Galbraith-McKee (genus g = 1) 1 Adaptation to genus g = 2 2 Asymptotics for g → ∞ 3 Concluding remarks 4 P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 17 / 41 ECC 2010, Redmond 17 / 41

  18. g=2 (slides 18–34) The genus 2 case Let F q be a finite field of char ≥ 3. Let H : y 2 = f ( x ) be a random genus 2 curve. I.e., f ( x ) is taken from either H 6 = { f ( x ) ∈ F q [ x ] | f ( x ) monic, square-free, of degree 6 } or H 5 = { f ( x ) ∈ F q [ x ] | f ( x ) monic, square-free, of degree 5 } uniformly at random. These are distinct notions! Let N H = # Jac ( H )( F q ) . Question: what is P ( N H is prime ) ? Motivation: cryptography. P (# Jac(genus 2 curve) is prime ) Wouter Castryck (K.U. Leuven / M.I.T.) 18 / 41 ECC 2010, Redmond 18 / 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

-primality and asymptotic -primality on numerical semigroups. Computation and properties

-primality and asymptotic -primality on numerical semigroups. Computation and properties

-primality and asymptotic -primality on numerical semigroups. Computation and properties J.I. Garc a-Garc a M.A. Moreno-Fr as A. Vigneron-Tenorio Departament of Mathematics University of C adiz. Spain International

411 views • 23 slides
Objectives Quadratic Residues Primality Testing: Solovay Strassen Algorithm Computing

Objectives Quadratic Residues Primality Testing: Solovay Strassen Algorithm Computing

The RSA Cryptosystem: Primality Testing Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Quadratic Residues Primality Testing:

526 views • 13 slides
MA/CSSE 473 Day 9 Primality Testing Encryption Intro MA/CSSE 473 Day 09 Quiz

MA/CSSE 473 Day 9 Primality Testing Encryption Intro MA/CSSE 473 Day 09 Quiz

MA/CSSE 473 Day 9 Primality Testing Encryption Intro MA/CSSE 473 Day 09 Quiz Announcements Exam coverage Student questions Review: Randomized Primality Testing. Miller Rabin test Generation of large prime numbers

261 views • 10 slides
Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with

Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with

Genus Video Module Genus video module is a Drupal 7 module that allows a website to interact with the Genus media streaming server and stream videos rather than traditional progressive download. This documentation is a self-explanatory guide that

279 views • 7 slides
The local limit of uniform triangulations in high genus Thomas Budzinski (joint work with

The local limit of uniform triangulations in high genus Thomas Budzinski (joint work with

The local limit of uniform triangulations in high genus Thomas Budzinski (joint work with Baptiste Louf) ENS Paris and Universit Paris Saclay 2019, March 6th UBC probability seminar Thomas Budzinski High genus triangulations Motivations

491 views • 30 slides
MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for

MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for

MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for primality Pick positive integers a 1 , a 2 , , a k < N at random N 1 1 (mod N) For each a i , check for a i Use the Miller

262 views • 10 slides
Random maps with unconstrained genus Thomas Budzinski Joint work with Nicolas Curien and Bram

Random maps with unconstrained genus Thomas Budzinski Joint work with Nicolas Curien and Bram

Random maps with unconstrained genus Thomas Budzinski Joint work with Nicolas Curien and Bram Petri ENS Paris July 16th 2019 Saint-Flour Probability Summer School Thomas Budzinski Random maps with unconstrained genus General maps A rooted

318 views • 20 slides
How do you measure primality? Christopher ONeill Texas A&M University

How do you measure primality? Christopher ONeill Texas A&M University

How do you measure primality? Christopher ONeill Texas A&M University coneill@math.tamu.edu Joint with Thomas Barron and Roberto Pelayo September 26, 2014 Christopher ONeill (Texas A&M University) How do you measure primality?

1.1k views • 73 slides
Sampling of probability measures in the convex order and approximation of Martingale Optimal

Sampling of probability measures in the convex order and approximation of Martingale Optimal

Introduction Sampling in the convex order The dimension 1 case Sampling in the convex order in higher dimensions Numerical results Sampling of probability measures in the convex order and approximation of Martingale Optimal Transport problems

641 views • 37 slides
Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine GEOCRYPT 2013 Deterministic Primality Proving In joint work with Alex Abatzoglou, Drew Sutherland, and Angela Wong, we give necessary and

726 views • 44 slides
Probability and Computation K. Sutner Carnegie Mellon University Order Statistics 1 Circuit

Probability and Computation K. Sutner Carnegie Mellon University Order Statistics 1 Circuit

Probability and Computation K. Sutner Carnegie Mellon University Order Statistics 1 Circuit Evaluation Yaos Minimax Principle More Randomized Algorithms * Rank and Order 3 Let U be some ordered universe such as the

617 views • 50 slides
Eigenvalue equation for genus two modular graphs Anirban Basu HRI, Allahabad April 16, 2019

Eigenvalue equation for genus two modular graphs Anirban Basu HRI, Allahabad April 16, 2019

Brief introduction The genus two four graviton amplitude in type II string theory Modular graph functions for the D 8 R 4 term Varying the Beltrami differentials The eigenvalue equation for some modular graphs Eigenvalue equation for genus two

1.66k views • 149 slides
Fluctuations of Real Random Matrices and Second-Order Freeness Emily Redelmeier March 8, 2012

Fluctuations of Real Random Matrices and Second-Order Freeness Emily Redelmeier March 8, 2012

Introduction Genus Expansion Asymptotic Freeness Fluctuations of Real Random Matrices and Second-Order Freeness Emily Redelmeier March 8, 2012 Emily Redelmeier Second-Order Freeness Introduction Genus Expansion Asymptotic Freeness

1.4k views • 125 slides
The genus of regular languages and other ideas from low-dimensional topology Florian Deloup

The genus of regular languages and other ideas from low-dimensional topology Florian Deloup

A short overview of topology and languages interactions Introduction Crash course on regular languages Genus of a regular language Genus and size The genus of regular languages and other ideas from low-dimensional topology Florian Deloup

891 views • 72 slides
Unit 2: Probability and distributions Lecture 1: Probability and conditional probability

Unit 2: Probability and distributions Lecture 1: Probability and conditional probability

Unit 2: Probability and distributions Lecture 1: Probability and conditional probability Statistics 101 Thomas Leininger May 21, 2013 Announcements Announcements 1 Probability 2 Randomness Defining probability Law of large numbers

1.36k views • 76 slides
MA/CSSE 473 Day 10 Primality testing summary Data Encryption RSA MA/CSSE 473 Day 10

MA/CSSE 473 Day 10 Primality testing summary Data Encryption RSA MA/CSSE 473 Day 10

MA/CSSE 473 Day 10 Primality testing summary Data Encryption RSA MA/CSSE 473 Day 10 Student questions? Next Session, come prepared to discuss the interview with Donald Knuth (read it if you have not already done so linked from

221 views • 6 slides
Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1 , 2 1 Department of Computer Science, University College London, 2 Systemic Risk Centre, London School of Economics and Political Sciences

762 views • 27 slides
Data-based Strategies to Low-resource MT Graham Neubig Site

Data-based Strategies to Low-resource MT Graham Neubig Site

CS11-737 Multilingual NLP Data-based Strategies to Low-resource MT Graham Neubig Site http://demo.clab.cs.cmu.edu/11737fa20/ Many slides from: Xia, Mengzhou, et al. "Generalized data augmentation for low-resource translation." ACL

487 views • 26 slides
The Future of Spreadsheets in in the Big ig Data Era David Birch 1* , David Lyford-Smith 2 &

The Future of Spreadsheets in in the Big ig Data Era David Birch 1* , David Lyford-Smith 2 &

The Future of Spreadsheets in in the Big ig Data Era David Birch 1* , David Lyford-Smith 2 & Yike Guo 1 1 Data Science Institute, Imperial College London 2 ICAEW IT Faculty * david.birch@imperial.ac.uk @verifyveracity 20/07/2017 2 The

513 views • 37 slides
The Probabilistic Method Week 12: P vs NP Joshua Brody CS49/Math59 Fall 2015 Reading Quiz

The Probabilistic Method Week 12: P vs NP Joshua Brody CS49/Math59 Fall 2015 Reading Quiz

The Probabilistic Method Week 12: P vs NP Joshua Brody CS49/Math59 Fall 2015 Reading Quiz Which of the following is not a factor or term in the space complexity of the ( , ) -approximation for F 2 we saw last week? (A) log(n) (B)

564 views • 10 slides
Linguistically-Enriched Models for Bulgarian-to-English Machine Translation Rui Wang DFKI GmbH,

Linguistically-Enriched Models for Bulgarian-to-English Machine Translation Rui Wang DFKI GmbH,

Linguistically-Enriched Models for Bulgarian-to-English Machine Translation Rui Wang DFKI GmbH, Germany (collaboration with Petya Osenova and Kiril Simov, BAS-IICT, Bulgaria) 2 SSST-6, Jeju, Korea 7/12/12 In a Nutshell Bulgarian

294 views • 28 slides
DOWNTOWN MANCHESTER WELCOMING TRANSFORMATION WELCOMING TRANSFORMATION 1 05/06/2019 Downtown

DOWNTOWN MANCHESTER WELCOMING TRANSFORMATION WELCOMING TRANSFORMATION 1 05/06/2019 Downtown

05/06/2019 DOWNTOWN MANCHESTER WELCOMING TRANSFORMATION WELCOMING TRANSFORMATION 1 05/06/2019 Downtown Manchester The heart of the Manchester Community +/- Mile from end to end 200+ Current Businesses 1.5 million sf

620 views • 24 slides
APAN30 Event Committee Meeting Date : 12 August 2010 Venue and Time : Melia Hotel, Hanoi,

APAN30 Event Committee Meeting Date : 12 August 2010 Venue and Time : Melia Hotel, Hanoi,

APAN30 Event Committee Meeting Date : 12 August 2010 Venue and Time : Melia Hotel, Hanoi, 0900 1030 hrs Chair : Akira Mizushima (representing Denis F. Vilorente) Vice-Chair : Yasuichi Kitamura Participants : APAN

454 views • 3 slides
Dreams and Visions . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . .

Dreams and Visions . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . .

. .. .. . . .. . . .. . . .. . . . . . .. . . .. . . .. . . .. . Dreams and Visions . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Figure: Josephs Dream,

327 views • 7 slides

More recommend