COMPLEX MULTIPLICATION OF ABELIAN SURFACES Proefschrift ter verkrijging van de graad van Doctor aan de Universiteit Leiden, op gezag van Rector Magnificus prof. mr. P.F. van der Heijden, volgens besluit van het College voor Promoties te verdedigen op dinsdag 1 juni 2010 klokke 15:00 uur door Theodorus Cornelis Streng geboren te IJsselstein in 1982 Samenstelling van de promotiecommissie: Promotor prof. dr. Peter Stevenhagen Overige leden prof. dr. Gunther Cornelissen (Universiteit Utrecht) prof. dr. Bas Edixhoven prof. dr. David R. Kohel (Universit´e de la M´editerran´ee) prof. dr. Hendrik W. Lenstra Jr. dr. Ronald van Luijk Complex multiplication of abelian surfaces Marco Streng Marco Streng Complex multiplication of abelian surfaces ISBN-13 / EAN: 978-90-5335-291-5 AMS subj. class.: 11G15, 14K22 NUR: 921 (cid:13)c Marco Streng, Leiden 2010 [email protected] Typeset using LaTeX Printed by Ridderprint, Ridderkerk Asteroids, of which a screen shot is shown on page 188, is due to Atari, 1979. The cover illustration shows the complex curve C : y2 = x5+1 in the coordinates (Rex,Imx,Rey). Its Jacobian J(C) is an abelian surface with complex multiplication by Z[ζ ] induced by the curve automor- 5 phism ζ :(x,y)(cid:55)→(ζ x,y). The colored curves are the real locus of C 5 5 and its images under (cid:104)ζ (cid:105). The illustration was created using Sage [70] 5 and Tachyon. Contents Contents 5 Introduction 9 I Complex multiplication 17 1 Kronecker’s Jugendtraum . . . . . . . . . . . . . . . . . 17 2 CM-fields . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3 CM-types . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4 Complex multiplication . . . . . . . . . . . . . . . . . . 21 5 Complex abelian varieties . . . . . . . . . . . . . . . . . 23 5.1 Complex tori and polarizations . . . . . . . . . . 23 5.2 Ideals and polarizations . . . . . . . . . . . . . . 24 5.3 Another representation of the ideals . . . . . . . 27 6 Jacobians of curves . . . . . . . . . . . . . . . . . . . . 28 7 The reflex of a CM-type . . . . . . . . . . . . . . . . . 30 8 The type norm . . . . . . . . . . . . . . . . . . . . . . . 32 9 The main theorem of complex multplication . . . . . . 33 10 The class fields of quartic CM-fields . . . . . . . . . . . 35 II Computing Igusa class polynomials 39 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 39 2 Igusa class polynomials . . . . . . . . . . . . . . . . . . 41 2.1 Igusa invariants . . . . . . . . . . . . . . . . . . . 42 2.2 Alternative definitions . . . . . . . . . . . . . . . 43 3 Abelian varieties with CM . . . . . . . . . . . . . . . . 44 3.1 The general algorithm . . . . . . . . . . . . . . . 45 3.2 Quartic CM-fields . . . . . . . . . . . . . . . . . 46 3.3 Implementation details. . . . . . . . . . . . . . . 47 4 Symplectic bases . . . . . . . . . . . . . . . . . . . . . . 49 4.1 A symplectic basis for Φ(a) . . . . . . . . . . . . 49 6 Contents 4.2 A symplectic basis for (z,b) . . . . . . . . . . . . 51 5 The fundamental domain of the Siegel upper half space 52 5.1 The genus-1 case . . . . . . . . . . . . . . . . . . 52 5.2 The fundamental domain for genus two . . . . . 55 5.3 The reduction algorithm for genus 2 . . . . . . . 57 5.4 Identifying points on the boundary . . . . . . . . 62 6 Bounds on the period matrices . . . . . . . . . . . . . . 64 6.1 The bound on the period matrix . . . . . . . . . 64 6.2 A good pair (z,b) . . . . . . . . . . . . . . . . . 65 7 Theta constants . . . . . . . . . . . . . . . . . . . . . . 67 7.1 Igusa invariants in terms of theta constants . . . 68 7.2 Bounds on the theta constants . . . . . . . . . . 70 7.3 Evaluating Igusa invariants . . . . . . . . . . . . 72 7.4 Evaluating theta constants . . . . . . . . . . . . 74 8 The degree of the class polynomials . . . . . . . . . . . 76 9 Denominators . . . . . . . . . . . . . . . . . . . . . . . 76 9.1 The bounds of Goren and Lauter . . . . . . . . . 77 9.2 The bounds of Bruinier and Yang. . . . . . . . . 80 9.3 Counterexample to a conjectured formula . . . . 82 10 Recovering a polynomial from its roots . . . . . . . . . 82 10.1 Polynomial multiplication . . . . . . . . . . . . . 82 10.2 Recovering a polynomial from its roots. . . . . . 84 10.3 Recognizing rational coefficients . . . . . . . . . 86 11 The algorithm . . . . . . . . . . . . . . . . . . . . . . . 87 III The irreducible components of the CM locus 91 1 The moduli space of CM-by-K points . . . . . . . . . . 92 2 The irreducible components of CM . . . . . . . . . 92 K,Φ 3 Computing the irreducible components . . . . . . . . . 94 4 The CM method . . . . . . . . . . . . . . . . . . . . . . 98 5 Double roots . . . . . . . . . . . . . . . . . . . . . . . . 101 IV Abelian varieties with prescribed embedding degree 105 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 105 2 Weil numbers yielding prescribed embedding degrees . 107 3 Performance of the algorithm. . . . . . . . . . . . . . . 112 4 Constructing abelian varieties with given Weil numbers 117 5 Numerical examples . . . . . . . . . . . . . . . . . . . . 119 Contents 7 V Abelian surfaces with p-rank 1 123 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 123 2 Characterization of abelian surfaces with p-rank one . . 125 3 Existence of suitable Weil numbers . . . . . . . . . . . 127 4 The algorithms. . . . . . . . . . . . . . . . . . . . . . . 130 5 Constructing curves with given Weil numbers . . . . . 136 6 A sufficient and necessary condition . . . . . . . . . . . 137 7 Factorization of class polynomials mod p . . . . . . . . 141 8 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Appendix 145 1 The Fourier expansion of Igusa invariants . . . . . . . . 147 2 An alternative algorithm for enumerating CM varieties 151 2.1 Reduced pairs (z,b) . . . . . . . . . . . . . . . . 151 2.2 Real quadratic fields . . . . . . . . . . . . . . . . 153 2.3 Analysis of Algorithm 2.5 . . . . . . . . . . . . . 156 2.4 Generalization of Spallek’s formula . . . . . . . . 157 3 Experimental results . . . . . . . . . . . . . . . . . . . 159 3.1 Good absolute Igusa invariants . . . . . . . . . . 159 3.2 Asymptotics of bit sizes . . . . . . . . . . . . . . 163 Bibliography 167 List of notation 177 Index of terms 179 Index of people 182 Nederlandse samenvatting 185 1 Priemgetallen . . . . . . . . . . . . . . . . . . . . . . . 185 2 Een probleem uit de getaltheorie . . . . . . . . . . . . . 185 3 De oplossing . . . . . . . . . . . . . . . . . . . . . . . . 186 4 Een variant op het probleem . . . . . . . . . . . . . . . 187 5 Fietsbanden . . . . . . . . . . . . . . . . . . . . . . . . 188 6 Elliptische krommen . . . . . . . . . . . . . . . . . . . . 189 7 Pinpassen en slimme prijskaartjes . . . . . . . . . . . . 190 8 Dubbele donuts . . . . . . . . . . . . . . . . . . . . . . 192 9 Wat staat er in dit proefschrift? . . . . . . . . . . . . . 192 Dankwoord / Acknowledgements 195 Curriculum vitae 197 Introduction The theory of complex multiplication makes it possible to construct certain class fields and abelian varieties. The main theme of this thesis is making these constructions explicit for the case where the abelian varieties have dimension 2. Elliptic curves over finite fields One-dimensionalabelianvarietiesareknownaselliptic curves,whichin most cases can be represented as a curve in the (x,y)-plane given by y2 =x3+ax+b (0.1) for some choice of parameters a, b in a field k. Elliptic curves come with a natural (abelian) group law, which can be described completely geometrically. Intherepresentation(0.1),theunitelementofthegroupisanextra point O at infinity, and three points P,Q,R satisfy P +Q+R = O in the group if and only if they are collinear. For k = R, this looks as follows. P P +Q Q R The group law can be given by algebraic equations, and we can define elliptic curves over any field k. If k has characteristic different from 2 and3,whichweassumefromnowonforsimplicity,thenthisisdoneby takingaandbink. Ifwedothisforafinite fieldk,thenthegroupE(k) 10 Introduction ofpointsdefinedoverk isfinite. Indeed,thenumberofelements#E(k) of E(k) can be computed simply by testing for every x-coordinate in k whether x3+ax+b is a square in k. If the order q = #k of k gets large, then this method of point countingtakestoomuchtime. However,therearefastermethodsbased on the properties of the Frobenius endomorphism F : (x,y) (cid:55)→ (xq,yq) of E. The points in E(k) are exactly those points over an algebraic closure of k that are left invariant by F. In particular, they are the points in the kernel of the endomorphism (F −id), where subtraction takesplaceintheringofendomorphisms End(E)ofE. Itisknownthat F is (as an element of the endomorphism ring) a root of a quadratic Weil polynomial f =X2−tX+q ∈Z[X], (0.2) and that we have #E(k)=deg(F −id)=f(1)=q+1−t. √ ThetraceofFrobenius tisboundedinsizeby|t|≤2 q,andindicatesto whichextent#E(k)differsfromthenumberq+1ofpointsonastraight line. Schoof realized in 1985 that the reductions (tmodl) at small primesl canbecomputedbylookingattheactionofF onthel-torsion points of E, and that this allows one to compute the number t, and therefore #E(k), efficiently. This yields a polynomial time algorithm that, for large q, is much faster than the exponential time method of direct point counting. Cryptography Suppose one has a finite group G in which the group operation can be efficiently implemented, but the discrete logarithm problem is thought to be hard. This means that given x,y ∈ G, finding an integer m such that y =xm holds is hard. Then the Diffie-Hellman key exchange protocolfrom1976allowsonetoagreeuponacryptographickeyinsuch a way that eavesdroppers, who intercept the entire communication, are believed to be unable to derive the key from it. The original example of such a group G is the unit group G=k∗ for a prime finite field k = F . Index calculus methods like the number field sieve provide a sub- p exponential method for solving the discrete logarithm problem in k∗. To protect the protocol against this algorithm until the year 2030, it is generally recommended to use primes p of over 3000 bits. As for G = k∗, the group order of G = E(k) for an elliptic curve E is of size approximately #k = q. However, it seems that the dis- crete logarithm problem for the group E(k) is harder, as 35 years of
Description: