ebook img

The distribution of the number of points modulo an integer on elliptic curves over finite fields PDF

0.28 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The distribution of the number of points modulo an integer on elliptic curves over finite fields

The distribution of the number of points modulo 9 an integer on elliptic curves over finite fields 0 0 2 Wouter Castryck and Hendrik Hubrechts r a M 9 March 2009 9 ] Abstract T N Let Fq be a finite field and let b and N be integers. We study the probabilitythatthenumberofpointsonarandomlychosenellipticcurve . h E over Fq equals b modulo N. We prove explicit formulas for the cases t gcd(N,q) = 1 and N = char(Fq). In the former case, these formulas a follow from a random matrix theorem for Frobenius acting on the N- m torsionpartofE,obtainedbyapplyingdensityresultsduetoChebotarev [ to the modular covering X(N) X(1). As an additional application to → thistheorem,weestimatetheprobability thatarandomly chosenelliptic 2 v curvehas a point of order precisely N. 2 3 1 Introduction 3 4 . If one writes the number of rational points on an elliptic curve E over a finite 2 0 field Fq as q +1 T, then the integer T is called the trace of Frobenius of − 9 E. Hasse proved that T [ 2√q,2√q], but within this interval the trace of 0 Frobenius is an unpredicta∈ble−number, seemingly picked at random. Since the : v 1960’s,its statistical behaviour has become subject to extensive study. i To make the problem well-defined, the best-known approach is to fix an X elliptic curveE overanumber fieldK,andto consideritmodulo variousprime r a ideals p K of good reduction. Based on experimental evidence, Sato and ⊂ O Tate conjecturally described how the traces of Frobenius of E mod p are — after being normalized by 2 N(p) — distributed along [ 1,1]. See [5] for the − details and an introduction to the recent progress on this subject. p Another approach is to fix the finite field F , and to consider all F -isomor- q q phism classes of elliptic curves E over it. Their traces of Frobenius T define E a discrete probability measure µq on 2√q ,..., 2√q . As above, one can {−⌊ ⌋ ⌊ ⌋} normalizeto obtaina distribution µ˜ on[ 1,1]. Birch[4] and Deligne [7, 3.5.7] q − provedresultsonthelimitbehaviourofµ˜ asqtendstoinfinity,therebylending q support for the Sato-Tate conjecture. However, not all is said with this: some remarkableproperties, relatedto the discrete nature of µ , become dissolvedin q the limit procedure. As an introductory exercise, the reader is invited to show 1 that when q is odd, T favours even numbers. This is related to the fact that E a randomly chosen cubic polynomial f(x) F [x] has a rational root with a q ∈ probabilitythattends to 2 asq getsbig. This phenomenonillustratesthe more 3 general fact that for any positive integer N, the probability that #E(F ) = q q+1 T is divisible by N tends to be strictly biggerthan 1. Lenstrawasthe − E N firstto observethis, andprovedin[19]explicit estimates inthe situationwhere N is a prime number different from p = char(F ), by using modular curves. q His work wasgeneralizedto arbitraryN by Howe [14], andhas implications for integer factorization [19] and cryptography [10]. In this paper,we further generalizeLenstra’swork. For anarbitraryinteger N 2andt 0,1,...,N 1 ,writeP (t)fortheprobabilitythatT modN q,N E ≥ ∈{ − } equals t. We prove Theorem 1 Write N = pmℓn11ℓn22···ℓnrr where the ℓi are pairwise distinct primes different from p. (i) If gcd(N,p)=1, then P converges to a multiplicative arithmetic func- q,N tion in N, i.e. r ql→im∞ Pq,N(t)− Pq,ℓnii(t mod ℓnii)!=0. (1) gcd(q,N)=1 i=1 Y If N =ℓn for a prime ℓ=p, then there is an explicitly described function 6 ϕ:Z Z for which → ϕ(t2 4q) lim P (t) − =0. q→∞ q,N − ℓ3n ℓ3n−2 gcd(q,N)=1(cid:18) − (cid:19) In case ℓ 3 and n = 1 we have ϕ : x ℓ2 + x ℓ, where · is the ≥ 7→ ℓ · Legendre symbol. See Section 4 for the definition of ϕ in the general case. (cid:0) (cid:1) (cid:0) (cid:1) (ii) If N =p, then 1 lim P (0)=0 and lim P (t)= if t=0. k→∞ pk,N k→∞ pk,N p 1 6 − Explicit error terms are given in Section 4 and Section 5. Note that if N is an arbitrary pth-power pn (n 1), then (ii) trivially ≥ implies lim P (t) = 0 whenever t 0 mod p. Numerical experiments k→∞ pk,N ≡ suggest that the other traces are again evenly distributed: 1 lim P (t)= if t 0 mod p. k→∞ pk,N pn pn−1 6≡ − This can be made rigorous for t = 1, following Howe [14, Theorem 1.1] and ± usingquadratictwisting. Ournumericalexperimentsalsosuggestthattheinde- pendenceexpressedin(1)extendstoarbitraryN,i.e. includingp N. Together, | 2 this would give a complete description of the distribution of T mod N (as q E tends to infinity). The case gcd(N,p) = 1 is obtained from an equidistribution theorem on matrices of Frobenius acting on the N-torsion group E[N] of E. Recall that E[N]=Z Z , where Z abbreviates Z/(NZ). Then the qth-power Frobe- ∼ N ⊕ N N nius action on E[N] determines a unique GL (Z )-conjugacy class of ma- 2 N E F trices having determinant q. Denote the subset of GL (Z ) consisting of all 2 N matrices of determinant q by . Then the theorem reads: q M Theorem 2 Fix aconjugacy class GL (Z ) of matrices of determinant q. 2 N F ⊂ Let E be a uniformly randomly chosen F -isomorphism class of elliptic curves q over F . Let P be the probability that = . Then q F E F F # N2 P F C , F (cid:12) − #Mq(cid:12)≤ · √q (cid:12) (cid:12) where C R is an absolu(cid:12)te and explic(cid:12)itly computable constant. ∈ >0 (cid:12) (cid:12) In other words, if q gets big, a Frobenius conjugacy class becomes as likely as its own relative size. See Section 3 for more details on the constant C. In its above form, Theorem 2 seems new and fits in the randommatrix phi- losophythatdominatesnowadaysresearchonthestatisticalbehaviourofFrobe- nius, both in the Sato-Tate setting (fixed curve, varying field) as in the Birch- Delignesetting(fixedfield,varyingcurve). ThiswasinitializedbyDeligne,who obtained his above-mentioned result as a consequence to an equidistribution theorem in ´etale cohomology. The random matrix idea has proven to provide well-working models for higher genus analogues of the Frobenius distribution problem [17, 18], although many statements remain conjectural. We refer to the book by Katz and Sarnak [17] for more details. This book also contains a refinement of Deligne’s equidistribution theorem [17, 9.7] which was used by Achter to provea variantof Theorem 2 that works in arbitrarygenus [2, Theo- rem3.1]. However,Achter’sresulthasaworseerrorboundandimposescertain weak restrictions on q and N. Our attention will be devotedto a more elemen- tary approach,based on the modular coveringX(N) X(1) and (parts of the → proof of) Chebotarev’s density theorem for function fields. As anadditionalapplicationtoTheorem2, weinvestigatethe probabilityof a point of prescribed order coprime to q. Theorem 3 LetN 2beanintegercoprimetoq,andwriteN =ℓn1ℓn2 ℓnr, ≥ 1 2 ··· r wheretheℓ arepairwise distinct primes. LetE beauniformly randomlychosen i F -isomorphism class of elliptic curves over F . WriteP′(N) for the probability q q q that E has a point of order N. Then (i) P′ converges to a multiplicative arithmetic function, i.e. q r lim P′(N) P′(ℓni) =0. q→∞ q − q i ! gcd(q,N)=1 i=1 Y 3 (ii) If ℓ = p is a prime number, q and n 1 are integers with q 0modℓ 0 0 6 ≥ 6≡ and ν is the ℓ-adic valuation of q 1, then 0 − lim P′(ℓn) θ =0, q→∞ q − ℓn q≡q0modℓn (cid:0) (cid:1) whereθ equals1/(ℓn ℓn−2)ifν nand(ℓ2ν+1+1)/(ℓn+2ν+1 ℓn+2ν−1) ℓn − ≥ − in the other cases. An explicit error term is given in Section 6. It is worthremarking that severalquestions related to Theorem 1 and The- orem 3 were already posed by Gekeler in the weaker set-up where F is a large q prime field that has to be chosen at random; he studied the distribution of Frobeniustraces[11]andvariousprobabilitiessuchasE[ℓ∞](F )havingagiven q structure or E(F ) being cyclic [12, 13]. The latter probability has also been q studied by Vlˇadu¸t in caseF is fixed [21], using Howe’s work. Still for F fixed, q q Galbraith and McKee conjecturally estimated the probability that E(F ) is a q prime number [10]. Achter and Sadornil studied the chance that E has a given number of rational isogenies of given prime degree emanating from it [3]. For higher genus curves C/F , Achter gave explicit estimates for the chance that q Jac(C)[N](F ) has a given structure [1, 2], and Chavdarov proved that the nu- q merator of the zeta function Z (T) is generically irreducible [6]. C Thearticleisorganizedasfollows. Section2recallsthenecessarybackground on modular curves, Section 3 contains the proof of Theorem 2 and we use this inSection4todeduceTheorem1forthe casegcd(N,p)=1. Section5contains theproofforthecaseN =p. Finally,Section6containstheproofofTheorem3. We also include an Appendix, which recalls certain facts about twisting, and which discusses some disambiguations on what is meant by a randomly chosen elliptic curve. The authors are very grateful to Hendrik W. Lenstra for his suggestion to consider Chebotarev’s density theorem for the proof of Theorem 2. 2 Background on modular curves An implicit reference for this section are the lecture notes by Deligne and Rapoport [8] and the earlier work by Igusa [15, 16] on which these build. Let F be the finite prime field with p elements, and let N be a positive p integer, coprime to p. Fix a primitive Nth-root of unity ζ F . Consider all N p ∈ triplets (E,P,Q), where E denotes an elliptic curve over F , and P,Q E[N] p ∈ satisfy e (P,Q)=ζ . Here N N e :E[N] E[N] Nth-roots of unity N × →{ } is the Weil pairing, see [20, III. 8]. Two triplets (E,P,Q) and (E′,P′,Q′) are § called equivalent if there exists an F -isomorphism E E′ mapping P to P′ p → and Q to Q′. As a special instance, using multiplication by 1, we have that − (E,P,Q) is equivalent to (E, P, Q). − − 4 The set of equivalence classes of such triplets can be given the structure of a nonsingular affine curve Y(N). Note that Y(1) merely parameterizes elliptic curves by their j-invariant; it has the structure of the affine line A1. The nonsingular completion of Y(N) is called the modular curve of level N and is denoted by X(N). In particular, X(1) can be identified with P1. The natural covering Y(N) A1 :(E,P,Q) j(E) → 7→ extends to analgebraicmorphismψ :X(N) P1, which is Galois,with Galois → group PSL (Z ). On Y(N) this group acts through 2 N α β (E,P,Q)=(E,αP +βQ,γP +δQ). (2) γ δ !· The morphism ψ is ramified at (and only at) j = 0,1728, . The genus of ∞ X(N) equals 1+#PSL (Z ) (N 6)/12N. 2 N · − The construction of Y(N) primarily provides a model that is defined over F (ζ ). To remedy this, one repeats the above construction for all primitive p N Nth-roots of unity. The union again parameterizes triplets (E,P,Q) modulo equivalence, but now one only imposes that (P,Q) is a basis of E[N]. Up to tensoringwithF (ζ ),thisunioniswhatDeligneandRapoportdenotebyM0 . p N N It is a reducible scheme decomposing into ϕ(N) copies of Y(N). Similar to (2), we have an action of α 0 H = α Z× GL (Z ) ( 0 1!(cid:12) ∈ N) ⊂ 2 N (cid:12) (cid:12) on M0N ⊗Fp(ζN) which connects t(cid:12)(cid:12)hese components horizontally: every orbit (E,P,Q) contains a unique point of each component. The quotient under { } this actioncan thus be identified with Y(N), and realizes it as a curve overthe fixed field F (ζ )detH, where α detH acts on F (ζ ) as ζ ζα. Hence it p N ∈ p N N 7→ N realizes Y(N) as a curve over F . As a consequence, X(N) is defined over F , p p and this also accounts for the morphism X(N) X(1). → From now on, let F F be the finite field with q elements, and consider q p ⊃ X(N)asacurveoverF . Thenitisendowedwithaqth-powerFrobenius action q Σ, where some cautionis needed in describing it explicitly. Let σ Gal(F ,F ) q q ∈ be the usual qth-power Frobenius automorphism. Then the map (E,P,Q) 7→ (Eσ,Pσ,Qσ) is not well-defined on Y(N), as it does not preserve the Weil pairing. However, the H-orbit of (Eσ,Pσ,Qσ) contains a unique representant on which the Weil pairing acts properly, and this is Σ(E,P,Q)=(Eσ,q−1Pσ,Qσ). (3) Weendbycommentingonthealgebraicsideoftheabovestory,whilstfixing notation. The coordinate ring R of Y(1) (over F ) equals F [j], in which the q q formalvariablej canbeseenasauniversalj-invariant. Itsfieldoffractionswill be denoted by K, while the function field of Y(N) (over F ) will be denoted q 5 by L. The morphism X(N) X(1) corresponds to a field extension K L, → ⊂ which is normal and separable with Galois group PSL (Z ). We will write g 2 N L for the genus of L, which is 1+[L : K] (N 6)/12N. The integral closure of · − R in L can be identified with the coordinate ring of Y(N), and will be denoted by S. Here is a summarizing diagram: F [j] = R K = F (j) q q ⊂ ∩ ∩ F [Y(N)] = S L = F (Y(N)). q q ⊂ From now on, an elliptic curve with j-invariant j F will always be denoted 0 q ∈ by E . j0 3 The distribution of Frobenius matrices We will now prove Theorem 2, by applying density results due to Chebotarev tothemodularcoveringX(N) X(1). Ourmainreferencefortheproofofthe → Chebotarev density theorem is [9, Section 5.4]. Let j F . A triplet = (E ,P,Q) on the modular curve Y(N) corre- 0 ∈ q E j0 sponds to a maximal ideal m in S F . Define P := m S, which can E q E E ⊗ ∩ be viewed as a closed point of Y(N) as an F -scheme. Suppose that P is q E unramified over K, which is equivalent to the condition j = 0,1728. As ex- 0 6 plained in [9, Section 5.2] we can associate to P its Frobenius automorphism E L/K Gal(L/K). With p :=P R this automorphism is uniquely deter- PE ∈ E E ∩ hminediby the condition L/K x xN(pE) modP , for all x S. E P ≡ ∈ (cid:20) E (cid:21) We note that j F implies that p = (j j ) and hence N(p ) = q. Geo- 0 q E 0 E ∈ − metrically, the above condition means that if (E ,P ,Q ),(E ,P ,Q ),...,(E ,P ,Q ) { j0 1 1 j0 2 2 j0 degPE degPE } isthe setofpointsofY(N)(maximalidealsofS F )aboveP ,then L/K ⊗ q E PE ∈ PSL2(ZN) permutes this set, in the same manner as Σ does. If P′ ishanotiher prime idealof S abovep , we have that the Frobenius automorphism L/K is E P′ conjugated to L/K . The Artin symbol h i PE h i L/K p (cid:18) E (cid:19) of p is then defined as the conjugacy class of L/K in Gal(L/K). We can E PE now formulate our main tool. h i 6 Lemma 1 Choose τ Gal(L/K)=PSL (Z ). Let A denote the set of points ∈ ∼ 2 N = (E ,P,Q) Y(N) for which j F 0,1728 and L/K = τ. Then we E j0 ∈ 0 ∈ q\{ } PE have h i #A q (4[L:K]+4g +2) √q. L − ≤ · We postpone the pr(cid:12)oof to t(cid:12)he end of this section. Now recall that Y(N) pa- (cid:12) (cid:12) rameterizestriplets(E ,P,Q)uptoF -isomorphism,whereasweareinterested j0 q in triplets up to F -isomorphism. Using that all j F 0,1728 correspond q 0 q ∈ \{ } to two elliptic curves over F (related to each other by quadratic twisting, see q Corollary 3 in the Appendix below), we get the following result. Corollary 1 Suppose N > 2. Choose F GL (Z ) such that detF = q. Let 2 N ∈ B denote the set of triplets (E ,P,Q) up to F -isomorphism for which j0 q (i) E is an elliptic curve over F with j-invariant j =0,1728, j0 q 0 6 (ii) the points P,Q E [N] satisfy e (P,Q)=ζ , and ∈ j0 N N (iii) the matrix of qth-power Frobenius on E [N] with respect to the basis j0 (P,Q) equals F. Then we have #B q (4[L:K]+4g +2) √q. L − ≤ · Proof. Let τ PS(cid:12)L (Z )(cid:12)and suppose that T SL (Z ) reduces to τ mod ∈ (cid:12) 2 N (cid:12) ∈ 2 N Id . Every point = (E ,P,Q) Y(N) for which j F 0,1728 and {± } E j0 ∈ 0 ∈ q \{ } L/K =τ, correspondsuptoF -isomorphismto preciselytwotriplets,namely PE q h(Ej0,Pi,Q) and its quadratic twist. Their qth-power Frobenius matrices differ by sign and are equal to q 0 T GL (Z ) 2 N ± 0 1!· ∈ (see (3) and the discussion preceding Lemma 1). Conversely,if we start with a triplet (E ,P,Q) B, we find j0 ∈ −1 q 0 F PSL (Z ) 2 N ± 0 1! · ∈ as the Frobenius automorphism L/K Gal(L/K) associated to the point PE ∈ Eth=e p(rEevj0io,Pus,Qle)m∈mYa((Nfo)r.aTnhaipspirnodhpurciaesteiachboijieccetioofnτb).etween B and the set A o(cid:3)f Note 1 If N = 2, then Id = Id in GL (Z ). Therefore (E ,P,Q) and its − 2 N j0 quadratic twist correspond to the same Frobenius matrix, so we have #B = 2#A. In the proof of Theorem 4 below, this is compensated by the fact that #SL (Z ) = 2#PSL (Z ) if N > 2, whereas #SL (Z ) = #PSL (Z ) if 2 N 2 N 2 N 2 N N =2. 7 We can now state and prove our main theorem. Theorem 4 Denote with the subset of GL (Z ) of matrices with determi- q 2 N M nant q, and let be a GL (Z )-conjugacy class in this set. Let E represent F 2 N j0 a uniformly randomly chosen F -isomorphism class of elliptic curves over F , q q and let GL (Z ) be the conjugacy class determined by the action of FEj0 ⊂ 2 N qth-power Frobenius on E [N]. The probability P that = satisfies j0 F FEj0 F # # 1 23 PF F F (4[L:K]+4gL+2) + . (cid:12) − #Mq(cid:12) ≤ #Mq √q q (cid:12) (cid:12) Theestim(cid:12)(cid:12)ateintheth(cid:12)(cid:12)eoremiseasilyseentobe (N2q−1/2),whichgivesan O ideaabouthowlargeq hastobewithrespecttoN inordertofindameaningful result. Proof. We suppose N > 2 (see Note 1 for the case N = 2). The set W of (F -isomorphism classes of) elliptic curves over F has 2q +δ elements, with q q 0 δ 22 depending on the finite field F ; see Corollary 3 in the Appendix q ≤ ≤ below. Denote with V W the set of elliptic curves E for which = . ⊂ j0 FEj0 F By Corollary 3, V contains at most ǫ 24 elliptic curves with j-invariant 0 or ≤ 1728, and all other curves in V correspond to #PSL (Z ) tuples (E ,P,Q) 2 N j0 (with e (P,Q) = ζ ) up to F -isomorphism. Combined with the definition of N N q B from Corollary 1, this gives the equality (#V ǫ) #PSL (Z )=#B # . 2 N − · · F Now we can compute P as follows: F #V #B # ǫ PF = = · F + . #W (2q+δ)#PSL (Z ) 2q+δ 2 N A first estimate of this probability is then # #B 12 F F . P − #SL (Z ) q+δ/2 ≤ q (cid:12) 2 N (cid:18) (cid:19)(cid:12) (cid:12) (cid:12) Using Corollary 1 and(cid:12) # =#SL (Z ) this imp(cid:12)lies (cid:12) Mq 2 N (cid:12) # q 12 # 1 F + F (4[L:K]+4g +2) . F L (cid:12)P − #Mq (cid:18)q+δ/2(cid:19)(cid:12)≤ q #Mq (cid:18) √q(cid:19) (cid:12) (cid:12) Notin(cid:12)g that # # and(cid:12) (cid:12) q (cid:12) F ≤ M q δ 1 , − q+δ/2 ≤ 2q (cid:12) (cid:12) (cid:12) (cid:12) we finally arrive at (cid:12) (cid:12) (cid:12) (cid:12) # 12+δ/2 # 1 F F + F (4[L:K]+4gL+2) , (cid:12)P − #Mq(cid:12)≤ q #Mq (cid:18) √q(cid:19) (cid:12) (cid:12) (cid:12) (cid:12) (cid:12) (cid:12) 8 which concludes the proof. (cid:3) We will now prove Lemma 1. Our proof essentially uses the proof of the Chebotarev density theorem for function fields as given in Section 5.4 of [9]. We remarkthatTheorem4 seems notto followfromthe density theoremitself; we really need parts of its proof. The reason is that the Frobenius matrix (up to sign) corresponding to a point = (E ,P,Q) Y(N) and the Frobenius E j0 ∈ automorphism in PSL (Z ) associated to the prime ideal P S are only 2 N E ⊂ related through multiplication by q 0 H, 0 1!∈ which tears the conjugacy classes apart when q 1modN. In general, there 6≡ is no bijection between the conjugacy classes of Frobenius automorphisms and theconjugacyclassesofFrobeniusmatrices. Notethatifq 1modN thenthe ≡ above matrix becomes the identity, and it is indeed possible to use the Cheb- otarev density theorem rather directly. Proof of Lemma 1. We denote with P(L) the set of prime ideals of S which are unramified over K, and let P(K) be the set of prime ideals of R. For P P(L) we write p :=P R, the R-ideal below P. The conjugacy class of P ∈ ∩ τ PSL (Z ) will be denoted by . Define 2 N τ ∈ M L/K C (L/K, ):= p P(K) = ; deg(p)=1 . 1 Mτ ∈ p Mτ (cid:26) (cid:12) (cid:18) (cid:19) (cid:27) (cid:12) Note that the condition deg(p) = 1 i(cid:12)s equivalent to the associated j-invariant (cid:12) living in F . Let q L/K D (L/K,τ):= P P(L) =τ; p C (L/K, ) . 1 ∈ P P ∈ 1 Mτ (cid:26) (cid:12) (cid:20) (cid:21) (cid:27) (cid:12) If we look at [9, Proposition 5.16](cid:12)and particularly the formulas (15),(16) and (cid:12) (17)appearinginits proof,wefindwithd=[K :F (j)]=1,n=k =1,g =0 q K and m=[L:K] that # 2g +1 τ L #C (L/K, ) M q # 4+2 √q. (4) 1 τ τ M − [L:K] · ≤ M · [L:K] · (cid:12) (cid:12) (cid:18) (cid:19) (cid:12) (cid:12) From[9(cid:12),Lemma5.9(b)]withC′ =C ((cid:12)L/K, )andhenceD′(τ)=D (L/K,τ) (cid:12) 1 1(cid:12) Mτ 1 1 we see that ord(τ) #C (L/K, )=# #D (L/K,τ). 1 τ τ 1 M M · [L:K] · We insert this in equation (4) and divide by # : τ M ord(τ) q 2g +1 L #D (L/K,τ) 4+2 √q. (5) 1 [L:K] · − [L:K] ≤ [L:K] · (cid:12) (cid:12) (cid:18) (cid:19) (cid:12) (cid:12) (cid:12) (cid:12) (cid:12) (cid:12) 9 From [9, Lemma 5.9(a)] it follows that the number of points =(E ,P,Q) E j0 ∈ Y(N) with m lying above some fixed P D (L/K,τ) equals ord(τ), so that E 1 our lemma follows from (5), after multiply∈ing both sides with [L:K]. (cid:3) 4 The distribution of Frobenius traces mod N Let F be a finite field with q elements, take t Z and let N 2 be an integer q ∈ ≥ coprimetoq. UsingTheorem4,wewillestimatetheprobabilitythatarandomly chosenellipticcurveoverF hastraceofFrobeniuscongruenttotmoduloN. A q firstobservationisthatthisprobabilityconvergestoamultiplicativearithmetic function. Indeed, if N =A B with A and B coprime, then we have anobvious · isomorphism GL (Z ) = GL (Z ) GL (Z ), and this bijection respects the 2 N ∼ 2 A ⊕ 2 B sets of matrices with determinant q and trace t (modulo N resp. A and B). Therefore, in order to make the formulas not too complicated, we will confine ourselves to N =ℓn, where ℓ is a prime that does not divide q. It is easy to verify that #SL (Z )=ℓ3n−2(ℓ2 1). With α Z 0 , we 2 ℓn ℓn − ∈ \{ } definethevaluationord(α)astheℓ-adicvaluationofαembeddedinZ,whereas we will put ord(0) = + . Let for ℓ 3 the map ϕ : Z Z be defined as ∞ ≥ → ϕ=ψ χ,whereχ:Z Z isthenaturalprojectionandψ :Z Zisgiven ℓn ℓn ◦ → → by ℓ2n+ℓ2n−1 if ∆ is a nonzero square, ℓ2n+ℓ2n−1 2ℓ2n−k2−1 if ∆ is no square, k :=ord(∆) is even, − ∆7→ℓℓ22nn++ℓℓ22nn−−11−(ℓℓ32n+−11)ℓ2n−k+23 iiff k∆:==o0radn(∆d)nisisoedvde,n, − We referℓt2ont+heℓ2enn−d1o−fℓth3ni2−s1section for thife∆de=fin0itaionndonfiϕs oinddc.ase ℓ=2. Theorem 5 Let F , t and ℓn be as above and define ∆ :=t2 4q. Let E be a q t − uniformly randomly chosen F -isomorphism class of elliptic curves over F , and q q let T be its trace of Frobenius. The probability P(t) that T t mod ℓn satisfies ≡ ϕ(∆ ) 4[L:K]+4g +2 √q+23 P(t) t L = (ℓ2nq−21). − ℓ3n ℓ3n−2 ≤ ℓn ℓn−1 · q O (cid:12) − (cid:12) − (cid:12) (cid:12) He(cid:12)re [L : K] = #PSL(cid:12) (Z ) and g = 1+[L : K](ℓn 6)/(12ℓn) as in (cid:12) (cid:12)2 ℓn L − Section 2. Note that this theorem implies that P(t) ϕ(∆ )/(ℓ3n ℓ3n−2) for t → − q under the restriction that q stays in a single congruence class modulo → ∞ ℓn. Before proving Theorem 5, we discuss some corollaries. The number of rational points on an elliptic curve E over F with trace of Frobenius T equals q q+1 T. Hence we can estimate the probability that ℓn #E(F ) by applying q − | Theorem 5 with t = q+1. Note that then t2 4q (q 1)2 modℓn. Using − ≡ − this, we partly recover the results of Howe [14]. 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.