Pierrick Dartois

2024-07-22

Abstract:Dimension 4 isogenies have first been introduced in cryptography for the cryptanalysis of Supersingular Isogeny Diffie-Hellman (SIDH) and have been used constructively in several schemes, including SQIsignHD, a derivative of SQIsign isogeny based signature scheme. Unlike in dimensions 2 and 3, we can no longer rely on the Jacobian model and its derivatives to compute isogenies. In dimension 4 (and higher), we can only use theta-models. Previous works by Romain Cosset, David Lubicz and Damien Robert have focused on the computation of $\ell$-isogenies in theta-models of level $n$ coprime to $\ell$ (which requires to use $n^g$ coordinates in dimension $g$). For cryptographic applications, we need to compute chains of $2$-isogenies, requiring to use $\geq 3^g$ coordinates in dimension $g$ with state of the art algorithms. In this paper, we present algorithms to compute chains of $2$-isogenies between abelian varieties of dimension $g\geq 1$ with theta-coordinates of level $n=2$, generalizing a previous work by Pierrick Dartois, Luciano Maino, Giacomo Pope and Damien Robert in dimension $g=2$. We propose an implementation of these algorithms in dimension $g=4$ to compute endomorphisms of elliptic curve products derived from Kani's lemma with applications to SQIsignHD and SIDH cryptanalysis. We are now able to run a complete key recovery attack on SIDH when the endomorphism ring of the starting curve is unknown within a few seconds on a laptop for all NIST SIKE parameters.

Cryptography and Security,Algebraic Geometry

Jintai Ding,Chengdong Tao

2014-01-01

Abstract:In this paper, we propose a new algorithm for solving the general approximate common divisors (GACD) problems, which is based on lattice reduction algorithms on certain special lattices and linear equation solving algorithms over integers. Through both theoretical arguments and experimental data, we show that our new algorithm works in polynomial time but under roughly the following condition: – There is a positive integer t such that γ + η t + t H + ρ < η; – We have more than t GACD samples. or equivalently – H(η − ρ) − 4(γ + η) > 0 – We have more than t = d √ H2(η−ρ)2−4H(γ+η) 2 e GACD samples. Here γ, η and ρ are parameters describing a GACD problem, H = 1/ log2 F and F is the Hermite Factor. In our experiments, H is shown to be roughly 40 when using the LLL reduction algorithm and it should be around 80 when using Deep or BKZ algorithms. We show how our algorithm can be applied to attack the fully homomorphic encryption schemes which are based on the general approximate common divisors problem and its limitations.

Qirui Li,Andreas Mihatsch

2024-08-29

Abstract:We formulate Guo--Jacquet type fundamental lemma conjectures and arithmetic transfer conjectures for inner forms of $GL_{2n}$. Our main results confirm these conjectures for division algebras of invariant $1/4$ and $3/4$.

Number Theory,Algebraic Geometry,Representation Theory

Chao Chen,Fangguo Zhang,Chang-an Zhao

DOI: https://doi.org/10.1016/j.jisa.2023.103546

IF: 4.96

2023-07-09

Journal of Information Security and Applications

Abstract:Isogeny-based cryptography has been the hotspot in recent years owing to its resistance to quantum computing attacks. Unfortunately, efficiency is the main bottleneck that limits its cryptographic applications. Inspired by the efficient implementations of Kummer lines, we formalize the isogenies on Kummer lines. In particular, we derive the explicit formulae of distinct 2-isogenies, consisting of several transforms between different Kummer lines, followed by some appealing isomorphic properties. As an additional contribution, we establish the formulae of odd-degree isogenies and show that 3-isogenies can be decomposed into three similar operations. Furthermore, with appropriate optimizations, we present the algorithms of computing the 2-isogenies over Fp with the ability to obtain the images simultaneously. For the setup of Verifiable Delay Functions and Delay Encryptions, our method reduces the number of operations with the potential of more compact schemes.

computer science, information systems

Johannes Buchmann,Daniel Cabarcas,Jintai Ding,Mohamed Saied Emam Mohamed

DOI: https://doi.org/10.1007/978-3-642-12678-9_5

2010-01-01

Abstract:Recent developments in multivariate polynomial solving algorithms have made algebraic cryptanalysis a plausible threat to many cryptosystems. However, theoretical complexity estimates have shown this kind of attack unfeasible for most realistic applications. In this paper we present a strategy for computing Gröbner basis that challenges those complexity estimates. It uses a flexible partial enlargement technique together with reduced row echelon forms to generate lower degree elements–mutants. This new strategy surpasses old boundaries and obligates us to think of new paradigms for estimating complexity of Gröbner basis computation. The new proposed algorithm computed a Gröbner basis of a degree 2 random system with 32 variables and 32 equations using 30 GB which was never done before by any known Gröbner bases solver.

Dihua Jiang,Zhaolin Li

2024-01-06

Abstract:Let $\mathbb{A}$ be the ring of adeles of a number field $k$ and $\pi$ be an irreducible cuspidal automorphic representation of $\mathrm{GL}_n(\mathbb{A})$. In the previous work of the first author with Zhilin Luo, they introduced $\pi$-Schwartz space $\mathcal{S}_\pi(\mathbb{A}^\times)$ and $\pi$-Fourier transform $\mathcal{F}_{\pi,\psi}$ with a non-trivial additive character $\psi$ of $k\backslash\mathbb{A}$, proved the associated Poisson summation formula over $\mathbb{A}^\times$, based on the Godement-Jacquet theory for the standard $L$-functions $L(s,\pi)$, and provided interesting applications. In this paper, in addition to the further development of the local theory, we found two global applications. First, we find a Poisson summation formula proof of the Voronoi summation formula for $\mathrm{GL}_n$ over a number field, which was first proved by A. Ichino and N. Templier. Then we introduce the notion of the Godement-Jacquet kernels $H_{\pi,s}$ and their dual kernels $K_{\pi,s}$ for any irreducible cuspidal automorphic representation $\pi$ of $\mathrm{GL}_n(\mathbb{A})$ and show that $H_{\pi,s}$ and $K_{\pi,1-s}$ are related by the nonlinear $\pi_\infty$-Fourier transform if and only if $s\in\mathbb{C}$ is a zero of $L_f(s,\pi_f)=0$, the finite part of the standard automorphic $L$-function $L(s,\pi)$, which are the $(\mathrm{GL}_n,\pi)$-versions of a Clozel's Theorem, where the Tate kernel with $n=1$ and $\pi$ the trivial character are considered.

Number Theory

Matthew Hase-Liu,Nicholas Triantafillou

DOI: https://doi.org/10.48550/arXiv.1709.02442

2017-09-08

Abstract:In this paper, we present efficient algorithms for computing the number of points and the order of the Jacobian group of a superelliptic curve over finite fields of prime order p. Our method employs the Hasse-Weil bounds in conjunction with the Hasse-Witt matrix for superelliptic curves, whose entries we express in terms of multinomial coefficients. We present a fast algorithm for counting points on specific trinomial superelliptic curves and a slower, more general method for all superelliptic curves. For the first case, we reduce the problem of simplifying the entries of the Hasse-Witt matrix modulo p to a problem of solving quadratic Diophantine equations. For the second case, we extend Bostan et al.'s method for hyperelliptic curves to general superelliptic curves. We believe the methods we describe are asymptotically the most efficient known point-counting algorithms for certain families of trinomial superelliptic curves.

Number Theory

Nilanjan Bag,Stephan Baier,Anup Haldar

2024-06-18

Abstract:In this paper, we develop a method of evaluating general exponential sums with rational amplitude functions for multiple variables which complements works by T. Cochrane and Z. Zheng on the single variable case. As an application, for $n\geq 2$, a fixed natural number, we obtain an asymptotic formula for the (weighted) number of solutions of quadratic congruences of the form $x_1^2+x_2^2+...+x_n^2\equiv x_{n+1}^2\bmod{p^m}$ in small boxes, thus establishing an equidistribution result for these solutions.

Number Theory

Céline Maistret,Andrew Sutherland

2024-05-28

Abstract:We present an efficient algorithm to compute the Euler factor of a genus 2 curve C/Q at an odd prime p that is of bad reduction for C but of good reduction for the Jacobian of C (a prime of ``almost good'' reduction). Our approach is based on the theory of cluster pictures introduced by Dokchitser, Dokchitser, Maistret, and Morgan, which allows us to reduce the problem to a short, explicit computation over Z and Fp, followed by a point-counting computation on two elliptic curves over Fp, or a single elliptic curve over Fp^2. A key feature of our approach is that we avoid the need to compute a regular model for C. This allows us to efficiently compute many examples that are infeasible to handle using the algorithms currently available in computer algebra systems such as Magma and Pari/GP.

Number Theory

Weiying Guo,Arun Ram

DOI: https://doi.org/10.48550/arXiv.2104.02942

2021-04-07

Abstract:The paper compares (and reproves) the alcove walk and the nonattacking fillings formulas for type $GL_n$ Macdonald polynomials which were given in Haglund-Haiman-Loehr <a class="link-https" data-arxiv-id="math.CO/0601693" href="https://arxiv.org/abs/math.CO/0601693">arXiv:math.CO/0601693</a>, Alexandersson <a class="link-https" data-arxiv-id="1602.05153" href="https://arxiv.org/abs/1602.05153">arXiv:1602.05153</a> and Ram-Yip <a class="link-https" data-arxiv-id="0803.1146" href="https://arxiv.org/abs/0803.1146">arXiv:0803.1146</a>. The "compression" relating the two formulas in this paper is the same as that of Lenart <a class="link-https" data-arxiv-id="0804.4716" href="https://arxiv.org/abs/0804.4716">arXiv:0804.4716</a>. We have reformulated it so that it holds without conditions and so that the proofs of the alcove walk formula and the nonattacking fillings formula are parallel. This reformulation highlights the role of the double affine Hecke algebra and Cherednik's intertwiners. An exposition of the type $GL_n$ double affine braid group, double affine Hecke algebra, and all definitions and proofs regarding Macdonald polynomials are provided to make this paper self contained.

Combinatorics,Representation Theory

Yueke Hu,Ian Petrow,Matthew P. Young

2024-11-09

Abstract:We develop generalized Petersson/Bruggeman/Kuznetsov (PBK) formulas for specified local components at non-archimedean places. In fact, we introduce two hypotheses on non-archimedean test function pairs $f \leftrightarrow \pi(f)$, called geometric and spectral hypotheses, under which one obtains `nice' PBK formulas by the adelic relative trace function approach. Then, given a supercuspidal representation $\sigma$ of ${\rm PGL}_2(\mathbb{Q}_p)$, we study extensively the case that $\pi(f)$ is a projection onto the line of the newform if $\pi$ is isomorphc to $\sigma$ or its unramified quadratic twist, and $\pi(f) = 0$ otherwise. As a first application, we prove an optimal large sieve inequality for families of automorphic representations that arise in our framework.

Number Theory

Sumin Leem,Michael Jacobson,Renate Scheidler

2024-01-30

Abstract:We present two new algorithms for solving norm equations over global function fields with at least one infinite place of degree 1 and no wild ramification. The first of these is a substantial improvement of a method due to Gaál and Pohst, while the second approach uses index calculus techniques and is significantly faster asymptotically and in practice. Both algorithms incorporate compact representations of field elements which results in a significant gain in performance compared to the Gaál-Pohst approach. We provide Magma implementations, analyze the complexity of all three algorithms under varying asymptotics on the field parameters, and provide empirical data on their performance.

Number Theory

Lei Huang

2010-01-01

Abstract:This paper presents a conception for computing gr\"{o}bner basis. We convert some of gr\"{o}bner-computing algorithms, e.g., F5, extended F5 and GWV algorithms into a special type of algorithm. The new algorithm's finite termination problem can be described by equivalent conditions, so all the above algorithms can be determined when they terminate finitely. At last, a new criterion is presented. It is an improvement for the Rewritten and Signature Criterion.

Hao Wu,Song-Yan Xie

2023-11-18

Abstract:First, we show that every complex torus $\mathbb{T}$ contains some entire curve $g: \mathbb{C}\rightarrow \mathbb{T}$ such that the concentric holomorphic discs $\{g\restriction_{\overline{\mathbb D}_{r}}\}_{r>0}$ can generate all the Nevanlinna/Ahlfors currents on $\mathbb T$ at cohomological level. This confirms an anticipation of Sibony. Developing further our new method, we can construct some twisted entire curve $f: \mathbb{C}\rightarrow \mathbb{CP}^1\times E$ in the product of the rational curve $\mathbb{CP}^1$ and an elliptic curve $E$, such that, concerning Siu's decomposition, demanding any cardinality $|J|\in \mathbb{Z}_{\geqslant 0}\cup \{\infty\}$ and that $\mathcal{T}_{\mathrm{diff}}$ is trivial ($|J|\geqslant 1$) or not ($|J|\geqslant 0$), we can always find a sequence of concentric holomorphic discs $\{f\restriction_{\overline{\mathbb D}_{r_j}}\}_{j \geqslant 1}$ to generate a Nevanlinna/Ahlfors current $\mathcal{T}=\mathcal{T}_{\mathrm{alg}}+\mathcal{T}_{\mathrm{diff}}$ with the singular part $\mathcal{T}_{\mathrm{alg}}=\sum_{j\in J} \,\lambda_j\cdot[\mathsf C_j]$ in the desired shape. This fulfills the missing case where $|J|=0$ in the previous work of Huynh-Xie. By a result of Duval, each $\mathsf C_j$ must be rational or elliptic. We will show that there is no a priori restriction on the numbers of rational and elliptic components in the support of $\mathcal{T}_{\mathrm{alg}}$, thus answering a question of Yau and Zhou. Moreover, we will show that the positive coefficients $\{\lambda_j\}_{j\in J}$ can be arbitrary as long as the total mass of $\mathcal{T}_{\mathrm{alg}}$ is less than or equal to $1$. Our results foreshadow striking holomorphic flexibility of entire curves in Oka geometry, which deserves further exploration.

Complex Variables,Dynamical Systems

Zhi-Wei Sun

2024-11-22

Abstract:In this paper we establish some new results similar to Lagrange's four-square theorem. For example, we prove that any integer $n>1$ can be written $w(5w+1)/2+x(5x+1)/2+y(5y+1)/2+z(5z+1)/2$ with $w,x,y,z\in\mathbb Z$. Here we state two general results: (1) If $a$ and $b$ are odd integers with $a>0$, $b>-a$ and $\gcd(a,b)=1$, then all sufficient large integers can be written as $$\frac{w(aw+b)}2+\frac{x(ax+b)}2+\frac{y(ay+b)}2+\frac{z(az+b)}2$$ with $w,x,y,z$ nonnegative integers. (2) If $a$ and $b$ are integers with $a>0$, $b>-a$, $2\mid a$ and $\gcd(a,b)=1$, then all sufficient large integers can be written as $$w(aw+b)+x(ax+b)+y(ay+b)+z(az+b)$$ with $w,x,y,z$ nonnegative integers.

Number Theory

Patience Ablett

DOI: https://doi.org/10.48550/arXiv.2112.03400

2021-12-07

Abstract:Recent work of Schenck, Stillman and Yuan <a class="link-https" data-arxiv-id="2011.10871" href="https://arxiv.org/abs/2011.10871">arXiv:2011.10871</a> outlines all possible Betti tables for Artin Gorenstein algebras $A$ with regularity($A$) = 4 = codim($A$). We populate the second half of this list with examples of stable curves, and ask if there are further possible constructions. The problem of deformation between curves with the same Hilbert series but different Betti tables is ongoing work, but our work solves one case: a deformation (due to Jan Stevens) between a reducible curve corresponding to Betti table type 2.7 in <a class="link-https" data-arxiv-id="2011.10871" href="https://arxiv.org/abs/2011.10871">arXiv:2011.10871</a> and the curve obtained as the intersection of a del Pezzo surface of degree 5 and a cubic hypersurface.

Algebraic Geometry

Melissa Emory,Malors Espinosa-Lara,Debanjana Kundu,Tian An Wong

2024-04-16

Abstract:In the early 2000's, R. Langlands proposed a strategy called Beyond Endoscopy to attack the principle of functoriality, which is one of the central questions of present day mathematics. A first step was achieved by A. Altug who worked with the group $GL(2,\mathbb{Q})$ in a series of three papers. We generalize the first part of this result to a class of totally real number fields. In particular, we cancel the contribution of the trivial and special representations to the trace formula using an additive Poisson summation on the regular elliptic terms.

Number Theory,Representation Theory

Matteo Longo,Maria Rosaria Pati,Stefano Vigni

2024-12-03

Abstract:Our main result in this article is a proof (under mild technical assumptions) of an analogue for $p$-adic Galois representations attached to a newform $f$ of even weight $k\geq4$ of Kolyvagin's conjecture on the $p$-indivisibility of derived Heegner points on elliptic curves, where $p$ is a prime number that is ordinary for $f$. Our strategy, which is inspired by work of W. Zhang in weight $2$, is based on a variant for modular forms of the congruence method originally introduced by Bertolini-Darmon to prove one divisibility in the anticyclotomic Iwasawa main conjecture for rational elliptic curves. We adapt to higher (even) weight modular forms this approach via congruences, building crucially on results of Wang on the indivisibility of Heegner cycles over Shimura curves. Then we offer an application of our results on Kolyvagin's conjecture to the Tamagawa number conjecture for the motive of $f$ and describe other (standard) consequences on structure theorems for Bloch-Kato-Selmer groups, $p$-parity results and converse theorems for $f$. Since in the present paper we need $p>k+1$, our main theorem and its applications can be viewed as complementary to results obtained by the first and third authors in their article on the Tamagawa number conjecture for modular motives, where Kolyvagin's conjecture was proved (in a completely different way exploiting the arithmetic of Hida families) under the assumption that $k$ is congruent to $2$ modulo $2(p-1)$, which forces $p<k$. In forthcoming work, we will use results contained in this paper to prove (under analogous assumptions) the counterpart for an even weight newform $f$ of Perrin-Riou's Heegner point main conjecture for elliptic curves ("Heegner cycle main conjecture" for $f$).

Number Theory,Algebraic Geometry

Kim-Manuel Klein,Janina Reuter

2023-11-27

Abstract:The Euclidean algorithm is one of the oldest algorithms known to mankind. Given two integral numbers $a_1$ and $a_2$, it computes the greatest common divisor (gcd) of $a_1$ and $a_2$ in a very elegant way. From a lattice perspective, it computes a basis of the sum of two one-dimensional lattices $a_1 \mathbb{Z}$ and $a_2 \mathbb{Z}$ as $\gcd(a_1,a_2) \mathbb{Z} = a_1 \mathbb{Z} + a_2 \mathbb{Z}$. In this paper, we show that the classical Euclidean algorithm can be adapted in a very natural way to compute a basis of a general lattice $L(a_1, \ldots , a_m)$ given vectors $a_1, \ldots , a_m \in \mathbb{Z}^n$ with $m> \mathrm{rank}(a_1, \ldots ,a_m)$. Similar to the Euclidean algorithm, our algorithm is very easy to describe and implement and can be written within 12 lines of pseudocode. While the Euclidean algorithm halves the largest number in every iteration, our generalized algorithm halves the determinant of a full rank subsystem leading to at most $\log (\det B)$ many iterations, for some initial subsystem $B$. Therefore, we can compute a basis of the lattice using at most $\tilde{O}((m-n)n\log(\det B) + mn^{\omega-1}\log(||A||_\infty))$ arithmetic operations, where $\omega$ is the matrix multiplication exponent and $A = (a_1, \ldots, a_m)$. Even using the worst case Hadamard bound for the determinant, our algorithm improves upon existing algorithm. Another major advantage of our algorithm is that we can bound the entries of the resulting lattice basis by $\tilde{O}(n^2\cdot ||A||_{\infty})$ using a simple pivoting rule. This is in contrast to the typical approach for computing lattice basis, where the Hermite normal form (HNF) is used. In the HNF, entries can be as large as the determinant and hence can only be bounded by an exponential term.

Data Structures and Algorithms,Discrete Mathematics,Number Theory

Ron Donagi,Ron Livne

DOI: https://doi.org/10.48550/arXiv.alg-geom/9712027

1997-12-22

Abstract:Computation of Gauss's arithmetic-geometric mean involves iteration of a simple step, whose algebro-geometric interpretation is the construction of an elliptic curve isogenous to a given one, specifically one whose period is double the original period. A higher genus analogue should involve the explicit construction of a curve whose jacobian is isogenous to the jacobian of a given curve. The doubling of the period matrix means that the kernel of the isogeny should be a lagrangian subgroup of the group of points of order 2 in the jacobian. In genus 2 such a construction was given classically by Humbert and was studied more recently by Bost and Mestre. In this article we give such a construction for general curves of genus 3. We also give a similar but simpler construction for hyperelliptic curves of genus 3. We show that the hyperelliptic construction is a degeneration of the general one, and we prove that the kernel of the induced isogeny on jacobians is a lagrangian subgroup of the points of order 2. We show that for g at least 4 no similar construction exists, and we also reinterpret the genus 2 case in our setup. Our construction of these correspondences uses the bigonal and the trigonal constructions, familiar in the theory of Prym varieties.

Algebraic Geometry