The geometry of efficient arithmetic on elliptic curves

The arithmetic of elliptic curves, namely polynomial addition and scalar multiplication, can be described in terms of global sections of line bundles on $E\times E$ and $E$, respectively, with respect to a given projective embedding of $E$ in $\mathbb{P}^r$. By means of a study of the finite dimensional vector spaces of global sections, we reduce the problem of constructing and finding efficiently computable polynomial maps defining the addition morphism or isogenies to linear algebra. We demonstrate the effectiveness of the method by improving the best known complexity for doubling and tripling, by considering families of elliptic curves admiting a $2$-torsion or $3$-torsion point

The Weierstrass subgroup of a curve has maximal rank

We show that the Weierstrass points of the generic curve of genus $g$ over an algebraically closed field of characteristic 0 generate a group of maximal rank in the Jacobian

Complete addition laws on abelian varieties

We prove that under any projective embedding of an abelian variety A of dimension g, a complete system of addition laws has cardinality at least g+1, generalizing of a result of Bosma and Lenstra for the Weierstrass model of an elliptic curve in P^2. In contrast with this geometric constraint, we moreover prove that if k is any field with infinite absolute Galois group, then there exists, for every abelian variety A/k, a projective embedding and an addition law defined for every pair of k-rational points. For an abelian variety of dimension 1 or 2, we show that this embedding can be the classical Weierstrass model or embedding in P^15, respectively, up to a finite number of counterexamples for |k| less or equal to 5.Comment: 9 pages. Finale version, accepted for publication in LMS Journal of Computation and Mathematic

Character sums with division polynomials

We obtain nontrivial estimates of quadratic character sums of division polynomials $\Psi_n(P)$, $n=1,2, ...$, evaluated at a given point $P$ on an elliptic curve over a finite field of $q$ elements. Our bounds are nontrivial if the order of $P$ is at least $q^{1/2 + \epsilon}$ for some fixed $\epsilon > 0$. This work is motivated by an open question about statistical indistinguishability of some cryptographically relevant sequences which has recently been brought up by K. Lauter and the second author

Théorie des nombres et cryptographie

Modern cryptographic constructions are based on constructions from number theory, but many of the links go deeper than typically realized. The development of modern cryptography runs in parallel to developments and central questions in number theory. After recalling some of the constructions used in modern public key cryptography, based on modular arithmetic, finite fields, lattices and elliptic curves, we describe some of their number theoretic origins. The first concerns the Riemann hypothesis and associated questions of distributions of prime numbers and smooth numbers, and of distributions of divisors of integers. Next we consider the origins of elliptic curve cryptography, beginning from Hasse's theorem, the conjectures of Weil, and Schoof's algorithm. Finally we mention the context of Mordell's theorem and the conjectures of Birch and Swinnerton-Dyer. In conclusion we consider the future prospects of these cryptosystems.Des constructions en cryptographie moderne sont basées sur la théorie des nombres. Toutefois, les liens entre ces deux domaines sont plus profonds qu'il n'y paraît. Le développement de la cryptographie moderne a eu lieu en parallele avec des developpements et des questions centrales en théorie des nombres. Après des rappels de constructions en cryptographie à clef publique, à base de l'arithmétique modulaire, des corps finis, des réseaux et des courbes elliptiques, nous décrivons quelques unes de ces racines en théorie des nombres. La première concerne l'hypothèse de Riemann et les questions associées sur la distribution des nombres premiers et des nombres friables, et des distributions des diviseurs d'entiers. Puis on considère les origines de la cryptographie à base de courbes elliptiques, en commençant par le théorème de Hasse, les conjectures de Weil, et l'algorithme de Schoof. Finalement on se place dans le contexte du théorème de Mordell et de la conjecture de Birch et Swinnerton-Dyer. En conclusion on considère les perspectives d'avenir pour ces cryptosystèmes

On the quaternion ℓ\ell-isogeny path problem

Let \cO be a maximal order in a definite quaternion algebra over $\mathbb{Q}$ of prime discriminant $p$, and $\ell$ a small prime. We describe a probabilistic algorithm, which for a given left $O$-ideal, computes a representative in its left ideal class of $\ell$-power norm. In practice the algorithm is efficient, and subject to heuristics on expected distributions of primes, runs in expected polynomial time. This breaks the underlying problem for a quaternion analog of the Charles-Goren-Lauter hash function, and has security implications for the original CGL construction in terms of supersingular elliptic curves.Comment: To appear in the LMS Journal of Computation and Mathematics, as a special issue for ANTS (Algorithmic Number Theory Symposium) conferenc

On anticyclotomic mu-invariants of modular forms

Let f be a modular form of weight 2 and trivial character. Fix also an imaginary quadratic field K. We use work of Bertolini-Darmon and Vatsal to study the mu-invariant of the p-adic Selmer group of f over the anticyclotomic Zp-extension of K. In particular, we verify the mu-part of the main conjecture in this context. The proof of this result is based on an analysis of congruences of modular forms, leading to a conjectural quantitative version of level-lowering (which we verify in the case that Mazur's principle applies)