Counting points on hyperelliptic curves in large characteristic : algorithms and complexity. (Comptage de points de courbes hyperelliptiques en grande caractéristique : algorithmes et complexité)

Counting points on algebraic curves has drawn a lot of attention due to its many applications from number theory and arithmetic geometry to cryptography and coding theory. In this thesis, we focus on counting points on hyperelliptic curves over finite fields of large characteristic $p$. In this setting, the most suitable algorithms are currently those of Schoof and Pila, because their complexities are polynomial in $\log q$. However, their dependency in the genus $g$ of the curve is exponential, and this is already painful even in genus 3. Our contributions mainly consist of establishing new complexity bounds with a smaller dependency in $g$ of the exponent of $\log p$. For hyperelliptic curves, previous work showed that it was quasi-quadratic, and we reduced it to a linear dependency. Restricting to more special families of hyperelliptic curves with explicit real multiplication (RM), we obtained a constant bound for this exponent.In genus 3, we proposed an algorithm based on those of Schoof and Gaudry-Harley-Schost whose complexity is prohibitive in general, but turns out to be reasonable when the input curves have explicit RM. In this more favorable case, we were able to count points on a hyperelliptic curve defined over a 64-bit prime field

[1]  François Morain,et al.  Finding suitable curves for the elliptic curve method of factorization , 1993 .

[2]  Jean-Marc Couveignes,et al.  Computing functions on Jacobians and their quotients , 2014, 1409.0481.

[3]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[4]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[5]  Jan Tuitman,et al.  Counting points on curves using a map to P1 , 2014, Math. Comput..

[6]  Frederik Vercauteren,et al.  An Extension of Kedlaya's Algorithm to Hyperelliptic Curves in Characteristic 2 , 2004, Journal of Cryptology.

[7]  Pierrick Gaudry Fast genus 2 arithmetic based on Theta functions , 2007, J. Math. Cryptol..

[8]  Akira Terui,et al.  Recursive Polynomial Remainder Sequence and its Subresultants , 2008, ArXiv.

[9]  Jean-Charles Faugère,et al.  Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering , 1993, J. Symb. Comput..

[10]  Enea Milio,et al.  Calcul de polynômes modulaires en dimension 2 , 2015 .

[11]  GaudryPierrick,et al.  Recent progress on the elliptic curve discrete logarithm problem , 2016 .

[12]  Steven D. Galbraith,et al.  Recent progress on the elliptic curve discrete logarithm problem , 2015, Designs, Codes and Cryptography.

[13]  Tanja Lange,et al.  Formulae for Arithmetic on Genus 2 Hyperelliptic Curves , 2005, Applicable Algebra in Engineering, Communication and Computing.

[14]  志村 五郎,et al.  Introduction to the arithmetic theory of automorphic functions , 1971 .

[15]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[16]  Harald Niederreiter,et al.  On the Analogue of the Division Polynomials for Hyperelliptic Curves , 2012 .

[17]  B. Salvy,et al.  Algorithmes Efficaces en Calcul Formel , 2017 .

[18]  Motoko Qiu Kawakita Certain sextics with many rational points , 2017, Adv. Math. Commun..

[19]  Wouter Castryck,et al.  Computing zeta functions in families of C_{a,b} curves using deformation , 2008 .

[20]  Benjamin Smith,et al.  Isogenies for point counting on genus two hyperelliptic curves with maximal real multiplication , 2017, ArXiv.

[21]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[22]  R. Lercier,et al.  A quasi quadratic time algorithm for hyperelliptic curve point counting , 2006 .

[23]  K. Kedlaya Counting Points on Hyperelliptic Curves using Monsky-Washnitzer Cohomology , 2001, math/0105031.

[24]  S. Lang,et al.  Abelian varieties over finite fields , 2005 .

[25]  Maria Grazia Marinari,et al.  The shape of the Shape Lemma , 1994, ISSAC '94.

[26]  Magali Bardet,et al.  Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie , 2004 .

[27]  Damien Robert,et al.  Fonctions thêta et applications à la cryptographie , 2010 .

[28]  Emmanuel Thomé,et al.  Computing Class Polynomials for Abelian Surfaces , 2013, Exp. Math..

[29]  Pierrick Gaudry,et al.  Algorithmes de comptage de points d'une courbe définie sur un corps fini , 2013 .

[30]  T. Willmore Algebraic Geometry , 1973, Nature.

[31]  Alston S. Householder,et al.  The padé table, the frobenius identities, and the qd algorithm , 1971 .

[32]  Benjamin A. Smith,et al.  Efficiently Computable Endomorphisms for Hyperelliptic Curves , 2006, ANTS.

[33]  D. V. Chudnovsky,et al.  Algebraic complexities and algebraic curves over finite fields , 1987, J. Complex..

[34]  Steven D. Galbraith,et al.  An Improvement to the Gaudry-Schost Algorithm for Multidimensional Discrete Logarithm Problems , 2009, IMACC.

[35]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[36]  Andrew J. Sommese,et al.  The numerical solution of systems of polynomials - arising in engineering and science , 2005 .

[37]  Ming-Deh A. Huang,et al.  Primality Testing and Abelian Varieties over Finite Fields , 1992 .

[38]  David Harvey,et al.  Computing zeta functions of arithmetic schemes , 2014, 1402.3439.

[39]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[40]  Éric Schost,et al.  Genus 2 point counting over prime fields , 2012, J. Symb. Comput..

[41]  Razvan Barbulescu,et al.  Finding ECM-Friendly Curves through a Study of Galois Properties , 2012, IACR Cryptol. ePrint Arch..

[42]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[43]  KANAYAMA Naoki,et al.  Jacobian Varieties , 2003 .

[44]  Herbert Lange,et al.  Complex Abelian Varieties , 1992 .

[45]  François Morain,et al.  Primality Proving Using Elliptic Curves: An Update , 1998, ANTS.

[46]  Andrew V. Sutherland,et al.  Sato–Tate distributions and Galois endomorphism modules in genus 2 , 2011, Compositio Mathematica.

[47]  Dominique Duval,et al.  About a New Method for Computing in Algebraic Number Fields , 1985, European Conference on Computer Algebra.

[48]  A. Cafure,et al.  AN EFFECTIVE BERTINI THEOREM AND THE NUMBER OF RATIONAL POINTS OF A NORMAL COMPLETE INTERSECTION OVER A FINITE FIELD , 2007 .

[49]  Marcel van der Vlugt,et al.  Tables of curves with many points , 2000, Math. Comput..

[50]  Matthieu Rambaud Finding Optimal Chudnovsky-Chudnovsky Multiplication Algorithms , 2014, WAIFI.

[51]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[52]  A. Atkin,et al.  ELLIPTIC CURVES AND PRIMALITY PROVING , 1993 .

[53]  Andrew V. Sutherland,et al.  Computing Hasse-Witt matrices of hyperelliptic curves in average polynomial time, II , 2014, 1410.5222.

[54]  Tanja Lange,et al.  Short Generators Without Quantum Computers: The Case of Multiquadratics , 2017, EUROCRYPT.

[55]  J. Pila Frobenius maps of Abelian varieties and finding roots of unity in finite fields , 1990 .

[56]  Gilles Villard,et al.  On Computing the Resultant of Generic Bivariate Polynomials , 2018, ISSAC.

[57]  B. Poonen Using zeta functions to factor polynomials over finite fields , 2017, Arithmetic Geometry: Computation and Applications.

[58]  Miura Shinji,et al.  Algebraic geometric codes on certain plane curves , 1993 .

[59]  Tanja Lange,et al.  Kummer Strikes Back: New DH Speed Records , 2014, ASIACRYPT.

[60]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[61]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[62]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[63]  Joe Kilian,et al.  Almost all primes can be quickly certified , 1986, STOC '86.

[64]  Éric Schost,et al.  A Low-Memory Parallel Version of Matsuo, Chao, and Tsujii?s Algorithm , 2004, ANTS.

[65]  Gerhard Frey,et al.  Arithmetic of Modular Curves and Applications , 1997, Algorithmic Algebra and Number Theory.

[66]  Endomorphism Algebras of Jacobians , 2001 .

[67]  S. Kleiman Bertini and his two fundamental theorems , 1997, alg-geom/9704018.

[68]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[69]  Jean-Charles Faugère,et al.  Computing modular correspondences for abelian varieties , 2009, ArXiv.

[70]  Yih-Dar Shieh Arithmetic Aspects of Point Counting and Frobenius Distributions , 2015 .

[71]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[72]  David Harvey,et al.  Computing Hasse-Witt matrices of hyperelliptic curves in average polynomial time , 2014, LMS J. Comput. Math..

[73]  Jean-Charles Faugère,et al.  On the complexity of the F5 Gröbner basis algorithm , 2013, J. Symb. Comput..

[74]  David A. Cox,et al.  Ideals, Varieties, and Algorithms , 1997 .

[75]  Pierrick Gaudry,et al.  Counting Points on Genus 2 Curves with Real Multiplication , 2011, IACR Cryptol. ePrint Arch..

[76]  Kazuto Matsuo,et al.  An Improved Baby Step Giant Step Algorithm for Point Counting of Hyperelliptic Curves over Finite Fields , 2002, ANTS.

[77]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[78]  N. Elkies Elliptic and modular curves over finite fields and related computational issues , 1997 .

[79]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[80]  A. Meyer,et al.  The complexity of the word problems for commutative semigroups and polynomial ideals , 1982 .

[81]  Éric Schost,et al.  A Nearly Optimal Algorithm for Deciding Connectivity Queries in Smooth and Bounded Real Algebraic Sets , 2013, J. ACM.

[82]  Robert Harley,et al.  Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[83]  Jean-Michel Muller,et al.  Modern Computer Arithmetic , 2016, Computer.

[84]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[85]  Daniel Lazard,et al.  Gröbner-Bases, Gaussian elimination and resolution of systems of algebraic equations , 1983, EUROCAL.

[86]  Séminaire N. Bourbaki,et al.  Counting points on curves over finite fields , 1974 .

[87]  Pierrick Gaudry,et al.  Improved Complexity Bounds for Counting Points on Hyperelliptic Curves , 2017, Foundations of Computational Mathematics.

[88]  Marc Giusti,et al.  A Gröbner Free Alternative for Polynomial System Solving , 2001, J. Complex..

[89]  Annegret Weng,et al.  Constructing hyperelliptic curves of genus 2 suitable for cryptography , 2003, Math. Comput..

[90]  Andrew V. Sutherland Order computations in generic groups , 2007 .

[91]  Florian Hess,et al.  Computing Riemann-Roch Spaces in Algebraic Function Fields and Related Topics , 2002, J. Symb. Comput..

[92]  Pierrick Gaudry,et al.  Counting points on genus-3 hyperelliptic curves with explicit real multiplication , 2018, The Open Book Series.

[93]  Richard Zippel,et al.  Effective polynomial computation , 1993, The Kluwer international series in engineering and computer science.

[94]  Serge Lang,et al.  Abelian varieties , 1983 .

[95]  David Lubicz,et al.  Counting Points on Elliptic Curves over Finite Fields of Small Characteristic in Quasi Quadratic Time , 2003, EUROCRYPT.

[96]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[97]  Jonathan Pila Counting points on curves over families in polynomial time , 2005 .

[98]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[99]  David Lubicz,et al.  Arithmetic on abelian and Kummer varieties , 2016, Finite Fields Their Appl..

[100]  C. R. Martindale,et al.  Isogeny graphs, modular polynomials, and applications , 2018 .

[101]  Andrew V. Sutherland,et al.  Hyperelliptic curves, L-polynomials, and random matrices , 2008, 0803.4462.

[102]  Guillermo Matera,et al.  Fast computation of a rational point of a variety over a finite field , 2004, Math. Comput..

[103]  Andrew V. Sutherland Accelerating the CM method , 2010, 1009.1082.

[104]  Nicholas M. Katz,et al.  Random matrices, Frobenius eigenvalues, and monodromy , 1998 .

[105]  Kiran S. Kedlaya Quantum computation of zeta functions of curves , 2006, computational complexity.

[106]  Christophe Ritzenthaler,et al.  Point Counting on Genus 3 Non Hyperelliptic Curves , 2004, ANTS.

[107]  Agnes Szanto Multivariate subresultants using Jouanolou matrices , 2010 .

[108]  J. Tate Endomorphisms of abelian varieties over finite fields , 1966 .

[109]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[110]  M. Fujiwara,et al.  Über die obere Schranke des absoluten Betrages der Wurzeln einer algebraischen Gleichung , 1916 .

[111]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[112]  Y. N. Lakshman,et al.  On the Complexity of Zero-dimensional Algebraic Systems , 1991 .

[113]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[114]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[115]  Paul B. van Wamelen,et al.  Proving that a genus 2 curve has complex multiplication , 1999, Math. Comput..

[116]  Peter Schwabe,et al.  \mu Kummer: Efficient Hyperelliptic Signatures and Key Exchange on Microcontrollers , 2016, CHES.

[117]  Wouter Castryck,et al.  Computing Zeta Functions of Nondegenerate Curves , 2006, IACR Cryptol. ePrint Arch..

[118]  Andrew V. Sutherland A generic approach to searching for Jacobians , 2007, Math. Comput..

[119]  Kazuto Matsuo,et al.  Fast Genus Three Hyperelliptic Curve Cryptosystems , 2002 .

[120]  Éric Schost,et al.  Complexity issues in bivariate polynomial factorization , 2004, ISSAC '04.

[121]  Jessika Eichel,et al.  Introduction To Analytic And Probabilistic Number Theory , 2016 .

[122]  Kamal Khuri-Makdisi Linear algebra algorithms for divisors on an algebraic curve , 2004, Math. Comput..

[123]  A. Morgan,et al.  A homotopy for solving general polynomial systems that respects m-homogeneous structures , 1987 .

[124]  E. Berlekamp Factoring polynomials over large finite fields* , 1970, SYMSAC '71.

[125]  Richard Taylor,et al.  A family of Calabi-Yau varieties and potential automorphy , 2010 .

[126]  Benjamin Smith,et al.  qDSA: Small and Secure Digital Signatures with Curve-Based Diffie-Hellman Key Pairs , 2017, ASIACRYPT.

[127]  Stéphane Ballet,et al.  On some bounds for symmetric tensor rank of multiplication in finite fields , 2016, ArXiv.

[128]  Éric Schost,et al.  Construction of Secure Random Curves of Genus 2 over Prime Fields , 2004, EUROCRYPT.

[129]  Daniel Lazard,et al.  Solving systems of algebraic equations , 2001, SIGS.

[130]  Michael Kalkbrener,et al.  Converting Bases with the Gröbner Walk , 1997, J. Symb. Comput..

[131]  Takakazu Satoh,et al.  On p-adic Point Counting Algorithms for Elliptic Curves over Finite Fields , 2002, ANTS.

[132]  Jaap Top,et al.  Explicit Hyperelliptic Curves With Real Multiplication and Permutation Polynomials , 1991, Canadian Journal of Mathematics.

[133]  Ivan Boyer Variétés abéliennes et jacobiennes de courbes hyperelliptiques, en particulier à multiplication réelle ou complexe , 2014 .

[134]  Leonard M. Adleman,et al.  Counting Points on Curves and Abelian Varieties Over Finite Fields , 2001, J. Symb. Comput..