# Project : tanc

## Section: New Results

### Complex multiplication

#### Genus 1

Participants : Régis Dupont, Andreas Enge, François Morain.

Elliptic curves with complex multiplication (e.g., the curve of equation
${y}^{2}={x}^{3}+x$) are the main component of the ECPP algorithm developed by
F. Morain, whose aim is to give a primality proof for an arbitrary
integer. Though the decision problem isPrime? was recently shown
to be in *P* (by the work of Agrawal, Kayal, Saxena), practical
primality proving is done only with ECPP. This work of AKS has motivated
the work of F. Morain on a fast variant of ECPP, called fastECPP,
who led him to gain one order of magnitude in the complexity of the
problem. The complexity of this variant is heuristically $O\left(\right(logN{)}^{4+\u03f5})$. By comparison, the best proven
version of AKS has complexity $O\left(\right(logN{)}^{6+\u03f5})$ and has not
been implemented so far (see [13]).
F. Morain implemented fastECPP and was able to
prove the primality of $10,000$ decimal digit numbers [35],
as opposed to $5,000$ for the basic (historical) version. Continuously
improving this algorithm, this led to
new records in primality proving, some of which obtained with his
co-authors J. Franke, T. Kleinjung and T. Wirth [16] who
developed their own programs. The current world record was set to
15071 decimal digits early july this year, as opposed to 8000 a year ago.

Curves with complex multiplication are very interesting in cryptography, since computing their cardinality is easy. This is in contrast with random curves, for which this task is still cumbersome. These CM curves enabled A. Enge, R. Dupont and F. Morain to give an algorithm for building good curves that can be used in identity based cryptosystems (cf. infra).

CM curves are defined by algebraic integers, whose minimal polynomial has to be computed exactly, its coefficients being exact integers. The fastest algorithm to perform these computations requires a floating point evaluation of the roots of the polynomial to a high precision. F. Morain on the one hand and A. Enge (together with R. Schertz) on the other, have developed the use of new class invariants that characterize the CM curves. The union of these two families is actually the best that can be done in the field (see [29]). More recently, F. Morain and A. Enge have designed a fast method for the computation of the roots of this polynomial over a finite field using Galois theory [30]. These invariants, together with this new algorithm, are incorporated in the working version of the program ECPP.

A. Enge has been able to analyse precisely the complexity of class polynomial
computations via complex floating point approximations. In fact, this approach
has recently been challenged by algorithms using *p*-adic liftings, that achieve
a running time that is (up to logarithmic factors) linear in the output size.
He has shown that the algorithm using complex numbers, in its currently
implemented form, has a slightly worse asymptotic complexity (polynomial with
exponent $1.25$). Using techniques from fast symbolic computation, namely
multievaluation of polynomials, he has obtained an asymptotically optimal
(up to logarithmic factors) algorithm with floating point approximations.
The implementation has shown, however, that in the currently practical range,
the asymptotically fast algorithm is slower than the previous one. This
is due, on the one hand, to the multitude of algorithmic improvements
introduced in [29], on the other hand, to the lack of
logarithmic factors and better constants. A publication is in preparation.

R. Dupont has investigated the complexity of the evaluation of some modular
functions and forms (such as the elliptic modular function *j* or the Dedekind
eta function for example). High precision evaluation of such functions is at
the core of algorithms to compute class polynomials (used in complex
multiplication) or modular polynomials (used in the SEA elliptic curve point
counting algorithm).

Exploiting the deep connection between the arithmetic-geometric mean (AGM) and a special kind of modular forms known as theta constants, he devised an algorithm based on Newton iterations and the AGM that has quasi-optimal complexity. In order to certify the correctness of the result to a specified precision, a fine analysis of the algorithm and its complexity was necessary [27].

#### Genus 2

Participants : Pierrick Gaudry, Thomas Houtmann, Régis Dupont, Annegret Weng.

The theory of Complex Multiplication also exists for non-elliptic curves,
but is more intricate. P. Gaudry, T. Houtmann, D. Kohel, C. Ritzenthaler
and A. Weng [33] have designed a new approach for
constructing class polynomials of genus 2 curves having CM. The main
feature of their method is the use of *p*-adic numbers instead of complex
floating point approximations. Although not always applicable, the
corresponding algorithm is very efficient compared to previous
approaches.

Building upon his work in genus 1, R. Dupont is developping a similar
algorithm in genus $g=2$, aiming at computing class polynomials and
modular polynomials, using complex floating point evaluations. His
algorithm uses what is known as Borchardt's mean (it can be seen as a
generalization of the AGM). A byproduct of that work is an algorithm
to compute the Riemann matrix of a given genus 2 curve: given the
equation of a such a curve, it computes a lattice *L* such that the
jacobian of the curve is isomorphic to $\u2102/L$. The algorithms
obtained both for the computation of Riemann matrices and for the
evaluation of genus 2 modular forms such as the theta constants are
quasi-optimal.