Project-TANC:Complex multiplication

Inria / Raweb 2006
Presentation of the Project TANC

Section: New Results

Complex multiplication

Genus 1

Participants : Régis Dupont, Andreas Enge, François Morain.

The work of AKS motivated the work of F. Morain on a fast variant of ECPP, called fastECPP, which led him to gain one order of magnitude in the complexity of the problem (see [15] [44] ), reaching heuristically $Im2 ${{O((logN})^{4+\#1013 }{)}}$$ , compared to $Im3 ${{O((logN})^{5+\#1013 }{)}}$$ for the basic version. By comparison, the best proven version of AKS [42] has complexity $Im4 ${{O((logN})^{6+\#1013 }{)}}$$ and has not been implemented so far; the best randomized version [27] reaches the same $Im2 ${{O((logN})^{4+\#1013 }{)}}$$ bound but suffers from memory problems and is not competitive yet. F. Morain implemented fastECPP and was able to prove the primality of 10, 000 decimal digit numbers [15] , as opposed to 5, 000 for the basic (historical) version. Continuously improving this algorithm, this led to new records in primality proving, some of which obtained with his co-authors J. Franke, T. Kleinjung and T. Wirth [34] who developed their own programs. F. Morain set the current world record to 20,562 decimal digits early June 2006, as opposed to 15,071 two years before. This record was made possible using an updated MPI-based implementation of the algorithm and its distribution process on a cluster of 64-bit bi-processors (AMD Opteron(tm) Processor 250 at 2.39 GHz).

R. Dupont has investigated the complexity of the evaluation of some modular functions and forms (such as the elliptic modular function j or the Dedekind eta function for example). High precision evaluation of such functions is at the core of algorithms to compute class polynomials (used in complex multiplication) or modular polynomials (used in the SEA elliptic curve point counting algorithm).

Exploiting the deep connection between the arithmetic-geometric mean (AGM) and a special kind of modular forms known as theta constants, he devised an algorithm based on Newton iterations and the AGM that has quasi-optimal linear complexity. In order to certify the correctness of the result to a specified precision, a fine analysis of the algorithm and its complexity was necessary [31] .

Using similar techniques, he has given a proven algorithm for the evaluation of the logarithm of complex numbers with quasi-optimal time complexity.

A. Enge has been able to analyze precisely the complexity of class polynomial computations via complex floating point approximations. In fact, this approach has recently been challenged by algorithms using p-adic liftings, that achieve a running time that is (up to logarithmic factors) linear in the output size. He has shown that the algorithm using complex numbers, in its currently implemented form, has a slightly worse asymptotic complexity (polynomial with exponent 1.25 ). Using techniques from fast symbolic computation, namely multievaluation of polynomials, he has obtained an asymptotically optimal (up to logarithmic factors) algorithm with floating point approximations. The implementation has shown, however, that in the currently practical range, the asymptotically fast algorithm is slower than the previous one. This is due, on the one hand, to the multitude of algorithmic improvements introduced in [32] , and on the other hand, to the lack of logarithmic factors and better constants.

Using R. Dupont's results described above, A. Enge has devised a second quasi-linear algorithm (that actually even saves a logarithmic factor in the complexity). Breaking the record for class polynomial computations, he has computed a polynomial of degree 100,000, the largest coefficient of which has almost 250,000 bits. For this enormous example, the asymptotically fast algorithm finally beats the one with exponent 1.25. The implementation is based on gmp, mpfr and mpc (see Section 5.2) and a library of A. Enge's for fast arithmetic with polynomials over multiprecision floating point numbers. It turns out that the algorithms are so optimized that the limiting factor becomes the memory consumption [23] .

Genus 2

Participants : Thomas Houtmann, Régis Dupont.

P. Gaudry, T. Houtmann, D. Kohel, C. Ritzenthaler and A. Weng [37] ,[18] have designed a new approach to construct class polynomials of genus two curves having complex multiplication. The main feature of their method is the use of 2-adic numbers instead of complex floating-point approximations. Although that method suffers from limitations due to the fact that its initialisation highly depends of the splitting of 2 in the quartic CM field, the corresponding algorithm is very efficient compared to previous approach.

T. Houtmann worked on both the aspects for an alternative to p-adic method and classical CM method. He improved the period matrices computation phase, collaborated with R. Dupont to improve the analytic phase and did work on using the very method to generate hyperelliptic curves suitable for cryptography. As far as his work is advanced, he managed to compute a 132-degree Igusa class polynomial system.

R. Dupont has worked on adapting his algorithm to genus 2, which induces great theoretical and technical difficulties. He has studied a generalization of the AGM known as Borchardt sequences, has proven the convergence of these sequences in a general setting, and has determined the set of limits such sequences have in genus 2. He has then developped an algorithm for the fast evaluation of theta constants in genus 2, and as a byproduct obtains an algorithm to compute the Riemann matrix of a given hyperelliptic curve: given the equation of such a curve, it computes a lattice L such that the Jacobian of the curve is isomorphic to $Im5 ${\#8450 /L}$$ . These algorithms are both quasi-linear, and have been implemented (in C , using gmp ).

Using these implementations, R. Dupont has began computing modular polynomials for groups of the form $\upper_gamma$ ₀(p) in genus 2 (these polynomials link the genus 2 j-invariants of p-isogenous curves). He computed the modular polynomials for p = 2 , which had never been done before, and did some partial computations for p = 3 (results are available at http://www.lix.polytechnique.fr/Labo/Regis.Dupont ).

He also studied more theoretically the main ingredient used in his algorithms in genus 2, a procedure known as Borchardt sequences. In particular, he proved a theorem that parametrizes the set of all possible limits of Borchardt sequences starting with a fixed 4-tuple.

Logo Inria