HAL Id: inria-00000627
https://hal.inria.fr/inria-00000627
Submitted on 10 Nov 2005
HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Pierrick Gaudry, Eric Schost
To cite this version:
Pierrick Gaudry, Eric Schost. Modular equations for hyperelliptic curves. Mathematics of Computa- tion, American Mathematical Society, 2005, 74, pp.429-454. �inria-00000627�
ArtileeletroniallypublishedonMay25,2004
MODULAR EQUATIONS FOR HYPERELLIPTIC CURVES
P.GAUDRYAND
E.SCHOST
Abstrat. Wedenemo dularequationsdesribingthe`-torsionsubgroups
of theJaobianof ahyp erelliptiurve. Over a nitebaseeld, weprove
fatorizationprop ertiesthatextendthe well-known resultsused inAtkin's
improvementofSho of'sgenus1p ointountingalgorithm.
Introdution
Mo dularequationsrelatinginvariantsof`-isogenouselliptiurves areafunda-
mentalto olinomputationalarithmetigeometry. Agreateorthasb eendevoted
to obtainingequations sparser or withsmallero eÆientsthan thelassialp oly-
nomials
`
[12℄,sonowadaystheseequationsan b eomputedeÆientlyevenfor
quitelarge`. Oneof theirimp ortantappliations isthedeterminationofthear-
dinalityofanelliptiurvedenedoveraniteeld[24℄: theb estmetho dtodate,
at least for primenite elds, is theSho of-Elkies-Atkin algorithm,inwhih the
`-torsionstruture iswidelyused.
Nevertheless,verylittleisknownab outsimilarequationsforhighergenusurves.
Sinethehyp erelliptiase istheb estsuited foromputations,we restritto this
situation. Ourgoalinthisartileisthentwofold:
We dene mo dularequationsforhyp erelliptiurves, withoutusingmo d-
ularforms. Inthe partiularase of genus 1,ourequations oinide with
thoseintro dued byCharlap,ColeyandRobbinsin[11℄.
When the base eld is nite, we prove that the well-known fatorization
prop erties of genus 1 mo dularequations extend to our highergenus on-
strution. Thismakesthemamenableforuseinhighergenusextensionsof
theAtkinimprovementof Sho of'sinitialalgorithm[27℄.
Here is abrief overview of our onstrution. Consider a hyp erellipti urve C
of genus g ,Ja(C) itsJaobian, and ` aprime. The quotient ofthe Jaobianby
a subgroup of order ` is an ab elian variety `-isogenous to Ja (C), but in genus
greaterthan1itisingeneralnottheJaobianofaurve. Generalab elianvarieties
aremoreintriateto handlethanJaobians ofurves,forwhihinvariantsan b e
easilyomputed,soweratherstudydiretlythe`-torsionsubgroupoftheJaobian.
Ourmo dularequationsare thusdened usingthegroupstruture ofthe`-torsion
subgroup.
ReeivedbytheeditorJuly15,2002and,inrevisedform,August16,2003.
2000MathematisSubjetClassiation. Primary11Y40;Seondary11G20,11Y16.
Key words and phrases. Mo dular equations, hyp erellipti urves, Sho of-Elkies-Atkin
algorithm.
2004Copyrightheldbytheauthors
More preisely, these equations are univariate p olynomialswhose ro ots are in
orresp ondene with the yli subgroups of the `-torsion group. This denition
avoidstheuseofmo dularforms,soitisvalidoveranyp erfeteld. Theonstru-
tionis very similarto that of resolventsinGalois theory; as suh, whenthe base
eldisnite,thefatorizationpatternsofthemo dularequationsareverysp ei,
and arry enough informationto b e of use inhigher genus Sho of p oint-ounting
algorithms.
Asanexample,wehavedetailedtherelationshipb etweenthe3-torsionmo dular
equation of a genus 2urve and the ardinality of its Jaobian mo dulo 3. This
equationisnowusedwithinMagma'shyp erelliptiurve pakage[1℄aspartofthe
p oint-ountingalgorithm,sineinmanyasestheJaobianordermo dulo3an b e
deduedquiklyusingthisequation. Forlargeniteeldsofryptographisize,the
gainbroughtbythismetho dismarginal,astheomputationmo dulo3b eomesa
tiny part of the whole omputation. Yet,ina generalist systemsuh as Magma,
it isalso imp ortantto optimizep oint ounting algorithmsfor smaller baseelds.
Forsuhsituations,foreldsoforderuptoab out10 6
,usingthe3-torsionmo dular
equationyieldsasigniantsp eed-up.
The pap er is organized as follows. In Setion 1, we preise the notation used
inthesequel. Themo dularequationsare denedinSetion2,where we alsogive
theirbasiprop ertiesanddetailtheexampleofgenus1. InSetion3,weprovethat
themo dularequations havetheexp eted sp eializationprop erties. This isruial
for theomputationalp ointof view, whih is studied inSetion 4. InSetion 5,
wenallyonsidertheniteeldase,andshowhowthefatorizationpatternsof
ourmo dularequationsextendthewell-knownaseofgenus1;weapplythisforthe
p oint-ountingproblem.
Aknowledgments. We thankFranoisMorainforhis numerousommentsand
suggestions. We are grateful to John Boxall for giving us referenes ab out the
Manin-Mumford onjeture. The heaviest omputations were done on the ma-
hines of theCNRS{
Eole p olytehnique MEDICISomputationenter [2℄,using
the Magmaomputeralgebra system[1℄. Theseond author is amemb erof the
TERAprojet[3℄.
1. Notation
Letkb eap erfet eldofharateristi dierentfrom2and Cagenus ghyp er-
ellipti urve dened over k . We supp ose that the aÆne part of C is dened by
theequationy 2
=f(x), withf moniofdegree2g+1,andforsimpliityweshall
saythat C istheurve dened byy 2
=f(x). The uniquep ointatinnityonC is
denoted by1.
We also assume that the harateristi of k is dierent from 2g+1, so that
we an transform f(x) into a p olynomialwhose o eÆient in x 2g
is zero. This
simpliationissimilarto what isoftendoneingenus1whentaking anequation
ofthe formy 2
=x 3
+Ax+B. Our results alsoholdinharateristi 2g+1, but
withdierentequations.
We denote the Jaobian of C by Ja (C). This is a projetive variety dened
overk ;theanonialinjetionC!Ja (C)asso iates toP 2C thedivisorlassof
P 1;itisalsodenedoverk .
If K is an extension eld of k , we may distinguish the urves dened on k
2
C=K ! Ja (C=K) extends the injetion C=k ! Ja(C=k ), and the group law
onJa (C=K)extends thatofJa (C=k ).
In partiular, let k b e an algebrai losure of k . Then for a prime`, we will
denotebyJa[`℄thesubgroupof`-torsionelementsofJa(C=k).
Let b e the hyp erellipti involution on C=k , and let denote the injetion
C=k!Ja(C=k). Asaonsequene oftheRiemann-Ro htheorem,anyelementin
Ja(C=k )an b e uniquelyrepresented byadivisoroftheformD= P
1jr (P
j )
withthefollowingprop erties:
(1) allP
j
arep ointsontheaÆnepartofC=k ,
(2) P
j 6=(P
j
0)forallj6=j 0
,
(3) risatmostg .
Theintegerrisalled theweight ofD .
Let D and fP
j g
1jr
b e as ab ove; sine the p ointsP
j
are notat innity, we
maytakeP
j
=(x
j
;y
j
;1).ThentheMumford-Cantor representationofD [25,9℄is
dened by
D=hu(x);v (x)i=hx r
+u
r 1 x
r 1
++u
0
;v
r 1 x
r 1
++v
0 i;
where u = Q
1jr (x x
j
) and v (x
j ) =y
j
holds with suitable multipliities, so
that u divides v 2
f. Sine k is p erfet, the divisor D is dened over a eld K
ontainingkifand onlyifthep olynomialsuand vhave o eÆientsinK.
For j in0;:::;r 1, we willdenote by u
j
(D ) (resp. v
j
(D )) the o eÆient u
j
(resp. v
j
)inthisrepresentation.
2. Modular equations
2.1. Denitions. Let`b e ano dd primedierentfromtheharateristi ofk . In
thissubsetion,wedenethe`-thmo dularequationofagenusghyp erelliptiurve
C denedoverk .
Tothisend,weonsiderthe`-torsiondivisorsinJa(C=k ). Theassumptionthat
` diers fromtheharateristi ofk implies that thenumb erof `-torsiondivisors
of nonzero weightis ` 2g
1[22℄. From nowon, we assumethat all thesedivisors
have weightexatlyg ;seesubsetion 2.3fortherelevaneofthisassumption.
Generiityassumption. Allnonzero`-torsiondivisorsin Ja(C=k )haveweight
g .
LetDb e an`-torsiondivisor. Thedivisors
hD i=
` 1
2
D ;:::; D ;0;D ;:::;
` 1
2
D
forma yli subgroup of ardinality ` in Ja[`℄. Our objetive is to b e able to
\separate" these subgroups, using only algebrai onstrutions. To this eet we
ho ose afuntiont
`
(D ) withvalues ink ,whihtakes aonstant valueoneah of
the subgroups hD i. Our mo dular equations may then b e thought as a minimal
p olynomialoft
` .
Preisely,we denet
`
as thefollowingsum:
(1) t
` (D )=
X
1i
` 1
2 u
g 1 [i℄D
:
Ourgeneriity assumptionimplies that this sumis well-dened for allnonzero `-
torsion divisors D . Note that [ i℄D and [i℄D have the sameu -o ordinate, so
eventhoughwerestritthenumb erofsummandsto(` 1)=2,t
`
(D ) dep endsonly
onthesubgroupgeneratedbyD ,as requested.
Wenextdenethep olynomial
`
2k [T℄,whosero otsarethevaluestakenbyt
`
onthenonzero`-torsiondivisors:
`
= Y
D 2Ja [`℄nf0g T t
` (D )
:
Thep olynomial
`
isan(` 1)-thp owerink [T℄.IndeedJa[`℄nf0ganb ewritten
as thedisjoint unionof the
` 2g
1
` 1
sets hD inf0g, and the funtiont
`
(D ) takes a
onstantvalueoneahpart ofthispartition.
We nowshow that
`
is atually in k [T℄. Let b e in Gal(k =k ). If D is any
divisor, u
g 1 (D )
=u
g 1 (D )
. Also,ommuteswiththegrouplaw,whene
[i℄D
=[i℄ (D ),soinduesap ermutationamongthenonzero`-torsiondivisors.
IfD issuhadivisor,thentheequality
t
` (D )
= t
` (D )
obviouslyholds. Sine p ermutes the`-torsiondivisors, this equalityshows that
`
is left invariant by , so
`
is ink [T℄. Sine k is ap erfet eld,and
` is an
(` 1)-th p ower ink [T℄,there exists ap olynomial
`
with o eÆients ink suh
that
`
=
` 1
` .
Denition1. Theuniquemonip olynomial
`
suhthat
`
=
` 1
`
isalledthe
`-thmodular equationofC.
Thep olynomial
`
hasdegree
` 2g
1
` 1
. Toemphasizethedep endeneontheurve
C,itmayalsob e denotedby
` (C).
The rest of this artile is devoted to desribing the main prop erties of these
equations,howtoomputethemandhowtousethemforardinalityomputation,
inthease whenkisaniteeld.
Remark 1. Our hoie of thefuntiont
`
is arbitrary. In Setion 5,we show that
theinterestingase iswhen
`
issquarefree, whihhapp ens whent
`
takesdistint
values ondistint ylisubgroups. Unfortunately,this willnotb e theaseforall
urves;forsuh urves,analternativehoieoft
`
maysolve theproblem:
Instead of onsidering the sum of the u
g 1
-o ordinates of half of the divisors
in the subgroup, we ho ose some integer k and form the sum of the k -th p ower
of any linear ombination of all the o ordinates (u;v ). Then, we might have to
extend the summationinequation (1) to all elements inthesubgroup hD i, sine
notallo ordinatesarenegation-invariant. Thesubsequentresultsfollowinasimilar
mannerforsuh alternativeonstrutions.
Yetinpratie,ho osingtheo ordinateu
g 1
yieldsthep olynomialwithsmallest
o eÆientswhen working over Q,and inmostofour exp erimentsingenus 1and
2,thisp olynomialturnedouttob esquarefree, asrequested.
Remark 2. In the sequel, we willoften onsider urves with generi o eÆients.
Thus we dene forone and for all the generi urve of genus g as the urve of
equation
C
g :y
2
=x 2g +1
+F
2g 1 x
2g 1
++F
0
;
over therational funtioneld Q(F
0
;:::;F
2g 1
). Inthis ase, thep olynomial
`
b elongstoQ(F
0
;:::;F
2g 1
)[T℄,andsatisesthefollowinghomogeneityprop erty.
Theorem1. The`-thmodularequationofthe urveC
g
isweightedhomogeneous,
whengiving weight1toT and weight2g+1 i toF
i
fori=0;:::;2g 1.
Proof. Letb e anonzero rational,andlet e
C
g
b etheurve dened by
y 2
=x 2g +1
+
^
F
2g 1 x
2g 1
++ f
F
0
;
where e
F
i
= 2g +1 i
F
i
, fori =1;:::;2g 1. Then the map': C
g
! e
C
g
dened
by'(x;y )=(x;
2g +1
y )isanisomorphismb etween C
g and
e
C
g
. Thisisomorphism
extendsto anisomorphismb etween Ja(C
g
)andJa(
e
C
g
), whihatsasfollowsin
theMumford-Cantorrepresentation:
(u
0
;:::;u
g 1
;v
0
;:::;v
g 1 )7!(
g
u
0
;:::;u
g 1
; 2g +1
v
0
;:::; g +2
v
g 1 ):
Givenan`-torsiondivisorD onJa(C
g
),thevaluet
`
(D ) issenttot
`
(D ). Thus
` (F
0
;:::;F
2g 1
;t
`
)=0 ()
` (
2g +1
F
0
;:::; 2
F
2g 1
;t
` )=0:
Thisprovesthetheorem.
Theweightedhomogeneityimplies that notall monomialsapp ear inthemo d-
ularequation forthegeneri urve. Asaonsequene, ourmo dularequationsare
somewhat sparse, and we shall see b elow that for ellipti urves they provide a
muhsmalleralternativetothelassialmo dularp olynomials
` .
Remark 3. In ourformalism,themo dular equation for2-torsion
2
is ill-dened
ingenus greater than 1. Indeed, the generiity assumptionfor2-torsion is never
satised,sine the2g+1ro otsof thedeningp olynomialf(x)give theabsissae
of2g+1weight1divisorsof2-torsion. Inthepartiularaseofelliptiurves,we
anset
2
=f.
2.2. The elliptiase. We illustrate ourdenitionon an elliptiurve E, given
by an equation y 2
=f(x), with f moni of degree 3. Ingenus 1, the generiity
assumptionisalwayssatised,sine theonlydivisorwhoseweightisnotmaximal
iszero.
IfP =(x;y )isap ointonE andi ap ositiveinteger, theo ordinates of[i℄P are
rationalfuntionsofP,see[30℄:
[i℄P =
i (P)
i (P)
2
;
!
i (P)
i (P)
3
:
The p olynomials
i (P),
i (P)
2
, and also
i
(P) ifi is o dd, are p olynomialsinx
only. Tofollowthenotationoftheprevioussubsetion,weseethemasp olynomials
inthevariableT.
Givenano ddprime`, theabsissae ofthe `-torsionp ointsare thero otsof
` .
LetP b esuhap oint;foriin1;:::;
` 1
2
,thedenominatorintherationalfuntion
i (P)
i (P)
2
is oprimeto
`
. The imageof this rationalfuntion mo dulo
`
is ap olynomial
h
i;`
ink [T℄whih givestheabsissa of[i℄P intermsof theabsissa ofP,forP of
`-torsion. Then,forall`-torsionp ointsP,t
`
(P)isgivenbythesum
t
` (P)=
X
1i
` 1 h
i;`
x(P)
:
Thep olynomial
`
isthus theharateristi p olynomialof
1i
` 1
2 h
i;`
mo dulo
`
,andthemo dularequation
`
2k [T℄isthe(` 1)-thro ot of
` .
Letustakef =x 3
+F
1 x+F
0
,deningwhatwealledthegeneriurveofgenus
1overQ(F
0
;F
1
). Thentherstvalues of
` are
3 = T
4
+2F1T 2
+4F0T 1
3 F
2
1
;
5 = T
6
+20F1T 4
+160F0T 3
80F 2
1 T
2
128F1F0T 80F 2
0
;
7 = T
8
+84F1T 6
+1512F0T 5
1890F 2
1 T
4
9072F1F0T 3
+( 21168F 2
0 +644F
3
1 )T
2
+5832F 2
1 F
0
T 567F 4
1
;
11 = T 12
+550F1T 10
+27500F0T 9
103125F 2
1 T
8
1650000F1F0T 7
+( 13688400F 2
0
+645700F 3
1 )T
6
+20625000F 2
1 F
0 T
5
+(35793120F1F 2
0
11407385F 4
1 )T
4
+(34041920F 3
0
58614160F 3
1 F
0 )T
3
+( 175832976F 2
1 F
2
0
2177802F 5
1 )T
2
+( 235016704F1F 3
0
+1351692F 4
1 F0)T
110680064F 4
0
+6297984F 3
1 F
2
0
321651F 6
1 :
These p olynomials were already onsidered by Charlap, Coley and Robbins
in [11℄, where the authors onstruted them via mo dular forms. Our mo dular
equationsareageneralizationtohighergenus.
Remark 4. Exept for
3
, forwhihafator 1
3
o urs, there arenodenominators
intheo eÆientsofthemo dularequationsofthegenerielliptiurve. Thisfatis
provenin[11℄ usingprop ertiesofmo dularforms. Inhighergenuswe donotknow
apriori whether there are denominatorsin the mo dularequations of thegeneri
urves. TheomputationinSetion 4showsthat themo dularequation
3 ofthe
genus2generiurvedo esnothaveanydenominator,butwedonotexp etthisto
b etrue ingeneral.
2.3. Relevane of the generiity assumption. As mentionedin the previous
subsetion, thegeneriity assumptionissatised ingenus 1for allurves, for all
torsionindiesoprimetotheharateristiof thebase eld.
This onditionisalso satised forall genus 2urves for3-torsion. Tosee this,
onsider a genus 2 urve C. A divisor with nonmaximal weight is of the form
P 1forsomep ointP 2C. Thentheequality[3℄(P 1)=0an b erewritten
as [2℄ (P 1) = (P 1), whih implies that P = 1 by the Riemann-Ro h
theorem. Thus,exept forzero,all3-torsiondivisorshave weight2.
Thegeneriity assumptionis loselyrelated to theManin-Mumfordonjeture
whihstatesthattheJaobianofaurveovertheomplexeldontainsonlynitely
manytorsionelementsofweight1. Moregenerally,Lang'sonjeture,whihisnow
known tob e true [17,p. 435℄,impliesthat theJaobianofagivenurve overthe
omplexeld ontainsonlynitely manytorsion elements ofnonmaximalweight,
asso onasthisJaobianissimple. Asaonsequene,foragivenurve withsimple
Jaobian,thenumb erofprimes`forwhihthegeneriityassumptiondo esnothold
isnite,hene thename.
Notenallythat thisonditionistrue forall` fortheurve ofgenus 2dened
byy 2
=x 5
+5x 3
+x,see[7℄. Usingthesp eializationtheoremgiveninSetion3,
wededuethatthegeneriityassumptionisalsotrue forall`forthegeneriurve
