Distribution of group orders of abelian varieties

1
Distribution of group orders of abelian varieties

• Annegret Weng
• Institut für Experimentelle Mathematik
• University Duisburg-Essen

2
Overview

• Motivation

• Elliptic curves

• Higher-dimensional abelian varieties

• Open questions

3
Motivation
Let (G,o) be a finite abelian group.
The discrete logarithm problem in G Given g,h in
G, find an integer k such that if such a k
exists.
Let nltggt.
In any such group there exists an algorithmus
solving the discrete logarithm problem in time
where l is the largest prime factor of n
(Pohlig-Hellmann Baby-Step-Giant-Step,
Pollard-Rho).
4
Motivation II

• In practice, we start with a family C of groups
  and, try to find a group whose order is prime or
  almost prime.For example

5
Motivation - Questions

• Given a family C, we might ask the following
  (theoretical) questions

1. Can prime group orders occur in C?
2. Can almost prime group orders occur in
C? Which cofactors can we have in C?
3. What is the probability for a randomly chosen
element in C to have prime or almost prime group
order?
almost prime prime up to some small cofactor!
6
Motivation - Examples

• Examples

7
Motivation - Examples
8
Motivation - Examples
9
Motivation - Examples
10
Motivation

• From now on we restrict to E (Fp).
• Statistics on the distribution of group orders
  give a good feeling what happens in practice.

Choose 10 000 primes of size 240 . For fixed
prime 214 prime group orders, 864 with a
cofactor less than equal to 10. For fixed curve
187 prime group orders, 798 with cofactor less
than equal to 10. For random numbers 372 primes,
1102 with cofactor less than equal to 10.
11
Motivation

• Suppose we want to construct the curves using
  complex multiplication!

12
Motivation

• There are 2 possibilities to get a secure
  elliptic curves over Fp
• Construct the curve using CM (complexity depends
  on the discriminant).
• Choose random curves, count the number of points
  until good curve is found.
• How large can we take the class number in the
  CM case?

13
Elliptic curves

• Consider an elliptic curve defined over the
  rationals and reduce modulo different primes.

How often has the reduction modulo a prime p
prime group order?
What is the asymptotic behaviour of
14
Elliptic curves

• The twin prime problem

Are there infinitely many prime pairs (p,p2)?
Solution not known!
Our problem is very similar Given an elliptic
curve defined over Q. We are looking for two
primes
By the Theorem of Hasse, p and q are the same
size.
15
Elliptic curves
Hardy and Littlewood had a heuristics for the
number of twin primes. This can be applied to
elliptic curves (Koblitz, 1988)
p(n) number of primes smaller than n By the
prime number theorem,
Hence, the probability of a number of size n to
be prime is approximately We expect that the
number of pairs (p,q) is roughly
16
Elliptic curves
But the prime numbers theorem assume that a
number is divisible by l with probability 1/l !
For group order of elliptic curves this is wrong!
For ervery l we have to insert a correction term
17
Elliptic curves
How do we get the probabiliy pl ?
We have
18
Elliptic curves
Why?
19
Elliptic curves Theorem 1
20
Elliptic curves
21
Elliptic curves
22
Elliptic curves
What is the probability Pk that the group order
is of the form kprime? (A.W. 2002)
23
Elliptic curves

• A number of size p equals kprime with prob.
  approx.
• Given an intervall 2n, 2n c we expect that
• group orders are of the form kprime

24
Elliptic curves
25
Elliptic curves
26
Elliptic curves
Galbraith, McKee Fix a prime p, how often has a
randomly chosen curve over Fp almost prime group
order?
Idea Given a number in the Hasse interval, count
the number of isomorphism classes of elliptic
curves with that group order.
27
Elliptic curves
28
Elliptic curves Theorem 2

• Because of the analogy to the twin prime problem,
  a proof of any of these results on prime group
  orders would be a real break-through!

Twin primes (J.R. Chen, 1983) There exist
infinitely many primes p such that p 2 has at
most two divisors. Proof uses sieving techniques
from analytic number theory.
29
Elliptic curves Theorem 3
30
Elliptic curves - Conclusions

• To prove something (of practical importance)
  seems to be difficult, but we can give good
  heuristics to support our experimental datas.

• The group orders of elliptic curves are less
  often prime than randomly chosen numbers.

• If we only ask for almost prime numbers, the
  difference between random numbers and group
  orders of elliptic curves seems less dramatic.

• If we fix the prime p, the distribution depends
  on p.

• But CM curves can be better!

• We can easily modify the heuristics to other
  situations. E.g. If we select the curve by an
  early-abort strategy, so we can assume that the
  group order is never divisible by some prime l.

31
Higher-dimensional abelian varieties
Let A be an (principally polarized) abelian
variety of dimension g 2. E.g. Jacobian of a
hyperelliptic curve. It is difficult to prove
anything!

• Can modify Koblitz heuristic argument to this
  case.
• Again we are looking for two primes
• p for Fp and
• q A (Fp)
• If p is of size approximately n, then q A(Fp)
  is of size ng.

32
Higher-dimensional abelian varieties
33
Higher-dimensional abelian varieties
If A has no complex multiplication and dim(A) g
2,6 or odd, then for all but finitely many l
(Serre).
Again
34
Higher-dimensional abelian varieties
Count the number of matrices in GSp (2g, l) with
eigenvalue one (using an idea of Washington for
GL (n, l) ).
We find
35
Higher-dimensional abelian varieties
36
Higher-dimensional abelian varieties
We can set up a similar heuristics.
Probability for a prime group order is really
high!
37
Some open questions

• Consider the case where Fq is fixed in the case
  of hyperelliptic curve of genus
  2/higher-dimension abelian varieties!
• Find unconditional results not assuming GRH!
• Prove the twin prime problem! Any such proof
  would probably give some hint how to prove all
  the problem mentioned in this talk!

38
Thank you for your attention!