DOCSLIB.ORG

Elliptic Curve Cryptography by Kai Laemmle (Under The

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Elliptic Curve Cryptography by Kai Laemmle (Under The Elliptic Curve Cryptography by Kai Laemmle (Under the direction of Matthew Baker) Abstract We will introduce the reader to elliptic curves, and explain how they can be used for cryptography and why they are more difficult to attack in comparison to systems based on finite fields, such as the famous RSA algorithm. This expository paper will discuss different algorithms to attack cryptographic systems, such as the index calculus method, Shanks’ algorithm, Pollard’s rho method and the pairing attack. Finally, we will construct the Weil pairing, prove some of its important properties and present an algorithm to compute it. The study of attacks on cryptographic systems can help to reveal that a certain cryptographic protocol is weak and therefore that it should not be used. The reader should have background in algebra, basic number theory and some cryptography, such as the RSA algorithm. No background in elliptic curves or in algebraic geometry is required, but may be helpful. Index words: Elliptic curve cryptography, Discrete logarithm problem, Shanks’ Baby-Step Giant-Step algorithm, Pollard’s rho method, Index calculus method, Pairing attack, MOV/Frey-R¨uck attack, Weil pairing, Computing the Weil pairing Elliptic Curve Cryptography by Kai Laemmle Vordiplom (equiv. B.A.), University of Hannover, Germany, 2001 A Thesis Submitted to the Graduate Faculty of The University of Georgia in Partial Fulfillment of the Requirements for the Degree Master of Arts Athens, Georgia 2003 c 2003 Kai Laemmle All Rights Reserved Elliptic Curve Cryptography by Kai Laemmle Approved: Major Professor: Matthew Baker Committee: Robert Rumely Robert Varley Electronic Version Approved: Maureen Grasso Dean of the Graduate School The University of Georgia December 2003 Acknowledgments I address special thanks to Christina Geisler, Kyunglim Nam, Jeff Thompson, Markus Hunziker, Kareem Shabana, Charles James and Allison Barfield for your support and your friendship. Thank you to Michael Guy who encouraged and sup- ported me in common classes, to Janice Winner and to International Student Life of the University of Georgia who helped me very much when I arrived in the United States, and to Nicole Schulze who was right when she suggested to study abroad for a while. I also thank Matt Baker and the other committee members for your academic advice and cooperation. Thanks to all friends I did not mention above and all good things happened to me during my stay in Athens. iv Table of Contents Page Acknowledgments . iv Chapter 1 Introduction . 1 1.1 Idea of Cryptography . 1 1.2 Overview . 2 1.3 Why Elliptic Curve Cryptosystems? . 3 2 Applications of Elliptic Curves in Cryptography . 4 2.1 Elliptic Curves And Cryptography . 5 2.2 Analog of Diffie-Hellman Key-Exchange Protocol 8 2.3 Analog of Massey-Omura . 9 2.4 Analog of ElGamal . 10 3 Encoding . 12 3.1 An Encoding Algorithm . 13 3.2 Square Test . 16 3.3 Computing Square Roots In Fp ............. 21 4 The Discrete Logarithm Problem . 27 4.1 The DLP and the Security of Cryptosystems . 27 4.2 Comparing Algorithms on the DLP . 29 4.3 Shanks’ Baby-Step Giant-Step Algorithm . 30 4.4 Pollard’s Rho Method . 32 v vi 4.5 The Index Calculus Method . 33 5 The Weil Pairing . 36 5.1 The Pairing Attack In General . 36 5.2 Preparation for the Weil Pairing . 39 5.3 Definition and Properties of the Weil Pairing . 43 5.4 Computing the Weil Pairing . 48 5.5 Proving Properties of the Weil Pairing . 55 Bibliography . 62 Chapter 1 Introduction 1.1 Idea of Cryptography Alice wants to send a message to Bob using a public channel. What does Alice do, if only Bob should be able to read the message? She uses methods of cryptography, for instance a public key cryptosystem: Bob creates a so-called public key and a corresponding private key. The public key is known to every user and is used to encrypt a message. The private key is only known to Bob and is used to decrypt the message. Alice uses the public key of Bob to encrypt her message and sends the encrypted message to Bob. Bob, having his secret information (his secret or private key) can now decrypt the message. Without Bob’s secret key, it should be very hard to decrypt the message. The main idea of cryptography is that decryption is easy when one has cer- tain secret information, but without that information, it is very difficult (or even impossible in a reasonable amount of time) to decrypt the message. In general, when somebody makes up a new cryptosystem, its security will usu- ally be either disproved (for instance, by an algorithm cracking it) or else its security will be believed after a long number of unsuccessful attempts at breaking the cryp- tosystem. So, we might rephrase one of the above paragraphs: The main idea of cryptog- raphy is that decryption is easy when one has certain secret information, but without 1 2 that information, it is believed to be very hard (or even impossible in a reasonable amount of time) to decrypt the message. 1.2 Overview We will explain how to use elliptic curves for encryption and decryption in chapter 2. There, we will discuss the Diffie-Hellman Key-Exchange protocol and the Diffie- Hellman problem, and we will look at two cryptosystems adapted to elliptic curves, namely the Massey-Omura protocol and the ElGamal protocol. While chapter 2 deals with points on elliptic curves, we actually want to encrypt and decrypt messages. Filling this gap, i.e. embedding messages as points on a given elliptic curve, is called encoding. We will talk about how we can encode messages as points on an elliptic curve in chapter 3. The encoding algorithm needs a square test modulo p, and it involves computing square roots modulo p. The strength of cryptosystems based on discrete exponentiation relies on the fact that the inverse operation, the discrete logarithm problem (DLP), is considered very hard to solve. In chapter 4, we will discuss the DLP and introduce some attacks on it, such as the index calculus method, Shanks’ Baby-Step Giant-Step algorithm and Pollard’s rho method. Knowing under which conditions these attacks are efficient helps to avoid weak cryptosystems when one is choosing or designing a cryptosystem. In Chapter 5, we focus on one particular class of attacks on the DLP on an elliptic curve, namely pairing attacks, and we will discuss one particular example, the Weil pairing attack, in detail. The goal of pairing attacks is to reduce the DLP for elliptic curves to the DLP for multiplicative groups of finite fields. 3 1.3 Why Elliptic Curve Cryptosystems? The RSA cryptosystem is difficult to crack, because it is believed to be very hard to decompose large composite numbers into their prime factors in a reasonable amount of time. A cryptosystem based on discrete exponentiation, such as the Diffie-Hellman protocol, is difficult to attack because the discrete logarithm problem is believed to be hard to solve. It is a good idea to use a combination of cryptosystems, involving both the dis- crete logarithm problem and the difficulty of factoring large numbers. Besides adding versatility, cryptosystems based on discrete exponentiation need smaller parameters than comparable RSA-type cryptosystems. This explains why we would like to use discrete logarithms. But why do we not just base our algorithms on multiplicative groups of finite fields rather than elliptic curves, since arithmetic on finite fields is much easier? There is no known “efficient” algorithm to crack a general elliptic curve cryp- tosystem, if we choose our elliptic curve cryptosystem to satisfy certain conditions. Though the index calculus method, which is based on factor bases, solves the DLP for multiplicative groups of finite fields “efficiently”. This attack does not seem to work for elliptic curve cryptosystems, since there is no known analogue of factor bases on elliptic curves. An “efficient” algorithm means a so-called subexponential algorithm, which is better than exponential running time, but worse than polynomial running time. Let p be the input size. Then 5 log3 p + 3 log p is polynomial in log p (we just say “polynomial”), and p5 + log p is exponential (in log p). The expected running time √ of the index calculus method is O(e 2 log p log log p), which is subexponential. Chapter 2 Applications of Elliptic Curves in Cryptography In this chapter we will discuss some examples of how elliptic curves can be used for cryptographic purposes. We will present the Diffie-Hellman Key-Exchange protocol, the Massey-Omura protocol and the ElGamal protocol adopted to elliptic curves. These protocols can also be implemented over finite multiplicative groups (see [6]). Elliptic curve cryptosystems can be used to create a common secret with commu- nication over a public channel, which is achieved, for instance, by the Diffie-Hellman Key-Exchange protocol. This common secret can serve as a private key to encrypt and decrypt a message, as in the ElGamal protocol outlined at the end of this chapter. While the ElGamal protocol requires a base point B of the elliptic curve, where B should have a high order, preferably close to the number of points on the elliptic curve, the Massey-Omura protocol needs the number of points of an elliptic curve over a fixed field, which can be computed using Schoof’s algorithm (see [11]). Another disadvantage of Massey-Omura is that it requires more back-and-forth communication, which, in practice, is often a major disadvantage, and which also makes more information accessible to the public, and which therefore might make the protocol more vulnerable.
Load more

Recommended publications
  • Arxiv:1905.03954V1 [Math.AG] 10 May 2019 0 ∗ ∗ ⊥⊥ ∗ 0 0 → Homgr Pic (X), K → (ΣX ) /ΣX → Pic (X) for Algebraically Closed K (And an Analog for finite fields)
    AN IDELIC QUOTIENT RELATED TO WEIL RECIPROCITY AND THE PICARD GROUP JOSE´ MAR´IA MUNOZ~ PORRAS, LUIS MANUEL NAVAS VICENTE, FERNANDO PABLOS ROMO, AND FRANCISCO J. PLAZA MART´IN Abstract. This paper studies the function field of an algebraic curve over an arbitrary perfect field by using the Weil reciprocity law and topologies on the adele ring. A topological subgroup of the idele class group is introduced and it is shown how it encodes arithmetic properties of the base field and of the Picard group of the curve. These results are applied to study extensions of the function field. Dedicated to the memory of Jos´eMar´ıaMu~nozPorras 1. Introduction The study of extensions of a given field is a classical problem in mathematics. Within algebraic number theory, class field theory is concerned with the classifica- tion of abelian extensions of local and global fields ([5, Chap. XV, Tate's Thesis], [16]). This paper studies function fields of algebraic curves over an arbitrary perfect field by mimicking the approach of class field theory. To be more precise, recall that, in the case of number fields, Tate proved the existence of a duality in the following sense: if Σ is a number field and AΣ is its adele ring, the character group of AΣ=Σ is isomorphic to Σ. Here, we explore the multiplicative analog of this result in the case of function fields of an algebraic curve X. For this purpose, ∗ we consider the multiplicative group of the function field of the curve, ΣX , as a 1 subgroup of the idele group IX , and the pairing used to establish the duality is the local multiplicative symbol ([7, 11]).
    [Show full text]
  • On the Security of Pairing Implementations Ronan Lashermes
    On the security of pairing implementations Ronan Lashermes To cite this version: Ronan Lashermes. On the security of pairing implementations. Cryptography and Security [cs.CR]. Université de Versailles-Saint Quentin en Yvelines, 2014. English. NNT : 2014VERS0021. tel- 01128871 HAL Id: tel-01128871 https://tel.archives-ouvertes.fr/tel-01128871 Submitted on 10 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ecole´ doctorale Sciences et Technologies de Versailles - STV - ED 539 Etude´ de la s´ecurit´edes impl´ementations de couplage On the security of pairing implementations THESE` pr´esent´eeet soutenue publiquement le 29 Septembre 2014 pour le grade de Docteur de l'Universit´ede Versailles St-Quentin-en-Yvelines (sp´ecialit´einformatique) par Ronan Lashermes Composition du jury Rapporteurs : Antoine Joux, UPMC Jean-Pierre Seifert, TU-Berlin Examinateurs : Pierre-Alain Fouque, Universit´eRennes 1 Jacques Fournier, CEA-Tech Daniel Page, University of Bristol Directeur de th`ese: Louis Goubin, UVSQ Laboratoire Parall´elisme,R´eseaux,Syst`emeset Mod´elisationPRiSM { UMR 8144 | CEA-Tech Uses a latex class derived from thesul. Acronyms ABE Attribute-Based Encryption. 10, 41 AES Advanced Encryption Standard. 2, 3, 5, 47 BDH Bilinear Diffie-Hellman.
    [Show full text]
  • Reciprocity Laws on Curves Compositio Mathematica, Tome 72, No 2 (1989), P
    COMPOSITIO MATHEMATICA ROBERT F. COLEMAN Reciprocity laws on curves Compositio Mathematica, tome 72, no 2 (1989), p. 205-235 <http://www.numdam.org/item?id=CM_1989__72_2_205_0> © Foundation Compositio Mathematica, 1989, tous droits réservés. L’accès aux archives de la revue « Compositio Mathematica » (http: //http://www.compositio.nl/) implique l’accord avec les conditions gé- nérales d’utilisation (http://www.numdam.org/conditions). Toute utilisa- tion commerciale ou impression systématique est constitutive d’une in- fraction pénale. Toute copie ou impression de ce fichier doit conte- nir la présente mention de copyright. Article numérisé dans le cadre du programme Numérisation de documents anciens mathématiques http://www.numdam.org/ Compositio Mathematica 72: 205-235,205 1989. (Ç) 1989 Kluwer Academic Publishers. Printed in the Netherlands. Reciprocity laws on curves ROBERT F. COLEMAN Department of Mathematics, University of California, Berkeley, California 94720, USA Received 1 March 1988; accepted in revised form 16 March 1989 Introduction In this paper we will present a p-adic analogue of the reciprocity law for Green’s functions on a Riemann surface, Theorem 1.4 below. In the process we will give a new proof of this classical result. The p-adic result may be used to prove the symmetry of p-adic heights. The p-adic Green’s functions are described in [CG] and are obtained using the results of [CdS] by integrating normalized differentials of the third kind. Our results are proven for any collection of functions on a curve satisfying certain (mainly formal) properties described in Sections 1 and 5. The method of proof is to first push the proof of Weil reciprocity given in Serre’s Groupes Algebriques et Corps de Classes, as far as it will go (§1).
    [Show full text]
  • Guide to the Exercises Ty Ruthlawrence Oxford University
    APPENDIX Guide to the Exercises ty RuthLawrence Oxford University The purpose of this appendix is to give, for each exercise, a comment, a hint, a sketch, or in a few cases, a complete solution. Pure algebra has not been worked. Exercises which are merely a matter of applying techniques given in the text to particular examples for the purpose of drill have not generally been solved fully here-the answers only being given. When there is -a batch of somewhat similar questions a representative question has been selected to be completely solved and answers only have been given to the rest. A few questions involve rather tedious numerical calculations not reducible by technique. Readers who have c:arried these out can, by checking their answers against the given ones, gain confidence. They mayaiso be comforted to discover that they have not missed some subtle point or ingeniously simple route to a solution. In a few cases a link is suggested to oonnected problems which the interested reader may like to pursue. I hope that this appendix will fulfill its purpose of helping readers who experience any difficulties with the problems to overcome them; thus gaining the maximum understanding and insight which the author intended by his carefully chosen incorporation into the text. I wish to acknowledge the help received from Professor Husemöller whilst compiling this appendix, by way of some useful discussions and suggestions. CHAPTER 1, §1 1. TedioUl calculation gives: 7P = ( - 5/9, 8/27), 8P = (21/25, -69/125), 9P = (-20/49, -435/343), 10P = (161/16, -2065/64), 316 Appendix.
    [Show full text]
  • 1 Lecture 1: Basic Definitions
    Algebraic number theory: elliptic curves These are notes of lecture course on elliptic curves in the Independent University of Moscow in Spring 2016 based on books [13], [9], [4], [7]. If you have any questions or comments, please write to [email protected] Aknowledgements. I am very grateful to IUM for hospitality and help, and to Michael Rosenblum for numerous helpful comments. 1 Lecture 1: basic definitions 1.1 Brief history The first appearance of elliptic curves is in "Arithmetica" by Diophantus: To divide a given number into two numbers such that their product is a cube minus its side. We call the sum of them a given number a and then we have to find x and y, s. t. y(a − y) = x3 − x: This is a curve of degree 3 and a line intersects it in three points counted with multiplicities, so if we construct one rational point we can obtain some other by building tangent lines or lines through two points. Later this method will grow up to an "Additional law" on a curve. In these lectures we will come to more explicit Definition 1.1. An elliptic curve is a smooth, projective algebraic curve of genus one with a specified point O. Sometimes more general definition is used: any algebraic curve of genus one. Or another definition we will work with: it is a curve defined by an equation of the form y2 = P (x), where P is a polynomial of degree 3. De- veloping of theory of elliptic curves depends on a field k, where we look at E defined over k, for example one may work with rational numbers, real numbers, complex numbers, fields of finite characteristic in particular of char 2 or 3.
    [Show full text]
  • Final Report Arithmetic Statistics for Elliptic Curves
    Advanced Research Project in Mathematics Department of Computing Final Report Arithmetic Statistics for Elliptic Curves Modelling the Selmer group, the Tate-Shafarevich group, and the Mordell-Weil rank of elliptic curves over number fields Supervisor Author Professor Toby Gee David Kurniadi Angdinata 01201743 Second marker Professor Alexei Skorobogatov June 2020 A project submitted in partial fulfillment of the requirement for the award of MEng Mathematics and Computer Science (Pure Mathematics and Computational Logic) degree of Imperial College London Abstract The Mordell-Weil theorem states that any elliptic curve E defined over a number field K is a finitely generated abelian group, so that E (K) is isomorphic to a direct product of a finite torsion subgroup and a free abelian group of finite rank. Over the rationals, while the torsion subgroup is fully understood from a result by Mazur, the Mordell-Weil rank is much less understood. For instance, it remains an open question if it is bounded above, with a historical belief that it is not, due to much empirical evidence. A recent probabilistic model proposed by Poonen et al provides theoretical evidence to refute this claim, namely that all but finitely many rational elliptic curves have rank at most 21. Their proposed heuristic is based on modelling Tate-Shafarevich groups using random alternating matrices, and has its grounds in a theorem that a pe-Selmer group is almost always the intersection of two Lagrangian direct summands of a metabolic quadratic Z=pe-module of infinite rank, a consequence of standard arithmetic duality theorems. This project aims to serve as an introduction to the style of arguments in arithmetic statistics by providing a full proof of this result, as well as verifying desired properties of a heuristic that models this result.
    [Show full text]
  • On the Generation of Pairing-Friendly Elliptic Curves
    On the generation of pairing-friendly elliptic curves Gaëtan BISSON Mémoire de M2 sous la direction de 3÷ Takakazu SATOH <«â Institut de Technologie de Tokyo [Ó(£± Université d’Orsay — Paris XI Master Mathématiques Fondamentales et Appliquées Spécialité Analyse, arithmétique et géométrie Abstract Pairings were first studied as potential attacks on elliptic curve-based cryptography. Recently, protocols have been proposed that make a constructive use of pairings; they require pairing-friendly elliptic curves, that is elliptic curves with large prime order subgroup and efficiently computable pairing. Here, we shall study the generation of such curves. I. The first part is concerned with fundamental elliptic curve related notions (including pairings); we also point out the relevance of elliptic curves in cryptography. II. The next part is devoted to complex multiplication theory which is a key element in the generation of elliptic curves. III. In the last part, we establish various methods to generate pairing-friendly elliptic curves. Acknowledgements First of all, I would like to thank Pr. Takakazu SATOH for his supervision of this internship as well as for welcoming me to Japan; his kind help (even when not directly related to mathematics) has been most valuable to me. My thanks also go to Pr. Nobushige KUROKAWA [a] for his very warm welcome at the laboratory of number theory. It has been a pleasure to work there with Tetsuya DAIKU amongst other students attending the number theory seminar; I also want to mention the existence of a small crypto seminar which consisted in the two of us. On the french side, I am grateful to Pr.
    [Show full text]
  • Mahler's Measure and Elliptic Curves with Potential Complex Multiplication
    Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo To cite this version: Riccardo Pengo. Mahler’s measure and elliptic curves with potential complex multiplication. 2020. hal-02991139 HAL Id: hal-02991139 https://hal.archives-ouvertes.fr/hal-02991139 Preprint submitted on 5 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo Abstract Given an elliptic curve dened over Q which has potential complex multiplication by the ring of integers O of an imaginary quadratic eld we construct a polynomial % 2 Z»G,~¼ which is a planar model of and such that the Mahler measure <¹%º 2 R is related to the special value of the !-function !¹, Bº at B = 2. SECTION 1 Introduction Let be an elliptic curve dened over a number eld and let !¹, Bº be its !-function (see [67, § C.16] for ! , B an introduction). We know that if has potential complex multiplication (i.e. End ¹ º Z) then ¹ º is an entire function, dened over the whole complex plane C, which satises a functional equation relating !¹, Bº to !¹, 2 − Bº (in the “arithmetic” normalisation, that we will use in this paper).
    [Show full text]
  • 24 Divisors and the Weil Pairing
    18.783 Elliptic Curves Spring 2017 Lecture #24 05/10/2017 24 Divisors and the Weil pairing In this lecture we address a completely new topic, the Weil Pairing, which has many practical and theoretical applications. In order to define the Weil pairing we first need to expand our discussion of the function field of a curve from Lecture 5. This requires a few basic results from commutative algebra and algebraic geometry that we will not take the time to prove; almost everything we need it is summarized in the first two chapters of Silverman’s book [6], which I recommend reviewing if you have not seen this material before. 24.1 Valuations on the function field of a curve Let C=k be a smooth projective curve defined by a homogeneous polynomial fC (x; y; z) = 0 that (as always) we assume is irreducible over k¯.1 In order to simplify the presentation, we are going to assume in this section that k = k¯ is algebraically closed, but we will note in remarks along the way how to handle non-algebraically closed (but still perfect) fields. In Lecture 5 we defined the function field k(C) as the field of rational functions g=h, where g; h 2 k[x; y; z] are homogeneous polynomials of the same degree with h 62 (fC ), modulo the equivalence relation g1 g2 ∼ () g1h2 − g2h1 2 (fC ): h1 h2 1 Alternatively, we can view the function g=h as a rational map (g : h) from C to P . Our assumption that C is smooth implies that this rational map is actually a morphism, meaning that it is defined at every point P 2 C(k¯); this was stated as Theorem 5.10 and we will 1 prove it below.
    [Show full text]
  • The Use of Elliptic Curves in Cryptography
    Master's thesis in Mathematics The use of elliptic curves in cryptography by Gijsbert van Vliet Nijmegen, June 2015 Supervisors: Prof. dr. B.J.J. Moonen Dr. W. Bosma Acknowledgements First of all I would like to express my sincerest gratitude to my supervisor prof. dr. Ben Moonen for all his support throughout the learning process of this master's thesis. Without his patience, encouragement and all insightful conversations we shared, this thesis would have never been completed. Also I would like to thank dr. Wieb Bosma for putting so much of his precious time into helping me and for providing numerous useful remarks. Furthermore I would like to thank my family and loved ones, who supported me throughout the entire process, both financially and emotionally. Special thanks goes out to my father, Frans van Vliet. He always supported my dreams and aspirations and, if I say so myself, did a fine job raising me. Without him I would have never started this study, let alone finish it. 2 Contents 1 Introduction to Cryptography 6 1.1 The Objectives of Cryptography . 6 1.2 Symmetric vs Public-Key Cryptography . 6 1.3 Complexity . 7 1.4 The Discrete Logarithm Problem . 10 2 Elliptic Curves 12 2.1 Elliptic Curves and the Group Structure . 12 2.2 Weierstrass Equations . 13 2.3 The Geometric Group Law . 16 2.4 Isogenies . 19 2.5 The Frobenius Morphism . 21 2.6 The Dual Isogeny . 23 2.7 The Tate Module . 25 2.8 The Weil Pairing . 26 2.9 The Endomorphism Ring . 28 3 Elliptic Curves over Finite Fields 30 3.1 The Number of Rational Points .
    [Show full text]
  • Lectures on Modular Forms 1St Edition Free Download
    FREE LECTURES ON MODULAR FORMS 1ST EDITION PDF Joseph J Lehner | 9780486821405 | | | | | Lectures on Modular Forms - Robert C. Gunning - Google книги In mathematicsa modular form is a complex analytic function on the upper half-plane satisfying a certain kind of functional equation with respect to the group action of the modular groupand also satisfying a growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections with number theory. Modular forms appear in other areas, such as algebraic topologysphere packingand string theory. Instead, modular functions are meromorphic that is, they are almost holomorphic except for a set of isolated points. Modular form theory is a special case of the more general theory of automorphic formsand therefore can now be seen as just the most concrete part of a rich theory of discrete groups. Modular forms can also be interpreted as sections of a specific line bundles on modular varieties. The dimensions of these spaces of modular forms can be computed using the Riemann—Roch theorem [2]. A Lectures on Modular Forms 1st edition form of weight k for the modular group. A modular form can equivalently be defined as a function F from the set of lattices in C to the set of complex numbers which satisfies certain conditions:. The simplest examples from this point of view are the Eisenstein series. Then E k is a modular form of weight k. An even unimodular lattice L in R n is a lattice generated by n Lectures on Modular Forms 1st edition forming the columns of a matrix of determinant 1 and satisfying the condition that the square of the length of each vector in L is an even integer.
    [Show full text]
  • Non-Abelian Reciprocity Laws on a Riemann Surface
    Non-abelian Reciprocity Laws on a Riemann Surface I. Horozov ∗ Department of Mathematics, Brandeis University, 415 South Street, MS 050, Waltham, MA 02454 Abstract On a Riemann surface there are relations among the periods of holomorphic differential forms, called Riemann's relations. If one looks carefully in Riemann's proof, one notices that he uses iterated integrals. What I have done in this paper is to generalize these relations to relations among generating series of iterated integrals. Since it is formulated in terms of generating series, it gives infinitely many relations - one for each coefficient of the generating series. The degree one term gives that the sum of the residues of a differential form is zero. The degree 2 term gives Riemann's relations. The new result is reciprocity for the higher degree terms, which give non-trivial relations among iterated integrals on a Riemann surface. We give explicit formulas for degree 3 terms. Also we refine the definition of Manin's non-commutative modular symbols in order to include Eisenstein series. Contents 0 Introduction 1 1 Background on iterated integrals 3 1.1 Definition of iterated integrals . 3 1.2 Homotopy invariance of iterated integrals . 3 1.3 Differential equation . 5 1.4 Multiplication formulas . 5 1.5 Shuffle relations . 6 1.6 Reversing the path . 6 2 Non-abelian reciprocity law on a Riemann surface 6 2.1 Iterated integrals over a loop around a pole . 7 2.2 Generating series of iterated integrals over a loop around a pole . 10 2.3 Generating series over α and β cycles of a Riemann surface .
    [Show full text]