Journal of Pure and Applied Algebra 196 (2005) 101–110 www.elsevier.com/locate/jpaa

A quotient of the Fermat curve of degree twenty-three attaining the Serre bound Motoko Qiu Kawakita Kaneko Laboratory, Department of Information Sciences, Faculty of Science, Ochanomizu University, 2-1-1 Otsuka, Bunkyo, Tokyo 112-8610, Japan

Received 27 July 2003; received in revised form 5 May 2004 Communicated by J. Walker Available online 29 September 2004

Abstract The curve in the title is a non-maximal curve of genus 11, which has a defining equation analogous to the ’s. We study its properties and show how to apply it to coding theory. © 2004 Elsevier B.V. All rights reserved.

MSC: 11G20; 14G05; 14G50

0. Introduction

In 1970s, Goppa discovered algebraic geometric codes in [9]. His theory gives us a guarantee on the existence of efficient codes, when we have with many rational points for a fixed genus and a fixed finite field. It creates strong interest on such curves; see [8,18]. By a curve we mean a smooth absolutely irreducible projective curve. For the number of rational points on a curve C of genus g over a finite field Fq , the Hasse–Weil bound √ #C(Fq )q + 1 + 2g q is well-known. A curve is said to be maximal over Fq , if it attains this bound. After the appearance of algebraic geometric codes, in 1983 Serre sharpened this bound in [20],

E-mail address: [email protected] (M.Q. Kawakita).

0022-4049/$ - see front matter © 2004 Elsevier B.V. All rights reserved. doi:10.1016/j.jpaa.2004.08.013 102 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110 namely √ #C(Fq )q + 1 + g2 q, where denotes the round down. We call it the Serre bound. Nowadays we know numerous features of maximal curves, which you can see in [5,7,13] and their references. Meanwhile we have no systematic research on non-maximal√ curves which attain the Serre bound, although they have very simple L-functions (1 +2 qt + qt2)g; see [14]. This is because we do not know any families of them. Serre found that the F Klein quartic over the finite field 23 is such a curve in [22]. There are many researches on its properties and applications to coding theory, for example [4,10,12,15,19]. We remark that the Klein quartic has a defining equation

y4(y + 1) = x7 over the finite field of characteristic 2, which motivates us to understand the next curve M deeply. b b From the viewpoint of coding theory, Miura introduced curves of type Ca and type r Ca for constructing algebraic geometric codes in [16]. He also listed curves with many rational points of such types. Among them, there is a curve M of genus 11 defined by the equation

y4(y + 1) = x23. F It has 3039 rational points over the finite field 211 , which is just the Serre bound. The aim of this paper is to study the properties of this curve, which will give us a clue to find a family of such curves. We also show how to apply it to coding theory. We determine the automorphism group of the curve M in Section 1, the Zeta function in Section 2, the Weierstrass points and gap sequences in Section 3, a smooth affine model in Section 4, an additional algorithm on the in Section 5, and a basis of L(mP ∞) in Section 6. Here Section 5 is for the application to cryptography, and Section 6 is for coding theory. We note that Serre proved the existence of some non-maximal curves of genera 1 and 2 attaining the Serre bound in [21]. There are more such curves of genus 3 in [3,14,25]. Unfortunately the relation with the higher genera is still hidden. ∗ Throughout this paper, we set Fq as a finite field with q elements, F as the multiplicative group of a field F, Z as a set of integers and N := {0, 1, 2,...}.

1. The automorphism group

In this section, we determine the automorphism group of the curve M, using the results C yr (y + ) = x23 F in [23]. Let r be a curve which is defined by 1 over the finite field 211 for r = 1,...,21. We define S as a subgroup of permutations of the set (Z/23Z)∗\{−1} by

1 r S := ,  with (r) := , (r) := − r r + 1 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110 103

Table 1

C C (F ) |S | r (isomorphic r )#r 211 r 1,11,21 1521 2 2,7,10,12,15,20 1521 1 3,5,8,14,17,19 1521 1 4,6,9,13,16,18 3039 1

and the stabiliser Sr := {f ∈ S | f(r) = r}. Since S is isomorphic to the group of permutations of the three points (0, 0), (0, 1) and the infinity, we have the next proposition.

Proposition 1.1 (cf. Seyama [23]). For any r = 1,...,21,

|Aut(Cr )|=23 ·|Sr |.

In the case of the curve M, r =4 and |S4|=1, thus we have |Aut(M)|=23. Let a function  defined by

(y) = y, (x) = x, where  is a 23th root of unity. Then we have  ∈ Aut(M) and | | = 23, which give the automorphism group of our curve.

Proposition 1.2. Aut(M) =∼ Z/23Z in which  is a generator.

Next we directly classify Cr for r = 1,...,21 up to isomorphisms and obtain their numbers of rational points as in Table 1 . In the first column of the table, we write r’s on the same line if the curves Cr are isomorphic to each other.

2. The Zeta function

In this section, we compute the L-function of the curve M and the Fermat curve of degree 23. Let Z(C/Fq ,t)be the Zeta function of a curve C over a finite field Fq and the L-function L(C/Fq ,t):= Z(C/Fq ,t)(1 − t)(1 − qt). We have the next proposition.

Proposition 2.1 (Lachaud [14]). If a curve C of genus g attains the Serre bound over a finite field Fq , then √ 2 g L(C/Fq ,t)= (1 +2 qt + qt ) .

Applying this proposition to the curve M, we obtain the next corollary. 104 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110

F Corollary 2.2. The L-function of the curve M over the finite field 211 is as follows:

L(M/F ,t)= ( + t + t2)11. 211 1 90 2048

Let F23 be the Fermat curve which is defined by the equation

u23 + v23 = 1,

F C F F over the finite field 211 . Since any curve r is a quotient curve of 23 over 211 ,wehave

21 L(F /F ,t)= L(C /F ,t). 23 211 r 211 r=1

 To calculate the L-function of the curve Cr ,wesetCr as a curve defined by the equation yr (y + 1) = x23 over a finite field of characteristic 2. From V.1.17 Corollary in [24],we C F C F can compute the L-function of r over 2 by counting the rational points of r over 2j for j = 1,...,11. After counting them by computer, we obtain that

 11 22 L(Cr /F2,t)= 1 − 48t + 2048t for r = 1, 2, 3. s Z(C/F s ,t ) = s Z(C/F , t)  In V.1.10 Proposition of [24], we have that q  =1 q where  runs over the sth roots of unity. Hence, from the results of L(Cr /F2,t), we can calculate that

L(C /F ,t)= ( − t + t2)11 r 211 1 48 2048 for r = 1, 2, 3, which are just the L-functions of Cr for r = 1, 2, 3. Since the curve C4 is just M, using the classification in Table 1, we obtain that

L(F /F ,t)= ( − t + t2)11×15( + t + t2)11×6. 23 211 1 48 2048 1 90 2048

3. Weierstrass points and gap sequences

In this section we determine theWeierstrass points of the curve M and their gap sequences, where we use the method in [6] for calculating the Weierstrass points. Let P0 := (0 : 0 : 1), P∞ := (0 : 1 : 0). Then (dx) = 26P0 − 6P∞, and the basis of L((dx)) is

x x2 x3 x5 x6 x7 x8 x11 x12 x17 1 , , , , , , , , , , . y y y y y2 y2 y2 y2 y3 y3 y4 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110 105

We set these functions as fj for j = 0,...,10. To determine the Weierstrass points on the i i curve M, we calculate Dx(fj ) for 0i, j 10, where Dx is the ith Hasse derivative on F [x] 211 . Here we list the columns of the matrix

i (Dx(fj ))0  i,j  10 = (B0,...,B10),

t 0 10 where Bj = (Dx(fj ) ···Dx (fj )) for j = 0,...,10.

 1   x  y y      x22   1   y6   y2       x21   (y+1)x22   7   y7   y     20   (y+ )x21   x   1   y8   y8     4 2 20   (y4+y+1)x19   (y +y +y+1)x   y10   y10       x18   (y+1)x19  B =  6  ,B=  10  , 0  y  1  y   (y4+y+ )x17   (y6+y4+y+ )x18   1   1   y12   y12       x16   (y+1)x17   y8   y12       (y8+y2+y+1)x15   (y8+y7+y2+y+1)x16       y15   y15   8 14   9 8 3 2 15   (y +1)x   (y +y +y +y +y+1)x   y16   y16  (y9+1)x13 (y+1)x14 y16 y8     x2 x3 y    y   (y+1)x   x2   y2       y2   y2+y+1   x     3   y3   y   (y2+ )x22   1   1   y4   y8    (y3+y2+y+ )x22  (y4+y3+y+ )x21   1   1   y10   y10       (y3+y2+y+1)x21   (y2+1)x20    B =   ,B=  y10  , 2  y8  3   (y3+y2+y+ )x20  (y6+y4+y3+y2+y+ )x19   1   1   y12   y12       (y3+y2+y+1)x19   (y2+1)x18       y12   y8    (y9+y8+y4+y3+y2+y+1)x18  (y8+y7+y4+y3+y2+y+1)x17       y15   y15    (y9+y8+y5+y4+y3+y2+y+ )x17  x16   1     y16   y16    (y2+y+ )x16 (y3+y2+y+1)x15 1 15 y16 y 106 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110

 x5  y2    4   x   x6   y2     y2   2 3     (y +1)x   0   y4       4     x   (y2+1)x2   y4   y4           0   (y4+y2+1)x     2   y6   x     y6   4 2    B = y +y +1 ,B=   , 4  6  5  0   y         (y5+y4+y+ )x22  1  1   y8   y12           0   (y5+y4+y+1)x21     y12   (y7+y6+y5+y4+y3+y2+y+ )x21     1     y16   (y9+y8+y7+y6+y3+y2+y+1)x20     16     y   0    (y7+y6+y5+y4+y3+y2+y+ )x19  (y9+y8+y7+y6+y3+y2+y+1)x19  1   y16  y16  (y5+y4+y+1)x18 y12  x7  y2      x6   y2   x8      y2  x5     y4       0     2 6   x4   (y +1)x   y4   y4           x3   0   y6       (y2+1)x4     6   x2   y   y6    B6 =   ,B7 =  0  ,  x     2 2   y8   (y +1)x     y8       1     y8   0        y8+y4+  (y7+y6+y5+y4+y3+y2+y+1)x22   1     y12   y16         (y7+y6+y5+y4+y3+y2+y+ )x21   0   1   y16    0  7 6 5 4 3 2 20   (y +y +y +y +y +y +y+1)x  y16 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110 107

 x11  y3     x12    x10  y3 x17  y4    y4    (y+1)x11     x9   y4   x16   3       y   (y+ )x10   y4     1     x8   y4   0   y4      (y+1)x9  (y4+ )x7     0   1   y4   (y4+ )x13   y8     1     x8   y8  (y4+ )x6  1   y8   (y4+ )x12  B8 =  y8  ,B9 =   ,B10 =  1  .    0   y8   4 5       (y +1)x     0   y8   0           (y4+1)x4   0   0       (y4+ )x9   y8   (y8+y7+1)x4   1  y11 y12  (y8+y3+1)x3           (y4+ )x8   y11   (y9+y8+y+1)x3   1     y12  y12  (y8+y4+1)x2   y12  (y9+y8+y+1)x2 0 y12 (y8+y3+1)x y11

Thus we obtain that the Wronskian of the curve M is

x17(y3 + y2 + 1)(y8 + y7 + y6 + y5 + y4 + y + 1) (y35 + y34 + y32 + y30 + y29 + y28 + y27 + y26 + y19 + y18 + y15 + y11 + y8 + y5 + y4 + y3 + 1) − (y + 1)3y 76.

There are 3 + (3 + 8 + 35) × 23 = 1061 Weierstrass points on this curve. Here the Hurwitz bound of number of Weierstrass points is 1320.

Proposition 3.1. We list the gap sequences of the Weierstrass points on the curve M in Table 2. Here P1 := (0 : 1 : 1).

We partially used the computer algebra system Kash/Kant to compute the gap sequences.

Table 2

Point Gap sequence

P0 {1, 2, 3, 4, 5, 6, 8, 9, 12, 13, 16} P∞ {1, 2, 3, 4, 6, 8, 9, 11, 13, 16, 18} P1 {1, 2, 3, 4, 6, 7, 8, 9, 12, 13, 18} Others {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12} 108 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110

4. A smooth affine model

We can give a curve M an affine defining equation

y5 + xy + x7 = 0, (1) by blowing up 5 times at the origin. The degree is the lowest as a for the curve M, since the Plücker formula asserts that the genus g of a plane curve of degree d satisfies that g (d − 1)(d − 2)/2. It has 2 singular points, which are the origin and the infinity. They play an important role for the application to cryptography in the next section. Outside the infinity we have its normalisation as

y4 + xz + x = 0, x6 + yz = 0, x5y3 + z2 + z = 0, where (x,y,z)→ (x, y). This is a CA model with A ={5, 7, 23} in [17], where he gives a model CA of a curve whose Weierstrass semigroup at the infinity is generated by a set A.

5. An addition algorithm on the Jacobian variety

In [2], Arita, Miura and Sekiguchi compute addition on Jacobian varieties of curves using its singular plane model, which is a generalisation of Arita’s algorithm in [1]. We can immediately apply it to our curve. ˜ Let M1 be the curve which is defined by the Eq. (1), M be its normalisation, where the ˜ ˜ normalisation map  : M → M1. Let Pic(M) be the Picard group. Since M1 has only 1 ordinary node outside the infinity, we obtain the exact sequence

∗ −→ F∗ −→ (M ) −→ (M)˜ −→ 0 211 Pic 1 Pic 0 by 2.2 in [2]. Thus it is enough to compute Pic(M1). M R := F [x,y] We denote the coordinate ring of 1 by 211 , its quotient field by K, and the group of invertible fractional ideals of R by J(R). By 2.4 in [2], the generalised Jacobian variety

∗ ∼ H(R) := J(R)/{fR | f ∈ K } = Pic(M1).

Therefore, it is sufficient to compute H(R). There is an addition algorithm for H(R) in [2]. It can operate for our curve now. In Algorithm 5.1, the representative element of an invertible ideal is determined uniquely. In Algorithm 5.2, the addition algorithm is given. We use C5,7 order for a Gröbner basis 2 in [17].Fora := (a1,a2), b := (b1,b2) ∈ N , a > b in C5,7 order holds if and only if 5a1 + 7a2 > 5b1 + 7b2,or5a1 + 7a2 = 5b1 + 7b2 and a1

Algorithm 5.1 (Arita et al. [2]).

Input: an invertible ideal I of R, Output: the representative element of I.

1. Find f ∈ I with f = 0, where f is the smallest one in the Gröbner basis of I with C5,7 order. 2. Find g ∈ If := fR:RI ⊂ R with g = 0, where g is the smallest one in the Gröbner basis If with C5,7 order.

Algorithm 5.2 (Arita et al. [2]).

Input: invertible ideals I, J in R, Output: the representative element of IJ.

1. Find the Gröbner bases of I, J and compute IJ by them. 2. Find the representative element of IJ by Part I.

Therefore we can put our curve to practical use in cryptography.

6. Basis of L(mP ∞)

This section is for the application to coding theory. In [16], Miura gave a basis of L(mP ∞) b for a curve C of type r Ca which includes a quotient curve of a Fermat curve; see also Example 3.16 in [11]. Here L(mP ) := {f ∈ F (C) | (f ) + mP  f = }. ∞ 211 ∞ 0or 0 Applying his results, we can obtain the next proposition.

Proposition 6.1. Let Ij := 23j/4, where s is the round up of s. For the curve M we set k j (m) := {x y | 0j 1, 0k, 5k + 23j m} xk+Ij ∪ j  , k, (k + I ) − j m . yj 1 3 0 5 j 23

Then (m) is a basis of L(mP ∞) as a linear space.

Using this proposition, we can construct algebraic geometric codes immediately.

Acknowledgements

I would like to thank Shinji Miura for helpful suggestions, Akira Kaneko and Toshiyuki Katsura for encouragement. I am grateful to Arnaldo Garcia and Gerard van der Geer for 110 M.Q. Kawakita / Journal of Pure and Applied Algebra 196 (2005) 101–110 their information about curves attaining the Serre bound. Especially, Garcia took interest in the research and gave me useful advice. Finally I would like to thank the referees for their valuable comments, and the authors of computer algebra systems Kash/Kant, Risa/Asir and Singular. Financial support was provided by JSPS.

References

[1] S. Arita, The discrete-log-based public key cryptosystems using algebraic curves of higher degree, Chuo University Dissertation 2000, (in Japanese). [2] S. Arita, S. Miura, T. Sekiguchi, On the addition algorithm on the Jacobian varieties of curves, Preprint 2003. [3] R. Auer, J. Top, Some genus 3 curves with many points, Algorithmic number theory (Sydney, July 2002), Lecture Notes in Computer Science, 2369, Springer, Berlin, 2002, pp. 163–171. yq = n (z − a )j [4] H. Bennama, P. Carbonne, Réseau des périodes des courbes j=0 j (q premier), Manuscripta Math. 84 (2) (1994) 163–175. [5] R. Fuhrmann, A. Garcia, F. Torres, On maximal curves, J. Number Theory 67 (1) (1997) 29–51. [6] R. Fuhrmann, F. Torres, On Weierstrass points and optimal curves, Rend. Circ. Mat. Palermo (2) Suppl. 51 (1998) 25–46. [7] A. Garcia, H. Stichtenoth, C.P. Xing, On subfields of the Hermitian function field, Compositio Math. 120 (2) (2000) 137–170. [8] G. van der Geer, M. van der Vlugt, Tables of curves with many points, Math. Comp. 69 (230) (2000) 797–810 URL http://www.science.uva.nl/∼geer. [9] V.D. Goppa, Codes on algebraic curves, Soviet Math. Dokl. 24 (1981) 170–172. [10] J.P. Hansen, Codes on the Klein quartic, ideals, and decoding, IEEE Trans. Inform. Theory 33 (6) (1987) 923–925. [11] T. HZholdt, J.H. van Lint, R. Pellikaan, Algebraic geometry codes, Handbook of Coding Theory I, Chapter 10, Elsevier, Amsterdam, 1998. [12] M.S. Kolluru, G.L. Feng, T.R.N. Rao, Construction of improved geometric Goppa codes from Klein curves and Klein-like curves, Appl. Algebra Engrg. Comm. Comput. 10 (6) (2000) 433–464. [13] G. Korchmáros, F. Torres, On the genus of a maximal curve, Math. Ann. 323 (3) (2002) 589–608. [14] G. Lachaud, Sommes d’Eisenstein et nombre de points de certaines courbes algébriques sur les corps finis, C. R. Acad. Sci. Paris, Sér. I Math. 305 (16) (1987) 729–732. [15] S. Levy (Ed.), The eightfold way: the beauty of Klein’s quartic curve, Mathematical Sciences Research Institute Publications 35, Cambridge University Press, 1999. [16] S. Miura,Algebraic geometric codes on certain plane curves (in Japanese), IEICE Trans. Fundamentals J75-A (11) (1992) 1735–1745. [17] S. Miura, The error-correcting codes based on algebraic geometry, University Tokyo Dissertation, 1997 (in Japanese). [18] H. Niederreiter, C.P. Xing, Rational points on curves over finite fields: theory and applications, London Mathematical Society Lecture Note Series, Vol. 285, Cambridge University Press, Cambridge, 2001. [19] R. Pellikaan, The Klein quartic, the Fano plane and curves representing designs, Codes, curves, and signals (Urbana, IL, 1997), Kluwer International Series Engrg. Computer Science, Vol. 485, Kluwer Academic Publishers, Dordrecht, 1998, pp. 9–20. [20] J.-P. Serre, Sur le nombre des points rationnels dune courbe algebrique sur un corps fini, C. R. Acad. Sci. Paris Sér. I Math. 296 (9) (1983) 397–402 (=Oeuvres III, No. 128, 658–663.). [21] J.-P. Serre, Nombres de points des courbes algebriques sur Fq , Seminar on number theory, 1982–1983 (Talence, 1982/1983), Exp. No. 22, Univ. Bordeaux I, Talence, 1983, pp. 8. ( = Oeuvres III, No. 129, 664–668.) [22] J.-P. Serre, Rational points on curves over finite fields, Note of lectures at Harvard University, 1985. [23] A. Seyama, On the curves of genus g with automorphisms of prime order 2g + 1, Tsukuba J. Math. 6 (1) (1982) 67–77. [24] H. Stichtenoth, Algebraic Function Fields and Codes, Springer-Verlag, Berlin, 1993. [25] J. Top, Curves of genus 3 over small finite fields, Preprint, arXiv:math.NT/0301264.