Field Extensions Generated by Kernels of Isogenies by Jonathan

Field Extensions Generated by Kernels of Isogenies

Jonathan Love

A thesis submitted in conformity with the requirements for the degree of Master of Science Graduate Department of Mathematics University of Toronto

Field Extensions Generated by Kernels of Isogenies

Jonathan Love Master of Science Graduate Department of Mathematics University of Toronto 2016

Given an odd prime p, A technique due to Jean-Fran¸coisMestre allows one to construct inﬁnitely many quadratic ﬁelds for which the ideal class group has p–rank at least 2, using a degree p isogeny between elliptic curves such that the kernel has a rational point. This technique only works for primes p ≤ 7; we attempt to generalize the construction for larger primes. One line of approach uses higher degree isogenies (which have no rational point in the kernel), from which we obtain higher-degree number

ﬁelds with p–rank at least two. In the process, we collect data on the number ﬁelds generated by the points in the kernel of an isogeny, and make a series of conjectures based on the data. We also discuss the possibilities and limitations of replacing the elliptic curves in Mestre’s technique with more general abelian varieties.

ii Contents

1 Motivation: Ideal Class Groups1 1.1 Results and Open Problems...... 2

2 Elliptic Curves and Isogenies5 2.0.1 The Projective Plane...... 5 2.1 Elliptic Curves...... 6 2.2 Isogenies...... 7 2.3 Generating Quadratic Fields...... 8 2.3.1 Preimages of Quotient Maps...... 9

3 Isogenies with Irrational Kernel 11 3.1 Data on Kernel Fields...... 12 3.2 Observations from the Data...... 12 3.2.1 p = 11, 19, 43, 67...... 13 3.2.2 p = 37...... 15 3.2.3 p = 17...... 16 3.2.4 p = 13...... 16 3.3 Preimages of points...... 17 3.3.1 Points with X ∈ Q ...... 17 Examples...... 18 Ramiﬁcation...... 19 3.3.2 Points with X ∈ K ...... 19

4 Higher Genus Curves 21 4.1 Background...... 21 4.2 Hyperelliptic curves...... 22 4.3 Z/pZ covers by Descent...... 22 4.3.1 A family of hyperelliptic curves...... 22 4.4 Proportion of Points on a Curve for which p | h(Q(P ))...... 24

5 Appendix: Description of Code 28 5.1 Computing Ideal Class Groups...... 28 5.1.1 Classes of Binary Quadratic Forms...... 28 5.1.2 The Class Group of Forms...... 30

iii Operating on Form Orbits...... 33 5.2 Points P on a curve with p | h(Q(P ))...... 34 5.3 Kernel Fields of Isogenies...... 35

Bibliography 37

iv List of Tables

3.1 Extensions generated by kernels of isogenies...... 14

v List of Figures

4.1 Proportion of points (X,Y ) ∈ X0(11) with X ∈ Q and 5 | h(Q(P ))...... 24 4.2 Proportion of points (X,Y ) ∈ X0(23) with X ∈ Q and 11 | h(Q(P ))...... 24 4.3 y2 = x6 + 2x5 + 5x4 + 2x3 + 2x2 + 1 (has 11–torsion), p = 11...... 25 4.4 y2 = x6 + 2x5 + 5x4 + 2x3 + 2x2 + 2 (no 11–torsion), p = 11...... 25 4.5 y2 = x6 + 4x4 + 10x3 + 4x2 − 4x + 1 (has 13–torsion), p = 13...... 26 4.6 y2 = x6 + x5 + x4 + x3 + x2 + 3x + 1 (no 13–torsion), p = 13...... 26 4.7 y2 = (9x2 + 2x + 1)(32x3 + 81x2 − 6x + 1) (has 17–torsion), p = 17...... 27 4.8 y2 = (10 − x)(3x + 2)(72x4 + 96x3 + 45x2 − 38x + 5) (has 17–torsion), p = 17...... 27

vi Chapter 1

Motivation: Ideal Class Groups

Consider a field K that is a finite extension of Q, and let OK be its ring of integers. In many ways, this ring behaves a lot like the integers. For instance, there is a well-defined notion of size, and elements can always be factored into a finite product of smaller irreducible elements. Studying these number systems can often give us insights into the structure of the integers themselves (as an example, the question of which integers can be expressed as a sum of two squares can be completely solved by considering factorization in Z[i]; see for instance section 2.2 of [12]). There is one very significant way in which these rings may fail to be like the integers, however: there is not always a unique way to factor an element into irreducible elements. This has considerable implications in number theory; for instance, if factorization into irreducibles were always unique, then we might have had a relatively simple proof of Fermat’s last theorem as early as the 1800s ([7]). As a result, it would be useful to measure, in some sense, the extent to which unique factorization fails. Fortunately, a convenient tool for doing so exists, using the ideals of the ring. We note the following proposition:

Theorem 1.0.1. Let OK be the ring of integers of a ﬁnite extension K/Q. Then elements of OK can be factored uniquely into irreducible elements if and only if every ideal of OK is a principal ideal.

(see e.g. [22], Proposition 3.18 and preceding discussion). In particular, factorization of ideals of

OK into prime ideals is always unique, and in a principal ideal domain, this factorization corresponds with the factorization of an element into irreducible elements. Thus, to study the failure of unique factorization, we need to study the ways in which an ideal can fail to be a principal ideal.

The set of nonzero ideals IK of a ring of integers OK form a monoid under the operation of multiplication. We deﬁne an equivalence relation ∼ on IK: given I,J ∈ IK, we say I ∼ J if (a)I = (b)J for some a, b ∈ OK . The set of equivalence classes is called Cl(K). One can check that multiplication is well deﬁned on equivalence classes, and in fact makes Cl(K) into a group, called the ideal class group of K. The collection of all principal ideals is one of the equivalence classes, and corresponds to the identity element of Cl(K); thus, OK has unique factorization if and only if Cl(K) is the trivial group. So to better understand failure of unique factorization, Cl(K) is the structure we would like to understand. One of the most basic results about Cl(K) is the following:

Theorem 1.0.2 ([22], Theorem 4.3). Let D be the discriminant of K, n = [K : Q], and 2r the number

1 Chapter 1. Motivation: Ideal Class Groups 2 of non-real embeddings K,→ C. Then every equivalence class of ideals has an ideal I with

4 r n! N(I) ≤ p|D| . π nn

Since there are only ﬁnitely many ideals of any given norm, this allows us to prove an important corollary:

Theorem 1.0.3. Cl(K) is a ﬁnite abelian group.

In fact, we can directly compute Cl(K) simply by listing all ideals with norm no greater than the Minkowski bound and checking how they multiply together - though this algorithm is impractical for all but the simplest field extensions. A more efficient algorithm is discussed in the appendix, section 5.1. Instead of taking a field and computing its class group, one can ask the converse; given a finite abelian group A, which fields K have Cl(K) = A? Or, more generally, have A ≤ Cl(K)? Very little is known about this sort of question in general, but considerable progress has been made in the case of quadratic fields.

1.1 Results and Open Problems

For the remainder of this section, D ∈ will denote a fundamental discriminant (either D ≡ 1 (mod 4) Z √ is squarefree, or D ≡ 2, 3 (mod 4) is squarefree), and K will be a quadratic ﬁeld: K = ( D) for some 4 √ Q fundamental discriminant D. Note that every quadratic ﬁeld K = Q( M) can be written in this way; if s2 is the largest perfect square dividing M (so that M/s2 is squarefree), then

( 2 2 M, M/s2 ≡ 2, 3 (mod 4) D = s 1 2 2 s M, M/s ≡ 1 (mod 4) √ √ is a fundamental discriminant with Q( M) = Q( D). We deﬁne the class number h(K) := |Cl(K)|. Though Gauss conjectured the following in 1801 ([14], Section V, Article 303), this fact was only proven in 1934 by Heilbronn ([16]): √ Theorem 1.1.1. For each n ∈ Z, there are only ﬁnitely many D < 0 for which h(Q( D)) = n.

In fact, we have very strict bounds on the growth of the class number:

Theorem 1.1.2 (Siegel, 1935 [26]). For all ε > 0, √ 1/2−ε 1/2+ε |D| h(Q( D)) |D| .

(Here f(D) g(D) means that for all C ∈ R, we have Cf(D) < g(D) for suﬃciently large D). However, though this tells us a lot about the size of the class group, it fails to give us much more information about the structure of the group itself. However, not much progress has been made in this direction. We do have the following:

Theorem 1.1.3 (Ankeny, 1955 [1]). For any positive integer n, there are inﬁnitely many D < 0 such √ that h(Q( D)) is divisible by n. Chapter 1. Motivation: Ideal Class Groups 3

By Cauchy’s theorem, this tells us that whenever A is a product of distinct prime cyclic groups (i.e. when |A| is squarefree), A appears as a subgroup of the ideal class group for infinitely many imaginary quadratic fields. However, this tells us very little beyond that, because in no other case is an abelian √ 2 group uniquely identified by its order. If p divides h(Q( D)), then Zp2 or Zp × Zp must appear as a subgroup, but we can’t tell which! This leads us to consider the p–rank of ideal class groups; that is, the largest value of n such that Zn √ p is a subgroup of the ideal class group. Let rp(D) denote the p–rank of the ideal class group of Q( D), rp(D) and let hp(D) = p denote the size of the p–torsion; that is, the number of elements of order dividing p. The case p = 2 is relatively straightforward, and was known to Gauss [14]: √ Theorem 1.1.4. Let D be a negative fundamental discriminant. Then the 2–rank of K = Q( D) is 2r−1, where r is the number of distinct primes dividing D.

2 One can in fact say more: every pi | D ramifies over K, that is, (pi) = Pi for some ideal Pi of K. Then {Pi : 1 ≤ i ≤ r} generates the Sylow 2–subgroup of Cl(K), subject to the relation that P1 ··· Pr is principal (a discussion of this may be found in [6], XIII.3). In essence, the p = 2 case is simple because p equals the degree of the extension; for quadratic extensions and any p ≥ 3, we will never find an integer ideal that is equal to the p–th power of an ideal in K. For p > 2, Cohen and Lenstra have come up with a broad series of conjectures regarding the distribution of p–ranks across number fields, including for instance the following:

Conjecture 1 ([5], (C5)). For an odd prime p, the proportion of fundamental discriminants D < 0 with rp(D) = r is equal to r ∞ 2 Y Y p−r (1 − p−k)−1 (1 − p−k). k=1 k=r+1 However, results as precise as this are not known for any odd primes. Though the p = 3 case is not understood quite as deeply as the p = 2 case, a signiﬁcant breakthrough was made by Davenport and Heilbronn in 1971. Then we have the following result, calculating the average size of the 3–torsion, for both real and imaginary quadratic ﬁelds:

Theorem 1.1.5 ([10], Theorem 3). Let P0 denote a sum over fundamental discriminants only. Then as X → ∞, X0 4 X0 h (D) ∼ 1, 3 3 0

Theorem 1.1.6 ([15], Theorem 1.1). For any ε > 0, as X → ∞ we have

0 X 3 − 3 +ε hp(D) X 2 2p+2 −X

However, much less is known regarding lower bounds for p > 3; in particular, there is no known precise asymptotic behavior as there is for p = 3. Further, even if average behavior were known precisely as it is for p = 3, average behavior doesn’t tell us much about the distribution across possible p–ranks. For instance, Davenport and Heilbronn’s average for imaginary quadratic fields could arise if half of all fundamental discriminants D had h3(D) = 3 and half had h3(D) = 1, so the result says nothing about existence of imaginary quadratic fields of 3–rank greater than one (whereas Cohen and Lenstra’s heuristics predict a positive proportion of imaginary quadratic fields with any given 3–rank). However, we do have some results giving existence of imaginary quadratic fields with large 3–rank:

Theorem 1.1.7 (Craig, 1977 [8]). There are inﬁnitely many imaginary quadratic ﬁelds with 3–rank greater than or equal to 4.

For p = 5, 7, some of the best results regarding existence of imaginary quadratic ﬁelds with high p–rank are due to a strategy by Mestre, which will be discussed in chapter2 onwards. Particular results of this strategy give the following results:

Theorem 1.1.8 (Mestre, 1983 [18], Proposition II.2.2). Let

m(t) = (t2 + 3)(−47t6 − 240t5 − 2887t4 + 2400t3 + 3659t2 − 2160t − 3733).

p If t 6≡ 2, 6, 7 (mod 11) and t ≡ 4 (mod 6), then Q( m(t)) has 5–rank at least 2.

Miller also uses this same strategy in [19] to produce several quadratic fields with 7–rank greater than or equal to 2, using the polynomial m(t) = (t2 + 1114t + 310612)(967420592t6 + 3357431864104t5 + 4850215147029559t4+3733303907396739212t3+1614860798983872478748t2+372194367477864525882560t+ 35710426345286513538594560). Unfortunately, this strategy fails for primes larger than 7. So the question remains; how does one produce number fields fields with large p-rank for p > 7? This paper discusses various strategies for completing this goal based on Mestre’s strategy, to be discussed in the next chapter. Chapter 2

Elliptic Curves and Isogenies

We start with a brief sketch of the theory of elliptic curves. For a more in depth introduction to the subject, see [27].

2.0.1 The Projective Plane

Given a field K, we can talk about pairs of points (x, y) ∈ K2, and curves as being sets of such points. However, there in many contexts we will want to discuss the behavior of the curve “at infinity.” To do this we need a larger space, called the projective plane over K (or P2(K)), which will contain K2 but also so-called “points at infinity.” To do this, consider the set {(X,Y,Z): X,Y,Z ∈ K}\{(0, 0, 0)}. We can define an equivalence relation on this set by saying (X,Y,Z) ∼ (tX, tY, tZ) for any nonzero t ∈ K. P2(K) is defined to be the set of equivalence classes (denoted with square brackets, so that [X,Y,Z] = [tX, tY, tZ]); the elements can be identified as lines through the origin.

Note that K2 ,→ P2(K) by (x, y) 7→ [x, y, 1]. The only elements of P2(K) not representable in this way are those were Z = 0; these are the points at inﬁnity. Geometrically speaking, we can associate K2 with the Z = 1 plane, and every point corresponds to a unique line through the origin; the remaining lines (those parallel to the Z = 1 plane) are the points at inﬁnity.

A polynomial in multiple variables is homogeneous of degree n if, for every term, the sum of the ex- ponents of each variable is n. A polynomial is well-defined on P2(K) (that is, F (X,Y,Z) = F (tX, tY, tZ) for all nonzero t) iff it is homogeneous. Given a polynomial f(x, y), we can homogenize the polynomial, X Y obtaining a homogeneous polynomial F (X,Y,Z), by substituting x = Z and y = Z and multiplying by a sufficiently high power of Z to eliminate denominators. Under the embedding K2 ,→ P2(K), the points satisfying f(x, y) = 0 are exactly the points satisfying F (X,Y,Z) = 0 which are not points at infinity (as can be seen by substituting Z = 1 into the homogenized polynomial).

In this paper, we will occasionally discuss solutions to equations f(x, y) = 0 in P2(K); this technically means we are discussing solutions to the homogenized equation F (X,Y,Z) = 0.

5 Chapter 2. Elliptic Curves and Isogenies 6

2.1 Elliptic Curves

We can deﬁne an elliptic curve E as follows. Given any cubic equation in x and y, a rational transfor- mation in x and y allows us to write it in Weierstrass form:

2 3 2 y + a1xy + a3y = x + a2x + a4x + a6, (2.1) with coeﬃcients in Q. We additionally assume this curve is non-singular; that is, there is no point (x, y) ∂ ∂ on the curve with ∂x f(x, y) = ∂y f(x, y) = 0, where f is the polynomial whose zero set is the elliptic curve. This reduces to the requirement that the discriminant ∆(E) (deﬁned below as given in [23]) is nonzero:1

2 b2 = a1 + 4a2

b4 = 2a4 + a1a3 2 b6 = a3 + 4a6 2 2 2 b8 = a1a6 + 4a2a6 − a1a3a4 + a2a3 − a4 2 3 2 ∆(E) = −b2b8 − 8b4 − 27b6 + 9b2b4b6.

Then for any K/Q, we let E(K) denote points (x, y) ∈ P2(K) satisfying equation 2.1. By Bezout’s theorem, any line in P2(K) passes through the cubic in exactly three points, counting multiplicity. We use this to describe an addition on E(K), where P +Q+R = 0 iff P, Q, and R are colinear. This definition turns E(K) into an abelian group. Given the coordinates for points P,Q ∈ E(K), the equations for the coordinates of P + Q are rational functions in the coordinates of P and Q, with coefficients in Q. Note that in general, different extensions K of F will result in different groups E(K), but these groups are all compatible in very nice ways; for instance, if L/K/F , then every point in E(K) is also in E(L). In fact, from the perspective of category theory, E is a functor from the category of field extensions of F to the category of abelian groups, which makes E into a group scheme. Let E be an elliptic curve defined over Q. The following theorems tell us about the structure of the groups E(K):

Theorem 2.1.1 (Mordell-Weil). Suppose K/Q is a finite extension. Then E(K) is a finitely generated ∼ rK abelian group; that is, E(K) = Z × TK for some integer rK and some finite abelian group TK (the torsion subgroup).

Theorem 2.1.2 (Mazur). TQ (deﬁned above) can only be one of 12 possible ﬁnite groups. In particular, if an element of E(Q) has order p for some prime p, then p = 2, 3, 5, or 7.

Lemma 2.1.3. Let [n]: E → E denote multiplication by n (that is, P 7→ P + ··· + P , where P is added to itself on the elliptic curve n times). Then ker[n](Q) =∼ Z/nZ × Z/nZ.

Lemma 2.1.4. E(Q) is a divisible group; that is, given any Q ∈ E(Q) and n ∈ Z, there exists R ∈ E(Q) such that nR = Q. Further, by lemma 2.1.3, there are exactly n2 such possibilities for R.

1 2 3 2 Note that Q does not have characteristic 2 or 3. Because of this, equation 2.1 can be rewritten as y = 4x + b2x + 1 1 2 2b4x + b6 using the variables deﬁned here. By substituting 4 x − 12 b2 in for x and rescaling, we may also eliminate the x term and put equation 2.1 in reduced Weierstrass form, y2 = x3 + Ax + B, with discriminant −16(4A3 + 27B2). Chapter 2. Elliptic Curves and Isogenies 7

In order to study the groups E(K), one technique we can use is to study their automorphisms. In particular, given a finite Galois extension K/Q, the Galois group Gal(K/Q) acts on E(K): given σ ∈ Gal(K/Q), the map (x, y) 7→ (σ(x), σ(y)) is an automorphism on E(K). To see this, note that the addition law is expressed in terms of rational functions with coefficients in Q, and these are all preserved by σ; that is, σ(P + Q) = σ(P ) + σ(Q). Since σ is invertible, this yields an automorphism of E(K). If L/K and K/Q are both finite Galois extensions, then Gal(L/Q) acts on E(K) as well, since σ(K) = K for all σ ∈ Gal(L/Q); that is, we get a map Gal(L/Q) → Gal(K/Q) by restriction. Because of this compatibility, we are able to put all the Galois groups together (using the categorical inverse limit) and obtain the absolute Galois group Gal(Q/Q). This is an infinite group with the property that every element σ restricts to an automorphism σK of any Galois extension K/Q.

2.2 Isogenies

Again, we give only a brief overview. A very concrete description of the material is presented by Shumow ([25]), and the lemmas in this section are taken from this work unless otherwise indicated. Let E and F be elliptic curves deﬁned over Q. Suppose a map ρ : E → F has the following properties:

• ρ is locally deﬁned by rational functions with coeﬃcients in Q (i.e. it is a regular map between E and F considered as algebraic varieties);

• ρ is a surjective homomorphism with ﬁnite kernel.

Deﬁnition 2.2.1. A map ρ satisfying the above properties is called an isogeny.

Note that requiring ρ : E → F to be surjective does not require ρ : E(K) → F (K) to be surjective for all K; rather, for any K there is an extension L/K for which F (K) ⊆ ρ(E(L)). Note that the kernel, ker ρ, of a map of group schemes is itself a group scheme. We can collect some data collected to a given isogeny. Note that for the rest of this paper, unlike in section 2.0.1, X and Y will denote coordinates of points in the codomain of an isogeny while x and y will denote coordinates of points in the domain.

Definition 2.2.2. Given an isogeny ρ : E → F , let the rational maps defining each coordinate be given by p (x, y) p (x, y) (X,Y ) = X , Y , qX (x, y) qY (x, y) where pX , qX , pY , qY ∈ Q[x, y] and the fractions are in lowest form. Then the degree of ρ is defined to be nρ := max{degx pX , degx qX }.

2 Lemma 2.2.1. For any isogeny ρ : E → F , where E and F are deﬁned over , nρ = | ker ρ |. Q Q Deﬁnition 2.2.3. Given an isogeny ρ : E → F , the kernel polynomial k is the smallest-degree monic polynomial whose roots are precisely the x–coordinates of the non-identity elements of ker ρ(Q).

Suppose the degree of the isogeny is odd; then given non-identity P ∈ ker ρ(Q), we have that −P is nρ−1 distinct from P , has the same x–coordinate, and is also in ker ρ(Q). This shows that k has degree 2 . We cite the following result, which tells us that the rational maps deﬁning the isogenies we will be dealing with take a very particular form:

2In general, this result holds for any separable isogeny. Chapter 2. Elliptic Curves and Isogenies 8

Theorem 2.2.2 ([25] 3.1.8). Suppose ρ : E → F is an isogeny of odd degree n, and let k(x) be the kernel polynomial for ρ. Then there exists a degree n polynomial φ(x), and a polynomial ω(x, y), such that ρ is deﬁned by φ(x) ω(x, y) (x, y) 7→ , . k(x)2 k(x)3 Say that E and F are isogenous if there exists an isogeny ρ : E → F . The following theorem, together with the facts that the identity map is an isogeny and that the composition of isogenies is an isogeny, proves that this deﬁnes an equivalence relation on the collection of elliptic curves:

Theorem 2.2.3. Given any isogeny ρ : E → F , there exists a unique dual isogney ρ∨ : F → E, for which

• nρ = nρ∨ ,

∨ • ρ ◦ ρ : E → E is multipication by nρ on E, and

∨ • ρ ◦ ρ : F → F is multipication by nρ on F .

Isogenies of elliptic curves can often be computed explictly using V´elu’sformulae ([17]):

Lemma 2.2.4. Let G be a ﬁnite subgroup of E(F ). Then F = E/G is deﬁned over Q by Y 2 = g(X) for some degree 3 monic polynomial g, and the map E → F is given by

X X X(R) = x(R + Q) − x(Q) Q∈G Q∈G\{e} X X Y (R) = y(R + Q) − y(Q). Q∈G Q∈G\{e}

V´elu’sformulae can be used to compute the codomain and rational maps deﬁning an isogeny, assuming the domain and kernel are known. It turns out to also be possible to compute the kernel and rational maps, assuming the domain and codomain (and degree of the isogeny) are known. To do this naively, suppose there exists a degree n isogeny ρ : E → F ; then by Theorem 2.2.3 and Lemma 2.1.3, any point in ker ρ must be in

∨ ∼ ker(ρ ◦ ρ) = ker[nρ] = Z/nZ × Z/nZ.

Thus, it suﬃces to consider each order n subgroup G of ker[n], compute E/G using Lemma 2.2.4, and check if the result is isomorphic to F . A more sophisticated approach to calculating the kernel may be found in [25]. In conclusion, given curves E and F which are known to be connected by a degree n isogeny, it is possible to compute the kernel polynomial k(x) and the rational maps φ(x)/k(x)2 and ω(x, y)/k(x)3 deﬁning ρ. These are implemented in Sage, and are used in the program given in section 5.3 to compute results in Chapter3.

2.3 Generating Quadratic Fields

We follow the strategy given by Mestre in [18]. Chapter 2. Elliptic Curves and Isogenies 9

2.3.1 Preimages of Quotient Maps

Suppose ρ : E → F is a isogeny of degree p (p an odd prime) with kernel hQi, for some Q ∈ E(Q). Note that if X ∈ Q, and F is an elliptic curve deﬁned by Y 2 = f(X), then the point P = (X,Y ) is in F (Q(P )), where Q(P ) = Q(Y ) is either Q itself or a quadratic extension of Q. We only consider the case in which it is a quadratic extension. Now consider some (x, y) ∈ ρ−1(P ), that is, x and y satisfy

φ(x) ω(x, y) (X,Y ) = , . k(x)2 k(x)3

In particular, φ(x) − Xk(x)2 = 0, and for generic values of X this will be an irreducible degree p polynomial in x, so that x is in a degree p extension Q(x)/Q. Since y satisfies a quadratic equation over Q(x), as well as a polynomial ω(x, y) − Y k(x)3 = 0 over Q(x)(Y ), Q(x, y) must be an extension of both Q(x) and Q(P ); by degree considerations, it must be a degree p extension of Q(P ). Now since Q ∈ E(Q), the map (x, y) 7→ (x, y)+Q is defined by rational maps with rational coordinates in x and y. Hence, every element of ρ−1(P ) is in Q(x, y), so the polynomials defining x and y split in Q(x, y). Hence Q(x, y) = Q(ρ−1(P )) is a Galois extension of Q(P ). With a bit of extra work, we can show that a few congruence conditions on X will guarantee that the extension Q(ρ−1(P ))/Q(P ) is unramified. We then cite the following result, from class field theory:

Theorem 2.3.1 ([20] Theorem 0.3). For any number field K, there exists a bijection between subgroups H ≤ Cl(K) on the one hand and finite unramified abelian extensions L/K on the other, satisfying the following properties:

• The prime ideals of K that split in L are exactly those in one of the ideal classes in H

• Gal(L/K) =∼ Cl(K)/H

The extension L/K corresponding to the subgroup H is called the class ﬁeld of H.

Thus, if we take X ∈ Q such that Q(ρ−1(P ))/Q(P ) is an unramified degree p Galois extension (one can easily check that there are infinitely many such X); then Theorem 2.3.1 tells us that p divides |Cl(Q(P ))|. To obtain number fields with p–rank at least 2, Mestre takes two distinct points P and P 0 with the 2 3 2 same Y –value on E(K) but distinct rational X–values. For a curve in the form Y = X +c1X +c2X+c3, 0 2 to have (X,Y ) and (X ,Y ) lie on the curve for some value of Y is equivalent to requiring X +c1X +c2 = 02 0 0 X + c1X + c2. Thus (X,X ) lies on a conic, so that if a single rational solution is found, then one can generate infinitely many. In the case that P = (X,Y ),P 0 = (X0,Y ) both lie on the elliptic curve, it is in general true that Q(ρ−1(P )) 6= Q(ρ−1(P 0)) (because the polynomials whose roots define the preimage sets are dependent on X), giving two distinct unramified degree p extensions of Q(P ) = Q(P 0). By Theorem 2.3.1, these correspond to two distinct subgroups H,H0 of Cl(K) satisfying Cl(Q(Y ))/H =∼ Cl(Q(Y ))/H0 =∼ Z/pZ. If the p–rank of Cl(Q(Q)) were equal to 1, then there would be a unique subgroup of index p; so the existence of distinct H and H0 of index p proves that the p–rank of Cl(Q(Q)) is at least 2. Mestre uses the degree 5 isogeny from X1(11) → X0(11) to generate infinitely many imaginary quadratic fields with 5–rank at least 2 (Schoof provides a detailed computation in [24]). Miller uses a Chapter 2. Elliptic Curves and Isogenies 10 similar technique to generate infinitely many imaginary quadratic fields with 7–rank at least 2. Unfor- tunately, this technique cannot be taken any further, due to Mazur’s Theorem (Theorem 2.1.2), which tells us that a rational torsion point on E of prime order p must have p ≤ 7. The following chapters describe our attempts to modify the technique to solve this problem. First, in chapter3, we study quotient isogenies of higher prime degree; these do not have a rational point in the kernel, but much of the technique carries through and we are able to obtain different results. In chapter4 we look instead at abelian varieties, which behave in many ways like elliptic curves but have rational points of higher order than elliptic curves do. Chapter 3

Isogenies with Irrational Kernel

Recall that in the previous chapter, we took a degree p isogeny ρ : E → F , and P = (X,Y ) on F with X ∈ Q and Y in a quadratic extension. We noted that (x, y) ∈ ρ−1(P ) generates a degree p extension of Q(P ); this holds true for all odd primes p. However, in order to apply the conclusions from class ﬁeld theory, we need an extension that is abelian (in particular, Galois), and unramiﬁed. Thus, given the degree p extension Q(x, y)/Q(P ), we have the following two goals: 1. Determine the degree of the Galois closure of the extension (and try to make it as close to p as possible).

2. Determine which primes ramify in the Galois closure of the extension (and try to make there be as few as possible).

In the case that the kernel has a rational point, we noted that Q(x, y) = Q(ρ−1(P )) is already Galois over Q(P ). We can’t conclude this if p is a prime greater than 7. Isogenies of higher degrees do exist, but the points in the kernel will not be rational; rather, they will be in E(K) for some K/Q. Definition 3.0.1. Let ρ : E → F be an isogeny of elliptic curves defined over Q. The kernel field K is the field over which all points in ker ρ are defined. Kernel fields will be fundamental to our goal for the following reason: Proposition 3.0.2. Let ρ : E → F be a degree p isogeny (p an odd prime), with kernel field K. Let P = (X,Y ) lie on F with X ∈ Q. Let (x, y) ∈ ρ−1(P ). Then the Galois closure of Q(x, y) is KQ(x, y) = Q(ρ−1(P )). Proof. First we prove the last equality. Note that Q(ρ−1(P )) ⊆ KQ(x, y) because every element of ρ−1(P ) can be expressed in terms of rational functions in (x, y) and K via the addition law on E. Conversely, Q(x, y) ⊆ Q(ρ−1(P )) because (x, y) ∈ Q(ρ−1(P )), and K = Q(ker ρ) ⊆ Q(ρ−1(P )) because every element of ker ρ can be expressed as R+(−R0) for some R,R0 ∈ ρ−1(P ) (the addition and negation laws on E are rational functions). Hence KQ(x, y) ⊆ Q(ρ−1(P )). Now note that x is a root of the polynomial φ(x) − Xk(x)2, y is a root of ω(x, y) − Y k(x)3, and Q(ρ−1(P )) contains all roots of both polynomials. It is therefore a splitting field of the defining polynomials for Q(x, y), and is hence the Galois closure.

Thus, in order to embark on our two goals of understanding the Galois closure of Q(x, y)/Q(P ), we need a better understanding of the kernel ﬁeld K.

11 Chapter 3. Isogenies with Irrational Kernel 12

3.1 Data on Kernel Fields

Cremona’s Table 6 [9] contains a listing of all elliptic curves with conductor less than 380, 000,1 organized by isogeny class (two isogenous elliptic curves will have the same conductor, so we can talk about the “conductor of an isogeny class” or even the “conductor of an isogeny”). There are 1, 655, 337 isogeny classes in the table, and of these, 414 contain two curves connected by an isogeny of prime degree p > 7. The values of p occuring in the Table are p = 11, 13, 17, 19, 37, 43, 67, 163. Given two isogenous curves E and F , we can extract the following information from the table:

• The coeﬃcient lists of E and F , where the list [a1, a2, a3, a4, a6] represents the curve deﬁned by

2 3 2 y + a1xy + a3y = x + a2x + a4x + a6

• The degree of the isogeny ρ : E → F

• The conductor of E and F

From this information, we can use a computation using Sage (detailed in section 5.3) which allows us to compute:

• The rational maps deﬁning the isogeny ρ : E → F

• The kernel polynomial k of ρ

• The ﬁeld Kx obtained by adjoining all roots of k (all x–coordinates of points in ker ρ)

• The kernel ﬁeld K of ρ (obtained by adjoining the y–coordinates)

• The Galois closures of Kx and K

• The relative discriminants ∆(K/Kx) and ∆(Kx/Q)

We study the relative discriminants because they completely determine ramification in K/Kx and Kx/Q, which determine ramification in K/Q, which will help determine ramification in KQ(x, y) (ac- complishing our second goal). A summary of the data may be found in the following section. We did not perform the above computations for the two occurring isogenies of degree p = 163 due to computational limitations.2

3.2 Observations from the Data

This section is a summary, containing a collection of facts that are true of all isogenies ρ : E → F of prime degree p > 7 in Cremona’s Tables. Thus, they may also be recast as conjectures that may be true for all isogenies of this type.

Observation 1. Let k be the kernel polynomial of ρ, and let r be a root of k. Then Q(r) = Kx is the splitting ﬁeld of k, and is a totally real ﬁeld.

1As of August 1, 2016 2On a personal computer, the Sage computation took on average 1 second for an isogeny of degree 19, 1 minute for an isogeny of degree 43, and several hours for an isogeny of degree 67 Chapter 3. Isogenies with Irrational Kernel 13

Observation 2. K/Q is Galois, and the Galois group is cyclic.

Observation 3. [K : Kx] = 1 or 2.

Corollary 3.2.1. Assume Observation1. Then the irreducible factors of k all have the same degree, p−1 and [Kx : Q] divides 2 . Further assuming Observation3, [K : Q] divides p − 1.

Proof. Every root r of k generates Kx, so every irreducible factor of k must have degree [Kx : Q]. Hence p−1 [Kx : Q] divides deg k = 2 . The result about [K : Q] follows from multiplicativity of degrees.

Observation 4. A prime q ramiﬁes in K/Q iﬀ q2 divides the conductor of the isogeny.

Observation 5. The conductor of ρ is never squarefree.

Note that Observation5 is implied by Observation4, together with the fact that Q has no unramiﬁed extensions. Observation4 also implies that E and F must have additive reduction at some prime q.

Information regarding the factorization of k, degrees [Kx : Q] and [K : Q], and ramiﬁcation in Kx/Q can be found summarized in Table 3.2. Further discussion of the data will be done based on p.

3.2.1 p = 11, 19, 43, 67

In this section, we let p = 11, 19, 43, or 67, as isogenies of these degrees all share very similar properties. Note that these are all Heegner numbers (that is, discriminants of imaginary quadratic ﬁelds with class number 1), and the only other Heegner numbers are 1, 2, 3, 7, and 163. Thus, I conjecture that most of these properties will be true for p = 163 as well.

Observation 6. For all isogenies of degree p,

1. k is irreducible

p−1 2. [Kx : Q] = 2

[Kx: ] 3. ∆(Kx/Q) = p Q .

Observation 7. Let p = 19, 43, or 67. Then for every fundamental discriminant D relatively prime to

2 2 [Kx: ] p, there is exactly one isogeny with degree p, conductor p D , and N(∆(K/Kx)) = D Q . All degree p isogenies are of this form.

The case p = 11 is slightly diﬀerent:

Observation 8. For each fundamental discriminant D relatively prime to 11, there is exactly one isogeny

2 2 [Kx: ] with degree 11, conductor 11 D , and N(∆(K/Kx)) = D Q , and there are exactly two isogenies with

2 2 [Kx: ] degree 11, conductor 11 D , and N(∆(K/Kx)) = −11D Q . All degree 11 isogenies are of one of these two forms.

However, from both cases above, we obtain the following:

Corollary 3.2.2. Assume Observations3,6,7, and8. Then for p = 11, 19, 43, 67, there is a unique isogeny of degree p for which K/Kx is unramiﬁed; for all others, [K : Q] = p − 1. Chapter 3. Isogenies with Irrational Kernel 14

Table 3.1: Extensions generated by kernels of isogenies

p deg k [Kx : Q][K : Q] ∆(Kx/Q) # real # CM # total 11 (5) 5 5 114 1 0 1 11 (5) 5 10 114 50 48 98 13 (3, 3) 3 3 various 4 0 4 13 (2, 2, 2) 2 4 17 8 14 22 13 (3, 3) 3 6 various 45 49 94 13 (6) 6 12 various 54 54 108 17 (4, 4) 4 8 52 ∗ 173 4 2 6 17 (8) 8 16 54 ∗ 177 4 2 6 19 (9) 9 9 198 1 0 1 19 (9) 9 18 198 9 10 19 37 (6, 6, 6) 6 12 53 ∗ 74 18 18 36 43 (21) 21 21 4320 1 0 1 43 (21) 21 42 4320 4 5 9 67 (33) 33 33 6732 1 0 1 67 (33) 33 66 6732 2 4 6 163 — — — — — — 2 Total various 206 206 414 An enumeration of all isogenies in Cremona’s tables (ref) with prime degree p > 7. Isogenies are classiﬁed by: • p (degree of isogeny)

• deg k (numbers in parentheses determine the degree of each irreducible factor of the kernel polynomial k)

• [Kx : Q](Kx is the field over which all x–coordinates of points in the kernel are defined) • [K : Q](K is the kernel field).

For each class, the discriminant of Kx is given if it is the same for all isogenies in the class (and “various” otherwise), and the number of isogenies of this class is counted, as well as how many isogenies have kernel ﬁeld totally real or totally complex. Chapter 3. Isogenies with Irrational Kernel 15

Proof. A prime p of Kx ramifies in K iff it divides the relative discriminant. Since its norm is always divisible by D, the only possibility for an unramified extension is if D = 1. Therefore, by the observations, we find that there is a unique isogeny of degree p with N(∆(K/Kx)) = 1. Thus, from Observations3 and6, we conclude that for all but one isogeny, [ K : Q] = [K : Kx][Kx : Q] = p − 1.

We say that an isogeny of degree p is “associated with” the fundamental discriminant D if N(∆(K/Kx)) =

[Kx: ] [Kx: ] D Q or N(∆(K/Kx)) = −11D Q , and every isogeny is associated with some fundamental discriminant (we can identify D uniquely because [Kx : Q] is odd in all these cases). Thus there is a unique degree p isogeny associated with each fundamental discriminant coprime to p for p = 19, 43, 67, and there are three degree 11 isogenies associated with each fundamental discriminant coprime to 11.

3.2.2 p = 37

The case p = 37 has many of the same properties as the above cases. One disctinction now, however, is

[Kx: ] [Kx: ] that [Kx : Q] is even, so D Q = (−D) Q . Thus, if D and −D are both fundamental discriminants, we have to use the embeddings of K to determine whether an isogeny is associated to D or −D.

Deﬁnition 3.2.1. Given a number ﬁeld K and an integer n, we say K agrees with n if K is totally real and n > 0, or if K is totally complex and n < 0. We say K disagrees with n if K is totally real and n < 0, or if K is totally complex and n > 0.

The reasoning behind this definition is that a quadratic field always agrees with its discriminant. This is not true for general number fields, and we use this fact in the following observation.

Observation 9. For all isogenies of degree 37,

1. k is a product of three sextic irreducible polynomials

2. [Kx : Q] = 6 and [K : Q] = 12

3 4 3. ∆(Kx/Q) = 5 7

4. The conductor of the isogeny is 352D2, for D a fundamental discriminant relatively prime to 35

5. For each fundamental discriminant D relatively prime to 35, there are exactly two isogenies with

2 2 3 [Kx: ] degree 37, conductor 37 D , N(∆(K/Kx) = 5 D Q , and K disagrees with D. There are also

2 2 3 2 [Kx: ] exactly two isogenies with degree 37, conductor 37 D , N(∆(K/Kx) = 5 7 D Q , and K agrees with D. Every isogeny is of one of these forms.

2 2 Letting D = 8, we ﬁnd four isogenies with degree 37, conductor 37 (8) , and N(∆(K/Kx) =

3 [Kx: ] 2 2 3 2 [Kx: ] 5 (8) Q , and four isogenies with degree 37, conductor 37 D , N(∆(K/Kx) = 5 7 D Q . The reason for this is that −8 is also a fundamental discriminant. Of these groups of four, two each are totally real and two each are totally complex; thus we can use the embeddings to determine which isogenies are associated to 8 and which are associated to −8. Notice that we can recast our characterizations of the isogenies of degree p = 11, 19, 43, 67 using the language of K agreeing with D as well; For these cases, K always agrees with the fundamental discriminant it is associated with, with the exception of the isogenies of degree 11, conductor 112D2,

[Kx: ] and N(∆(K/Kx)) = −11D Q , which disagree with D. Chapter 3. Isogenies with Irrational Kernel 16

Now observe that D and −D are both fundamental discriminants iﬀ D ≡ 8 (mod 16). In these cases, We have the following behavior in this case:

Observation 10. Suppose p = 11, 19, 37, 43, or 67, and D ≡ 8 (mod 16) is a fundamental discriminant relatively prime to p. Let ρ : [0, a2, 0, a4, a6] → [0, b2, 0, b4, b6] be a degree p isogeny associated with D. 0 Then ρ : [0, −a2, 0, a4, −a6] → [0, −b2, 0, b4, −b6] is a degree p isogeny associated with −D.

3.2.3 p = 17

There is relatively little data (only 12 isogenies, and only three conductors) to make any useful gener- alizations in this case. However, we see a few patterns start to emerge. The most clear diﬀerence is the division of this collection of isogenies into two distinct subcollections, described in the two following observations.

Observation 11. For all isogenies of degree 17 such that k is irreducible:

1. [Kx : Q] = 8 and [K : Q] = 16

4 7 2. ∆(Kx/Q) = 5 17

3. For each fundamental discriminant D relatively prime to 5 · 17, let ε = 1 if D is even and ε = 2 if 2 2 2 D is odd. Then there are exactly two such isogenies with conductor (ε·5 ·17 )D , N(∆(K/Kx)) = (54 · 17)D[Kx:Q], and K agrees with D. Every degree 17 isogeny with irreducible k is of this form.

Observation 12. For all isogenies of degree 17 such that k is reducible:

1. k is a product of two irreducible quartics

2. [Kx : Q] = 4 and [K : Q] = 8

2 3 3. ∆(Kx/Q) = 5 17

4. For each fundamental discriminant D relatively prime to 5 · 17, let ε = 1 if D is even and ε = 2 if 2 2 2 D is odd. Then there are exactly two such isogenies with conductor (ε·5 ·17 )D , N(∆(K/Kx)) = (52 · 17)D[Kx:Q], and K disagrees with D. Every degree 17 isogeny with reducible k is of this form.

3.2.4 p = 13

This case is by far the most rich, with far more examples than the other primes and behavior that is much less consistent.3 As in the case p = 17, we divide into cases based on how k factors.

Observation 13. For all isogenies of degree 13 such that k is a product of three quadratic irreducible polynomials:

1. [Kx : Q] = 2 and [K : Q] = 4

2. ∆(Kx/Q) = 17

3 This is likely related to the fact that X0(13), which is the moduli space for pairs of elliptic curves connected by an isogeny of degree 13, has genus 0, whereas X0(p) has genus larger than 0 for all other p considered here. Chapter 3. Isogenies with Irrational Kernel 17

3. For each fundamental discriminant D relatively prime to 17, let ε2 = 1 if D is even and ε2 = 2 if

D is odd; let ε5 = 1 if D is a multiple of 5 and ε5 = 5 otherwise. Then there are exactly two such

2 2 [Kx: ] isogenies with conductor (ε2ε5 · 17 )D , N(∆(K/Kx)) = 17D Q , and K agrees with D. Every degree 13 isogeny with k factoring into quadratics is of this form.

Observation 14. For all isogenies of degree 13 such that k is a product of two cubic irreducible polynomials:

1. [Kx : Q] = 3

2 2. ∆(Kx/Q) = q , for q = 7, 31, 43, or 103. The possible cases now depend more sensitively on q.

Observation 15. For each fundamental discriminant D relatively prime to q, let ε3 = 1 if D is a multiple of 3 and ε3 = 3 otherwise. Let ε2 = 1 if D is even or if q = 7 or 103, and ε2 = 2 if D is odd and q = 31 or 43.

2 2 [Kx: ] Then there is exactly one such isogeny with conductor (ε2ε3 · q )D , N(∆(K/Kx)) = D Q , and 2 2 K agrees with D, and there is exactly one such isogeny with conductor (ε2ε3 · q )D , N(∆(K/Kx)) = −qD[Kx:Q], and K disagrees with D.

It is quite likely that beyond Cremona’s Tables, there are more possible values for q. It is unclear what these values of q are coming from. The case with k irreducible is much stranger.

Observation 16. For all isogenies of degree 13 such that k is irreducible:

1. [Kx : Q] = 6 and [K : Q] = 12

3 4 2. ∆(Kx/Q) = u v , for (u, v) ∈ {(13, 19), (8, 13), (8, 9), (8, 7), (29, 9), (5, 9), (5, 19), (5, 7), (53, 7)}.

We think that there may be some link between the conductors of the isogenies and N(∆(K/Kx)) that is related to fundamental discriminants but no pattern was forthcoming.

3.3 Preimages of points

Let ρ : E → F be an isogeny of elliptic curves, F be defined by the equation (Y − c)2 = f(X) for some c ∈ Q and rational cubic f. Let (X,Y ) ∈ E(L) for some number field L, and let the set ρ−1((X,Y )) be defined over L0. In other words, if ρ(x, y) = (X,Y ), then by Proposition 3.0.2, L0 = KQ(x, y) is the Galois closure of Q(x, y). We wish to determine the properties of the extension L0/L.

3.3.1 Points with X ∈ Q

If X ∈ Q, then Y satisfies a quadratic equation over Q and L = Q(Y ) is a quadratic field. For various values of X, we then consider L0 = KL(x, y), where (x, y) is a preimage of (X,Y ). Once again, our goals are to find how close we can get to making L0 be an unramified cyclic extension of L: that is, how small can we make Gal(L0/L), and what we can say about ramification.

Proposition 3.3.1. Assume Observation2 and Corollary 3.2.1. Then Gal (L0/L) = Z/pZoGal(K/Q) ≤ Hol(Z/pZ), where Hol(G) = G o Aut(G) is the holomorph of G. Chapter 3. Isogenies with Irrational Kernel 18

Proof. By Corollary 3.2.1, Gal(K/Q) =∼ Z/nZ (for some n) is a subgroup of (Z/pZ)× so the semidirect product is well-defined, and Z/pZ o Gal(K/Q) is indeed a subgroup of the holomorph of Z/pZ. Now let Q be a generator of ker ρ, and note that (x, y) 7→ (x, y)+Q maps x and y to other roots of the polynomials defining them; this therefore defines a Galois action of degree p. Further, if σ ∈ Gal(K/Q), then in particular σ defines an automorphism of ker ρ (since σ preserves the addition law), so that σ(rQ) = (ar)Q for some a ∈ (Z/pZ)×. In other words, given m ∈ Z/pZ and a ∈ (Z/pZ)×, we have an action of (m, a) on ρ−1(X,Y ) given by (x, y) + rQ 7→ (x, y) + (m + ar)Q, exactly the relations defining the holomorph. Thus Gal(L0/L) is some subgroup of the holomorph. Since it contains an element of order p ((x, y) 7→ (x, y)+Q) and an element of order n (given by the action of a generator of Gal(K/Q)), it must contain Z/pZ o Gal(K/Q), and by degree considerations it must be equal.

Given the data collected from Cremona’s tables, we observe the following:

Observation 17. Let p = 11, 19, 43, 67. For all but one isogeny, we have the largest possible Galois group, Gal(L0/L) = Z/pZ o Z/(p − 1)Z = Hol(Z/pZ). In the exceptional case, we have Gal(L0/L) = p−1 Z/pZ o Z/ 2 Z. For p = 37, we have Gal(L0/L) = Z/37Z o Z/12Z. For p = 17, we have Gal(L0/L) = Z/17Z o Z/16Z = Hol(Z/17Z) half of the time (whenever k is irreducible) and Gal(L0/L) = Z/17Z o Z/8Z the other half of the time. For p = 13, Gal(L0/L) can be Z/13Z o Z/3Z, Z/13Z o Z/4Z, Z/13Z o Z/6Z, or Z/13Z o Z/12Z = Hol(Z/13Z).

Thus we don’t obtain any cyclic extensions, but in some cases (e.g. Z/13Z o Z/3Z) we come close.

Examples

There is an isogeny of degree 11 from the curve E = [0, −1, 1, −7, 10] to F = [0, −1, 1, −887, −10143]. The isogeny has kernel polynomial

k(x) = x5 − 9 ∗ x4 + 17 ∗ x3 + 20 ∗ x2 − 73 ∗ x + 43 and adjoining any root of k gives the splitting field. This is the unique isogeny of degree 11, as given in Corollary 3.2.2, where K/Kx is unramified; in fact, K = Kx (that is, the y–coordinates of points in ker ρ are already in Kx). Thus the Galois group of K is Z/5Z. The x–coordinate of the rational maps defining ρ map x to

x11 − 18x10 + 291x9 − 1883x8 + 3875x7 + 9384x6 − 66524x5 + 157745x4 − 223247x3 + 233808x2 − 181125x + 70741 . x10 − 18x9 + 115x8 − 266x7 − 217x6 + 2080x5 − 2856x4 − 1458x3 + 7049x2 − 6278x + 1849 Suppose (X,Y ) ∈ F (L) for some quadratic field L, X ∈ Q, Y/∈ Q. Then setting the above expression to equal X and rearranging, we find that the x–coordinates of the preimages of (X,Y ) are roots of a rational degree 11 polynomial. We can check that the splitting field of this polynomial is a Z/5ZoZ/11Z extension of K. As another example, there is an isogeny of degree 13 from the curve E = [0, 1, 1, −114, 473] to F = [0, 1, 1, −44704, −3655907]. The isogeny has kernel polynomial

k(x) = x6 − 47x5 + 263x4 + 4761x3 − 43363x2 + 61051x + 128143 = (x3 − 48x2 + 425x − 1009)(x3 + x2 − 114x − 127) Chapter 3. Isogenies with Irrational Kernel 19 and all roots lie in the same cubic field. Unlike most 13–isogenies (but like our previous example), if we consider the points on E corresponding to roots of k, the y–coordinates are also in this field. Thus the Galois group of the kernel is Z/3Z. The x–coordinate of the rational maps defining ρ maps x to

x13 − 94x12 + 11653x11 − 336248x10 + 1808999x9 + 59198317x8 − 893789211x7 + 2352343446x6 + 22369998615x5 −37059748925x4 − 1454719130047x3 + 9983204773816x2 − 26692195264811x + 28333333331765 . x12 − 94x11 + 2735x10 − 15200x9 − 465091x8 + 6702510x7 − 5624325x6 − 392835102x5 +2529080609x4 − 4074531380x3 − 7386105217x2 + 15646516586x + 16420628449 Suppose (X,Y ) ∈ F (L) for some quadratic field L, X ∈ Q, Y/∈ Q. Then setting the above expression to equal X and rearranging, we find that the x–coordinates of the preimages of (X,Y ) are roots of a rational degree 13 polynomial. We can check that the splitting field of this polynomial is a Z/3ZoZ/13Z extension of L.

Ramiﬁcation

Now we consider ramiﬁcation. Since K ⊆ L0, any prime that ramiﬁes in K will ramify in L0.

Proposition 3.3.2. If an isogeny has [K : Q] divisible by an odd prime, L0/L cannot be unramiﬁed. Further, none of the isogenies in Cremona’s Tables give unramiﬁed extensions.

Proof. Suppose [K : Q] is divisible by an odd prime m, and let K0 be the subfield of K such that [K0 : Q] = m (we can do this since K is a cyclic extension). Since every extension of Q ramifies somewhere, there is some prime q ∈ Z with odd ramification degree in K0, and hence, by multiplicativity of ramification degree (since [L : Q] = 2), it must ramify in LK0/L. Since LK0 ⊆ L0, q ramifies in L0/L. Now suppose [K : Q] is a power of 2. In every isogeny in Cremona’s Tables for which this is the case, 17 divides both ∆(Kx/Q) and ∆(K/Kx). Since Kx/Q and K/Kx are both Galois extensions, this 2 means that for every prime p of Kx dividing 17, p also divides 17, and p ramifies in K so that some fourth power divides 17. Hence the ramification degree of 17 in L0 is at least four. As the ramification degree of 17 in L is at most two, 17 must ramify in L0/L.

However, experience with the data leads to the following conjecture:

Conjecture 2. For each isogeny, there is a nonempty, finite set of rational primes S (namely, those dividing ∆(K/Q)) such that for any X ∈ Q, there is at least one prime of L = Q(X,Y ), lying over a prime in S, at which L0/L ramifies. However, there are infinitely many X ∈ Q for which L0/L is unramified at every prime not lying over a prime in S.

The ﬁrst half of this statement (that every extension ramiﬁes over some prime lying over a prime in S) would follow from Proposition 3.3.2 assuming there were a more systematic way to handle the case when [K : Q] is a power of two.

3.3.2 Points with X ∈ K

In many senses, K will behave much like Q. Given ρ : E → F with a point in ker ρ(K), and given any P = (X,Y ) ∈ F with X ∈ K satisfying certain congruence conditions, let (x, y) be a preimage of (X,Y ) under ρ. As above, we see that for generic values of X, K(x, y) is a degree p extension of K(P ). Now the elements of ker ρ are defined over K(x, y), so ker ρ acts on (x, y) to generate all points of ρ−1(P ); hence K(x, y) = K(ρ−1(P )) is a Galois degree p extension. For appropriate values of X, this extension Chapter 3. Isogenies with Irrational Kernel 20 is in fact unramified, and we obtain from Theorem 2.3.1 that h(K(P )) is divisible by p. For instance, using the degree 13 example in section 3.3.1 and various values of X, we found many number fields of degree 6 with class number divisible by 13. In order to find number fields with high p–rank, we can (as Mestre did) look for points P,P 0 with y– coordinates equal and solve for x–coordinates; this gives us a conic section which we can then parametrize, giving infinitely many pairs of X ∈ K giving the same y–coordinates. Chapter 4

Higher Genus Curves

The primary issue with extending Mestre’s approach to primes p > 7 is that there are no elliptic curves with a rational p–torsion point. In the previous chapter, we explored how to use degree p isogenies to generate number ﬁelds with all the properties Mestre’s technique gives, except not quadratic extensions of Q. To ﬁnd quadratic extensions of Q, we may consider looking at more general abelian varieties, where there exist rational p-torsion points.

4.1 Background

We assume basic background with abelian varieties (see for instance Milne’s notes [21]) but will sum- marize a few key facts. An abelian variety can be defined in the same way as an elliptic curve, but with no restrictions on the polynomial equation defining it (other than requiring it to be nonsingular, that is, the discriminant is nonzero). As we had isogenies for elliptic curves, we also have isogenies for abelian varieties. However, we run into difficulties: finding defining equations for abelian varieties is often very difficult. More importantly, let ρ : A → B be an isogeny of abelian varieties. Then a dual isogeny ρ∨ exists, but unlike in the elliptic curve case, ρ∨ does not map from B to A. Instead, given a variety A, there exists a dual variety A∨, and ρ∨ : B∨ → A∨. (Elliptic curves have the special property that E =∼ E∨). Given a quotient isogeny ρ : E → F , Mestre’s construction depends on having an equation for points in F , not necessarily in E. This leads us to a couple different ways of approaching the problem; however, both run into difficulties:

1. We could start with an abelian variety A with a p–torsion point P , and define B = A/hP i. Unfortunately, finding a set of defining equations for an abelian variety defined in this way is a monstrous task.

2. We could start with an abelian variety B, with deﬁning equations, and try to see if a valid A exists for it (without needing equations for A!). In the case of elliptic curves, all we would need to do is ﬁnd a p–torsion point in B, because then the quotient map B → B/hP i would have a dual map of degree p onto B as desired. Unfortunately this won’t work in general since the dual map lands not in B but in B∨. Additionally, even if we had equations for B∨, the kernel of the dual map is

21 Chapter 4. Higher Genus Curves 22

the dual of the Z/pZ, that is, µp (the group scheme of roots of unity). So in order to ﬁnd a Z/pZ ∨ cover of B, we would need to ﬁnd µp in B .

The theoretical basis for approach 2 was given by Yuri Bilu and Jean Gillibert in June 2016 ([3]); by their Theorem 1.4, to prove existence of infinitely many number fields with p–rank at least r, it suffices to find a certain abelian variety with µp–rank at least r.

4.2 Hyperelliptic curves

A hyperelliptic curve C is defined by the equation y2 = f(x), where the equation is nonsingular and f is degree 5 or higher. A hyperelliptic curve is not an abelian variety (there is no group law on it), but we can define the Jacobian of C, J(C), which is an abelian variety containing an embedding of C. Further, Jacobians are self-dual; J(C) =∼ J(C)∨. Thus to obtain a cover of J(C) with kernel Z/pZ, we need to find a copy of µp in J(C). Unfortunately, it is still often very difficult to find the equations defining the Jacobian. In the following sections, we look only at the hyperelliptic curve, and try to determine whether Z/pZ covers are obtainable.

4.3 Z/pZ covers by Descent

Let C be a hyperelliptic curve defined over Q by an equation y2 = f(x). Can we find an unramified Z/pZ cover of the curve also defined over Q? One technique to do this is to consider the curve C˜, defined by the same equation but considered ˜ over the field Q(µp), where µp is the set of p–th roots of unity in C. Now let C(C) ⊆ C(x, y) denote the set of rational functions in x, y which can be written as a rational function in the equation defining C˜. Take R ∈ C(C˜), and define the curve D˜ by the equations Y 2 = f(X), Zp = R(X,Y ). Then D˜ is a degree p cover of C˜. Further, as long as Z itself is not a rational function (that is, as long as R is not a ˜ p–th power), then there is a map Z 7→ ζpZ fixing C(C). This generates a group of order p, so Z/pZ acts on C(D˜). ˜ Now if we additionally have that D is fixed by Gal(Q(µp)/Q), then by the theory of descent (see e.g. [28]), there may be a way to construct an isomorphic curve D defined over Q. Then D would the desired Z/pZ cover of C.

4.3.1 A family of hyperelliptic curves

Given any odd p > 0, Bruin and Flynn[4] provide a family of hyperelliptic curves with an unramiﬁed degree p cover; if any one of these covers were in fact invariant under Gal(Q(µp)/Q), then the cover should descend to a cover deﬁned over Q as desired.

Proposition 4.3.1. Let L be a number ﬁeld. Let C˜ : Y 2 = F (X) = G(X)2 + kH(X)p be a hyperelliptic curve, where G(X), H(X), and k are deﬁned over OL, G(X) has degree p, and H(X) has degree 2, and F (X) is nonsingular. Given (x, y) ∈ C˜(L), there exists δ ∈ L∗ and z ∈ L such that

• δ is divisible only by primes dividing resultant(2G(X), kH(X)) and not divisible by any p–th power in L∗; Chapter 4. Higher Genus Curves 23

• (x, z) lies on the curve p 2 2p p D˜ δ : 2δZ G(X) = δ Z − kH(X) ;

p • the map φ :(X,Z) 7→ (X, δZ − G(X)) is a map from D˜ δ to C˜ and is an unramified cover of degree p. ˜ Let L = Q(µp). We take C to be as defined as in the proposition, but in fact requiring all coefficients ˜ to be in Q (so we can write C over Q defined by the same equation). Take x ∈ Q. Then Dδ is defined p 1 by taking Z = R(X,Y ) = δ (Y + G(X)), so as long as R(X,Y ) is not a p–th power of something in ˜ × ˜ C(C) , this fits in the strategy discussed above. If δ ∈ Q, then the curve Dδ will be defined over Q; in this case the µp action will be trivial and will not give us the Z/pZ action we want. Proposition 4.3.2. Let C˜, D˜ and δ be as set up in the preceding discussion. Then D˜ is not invariant under Gal(Q(µp)/Q). 1 ˜ × Proof. Let σ be the element of Gal(Q(µp)/Q) sending z to ζpz, and let R(X,Y ) = δ (Y +G(X)) ∈ C(D) . ˜ × p k z Suppose S ∈ C(D) also has a p–th root, say w = S. Then w maps to ζp w for some k, so t = wm is fixed by σ for some value of m. In other words, t ∈ C(C˜)× (because anything in C(D˜)× \ C(C˜)× is not R p fixed by σ). Thus Sm = t . In conclusion we have

× p × × p (C(D˜) ) ∩ C(C˜) = hRi(C(C˜) ) ; that is, everything in C(D˜)× that is a p–th root of something in C(C˜)× is essentially (up to a multiple of something in C(C˜)×) just a p–th root of R. ˜ ˜ σ σ R Now if D and D were isomorphic, then S = R would satisfy the above conditions; hence (Rσ )m 1 R would be a p–th power. But R(X,Y ) = δ (Y + G(X)), and Y + G(X) is defined over Q, so (Rσ )m = σ m (δ ) (1−m) ˜ × δ (Y + G(X)) . If this is a p–th power of something in C(C) then Y + G(X) would be a p–th power of something in C(C˜)×, which would imply that R(X,Y ) is a p–th power of something in C(C˜)×, δσ contradicting our assumptions. So the only option is m = 1. But since δ is a constant, it is always a p–th power of something in C(C˜)×. δσ Replacing C with Q(µp), most of this analysis still holds, with the exception that δ is not necessarily a p–th power; we will prove that it must be anyways. We will have (δzp − G(x))2 = y2 ∈ Q, so δzp − G(x) is in a quadratic extension of Q. Now the √ cyclotomic field Q(µp) has a unique quadratic field in it, namely Q( εp) where ε = 1 if p ≡ 1 (mod 4) √ √ and ε = −1 if p ≡ 3 (mod 4). Thus δzp ∈ Q( εp). Say δzp = a + b εp. √ √ √ Now σ acts on Q( εp) by εp 7→ − εp, so √ δσ a − b εp z p = √ , δ a + b εp zσ

√ δσ a−b εp and hence is a p–th power in Q(µp) iff √ is. However, since Q(µp) is a Galois extension of √ δ a+b εp √ ( εp) with degree not divisible by p, an element is a p–th power in ( εp) iff it is a p–th power in Q Q √ √ a−b εp Q(µp). Further, by bounds on the size of the class number, h(Q( εp)) is never divisible by p, so √ √ a+b εp is a p–th power iff a + b εp is. But this implies that δ is a p–th power, a contradiction.

Thus this particular family of hyperelliptic curves will not give us the covers with kernel Z/pZ we are looking for. Chapter 4. Higher Genus Curves 24

4.4 Proportion of Points on a Curve for which p | h(Q(P ))

Take an elliptic curve F obtained using Mestre’s technique, and choose P = (X,Y ) ∈ F with X ∈ Q. Then h(Q(P )) should be divisible by p very often. We can graphically depict this behavior using Mathematica (see code in section 5.2). If the x–coordinate of the graph is N, then the y–coordinate is the proportion, out of all X with height at most N 1, of rational numbers X for which h(Q(P )) is divisible by p, where P = (X,Y ) ∈ F for an appropriate value of Y . As an example, we take F to be the elliptic curve X0(11) (used by Mestre), and p = 5:

Figure 4.1: Proportion of points (X,Y ) ∈ X0(11) with X ∈ Q and 5 | h(Q(P )) 0.96

0.95

0.94

0.93

0.92

0.91

0 5 10 15 20 25 30

a Note that at N = 30, p = 0.93. There are 1111 rational numbers b with |a|, |b| ≤ 30, and of those, 1034 of them (0.93 of the total) correspond to a point P with h(Q(P )) divisible by 5. We may do the same thing for hyperelliptic curves. For instance, X0(23) is deﬁned by the equation y2 = (x3 − x + 1)(x3 − 8x2 + 3x − 7). We obtain the following:

Figure 4.2: Proportion of points (X,Y ) ∈ X0(23) with X ∈ Q and 11 | h(Q(P ))

0.15

0.10

0.05

5 10 15 20 25 30

We can see that much fewer points with rational x–coordinate give class number divisible by 11. However, there still appears to be a signiﬁcant proportion.

1 a That is, all X = b with gcd(a, b) = 1 and |a|, |b| ≤ N Chapter 4. Higher Genus Curves 25

Recall that for elliptic curves, existence of a Z/pZ cover is equivalent to existence of a rational p– torsion point. This is not the case for hyperelliptic curves; however, by way of analogy with elliptic curves, we look at some hyperelliptic curves whose Jacobians have a rational 11–torsion point (X0(23) is an example of such a curve). Flynn ([13], Application 3.1) gives a parametrized family of hyperelliptic curves with 11–torsion points on their Jacobian:

y2 = x6 + 2x5 + (2t + 3)x4 + 2x3 + (t2 + 1)x2 + 2t(1 − t)x + t2, t ∈ Q. We observe, letting t = 1, that there appears to be a fairly consistent proportion of points generating a quadratic ﬁeld with class number divisible by 11:

Figure 4.3: y2 = x6 + 2x5 + 5x4 + 2x3 + 2x2 + 1 (has 11–torsion), p = 11 0.10

0.08

0.06

0.04

0.02

10 20 30 40 50

Compare this with the following curve, diﬀering only by adding 1 to the right-hand side:

Figure 4.4: y2 = x6 + 2x5 + 5x4 + 2x3 + 2x2 + 2 (no 11–torsion), p = 11 0.010

0.008

0.006

0.004

0.002

10 20 30 40 50

This curve appears to admit a much smaller proportion of ﬁelds with class number divisible by 11. Thus in these examples, the curves with p–torsion generated more ﬁelds with class number divisible by p. Chapter 4. Higher Genus Curves 26

However, we also see the reverse behavior. For instance, Noam Elkies gives in [11] a hyperelliptic curve with a rational 39–torsion point, which should therefore also have rational 13–torsion:

Figure 4.5: y2 = x6 + 4x4 + 10x3 + 4x2 − 4x + 1 (has 13–torsion), p = 13

0.006

0.004

0.002

5 10 15 20 25 30

But this curve produces a relatively low output of ﬁelds with class number divisible by p, when compared with a curve deﬁned more arbitrarily:

Figure 4.6: y2 = x6 + x5 + x4 + x3 + x2 + 3x + 1 (no 13–torsion), p = 13

0.020

0.015

0.010

0.005

5 10 15 20 25 30 Chapter 4. Higher Genus Curves 27

Elkies also gives two curves with 34–torsion (and hence 17–torsion):

Figure 4.7: y2 = (9x2 + 2x + 1)(32x3 + 81x2 − 6x + 1) (has 17–torsion), p = 17

0.015

0.010

0.005

5 10 15 20 25 30

Figure 4.8: y2 = (10 − x)(3x + 2)(72x4 + 96x3 + 45x2 − 38x + 5) (has 17–torsion), p = 17

0.04

0.03

0.02

0.01

5 10 15 20 25 30

It is not clear what properties of the curve determine how many points generate fields whose class numbers are divisible by p. All that is certain is that for all the hyperelliptic curves seen so far, the output is far inferior to that produced by Mestre’s technique using elliptic curves. More study will need to be done in this area to determine whether these curves generate infinitely many fields with class number divisible by p or not. Chapter 5

Appendix: Description of Code

5.1 Computing Ideal Class Groups

Many of the class group computations for this paper were done using Sage; however, when studying the case of quadratic ﬁelds, being able to work explicitly with generators of the ideal class group turned out to be helpful. Thus I implemented a program in Mathematica that would compute ideal class groups of quadratic ﬁelds. Ideas were based on http://www.crm.umontreal.ca/sms/2014/pdf/granville1.pdf and http://projecteuclid.org/download/pdf_1/euclid.bams/1183513326 and [19], and [6].

5.1.1 Classes of Binary Quadratic Forms

A binary quadratic form is a matrix b ! a 2 [a, b, c] := b 2 c with a, b, c ∈ Z. This can be treated as a function of two variables by

b ! ! a 2 x 2 2 [a, b, c](x, y) := x y b = ax + bxy + cy , 2 c y and we say that [a, b, c] represents an integer m if [a, b, c](x, y) = m for some x, y ∈ Z. Given a form, we may compute its discriminant,

b ! a 2 2 ∆[a, b, c] := −4 det b = b − 4ac. 2 c

Observe that this quantity diﬀers from b2 by an even number, so that b and ∆[a, b, c] have the same parity. From now on we will only consider positive-deﬁnite forms:

Deﬁnition 5.1.1. Let [a, b, c] be a binary quadratic form; we say [a, b, c] is positive-deﬁnite if ∆[a, b, c] < 0 and a, c > 0.

Lemma 5.1.1. If [a, b, c] is a positive-deﬁnite form, then [a, b, c](x, y) > 0 unless x = y = 0 (in which case [a, b, c](x, y) = 0).

28 Chapter 5. Appendix: Description of Code 29

Proof. If z 6= 0, [a, b, c](z, 0) = az2 > 0 and [a, b, c](0, z) = cz2 > 0. So suppose x, y 6= 0. Then by a, c > 0, we can apply the AM-GM inequality to obtain √ [a, b, c](x, y) = (ax2 + cy2) + bxy ≥ 2 4ac|xy| + bxy.

If b = 0, this is clearly positive. Otherwise, by b2 − 4ac < 0 and |xy| > 0, this value is greater than 2|bxy| + bxy > 0.

p q Given any A = ( r s ) ∈ SL2(Z) (the group of integer matrices with determinant 1), we deﬁne a group action on quadratic forms by

A · [a, b, c] = AT [a, b, c]A = ap2 + bpr + cr2, 2(apq + crs) + b(qr + ps), aq2 + bqs + cs2, where AT denotes matrix transpose. By multiplicativity of matrix determinants we have ∆[a, b, c] = ∆(A · [a, b, c]), and one can check that if

! ! x x0 = A , y y0 then (A · [a, b, c])(x0, y0) = [a, b, c](x, y). So [a, b, c] and [a0, b0, c0] = A · [a, b, c] have the same discriminant as well as the same set of numbers that they represent. Note also that if [a, b, c] is positive deﬁnite, then a0 = [a, b, c](p, r) > 0, likewise c0 = [a, b, c](q, s) > 0, and ∆[a0, b0, c0] = ∆[a, b, c] < 0, so [a0, b0, c0] is also positive deﬁnite.

Let FD denote the set of all positive deﬁnite binary quadratic forms with discriminant D. FD is divided into orbits by the group action deﬁned above; let ClF (D) suggestively denote the set of orbits (the “form classes”). We say [a, b, c] ∼ [a0, b0, c0] if the two forms are in the same orbit. The following fact will allow us to pick a representative from each orbit in a consistent manner.

Deﬁnition 5.1.2. A form [a, b, c] is called reduced if −a < b ≤ a ≤ c, and if a = c, then b ≥ 0.

Lemma 5.1.2. Every orbit of FD contains a unique reduced form. Proof. We prove existence, as this will give us an algorithm to be used in our program. For uniqueness, see (ref). Take any form [a, b, c] in the orbit, and perform the following algorithm, which at each step replaces the form with an equivalent form. Halt when a reduced form is found. Step 2n − 1: If c < a, or c = a and −a < b < 0, replace [a, b, c] with

! 0 1 [a0, b0, c0] = · [a, b, c] = [c, −b, a], −1 0 which satisﬁes c0 ≥ a0, a0 = c0 implies b0 ≥ 0, and |b0| = |b|. Step 2n: If b > a or b ≤ −a, then there exists a nonzero integer k for which −a < b + k(2a) ≤ a; replace [a, b, c] with

! 1 k [a0, b0, c0] = · [a, b, c] = [a, b + k(2a), ak2 + bk + c]. 0 1 Chapter 5. Appendix: Description of Code 30

Note that |b0| ≤ |b|. Further, |b0| = |b| is only possible if b = −a, in which case k = 1 and [a0, b0, c0] = [a, a, c]. Since step 2n comes after step 2n − 1, we know c ≥ a, so [a, a, c] is a reduced form and the algorithm terminates. Hence, if the algorithm does not terminate, we must have |b0| < |b|, in which case we move on to step 2n + 1. Note that every two steps, either the algorithm terminates or |b| strictly decreases. Hence the algorithm must terminate.

Proposition 5.1.3. ClF (D) is ﬁnite.

Proof. It suffices to show that there are finitely many reduced forms in FD, as the previous proposition tells us that there is a bijection between reduced forms and orbits. By |b| ≤ a ≤ c, a reduced form must satisfy b2 = D + 4ac ≥ D + 4b2, that is, |D| ≥ 3b2. There are only finitely many values of b satisfying this inequality, and for each of these, only finitely many ways 1 2 2 to factor 4 (b − D) into a product of two integers, ac (to ensure b − 4ac = D).

5.1.2 The Class Group of Forms √ √ Let D be a fundamental discriminant, K = ( D), and deﬁne ω = 1 D if D ≡ 2, 3 (mod 4), ω = √ Q 2 4 1 2 (1 + D) if D ≡ 1 (mod 4). Let hα, βi denote {αx + βy : x, y ∈ Z}; thus, OK = h1, ωi. Note that principal ideals will be of the form hα, αωi.

Deﬁnition 5.1.3. Given a nonzero ideal I ⊆ OK , the norm of I, N(I), is deﬁned to be the index

[OK : I] (considered as abelian groups). The norm of the zero ideal is zero.

We collect the following facts about ideals and their norms:

Lemma 5.1.4. Let I,J be nonzero ideals of OK .

(a) If I ⊆ J, then N(J) | N(I).

(b) For α ∈ OK , N((α)) = N(α) = αα (the norm of a principal ideal equals the norm of its generator)

Deﬁnition 5.1.4. Given an ideal hα, βi ⊆ OK , we say the ordered basis [α, β] has positive orientation if αβ − βα = 2=(αβ) > 0.

Lemma 5.1.5. Every nonzero ideal I in OK can be expressed in the form hα, βi for some ordered basis [α, β] with positive orientation. αβ − βα = 2=(αβ) > 0

Lemma 5.1.6. Let p, q, r ∈ Z. Then N(hp, q + rωi) = |pr|.

Proof. Write OK = h1, ωi. By the Third Isomorphism Theorem, we have

h1, ωi h1, ωi/h1i hωi =∼ =∼ =∼ Z , h1, q + rωi h1, q + rωi/h1i hrωi r and h1, q + rωi h1, q + rωi/hq + rωi h1i =∼ =∼ =∼ Z . hp, q + rωi hp, q + rωi/hq + rωi hpi p Chapter 5. Appendix: Description of Code 31

Putting these together, we have

h1, ωi h1, ωi h1, q + rωi = = |pr|. hp, q + rωi h1, q + rωi hp, q + rωi

Theorem 5.1.7. The following correspondence is a bijection: √ ClF (D) ←→ Cl(Q( D)) * √ + b + D [a, b, c] −→ a, 2 N(αx + βy) ←− hα, βi. N(hα, βi)

(Here [α, β] is taken to have positive orientation).

Proof. For each direction of the correspondence, we need to prove that it is well-defined (as a function from FD to IK or vice versa), and that it descends to a map on equivalence classes (equivalent elements get sent to equivalent elements). Then we will prove that the maps are inverses. √ D 1 E Given [a, b, c] ∈ FD, we first prove that I = a, (b + D) is an ideal. Recall that b and D have √ 2 √ the same parity. If D is odd (so ω = 1 (1 + D)), let b = 2k + 1, while if D is even (so ω = 1 D), let √ 2 2 1 b = 2k; in either case we have 2 (b + D) = k + ω ∈ OK , so I ⊆ OK . By definition, I is an abelian group and closed under multiplication by integers, so it suffices to show that it is closed under multiplication by ω. First, we have aω = −k(a) + a(k + ω).

2 D−1 b2−1 If D is odd, then ω = 4 + ω = 4 − ac + ω, and

D − 1 (k + ω)ω = + (k + 1)ω = −c(a) + (k + 1)(k + ω). 4

2 D b2 If D is even, then ω = 4 = 4 − ac and

D (k + ω)ω = + kω = −c(a) + k(k + ω). 4

Thus every element of Iω can be written as an integer combination of a and k + ω; we can conclude that I is an ideal. Next we prove that any two forms in the same orbit get mapped into the same ideal class. We use 0 −1 1 1 the fact that SL2(Z) is generated by S = and T = ( 0 1 ) (ref). We have S · [a, b, c] = [c, −b, a]. √ 1 0 D 1 E This is mapped to the ideal c, 2 (−b + D) , which is in the same equivalence class as I because

* √ + √ !* √ + −b + D −b + D b + D (a) c, = a, . 2 2 2

√ D 1 E Meanwhile, T · [a, b, c] = [a, b + 2a, a + b + c] corresponds to the ideal a, a + 2 (b + D) = I. Since any A ∈ SL2(Z) can be written as a product of S and T , A · [a, b, c] is sent to the same ideal class as [a, b, c]. Chapter 5. Appendix: Description of Code 32

Now we go in the reverse direction. Given an ideal I = hα, βi, ﬁrst note that for any nonzero γ ∈ OK , [α, β] has positive orientation iﬀ [γα, γβ] does (since γαγβ − γβγα = N(γ)(αβ − βα)), and

N(γβx + γαy) N(γ)N(βx + αy) N(βx + αy) = = , N((γ)I) N((γ))N(I) N(I) which proves that equivalent ideals are all mapped to the same place. Thus without loss of generality we may assume I = hp, q + rωi for p, q, r ∈ (replace hα, βi with αhα, βi if need be). We can also write √ Z 1 0 0 β = q + rω = 2 (q + r D) for an appropriate choice of q . Without loss of generality we can assume p > 0 (the negation of a generator is still a generator), in which case we must have r > 0 if [α, β] is to be an ordered basis. Now N(αx + βy) 1 = (αx + βy) αx + βy N(I) N(I) is a binary quadratic form. The coefficient of x2 is a := N(α)/N(I) (obtained by plugging in x = 1, y = 0), a positive integer since α ∈ I. Likewise, the coefficient of y2 is c := N(β)/N(I) a positive integer, and the coefficient of xy is b := N(α + β)/N(I) − a − c ∈ Z. Hence the coefficients are all integers, and 1 1 a, c > 0. Note that we can rewrite b = N(I) N(α + β) − N(α) − N(β) = N(I) αβ + βα . Applying lemma 5.1.6, The discriminant of [a, b, c] is

1 b2 − 4ac = (αβ + βα)2 − 4N(α)N(β) N(I)2 1 = (αβ − βα)2 N(I)2 1 √ 2 = pr D p2r2 = D.

Thus each ideal class is sent to a form in FD.

Finally, we show that the maps are inverses. Suppose we start with [a, b, c] and map it to I = hα, βi = √ √ D 1 E 1 a, 2 (b + D) . a, 2 (b + D) is an ordered basis since a > 0, and N(I) = a by lemma 5.1.6. Then I is mapped to √ !! 1 b + D 1 b2 − D N ax + y = a2x2 + abxy + y2 N(I) 2 a 4

= ax2 + bxy + cy2.

√ D 1 0 E Now suppose we start with an ideal. Choose an equivalent ideal p, 2 (q + r D) with p, r > 0, and map it to 1 [a, b, c] = p2, pq0, 1 (q02 − Dr2) . pr 4 This is then mapped to the ideal * √ + q0/r + D p/r, , 2 which when multiplied by (r) gives the original ideal. Chapter 5. Appendix: Description of Code 33

Operating on Form Orbits

We will deﬁne an operation on ClF (D) that agrees with the operation on Cl(K). First we describe how to multiply certain ideals together. √ √ D 1 E D 1 E Lemma 5.1.8. Suppose I = a1, 2 (b1 + D) and J = a2, 2 (b2 + D) are ideals satisfying √ D 1 E gcd(a1, a2) = 1. Let p, q ∈ Z satisfy pa1 + qa2 = 1. Then IJ = a1a2, 2 (b3 + D) , where b3 = pa1b2 + qa2b1. √ D 1 E Proof. Note that by lemma 5.1.6, a1a2, 2 (b3 + D) has norm a1a2, which is equal to N(IJ) = N(I)N(J). Thus it suﬃces to show that this ideal is a subset of IJ. We clearly have a1a2 ∈ IJ, and √ √ √ b + D b + D b + D pa 2 + qa 1 = 3 ∈ IJ. 1 2 2 2 2

Note that p, q are not uniquely determined, and hence neither is b3. However, any other solution is of the form p0 = p + na , q0 = q − na for some n ∈ , resulting in b0 = b + na a (b − b ). Since b and 2 1 Z 3 3 1 2 2 1 √ 2 D 1 E b1 have the same parity, say b2 − b1 = 2m; then the ideal we obtain is a1a2, nma1a2 + 2 (b3 + D) = √ D 1 E a1a2, 2 (b3 + D) . Hence the ideal is uniquely determined.

Despite the conditions of the above lemma seeming rather restrictive, the following lemma will be used to show that this is the only case of ideal multiplication we need.

0 0 0 Lemma 5.1.9. Given [a, b, c] ∈ FD and nonzero m ∈ Z, there exists an equivalent form [a , b , c ] with gcd(a0, m) = 1.

Proof. Let Q be the product of primes dividing a and m but not c, and R the product of primes dividing m but not a. By deﬁnition gcd(Q, R) = 1, and it’s straightforward to check that [a, b, c](Q, R) is relatively prime to m (assume a prime p divides m, and divide into three cases: p divides a and c, p divides a but not c, or p doesn’t divide a. In each case, two terms of the form will be divisible by p and the third will not). Now by the Euclidean algorithm, there exists u, v ∈ Z such that Qu + Rv = 1. Equivalently, ! Q −v A = ∈ SL2(Z), R u and if [a0, b0, c0] = A · [a, b, c], we have a0 = [a, b, c](Q, R) relatively prime to m as desired.

Now we deﬁne composition on classes of forms as follows.

0 0 0 Definition 5.1.5. Given [a1, b1, c1] and [a2, b2, c2] in FD, first choose [a1, b1, c1] ∼ [a1, b1, c1] with 0 0 0 0 0 0 gcd(a1, 2D) = 1, then choose [a2, b2, c2] ∼ [a2, b2, c2] with gcd(a2, 2a1D) = 1. Choose p, q ∈ Z to satisfy 0 0 pa1 + qa2 = 1. Finally, define

0 0 0 0 2 0 0 0 0 0 0 (pa1b2 + qa2b1) − D [a1, b1, c1] ◦ [a2, b2, c2] = [a3, b3, c3] := a1a2, pa1b2 + qa2b1, 0 0 . 4a1a2

Theorem 5.1.10. The composition law deﬁned above is a well deﬁned operation on ClF (D) that turns it into a group isomorphic to Cl(K). Chapter 5. Appendix: Description of Code 34

Proof. The choices of [a0 , b0 , c0 ] and [a0 , b0 , c0 ] can be accomplished by Lemma 5.1.9. Use Theorem 5.1.7 1 1 1 2 2 √2 √ D 0 1 0 E D 0 1 0 E to obtain corresponding ideals a1, 2 (b1 + D) and a2, 2 (b2 + D) , which can be multiplied using √ D 0 0 1 E Lemma 5.1.8 to obtain a1a2, 2 (b3 + D) . Taking the correspondence in reverse, we obtain a form

√  1  N (b3 + D) 0 0 2 a1a2, b3, 0 0  a1a2 which is precisely [a3, b3, c3] (this proves that c3 ∈ Z which may not be clear at first glance). Choosing different representatives of each equivalence class will not change the equivalence class of the result, because the correspondence takes equivalent forms to equivalent ideals and vice versa. Thus the operation is well-defined, and agrees via the correspondence with multiplication in Cl(K). √ Thus, in order to compute Cl(Q( D)), it suffices by theorem 5.1.3 to find all the reduced forms of FD, and the proof describes how to enumerate these. To compute the p–rank, we can use the composition rule in to find all reduced forms which have p–th power equal to the identity. Computation time can be reduced by multiplying a form to itself once at a time, and keeping track of all the forms seen along the way so these don’t have to be checked again; if [a, b, c]p = 1, then also ([a, b, c]k)p = 1 for any k.

5.2 Points P on a curve with p | h(Q(P ))

The following Mathematica code was used for the results in section 4.4. The function GoodRats takes as input

• a polynomial f,

• a prime number p, and

• a natural number Nmax

And outputs a graph with x–axis going up to Nmax. f is used to deﬁne a curve C : y2 = f(x). For each N ≤ Nmax, the value of the graph at N is the proportion of rational numbers X with height at most N 1 for which p | h(Q(X,Y )), where Y is chosen so that (X,Y ) ∈ C. HeightClass is used to enumerate the rationals.

HeightClass[N ] := I f [N == 1 , {−1, 0 , 1} , l s t = {} ; For[numden = 1, numden < N, numden++, If [GCD[N, numden] == 1, lst = Union[lst , {numden/N, −numden/N, N/numden , −N/numden } ] ] ]; l s t ]

1 a that is, X = b , gcd(a, b) = 1, and |a|, |b| ≤ N Chapter 5. Appendix: Description of Code 35

GoodRats [ f , p , Nmax ] := Module [ { totn = 0, alln = 0, vals = {} , a l l v a l s = {}} , For [ n = 1 , n <= Nmax, n++, rats = HeightClass[n]; alln += Length[rats ]; For [ i = 1 , i <= Length[rats], i++, t = rats[[i]]; If [Divisible[NumberFieldClassNumber[Sqrt[f[t]]] , p], totn++; ]; ]; AppendTo[allvals , alln ]; AppendTo[vals , totn ]; ]; ListPlot[vals/allvals ]; ]; ]

5.3 Kernel Fields of Isogenies

The following Sage code was used for the results in chapter3. The variable isogenypair is a list of three elements; the first two are coefficient lists of elliptic curves (see Cremona’s Tables [9]) and the third is the degree of the isogeny linking them. As output, we obtain the rational maps defining the isogeny ρ : E → F , the kernel polynomial k of ρ, the degrees [Kx : Q] and [K : Q], the Galois groups of the Galois closures of Kx and K, and the relative discriminants ∆(K/Kx) and ∆(Kx/Q). isogenypair = [[0,1,1, − 114,473], [0,1,1, −44704 , −3655907], 13]; X = 2 ;

# Declaring variables x =QQ[’x’].0; y =QQ[’y’].0; i =0;

# y−coord of a point on elliptic curve E with given x−coord def ycordpol(x,E): r = (E[ 0 ] ∗ x + E [ 2 ] ) / 2 ; return (y + r)ˆ2 − ( xˆ3 + E[ 1 ] ∗ xˆ2 + E[ 3 ] ∗ x +E[4] + rˆ2);

# Adjoins all roots of pol to L. # NumberField requires a label for its generator; these # will be indexed by the variable i. def adjoinroots(pol,L): g l o b a l i ; Chapter 5. Appendix: Description of Code 36

factors = list(pol.factor()); Ltemp = L ; for factor in factors: newrootfld = NumberField(factor[0] , ’a’+str(i )); newrootsfld = newrootfld.galois closure(’b’+str(i)); i +=1; if Ltemp == QQ: Ltemp = newrootfld; else: temp = Ltemp.composite fields(newrootfld )[0]; return Ltemp

# Collecting information about the isogeny rho:E−>F E = EllipticCurve(QQ, isogenypair [0]); F = EllipticCurve(QQ, isogenypair [1]); rho = E.isogeny(None, codomain=F,degree=isogenypair [2]); k = rho.kernel polynomial (); rhomap = rho.rational maps ( ) ;

#Kx is field generated by x−coords of kernel; # the points themselves are in K. # Print the Galois groups of their Galois closures. # Note that this section messes up if Kx ==QQ. Kx = adjoinroots(k,QQ); K = adjoinroots(ycordpol(Kx.gen(),isogenypair[0]) ,Kx); print Kx.absolute d e g r e e ( ) ; print K.absolute d e g r e e ( ) ; print Kx.galois group(type=’pari ’); print K.galois group(type=’pari ’); print Kx.discriminant().factor() print K.relative discriminant ().norm(). factor() Bibliography

[1] Nesmith Cornett Ankeny and S. Chowla. “On the Divisibility of the Class Number of Quadratic Fields”. In: Pacific Journal of Mathematics 5.3 (1955), pp. 321–324. [2] Manjul Bhargava, Arul Shankar, and Jacob Tsimerman. “On the Davenport-Heilbronn theorems and second order terms”. In: Inventiones Mathematicae 193.2 (2013), pp. 439–499. issn: 00209910. doi: 10.1007/s00222-012-0433-0. arXiv: 1005.0672. [3] Yuri Bilu and Jean Gillibert. “Chevalley-Weil Theorem and Subgroups of Class Groups”. In: (2016), pp. 1–22. arXiv: 1606.03128. [4] N Bruin and E V Flynn. “N -covers of hyperelliptic curves”. In: (2001), pp. 1–8. url: https: //people.maths.ox.ac.uk/flynn/arts/art21.pdf. [5] H Cohen and HW Jr Lenstra. “Heuristics on class groups of number fields”. In: Number theory, Noordwijkerhout 1983, Lecture Notes in Mathematics 1068 (). url: http://hdl.handle.net/ 1887/2137. [6] Harvey Cohn. Advanced Number Theory. New York: Dover Publications, Inc, 1980, p. 274. isbn: 048664023X. [7] Keith Conrad. “Fermat’s last theorem for regular primes”. In: Preprint (2004). url: http://www. math.uconn.edu/{~}kconrad/blurbs/gradnumthy/fltreg.pdf. [8] Maurice Craig. “A Construction for Irregular Discriminants”. In: Osaka Journal of Mathematics 14.2 (1977), pp. 365–402. [9] J. E. Cremona. Elliptic Curve Data. University of Warwick, U.K. url: http://johncremona. github.io/ecdata/. [10] H Davenport and H Heilbronn. “On the density of discriminants of cubic fields”. In: Proceedings of the Royal Society of London. Series A, Mathematial and Physical Sciences 322.1551 (1971), pp. 345–348. url: http://www.jstor.org/stable/77760. [11] Noam Elkies. Curves of genus 2 over Q whose Jacobians are absolutely simple abelian surfaces with torsion points of high order. Harvard University. url: http://www.math.harvard.edu/~elkies/ g2_tors.html. [12] Jody Esmonde and M Ram Murty. Problems in algebraic number theory. Second. Springer, 1999, pp. xiv+314. isbn: 0-387-98617-0. [13] E. V. Flynn. “Large rational torsion on Abelian varieties”. In: Journal of Number Theory 36.3 (1990), pp. 257–265. issn: 0022314X. doi: 10.1016/0022-314X(90)90089-A.

37 BIBLIOGRAPHY 38

[14] Carl Friedrich Gauss. Disquisitiones Arithmeticae. Trans. by Arthur A. Clarke. New York: Springer- Verlag, 1986. isbn: 0387962549. [15] D. R. Heath-Brown and L. B. Pierce. “Averages and moments associated to class numbers of imaginary quadratic fields”. In: (2014), pp. 1–25. arXiv: 1409.3177. [16] H Heilbronn. “On the Class-Number in Imaginary Quadratic Fields”. In: The Quarterly Journal of Mathematics os-5 (1 1934). doi: 10.1093/qmath/os-5.1.150. [17] David Lubicz and Damien Robert. “Computing isogenies between abelian varieties”. In: Compositio Mathematica 148.5 (2012), pp. 1483–1515. issn: 0010437X. doi: 10.1112/S0010437X12000243. arXiv: arXiv:1001.2016v1. [18] Jean-Fran¸coisMestre. “Courbes elliptiques et groupes de classes d’ idéauxde certaines corps quadratiques”. In: Journal fürdie reine und angewandte Mathematik 1983.343 (1983), pp. 23–35. [19] Nicole Miller. “The Structure of the Class Group of Imaginary Quadratic Fields”. In: Master’s Thesis for Virginia Polytechnic Institute and State University (2005). url: https://theses. lib.vt.edu/theses/available/etd-05112005-124308/unrestricted/Nicole.pdf. [20] J. S. Milne. In: (). [21] J. S. Milne. “Abelian Varieties”. In: (2008). url: http://www.jmilne.org/math/CourseNotes/ AV.pdf. [22] J. S. Milne. “Algebraic Number Theory”. In: (2013). url: http://jmilne.org/math/CourseNotes/ ANT.pdf. [23] Todd Rowland. Elliptic Discriminant. From MathWorld–A Wolfram Web Resource, created by Eric W. Weisstein. url: http://mathworld.wolfram.com/EllipticDiscriminant.html. [24] R. J. Schoof. “Class Groups of Complex Quadratic Fields”. In: Mathematics of Computation 41.163 (1983), pp. 295–302. url: http://www.jstor.org/stable/2007782. [25] Daniel Shumow. “Isogenies of Elliptic Curves : A Computational Approach”. In: University of Washington (2009). url: http://www.sagemath.org/files/thesis/shumow-thesis-2009.pdf. [26] Carl Siegel. “Uber¨ die Classenzahl quadratischer Zahlkörper”. In: Acta Arithmetica 1.1 (1935), pp. 83–86. url: https://eudml.org/doc/205054. [27] Joseph Silverman. Arithmetic of Elliptic Curves. Ed. by S. Axler and K.A. Ribet. Second. Springer, 2009. isbn: 978-0-387-09493-9. [28] Ravi Vakil. “Descent Theory (Joe Rabinoff’s Exposition)”. In: (2006). url: http://palmer. wellesley.edu/{~}aschultz/w06/etale{\_}cohomology/joedescent.pdf.