DOCSLIB.ORG

Compact Representation of Quadratic Integers and Integer Points on Some Elliptic Curves

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Compact Representation of Quadratic Integers and Integer Points on Some Elliptic Curves Compact representation of quadratic integers and integer points on some elliptic curves Filip Najman, University of Zagreb, Croatia 1 Introduction p Let Q( d) be a real quadratic field. Followingp [Mau] we define a compact representation of an algebraic number β 2 Q( d) to be k 2k−j Y αj β = ; (1) d j=1 j p p (aj +bj d) where dj 2 Z; αj = 2 2 Q( d); aj; bj 2 Z; j = 1; : : : ; k. Bounds on k, α and dj are given in [Mau], and all depend polynomially on log d. Com- pact representations are used to store the fundamental unit of the quadratic order OK . The reason for doing this is that, as is shown in [Lag], there is an infinite set of quadratic orders, such that the binary length of the fun- damental unit is exponential in log d. This makes it impossible to create an algorithm for solving the Pell equation with complexity less than expo- nential. Compact representations are polynomial in log d, and allow faster algorithms for solving the Pell equation. This representation is an extension of a compact representationp as de- ∗ fined in [BTW] from algebraic integers to all elements of Q ( d): It is often useful to do modular arithmetic on compact representations, for example for determening the solvability of certain Diophantine equations, as seen in [JW]. We present an algorithm for computing the value of a quadratic inte- ger represented by a compact representation as defined in [Mau]. In [BTW] and [JW] there are algorithms for doing modular arithmetic on compact representations as defined in [BTW], but to our knowledge there are no algorithms for doing modular arithmetic on compact representations as de- fined in [Mau]. The main problem is that the [BTW] representation requires that the partial products j−1 2j−i Y αi γ = α (2) j j d i=1 i be quadratic integers. Using Maurer's methods, we obtain representations that do not satisfy this requirement. On such a representation, using algo- rithms from [BTW] and [JW] is not possible. 1 It is expected that the number of integer points on an elliptic curve E in Weierstrass form depends on the rank E(Q). More precisely, Lang conjectured that it grows exponentially with the rank (see [JSil]). Since not much is known on the distribution of ranks in parametric families of elliptic curves, this makes it hard to expect to find (or even predict) all integer points on a family of elliptic curves in Weierstrass form. However, for some families of elliptic curves not in Weierstarss form, there are results which give evidence that the number of integer points might not depend on rank, and that actually the number of points can be the same for all curves in a family. Several such results involve so called D(n)-m-tuples. A set of positive integers fa1; a2; : : : ; amg is called a Diophantine D(n) m- tuple if aiaj + n is a perfect square for all 1 ≤ i < j ≤ m. Using our algorithm we shall improve the following results. In [Fuj1], the following theorem is proved: Theorem 1. Let f1; 2; cg be a D(−1)-triple such that c = c = 1 ((1 + p p k 8 2)4k + (1 − 2)4k + 6), and E the elliptic curve given by 2 Ek : y = (x + 1)(2x + 1)(cx + 1): (3) Assume that c − 2 is square-free and that the rank of E over Q equals two. Then, the integer points on E are given by c − 3 (x; y) 2 f(−1; 0); (0; ±1); ( ; ±s(c−2)); (s(3s−2t); ±(t−s)(2s−t)(st−c)); 2 (s(3s + 2t); ±(t + s)(2s + t)(st + c))g; (4) p p where s = c − 1 and t = 2c − 1. It is shown in [Fuj1] that if f1; 2; cg is a D(−1)-triple, then c = ck, where k is a positive integer. It should be mentioned that the assump- tion that rk(Ek(Q)) = 2 does not always hold. One example of this is that rk(E4(Q)) = 4. Also c − 2 does not always have to be square-free. Examples of this are c26 − 2 and c40 − 2. Fujita showed that Theorem 1 holds without the assumptions on the rank and c − 2 for k ≤ 40, except for k 2 f4; 7; 8; 11; 12; 15; 20; 24; 25; 27; 30; 36; 39g. We will exclude the cases k = 4; 7; 8; 11; 12; 15; 20; 25; 27; 30 and under the Extended Riemann Hy- pothesis, also the case k = 39. In [Fuj2] it is proved Theorem 2. Let k ≥ 1 be an integer, and Ek the elliptic curve given by 2 Ek : y = (F2k+1 + 1)(F2k+3x + 1)(F2k+5x + 1): (5) If the rank of Ek over Q equals one, then the integer points on Ek are given by (x; y) 2 f(0; ±1); (4F2k+2F2k+3F2k+4; 2 2 ±(2F2k+2F2k+3 + 1)(2F2k+3 − 1)(2F2k+3F2k+4 − 1))g: (6) Note that fF2k+1;F2k+3;F2k+5g is a D(−1)-triple. As in Theorem 1, in Theorem 2 the assumption rk(Ek(Q)) = 1 does not always hold. For example, rk(Ek(Q)) 6= 1 for k = 2; 3; 4; 5; 7; 9; 10. Fujita showed that Theorem 2 holds without the assumption on the rank of Ek for f ≤ k ≤ 50, except for the cases k 2 f9; 20; 24; 25; 32; 43g. We shall eliminate the cases k = 9; 20; 24; 25 and under the Extended Riemann Hy- pothesis, also the case k = 43. In [Duj3] it is proved Theorem 3. Let Ek be the elliptic curve given by 2 Ek : y = ((k − 1)x + 1)((k + 1)x + 1)(4kx + 1): (7) If the rank of Ek over Q equals one or 3 ≤ k ≤ 1000, then all integer points on Ek are given by (x; y) 2 f(0; ±1); (16k3 − 4k; ±(128k6 − 112k4 + 20k2 − 1))g: (8) We shall extend this result to 3 ≤ k ≤ 5000. Note that fk − 1; k + 1; 4kg is a D(1)-triple. In [Duj1] it was proven that this triple extends uniquely to a Diophantine quadruple fk − 1; k + 1; 4k; 16k3 − 4kg. Note also that in [Duj3] it was shown that the statement of Theorem 3 is valid for some subfamilies with ranks 2 and 3, which makes the conjecture that for all k ≥ 3 all integer points on (7) are given by (8) plausible. In [Duj4] it is proved Theorem 4. Let Ek be the elliptic curve given by 2 Ek : y = (F2k + 1)(F2k+2x + 1)(F2k+4x + 1): (9) If the rank of Ek over Q equals one or 2 ≤ k ≤ 50, then all integer points on Ek are given by (x; y) 2 f(0; ±1); (4F2k+1F2k+2F2k+3; 2 ±(2F2k+1F2k+2 − 1)(2F2k+2 + 1)(2F2k+2F2k+3 + 1))g (10) We shall extend this result to 2 ≤ k ≤ 200. Note that fF2k;F2k+2;F2k+4g is a D(1)-triple. In [Duj2] it was proven that this triple extends uniquely to a Diophantine quadruple fF2k;F2k+2; F2k+4; 4Fk+1F2k+2F2k+3g. 3 2 An algorithm for modular arithmetic on compact representations We develop an algorithm, which for a given compact representation (1) of p 2k−j p a quadratic integer x+y ∆ = Qk αj , where x+y ∆ is the standard 2 j=1 dj 2 representation of the given quadratic integer, and a positive integer n, com- putes the values x and y modulo n. Our algorithm is a modification of the algorithm described in Theorem 5.7 in [BTW]. Algorithm 1 k−1 Qk 2 mdl:=n·2 i=1 dk a[1]:=c1 (mod mdl), b[1]:=f1 (mod mdl); rem:= 1 For (i=2,i<k−1,++i) f 2 2 xtmp:=(a[i−1] +b[i−1] ∆) ai + 2∆a[i−1]b[i−1]bi (mod mdl) 2 2 ytmp:=(a[i−1] +b[i−1] ∆) bi + 2a[i−1]b[i−1]ai (mod mdl) rem:=rem2 2 divisor:=gcd(4di−1,xtmp,ytmp) 2 4di−1·rem rem:= divisor mdl mdl:= gcd(mdl, divisor) xtmp a[i]:= divisor (mod mdl) ytmp b[i]:= divisor (mod mdl) rem reduction:= gcd(rem, mdl) while (gcd(reduction,mdl)> 1) reduction reduction= gcd(reduction;mdl) If reduction6= 1 f mult:=reduction−1 (mod mdl) rem rem:= reduction a[i]:=a[i]· mult (mod mdl) b[i]:=b[i]· mult (mod mdl) g g This algorithm would be exactly the same algorithm as the one from The- orem 5.7 in [BTW] if all the γj, as defined in (2), are quadratic integers. Algorithm 1 takes polynomial time. As in the algorithm from [BTW], we make use of the recursive equation 2 2 4di−1γi = γi−1αi: (11) 2 If all the γj are not quadratic integers, then 4di−1 does not divide the right hand side in (11), so we must remember the part that does not divide (rem in the algorithm). Also, it may occur that a factor of n is canceled, so we 4 actually get x (mod n0) and y (mod n0), where n0 divides n. To correct this we have Algorithm 2: Algorithm 2 Algorithm 2 receives as input a compact representation of a quadratic in- teger P , and a positive integer n. It also uses a version of Algorithm 1, alg1(P; n; k), which receives P and n, and stores the value of n0 in k.
Load more

Recommended publications
  • The Group of Classes of Congruent Quadratic Integers with Respect to Any Composite Ideal Modulus Whatever
    THE GROUPOF CLASSESOF CONGRUENTQUADRATIC INTEGERS WITH RESPECTTO A COMPOSITEIDEAL MODULUS* BY ARTHUR RANUM Introduction. If in the ordinary theory of rational numbers we consider a composite integer m as modulus, and if from among the classes of congruent integers with respect to that modulus we select those which are prime to the modulus, they form a well-known multiplicative group, which has been called by Weber (Algebra, vol. 2, 2d edition, p. 60), the most important example of a finite abelian group. In the more general theory of numbers in an algebraic field we may in a corre- sponding manner take as modulus a composite ideal, which includes as a special case a composite principal ideal, that is, an integer in the field, and if we regard all those integers of the field which are congruent to one another with respect to the modulus as forming a class, and if we select those classes whose integers are prime to the modulus, they also will form a finite abelian group f under multiplication. The investigation of the nature of this group is the object of the present paper. I shall confine my attention, however, to a quadratic number-field, and shall determine the structure of the group of classes of congruent quadratic integers with respect to any composite ideal modulus whatever. Several distinct cases arise depending on the nature of the prime ideal factors of the modulus ; for every case I shall find a complete system of independent generators of the group. Exactly as in the simpler theory of rational numbers it will appear that the solution of the problem depends essentially on the case in which the modulus is a prime-power ideal, that is, a power of a prime ideal.
    [Show full text]
  • Small-Span Hermitian Matrices Over Quadratic Integer Rings
    MATHEMATICS OF COMPUTATION Volume 84, Number 291, January 2015, Pages 409–424 S 0025-5718(2014)02836-6 Article electronically published on May 19, 2014 SMALL-SPAN HERMITIAN MATRICES OVER QUADRATIC INTEGER RINGS GARY GREAVES Abstract. A totally-real polynomial in Z[x] with zeros α1 α2 ··· αd has span αd−α1. Building on the classification of all characteristic polynomials of integer symmetric matrices having small span (span less than 4), we obtain a classification of small-span polynomials that are the characteristic polynomial of a Hermitian matrix over some quadratic integer ring. Taking quadratic integer rings as our base, we obtain as characteristic polynomials some low- degree small-span polynomials that are not the characteristic (or minimal) polynomial of any integer symmetric matrix. 1. Introduction and preliminaries 1.1. Introduction. Let f be a totally-real monic polynomial of degree d having integer coefficients with zeros α1 α2 ··· αd.Thespan of f is defined to be αd − α1. In this article, for Hermitian matrices A over quadratic integer rings, we are interested in the characteristic polynomials χA(x):=det(xI − A)andthe minimal polynomials pA(x). We build on the work of McKee [17] who classified all integer symmetric matrices whose characteristic polynomials have span less than 4. Following McKee, we call a totally-real monic integer polynomial small-span if its span is less than 4 and a Hermitian matrix is called small-span if its characteristic polynomial is small-span. A set consisting of an algebraic integer and all of its (Galois) conjugates is called a conjugate set.
    [Show full text]
  • Algebraic Numbers, Algebraic Integers
    Algebraic Numbers, Algebraic Integers October 7, 2012 1 Reading Assignment: 1. Read [I-R]Chapter 13, section 1. 2. Suggested reading: Davenport IV sections 1,2. 2 Homework set due October 11 1. Let p be a prime number. Show that the polynomial f(X) = Xp−1 + Xp−2 + Xp−3 + ::: + 1 is irreducible over Q. Hint: Use Eisenstein's Criterion that you have proved in the Homework set due today; and find a change of variables, making just the right substitution for X to turn f(X) into a polynomial for which you can apply Eisenstein' criterion. 2. Show that any unit not equal to ±1 in the ring of integers of a real quadratic field is of infinite order in the group of units of that ring. 3. [I-R] Page 201, Exercises 4,5,7,10. 4. Solve Problems 1,2 in these notes. 3 Recall: Algebraic integers; rings of algebraic integers Definition 1 An algebraic integer is a root of a monic polynomial with rational integer coefficients. Proposition 1 Let θ 2 C be an algebraic integer. The minimal1 monic polynomial f(X) 2 Q[X] having θ as a root, has integral coefficients; that is, f(X) 2 Z[X] ⊂ Q[X]. 1i.e., minimal degree 1 Proof: This follows from the fact that a product of primitive polynomials is again primitive. Discuss. Define content. Note that this means that there is no ambiguity in the meaning of, say, quadratic algebraic integer. It means, equivalently, a quadratic number that is an algebraic integer, or number that satisfies a quadratic monic polynomial relation with integral coefficients, or: Corollary 1 A quadratic number is a quadratic integer if and only if its trace and norm are integers.
    [Show full text]
  • Idempotent Factorizations of Singular $2\Times 2$ Matrices Over Quadratic
    IDEMPOTENT FACTORIZATIONS OF SINGULAR 2 2 × MATRICES OVER QUADRATIC INTEGER RINGS LAURA COSSU AND PAOLO ZANARDO Abstract. Let D be the ring of integers of a quadratic number field Q[√d]. We study the factorizations of 2 2 matrices over D into idem- × potent factors. When d < 0 there exist singular matrices that do not admit idempotent factorizations, due to results by Cohn (1965) and by the authors (2019). We mainly investigate the case d > 0. We employ Vaserˇste˘ın’s result (1972) that SL2(D) is generated by elementary ma- trices, to prove that any 2 2 matrix with either a null row or a null × column is a product of idempotents. As a consequence, every column- row matrix admits idempotent factorizations. Introduction In 1967 J. A. Erdos [10] proved that every square matrix with entries in a field that is singular (i.e., with zero determinant) admits idempotent factorizations, i.e., it can be written as a product of idempotent matrices. His work originated the problem of characterising integral domains R that satisfy the property IDn: every singular n n matrix with entries in R admits idempotent factorizations. We recall the× papers by Laffey [15] (1983), Hannah and O’Meara [13] (1989), Fountain [12] (1991). The related problem of factorizing invertible matrices into products of elementary factors has been a prominent subject of research over the years (see [3,5,16,17,19,23]). Following Cohn [5], we say that R satisfies property GEn if every invertible n n matrix over R can be written as a product of elementary matrices.
    [Show full text]
  • New York Journal of Mathematics Quadratic Integer Programming And
    New York Journal of Mathematics New York J. Math. 22 (2016) 907{932. Quadratic integer programming and the Slope Conjecture Stavros Garoufalidis and Roland van der Veen Abstract. The Slope Conjecture relates a quantum knot invariant, (the degree of the colored Jones polynomial of a knot) with a classical one (boundary slopes of incompressible surfaces in the knot complement). The degree of the colored Jones polynomial can be computed by a suitable (almost tight) state sum and the solution of a corresponding quadratic integer programming problem. We illustrate this principle for a 2-parameter family of 2-fusion knots. Combined with the results of Dunfield and the first author, this confirms the Slope Conjecture for the 2-fusion knots of one sector. Contents 1. Introduction 908 1.1. The Slope Conjecture 908 1.2. Boundary slopes 909 1.3. Jones slopes, state sums and quadratic integer programming 909 1.4. 2-fusion knots 910 1.5. Our results 911 2. The colored Jones polynomial of 2-fusion knots 913 2.1. A state sum for the colored Jones polynomial 913 2.2. The leading term of the building blocks 916 2.3. The leading term of the summand 917 3. Proof of Theorem 1.1 917 3.1. Case 1: m1; m2 ≥ 1 918 3.2. Case 2: m1 ≤ 0; m2 ≥ 1 919 3.3. Case 3: m1 ≤ 0; m2 ≤ −2 919 Received January 13, 2016. 2010 Mathematics Subject Classification. Primary 57N10. Secondary 57M25. Key words and phrases. knot, link, Jones polynomial, Jones slope, quasi-polynomial, pretzel knots, fusion, fusion number of a knot, polytopes, incompressible surfaces, slope, tropicalization, state sums, tight state sums, almost tight state sums, regular ideal octa- hedron, quadratic integer programming.
    [Show full text]
  • Numbers, Groups and Cryptography Gordan Savin
    Numbers, Groups and Cryptography Gordan Savin Contents Chapter 1. Euclidean Algorithm 5 1. Euclidean Algorithm 5 2. Fundamental Theorem of Arithmetic 9 3. Uniqueness of Factorization 14 4. Efficiency of the Euclidean Algorithm 16 Chapter 2. Groups and Arithmetic 21 1. Groups 21 2. Congruences 25 3. Modular arithmetic 28 4. Theorem of Lagrange 31 5. Chinese Remainder Theorem 34 Chapter 3. Rings and Fields 41 1. Fields and Wilson's Theorem 41 2. Field Characteristic and Frobenius 45 3. Quadratic Numbers 48 Chapter 4. Primes 53 1. Infinitude of primes 53 2. Primes in progression 56 3. Perfect Numbers and Mersenne Primes 59 4. The Lucas Lehmer test 62 Chapter 5. Roots 67 1. Roots 67 2. Property of the Euler Function 70 3. Primitive roots 71 4. Discrete logarithm 75 5. Cyclotomic Polynomials 77 Chapter 6. Quadratic Reciprocity 81 1. Squares modulo p 81 2. Fields of order p2 85 3. When is 2 a square modulo p? 88 4. Quadratic Reciprocity 91 Chapter 7. Applications of Quadratic Reciprocity 95 3 4 CONTENTS 1. Fermat primes 95 2. Quadratic Fields and the Circle Group 98 3. Lucas Lehmer test revisited 100 Chapter 8. Sums of two squares 107 1. Sums of two squares 107 2. Gaussian integers 111 3. Method of descent revisited 116 Chapter 9. Pell's Equations 119 1. Shape numbers and Induction 119 2. Square-Triangular Numbers and Pell Equation 122 3. Dirichlet's approximation 125 4. Pell Equation: classifying solutions 128 5. Continued Fractions 130 Chapter 10. Cryptography 135 1. Diffie-Hellman key exchange 135 2.
    [Show full text]
  • Fast Exponentiation Via Prime Finite Field Isomorphism
    Alexander Rostovtsev, St. Petersburg State Polytechnic University [email protected] Fast exponentiation via prime finite field isomorphism Raising of the fixed element of prime order group to arbitrary degree is the main op- eration specified by digital signature algorithms DSA, ECDSA. Fast exponentiation algorithms are proposed. Algorithms use number system with algebraic integer base 4 ±2 . Prime group order r can be factored r =pp in Euclidean ring [±2] by Pol- lard and Schnorr algorithm. Farther factorization of prime quadratic integer p=rr 4 in the ring [±2] can be done similarly. Finite field r is represented as quotient 4 ring [±r2]/(). Integer exponent k is reduced in corresponding quotient ring by minimization of absolute value of its norm. Algorithms can be used for fast exponen- tiation in arbitrary cyclic group if its order can be factored in corresponding number rings. If window size is 4 bits, this approach allows speeding-up 2.5 times elliptic curve digital signature verification comparatively to known methods with the same window size. Key words: fast exponentiation, cyclic group, algebraic integers, digital signature, elliptic curve. 1. Introduction Let G be cyclic group of prime computable order. Raising of the fixed element a Î G to arbitrary degree is the main operation specified by many public key cryptosystems, such as digital signature algorithms DSA, ECDSA [2]. In crypto- graphic applications prime group order is more then 2100. Group G can be given as subgroup of finite field [6], elliptic curve or Jacobian of hyperelliptic curve over finite field, class group of number field, etc.
    [Show full text]
  • A Computational Exploration of Gaussian and Eisenstein Moats
    A Computational Exploration of Gaussian and Eisenstein Moats By Philip P. West A DISSERTATION SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTERS IN SCIENCE (MATHEMATICS) at the CALIFORNIA STATE UNIVERSITY CHANNEL ISLANDS 20 14 copyright 20 14 Philip P. West ALL RIGHTS RESERVED APPROVED FOR THE MATHEMATICS PROGRAM Brian Sittinger, Advisor Date: 21 December 20 14 Ivona Grzegorzyck Date: 12/2/14 Ronald Rieger Date: 12/8/14 APPROVED FOR THE UNIVERSITY Doctor Gary A. Berg Date: 12/10/14 Non- Exclusive Distribution License In order for California State University Channel Islands (C S U C I) to reproduce, translate and distribute your submission worldwide through the C S U C I Institutional Repository, your agreement to the following terms is necessary. The authors retain any copyright currently on the item as well as the ability to submit the item to publishers or other repositories. By signing and submitting this license, you (the authors or copyright owner) grants to C S U C I the nonexclusive right to reproduce, translate (as defined below), and/ or distribute your submission (including the abstract) worldwide in print and electronic format and in any medium, including but not limited to audio or video. You agree that C S U C I may, without changing the content, translate the submission to any medium or format for the purpose of preservation. You also agree that C S U C I may keep more than one copy of this submission for purposes of security, backup and preservation. You represent that the submission is your original work, and that you have the right to grant the rights contained in this license.
    [Show full text]
  • Analysis of Fast Versions of the Euclid Algorithm Eda Cesaratto, Julien Clément, Benoît Daireaux, Loïck Lhote, Véronique Maume-Deschamps, Brigitte Vallée
    Analysis of fast versions of the euclid algorithm Eda Cesaratto, Julien Clément, Benoît Daireaux, Loïck Lhote, Véronique Maume-Deschamps, Brigitte Vallée To cite this version: Eda Cesaratto, Julien Clément, Benoît Daireaux, Loïck Lhote, Véronique Maume-Deschamps, et al.. Analysis of fast versions of the euclid algorithm. 2008. hal-00211424 HAL Id: hal-00211424 https://hal.archives-ouvertes.fr/hal-00211424 Preprint submitted on 21 Jan 2008 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Analysis of fast versions of the Euclid Algorithm Eda Cesaratto ∗ Julien Cl´ement † Benoˆıt Daireaux‡ Lo¨ıck Lhote § V´eronique Maume-Deschamps ¶ Brigitte Vall´ee k To appear in the ANALCO’07 Proceedings Abstract gebra. Many gcd algorithms have been designed since There exist fast variants of the gcd algorithm which are Euclid. Most of them compute a sequence of remainders all based on principles due to Knuth and Sch¨onhage. On by successive divisions, which leads to algorithms with inputs of size n, these algorithms use a Divide and Con- a quadratic bit–complexity (in the worst-case and in the quer approach, perform FFT multiplications and stop average-case).
    [Show full text]
  • Optimality of the Width-$ W $ Non-Adjacent Form: General
    OPTIMALITY OF THE WIDTH-w NON-ADJACENT FORM: GENERAL CHARACTERISATION AND THE CASE OF IMAGINARY QUADRATIC BASES CLEMENS HEUBERGER AND DANIEL KRENN Abstract. Efficient scalar multiplication in Abelian groups (which is an im- portant operation in public key cryptography) can be performed using digital expansions. Apart from rational integer bases (double-and-add algorithm), imaginary quadratic integer bases are of interest for elliptic curve cryptogra- phy, because the Frobenius endomorphism fulfils a quadratic equation. One strategy for improving the efficiency is to increase the digit set (at the prize of additional precomputations). A common choice is the width-w non-adjacent form (w-NAF): each block of w consecutive digits contains at most one non- zero digit. Heuristically, this ensures a low weight, i.e. number of non-zero digits, which translates in few costly curve operations. This paper investigates the following question: Is the w-NAF-expansion optimal, where optimality means minimising the weight over all possible expansions with the same digit set? The main characterisation of optimality of w-NAFs can be formulated in the following more general setting: We consider an Abelian group together with an endomorphism (e.g., multiplication by a base element in a ring) and a finite digit set. We show that each group element has an optimal w-NAF- expansion if and only if this is the case for each sum of two expansions of weight 1. This leads both to an algorithmic criterion and to generic answers for various cases. Imaginary quadratic integers of trace at least 3 (in absolute value) have optimal w-NAFs for w 4.
    [Show full text]
  • Answers and Solutions
    Answers and Solutions Chapter 1 1.1(a). The point E can be obtained by folding the square along the bisector of angle BAC, so that AB is folded onto the diagonal with B landing on E. If F is the point where the bisector intersects B C, then B F folds to E F. Thus E F -1 AC and BF = EF. Since L.EFC = 45° = L.ECF, FE = EC. l.1(b). WC! = IBC! - IBFI = IAEI - ICEI = 21AEI - lAC! and IEC! = lAC! - IAEI = lAC! - IBC!. l.3(a). n Pn qn rn 1 1 1 1 2 3 2 3/2 = 1.5 3 7 5 7/5 = 1.4 4 17 12 17/12 = 1.416666 5 41 29 41/29 = 1.413793 1.3(c). Clearly, rn > 1 for each n, so that from (b), rn+1 - rn and rn - rn-I have opposite signs and 1 Irn+l - rnl < 41rn - rn-II· Since r2 > 1 = rl, it follows that rl < r3 < r2. Suppose as an induction hypothesis that rl < r3 < ... < r2m-1 < r2m < ... < r2. Then 0 < r2m - r2m+1 < r2m - r2m-1 and 0 < r2m+2 - r2m+1 < r2m - r2m+J. so that r2m-1 < r2m+1 < r2m+2 < r2m. Let k, 1 be any positive integers. Then, for m > k, I, r2k+1 < r2m-1 < r2m < r21. l.3(d). Leta be the least upper bound (i.e., the smallest number at least as great as all) of the numbers in the set {rl, r3, r5, ... , r2k+l, ... }. Then r2m-1 ::::: a ::::: r2m 139 140 Answers and Solutions .....-_______---,D \ \ \ \ \ \ \ \ \ \ BL..---...L..-----~ F FIGURE 1.3.
    [Show full text]
  • Orders in Quadratic Imaginary Fields of Small Class Number
    ORDERS IN QUADRATIC IMAGINARY FIELDS OF SMALL CLASS NUMBER JANIS KLAISE Abstract. In 2003 M. Watkins [Wat03] solved the Gauss Class Number Prob- lem for class numbers up to 100: given a class number h, what is the complete list of quadratic imaginary fields K with this class number? In this project we extend the problem by including non-maximal orders - subrings O of the ring of integers OK that are also Z-modules of rank 2 admiting a Q-basis of K. These orders are more complicated than OK since they need not be Dedekind domains. The main theoretical part is the class number formula linking the class numbers of O and OK . We give a complete proof of this and use it together with the results of Watkins to find the orders of class number h = 1, 2, 3 by solving the class number formula in a Diophantine fashion. We then describe a different algorithm that was suggested and implemented dur- ing the writing of this project and succesfully finds all orders of class number up to 100. Finally, we motivate the problem by its application to j-invariants in complex multiplication. Contents 1. Introduction 1 2. The Class Number Formula 4 3. Example Calculations. 13 4. An Algorithm 18 5. An Application to Complex Multiplication 20 References 23 1. Introduction Gauss in his Disquisitiones Arithmeticae [Gau86, §303-304] came up with several conjectures about imaginary quadratic fields (in the language of discriminants of integral binary quadratic forms). In particular, he gave lists of discriminants cor- responding to imaginary quadratic fields with given small class number and be- lieved them to be complete without proof.
    [Show full text]