DOCSLIB.ORG

Higher-Degree Supersingular Group Actions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Higher-Degree Supersingular Group Actions Higher-degree supersingular group actions Mathilde Chenu1,2 and Benjamin Smith2,1 1Laboratoire d’Informatique (LIX), CNRS, École polytechnique, Institut Polytechnique de Paris, Palaiseau, France 2Inria, Palaiseau, France Abstract We investigate the isogeny graphs of supersingular elliptic curves over F?2 equipped with a 3-isogeny to their Galois conjugate. These curves are interesting because theyp are, in a sense, a generalization of curves defined over F?, and there is an action of the ideal class group of Q¹ −3?º on the isogeny graphs. We investigate constructive and destructive aspects of these graphs in isogeny-based cryptography, including generalizations of the CSIDH cryptosystem and the Delfs–Galbraith algorithm. Keywords: Isogeny-based cryptography, Supersingular elliptic curves, Endomorphisms 2010 Mathematics Subject Classification: 94A60, 11Y40 1 INTRODUCTION Supersingular isogeny graphs of elliptic curves over F?2 , with their rich number-theoretic and combinatorial properties, are at the heart of an increasing number of pre- and post-quantum cryptosystems. Identifying and exploiting special subgraphs of supersingular isogeny graphs is key to understanding their mathematical properties, and their cryptographic potential. Isogeny-based cryptosystems roughly fall into two families. On one hand, we have the cryptosystems that work in the full ℓ-isogeny graph for various ℓ, including the Charles–Goren–Lauter hash [13], SIDH [30, 23, 17], SIKE [31], OSIDH [16], SQISign [24], and many more. These systems take advantage of the fact that the supersingular ℓ-isogeny graph is a large regular graph with large diameter and excellent expansion and mixing properties (indeed, it is a Ramanujan graph). On the other hand, we have cryptosystems that work in the F?-subgraph supported on vertices defined over F? (or with 9-invariants in F?), such as CSIDH [11], CSI-FiSh [7], and CSURF [10]. These cryptosystems, many of which represent optimizations and extensions of pioneering work with ordinary curves due to Stolbunov [43, 46] and Couveignes [18], take advantage of the fact that the F?-endomorphism rings of these curves are an imaginary quadratic ring, and the ideal class group of this ring has a convenient and efficiently-computable commutative action on the F?-subgraph. This group action allows us to define many simple and useful cryptosystems, but it also explains the structure of the F?-subgraph, allowing us to use it as a cryptanalytic tool [21] and as a convenient point-of-reference when exploring structures in the full supersingular isogeny graph [1]. This paper investigates a family of generalizations of the F?-subgraph, one for each squarefree integer 3. The key is to recognise that a curve E/F?2 has its 9-invariant in F? precisely when E is isomorphic to the conjugate ¹ ?º curve E /F?2 defined by ?-th powering the coefficients of E, and the edges of the F?-subgraph correspond to isogenies that are compatible with these isomorphisms. In this paper, we relax the isomorphisms to 3-isogenies, and consider the cryptographic consequences. We obtain a series of distinguished subgraphs of the supersingular isogeny graph, each equipped with a free and transitive action by an ideal class group. We define ¹3, nº-structures—essentially, curves with a 3-isogeny to their conjugate—and the isogenies between them in §2. While ¹3, nº-structures are defined over F?2 , in §3 we show that they have modular invariants in F?, and give useful parameterizations for 3 = 2 and 3. We narrow our focus to supersingular curves in §4, using the theory of orientations to set up the class group action on ¹3, nº-structures. We give some illustrative examples of isogeny graphs of supersingular ¹3, nº-structures in §5, before turning to cryptographic applications in §6. Isogeny graphs of ¹3, nº-structures are a natural setting for variants of CSIDH (and closely related cryptosys- tems). We give arguments for the security of such cryptosystems in §6.1. We outline a non-interactive key exchange in §6.2, generalizing CSIDH (which is the special case 3 = 1), and highlight some of the subtleties that appear when we move to 3 ¡ 1. Optimized implementation techniques are beyond the scope of this article. The isogeny graphs formed by ¹3, nº-structures form interesting geographical features in the full supersingular isogeny graph. Charles, Goren, and Lauter investigated random walks that happen to hit ¹3, ±1º-structures in the security analysis of their hash function [13, §7]; random walks into ¹ℓ, ±1º-structures are also key in the path-finding algorithm of [22]. Further heuristics in this direction appear in [1]. Here, we consider these vertices not in isolation, but within their own isogeny graphs; thus, we obtain a series of generalizations of the “spine” of [1], and a broad generalization of the Delfs–Galbraith isogeny-finding algorithm [21] in §6.4. *Corresponding Author: [email protected] ; [email protected] 1 Notation and conventions. If E is an elliptic curve, then End¹Eº denotes its endomorphism ring and End0 ¹Eº ¹ ?º denotes End¹Eº ⊗ Q. Each elliptic curve E/F?2 has a Galois-conjugate curve E , defined by ?-th powering all of the coefficients in the defining equation of E. The curve and its conjugate are connected by inseparable ¹ ?º ¹ ?º “Frobenius” ?-isogenies c ? : E!E and c ? : E !E, defined by ?-th powering the coordinates (abusing ¹ ?º ¹ ?º notation, all inseparable ?-isogenies will be denoted by c ?). Observe that ¹E º = E, and the composition of ¹ ?º ¹ ?º c ? : E!E and c ? : E !E is the ?2-power Frobenius endomorphism cE of E. Conjugation also operates 0 ¹ ?º ¹ ?º 0¹ ?º on isogenies: each isogeny q : E!E defined over F?2 has a Galois conjugate isogeny q : E !E , defined by ?-th powering all of the coefficients in a rational map defining q. We always have ¹ ?º ¹ ?º ¹ ?º ¹q º = q and c ? ◦ q = q ◦ c ? , and conjugation thus gives an isomorphism of rings between End¹Eº and End¹E ¹ ?º º. 2 CURVES WITH A 3-ISOGENY TO THEIR CONJUGATE Let ?¡ 3 be a prime, and 3 a squarefree integer prime to ?. Typically, ? is very large and 3 is very small. ¹ ?º We are interested in elliptic curves E/F?2 equipped with a 3-isogeny k : E!E . Given any such 3-isogeny k, we have two returning 3-isogenies: k ¹ ?º : E ¹ ?º !E and kb : E ¹ ?º !E . ¹ ?º Definition 1. Let E/F?2 be an elliptic curve equipped with a 3-isogeny k : E!E to its conjugate. We say that ¹E, kº is a ¹3, nº-structure if kb = nk ¹ ?º with n 2 f1, −1g . Each ¹3, nº-structure ¹E, kº has an associated endomorphism ` := c ? ◦ k 2 End¹Eº . We say that ¹E, kº is ordinary resp. supersingular if E is ordinary resp. supersingular.1 Proposition 1. If ¹E, kº is a ¹3, nº-structure and ` is its associated endomorphism, then 2 ` = »n3¼cE . If cE is the Frobenius endomorphism of E and CE is its trace, then there exists an integer A such that »A¼` = »?¼¸ncE in End¹Eº, 3A2 = 2? ¸ nCE in Z, and the characteristic polynomial of ` is %` ¹)º = ) 2 − A3) ¸ 3?. ¹ ?º 2 ¹ ?º ¹ ?º ¹ ?º b Proof. We have kc ? = c ?k , so ` = c ?kc ?k = c ? ¹c ?k ºk = cE ¹k kº. Now k = nk (because ¹ ?º ¹E, kº is a ¹3, nº-structure), so k k = »n3¼, and therefore `2 = »n3¼cE. For the rest: ` has degree 3?, so it satisfies a quadratic polynomial %` ¹)º = ) 2 − 0) ¸ 3? for some integer 0. The first assertion then implies »0¼` = `2 ¸ »3?¼ = »n3¼cE ¸ »3?¼. Squaring, we obtain 2 2 2 2 2 ¹»0¼`º = »3¼ ¹cE ¸ ? º ¸ 2»3?¼»n3¼cE = »3¼ ¹CE cEº ¸ 2»3?¼»n3¼cE = »n3¼cE ¹»n3¼CE ¸ 23?º , so 02 = n3CE ¸ 23?, hence 3 j 02. But 3 is squarefree, so 3 j 0, and then A = 0/3 satisfies the given conditions. □ Remark 1. In the situation of Proposition 1: if E is ordinary, then Z»`¼ and Z»cE¼ are orders in Q¹cEº of 2 2 2 2 2 2 2 discriminant 3 A − 43? and CE − 4? = A ¹3 A − 43?º, respectively, so jAj is the conductor of Z»cE¼ in Z»`¼. (The supersingular case is treated in detail in §4.) Definition 2. Let ¹E, kº and ¹E0, k0º be ¹3, nº-structures. We say an isogeny (resp. isomorphism) q : E!E0 is an isogeny (resp. isomorphism) of ¹3, nº-structures if k0q = q¹ ?º k, that is, if the following diagram commutes: k E E ¹ ?º q q¹ ?º k0 E0 ¹E0º ¹ ?º 1We focus on curves defined over F?2 because our applications involve supersingular curves, and every supersingular curve is isomorphic to a curve over F?2 . One might consider isogenies to conjugates over higher-degree extensions, but then in general we do not have the relation kb = ±k¹ ?º , which is fundamental to our results. 2 It is easily verified that isogenies of ¹3, nº-structures follow the usual rules obeyed by isogenies: the composition of two isogenies of ¹3, nº-structures is an isogeny of ¹3, nº-structures, the dual of an isogeny of ¹3, nº-structures is an isogeny of ¹3, nº-structures, and every ¹3, nº-structure has an isogeny to itself (the identity map, for example). Isogeny therefore forms an equivalence relation on ¹3, nº-structures. If ¹E, kº is a ¹3, nº-structure with associated endomorphism `, then ¹ ?º −¹E, kº := ¹E, −kº and ¹E, kº := ¹E ¹ ?º , k ¹ ?º º are ¹3, nº-structures with associated endomorphisms −` and `¹ ?º , respectively. If q : ¹E, kº ! ¹E0, k0º is an ¹ ?º ¹ ?º isogeny of ¹3, nº-structures, then q : −¹E, kº ! −¹E0, k0º and q¹ ?º : ¹E, kº ! ¹E0, k0º are also isogenies of ¹3, nº-structures.
Load more

Recommended publications
  • Number Theoretic Symbols in K-Theory and Motivic Homotopy Theory
    Number Theoretic Symbols in K-theory and Motivic Homotopy Theory Håkon Kolderup Master’s Thesis, Spring 2016 Abstract We start out by reviewing the theory of symbols over number fields, emphasizing how this notion relates to classical reciprocity lawsp and algebraic pK-theory. Then we compute the second algebraic K-group of the fields pQ( −1) and Q( −3) based on Tate’s technique for K2(Q), and relate the result for Q( −1) to the law of biquadratic reciprocity. We then move into the realm of motivic homotopy theory, aiming to explain how symbols in number theory and relations in K-theory and Witt theory can be described as certain operations in stable motivic homotopy theory. We discuss Hu and Kriz’ proof of the fact that the Steinberg relation holds in the ring π∗α1 of stable motivic homotopy groups of the sphere spectrum 1. Based on this result, Morel identified the ring π∗α1 as MW the Milnor-Witt K-theory K∗ (F ) of the ground field F . Our last aim is to compute this ring in a few basic examples. i Contents Introduction iii 1 Results from Algebraic Number Theory 1 1.1 Reciprocity laws . 1 1.2 Preliminary results on quadratic fields . 4 1.3 The Gaussian integers . 6 1.3.1 Local structure . 8 1.4 The Eisenstein integers . 9 1.5 Class field theory . 11 1.5.1 On the higher unit groups . 12 1.5.2 Frobenius . 13 1.5.3 Local and global class field theory . 14 1.6 Symbols over number fields .
    [Show full text]
  • Numbertheory with Sagemath
    NumberTheory with SageMath Following exercises are from Fundamentals of Number Theory written by Willam J. Leveque. Chapter 1 p. 5 prime pi(x): the number of prime numbers that are less than or equal to x. (same as π(x) in textbook.) sage: prime_pi(10) 4 sage: prime_pi(10^3) 168 sage: prime_pi(10^10) 455052511 Also, you can see π(x) lim = 1 x!1 x= log(x) with following code. sage: fori in range(4, 13): ....: print"%.3f" % (prime_pi(10^i) * log(10^i) / 10^i) ....: 1.132 1.104 1.084 1.071 1.061 1.054 1.048 1.043 1.039 p. 7 divisors(n): the divisors of n. number of divisors(n): the number of divisors of n (= τ(n)). sage: divisors(12) [1, 2, 3, 4, 6, 12] sage: number_of_divisors(12) 6 1 For example, you may construct a table of values of τ(n) for 1 ≤ n ≤ 5 as follows: sage: fori in range(1, 6): ....: print"t(%d):%d" % (i, number_of_divisors(i)) ....: t (1) : 1 t (2) : 2 t (3) : 2 t (4) : 3 t (5) : 2 p. 19 Division theorem: If a is positive and b is any integer, there is exactly one pair of integers q and r such that the conditions b = aq + r (0 ≤ r < a) holds. In SageMath, you can get quotient and remainder of division by `a // b' and `a % b'. sage: -7 // 3 -3 sage: -7 % 3 2 sage: -7 == 3 * (-7 // 3) + (-7 % 3) True p. 21 factor(n): prime decomposition for integer n.
    [Show full text]
  • Primes in Quadratic Fields 2010
    T J Dekker Primes in quadratic fields 2010 Primes in quadratic fields Theodorus J. Dekker *) (2003, revised 2008, 2009) Abstract This paper presents algorithms for calculating the quadratic character and the norms of prime ideals in the ring of integers of any quadratic field. The norms of prime ideals are obtained by means of a sieve algorithm using the quadratic character for the field considered. A quadratic field, and its ring of integers, can be represented naturally in a plane. Using such a representation, the prime numbers - which generate the principal prime ideals in the ring - are displayed in a given bounded region of the plane. Keywords Quadratic field, quadratic character, sieve algorithm, prime ideals, prime numbers. Mathematics Subject Classification 11R04, 11R11, 11Y40. 1. Introduction This paper presents an algorithm to calculate the quadratic character for any quadratic field, and an algorithm to calculate the norms of prime ideals in its ring of integers up to a given maximum. The latter algorithm is used to produce pictures displaying prime numbers in a given bounded region of the ring. A quadratic field, and its ring of integers, can be displayed in a plane in a natural way. The presented algorithms produce a complete picture of its prime numbers within a given region. If the ring of integers does not have the unique-factorization property, then the picture produced displays only the prime numbers, but not those irreducible numbers in the ring which are not primes. Moreover, the prime structure of the non-principal ideals is not displayed except in some pictures for rings of class number 2 or 3.
    [Show full text]
  • Nonvanishing of Hecke L-Functions and Bloch-Kato P
    NONVANISHING OF HECKE L{FUNCTIONS AND BLOCH-KATO p-SELMER GROUPS ARIANNA IANNUZZI, BYOUNG DU KIM, RIAD MASRI, ALEXANDER MATHERS, MARIA ROSS, AND WEI-LUN TSAI Abstract. The canonical Hecke characters in the sense of Rohrlich form a set of algebraic Hecke characters with important arithmetic properties. In this paper, we prove that for an asymptotic density of 100% of imaginary quadratic fields K within certain general families, the number of canonical Hecke characters of K whose L{function has a nonvanishing central value is jdisc(K)jδ for some absolute constant δ > 0. We then prove an analogous density result for the number of canonical Hecke characters of K whose associated Bloch-Kato p-Selmer group is finite. Among other things, our proofs rely on recent work of Ellenberg, Pierce, and Wood on bounds for torsion in class groups, and a careful study of the main conjecture of Iwasawa theory for imaginary quadratic fields. 1. Introduction and statement of results p Let K = Q( −D) be an imaginary quadratic field of discriminant −D with D > 3 and D ≡ 3 mod 4. Let OK be the ring of integers and letp "(n) = (−D=n) = (n=D) be the Kronecker symbol. × We view " as a quadratic character of (OK = −DOK ) via the isomorphism p ∼ Z=DZ = OK = −DOK : p A canonical Hecke character of K is a Hecke character k of conductor −DOK satisfying p 2k−1 + k(αOK ) = "(α)α for (αOK ; −DOK ) = 1; k 2 Z (1.1) (see [R2]). The number of such characters equals the class number h(−D) of K.
    [Show full text]
  • The Class Number Formula for Quadratic Fields and Related Results
    The Class Number Formula for Quadratic Fields and Related Results Roy Zhao January 31, 2016 1 The Class Number Formula for Quadratic Fields and Related Results Roy Zhao CONTENTS Page 2/ 21 Contents 1 Acknowledgements 3 2 Notation 4 3 Introduction 5 4 Concepts Needed 5 4.1 TheKroneckerSymbol.................................... 6 4.2 Lattices ............................................ 6 5 Review about Quadratic Extensions 7 5.1 RingofIntegers........................................ 7 5.2 Norm in Quadratic Fields . 7 5.3 TheGroupofUnits ..................................... 7 6 Unique Factorization of Ideals 8 6.1 ContainmentImpliesDivision................................ 8 6.2 Unique Factorization . 8 6.3 IdentifyingPrimeIdeals ................................... 9 7 Ideal Class Group 9 7.1 IdealNorm .......................................... 9 7.2 Fractional Ideals . 9 7.3 Ideal Class Group . 10 7.4 MinkowskiBound....................................... 10 7.5 Finiteness of the Ideal Class Group . 10 7.6 Examples of Calculating the Ideal Class Group . 10 8 The Class Number Formula for Quadratic Extensions 11 8.1 IdealDensity ......................................... 11 8.1.1 Ideal Density in Imaginary Quadratic Fields . 11 8.1.2 Ideal Density in Real Quadratic Fields . 12 8.2 TheZetaFunctionandL-Series............................... 14 8.3 The Class Number Formula . 16 8.4 Value of the Kronecker Symbol . 17 8.5 UniquenessoftheField ................................... 19 9 Appendix 20 2 The Class Number Formula for Quadratic Fields and Related Results Roy Zhao Page 3/ 21 1 Acknowledgements I would like to thank my advisor Professor Richard Pink for his helpful discussions with me on this subject matter throughout the semester, and his extremely helpful comments on drafts of this paper. I would also like to thank Professor Chris Skinner for helping me choose this subject matter and for reading through this paper.
    [Show full text]
  • Arxiv:1408.0235V7 [Math.NT] 21 Oct 2016 Quadratic Residues and Non
    Quadratic Residues and Non-Residues: Selected Topics Steve Wright Department of Mathematics and Statistics Oakland University Rochester, Michigan 48309 U.S.A. e-mail: [email protected] arXiv:1408.0235v7 [math.NT] 21 Oct 2016 For Linda i Contents Preface vii Chapter 1. Introduction: Solving the General Quadratic Congruence Modulo a Prime 1 1. Linear and Quadratic Congruences 1 2. The Disquisitiones Arithmeticae 4 3. Notation, Terminology, and Some Useful Elementary Number Theory 6 Chapter 2. Basic Facts 9 1. The Legendre Symbol, Euler’s Criterion, and other Important Things 9 2. The Basic Problem and the Fundamental Problem for a Prime 13 3. Gauss’ Lemma and the Fundamental Problem for the Prime 2 15 Chapter 3. Gauss’ Theorema Aureum:theLawofQuadraticReciprocity 19 1. What is a reciprocity law? 20 2. The Law of Quadratic Reciprocity 23 3. Some History 26 4. Proofs of the Law of Quadratic Reciprocity 30 5. A Proof of Quadratic Reciprocity via Gauss’ Lemma 31 6. Another Proof of Quadratic Reciprocity via Gauss’ Lemma 35 7. A Proof of Quadratic Reciprocity via Gauss Sums: Introduction 36 8. Algebraic Number Theory 37 9. Proof of Quadratic Reciprocity via Gauss Sums: Conclusion 44 10. A Proof of Quadratic Reciprocity via Ideal Theory: Introduction 50 11. The Structure of Ideals in a Quadratic Number Field 50 12. Proof of Quadratic Reciprocity via Ideal Theory: Conclusion 57 13. A Proof of Quadratic Reciprocity via Galois Theory 65 Chapter 4. Four Interesting Applications of Quadratic Reciprocity 71 1. Solution of the Fundamental Problem for Odd Primes 72 2. Solution of the Basic Problem 75 3.
    [Show full text]
  • By Leo Goldmakher 1.1. Legendre Symbol. Efficient Algorithms for Solving Quadratic Equations Have Been Known for Several Millenn
    1. LEGENDRE,JACOBI, AND KRONECKER SYMBOLS by Leo Goldmakher 1.1. Legendre symbol. Efficient algorithms for solving quadratic equations have been known for several millennia. However, the classical methods only apply to quadratic equations over C; efficiently solving quadratic equations over a finite field is a much harder problem. For a typical in- teger a and an odd prime p, it’s not even obvious a priori whether the congruence x2 ≡ a (mod p) has any solutions, much less what they are. By Fermat’s Little Theorem and some thought, it can be seen that a(p−1)=2 ≡ −1 (mod p) if and only if a is not a perfect square in the finite field Fp = Z=pZ; otherwise, it is ≡ 1 (or 0, in the trivial case a ≡ 0). This provides a simple com- putational method of distinguishing squares from nonsquares in Fp, and is the beginning of the Miller-Rabin primality test. Motivated by this observation, Legendre introduced the following notation: 8 0 if p j a a <> = 1 if x2 ≡ a (mod p) has a nonzero solution p :>−1 if x2 ≡ a (mod p) has no solutions. a (p−1)=2 a Note from above that p ≡ a (mod p). The Legendre symbol p enjoys several nice properties. Viewed as a function of a (for fixed p), it is a Dirichlet character (mod p), i.e. it is completely multiplicative and periodic with period p. Moreover, it satisfies a duality property: for any odd primes p and q, p q (1) = hp; qi q p where hm; ni = 1 unless both m and n are ≡ 3 (mod 4), in which case hm; ni = −1.
    [Show full text]
  • Global Class Field Theory 1. the Id`Ele Group of a Global Field Let K Be a Global Field. for Every Place V of K We Write K V
    Global class field theory 1. The id`ele group of a global field Let K be a global field. For every place v of K we write Kv for the completion of K at v and Uv for the group of units of Kv (which is by definition the group of positive elements of Kv if v is a × real place and the whole group Kv if v is a complex place). We have seen the definition of the id`ele group of K: × JK =−→ lim Kv × Uv , S ∈ 6∈ vYS vYS where S runs over all finite sets of places of K. This is a locally compact topological group containing K× as a discrete subgroup. 2. The reciprocity map Let L/K be an extension of global fields and (L/K)ab the maximal Abelian extension of K in- side L. For any place v of K, we choose a place v′|v in (L/K)ab, and we denote the corresponding ab Abelian extension by ((L/K) )v. The Galois group of this extension can be idenfied with the decomposition group of v in Gal((L/K)ab). For every place v of K we have the local norm residue symbol ab × ab ( , ((L/K) )v): Kv → Gal(((L/K) )v). This local norm residue symbol gives rise to group homomorphisms , (L/K)ab : K× → Gal((L/K)ab) v v ab ab ab by identifying Gal(((L/K) )v) with the decomposition group of v in Gal((L/K) ). Since (L/K) is Abelian, this map does not depend on the choice of a place of L above v.
    [Show full text]
  • Polynomial-Time Algorithms in Algebraic Number Theory
    Polynomial-time algorithms in algebraic number theory Written by D.M.H. van Gent Based on lectures of H.W. Lenstra Mathematisch Instituut Universiteit Leiden Netherlands July 19, 2021 1 Introduction In these notes we study methods for solving algebraic computational problems, mainly those involving number rings, which are fast in a mathematically precise sense. Our motivating problem ∗ Q ni is to decide for a number field K, elements a1; : : : ; at 2 K and n1; : : : ; nt 2 Z whether i ai = 1, which turns out to be non-trivial. From basic operations such as addition and multiplication of integers we work up to computation in finitely generated abelian groups and algebras of finite type. Here we encounter lattices and Jacobi symbols. Some difficult problems in computational number theory are known, for example computing a prime factorization or a maximal order in a number field. We will however focus mainly on the positive results, namely the problems for which fast computational methods are known. 1.1 Algorithms To be able to talk about polynomial-time algorithms, we should first define what an algorithm is. We equip the natural numbers N = Z≥0 with a length function l : N ! N that sends n to the number of digits of n in base 2, with l(0) = 1. Definition 1.1. A problem is a function f : I ! N for some set of inputs I ⊆ N and we call f a decision problem if f(I) ⊆ f0; 1g. An algorithm for a problem f : I ! N is a `method' to compute f(x) for all x 2 I.
    [Show full text]
  • VECTOR-VALUED HIRZEBRUCH-ZAGIER SERIES and CLASS NUMBER SUMS 1. Introduction the Hurwitz Class Numbers H(N)
    VECTOR-VALUED HIRZEBRUCH-ZAGIER SERIES AND CLASS NUMBER SUMS BRANDON WILLIAMS Abstract. For any number m ≡ 0; 1 (4) we correct the generating function of Hurwitz class number sums P 2 r H(4n − mr ) to a modular form (or quasimodular form if m is a square) of weight two for the Weil representation attached to a binary quadratic form of discriminant m and determine its behavior in the Petersson scalar product. This modular form arises through holomorphic projection of the zero-value of a nonholomorphic Jacobi Eisenstein series of index 1=m. When m is prime, we recover the classical Hirzebruch- Zagier series whose coefficients are intersection numbers of curves on a Hilbert modular surface. Finally we calculate certain sums over class numbers by comparing coefficients with an Eisenstein series. 1. Introduction The Hurwitz class numbers H(n) are essentially the class numbers of imaginary quadratic fields. To be more specific, if −D is a fundamental discriminant then 2h(D) H(D) = w(D) p where h(D) is the class number of Q( −D) and w(D) is the number of units in its ring of integers (in particular, w(D) = 2 for D 6= 3; 4). More generally, 2h(D) X D H(n) = µ(d) σ (f=d) w(D) d 1 djf 2 p if −n = Df , where D is the discriminant of Q( −n), and µ is the M¨obiusfunction, σ1 is the divisor 1 sum, and is the Kronecker symbol; and by convention one sets H(0) = − 12 and H(n) = 0 whenever n ≡ 1; 2 (mod 4).
    [Show full text]
  • On S-Duality and Gauss Reciprocity Law 3
    ON S-DUALITY AND GAUSS RECIPROCITY LAW AN HUANG Abstract. We review the interpretation of Tate’s thesis by a sort of conformal field theory on a number field in [1]. Based on this and the existence of a hypothetical 3-dimensional gauge theory, we give a physical interpretation of the Gauss quadratic reciprocity law by a sort of S-duality. Introduction The Gauss quadratic reciprocity law is arguably one of the most famous theorems in mathematics. Trying to generalize it from different directions has been a central topic in number theory for centuries. In the form of Artin reciprocity law, or class field theory, abelian reciprocity laws are well-understood and has been a beautiful part of algebraic number theory for a long time. However, the sought for general reciprocity laws is still in a very unclear stage, for example the Langlands program, regarded as a nonabelian generalization of class field theory, is far from settled. On the other hand, S-duality (or strong-weak duality) is a common name for many amazing stories in physics, which can be traced back at least to the theo- retical work on electric-magnetic duality and magnetic monopoles. S-duality for classical or quantum U(1) gauge theory is more or less well-understood theoreti- cally. However, S-duality for nonabelian gauge theories remains mysterious, or at least largely conjectural. In recent years, people are making huge progress in in- terpreting the geometric Langlands program by nonabelian S-dualities. One may consult [9] for such an example. However, as far as we know, there is little work on trying to interpret number theory reciprocity laws by S-duality of some physical theory.
    [Show full text]
  • Introduction to Number Theory
    INTRODUCTION TO NUMBER THEORY DANIEL E. FLATH AMS CHELSEA PUBLISHING INTRODUCTION TO NUMBER THEORY 10.1090/chel/384.H INTRODUCTION TO NUMBER THEORY DANIEL E. FLATH AMS CHELSEA PUBLISHING 2010 Mathematics Subject Classification. Primary 11-01. For additional information and updates on this book, visit www.ams.org/bookpages/chel-384 Library of Congress Cataloging-in-Publication Data Names: Flath, Daniel E., author. Title: Introduction to number theory / Daniel E. Flath. Other titles: Number theory Description: [2018 edition]. | Providence, Rhode Island : American Mathematical Society, 2018. | Series: AMS Chelsea Publishing [series] ; 384 | Originally published: New York : Wiley, 1989. | Includes bibliographical references and indexes. Identifiers: LCCN 2018014214 | ISBN 9781470446949 (alk. paper) Subjects: LCSH: Number theory. | AMS: Number theory – Instructional exposition (textbooks, tutorial papers, etc.). msc Classification: LCC QA241 .F59 2018 | DDC 512.7–dc23 LC record available at https://lccn.loc.gov/2018014214 Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting for them, are permitted to make fair use of the material, such as to copy select pages for use in teaching or research. Permission is granted to quote brief passages from this publication in reviews, provided the customary acknowledgment of the source is given. Republication, systematic copying, or multiple reproduction of any material in this publication is permitted only under license from the American Mathematical Society. Requests for permission to reuse portions of AMS publication content are handled by the Copyright Clearance Center. For more information, please visit www.ams.org/publications/pubpermissions. Send requests for translation rights and licensed reprints to [email protected]. c 1989 held by Daniel E.
    [Show full text]