DOCSLIB.ORG

On the Generation of Pairing-Friendly Elliptic Curves

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On the Generation of Pairing-Friendly Elliptic Curves On the generation of pairing-friendly elliptic curves Gaëtan BISSON Mémoire de M2 sous la direction de 3÷ Takakazu SATOH <«â Institut de Technologie de Tokyo [Ó(£± Université d’Orsay — Paris XI Master Mathématiques Fondamentales et Appliquées Spécialité Analyse, arithmétique et géométrie Abstract Pairings were first studied as potential attacks on elliptic curve-based cryptography. Recently, protocols have been proposed that make a constructive use of pairings; they require pairing-friendly elliptic curves, that is elliptic curves with large prime order subgroup and efficiently computable pairing. Here, we shall study the generation of such curves. I. The first part is concerned with fundamental elliptic curve related notions (including pairings); we also point out the relevance of elliptic curves in cryptography. II. The next part is devoted to complex multiplication theory which is a key element in the generation of elliptic curves. III. In the last part, we establish various methods to generate pairing-friendly elliptic curves. Acknowledgements First of all, I would like to thank Pr. Takakazu SATOH for his supervision of this internship as well as for welcoming me to Japan; his kind help (even when not directly related to mathematics) has been most valuable to me. My thanks also go to Pr. Nobushige KUROKAWA [a] for his very warm welcome at the laboratory of number theory. It has been a pleasure to work there with Tetsuya DAIKU amongst other students attending the number theory seminar; I also want to mention the existence of a small crypto seminar which consisted in the two of us. On the french side, I am grateful to Pr. Pierrick GAUDRY and Pr. Jean-François MESTRE for their time and advice; they have been very helpful to me. I am thankful to researchers with which I had the opportunity to discuss either at the p-adic conference, the pairing conference or simply visiting Pr. Takakazu SATOH. I would also like to acknowledge my colleagues at the École Normale Supérieure with which I had lots of interesting discussions (on myriads of topics); unfortunately, I can hardly list them all here but believe me, this collective thanks is really big. Special thanks to David MADORE, though; he has been more than a tutor to me for two and a half years. Last, let me acknowledge Erik and Émilien who are, in my humble opinion, among best representatives of french culture abroad. M§úPö Gaëtan BISSON Tokyo, August 28th [ÓûM [a]To whom I owe my Japanese name as written here. Contents Abstract & Acknowledgements 2 I Pairings on elliptic curves 5 1 Theoretical background 5 1.1 Elliptic curves . 5 1.1.1 Affine vs. projective . 5 1.1.2 The Jacobian group . 5 1.1.3 Explicit group law . 7 1.2 Over finite fields . 7 1.2.1 The Hasse-Weil bound . 7 1.2.2 Torsion points . 9 1.3 Pairings . 9 1.3.1 Theoretical aspects . 9 1.3.2 Construction of the Tate pairing . 10 1.3.3 Computational aspects . 11 2 Cryptographic aspects 11 2.1 The discrete logarithm problem . 11 2.1.1 For general groups . 12 2.1.2 On finite fields . 12 2.1.3 The MOV attack . 13 2.2 Pairing-based cryptography . 13 2.2.1 Pairing-friendly elliptic curves . 14 2.2.2 Security conditions . 15 II Complex multiplication 15 3 Number theoretical background 15 3.1 The Weierstrass ℘-function . 15 3.1.1 Definition . 15 3.1.2 Differential equation . 16 3.1.3 Addition law . 16 3.2 The j-invariant . 17 3.2.1 Homothety . 17 3.2.2 Holomorphy . 17 3.2.3 The Weber functions . 18 3.3 Complex multiplication . 19 3.3.1 Lattices . 19 3.3.2 The modular polynomial . 19 3.3.3 The class polynomial . 21 3.4 Elliptic curves . 21 3.4.1 Over C ......................................... 21 3.4.2 The j-invariant . 21 3.4.3 Reduction modulo a prime . 22 4 The complex multiplication method 22 4.1 Mainframe . 22 4.2 Computational aspects . 23 4.2.1 The j-invariant . 23 4.2.2 The modular polynomial . 23 4.2.3 The class polynomial . 25 Gaëtan BISSON On the generation of pairing-friendly elliptic curves 4/43 4.3 Cornacchia’s algorithm . 25 III Generation of curves 25 5 Conditions and equations 26 5.1 Parameters involved . 26 5.1.1 Elliptic curves: q and t ................................. 26 5.1.2 The complex multiplication method: D ........................ 26 5.1.3 Pairings: r and k .................................... 26 5.2 Conditions and equations . 26 5.2.1 Elliptic curves . 26 5.2.2 The complex multiplication method . 27 5.2.3 Pairings . 27 5.3 Equivalent statements . 27 5.3.1 The embedding degree equation . 27 5.3.2 Observation regarding modular equations . 28 5.4 Summary of conditions and equations . 28 6 One curve at a time 28 6.1 General methods . 28 6.1.1 The Cocks-Pinch method . 29 6.1.2 The Dupont-Enge-Morain method . 29 6.2 Specific improvements . 30 6.2.1 Case k = 2n with n odd prime . 30 7 Families of curves 31 7.1 Concepts and formalism . 31 7.1.1 Definition for families . 31 7.1.2 Primes values of polynomials . 32 7.2 Framework . 32 7.3 The Brezing-Weng method . 33 7.3.1 General algorithm . 33 7.3.2 Constructions with small discriminants . 33 7.3.3 Constructions with prime discriminants . 34 7.3.4 Constructions with larger discriminants . 35 7.4 The Scott-Barreto method . 37 8 Sporadic constructions 37 8.1 The MNT curves . 37 8.1.1 Explicit conditions . 37 8.1.2 Generation of MNT curves . 38 8.2 Factorizations of Φk (u(x)) ................................... 38 8.2.1 k = 10, u(x) = 10x2 + 5x + 2 .............................. 38 8.2.2 k = 8, u(x) = 9x3 + 3x2 + 2x + 1 ............................ 39 References 40 Notations 42 Index 43 Gaëtan BISSON On the generation of pairing-friendly elliptic curves 5/43 Part I Pairings on elliptic curves 1 Theoretical background In this chapter, we briefly recall definitions and results regarding elliptic curves that will be of interest to us either for the complex multiplication method or for pairing-based cryptography. We do not intend to prove much of these results. For a more detailed background on elliptic curves, we refer to the first chapters of [27]. 1.1 Elliptic curves Let k be a perfect field. Later, it will be convenient to assume its characteristic different from 2 and 3; nevertheless, it can be considered arbitrary for now. 1.1.1 Affine vs. projective Let C be an irreducible plane curve, that is an equation of the form 0 = f (X,Y) where f (X,Y) is a polynomial in two variables with coefficients in k which is irreducible when considered in k[X,Y]. Actually, the correct way to think of curves is projectively. This means that, instead of 0 = f (X,Y), we have better to consider the following projective version of the equation. X Y 0 = Zd f , ∈ k[X,Y,Z] Z Z Here, d is the total degree of f (X,Y) —i.e. the smallest integer such that the latter is a polynomial. Then, solutions to this equation shall be considered as elements of the projective plane P2 (k) := k3/ ∼ where ∼ relates proportional points. Those solutions are called k-rational points of the curve. However, in practice, it is much more convenient to consider the affine version, namely the equation 0 = f (X,Y). Its solutions correspond to points with Z 6= 0; we then need to add “manually” a set of points at infinity that are just points with Z = 0. This way, the affine model is equivalent to the projective one. Elliptic curves always have a single point at infinity (this is trivially implied by the equation of such a curve) which is commonly written O. Regardless of the model which we choose to work in, the set of k-rational points of the curve C will be written C (k). Note that this notation holds for any field k containing the coefficients of (whichever version of) the equation. 1.1.2 The Jacobian group Sadly, in general, the set of points of a curve does not have a nice natural algebraic structure. From this set, though, it is possible to derive such a structure called the Jacobian group. We concisely describe its construction using divisor theory. At first, it will be convenient to work over the algebraic closure k of k. To get an algebraic structure out of C k, consider the free abelian group that it generates, usually written Divk (C). It consists in formal finite sums.
Load more

Recommended publications
  • Arxiv:1905.03954V1 [Math.AG] 10 May 2019 0 ∗ ∗ ⊥⊥ ∗ 0 0 → Homgr Pic (X), K → (ΣX ) /ΣX → Pic (X) for Algebraically Closed K (And an Analog for finite fields)
    AN IDELIC QUOTIENT RELATED TO WEIL RECIPROCITY AND THE PICARD GROUP JOSE´ MAR´IA MUNOZ~ PORRAS, LUIS MANUEL NAVAS VICENTE, FERNANDO PABLOS ROMO, AND FRANCISCO J. PLAZA MART´IN Abstract. This paper studies the function field of an algebraic curve over an arbitrary perfect field by using the Weil reciprocity law and topologies on the adele ring. A topological subgroup of the idele class group is introduced and it is shown how it encodes arithmetic properties of the base field and of the Picard group of the curve. These results are applied to study extensions of the function field. Dedicated to the memory of Jos´eMar´ıaMu~nozPorras 1. Introduction The study of extensions of a given field is a classical problem in mathematics. Within algebraic number theory, class field theory is concerned with the classifica- tion of abelian extensions of local and global fields ([5, Chap. XV, Tate's Thesis], [16]). This paper studies function fields of algebraic curves over an arbitrary perfect field by mimicking the approach of class field theory. To be more precise, recall that, in the case of number fields, Tate proved the existence of a duality in the following sense: if Σ is a number field and AΣ is its adele ring, the character group of AΣ=Σ is isomorphic to Σ. Here, we explore the multiplicative analog of this result in the case of function fields of an algebraic curve X. For this purpose, ∗ we consider the multiplicative group of the function field of the curve, ΣX , as a 1 subgroup of the idele group IX , and the pairing used to establish the duality is the local multiplicative symbol ([7, 11]).
    [Show full text]
  • On the Security of Pairing Implementations Ronan Lashermes
    On the security of pairing implementations Ronan Lashermes To cite this version: Ronan Lashermes. On the security of pairing implementations. Cryptography and Security [cs.CR]. Université de Versailles-Saint Quentin en Yvelines, 2014. English. NNT : 2014VERS0021. tel- 01128871 HAL Id: tel-01128871 https://tel.archives-ouvertes.fr/tel-01128871 Submitted on 10 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ecole´ doctorale Sciences et Technologies de Versailles - STV - ED 539 Etude´ de la s´ecurit´edes impl´ementations de couplage On the security of pairing implementations THESE` pr´esent´eeet soutenue publiquement le 29 Septembre 2014 pour le grade de Docteur de l'Universit´ede Versailles St-Quentin-en-Yvelines (sp´ecialit´einformatique) par Ronan Lashermes Composition du jury Rapporteurs : Antoine Joux, UPMC Jean-Pierre Seifert, TU-Berlin Examinateurs : Pierre-Alain Fouque, Universit´eRennes 1 Jacques Fournier, CEA-Tech Daniel Page, University of Bristol Directeur de th`ese: Louis Goubin, UVSQ Laboratoire Parall´elisme,R´eseaux,Syst`emeset Mod´elisationPRiSM { UMR 8144 | CEA-Tech Uses a latex class derived from thesul. Acronyms ABE Attribute-Based Encryption. 10, 41 AES Advanced Encryption Standard. 2, 3, 5, 47 BDH Bilinear Diffie-Hellman.
    [Show full text]
  • Reciprocity Laws on Curves Compositio Mathematica, Tome 72, No 2 (1989), P
    COMPOSITIO MATHEMATICA ROBERT F. COLEMAN Reciprocity laws on curves Compositio Mathematica, tome 72, no 2 (1989), p. 205-235 <http://www.numdam.org/item?id=CM_1989__72_2_205_0> © Foundation Compositio Mathematica, 1989, tous droits réservés. L’accès aux archives de la revue « Compositio Mathematica » (http: //http://www.compositio.nl/) implique l’accord avec les conditions gé- nérales d’utilisation (http://www.numdam.org/conditions). Toute utilisa- tion commerciale ou impression systématique est constitutive d’une in- fraction pénale. Toute copie ou impression de ce fichier doit conte- nir la présente mention de copyright. Article numérisé dans le cadre du programme Numérisation de documents anciens mathématiques http://www.numdam.org/ Compositio Mathematica 72: 205-235,205 1989. (Ç) 1989 Kluwer Academic Publishers. Printed in the Netherlands. Reciprocity laws on curves ROBERT F. COLEMAN Department of Mathematics, University of California, Berkeley, California 94720, USA Received 1 March 1988; accepted in revised form 16 March 1989 Introduction In this paper we will present a p-adic analogue of the reciprocity law for Green’s functions on a Riemann surface, Theorem 1.4 below. In the process we will give a new proof of this classical result. The p-adic result may be used to prove the symmetry of p-adic heights. The p-adic Green’s functions are described in [CG] and are obtained using the results of [CdS] by integrating normalized differentials of the third kind. Our results are proven for any collection of functions on a curve satisfying certain (mainly formal) properties described in Sections 1 and 5. The method of proof is to first push the proof of Weil reciprocity given in Serre’s Groupes Algebriques et Corps de Classes, as far as it will go (§1).
    [Show full text]
  • Guide to the Exercises Ty Ruthlawrence Oxford University
    APPENDIX Guide to the Exercises ty RuthLawrence Oxford University The purpose of this appendix is to give, for each exercise, a comment, a hint, a sketch, or in a few cases, a complete solution. Pure algebra has not been worked. Exercises which are merely a matter of applying techniques given in the text to particular examples for the purpose of drill have not generally been solved fully here-the answers only being given. When there is -a batch of somewhat similar questions a representative question has been selected to be completely solved and answers only have been given to the rest. A few questions involve rather tedious numerical calculations not reducible by technique. Readers who have c:arried these out can, by checking their answers against the given ones, gain confidence. They mayaiso be comforted to discover that they have not missed some subtle point or ingeniously simple route to a solution. In a few cases a link is suggested to oonnected problems which the interested reader may like to pursue. I hope that this appendix will fulfill its purpose of helping readers who experience any difficulties with the problems to overcome them; thus gaining the maximum understanding and insight which the author intended by his carefully chosen incorporation into the text. I wish to acknowledge the help received from Professor Husemöller whilst compiling this appendix, by way of some useful discussions and suggestions. CHAPTER 1, §1 1. TedioUl calculation gives: 7P = ( - 5/9, 8/27), 8P = (21/25, -69/125), 9P = (-20/49, -435/343), 10P = (161/16, -2065/64), 316 Appendix.
    [Show full text]
  • 1 Lecture 1: Basic Definitions
    Algebraic number theory: elliptic curves These are notes of lecture course on elliptic curves in the Independent University of Moscow in Spring 2016 based on books [13], [9], [4], [7]. If you have any questions or comments, please write to [email protected] Aknowledgements. I am very grateful to IUM for hospitality and help, and to Michael Rosenblum for numerous helpful comments. 1 Lecture 1: basic definitions 1.1 Brief history The first appearance of elliptic curves is in "Arithmetica" by Diophantus: To divide a given number into two numbers such that their product is a cube minus its side. We call the sum of them a given number a and then we have to find x and y, s. t. y(a − y) = x3 − x: This is a curve of degree 3 and a line intersects it in three points counted with multiplicities, so if we construct one rational point we can obtain some other by building tangent lines or lines through two points. Later this method will grow up to an "Additional law" on a curve. In these lectures we will come to more explicit Definition 1.1. An elliptic curve is a smooth, projective algebraic curve of genus one with a specified point O. Sometimes more general definition is used: any algebraic curve of genus one. Or another definition we will work with: it is a curve defined by an equation of the form y2 = P (x), where P is a polynomial of degree 3. De- veloping of theory of elliptic curves depends on a field k, where we look at E defined over k, for example one may work with rational numbers, real numbers, complex numbers, fields of finite characteristic in particular of char 2 or 3.
    [Show full text]
  • Final Report Arithmetic Statistics for Elliptic Curves
    Advanced Research Project in Mathematics Department of Computing Final Report Arithmetic Statistics for Elliptic Curves Modelling the Selmer group, the Tate-Shafarevich group, and the Mordell-Weil rank of elliptic curves over number fields Supervisor Author Professor Toby Gee David Kurniadi Angdinata 01201743 Second marker Professor Alexei Skorobogatov June 2020 A project submitted in partial fulfillment of the requirement for the award of MEng Mathematics and Computer Science (Pure Mathematics and Computational Logic) degree of Imperial College London Abstract The Mordell-Weil theorem states that any elliptic curve E defined over a number field K is a finitely generated abelian group, so that E (K) is isomorphic to a direct product of a finite torsion subgroup and a free abelian group of finite rank. Over the rationals, while the torsion subgroup is fully understood from a result by Mazur, the Mordell-Weil rank is much less understood. For instance, it remains an open question if it is bounded above, with a historical belief that it is not, due to much empirical evidence. A recent probabilistic model proposed by Poonen et al provides theoretical evidence to refute this claim, namely that all but finitely many rational elliptic curves have rank at most 21. Their proposed heuristic is based on modelling Tate-Shafarevich groups using random alternating matrices, and has its grounds in a theorem that a pe-Selmer group is almost always the intersection of two Lagrangian direct summands of a metabolic quadratic Z=pe-module of infinite rank, a consequence of standard arithmetic duality theorems. This project aims to serve as an introduction to the style of arguments in arithmetic statistics by providing a full proof of this result, as well as verifying desired properties of a heuristic that models this result.
    [Show full text]
  • Mahler's Measure and Elliptic Curves with Potential Complex Multiplication
    Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo To cite this version: Riccardo Pengo. Mahler’s measure and elliptic curves with potential complex multiplication. 2020. hal-02991139 HAL Id: hal-02991139 https://hal.archives-ouvertes.fr/hal-02991139 Preprint submitted on 5 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo Abstract Given an elliptic curve dened over Q which has potential complex multiplication by the ring of integers O of an imaginary quadratic eld we construct a polynomial % 2 Z»G,~¼ which is a planar model of and such that the Mahler measure <¹%º 2 R is related to the special value of the !-function !¹, Bº at B = 2. SECTION 1 Introduction Let be an elliptic curve dened over a number eld and let !¹, Bº be its !-function (see [67, § C.16] for ! , B an introduction). We know that if has potential complex multiplication (i.e. End ¹ º Z) then ¹ º is an entire function, dened over the whole complex plane C, which satises a functional equation relating !¹, Bº to !¹, 2 − Bº (in the “arithmetic” normalisation, that we will use in this paper).
    [Show full text]
  • 24 Divisors and the Weil Pairing
    18.783 Elliptic Curves Spring 2017 Lecture #24 05/10/2017 24 Divisors and the Weil pairing In this lecture we address a completely new topic, the Weil Pairing, which has many practical and theoretical applications. In order to define the Weil pairing we first need to expand our discussion of the function field of a curve from Lecture 5. This requires a few basic results from commutative algebra and algebraic geometry that we will not take the time to prove; almost everything we need it is summarized in the first two chapters of Silverman’s book [6], which I recommend reviewing if you have not seen this material before. 24.1 Valuations on the function field of a curve Let C=k be a smooth projective curve defined by a homogeneous polynomial fC (x; y; z) = 0 that (as always) we assume is irreducible over k¯.1 In order to simplify the presentation, we are going to assume in this section that k = k¯ is algebraically closed, but we will note in remarks along the way how to handle non-algebraically closed (but still perfect) fields. In Lecture 5 we defined the function field k(C) as the field of rational functions g=h, where g; h 2 k[x; y; z] are homogeneous polynomials of the same degree with h 62 (fC ), modulo the equivalence relation g1 g2 ∼ () g1h2 − g2h1 2 (fC ): h1 h2 1 Alternatively, we can view the function g=h as a rational map (g : h) from C to P . Our assumption that C is smooth implies that this rational map is actually a morphism, meaning that it is defined at every point P 2 C(k¯); this was stated as Theorem 5.10 and we will 1 prove it below.
    [Show full text]
  • The Use of Elliptic Curves in Cryptography
    Master's thesis in Mathematics The use of elliptic curves in cryptography by Gijsbert van Vliet Nijmegen, June 2015 Supervisors: Prof. dr. B.J.J. Moonen Dr. W. Bosma Acknowledgements First of all I would like to express my sincerest gratitude to my supervisor prof. dr. Ben Moonen for all his support throughout the learning process of this master's thesis. Without his patience, encouragement and all insightful conversations we shared, this thesis would have never been completed. Also I would like to thank dr. Wieb Bosma for putting so much of his precious time into helping me and for providing numerous useful remarks. Furthermore I would like to thank my family and loved ones, who supported me throughout the entire process, both financially and emotionally. Special thanks goes out to my father, Frans van Vliet. He always supported my dreams and aspirations and, if I say so myself, did a fine job raising me. Without him I would have never started this study, let alone finish it. 2 Contents 1 Introduction to Cryptography 6 1.1 The Objectives of Cryptography . 6 1.2 Symmetric vs Public-Key Cryptography . 6 1.3 Complexity . 7 1.4 The Discrete Logarithm Problem . 10 2 Elliptic Curves 12 2.1 Elliptic Curves and the Group Structure . 12 2.2 Weierstrass Equations . 13 2.3 The Geometric Group Law . 16 2.4 Isogenies . 19 2.5 The Frobenius Morphism . 21 2.6 The Dual Isogeny . 23 2.7 The Tate Module . 25 2.8 The Weil Pairing . 26 2.9 The Endomorphism Ring . 28 3 Elliptic Curves over Finite Fields 30 3.1 The Number of Rational Points .
    [Show full text]
  • Lectures on Modular Forms 1St Edition Free Download
    FREE LECTURES ON MODULAR FORMS 1ST EDITION PDF Joseph J Lehner | 9780486821405 | | | | | Lectures on Modular Forms - Robert C. Gunning - Google книги In mathematicsa modular form is a complex analytic function on the upper half-plane satisfying a certain kind of functional equation with respect to the group action of the modular groupand also satisfying a growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections with number theory. Modular forms appear in other areas, such as algebraic topologysphere packingand string theory. Instead, modular functions are meromorphic that is, they are almost holomorphic except for a set of isolated points. Modular form theory is a special case of the more general theory of automorphic formsand therefore can now be seen as just the most concrete part of a rich theory of discrete groups. Modular forms can also be interpreted as sections of a specific line bundles on modular varieties. The dimensions of these spaces of modular forms can be computed using the Riemann—Roch theorem [2]. A Lectures on Modular Forms 1st edition form of weight k for the modular group. A modular form can equivalently be defined as a function F from the set of lattices in C to the set of complex numbers which satisfies certain conditions:. The simplest examples from this point of view are the Eisenstein series. Then E k is a modular form of weight k. An even unimodular lattice L in R n is a lattice generated by n Lectures on Modular Forms 1st edition forming the columns of a matrix of determinant 1 and satisfying the condition that the square of the length of each vector in L is an even integer.
    [Show full text]
  • Non-Abelian Reciprocity Laws on a Riemann Surface
    Non-abelian Reciprocity Laws on a Riemann Surface I. Horozov ∗ Department of Mathematics, Brandeis University, 415 South Street, MS 050, Waltham, MA 02454 Abstract On a Riemann surface there are relations among the periods of holomorphic differential forms, called Riemann's relations. If one looks carefully in Riemann's proof, one notices that he uses iterated integrals. What I have done in this paper is to generalize these relations to relations among generating series of iterated integrals. Since it is formulated in terms of generating series, it gives infinitely many relations - one for each coefficient of the generating series. The degree one term gives that the sum of the residues of a differential form is zero. The degree 2 term gives Riemann's relations. The new result is reciprocity for the higher degree terms, which give non-trivial relations among iterated integrals on a Riemann surface. We give explicit formulas for degree 3 terms. Also we refine the definition of Manin's non-commutative modular symbols in order to include Eisenstein series. Contents 0 Introduction 1 1 Background on iterated integrals 3 1.1 Definition of iterated integrals . 3 1.2 Homotopy invariance of iterated integrals . 3 1.3 Differential equation . 5 1.4 Multiplication formulas . 5 1.5 Shuffle relations . 6 1.6 Reversing the path . 6 2 Non-abelian reciprocity law on a Riemann surface 6 2.1 Iterated integrals over a loop around a pole . 7 2.2 Generating series of iterated integrals over a loop around a pole . 10 2.3 Generating series over α and β cycles of a Riemann surface .
    [Show full text]
  • The Resultant of Developed Systems of Laurent Polynomials
    THE RESULTANT OF DEVELOPED SYSTEMS OF LAURENT POLYNOMIALS A. G. KHOVANSKII AND LEONID MONIN To the memory of Vladivir Igorevich Arnold Abstract. Let R∆(f1; : : : ; fn+1) be the ∆-resultant (see below) of (n + 1)-tuple of Laurent polynomials. We provide an algorithm for computing R∆ assuming that an n-tuple (f2; : : : ; fn+1) is de- veloped (see sec.6). We provide a relation between the product of ∗ n f1 over roots of f2 = ··· = fn+1 = 0 in (C ) and the product ∗ n of f2 over roots of f1 = f3 = ··· = fn+1 = 0 in (C ) assuming that the n-tuple (f1f2; f3; : : : ; fn+1) is developed. If all n-tuples contained in (f1; : : : ; fn+1) are developed we provide a signed ver- sion of Poisson formula for R∆. In our proofs we use topological arguments and topological version of the Parshin reciprocity laws. 1. Introduction. To a Laurent polynomial f in n variables one associates its Newton polyhedron ∆(f) which is a convex lattice polyhedron in Rn (through all of this paper by polyhedron we will mean compact convex polyhe- dron with integer vertices). A system of n equations f1 = ··· = fn = 0 in (C∗)n is called developed if (roughly speaking) their Newton poly- hedra ∆(fi) are located generically enough with respect to each other. The exact definition (see also sec.6) is as follows: a collection of n poly- n n ∗ hedra ∆1;:::; ∆n ⊂ R is called developed if for any covector v 2 (R ) there is i such that on the polyhedron ∆i the inner product with v attains its biggest value precisely at a vertex of ∆i.
    [Show full text]