DOCSLIB.ORG

The Use of Elliptic Curves in Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Use of Elliptic Curves in Cryptography Master's thesis in Mathematics The use of elliptic curves in cryptography by Gijsbert van Vliet Nijmegen, June 2015 Supervisors: Prof. dr. B.J.J. Moonen Dr. W. Bosma Acknowledgements First of all I would like to express my sincerest gratitude to my supervisor prof. dr. Ben Moonen for all his support throughout the learning process of this master's thesis. Without his patience, encouragement and all insightful conversations we shared, this thesis would have never been completed. Also I would like to thank dr. Wieb Bosma for putting so much of his precious time into helping me and for providing numerous useful remarks. Furthermore I would like to thank my family and loved ones, who supported me throughout the entire process, both financially and emotionally. Special thanks goes out to my father, Frans van Vliet. He always supported my dreams and aspirations and, if I say so myself, did a fine job raising me. Without him I would have never started this study, let alone finish it. 2 Contents 1 Introduction to Cryptography 6 1.1 The Objectives of Cryptography . 6 1.2 Symmetric vs Public-Key Cryptography . 6 1.3 Complexity . 7 1.4 The Discrete Logarithm Problem . 10 2 Elliptic Curves 12 2.1 Elliptic Curves and the Group Structure . 12 2.2 Weierstrass Equations . 13 2.3 The Geometric Group Law . 16 2.4 Isogenies . 19 2.5 The Frobenius Morphism . 21 2.6 The Dual Isogeny . 23 2.7 The Tate Module . 25 2.8 The Weil Pairing . 26 2.9 The Endomorphism Ring . 28 3 Elliptic Curves over Finite Fields 30 3.1 The Number of Rational Points . 30 3.2 The Group Structure of Elliptic Curves . 33 3.3 The Endomorphism Ring . 35 3.4 Determining the Hasse Invariant . 36 4 Schoof's Algorithm 39 4.1 General Description and the Division Polynomials . 39 4.2 Detailed Description of the Algorithm . 41 4.2.1 Case 1 . 43 4.2.2 Case 2 . 43 4.3 Efficiency of Schoof's algorithm . 45 5 Protocols 48 5.1 Diffie-Hellman Key Exchange . 48 5.2 Two ElGamal Protocols . 50 5.2.1 ElGamal Public-Key Encryption . 51 5.2.2 ElGamal Digital Signature Scheme . 52 6 General Attacks on the DLP 54 6.1 The Pohlig-Hellman Method . 54 6.2 The Baby-Step Giant-Step Algorithm . 57 6.3 The Pollard ρ Method . 59 7 The MOV Attack 61 7.1 The Index Calculus Method . 61 7.2 Computing the Weil Pairing . 63 7.3 The Reduction . 67 7.4 Supersingular Curves . 70 8 The Frey-R¨uck Attack 73 8.1 The Tate Pairing . 73 8.2 The Attack . 76 3 9 Anomalous Curves 82 9.1 The Isomorphism . 82 9.2 Computing the Isomorphism . 86 10 Conclusion 90 A Schoof's Algorithm 95 4 Introduction Elliptic curves have been a subject of research for a long time. They naturally occur in the study of Diophantine equations as well as the study of certain complex line integrals, e.g., complex integrals of the form Z d t=pt(t − 1)(t − λ); which arise when one attempts to compute the arc length of an ellipse. In fact, this is where elliptic curves originally acquired their name from. Around the year 1985 elliptic curves over finite fields, which at first seem to have the structure of rather boring abelian groups, found a new application in cryptography. At that time, discrete logarithm based cryptosystems already played an important role in cryptography. In short, these systems rely on the supposed `hardness' of the discrete logarithm problem for abelian groups. The discrete logarithm problem is the problem of, given a finite abelian group (G; ⊕), a point P 2 G and a point Q 2 hP i, finding an integer k such that [k]P = Q, i.e., such that P ⊕ ::: ⊕ P = Q. Victor S. Miller | {z } k times [35] and Neal Koblitz [27] independently realized that using elliptic curves as groups for these systems might be more efficient than the conventional groups, used at that time. They figured that using elliptic curves in cryptosystems could reduce key sizes, while retaining a similar level of security. However, not all elliptic curves are suitable for cryptography, since in some cases the internal structure of an elliptic curve can be used to solve the discrete logarithm problem efficiently. The main question of this thesis is: What requirements does an elliptic curve need to meet in order to be considered `safe for cryptographic purposes'? In order to answer this question, first elliptic curves have to be defined and their basic properties explained. After that I will explain which requirements an elliptic curve should have in order to provide security for discrete logarithm based cryptosystems and why these requirements have to be met. In short, this thesis consists of the following three parts: Part 1: This part consists only of chapter 1. In this chapter I will give a short introduction to the subject of cryptography and the role of the discrete logarithm problem in this subject. Part 2: The second part of this thesis consists of chapters 2 to 4. In this part I will define elliptic curves and give its basic arithmetic properties. Chapter 2 will give the basic properties of elliptic curves over arbitrary algebraically closed fields, while chapter 3 will deal with elliptic curves over finite fields. In section 4 an algorithm will be given that computes the most important quantity of elliptic curves over finite fields, i.e., its number of rational points. Part 3: In the last part I will focus on the role of elliptic curves in cryptography. First, in chapter 5, I will give a few explicit examples of how elliptic curves can be used in cryptography. After that I will explain the most important attacks on the discrete logarithm problem. These include attacks on the discrete logarithm problem for general groups in chapter 6 and three attacks on this problem for certain specific elliptic curves in chapter 7 to 9. In this thesis I will assume that the reader has some basic mathematical maturity. For example, some knowledge about abelian groups, rings and (general and finite) fields is necessary. Also I will use Cayley- Hamilton's theorem and the Chinese remainder theorem without stating them. In addition I will assume the reader to be familiar with the notion `algebraic varieties' and `algebraic curves'. Some basic knowledge about objects like the divisor group of a curve or the vector space of differential forms on a curve will be very useful. For a reader who is unfamiliar with the subject, reading the first two chapters of Silverman's beautifully written book [45] might suffice. 5 1 Introduction to Cryptography 1.1 The Objectives of Cryptography Suppose someone wants to send a message to a receiver, but he wants to be sure that no-one else can read it, even though the message might be intercepted by a third party. The solution to this problem is cryptography. Cryptography uses mathematics to enable us to transmit sensitive information safely over a potentially insecure network. It is a very interesting field of research where security and computer science meet mathematics. However even before computers existed, cryptography was already used. For example in the first and second world war, the government as well as the military relied on cryptography to safely send sensitive information to one another. Later, with the upcoming of computers and the ienternet, the demand for cryptography from the private sector rose. Nowadays cryptography is widely used by businesses and banks all over the world. We will assume a situation where Alice and Bob (commonly used in cryptography because of their handy abbreviations A and B) want to communicate in a secure manner over an insecure channel. That is, if an eavesdropper Eve (E) were to listen to the conversation, he or she should not be able to extract the original message. In cryptographic terminology the original message is called plaintext or cleartext, encoding the message in such a way that the content is hidden for Eve is called encryption, the encrypted message is called cyphertext and the process of retrieving the plaintext from the cyphertext is called decryption. The manner in which the cleartext is encrypted is called the cryptographic system or cryptosystem. The secret information used to encrypt the the cleartext is called the key of the cryptosystem. Thus being in possession of the key should make decrypting the cyphertext `easy'. Cryptography in general is concerned with a number of problems. The most important ones are listed below: • Confidentiality, which is the process of keeping information secret so that only the intended recipient is able to understand it. • Authentication, which is the process of providing proof of identity of the sender to the recipient, so that the recipient can be assured that the sender is who he claims to be. • Integrity, which is the problem of ensuring that the send information is not altered or otherwise tampered with during its transit or its storage on a network. • Non-repudiation, which prevents an entity from denying having send a certain message. For example, the sender might have send authorization for the purchase of property to someone else and later deny having given such authorization. Adequately addressing these problems is the main goal of cryptography. 1.2 Symmetric vs Public-Key Cryptography Roughly speaking there are two kinds of cryptosystems; symmetric and Public-key or asymmetric cryptosys- tems. In a symmetric cryptosystem Alice and Bob need to have access to the same secret key, which is used to encrypt the plaintext as well as decrypt it.
Load more

Recommended publications
  • Arxiv:1905.03954V1 [Math.AG] 10 May 2019 0 ∗ ∗ ⊥⊥ ∗ 0 0 → Homgr Pic (X), K → (ΣX ) /ΣX → Pic (X) for Algebraically Closed K (And an Analog for finite fields)
    AN IDELIC QUOTIENT RELATED TO WEIL RECIPROCITY AND THE PICARD GROUP JOSE´ MAR´IA MUNOZ~ PORRAS, LUIS MANUEL NAVAS VICENTE, FERNANDO PABLOS ROMO, AND FRANCISCO J. PLAZA MART´IN Abstract. This paper studies the function field of an algebraic curve over an arbitrary perfect field by using the Weil reciprocity law and topologies on the adele ring. A topological subgroup of the idele class group is introduced and it is shown how it encodes arithmetic properties of the base field and of the Picard group of the curve. These results are applied to study extensions of the function field. Dedicated to the memory of Jos´eMar´ıaMu~nozPorras 1. Introduction The study of extensions of a given field is a classical problem in mathematics. Within algebraic number theory, class field theory is concerned with the classifica- tion of abelian extensions of local and global fields ([5, Chap. XV, Tate's Thesis], [16]). This paper studies function fields of algebraic curves over an arbitrary perfect field by mimicking the approach of class field theory. To be more precise, recall that, in the case of number fields, Tate proved the existence of a duality in the following sense: if Σ is a number field and AΣ is its adele ring, the character group of AΣ=Σ is isomorphic to Σ. Here, we explore the multiplicative analog of this result in the case of function fields of an algebraic curve X. For this purpose, ∗ we consider the multiplicative group of the function field of the curve, ΣX , as a 1 subgroup of the idele group IX , and the pairing used to establish the duality is the local multiplicative symbol ([7, 11]).
    [Show full text]
  • On the Security of Pairing Implementations Ronan Lashermes
    On the security of pairing implementations Ronan Lashermes To cite this version: Ronan Lashermes. On the security of pairing implementations. Cryptography and Security [cs.CR]. Université de Versailles-Saint Quentin en Yvelines, 2014. English. NNT : 2014VERS0021. tel- 01128871 HAL Id: tel-01128871 https://tel.archives-ouvertes.fr/tel-01128871 Submitted on 10 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ecole´ doctorale Sciences et Technologies de Versailles - STV - ED 539 Etude´ de la s´ecurit´edes impl´ementations de couplage On the security of pairing implementations THESE` pr´esent´eeet soutenue publiquement le 29 Septembre 2014 pour le grade de Docteur de l'Universit´ede Versailles St-Quentin-en-Yvelines (sp´ecialit´einformatique) par Ronan Lashermes Composition du jury Rapporteurs : Antoine Joux, UPMC Jean-Pierre Seifert, TU-Berlin Examinateurs : Pierre-Alain Fouque, Universit´eRennes 1 Jacques Fournier, CEA-Tech Daniel Page, University of Bristol Directeur de th`ese: Louis Goubin, UVSQ Laboratoire Parall´elisme,R´eseaux,Syst`emeset Mod´elisationPRiSM { UMR 8144 | CEA-Tech Uses a latex class derived from thesul. Acronyms ABE Attribute-Based Encryption. 10, 41 AES Advanced Encryption Standard. 2, 3, 5, 47 BDH Bilinear Diffie-Hellman.
    [Show full text]
  • Reciprocity Laws on Curves Compositio Mathematica, Tome 72, No 2 (1989), P
    COMPOSITIO MATHEMATICA ROBERT F. COLEMAN Reciprocity laws on curves Compositio Mathematica, tome 72, no 2 (1989), p. 205-235 <http://www.numdam.org/item?id=CM_1989__72_2_205_0> © Foundation Compositio Mathematica, 1989, tous droits réservés. L’accès aux archives de la revue « Compositio Mathematica » (http: //http://www.compositio.nl/) implique l’accord avec les conditions gé- nérales d’utilisation (http://www.numdam.org/conditions). Toute utilisa- tion commerciale ou impression systématique est constitutive d’une in- fraction pénale. Toute copie ou impression de ce fichier doit conte- nir la présente mention de copyright. Article numérisé dans le cadre du programme Numérisation de documents anciens mathématiques http://www.numdam.org/ Compositio Mathematica 72: 205-235,205 1989. (Ç) 1989 Kluwer Academic Publishers. Printed in the Netherlands. Reciprocity laws on curves ROBERT F. COLEMAN Department of Mathematics, University of California, Berkeley, California 94720, USA Received 1 March 1988; accepted in revised form 16 March 1989 Introduction In this paper we will present a p-adic analogue of the reciprocity law for Green’s functions on a Riemann surface, Theorem 1.4 below. In the process we will give a new proof of this classical result. The p-adic result may be used to prove the symmetry of p-adic heights. The p-adic Green’s functions are described in [CG] and are obtained using the results of [CdS] by integrating normalized differentials of the third kind. Our results are proven for any collection of functions on a curve satisfying certain (mainly formal) properties described in Sections 1 and 5. The method of proof is to first push the proof of Weil reciprocity given in Serre’s Groupes Algebriques et Corps de Classes, as far as it will go (§1).
    [Show full text]
  • Guide to the Exercises Ty Ruthlawrence Oxford University
    APPENDIX Guide to the Exercises ty RuthLawrence Oxford University The purpose of this appendix is to give, for each exercise, a comment, a hint, a sketch, or in a few cases, a complete solution. Pure algebra has not been worked. Exercises which are merely a matter of applying techniques given in the text to particular examples for the purpose of drill have not generally been solved fully here-the answers only being given. When there is -a batch of somewhat similar questions a representative question has been selected to be completely solved and answers only have been given to the rest. A few questions involve rather tedious numerical calculations not reducible by technique. Readers who have c:arried these out can, by checking their answers against the given ones, gain confidence. They mayaiso be comforted to discover that they have not missed some subtle point or ingeniously simple route to a solution. In a few cases a link is suggested to oonnected problems which the interested reader may like to pursue. I hope that this appendix will fulfill its purpose of helping readers who experience any difficulties with the problems to overcome them; thus gaining the maximum understanding and insight which the author intended by his carefully chosen incorporation into the text. I wish to acknowledge the help received from Professor Husemöller whilst compiling this appendix, by way of some useful discussions and suggestions. CHAPTER 1, §1 1. TedioUl calculation gives: 7P = ( - 5/9, 8/27), 8P = (21/25, -69/125), 9P = (-20/49, -435/343), 10P = (161/16, -2065/64), 316 Appendix.
    [Show full text]
  • 1 Lecture 1: Basic Definitions
    Algebraic number theory: elliptic curves These are notes of lecture course on elliptic curves in the Independent University of Moscow in Spring 2016 based on books [13], [9], [4], [7]. If you have any questions or comments, please write to [email protected] Aknowledgements. I am very grateful to IUM for hospitality and help, and to Michael Rosenblum for numerous helpful comments. 1 Lecture 1: basic definitions 1.1 Brief history The first appearance of elliptic curves is in "Arithmetica" by Diophantus: To divide a given number into two numbers such that their product is a cube minus its side. We call the sum of them a given number a and then we have to find x and y, s. t. y(a − y) = x3 − x: This is a curve of degree 3 and a line intersects it in three points counted with multiplicities, so if we construct one rational point we can obtain some other by building tangent lines or lines through two points. Later this method will grow up to an "Additional law" on a curve. In these lectures we will come to more explicit Definition 1.1. An elliptic curve is a smooth, projective algebraic curve of genus one with a specified point O. Sometimes more general definition is used: any algebraic curve of genus one. Or another definition we will work with: it is a curve defined by an equation of the form y2 = P (x), where P is a polynomial of degree 3. De- veloping of theory of elliptic curves depends on a field k, where we look at E defined over k, for example one may work with rational numbers, real numbers, complex numbers, fields of finite characteristic in particular of char 2 or 3.
    [Show full text]
  • Final Report Arithmetic Statistics for Elliptic Curves
    Advanced Research Project in Mathematics Department of Computing Final Report Arithmetic Statistics for Elliptic Curves Modelling the Selmer group, the Tate-Shafarevich group, and the Mordell-Weil rank of elliptic curves over number fields Supervisor Author Professor Toby Gee David Kurniadi Angdinata 01201743 Second marker Professor Alexei Skorobogatov June 2020 A project submitted in partial fulfillment of the requirement for the award of MEng Mathematics and Computer Science (Pure Mathematics and Computational Logic) degree of Imperial College London Abstract The Mordell-Weil theorem states that any elliptic curve E defined over a number field K is a finitely generated abelian group, so that E (K) is isomorphic to a direct product of a finite torsion subgroup and a free abelian group of finite rank. Over the rationals, while the torsion subgroup is fully understood from a result by Mazur, the Mordell-Weil rank is much less understood. For instance, it remains an open question if it is bounded above, with a historical belief that it is not, due to much empirical evidence. A recent probabilistic model proposed by Poonen et al provides theoretical evidence to refute this claim, namely that all but finitely many rational elliptic curves have rank at most 21. Their proposed heuristic is based on modelling Tate-Shafarevich groups using random alternating matrices, and has its grounds in a theorem that a pe-Selmer group is almost always the intersection of two Lagrangian direct summands of a metabolic quadratic Z=pe-module of infinite rank, a consequence of standard arithmetic duality theorems. This project aims to serve as an introduction to the style of arguments in arithmetic statistics by providing a full proof of this result, as well as verifying desired properties of a heuristic that models this result.
    [Show full text]
  • On the Generation of Pairing-Friendly Elliptic Curves
    On the generation of pairing-friendly elliptic curves Gaëtan BISSON Mémoire de M2 sous la direction de 3÷ Takakazu SATOH <«â Institut de Technologie de Tokyo [Ó(£± Université d’Orsay — Paris XI Master Mathématiques Fondamentales et Appliquées Spécialité Analyse, arithmétique et géométrie Abstract Pairings were first studied as potential attacks on elliptic curve-based cryptography. Recently, protocols have been proposed that make a constructive use of pairings; they require pairing-friendly elliptic curves, that is elliptic curves with large prime order subgroup and efficiently computable pairing. Here, we shall study the generation of such curves. I. The first part is concerned with fundamental elliptic curve related notions (including pairings); we also point out the relevance of elliptic curves in cryptography. II. The next part is devoted to complex multiplication theory which is a key element in the generation of elliptic curves. III. In the last part, we establish various methods to generate pairing-friendly elliptic curves. Acknowledgements First of all, I would like to thank Pr. Takakazu SATOH for his supervision of this internship as well as for welcoming me to Japan; his kind help (even when not directly related to mathematics) has been most valuable to me. My thanks also go to Pr. Nobushige KUROKAWA [a] for his very warm welcome at the laboratory of number theory. It has been a pleasure to work there with Tetsuya DAIKU amongst other students attending the number theory seminar; I also want to mention the existence of a small crypto seminar which consisted in the two of us. On the french side, I am grateful to Pr.
    [Show full text]
  • Mahler's Measure and Elliptic Curves with Potential Complex Multiplication
    Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo To cite this version: Riccardo Pengo. Mahler’s measure and elliptic curves with potential complex multiplication. 2020. hal-02991139 HAL Id: hal-02991139 https://hal.archives-ouvertes.fr/hal-02991139 Preprint submitted on 5 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo Abstract Given an elliptic curve dened over Q which has potential complex multiplication by the ring of integers O of an imaginary quadratic eld we construct a polynomial % 2 Z»G,~¼ which is a planar model of and such that the Mahler measure <¹%º 2 R is related to the special value of the !-function !¹, Bº at B = 2. SECTION 1 Introduction Let be an elliptic curve dened over a number eld and let !¹, Bº be its !-function (see [67, § C.16] for ! , B an introduction). We know that if has potential complex multiplication (i.e. End ¹ º Z) then ¹ º is an entire function, dened over the whole complex plane C, which satises a functional equation relating !¹, Bº to !¹, 2 − Bº (in the “arithmetic” normalisation, that we will use in this paper).
    [Show full text]
  • 24 Divisors and the Weil Pairing
    18.783 Elliptic Curves Spring 2017 Lecture #24 05/10/2017 24 Divisors and the Weil pairing In this lecture we address a completely new topic, the Weil Pairing, which has many practical and theoretical applications. In order to define the Weil pairing we first need to expand our discussion of the function field of a curve from Lecture 5. This requires a few basic results from commutative algebra and algebraic geometry that we will not take the time to prove; almost everything we need it is summarized in the first two chapters of Silverman’s book [6], which I recommend reviewing if you have not seen this material before. 24.1 Valuations on the function field of a curve Let C=k be a smooth projective curve defined by a homogeneous polynomial fC (x; y; z) = 0 that (as always) we assume is irreducible over k¯.1 In order to simplify the presentation, we are going to assume in this section that k = k¯ is algebraically closed, but we will note in remarks along the way how to handle non-algebraically closed (but still perfect) fields. In Lecture 5 we defined the function field k(C) as the field of rational functions g=h, where g; h 2 k[x; y; z] are homogeneous polynomials of the same degree with h 62 (fC ), modulo the equivalence relation g1 g2 ∼ () g1h2 − g2h1 2 (fC ): h1 h2 1 Alternatively, we can view the function g=h as a rational map (g : h) from C to P . Our assumption that C is smooth implies that this rational map is actually a morphism, meaning that it is defined at every point P 2 C(k¯); this was stated as Theorem 5.10 and we will 1 prove it below.
    [Show full text]
  • Lectures on Modular Forms 1St Edition Free Download
    FREE LECTURES ON MODULAR FORMS 1ST EDITION PDF Joseph J Lehner | 9780486821405 | | | | | Lectures on Modular Forms - Robert C. Gunning - Google книги In mathematicsa modular form is a complex analytic function on the upper half-plane satisfying a certain kind of functional equation with respect to the group action of the modular groupand also satisfying a growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections with number theory. Modular forms appear in other areas, such as algebraic topologysphere packingand string theory. Instead, modular functions are meromorphic that is, they are almost holomorphic except for a set of isolated points. Modular form theory is a special case of the more general theory of automorphic formsand therefore can now be seen as just the most concrete part of a rich theory of discrete groups. Modular forms can also be interpreted as sections of a specific line bundles on modular varieties. The dimensions of these spaces of modular forms can be computed using the Riemann—Roch theorem [2]. A Lectures on Modular Forms 1st edition form of weight k for the modular group. A modular form can equivalently be defined as a function F from the set of lattices in C to the set of complex numbers which satisfies certain conditions:. The simplest examples from this point of view are the Eisenstein series. Then E k is a modular form of weight k. An even unimodular lattice L in R n is a lattice generated by n Lectures on Modular Forms 1st edition forming the columns of a matrix of determinant 1 and satisfying the condition that the square of the length of each vector in L is an even integer.
    [Show full text]
  • Non-Abelian Reciprocity Laws on a Riemann Surface
    Non-abelian Reciprocity Laws on a Riemann Surface I. Horozov ∗ Department of Mathematics, Brandeis University, 415 South Street, MS 050, Waltham, MA 02454 Abstract On a Riemann surface there are relations among the periods of holomorphic differential forms, called Riemann's relations. If one looks carefully in Riemann's proof, one notices that he uses iterated integrals. What I have done in this paper is to generalize these relations to relations among generating series of iterated integrals. Since it is formulated in terms of generating series, it gives infinitely many relations - one for each coefficient of the generating series. The degree one term gives that the sum of the residues of a differential form is zero. The degree 2 term gives Riemann's relations. The new result is reciprocity for the higher degree terms, which give non-trivial relations among iterated integrals on a Riemann surface. We give explicit formulas for degree 3 terms. Also we refine the definition of Manin's non-commutative modular symbols in order to include Eisenstein series. Contents 0 Introduction 1 1 Background on iterated integrals 3 1.1 Definition of iterated integrals . 3 1.2 Homotopy invariance of iterated integrals . 3 1.3 Differential equation . 5 1.4 Multiplication formulas . 5 1.5 Shuffle relations . 6 1.6 Reversing the path . 6 2 Non-abelian reciprocity law on a Riemann surface 6 2.1 Iterated integrals over a loop around a pole . 7 2.2 Generating series of iterated integrals over a loop around a pole . 10 2.3 Generating series over α and β cycles of a Riemann surface .
    [Show full text]
  • The Resultant of Developed Systems of Laurent Polynomials
    THE RESULTANT OF DEVELOPED SYSTEMS OF LAURENT POLYNOMIALS A. G. KHOVANSKII AND LEONID MONIN To the memory of Vladivir Igorevich Arnold Abstract. Let R∆(f1; : : : ; fn+1) be the ∆-resultant (see below) of (n + 1)-tuple of Laurent polynomials. We provide an algorithm for computing R∆ assuming that an n-tuple (f2; : : : ; fn+1) is de- veloped (see sec.6). We provide a relation between the product of ∗ n f1 over roots of f2 = ··· = fn+1 = 0 in (C ) and the product ∗ n of f2 over roots of f1 = f3 = ··· = fn+1 = 0 in (C ) assuming that the n-tuple (f1f2; f3; : : : ; fn+1) is developed. If all n-tuples contained in (f1; : : : ; fn+1) are developed we provide a signed ver- sion of Poisson formula for R∆. In our proofs we use topological arguments and topological version of the Parshin reciprocity laws. 1. Introduction. To a Laurent polynomial f in n variables one associates its Newton polyhedron ∆(f) which is a convex lattice polyhedron in Rn (through all of this paper by polyhedron we will mean compact convex polyhe- dron with integer vertices). A system of n equations f1 = ··· = fn = 0 in (C∗)n is called developed if (roughly speaking) their Newton poly- hedra ∆(fi) are located generically enough with respect to each other. The exact definition (see also sec.6) is as follows: a collection of n poly- n n ∗ hedra ∆1;:::; ∆n ⊂ R is called developed if for any covector v 2 (R ) there is i such that on the polyhedron ∆i the inner product with v attains its biggest value precisely at a vertex of ∆i.
    [Show full text]