DOCSLIB.ORG

On the Security of Pairing Implementations Ronan Lashermes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On the Security of Pairing Implementations Ronan Lashermes On the security of pairing implementations Ronan Lashermes To cite this version: Ronan Lashermes. On the security of pairing implementations. Cryptography and Security [cs.CR]. Université de Versailles-Saint Quentin en Yvelines, 2014. English. NNT : 2014VERS0021. tel- 01128871 HAL Id: tel-01128871 https://tel.archives-ouvertes.fr/tel-01128871 Submitted on 10 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ecole´ doctorale Sciences et Technologies de Versailles - STV - ED 539 Etude´ de la s´ecurit´edes impl´ementations de couplage On the security of pairing implementations THESE` pr´esent´eeet soutenue publiquement le 29 Septembre 2014 pour le grade de Docteur de l'Universit´ede Versailles St-Quentin-en-Yvelines (sp´ecialit´einformatique) par Ronan Lashermes Composition du jury Rapporteurs : Antoine Joux, UPMC Jean-Pierre Seifert, TU-Berlin Examinateurs : Pierre-Alain Fouque, Universit´eRennes 1 Jacques Fournier, CEA-Tech Daniel Page, University of Bristol Directeur de th`ese: Louis Goubin, UVSQ Laboratoire Parall´elisme,R´eseaux,Syst`emeset Mod´elisationPRiSM { UMR 8144 | CEA-Tech Uses a latex class derived from thesul. Acronyms ABE Attribute-Based Encryption. 10, 41 AES Advanced Encryption Standard. 2, 3, 5, 47 BDH Bilinear Diffie-Hellman. 42, 49, 127, 128, 131 BLS Barreto-Lynn-Scott. 34, 35 BN Barreto-Naehrig. 6, 32, 34, 35, 38, 43, 44, 48, 57, 60, 61, 63, 72, 109, 122, 123, 125, 131, 133, 134, 136, 150 CDH Computational Diffie-Hellman. 42, 127 CM Complex Multiplication. 33 DDH Decisional Diffie-Hellman. 42, 127 DEM Dupont-Enge-Morain. 33 DES Data Encryption Standard. 2 DFA Differential Fault Attack. 6 DLP Discrete Logarithm Problem. 4, 5, 34, 42, 43, 123, 127, 128 ECB Electronic Code Book. 5 ECC Elliptic Curves Cryptography. 3, 4 ECDLP Elliptic Curve Discrete Logarithm Problem. 3–5, 34, 42, 43, 123, 127, 128 EM Electromagnetic. 6, 46, 48–52, 57, 68, 78, 92, 94, 101, 109, 110, 129–132, 139, 148, 150, 151 FA Fault Attack. 46, 59, 78, 79, 101, 110, 129, 151 FE Final Exponentiation. 38, 44, 79–82, 84, 87, 92, 98, 100, 101, 107, 109, 110, 141, 142, 144, 145, 148, 150, 151 FIB Focused Ion Beam. 6 GMV Galbraith-McKee-Valença. 34 HIBE Hierarchical Identity-Based Encryption. 10, 40, 41 i ii Acronyms IBE Identity-Based Encryption. 4, 6, 10, 39–41, 49, 59, 126, 131 KSS Kachisa-Schaefer-Scott. 34, 35 MA Miller Algorithm. 44, 79, 87, 101, 110, 141, 150 MNT Miyaji-Nakabayashi-Takano. 33–35 PBC Pairing-Based Cryptography. 4, 6, 10, 42, 109, 110, 127, 128, 150 PC Personal Computer. 48, 101, 102, 131 PKC Public-key cryptography. 1–4 PKG Private Key Generator. 39–41, 126, 127 PKI Public-Key Infrastructure. 39, 126 RAM Random Access Memory. 47, 49, 52, 94, 131 RNS Residue Number System. 16 ROM Read-Only Memory. 49, 131 SCA Side-Channels Analysis. 6, 46, 101, 110, 129, 140, 151 USB Universal Serial Bus. 48 XOR eXclusive OR. 13, 47 List of Figures 2.1 Algorithm for the Final Exponentiation (FE) in Fp12 . x is a public parameter of the curve. 38 3.1 Electromagnetic (EM) bench scheme for fault injection. 50 3.2 Zoom on the EM probe. 50 3.3 Scales for the chip, the probe and the vulnerable surface. 52 3.4 Coarse XY mapping with AMP = −210 V. Red (light) if the fault injection raised an interrupt, blue (dark) when an undetected fault has been created. 53 3.5 Coarse and fine-grained XY mappings scales. 54 3.6 Fine-grained XY mapping. Red (light) if the fault injection raised an interrupt, blue (dark) when an undetected fault has been created. 54 3.7 Y coordinate versus AMP at X =131 200 µm. Red (light) if the fault injection raised an interrupt, blue (dark) when an undetected fault has been created. 55 3.8 AMP versus DELAY. Red (light) if the fault injection raised an interrupt, blue (dark) when an undetected fault has been created. 55 3.9 AMP versus Y coordinate. Red (light) if the fault injection raised an interrupt, blue (dark) when an undetected fault has been created. The X scale is different since this experiment was done during a campaign different from the others. 56 5.1 First fault location in the FE. 81 5.2 Second fault location in the FE. 84 5.3 e1 fault location. 89 5.4 e2,e3 fault locations. 90 5.5 e4,e5,e6 fault locations. 91 6.1 Upgraded EM bench scheme. 102 iii iv List of Figures List of Tables 2.1 Asymptotic complexities of modular multiplication algorithms . 16 2.2 Cost for the quadratic extension. 18 2.3 Cost for the cubic extension. 20 2.4 Cost for the tower extension 2 · 2 · 3.......................... 20 2.5 Cost for the tower extension 2 · 3 · 2.......................... 20 2.6 Cost for the tower extension 3 · 2 · 2.......................... 21 2.7 Cyclotomic polynomials . 37 2.8 Computation time vs security level. 44 3.1 Number of calls to Fp primitive operations in our implementation. 49 6.1 Statistics for a fault on Miller only (total: 50 injections). AMP: −190 V, DELAY: 235.6 ns ......................................... 104 6.2 Statistics for a fault on the Final Exponetiation (fault on f1, total: 50 injections). AMP: −150 V, DELAY: 329 ns............................ 104 6.3 Statistics for a double fault injection (total: 650 injections). 104 v vi List of Tables Contents Acronyms i List of Figures iii List of Tables v 1 General introduction 1 1.1 Introduction to cryptography . .2 1.1.1 Symmetric-key cryptography . .2 1.1.2 Public-key cryptography . .2 1.2 Introduction to cryptanalysis . .4 1.2.1 Classical cryptanalysis . .4 1.2.2 Physical attacks . .5 1.3 In this thesis . .6 2 The design of a pairing based crypto-system 9 2.1 Mathematical background . 10 2.1.1 Algebra basics . 10 2.1.2 Functions . 11 2.1.3 Equivalence relations and classes . 12 2.2 Finite fields . 12 2.2.1 Definitions . 12 2.2.2 Computations over finite fields . 13 2.3 Extension fields . 16 2.3.1 Definitions . 16 2.3.2 Computations on quadratic extensions [BGDM+10] . 17 2.3.3 Computations on cubic extensions [BGDM+10] . 18 2.3.4 Example: constructing tower extensions for Fp12 .............. 19 2.4 Elliptic curves . 21 2.4.1 Definitions . 21 vii viii Contents 2.4.2 Operations on an elliptic curve . 22 2.4.3 r-torsion . 27 2.4.4 Twists of elliptic curves . 27 2.5 Pairings . 28 2.5.1 Divisors . 28 2.5.2 Definitions . 29 2.5.3 Weil pairing . 30 2.5.4 Tate pairing . 31 2.5.5 Ate pairing [HSV06] . 31 2.5.6 Optimal Ate (OATE) pairing [Ver10] . 32 2.5.7 Families of elliptic curves for pairings . 33 2.6 Miller algorithm . 35 2.7 Final exponentiation for Tate-like pairings . 36 2.7.1 Basic method . 37 2.7.2 Other methods . 38 2.8 Protocols for PBC . 39 2.8.1 One round tripartite key exchange . 39 2.8.2 Identity-Based Encryption (IBE) [BF01] . 39 2.8.3 Hierarchical Identity-Based Encryption (HIBE) . 40 2.8.4 Attribute-Based Encryption (ABE) . 41 2.9 Cryptanalysis of pairing based cryptography . 42 2.9.1 Cryptographic problems . 42 2.9.2 Cryptanalysis and Pairing-Based Cryptography (PBC) . 43 2.10 Conclusion . 44 3 Setting up fault attacks against PBC 45 3.1 Physical attacks . 46 3.1.1 Physical attack techniques . 46 3.1.2 Fault models . 46 3.1.3 Examples of fault attacks . 47 3.2 Setting-up the EM bench for injecting faults . 48 3.2.1 Device Under Test . 48 3.2.2 Targeted program . 48 3.2.3 Targeted protocol . 49 3.2.4 Apparatus . 49 3.2.5 Preliminary experiments . 51 3.3 Conclusion . 57 ix 4 Fault attacks on the Miller algorithm 59 4.1 Theoretical fault attacks on the Miller algorithm . 61 4.1.1 Data-flow attacks on the Miller algorithm . 61 4.1.2 Control-flow attacks on the Miller algorithm . 62 4.1.3 How to find the secret . 64 4.2 Practical fault attacks on the Miller algorithm . 68 4.3 Countermeasures to protect the Miller algorithm . 73 4.3.1 Countermeasures in the literature . 73 4.3.2 Evaluating the countermeasures . 74 4.4 Conclusion . 78 5 Fault attacks on the Final Exponentiation 79 5.1 A fault attack to.
Load more

Recommended publications
  • Arxiv:1905.03954V1 [Math.AG] 10 May 2019 0 ∗ ∗ ⊥⊥ ∗ 0 0 → Homgr Pic (X), K → (ΣX ) /ΣX → Pic (X) for Algebraically Closed K (And an Analog for finite fields)
    AN IDELIC QUOTIENT RELATED TO WEIL RECIPROCITY AND THE PICARD GROUP JOSE´ MAR´IA MUNOZ~ PORRAS, LUIS MANUEL NAVAS VICENTE, FERNANDO PABLOS ROMO, AND FRANCISCO J. PLAZA MART´IN Abstract. This paper studies the function field of an algebraic curve over an arbitrary perfect field by using the Weil reciprocity law and topologies on the adele ring. A topological subgroup of the idele class group is introduced and it is shown how it encodes arithmetic properties of the base field and of the Picard group of the curve. These results are applied to study extensions of the function field. Dedicated to the memory of Jos´eMar´ıaMu~nozPorras 1. Introduction The study of extensions of a given field is a classical problem in mathematics. Within algebraic number theory, class field theory is concerned with the classifica- tion of abelian extensions of local and global fields ([5, Chap. XV, Tate's Thesis], [16]). This paper studies function fields of algebraic curves over an arbitrary perfect field by mimicking the approach of class field theory. To be more precise, recall that, in the case of number fields, Tate proved the existence of a duality in the following sense: if Σ is a number field and AΣ is its adele ring, the character group of AΣ=Σ is isomorphic to Σ. Here, we explore the multiplicative analog of this result in the case of function fields of an algebraic curve X. For this purpose, ∗ we consider the multiplicative group of the function field of the curve, ΣX , as a 1 subgroup of the idele group IX , and the pairing used to establish the duality is the local multiplicative symbol ([7, 11]).
    [Show full text]
  • Reciprocity Laws on Curves Compositio Mathematica, Tome 72, No 2 (1989), P
    COMPOSITIO MATHEMATICA ROBERT F. COLEMAN Reciprocity laws on curves Compositio Mathematica, tome 72, no 2 (1989), p. 205-235 <http://www.numdam.org/item?id=CM_1989__72_2_205_0> © Foundation Compositio Mathematica, 1989, tous droits réservés. L’accès aux archives de la revue « Compositio Mathematica » (http: //http://www.compositio.nl/) implique l’accord avec les conditions gé- nérales d’utilisation (http://www.numdam.org/conditions). Toute utilisa- tion commerciale ou impression systématique est constitutive d’une in- fraction pénale. Toute copie ou impression de ce fichier doit conte- nir la présente mention de copyright. Article numérisé dans le cadre du programme Numérisation de documents anciens mathématiques http://www.numdam.org/ Compositio Mathematica 72: 205-235,205 1989. (Ç) 1989 Kluwer Academic Publishers. Printed in the Netherlands. Reciprocity laws on curves ROBERT F. COLEMAN Department of Mathematics, University of California, Berkeley, California 94720, USA Received 1 March 1988; accepted in revised form 16 March 1989 Introduction In this paper we will present a p-adic analogue of the reciprocity law for Green’s functions on a Riemann surface, Theorem 1.4 below. In the process we will give a new proof of this classical result. The p-adic result may be used to prove the symmetry of p-adic heights. The p-adic Green’s functions are described in [CG] and are obtained using the results of [CdS] by integrating normalized differentials of the third kind. Our results are proven for any collection of functions on a curve satisfying certain (mainly formal) properties described in Sections 1 and 5. The method of proof is to first push the proof of Weil reciprocity given in Serre’s Groupes Algebriques et Corps de Classes, as far as it will go (§1).
    [Show full text]
  • Guide to the Exercises Ty Ruthlawrence Oxford University
    APPENDIX Guide to the Exercises ty RuthLawrence Oxford University The purpose of this appendix is to give, for each exercise, a comment, a hint, a sketch, or in a few cases, a complete solution. Pure algebra has not been worked. Exercises which are merely a matter of applying techniques given in the text to particular examples for the purpose of drill have not generally been solved fully here-the answers only being given. When there is -a batch of somewhat similar questions a representative question has been selected to be completely solved and answers only have been given to the rest. A few questions involve rather tedious numerical calculations not reducible by technique. Readers who have c:arried these out can, by checking their answers against the given ones, gain confidence. They mayaiso be comforted to discover that they have not missed some subtle point or ingeniously simple route to a solution. In a few cases a link is suggested to oonnected problems which the interested reader may like to pursue. I hope that this appendix will fulfill its purpose of helping readers who experience any difficulties with the problems to overcome them; thus gaining the maximum understanding and insight which the author intended by his carefully chosen incorporation into the text. I wish to acknowledge the help received from Professor Husemöller whilst compiling this appendix, by way of some useful discussions and suggestions. CHAPTER 1, §1 1. TedioUl calculation gives: 7P = ( - 5/9, 8/27), 8P = (21/25, -69/125), 9P = (-20/49, -435/343), 10P = (161/16, -2065/64), 316 Appendix.
    [Show full text]
  • 1 Lecture 1: Basic Definitions
    Algebraic number theory: elliptic curves These are notes of lecture course on elliptic curves in the Independent University of Moscow in Spring 2016 based on books [13], [9], [4], [7]. If you have any questions or comments, please write to [email protected] Aknowledgements. I am very grateful to IUM for hospitality and help, and to Michael Rosenblum for numerous helpful comments. 1 Lecture 1: basic definitions 1.1 Brief history The first appearance of elliptic curves is in "Arithmetica" by Diophantus: To divide a given number into two numbers such that their product is a cube minus its side. We call the sum of them a given number a and then we have to find x and y, s. t. y(a − y) = x3 − x: This is a curve of degree 3 and a line intersects it in three points counted with multiplicities, so if we construct one rational point we can obtain some other by building tangent lines or lines through two points. Later this method will grow up to an "Additional law" on a curve. In these lectures we will come to more explicit Definition 1.1. An elliptic curve is a smooth, projective algebraic curve of genus one with a specified point O. Sometimes more general definition is used: any algebraic curve of genus one. Or another definition we will work with: it is a curve defined by an equation of the form y2 = P (x), where P is a polynomial of degree 3. De- veloping of theory of elliptic curves depends on a field k, where we look at E defined over k, for example one may work with rational numbers, real numbers, complex numbers, fields of finite characteristic in particular of char 2 or 3.
    [Show full text]
  • Final Report Arithmetic Statistics for Elliptic Curves
    Advanced Research Project in Mathematics Department of Computing Final Report Arithmetic Statistics for Elliptic Curves Modelling the Selmer group, the Tate-Shafarevich group, and the Mordell-Weil rank of elliptic curves over number fields Supervisor Author Professor Toby Gee David Kurniadi Angdinata 01201743 Second marker Professor Alexei Skorobogatov June 2020 A project submitted in partial fulfillment of the requirement for the award of MEng Mathematics and Computer Science (Pure Mathematics and Computational Logic) degree of Imperial College London Abstract The Mordell-Weil theorem states that any elliptic curve E defined over a number field K is a finitely generated abelian group, so that E (K) is isomorphic to a direct product of a finite torsion subgroup and a free abelian group of finite rank. Over the rationals, while the torsion subgroup is fully understood from a result by Mazur, the Mordell-Weil rank is much less understood. For instance, it remains an open question if it is bounded above, with a historical belief that it is not, due to much empirical evidence. A recent probabilistic model proposed by Poonen et al provides theoretical evidence to refute this claim, namely that all but finitely many rational elliptic curves have rank at most 21. Their proposed heuristic is based on modelling Tate-Shafarevich groups using random alternating matrices, and has its grounds in a theorem that a pe-Selmer group is almost always the intersection of two Lagrangian direct summands of a metabolic quadratic Z=pe-module of infinite rank, a consequence of standard arithmetic duality theorems. This project aims to serve as an introduction to the style of arguments in arithmetic statistics by providing a full proof of this result, as well as verifying desired properties of a heuristic that models this result.
    [Show full text]
  • On the Generation of Pairing-Friendly Elliptic Curves
    On the generation of pairing-friendly elliptic curves Gaëtan BISSON Mémoire de M2 sous la direction de 3÷ Takakazu SATOH <«â Institut de Technologie de Tokyo [Ó(£± Université d’Orsay — Paris XI Master Mathématiques Fondamentales et Appliquées Spécialité Analyse, arithmétique et géométrie Abstract Pairings were first studied as potential attacks on elliptic curve-based cryptography. Recently, protocols have been proposed that make a constructive use of pairings; they require pairing-friendly elliptic curves, that is elliptic curves with large prime order subgroup and efficiently computable pairing. Here, we shall study the generation of such curves. I. The first part is concerned with fundamental elliptic curve related notions (including pairings); we also point out the relevance of elliptic curves in cryptography. II. The next part is devoted to complex multiplication theory which is a key element in the generation of elliptic curves. III. In the last part, we establish various methods to generate pairing-friendly elliptic curves. Acknowledgements First of all, I would like to thank Pr. Takakazu SATOH for his supervision of this internship as well as for welcoming me to Japan; his kind help (even when not directly related to mathematics) has been most valuable to me. My thanks also go to Pr. Nobushige KUROKAWA [a] for his very warm welcome at the laboratory of number theory. It has been a pleasure to work there with Tetsuya DAIKU amongst other students attending the number theory seminar; I also want to mention the existence of a small crypto seminar which consisted in the two of us. On the french side, I am grateful to Pr.
    [Show full text]
  • Mahler's Measure and Elliptic Curves with Potential Complex Multiplication
    Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo To cite this version: Riccardo Pengo. Mahler’s measure and elliptic curves with potential complex multiplication. 2020. hal-02991139 HAL Id: hal-02991139 https://hal.archives-ouvertes.fr/hal-02991139 Preprint submitted on 5 Nov 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mahler’s measure and elliptic curves with potential complex multiplication Riccardo Pengo Abstract Given an elliptic curve dened over Q which has potential complex multiplication by the ring of integers O of an imaginary quadratic eld we construct a polynomial % 2 Z»G,~¼ which is a planar model of and such that the Mahler measure <¹%º 2 R is related to the special value of the !-function !¹, Bº at B = 2. SECTION 1 Introduction Let be an elliptic curve dened over a number eld and let !¹, Bº be its !-function (see [67, § C.16] for ! , B an introduction). We know that if has potential complex multiplication (i.e. End ¹ º Z) then ¹ º is an entire function, dened over the whole complex plane C, which satises a functional equation relating !¹, Bº to !¹, 2 − Bº (in the “arithmetic” normalisation, that we will use in this paper).
    [Show full text]
  • 24 Divisors and the Weil Pairing
    18.783 Elliptic Curves Spring 2017 Lecture #24 05/10/2017 24 Divisors and the Weil pairing In this lecture we address a completely new topic, the Weil Pairing, which has many practical and theoretical applications. In order to define the Weil pairing we first need to expand our discussion of the function field of a curve from Lecture 5. This requires a few basic results from commutative algebra and algebraic geometry that we will not take the time to prove; almost everything we need it is summarized in the first two chapters of Silverman’s book [6], which I recommend reviewing if you have not seen this material before. 24.1 Valuations on the function field of a curve Let C=k be a smooth projective curve defined by a homogeneous polynomial fC (x; y; z) = 0 that (as always) we assume is irreducible over k¯.1 In order to simplify the presentation, we are going to assume in this section that k = k¯ is algebraically closed, but we will note in remarks along the way how to handle non-algebraically closed (but still perfect) fields. In Lecture 5 we defined the function field k(C) as the field of rational functions g=h, where g; h 2 k[x; y; z] are homogeneous polynomials of the same degree with h 62 (fC ), modulo the equivalence relation g1 g2 ∼ () g1h2 − g2h1 2 (fC ): h1 h2 1 Alternatively, we can view the function g=h as a rational map (g : h) from C to P . Our assumption that C is smooth implies that this rational map is actually a morphism, meaning that it is defined at every point P 2 C(k¯); this was stated as Theorem 5.10 and we will 1 prove it below.
    [Show full text]
  • The Use of Elliptic Curves in Cryptography
    Master's thesis in Mathematics The use of elliptic curves in cryptography by Gijsbert van Vliet Nijmegen, June 2015 Supervisors: Prof. dr. B.J.J. Moonen Dr. W. Bosma Acknowledgements First of all I would like to express my sincerest gratitude to my supervisor prof. dr. Ben Moonen for all his support throughout the learning process of this master's thesis. Without his patience, encouragement and all insightful conversations we shared, this thesis would have never been completed. Also I would like to thank dr. Wieb Bosma for putting so much of his precious time into helping me and for providing numerous useful remarks. Furthermore I would like to thank my family and loved ones, who supported me throughout the entire process, both financially and emotionally. Special thanks goes out to my father, Frans van Vliet. He always supported my dreams and aspirations and, if I say so myself, did a fine job raising me. Without him I would have never started this study, let alone finish it. 2 Contents 1 Introduction to Cryptography 6 1.1 The Objectives of Cryptography . 6 1.2 Symmetric vs Public-Key Cryptography . 6 1.3 Complexity . 7 1.4 The Discrete Logarithm Problem . 10 2 Elliptic Curves 12 2.1 Elliptic Curves and the Group Structure . 12 2.2 Weierstrass Equations . 13 2.3 The Geometric Group Law . 16 2.4 Isogenies . 19 2.5 The Frobenius Morphism . 21 2.6 The Dual Isogeny . 23 2.7 The Tate Module . 25 2.8 The Weil Pairing . 26 2.9 The Endomorphism Ring . 28 3 Elliptic Curves over Finite Fields 30 3.1 The Number of Rational Points .
    [Show full text]
  • Lectures on Modular Forms 1St Edition Free Download
    FREE LECTURES ON MODULAR FORMS 1ST EDITION PDF Joseph J Lehner | 9780486821405 | | | | | Lectures on Modular Forms - Robert C. Gunning - Google книги In mathematicsa modular form is a complex analytic function on the upper half-plane satisfying a certain kind of functional equation with respect to the group action of the modular groupand also satisfying a growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections with number theory. Modular forms appear in other areas, such as algebraic topologysphere packingand string theory. Instead, modular functions are meromorphic that is, they are almost holomorphic except for a set of isolated points. Modular form theory is a special case of the more general theory of automorphic formsand therefore can now be seen as just the most concrete part of a rich theory of discrete groups. Modular forms can also be interpreted as sections of a specific line bundles on modular varieties. The dimensions of these spaces of modular forms can be computed using the Riemann—Roch theorem [2]. A Lectures on Modular Forms 1st edition form of weight k for the modular group. A modular form can equivalently be defined as a function F from the set of lattices in C to the set of complex numbers which satisfies certain conditions:. The simplest examples from this point of view are the Eisenstein series. Then E k is a modular form of weight k. An even unimodular lattice L in R n is a lattice generated by n Lectures on Modular Forms 1st edition forming the columns of a matrix of determinant 1 and satisfying the condition that the square of the length of each vector in L is an even integer.
    [Show full text]
  • Non-Abelian Reciprocity Laws on a Riemann Surface
    Non-abelian Reciprocity Laws on a Riemann Surface I. Horozov ∗ Department of Mathematics, Brandeis University, 415 South Street, MS 050, Waltham, MA 02454 Abstract On a Riemann surface there are relations among the periods of holomorphic differential forms, called Riemann's relations. If one looks carefully in Riemann's proof, one notices that he uses iterated integrals. What I have done in this paper is to generalize these relations to relations among generating series of iterated integrals. Since it is formulated in terms of generating series, it gives infinitely many relations - one for each coefficient of the generating series. The degree one term gives that the sum of the residues of a differential form is zero. The degree 2 term gives Riemann's relations. The new result is reciprocity for the higher degree terms, which give non-trivial relations among iterated integrals on a Riemann surface. We give explicit formulas for degree 3 terms. Also we refine the definition of Manin's non-commutative modular symbols in order to include Eisenstein series. Contents 0 Introduction 1 1 Background on iterated integrals 3 1.1 Definition of iterated integrals . 3 1.2 Homotopy invariance of iterated integrals . 3 1.3 Differential equation . 5 1.4 Multiplication formulas . 5 1.5 Shuffle relations . 6 1.6 Reversing the path . 6 2 Non-abelian reciprocity law on a Riemann surface 6 2.1 Iterated integrals over a loop around a pole . 7 2.2 Generating series of iterated integrals over a loop around a pole . 10 2.3 Generating series over α and β cycles of a Riemann surface .
    [Show full text]
  • The Resultant of Developed Systems of Laurent Polynomials
    THE RESULTANT OF DEVELOPED SYSTEMS OF LAURENT POLYNOMIALS A. G. KHOVANSKII AND LEONID MONIN To the memory of Vladivir Igorevich Arnold Abstract. Let R∆(f1; : : : ; fn+1) be the ∆-resultant (see below) of (n + 1)-tuple of Laurent polynomials. We provide an algorithm for computing R∆ assuming that an n-tuple (f2; : : : ; fn+1) is de- veloped (see sec.6). We provide a relation between the product of ∗ n f1 over roots of f2 = ··· = fn+1 = 0 in (C ) and the product ∗ n of f2 over roots of f1 = f3 = ··· = fn+1 = 0 in (C ) assuming that the n-tuple (f1f2; f3; : : : ; fn+1) is developed. If all n-tuples contained in (f1; : : : ; fn+1) are developed we provide a signed ver- sion of Poisson formula for R∆. In our proofs we use topological arguments and topological version of the Parshin reciprocity laws. 1. Introduction. To a Laurent polynomial f in n variables one associates its Newton polyhedron ∆(f) which is a convex lattice polyhedron in Rn (through all of this paper by polyhedron we will mean compact convex polyhe- dron with integer vertices). A system of n equations f1 = ··· = fn = 0 in (C∗)n is called developed if (roughly speaking) their Newton poly- hedra ∆(fi) are located generically enough with respect to each other. The exact definition (see also sec.6) is as follows: a collection of n poly- n n ∗ hedra ∆1;:::; ∆n ⊂ R is called developed if for any covector v 2 (R ) there is i such that on the polyhedron ∆i the inner product with v attains its biggest value precisely at a vertex of ∆i.
    [Show full text]