The Infrastructure of a Global Field and Baby Step-Giant Step Algorithms Dissertation zur Erlangung der naturwissenschaftlichen Doktorw¨urde (Dr. sc. nat.) vorgelegt der Mathematisch-naturwissenschaftlichen Fakult¨at der Universit¨at Z¨urich von Felix Wolfgang Fontein aus Deutschland Promotionskomitee Prof. Dr. Joachim Rosenthal (Vorsitz) Prof. Dr. Markus Brodmann Prof. Dr. Andrew Kresch Prof. Dr. Andreas Stein (Oldenburg) Z¨urich, 2009 Contents 0 Introduction 1 0.1 Introduction............................ 4 0.2 OutlineoftheThesis....................... 6 0.3 Results............................... 8 1 Background 11 1.1 PreliminariesonGlobalFields. 11 1.2 Notations ............................. 13 2 Abstract Infrastructure 15 2.1 One-Dimensional Infrastructure . 15 2.2 Obtaining Groups from Infrastructures . 18 2.3 Applications............................ 21 2.3.1 KeyExchange ...................... 21 2.3.2 The Discrete Logarithm Problem for Infrastructures . 23 2.3.3 Pohlig-Hellman . 23 2.3.4 Baby Step-Giant Step Method . 24 2.4 GeneralizingtoHigherDimensions . 25 3 Minima of Ideals in Global Fields 29 3.1 Boxes ............................... 29 3.2 MinimaofIdeals ......................... 32 3.3 TheNeighborRelation. 36 3.4 Connectivity of the Neighbor Graphs . 44 3.5 BabySteps ............................ 47 3.6 RepresentationbyIdeals. 53 4 The Infrastructure of a Global Field 57 4.1 EquivalenceClassesofReducedIdeals . 57 4.2 Infrastructure for Global Fields . 60 i ii CONTENTS 4.3 The Infrastructure and the Picard Group . 64 4.4 Size of f-Representations . 68 4.5 DiscreteInfrastructures . 73 4.6 Conclusion ............................ 74 5 Computation in the Function Field Case 77 5.1 TheAlgorithmofHeß ...................... 77 5.2 Computing the Infinite Primes . 78 5.3 ASpecializedAlgorithm . 79 5.4 Computing Giant Steps . 80 5.5 Computing Baby Steps . 83 5.6 Optimizations and Conclusion . 88 6 Computations of Units 89 6.1 Computing Units in Global Fields . 91 6.2 Algorithms for Function Fields . 92 6.2.1 Vorono˘ı’s Algorithm . 93 6.2.2 A Baby Step-Giant Step Algorithm for Function Fields 94 6.2.3 LiftingUnits ....................... 95 6.2.4 Explicit Computations . 99 6.3 Computing All Neighbors of a Minimum . 105 6.3.1 Computations in the Function Field Case . 109 6.4 Buchmann’s Algorithms . 112 6.4.1 The Generalized Lagrange Algorithm . 112 6.4.2 The Baby Step Algorithm . 114 6.4.3 The Baby Step-Giant Step Algorithm . 118 6.5 A General Baby Step-Giant Step Algorithm . 121 6.5.1 Computation of the Baby Stock . 122 6.5.2 Computation of Giant Steps . 125 6.5.3 The Baby Step-Giant Step Algorithm . 127 6.6 Conclusion ............................132 Bibliography 135 List of Figures 144 Index 146 Abstract In Computational Number Theory, one is interested in the computation of invariants. One such invariant is the regulator of a number field or a global function field. The regulator can be obtained from the unit lattice, whose structure corresponds to the structure of the so called infrastructure. In this thesis, we generalize the infrastructure to the n-dimensional case; so far, the infrastructure was mainly investigated in the one-dimensional case. For that purpose, we generalize f-representations and use them to obtain a reduction map. Furthermore, we relate the infrastructure to the (Arakelov) divisor class group and describe the divisor class group using f-representations. This allows both to do explicit arithmetic in the divisor class group and to compute giant steps in the infrastructure. This extends work particularly by J. Buchmann and R. Schoof in the number field case and S. Paulus and H.-G. R¨uck in the function field case. We also discuss an implementation of computation of boxes in the func- tion field case, and explain how it can be used to compute giant steps and baby steps. Moreover, we describe existing algorithms for computation of the unit lattice and, hence, the regulator. We present two approaches for the func- tion field case, one using algorithms designed for operating on finite abelian groups in the case that one infinite place has degree one, and one using a lifting strategy for reducing to the case of at least one infinite place of de- gree one. Finally, we extend J. Buchmann’s baby step-giant step algorithm for number fields to the global field case and combine it with an optimization by D. Terr for the classic baby step-giant step algorithm. iii iv Acknowledgements I would like to thank all persons without whom this thesis would not have been written. First, I would like to thank my advisor, Joachim Rosenthal, for his con- stant support and encouragement. Then, I would like to thank Michael J. Jacobson and Hugh C. Williams for introducing me to the subject of infra- structures, and Andreas Stein for organizing the summer school on which this happened. Moreover, I would like to thank Andreas Stein for several discussions which inspired me a lot, and for inviting me to Oldenburg. I would also like to thank Renate Scheidler, Mark Bauer, Adrian Tang, Eric Landquist and others for discussions on certain aspects of computation of fundamental units. Finally, I would like to thank Johannes A. Buchmann for pointing me to his habilitation thesis. I am obliged to Martin A. Michels for proof-reading my thesis and for giving me helpful comments. In addition I would like to thank Andreas Stein and Joachim Rosenthal for their valuable comments. I am indebted to the Institut f¨ur Mathematik at the Carl von Ossietzky Universit¨at Oldenburg and the Mathematics and Statistics Department at the University of Calgary for their hospitality during my visits and, of course, to the Institut f¨ur Mathematik at the Universit¨at Z¨urich for providing me with an inspiring work environment and the possibility to carry out all computations. Last, but not least, I am deeply obliged to all my friends and to my family, who supported me all the time. v vi Chapter 0 Introduction The studying of number fields has its roots in the early history of mathe- matics, when integral solutions to certain equations were sought. A famous such equation is Pell’s equation, x2 Dy2 = 1, where D Z is given and − ∈ x, y Z are sought; the study of this equation goes back the Indian mathe- ∈ matician Brahmagupta, who developed a method to solve such equations in 628. Another famous example is the Fermat equation, xn + yn = zn, where n N, n 3 is given and x,y,z Z with xyz = 0 are sought. The study ∈ ≥ ∈ 6 of these equations eventually led to the study of algebraic number fields. In the case of Pell’s equation, one obtains the solutions as certain units in the order Z[√D] of the quadratic number field Q(√D), assuming that D > 1 | | is squarefree. In case D > 0, every such unit is (up to sign) a power of a fundamental unit of the ring of integers of Q(√D). Hence one can ask how to compute these. J.-L. Lagrange showed that this can be done using continued fraction expansion. Similar questions can be studied where solutions are sought in the do- main of algebraic functions, i.e. functions ρ which satisfy f(x,ρ) = 0 for a non-trivial polynomial f C[X,Y ]. This led to the study of function fields, ∈ whose foundations were laid by R. Dedekind and H. Weber. Mathemati- cians such as K. Hensel, G. Landsberg, H. Hasse, F. K. Schmidt, A. Weil, M. Deuring, M. Eichler and C. Chevalley continued and generalized these ideas. Besides the algebraic approach, function fields can also be studied as the fields of rational functions of a planar curve. A third approach was taken by E. Artin, who began to study valuations. This ultimately led to a unified theory for function fields and number fields, which shows many similarities in particular between number fields and function fields with finite fields of constants; such fields are called global fields. 1 2 CHAPTER 0. INTRODUCTION Besides the purely theoretic interest in such fields, they were also used in applications. A prominent use of function fields came up in 1975, when V. D. Goppa constructed error correcting codes from global function fields with many places of degree one [Gop88]. A second application besides Cod- ing Theory is the area of Public Key Cryptography; in 1985, N. Koblitz and V. Miller independently proposed [Mil86, Kob87] the use of the group of ra- tional points of an elliptic curve over a finite field instead of, for example, the multiplicative group of a finite field. This group corresponds to a subgroup of the divisor class group of a global elliptic function field. Later, N. Koblitz suggested that one could also use the Jacobian of hyperelliptic curves. More generally, one can use the group of points of any abelian variety, of which the Jacobian varieties of curves are a special case; the rational points of the Jacobian variety of a projective smooth curve correspond to the elements of the divisor class group of the curve’s function field. The use of abelian varieties and the special case of Jacobian varieties was described, for exam- ple, by G. Frey in [Fre01] together with consequences of Galois theory, Weil descent and Tate duality to cryptographic use of such varieties. A general overview of the use of mathematical primitives in Public Key Cryptography can be found in [FL05]. Besides applications of function fields, there also have been proposals to use the ideal class group of number fields for Public Key Cryptography, mainly by J. Buchmann and H. C. Williams; see, for example, [BW88a] or the survey [Buc91]. A vast majority of these systems which employ global fields are based on the Discrete Logarithm Problem (DLP). The DLP is, given a cyclic group G = g and h G, to find an n Z with gn = h; this problem h i ∈ ∈ is hoped to be hard enough to allow the use of such groups in DLP based Public Key Cryptography, for example for a Diffie-Hellman Key Exchange.