2024-12-17
11:00
Salle 2
Point counting on curves over finite fields
We discuss a rather general algorithm for point counting on a (nice) curve over a finite field of characteristic $p$, assuming a lift to the valuation ring in a finite extension of $\mathbb{Q}_p$ has been given. Our method for computing the action of Frobenius is based on computing cup products in cohomology, not on explicitly rewriting 1-forms using exact 1-forms. These cup products can be computed locally, and the same holds for the local expansions of a lift of Frobenius that is determined uniquely by some global equations. This is joint work with Amnon Besser, Pengju Guan, and Muxi Li.
2024-12-03
11:00
Salle 2
Quadratic units and cubic fields, a computational exploration
Let $d \equiv 5 \bmod 8$ be a square-free positive integer and consider the fundamental unit $u_d$ of the real quadratic field $K = \mathbb{Q}(\sqrt{d})$. Since 2 is inert in $K$, there are three possible residue classes of $u_d$ modulo (the prime above) 2. All other things being equal, one expects each of the three residue classes to occur equally often. In particular, one expects $u_d \equiv 1$ one third of the time; we call such $d$’s Eisenstein discriminants. Stevenhagen showed in the 1990s that Eisenstein discriminants $d$ are related to cubic number fields of discriminant $4d$. In this talk, I will explore this relationship and in particular compare the counting functions of Eisenstein discriminants and of cubic fields of discriminant $4d$. Some results can be proved, but tantalising mysteries remain.
2024-11-26
11:00
Salle 2
Cryptanalysis of rank 2 Module-LIP for certain number fields
In 2022, Ducas et al. introduced the signature scheme Hawk, based on the presumed hardness of a new problem in lattice-based cryptography: the Lattice Isomorphism Problem for the module-lattice $O_L^2$, where $L$ is a cyclotomic number field. Last year we presented a polynomial time algorithm solving this problem when $L$ is a totally real number field (thus not affecting the security of Hawk). More recently, we provided a reduction of the same problem when $L$ is now a CM field (thus containing Hawk's instance) to the problem of finding a generator of a principal quaternionic ideal. In this talk we give a framework containing both the totally real and the CM case, and we will discuss the differences. This is based on a joint work with C. Chevignard, P-A. Fouque, A. Pellet-Mary, H. Pliatsok and A. Wallet.
2024-11-19
11:00
Salle 2
Cycloalkanes and elliptic curves
The aim of the talk is to explain an unexpected link between a class of molecules composed of carbon and hydrogen atoms, and the theory of elliptic curves over finite fields. The correspondence is of topological nature and doesn't include, so far, any of the crucial geometric features of the cycloalkanes. We will nevertheless explain how modular curves help making this connection, the role of modular polynomials, give details about explicit computations we performed, and give several examples. The talk is based on joint work with Henry Bambury and Francesco Campagna.
2024-11-12
11:00
Salle 2
The Humbert surface of discriminant $N^2$
A pair of elliptic curves $E/Q$ and $E’/Q$ are isogenous if and only if they have the same number of points mod $p$ for every (good) prime $p$. A conjecture of Frey and Mazur predicts that $E$ and $E’$ are isogenous if and only if they are $N$-congruent for any sufficiently large integer $N > N_0$ (i.e., $\#E(F_p) = \#E’(F_p) \bmod N$ for all good $p$). Congruences appear quite naturally in applications, for example: in isogeny-based cryptography (an abelian surface being $(N,N)$-split implies that the corresponding pair of elliptic curves are $N$-congruent); in Diophantine problems (e.g., Fermat’s last theorem); in descent obstructions (via Mazur’s notion of “visible elements of Sha”). Despite the Frey–Mazur conjecture, it is not known for which integers there exist non-isogenous $N$-congruent elliptic curves: what is $N_0$? I will discuss progress towards refining the Frey–Mazur conjecture by studying the geometry of “Humbert surfaces” which parametrise $N$-congruences.
2024-11-05
11:00
Salle 2
Arthur Herlédan Le Merdy (ÉNS Lyon)
Unconditional foundations for supersingular isogeny-based cryptography
Isogeny-based cryptography is founded on the assumption that the Isogeny problem—finding an isogeny between two given elliptic curves—is a hard problem, even for quantum computers. In the security analysis of isogeny-based schemes, various related problems naturally arise, such as computing the endomorphism ring of an elliptic curve or determining a maximal quaternion order isomorphic to it. These problems have been shown to be equivalent to the Isogeny problem, first under some heuristics and subsequently under the Generalized Riemann Hypothesis. In this talk, we present ongoing joint work with Benjamin Wesolowski, where we unconditionally prove these equivalences, notably using the new tools provided by isogenies in higher dimensions. Additionally, we show that these problems are also equivalent to finding the lattice of all isogenies between two elliptic curves. Finally, we demonstrate that if there exist hard instances of the Isogeny problem then all the previously mentioned problems are hard on average.
2024-10-15
11:00
Salle 2
The module action on abelian varieties
In a category enriched in a closed symmetric monoidal category, the power object construction, if it is representable, gives a contravariant monoidal action. We first survey the construction, due to Serre, of the power object by (projective) Hermitian modules on abelian varieties. The resulting action, when applied to a primitively oriented elliptic curve, gives a contravariant equivalence of categories (Jordan, Keeton, Poonen, Rains, Shepherd-Barron and Tate). We then give several applications of this module action: 1) We first explain how it allows to describe purely algebraically the ideal class group action on an elliptic curve or the Shimura class group action on a CM abelian variety over a finite field, without lifting to characteristic 0. 2) We then extend the usual algorithms for the ideal action to the case of modules, and use it to explore isogeny graphs of powers of an elliptic curve in dimension up to 4. This allows us to find new examples of curves with many points. (This is a joint work with Kirschmer, Narbonne and Ritzenthaler). 3) Finally, we give new applications for isogeny based cryptography. We explain how, via the Weil restriction, the supersingular isogeny path problem can be recast as a rank 2 module action inversion problem. We also propose ⊗-MIKE a novel NIKE (non interactive isogeny key exchange) that only needs to send j-invariants of supersingular curves, and compute a dimension 4 abelian variety as the shared secret.
2024-10-08
11:00
Salle 2
Computing modular polynomials by deformation
The classical modular polynomial $\Phi_N$ parametrizes pairs of elliptic curves connected by an isogeny of degree $N$. They play an important role in algorithmic number theory, and are used in many applications, for example in the SEA point counting algorithm. This talk is about a new method for computing modular polynomials. It has the same asymptotic time complexity as the currently best known algorithms, but does not rely on any heuristics. The main ideas of our algorithm are: the embedding of $N$-isogenies in smooth-degree isogenies in higher dimension, and the computation of deformations of isogenies. The talk is based on a joint work with Damien Robert.
2024-10-01
11:00
Salle 2
Equidistribution of supersingular elliptic curves with extra structure
Several algorithmic problems on supersingular elliptic curves are currently under close scrutiny. When analysing algorithms or reductions in this context, one often runs into the following type of question: given a supersingular elliptic curve $E$ and an object $x$ attached to $E$, if we consider a random large degree isogeny $f : E \to E'$ and carry the object $x$ along $f$, how is the resulting $f(x)$ distributed among the possible objects attached to $E'$? We propose a general framework to formulate this type of question precisely, and prove a general equidistribution theorem under a condition that is easy to check in practice. The proof goes from elliptic curves to quaternionic automorphic forms via an augmented Deuring correspondence, and then to classical modular forms via the Jacquet–Langlands correspondence. This is joint work with Benjamin Wesolowski.
2024-09-24
11:00
Salle 2
Additive Twisted Codes: New Distance Bounds and Infinite Families of Quantum Codes
In this talk, we present a new construction of quantum codes that enables the integration of a broader class of classical codes into the mathematical framework of quantum stabilizer codes. Next, we discuss new connections between twisted codes and linear cyclic codes and provide novel bounds for the minimum distance of twisted codes. We demonstrate that classical tools, such as the Hartmann-Tzeng minimum distance bound, are applicable to twisted codes. This has led to the discovery of five new infinite families and many other examples of record-breaking, and sometimes optimal, binary quantum codes. Additionally, we explore the role of the $\gamma$ value on the parameters of twisted codes and present new findings regarding the construction of twisted codes with different $\gamma$ values but identical parameters.
