Fast norm computation in smooth-degree Abelian number fields

This paper presents a fast method to compute algebraic norms of integral elements of smooth-degree cyclotomic fields, and, more generally, smooth-degree Galois number fields with commutative Galois groups. The typical scenario arising in $S$-unit searches (for, e.g., class-group computation) is computing a $\Theta(n\log n)$-bit norm of an element of weight $n^{1/2+o(1)}$ in a degree-$n$ field; this method then uses $n(\log n)^{3+o(1)}$ bit operations. An $n(\log n)^{O(1)}$ operation count was already known in two easier special cases: norms from power-of-2 cyclotomic fields via towers of power-of-2 cyclotomic subfields, and norms from multiquadratic fields via towers of multiquadratic subfields. This paper handles more general Abelian fields by identifying tower-compatible integral bases supporting fast multiplication; in particular, there is a synergy between tower-compatible Gauss-period integral bases and a fast-multiplication idea from Rader. As a baseline, this paper also analyzes various standard norm-computation techniques that apply to arbitrary number fields, concluding that all of these techniques use at least $n^2(\log n)^{2+o(1)}$ bit operations in the same scenario, even with fast subroutines for continued fractions and for complex FFTs. Compared to this baseline, algorithms dedicated to smooth-degree Abelian fields find each norm $n/(\log n)^{1+o(1)}$ times faster, and finish norm computations inside $S$-unit searches $n^2/(\log n)^{1+o(1)}$ times faster

Attacks on the Search-RLWE problem with small errors

The Ring Learning-With-Errors (RLWE) problem shows great promise for post-quantum cryptography and homomorphic encryption. We describe a new attack on the non-dual search RLWE problem with small error widths, using ring homomorphisms to finite fields and the chi-squared statistical test. In particular, we identify a "subfield vulnerability" (Section 5.2) and give a new attack which finds this vulnerability by mapping to a finite field extension and detecting non-uniformity with respect to the number of elements in the subfield. We use this attack to give examples of vulnerable RLWE instances in Galois number fields. We also extend the well-known search-to-decision reduction result to Galois fields with any unramified prime modulus q, regardless of the residue degree f of q, and we use this in our attacks. The time complexity of our attack is O(nq2f), where n is the degree of K and f is the residue degree of q in K. We also show an attack on the non-dual (resp. dual) RLWE problem with narrow error distributions in prime cyclotomic rings when the modulus is a ramified prime (resp. any integer). We demonstrate the attacks in practice by finding many vulnerable instances and successfully attacking them. We include the code for all attacks

アルシュ ノ アーベルタイ ノ キンテイ ニツイテ

Let K be an abeilian field over the rationals Q and let Z_K be the ring of integers of K.K is said to be monogenic when there exists an element θ of Z_K with Z_K = Z[θ]. In thiscase θ is said to be a generator of Z_K. Hasse proposed for any given field,

On the trace map between absolutely abelian number fields of equal conductor

Let L/K be an extension of absolutely abelian number fields of equal conductor, n. The image of the ring of integers of L under the trace map from L to K is an ideal in the ring of integers in K. We compute the absolute norm of this ideal exactly for any such L/K, thereby sharpening an earlier result of Kurt Girstmair. Furthermore, we define an "adjusted trace map" that allows the proof of Leopoldt's Theorem to be reduced to the cyclotomic case.Comment: 11 pages, 1 figure, uses xypic and amscd. Completely revised version. To appear in Acta Arithmetic

Ramification groups and Artin conductors of radical extensions of the rationals

We compute the higher ramification groups and the Artin conductors of radical extensions of the rationals. As an application, we give formulas for their discriminant (using the conductor-discriminant formula). The interest in such number fields is due to the fact that they are among the simplest non-abelian extensions of the rationals (and so not classified by Class Field Theory). We show that this extensions have non integer jumps in the superior ramification groups, contrarily to the case of abelian extensions (as prescribed by Hasse-Arf theorem).Comment: 29 pages, to be published on the Journal de Theorie de Nombres de Bourdeau

Monogenic period equations are cyclotomic polynomials

We study monogeneity in period equations, psi(e)(x), the auxiliary equations introduced by Gauss to solve cyclotomic polynomials by radicals. All monogenic psi(e)(x) of degrees 4 = 4, we conjecture all monogenic period equations to be cyclotomic polynomials. Totally real period equations are of interest in applications of quadratic discrete-time dynamical systems