Pairing the Volcano

Isogeny volcanoes are graphs whose vertices are elliptic curves and whose edges are $\ell$-isogenies. Algorithms allowing to travel on these graphs were developed by Kohel in his thesis (1996) and later on, by Fouquet and Morain (2001). However, up to now, no method was known, to predict, before taking a step on the volcano, the direction of this step. Hence, in Kohel's and Fouquet-Morain algorithms, many steps are taken before choosing the right direction. In particular, ascending or horizontal isogenies are usually found using a trial-and-error approach. In this paper, we propose an alternative method that efficiently finds all points $P$ of order $\ell$ such that the subgroup generated by $P$ is the kernel of an horizontal or an ascending isogeny. In many cases, our method is faster than previous methods. This is an extended version of a paper published in the proceedings of ANTS 2010. In addition, we treat the case of 2-isogeny volcanoes and we derive from the group structure of the curve and the pairing a new invariant of the endomorphism class of an elliptic curve. Our benchmarks show that the resulting algorithm for endomorphism ring computation is faster than Kohel's method for computing the $\ell$-adic valuation of the conductor of the endomorphism ring for small $\ell$

Tate-Shafarevich groups of constant elliptic curves and isogeny volcanos

We describe the structure of Tate-Shafarevich groups of a constant elliptic curves over function fields by exploiting the volcano structure of isogeny graphs of elliptic curves over finite fields

Computing Hilbert class polynomials with the Chinese Remainder Theorem

We present a space-efficient algorithm to compute the Hilbert class polynomial H_D(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle larger discriminants than other methods, with |D| as large as 10^13 and h(D) up to 10^6. We apply these results to construct pairing-friendly elliptic curves of prime order, using the CM method.Comment: 37 pages, corrected a typo that misstated the heuristic complexit

Static and Dynamical Susceptibility of LaO1-xFxFeAs

The mechanism of superconductivity and magnetism and their possible interplay have recently been under debate in pnictides. A likely pairing mechanism includes an important role of spin fluctuations and can be expressed in terms of the magnetic susceptibility chi. The latter is therefore a key quantity in the determination of both the magnetic properties of the system in the normal state, and of the contribution of spin fluctuations to the pairing potential. A basic ingredient to obtain chi is the independent-electron susceptibility chi0. Using LaO1-xFxFeAs as a prototype material, in this report we present a detailed ab-initio study of chi0(q,omega), as a function of doping and of the internal atomic positions. The resulting static chi0(q,0) is consistent with both the observed M-point related magnetic stripe phase in the parent compound, and with the existence of incommensurate magnetic structures predicted by ab-initio calculations upon doping.Comment: 15 pages, 8 figure

Isogeny graphs of ordinary abelian varieties

Fix a prime number $\ell$. Graphs of isogenies of degree a power of $\ell$ are well-understood for elliptic curves, but not for higher-dimensional abelian varieties. We study the case of absolutely simple ordinary abelian varieties over a finite field. We analyse graphs of so-called $\mathfrak l$-isogenies, resolving that they are (almost) volcanoes in any dimension. Specializing to the case of principally polarizable abelian surfaces, we then exploit this structure to describe graphs of a particular class of isogenies known as $(\ell, \ell)$-isogenies: those whose kernels are maximal isotropic subgroups of the $\ell$-torsion for the Weil pairing. We use these two results to write an algorithm giving a path of computable isogenies from an arbitrary absolutely simple ordinary abelian surface towards one with maximal endomorphism ring, which has immediate consequences for the CM-method in genus 2, for computing explicit isogenies, and for the random self-reducibility of the discrete logarithm problem in genus 2 cryptography.Comment: 36 pages, 4 figure

Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Formation, production and viability of oospores of Phytophthora infestans from potato and Solanum demissum in the Toluca Valley, central Mexico

Aspects of the ecology of oospores of Phytophthora infestans were studied in the highlands of central Mexico. From an investigation of a random sample of strains, it was found that isolates differed in their average capability to form oospores when engaged in compatible pairings. Most crosses produced large numbers of oospores but a few yielded none and some yielded only a few oospores. The results reveal that oospore production and fecundity is dependent on both isolates and the combining ability of a specific combination of parental strains. On average, 14% of the oospores produced were viable as determined by the plasmolysis method. Viability ranged from a low 1% in one cross to a high of 29% in another cross. Oospores were found in 10-20% of naturally infected Solanum demissum leaves from two different collections, and leaflets with two lesions per leaflet produced more oospores than did leaflets with 3-5 lesions per leaflet. There was no consistent trend for preferential mating between isolates from the same location or host

Isogeny graphs with maximal real multiplication

An isogeny graph is a graph whose vertices are principally polarized abelian varieties and whose edges are isogenies between these varieties. In his thesis, Kohel described the structure of isogeny graphs for elliptic curves and showed that one may compute the endomorphism ring of an elliptic curve defined over a finite field by using a depth first search algorithm in the graph. In dimension 2, the structure of isogeny graphs is less understood and existing algorithms for computing endomorphism rings are very expensive. Our setting considers genus 2 jacobians with complex multiplication, with the assumptions that the real multiplication subring is maximal and has class number one. We fully describe the isogeny graphs in that case. Over finite fields, we derive a depth first search algorithm for computing endomorphism rings locally at prime numbers, if the real multiplication is maximal. To the best of our knowledge, this is the first DFS-based algorithm in genus 2