Counting hyperelliptic curves that admit a Koblitz model

Let k be a finite field of odd characteristic. We find a closed formula for the number of k-isomorphism classes of pointed, and non-pointed, hyperelliptic curves of genus g over k, admitting a Koblitz model. These numbers are expressed as a polynomial in the cardinality q of k, with integer coefficients (for pointed curves) and rational coefficients (for non-pointed curves). The coefficients depend on g and the set of divisors of q-1 and q+1. These formulas show that the number of hyperelliptic curves of genus g suitable (in principle) of cryptographic applications is asymptotically (1-e^{-1})2q^{2g-1}, and not 2q^{2g-1} as it was believed. The curves of genus g=2 and g=3 are more resistant to the attacks to the DLP; for these values of g the number of curves is respectively (91/72)q^3+O(q^2) and (3641/2880)q^5+O(q^4)

Counting points on hyperelliptic curves with explicit real multiplication in arbitrary genus

We present a probabilistic Las Vegas algorithm for computing the local zeta function of a genus-$g$ hyperelliptic curve defined over $\mathbb F_q$ with explicit real multiplication (RM) by an order $\Z[\eta]$ in a degree-$g$ totally real number field. It is based on the approaches by Schoof and Pila in a more favorable case where we can split the $\ell$-torsion into $g$ kernels of endomorphisms, as introduced by Gaudry, Kohel, and Smith in genus 2. To deal with these kernels in any genus, we adapt a technique that the author, Gaudry, and Spaenlehauer introduced to model the $\ell$-torsion by structured polynomial systems. Applying this technique to the kernels, the systems we obtain are much smaller and so is the complexity of solving them. Our main result is that there exists a constant $c>0$ such that, for any fixed $g$, this algorithm has expected time and space complexity $O((\log q)^{c})$ as $q$ grows and the characteristic is large enough. We prove that $c\le 9$ and we also conjecture that the result still holds for $c=7$.Comment: To appear in Journal of Complexity. arXiv admin note: text overlap with arXiv:1710.0344

Point counting on curves using a gonality preserving lift

We study the problem of lifting curves from finite fields to number fields in a genus and gonality preserving way. More precisely, we sketch how this can be done efficiently for curves of gonality at most four, with an in-depth treatment of curves of genus at most five over finite fields of odd characteristic, including an implementation in Magma. We then use such a lift as input to an algorithm due to the second author for computing zeta functions of curves over finite fields using $p$-adic cohomology

Curve counting on abelian surfaces and threefolds

We study the enumerative geometry of algebraic curves on abelian surfaces and threefolds. In the abelian surface case, the theory is parallel to the well-developed study of the reduced Gromov-Witten theory of K3 surfaces. We prove complete results in all genera for primitive classes. The generating series are quasimodular forms of pure weight. Conjectures for imprimitive classes are presented. In genus 2, the counts in all classes are proven. Special counts match the Euler characteristic calculations of the moduli spaces of stable pairs on abelian surfaces by G\"ottsche-Shende. A formula for hyperelliptic curve counting in terms of Jacobi forms is proven (modulo a transversality statement). For abelian threefolds, complete conjectures in terms of Jacobi forms for the generating series of curve counts in primitive classes are presented. The base cases make connections to classical lattice counts of Debarre, Goettsche, and Lange-Sernesi. Further evidence is provided by Donaldson-Thomas partition function computations for abelian threefolds. A multiple cover structure is presented. The abelian threefold conjectures open a new direction in the subject.Comment: 93 pages; Section 7.6 adde

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio