p-adic Verification of Class Number Computations

The aim of this thesis is to determine if it is possible, using p-adic techniques, to unconditionally evaluate the p-valuation of the class number h of an algebraic number field K. This is important in many areas of number theory, especially Iwasawa theory. The class group ClK of an algebraic number field K is the group of fractional ideals of K modulo principal ideals. Its cardinality (the class number h) is directly linked to the existence of unique factorisation in K, and hence the class group is of core importance to almost all multiplicative problems concerning number fields. The explicit computation of ClK (and h) is a fundamental task in computational number theory. Despite its importance, existing algorithms cannot obtain the class group unconditionally in a reasonable amount of time if the field has a large discriminant. Although faster, specialised algorithms (focused only on calculating the p-valuation) are limited in the cases with which they can deal. We present two algorithms to verify the p-valuation of h for any totally real abelian number field, with no restrictions on p. Both algorithms are based on the p-adic class number formula and work by computing p-adic L-functions Lp(s,χ) at the value of s = 1. These algorithms came about from two different ways of computing Lp(1,χ), using either a closed or a convergent series formula. We prove that our algorithms compare favourably against existing class group algorithms, with superior complexity for number fields of degree 5 or higher. We also demonstrate that our algorithms are faster in practice. Finally, we present some open questions arising from the algorithms

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

Curves, Jacobians, and Cryptography

The main purpose of this paper is to give an overview over the theory of abelian varieties, with main focus on Jacobian varieties of curves reaching from well-known results till to latest developments and their usage in cryptography. In the first part we provide the necessary mathematical background on abelian varieties, their torsion points, Honda-Tate theory, Galois representations, with emphasis on Jacobian varieties and hyperelliptic Jacobians. In the second part we focus on applications of abelian varieties on cryptography and treating separately, elliptic curve cryptography, genus 2 and 3 cryptography, including Diffie-Hellman Key Exchange, index calculus in Picard groups, isogenies of Jacobians via correspondences and applications to discrete logarithms. Several open problems and new directions are suggested.Comment: 66 page

Effective Methods for Norm-Form Equations

While effective resolution of Thue equations has been well understood since the work of Baker in the 1960s, similar results for norm-form equations in more than two variables have proven difficult to achieve. In 1983, Vojta was able to address the case of three variables over totally complex and Galois number fields. In this paper, we extend his results to effectively resolve several new classes of norm-form equations. In particular, we completely and effectively settle the question of norm-form equations over totally complex Galois sextic fields.Comment: Final version, accepted by Math Annalen. A few changes from the previous version-- in particular there is a new result that also applies over non-Galois extensions. The explicit example was removed and will appear elsewher

Rational isogenies from irrational endomorphisms

In this paper, we introduce a polynomial-time algorithm to compute a connecting $\mathcal{O}$-ideal between two supersingular elliptic curves over $\mathbb{F}_p$ with common $\mathbb{F}_p$-endomorphism ring $\mathcal{O}$, given a description of their full endomorphism rings. This algorithm provides a reduction of the security of the CSIDH cryptosystem to the problem of computing endomorphism rings of supersingular elliptic curves. A similar reduction for SIDH appeared at Asiacrypt 2016, but relies on totally different techniques. Furthermore, we also show that any supersingular elliptic curve constructed using the complex-multiplication method can be located precisely in the supersingular isogeny graph by explicitly deriving a path to a known base curve. This result prohibits the use of such curves as a building block for a hash function into the supersingular isogeny graph

Abelian Varieties with Prescribed Embedding Degree

We present an algorithm that, on input of a CM-field $K$, an integer $k\ge1$, and a prime $r \equiv 1 \bmod k$, constructs a $q$-Weil number \pi \in \O_K corresponding to an ordinary, simple abelian variety $A$ over the field \F of $q$ elements that has an \F-rational point of order $r$ and embedding degree $k$ with respect to $r$. We then discuss how CM-methods over $K$ can be used to explicitly construct $A$.Comment: to appear in ANTS-VII

Imaginary Quadratic Class Groups and a Survey of Time-Lock Cryptographic Applications

Imaginary quadratic class groups have been proposed as one of the main hidden-order group candidates for time-lock cryptographic applications such as verifiable delay functions (VDFs). They have the advantage over RSA groups that they do \emph{not} need a trusted setup. However, they have historically been significantly less studied by the cryptographic research community. This survey provides an introduction to the theory of imaginary quadratic class groups and discusses several considerations that need to be taken into account for practical applications. In particular, we describe the relevant computational problems and the main classical and quantum algorithms that can be used to solve them. From this discussion, it follows that choosing a discriminant $\Delta=-p$ with $p\equiv 3\mod{4}$ prime is one of the most promising ways to pick a class group \CL(\Delta) without the need for a trusted setup, while simultaneously making sure that there are no easy to find elements of low order in \CL(\Delta). We provide experimental data on class groups belonging to discriminants of this form, and compare them to the Cohen-Lenstra heuristics which predict the average behaviour of \CL(\Delta) belonging to a random \emph{fundamental} discriminant. Afterwards, we describe the most prominent constructions of VDFs based on hidden-order groups, and discuss their soundness and sequentiality when implemented in imaginary quadratic class groups. Finally, we briefly touch upon the post-quantum security of VDFs in imaginary quadratic class groups, where the time on can use a fixed group is upper bounded by the runtime of quantum polynomial time order computation algorithms

Commensurability Classes of Fake Quadrics

A fake quadric is a smooth projective surface that has the same rational cohomology as a smooth quadric surface but is not biholomorphic to one. We provide an explicit classification of all irreducible fake quadrics according to the commensurability class of their fundamental group. To accomplish this task, we develop a number of new techniques that explicitly bound the arithmetic invariants of a fake quadric and more generally of an arithmetic manifold of bounded volume arising from a form of SL_2 over a number field