Bad reduction of genus 22 curves with CM jacobian varieties

We show that a genus $2$ curve over a number field whose jacobian has complex multiplication will usually have stable bad reduction at some prime. We prove this by computing the Faltings height of the jacobian in two different ways. First, we use a formula by Colmez and Obus specific to the CM case and valid when the CM field is an abelian extension of the rationals. This formula links the height and the logarithmic derivatives of an $L$-function. The second formula involves a decomposition of the height into local terms based on a hyperelliptic model. We use results of Igusa, Liu, and Saito to show that the contribution at the finite places in our decomposition measures the stable bad reduction of the curve and subconvexity bounds by Michel and Venkatesh together with an equidistribution result of Zhang to handle the infinite places

삼변수 양 이차형식에 의한 제곱수의 표현

학위논문 (박사)-- 서울대학교 대학원 자연과학대학 수리과학부, 2017. 8. 오병권.In this thesis, we study various properties of representations of squares by ternary quadratic forms. A (positive definite integral) ternary quadratic form is called strongly S-regular if it satisfies a regularity property on the number of representations of squares of integers. We explain the relation between the strongly S-regularity and the conjecture given by Cooper and Lam, and we resolve their conjecture completely. We prove that there are only finitely many strongly S-regular ternary forms up to isometry if the minimum of the non zero squares that are represented by the form is fixed. In particular, we show that there are exactly 207 non-classic integral strongly S-regular ternary quadratic forms representing one.Contents Abstract i 1 Introduction 1 2 Preliminaries 6 2.1 Definitions 6 2.2 Splitting integers 12 2.3 The Minkowski-Siegel formula 13 2.4 Calculations of local densities 16 3 Representations of squares by ternary forms 20 3.1 Indistinguishable by squares 20 3.2 The Cooper and Lam's conjecture 24 4 Strongly S-regular ternary forms 35 4.1 Some properties of strongly S-regular ternary forms 35 4.2 Strongly S-regular ternary forms representing 1 41 4.3 Nontrivial strongly S-regular ternary forms 48 5 Strongly regularity on square classes 56 5.1 Strongly S_t-regular ternary forms 56 5.2 Strongly spinor S_t-regular ternary forms 58 Abstract (in Korean) 64Docto

SQISignHD: New Dimensions in Cryptography

We introduce SQISignHD, a new post-quantum digital signature scheme inspired by SQISign. SQISignHD exploits the recent algorithmic breakthrough underlying the attack on SIDH, which allows to efficiently represent isogenies of arbitrary degrees as components of a higher dimensional isogeny. SQISignHD overcomes the main drawbacks of SQISign. First, it scales well to high security levels, since the public parameters for SQISignHD are easy to generate: the characteristic of the underlying field needs only be of the form $2^{f}3^{f\u27}-1$. Second, the signing procedure is simpler and more efficient. Third, the scheme is easier to analyse, allowing for a much more compelling security reduction. Finally, the signature sizes are even more compact than (the already record-breaking) SQISign, with compressed signatures as small as 116 bytes for the post-quantum NIST-1 level of security. These advantages may come at the expense of the verification, which now requires the computation of an isogeny in dimension $4$, a task whose optimised cost is still uncertain, as it has been the focus of very little attention

The delta invariant in Arakelov geometry

In this thesis we study Faltings' delta invariant of compact and connected Riemann surfaces. This invariant plays a crucial role in Arakelov theory of arithmetic surfaces. For example, it appears in the arithmetic Noether formula. We give new explicit formulas for the delta invariant in terms of integrals of theta functions, and we deduce an explicit lower bound for it only in terms of the genus and an explicit upper bound for the Arakelov-Green function in terms of the delta invariant. Furthermore, we give a canonical extension of Faltings' delta invariant to the moduli space of indecomposable principally polarised complex abelian varieties. As applications to Arakelov theory, we obtain bounds for the Arakelov heights of the Weierstraß points and for the Arakelov intersection number of any geometric point with certain torsion line bundles in terms of the Faltings height. Moreover, we deduce an improved version of Szpiro's small points conjecture for cyclic covers of prime degree and an explicit expression for the Arakelov self-intersection number of the relative dualizing sheaf, an effective version of the Bogomolov conjecture and an arithmetic analogue of the Bogomolov-Miyaoka-Yau inequality for hyperelliptic curves

On the Design and Improvement of Lattice-based Cryptosystems

Digital signatures and encryption schemes constitute arguably an integral part of cryptographic schemes with the goal to meet the security needs of present and future private and business applications. However, almost all public key cryptosystems applied in practice are put at risk due to its vulnerability to quantum attacks as a result of Shor's quantum algorithm. The magnitude of economic and social impact is tremendous inherently asking for alternatives replacing classical schemes in case large-scale quantum computers are built. Lattice-based cryptography emerged as a powerful candidate attracting lots of attention not only due to its conjectured resistance against quantum attacks, but also because of its unique security guarantee to provide worst-case hardness of average-case instances. Hence, the requirement of imposing further assumptions on the hardness of randomly chosen instances disappears, resulting in more efficient instantiations of cryptographic schemes. The best known lattice attack algorithms run in exponential time. In this thesis we contribute to a smooth transition into a world with practically efficient lattice-based cryptographic schemes. This is indeed accomplished by designing new algorithms and cryptographic schemes as well as improving existing ones. Our contributions are threefold. First, we construct new encryption schemes that fully exploit the error term in LWE instances. To this end, we introduce a novel computational problem that we call Augmented LWE (A-LWE), differing from the original LWE problem only in the way the error term is produced. In fact, we embed arbitrary data into the error term without changing the target distributions. Following this, we prove that A-LWE instances are indistinguishable from LWE samples. This allows to build powerful encryption schemes on top of the A-LWE problem that are simple in its representations and efficient in practice while encrypting huge amounts of data realizing message expansion factors close to 1. This improves, to our knowledge, upon all existing encryption schemes. Due to the versatility of the error term, we further add various security features such as CCA and RCCA security or even plug lattice-based signatures into parts of the error term, thus providing an additional mechanism to authenticate encrypted data. Based on the methodology to embed arbitrary data into the error term while keeping the target distributions, we realize a novel CDT-like discrete Gaussian sampler that beats the best known samplers such as Knuth-Yao or the standard CDT sampler in terms of running time. At run time the table size amounting to 44 elements is constant for every discrete Gaussian parameter and the total space requirements are exactly as large as for the standard CDT sampler. Further results include a very efficient inversion algorithm for ring elements in special classes of cyclotomic rings. In fact, by use of the NTT it is possible to efficiently check for invertibility and deduce a representation of the corresponding unit group. Moreover, we generalize the LWE inversion algorithm for the trapdoor candidate of Micciancio and Peikert from power of two moduli to arbitrary composed integers using a different approach. In the second part of this thesis, we present an efficient trapdoor construction for ideal lattices and an associated description of the GPV signature scheme. Furthermore, we improve the signing step using a different representation of the involved perturbation matrix leading to enhanced memory usage and running times. Subsequently, we introduce an advanced compression algorithm for GPV signatures, which previously suffered from huge signature sizes as a result of the construction or due to the requirement of the security proof. We circumvent this problem by introducing the notion of public and secret randomness for signatures. In particular, we generate the public portion of a signature from a short uniform random seed without violating the previous conditions. This concept is subsequently transferred to the multi-signer setting which increases the efficiency of the compression scheme in presence of multiple signers. Finally in this part, we propose the first lattice-based sequential aggregate signature scheme that enables a group of signers to sequentially generate an aggregate signature of reduced storage size such that the verifier is still able to check that each signer indeed signed a message. This approach is realized based on lattice-based trapdoor functions and has many application areas such as wireless sensor networks. In the final part of this thesis, we extend the theoretical foundations of lattices and propose new representations of lattice problems by use of Cauchy integrals. Considering lattice points as simple poles of some complex functions allows to operate on lattice points via Cauchy integrals and its generalizations. For instance, we can deduce for the one-dimensional and two-dimensional case simple expressions for the number of lattice points inside a domain using trigonometric or elliptic functions