Class invariants for quartic CM fields

One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular functions at CM points corresponding to K. We provide explicit bounds on the primes appearing in the denominators of these algebraic numbers. This allows us, in particular, to construct S-units in certain abelian extensions of K, where S is effectively determined by K. It also yields class polynomials for primitive quartic CM fields whose coefficients are S-integers.Comment: 14 page

Attacks on the Search-RLWE problem with small errors

The Ring Learning-With-Errors (RLWE) problem shows great promise for post-quantum cryptography and homomorphic encryption. We describe a new attack on the non-dual search RLWE problem with small error widths, using ring homomorphisms to finite fields and the chi-squared statistical test. In particular, we identify a "subfield vulnerability" (Section 5.2) and give a new attack which finds this vulnerability by mapping to a finite field extension and detecting non-uniformity with respect to the number of elements in the subfield. We use this attack to give examples of vulnerable RLWE instances in Galois number fields. We also extend the well-known search-to-decision reduction result to Galois fields with any unramified prime modulus q, regardless of the residue degree f of q, and we use this in our attacks. The time complexity of our attack is O(nq2f), where n is the degree of K and f is the residue degree of q in K. We also show an attack on the non-dual (resp. dual) RLWE problem with narrow error distributions in prime cyclotomic rings when the modulus is a ramified prime (resp. any integer). We demonstrate the attacks in practice by finding many vulnerable instances and successfully attacking them. We include the code for all attacks

Pointless curves of genus three and four

A curve over a field k is pointless if it has no k-rational points. We show that there exist pointless genus-3 hyperelliptic curves over a finite field F_q if and only if q < 26, that there exist pointless smooth plane quartics over F_q if and only if either q < 24 or q = 29 or q = 32, and that there exist pointless genus-4 curves over F_q if and only if q < 50.Comment: LaTeX, 15 page

Ring-LWE Cryptography for the Number Theorist

In this paper, we survey the status of attacks on the ring and polynomial learning with errors problems (RLWE and PLWE). Recent work on the security of these problems [Eisentr\"ager-Hallgren-Lauter, Elias-Lauter-Ozman-Stange] gives rise to interesting questions about number fields. We extend these attacks and survey related open problems in number theory, including spectral distortion of an algebraic number and its relationship to Mahler measure, the monogenic property for the ring of integers of a number field, and the size of elements of small order modulo q.Comment: 20 Page

A Gross-Zagier formula for quaternion algebras over totally real fields

We prove a higher dimensional generalization of Gross and Zagier's theorem on the factorization of differences of singular moduli. Their result is proved by giving a counting formula for the number of isomorphisms between elliptic curves with complex multiplication by two different imaginary quadratic fields $K$ and $K^\prime$, when the curves are reduced modulo a supersingular prime and its powers. Equivalently, the Gross-Zagier formula counts optimal embeddings of the ring of integers of an imaginary quadratic field into particular maximal orders in $B_{p, \infty}$, the definite quaternion algebra over \QQ ramified only at $p$ and infinity. Our work gives an analogous counting formula for the number of simultaneous embeddings of the rings of integers of primitive CM fields into superspecial orders in definite quaternion algebras over totally real fields of strict class number 1. Our results can also be viewed as a counting formula for the number of isomorphisms modulo $\frak{p} | p$ between abelian varieties with CM by different fields. Our counting formula can also be used to determine which superspecial primes appear in the factorizations of differences of values of Siegel modular functions at CM points associated to two different CM fields, and to give a bound on those supersingular primes which can appear. In the special case of Jacobians of genus 2 curves, this provides information about the factorizations of numerators of Igusa invariants, and so is also relevant to the problem of constructing genus 2 curves for use in cryptography.Comment: 32 page

Corrigendum to: Improved upper bounds for the number of points on curves over finite fields

We give new arguments that improve the known upper bounds on the maximal number N_q(g) of rational points of a curve of genus g over a finite field F_q for a number of pairs (q,g). Given a pair (q,g) and an integer N, we determine the possible zeta functions of genus-g curves over F_q with N points, and then deduce properties of the curves from their zeta functions. In many cases we can show that a genus-g curve over F_q with N points must have a low-degree map to another curve over F_q, and often this is enough to give us a contradiction. In particular, we able to provide eight previously unknown values of N_q(g), namely: N_4(5) = 17, N_4(10) = 27, N_8(9) = 45, N_{16}(4) = 45, N_{128}(4) = 215, N_3(6) = 14, N_9(10) = 54, and N_{27}(4) = 64. Our arguments also allow us to give a non-computer-intensive proof of the recent result of Savitt that there are no genus-4 curves over F_8 having exactly 27 rational points. Furthermore, we show that there is an infinite sequence of q's such that for every g with 0 < g < log_2 q, the difference between the Weil-Serre bound on N_q(g) and the actual value of N_q(g) is at least g/2.Comment: LaTex, 40 pages. There was a mistake in Section 7 that invalidated the proofs of two of our results. We correct the error in Section 7, and add an appendix with new proofs of the two result