More Like this

1. On the decisional Diffie–Hellman problem for class group actions on oriented elliptic curves

   https://doi.org/10.1007/s40993-022-00399-6  

   Castryck, Wouter; Houben, Marc; Vercauteren, Frederik; Wesolowski, Benjamin (December 2022, Research in Number Theory)

   Abstract We show how the Weil pairing can be used to evaluate the assigned characters of an imaginary quadratic order $${\mathcal {O}}$$ O in an unknown ideal class $$[{\mathfrak {a}}] \in {{\,\textrm{cl}\,}}({\mathcal {O}})$$ [ a ] ∈ cl ( O ) that connects two given $${\mathcal {O}}$$ O -oriented elliptic curves $$(E, \iota )$$ ( E , ι ) and $$(E', \iota ') = [{\mathfrak {a}}](E, \iota )$$ ( E ′ , ι ′ ) = [ a ] ( E , ι ) . When specialized to ordinary elliptic curves over finite fields, our method is conceptually simpler and often somewhat faster than a recent approach due to Castryck, Sotáková and Vercauteren, who rely on the Tate pairing instead. The main implication of our work is that it breaks the decisional Diffie–Hellman problem for practically all oriented elliptic curves that are acted upon by an even-order class group. It can also be used to better handle the worst cases in Wesolowski’s recent reduction from the vectorization problem for oriented elliptic curves to the endomorphism ring problem, leading to a method that always works in sub-exponential time. 

   more » « less
2. A Note on the Security of CSIDH

   https://doi.org/10.1007/978-3-030-05378-9  

   Biasse, Jean-Francois; Iezzi, Annamaria; Jacobson, Micheal (December 2018, Indocrypt 2019)

   We propose a quantum algorithm for computing an isogeny between two elliptic curves E1,E2 defined over a finite field such that there is an imaginary quadratic order O satisfying O~End(Ei )for i=1,2. This concerns ordinary curves and supersingular curves defined over Fp (the latter used in the recent CSIDH proposal). Our algorithm has heuristic asymptotic run time exp(O(√log(|Δ|))) and requires polynomial quantum memory and exp(O(√log(|Δ|))) quantumly accessible classical memory, where Δ is the discriminant of O. This asymptotic complexity outperforms all other available methods for computing isogenies.We also show that a variant of our method has asymptotic run time e exp(Õ(√log(|Δ|))) while requesting only polynomial memory (both quantum and classical). 

   more » « less
3. Reductions of abelian surfaces over global function fields

   https://doi.org/10.1112/S0010437X22007473  

   Maulik, Davesh; Shankar, Ananth N.; Tang, Yunqing (April 2022, Compositio Mathematica)

   Let $$A$$ be a non-isotrivial ordinary abelian surface over a global function field of characteristic $p>0$ with good reduction everywhere. Suppose that $$A$$ does not have real multiplication by any real quadratic field with discriminant a multiple of $$p$$ . We prove that there are infinitely many places modulo which $$A$$ is isogenous to the product of two elliptic curves. 

   more » « less
4. On correlation bounds against polynomials Leibniz International Proceedings in Informatics (LIPIcs):38th Computational Complexity Conference (CCC 2023)

   https://doi.org/10.4230/LIPIcs.CCC.2023.3  

   Ivanov, Peter; Pavlovic, Liam; Viola, Emanuele (January 2023, Schloss Dagstuhl – Leibniz-Zentrum für Informatik)

   Ta-Shma, Amnon (Ed.)

   We study the fundamental challenge of exhibiting explicit functions that have small correlation with low-degree polynomials over 𝔽₂. Our main contributions include: 1) In STOC 2020, CHHLZ introduced a new technique to prove correlation bounds. Using their technique they established new correlation bounds for low-degree polynomials. They conjectured that their technique generalizes to higher degree polynomials as well. We give a counterexample to their conjecture, in fact ruling out weaker parameters and showing what they prove is essentially the best possible. 2) We propose a new approach for proving correlation bounds with the central "mod functions," consisting of two steps: (I) the polynomials that maximize correlation are symmetric and (II) symmetric polynomials have small correlation. Contrary to related results in the literature, we conjecture that (I) is true. We argue this approach is not affected by existing "barrier results." 3) We prove our conjecture for quadratic polynomials. Specifically, we determine the maximum possible correlation between quadratic polynomials modulo 2 and the functions (x_1,… ,x_n) → z^{∑ x_i} for any z on the complex unit circle, and show that it is achieved by symmetric polynomials. To obtain our results we develop a new proof technique: we express correlation in terms of directional derivatives and analyze it by slowly restricting the direction. 4) We make partial progress on the conjecture for cubic polynomials, in particular proving tight correlation bounds for cubic polynomials whose degree-3 part is symmetric. 

   more » « less
5. Quadratic Chabauty for modular curves: algorithms and examples

   https://doi.org/10.1112/S0010437X23007170  

   Balakrishnan, Jennifer S.; Dogra, Netan; Müller, J. Steffen; Tuitman, Jan; Vonk, Jan (June 2023, Compositio Mathematica)

   We describe how the quadratic Chabauty method may be applied to determine the set of rational points on modular curves of genus$$g>1$$whose Jacobians have Mordell–Weil rank$$g$$. This extends our previous work on the split Cartan curve of level 13 and allows us to consider modular curves that may have few known rational points or non-trivial local height contributions at primes of bad reduction. We illustrate our algorithms with a number of examples where we determine the set of rational points on several modular curves of genus 2 and 3: this includes Atkin–Lehner quotients$$X_0^+(N)$$of prime level$$N$$, the curve$$X_{S_4}(13)$$, as well as a few other curves relevant to Mazur's Program B. We also compute the set of rational points on the genus 6 non-split Cartan modular curve$$X_{\scriptstyle \mathrm { ns}} ^+ (17)$$. 

   more » « less