Points on the Jacobian

[Next][Prev] [Right] [Left] [Up] [Index] [Root]

Points on the Jacobian

A point on the Jacobian J of a hyperelliptic curve C of genus g is given by a list of three elements:

a monic polynomial a(x) of degree at most g;
a polynomial b(x) of degree at most g + 1 such that a(x) divides b(x)^2 + h(x)b(x) - f(x), where h(x) and f(x) are the defining polynomials of C;
a positive integer d with deg(a(x)) <= d <= g such that the degree of b(x)^2 + h(x)b(x) - f(x) is less than or equal to g + 1 - d + deg(a(x)).

We let tilde(a) and tilde(b) be the homogeneous polynomials in x and z of degrees d and g + 1 respectively. Then the triple < (a(x), b(x), d) > represents the divisor of degree d defined by the ideal (tilde(a)(x, z), y - tilde(b)(x, z)) in the affine coordinate ring of C. If d is even or if C has odd degree, then we get an element of J by subtracting a suitable multiple of the divisor at infinity. In particular, in the odd degree case, we take d = deg(a(x)). A triple < (a(x), b(x), d) > is reduced to a canonical representative as follows:

If d = deg(a(x)), we reduce b mod a, so deg(b(x)) < deg(a(x)).
If a = 1, we assume that deg(tilde(b)(1, z)) = d.
A unique representative for b(x) is found such that the coefficient of x^k in b is zero for deg(a(x)) <= k <= deg(a(x)) + g + 1 - d.

Subsections

Creation of Points

J ! 0 : JacHyp, RngIntElt -> JacHypPt

Id(J) : JacHyp -> JacHypPt

Identity(J) : JacHyp -> JacHypPt

The identity element on the Jacobian J.

J ! [a, b] : JacHyp, [ RngUPolElt ] -> JacHypPt

elt< J | a, b > : JacHyp, RngUPolElt, RngUPolElt -> JacHypPt

elt< J | [a, b] > : JacHyp, [ RngUPolElt ] -> JacHypPt

elt< J | a, b, d > : JacHyp, RngUPolElt, RngUPolElt, RngIntElt -> JacHypPt

elt< J | [a, b], d > : JacHyp, [ RngUPolElt ], RngIntElt -> JacHypPt

The point on the Jacobian J defined by the polynomials a and b and the positive integer d; if not specified then d is taken to be deg(a).

J ! [P,Q] : [PtHyp] -> JacHypPt

elt< J | P, Q > : JacHyp, PtHyp, PtHyp -> JacHypPt

For points P and Q on a hyperelliptic curve, this constructs the image of the divisor class [P - Q] as a point on its Jacobian J.

J ! [S,T] : [[PtHyp]] -> JacHypPt

elt< J | S, T > : JacHyp, [PtHyp], [PtHyp] -> JacHypPt

Given two sequences S = [P_i] and T = [Q_i] of points on the hyperelliptic curve with Jacobian J, each of length n, returns the image of the divisor class sum_i [P_i] - sum_i [Q_i] as a point on the Jacobian J.

J ! P : JacHyp, JacHypPt -> JacHypPt

Given a point P on a Jacobian J', construct the image of P on J, where J is a base extension of J'.

Random Points

Random(J) : JacHyp -> JacHypPt

A random point on a Jacobian J of a hyperelliptic curve defined over a finite field.

Booleans and Predicates for Points

For each of the following functions, P and Q are points on the Jacobian of a hyperelliptic curve.

P eq Q : JacHypPt, JacHypPt -> BoolElt

Returns true if and only if the points P and Q on the same Jacobian are equal.

P ne Q : JacHypPt, JacHypPt -> BoolElt

Returns false if and only if the two points P and Q on the same Jacobian are equal.

IsZero(P) : JacHypPt -> BoolElt

IsIdentity(P) : JacHypPt -> BoolElt

Returns true if and only if P is the zero element of the Jacobian.

Access Operations

P[i] : JacHypPt, RngIntElt -> RngElt

Given an integer 1 <= i <= 2, returns the i-th defining polynomial for the Jacobian point P, or for i = 3 returns the degree d of the associated reduced divisor.

Eltseq(P) : PtHyp -> SeqEnum, RngIntElt

ElementToSequence(P) : PtHyp -> SeqEnum, RngIntElt

Given a point P on the Jacobian J of a hyperelliptic curve, the function returns firstly, a sequence containing the two defining polynomials for the divisor associated to P and secondly, the degree of the divisor.

Arithmetic of Points

For each of the following functions, P and Q are points on the Jacobian of a hyperelliptic curve.

- P : JacHypPt -> JacHypPt

The additive inverse of the point P on the Jacobian.

P + Q : JacHypPt, JacHypPt -> JacHypPt

The sum of the points P and Q on the same Jacobian.

P +:= Q : JacHypPt, JacHypPt ->

Given two points P and Q on the same Jacobian, set P equal to their sum.

P - Q : JacHypPt, JacHypPt -> JacHypPt

The difference of the points P and Q on the same Jacobian.

P -:= Q : JacHypPt, JacHypPt ->

Given two points P and Q on the same Jacobian, set P equal to the difference P - Q.

n * P : RngIntElt, JacHypPt -> JacHypPt

P * n : JacHypPt, RngIntElt -> JacHypPt

The n-th multiple of P in the group of rational points on the Jacobian.

P *:= n : JacHypPt, RngIntElt ->

Set P equal to the n-th multiple of itself.

Order of Points on the Jacobian

Order(P) : JacHypPt -> RngIntElt

Returns the order of the point P on the Jacobian J of a hyperelliptic curve defined over a finite field or the rationals, or 0 if P has infinite order. This first computes #J when J is defined over a finite field.

Order(P, l, u) : JacHypPt, RngIntElt, RngIntElt -> RngIntElt

    Alg: MonStg                         Default: "Shanks"

    UseInversion: BoolElt               Default: true

Returns the order of the point P where u and l are bounds for the order of P or for the order of J the parent of P. This does not compute #J.

If the parameter Alg is set to "Shanks" then the generic Shanks algorithm is used, otherwise, when Alg is "PollardRho", a Pollard-Rho variant is used (see [GH00]).
If UseInversion is true the search space is halved by using point negation.

Order(P, l, u, n, m) : JacHypPt, RngIntElt, RngIntElt ,RngIntElt, RngIntElt -> RngIntElt

    Alg: MonStg                         Default: "Shanks"

    UseInversion: BoolElt               Default: true

Returns the order of the point P where u and l are bounds for the order of P or for the order of J the parent of P and where some modular information is known about that order. This does not compute #J.

The two parameters Alg and UseInversion have the same functions as in the previous function.

HasOrder(P, n) : JacHypPt, RngIntElt -> BoolElt

Given a point P on the Jacobian J of a hyperelliptic curve and a positive integer n, returns true if the order of the point is n.

Frobenius

Frobenius(P, k) : JacHypPt, FldFin -> JacHypPt

    Check: BoolElt                      Default: true

Given a point P that lies on the Jacobian J of a hyperelliptic curve that is defined over the finite field k=F_q, determine the image of P under the Frobenius map x -> x^(q). If Check is true, Magma verifies that the Jacobian of P is defined over k.

Weil Pairing

WeilPairing(P, Q, m) : JacHypPt, JacHypPt, RngIntElt -> RngElt

Computes the Weil pairing of P and Q, where P and Q are m-torsion points on the 2-dimensional Jacobian J defined over a finite field. Note that a trivial result does not mean that the points are dependent.

Example `CrvHyp_Jac_WeilPairing (H86E9)`

The following illustrates the use of the Weil Pairing in the MOV-reduction of the discrete logarithm problem on a Jacobian.

> PP<x>:=PolynomialRing(GF(2));                                                
> h := PP!1;
> f := x^5 + x^4 + x^3 + 1;
> J := Jacobian(HyperellipticCurve(h,f));  // a supersingular curve
> Jext := BaseExtend(J, 41);
> Factorization(#Jext);
[ <7, 1>, <3887047, 1>, <177722253954175633, 1> ]
> m := 177722253954175633;                 // some big subgroup order
> cofact := 3887047*7;
> P := cofact*Random(Jext);
> Q := 876213876263897634*P;               // Q in <P>

Say we want to recompute the logarithm of Q in base P.

> Jext2 := BaseExtend(Jext, 6);            // go to an ext of deg 6
> NJ := #Jext2;
>
> R := Random(Jext2);
> R *:= NJ div m^Valuation(NJ, m);
>
> eP := WeilPairing(Jext2!P, R, m);
> eQ := WeilPairing(Jext2!Q, R, m);
> assert eP^876213876263897634 eq eQ;

So the discrete log problem on the Jacobian has been reduced to a discrete log problem in a finite field.

[Next][Prev] [Right] [Left] [Up] [Index] [Root]