Jacobian ‘morphism’ as a class in the Picard group#
This module implements the group operation in the Picard group of a hyperelliptic curve, represented as divisors in Mumford representation, using Cantor’s algorithm.
A divisor on the hyperelliptic curve \(y^2 + y h(x) = f(x)\) is stored in Mumford representation, that is, as two polynomials \(u(x)\) and \(v(x)\) such that:
\(u(x)\) is monic,
\(u(x)\) divides \(f(x) - h(x) v(x) - v(x)^2\),
\(deg(v(x)) < deg(u(x)) \le g\).
REFERENCES:
A readable introduction to divisors, the Picard group, Mumford representation, and Cantor’s algorithm:
J. Scholten, F. Vercauteren. An Introduction to Elliptic and Hyperelliptic Curve Cryptography and the NTRU Cryptosystem. To appear in B. Preneel (Ed.) State of the Art in Applied Cryptography - COSIC ‘03, Lecture Notes in Computer Science, Springer 2004.
A standard reference in the field of cryptography:
R. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, 2005.
EXAMPLES: The following curve is the reduction of a curve whose Jacobian has complex multiplication.
sage: x = GF(37)['x'].gen()
sage: H = HyperellipticCurve(x^5 + 12*x^4 + 13*x^3 + 15*x^2 + 33*x); H
Hyperelliptic Curve over Finite Field of size 37 defined
by y^2 = x^5 + 12*x^4 + 13*x^3 + 15*x^2 + 33*x
At this time, Jacobians of hyperelliptic curves are handled differently than elliptic curves:
sage: J = H.jacobian(); J
Jacobian of Hyperelliptic Curve over Finite Field of size 37 defined
by y^2 = x^5 + 12*x^4 + 13*x^3 + 15*x^2 + 33*x
sage: J = J(J.base_ring()); J
Set of rational points of Jacobian of Hyperelliptic Curve over Finite Field
of size 37 defined by y^2 = x^5 + 12*x^4 + 13*x^3 + 15*x^2 + 33*x
Points on the Jacobian are represented by Mumford’s polynomials. First we find a couple of points on the curve:
sage: P1 = H.lift_x(2); P1
(2 : 11 : 1)
sage: Q1 = H.lift_x(10); Q1
(10 : 18 : 1)
Observe that 2 and 10 are the roots of the polynomials in x, respectively:
sage: P = J(P1); P
(x + 35, y + 26)
sage: Q = J(Q1); Q
(x + 27, y + 19)
sage: P + Q
(x^2 + 25*x + 20, y + 13*x)
sage: (x^2 + 25*x + 20).roots(multiplicities=False)
[10, 2]
Frobenius satisfies
on the Jacobian of this reduction and the order of the Jacobian is \(N = 1904\).
sage: 1904*P
(1)
sage: 34*P == 0
True
sage: 35*P == P
True
sage: 33*P == -P
True
sage: Q*1904
(1)
sage: Q*238 == 0
True
sage: Q*239 == Q
True
sage: Q*237 == -Q
True
- class sage.schemes.hyperelliptic_curves.jacobian_morphism.JacobianMorphism_divisor_class_field(parent, polys, check=True)#
Bases:
AdditiveGroupElement,SchemeMorphismAn element of a Jacobian defined over a field, i.e. in \(J(K) = \mathrm{Pic}^0_K(C)\).
- scheme()#
Return the scheme this morphism maps to; or, where this divisor lives.
Warning
Although a pointset is defined over a specific field, the scheme returned may be over a different (usually smaller) field. The example below demonstrates this: the pointset is determined over a number field of absolute degree 2 but the scheme returned is defined over the rationals.
EXAMPLES:
sage: x = QQ['x'].gen() sage: f = x^5 + x sage: H = HyperellipticCurve(f) sage: F.<a> = NumberField(x^2 - 2, 'a') sage: J = H.jacobian()(F); J Set of rational points of Jacobian of Hyperelliptic Curve over Number Field in a with defining polynomial x^2 - 2 defined by y^2 = x^5 + x
sage: P = J(H.lift_x(F(1))) sage: P.scheme() Jacobian of Hyperelliptic Curve over Rational Field defined by y^2 = x^5 + x
- sage.schemes.hyperelliptic_curves.jacobian_morphism.cantor_composition(D1, D2, f, h, genus)#
EXAMPLES:
sage: F.<a> = GF(7^2, 'a') sage: x = F['x'].gen() sage: f = x^7 + x^2 + a sage: H = HyperellipticCurve(f, 2*x); H Hyperelliptic Curve over Finite Field in a of size 7^2 defined by y^2 + 2*x*y = x^7 + x^2 + a sage: J = H.jacobian()(F); J Set of rational points of Jacobian of Hyperelliptic Curve over Finite Field in a of size 7^2 defined by y^2 + 2*x*y = x^7 + x^2 + a
sage: Q = J(H.lift_x(F(1))); Q (x + 6, y + 2*a + 2) sage: 10*Q # indirect doctest (x^3 + (3*a + 1)*x^2 + (2*a + 5)*x + a + 5, y + (4*a + 5)*x^2 + (a + 1)*x + 6*a + 3) sage: 7*8297*Q (1)
sage: Q = J(H.lift_x(F(a+1))); Q (x + 6*a + 6, y + 2*a) sage: 7*8297*Q # indirect doctest (1) A test over a prime field: sage: F = GF(next_prime(10^30)) sage: x = F['x'].gen() sage: f = x^7 + x^2 + 1 sage: H = HyperellipticCurve(f, 2*x); H Hyperelliptic Curve over Finite Field of size 1000000000000000000000000000057 defined by y^2 + 2*x*y = x^7 + x^2 + 1 sage: J = H.jacobian()(F); J Set of rational points of Jacobian of Hyperelliptic Curve over Finite Field of size 1000000000000000000000000000057 defined by y^2 + 2*x*y = x^7 + x^2 + 1 sage: Q = J(H.lift_x(F(1))); Q (x + 1000000000000000000000000000056, y + 1000000000000000000000000000056) sage: 10*Q # indirect doctest (x^3 + 150296037169838934997145567227*x^2 + 377701248971234560956743242408*x + 509456150352486043408603286615, y + 514451014495791237681619598519*x^2 + 875375621665039398768235387900*x + 861429240012590886251910326876) sage: 7*8297*Q (x^3 + 35410976139548567549919839063*x^2 + 26230404235226464545886889960*x + 681571430588959705539385624700, y + 999722365017286747841221441793*x^2 + 262703715994522725686603955650*x + 626219823403254233972118260890)
- sage.schemes.hyperelliptic_curves.jacobian_morphism.cantor_composition_simple(D1, D2, f, genus)#
Given \(D_1\) and \(D_2\) two reduced Mumford divisors on the Jacobian of the curve \(y^2 = f(x)\), computes a representative \(D_1 + D_2\).
Warning
The representative computed is NOT reduced! Use
cantor_reduction_simple()to reduce it.EXAMPLES:
sage: x = QQ['x'].gen() sage: f = x^5 + x sage: H = HyperellipticCurve(f); H Hyperelliptic Curve over Rational Field defined by y^2 = x^5 + x
sage: F.<a> = NumberField(x^2 - 2, 'a') sage: J = H.jacobian()(F); J Set of rational points of Jacobian of Hyperelliptic Curve over Number Field in a with defining polynomial x^2 - 2 defined by y^2 = x^5 + x
sage: P = J(H.lift_x(F(1))); P (x - 1, y - a) sage: Q = J(H.lift_x(F(0))); Q (x, y) sage: 2*P + 2*Q # indirect doctest (x^2 - 2*x + 1, y - 3/2*a*x + 1/2*a) sage: 2*(P + Q) # indirect doctest (x^2 - 2*x + 1, y - 3/2*a*x + 1/2*a) sage: 3*P # indirect doctest (x^2 - 25/32*x + 49/32, y - 45/256*a*x - 315/256*a)
- sage.schemes.hyperelliptic_curves.jacobian_morphism.cantor_reduction(a, b, f, h, genus)#
Return the unique reduced divisor linearly equivalent to \((a, b)\) on the curve \(y^2 + y h(x) = f(x)\).
See the docstring of
sage.schemes.hyperelliptic_curves.jacobian_morphismfor information about divisors, linear equivalence, and reduction.EXAMPLES:
sage: x = QQ['x'].gen() sage: f = x^5 - x sage: H = HyperellipticCurve(f, x); H Hyperelliptic Curve over Rational Field defined by y^2 + x*y = x^5 - x sage: J = H.jacobian()(QQ); J Set of rational points of Jacobian of Hyperelliptic Curve over Rational Field defined by y^2 + x*y = x^5 - x
The following point is 2-torsion:
sage: Q = J(H.lift_x(0)); Q (x, y) sage: 2*Q # indirect doctest (1)
The next point is not 2-torsion:
sage: P = J(H.lift_x(-1)); P (x + 1, y - 1) sage: 2 * J(H.lift_x(-1)) # indirect doctest (x^2 + 2*x + 1, y - 3*x - 4) sage: 3 * J(H.lift_x(-1)) # indirect doctest (x^2 - 487*x - 324, y - 10754*x - 7146)
- sage.schemes.hyperelliptic_curves.jacobian_morphism.cantor_reduction_simple(a, b, f, genus)#
Return the unique reduced divisor linearly equivalent to \((a, b)\) on the curve \(y^2 = f(x).\)
See the docstring of
sage.schemes.hyperelliptic_curves.jacobian_morphismfor information about divisors, linear equivalence, and reduction.EXAMPLES:
sage: x = QQ['x'].gen() sage: f = x^5 - x sage: H = HyperellipticCurve(f); H Hyperelliptic Curve over Rational Field defined by y^2 = x^5 - x sage: J = H.jacobian()(QQ); J Set of rational points of Jacobian of Hyperelliptic Curve over Rational Field defined by y^2 = x^5 - x
The following point is 2-torsion:
sage: P = J(H.lift_x(-1)); P (x + 1, y) sage: 2 * P # indirect doctest (1)