Abstract. We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large prime-order subgroups, and have small embedding degree. Our algorithm is modeled on the Cocks-Pinch method for constructing pairing-friendly elliptic curves [5], and works for arbitrary embedding degrees k and prime subgroup orders r. The resulting abelian surfaces are defined over prime fields Fq with q ≈ r 4. We also provide an algorithm for constructing genus 2 curves over prime fields Fq with ordinary Jacobians J having the property that J[r] ⊂ J(Fq) or J[r] ⊂ J(F q k) for any even k. 1

Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definition of, and the action of Frobenius on, the subgroups J[ℓ d] for prime powers ℓ d. We use these algorithms to create the first implementation of Eisenträger and Lauter’s algorithm for computing Igusa class polynomials via the Chinese Remainder Theorem [EL], and we demonstrate the algorithm for a few small examples. We observe that in practice the running time of the CRT algorithm is dominated not by the endomorphism ring computation but rather by the need to compute p 3 curves for many small primes p. 1.

Abstract. One can define class invariants for a quartic primitive CM field K as special values of certain Siegel (or Hilbert) modular functions at CM points corresponding to K. Such constructions were given in [DSG] and [Lau]. We provide explicit bounds on the primes appearing in the denominators of these algebraic numbers. This allows us, in particular, to construct S-units in certain abelian extensions of a reflex field of K, where S is effectively determined by K, and to bound the primes appearing in the denominators of the Igusa class polynomials arising in the construction of genus 2 curves with CM, as conjectured in [Lau]. 1.

Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CM-field K, the Igusa invariants j1(A), j2(A), j3(A) generate an unramified abelian extension of the reflex field of K. In this paper we give an explicit geometric description of the Galois action of the class group of this reflex field on j1(A), j2(A), j3(A). Our description can be expressed by maps between various Siegel modular varieties, and we can explicitly compute the action for ideals of small norm. We use the Galois action to modify the CRT method for computing Igusa class polynomials, and our run time analysis shows that this yields a significant improvement. Furthermore, we find cycles in isogeny graphs for abelian surfaces, thereby implying that the ‘isogeny volcano ’ algorithm to compute endomorphism rings of ordinary elliptic curves over finite fields does not have a straightforward generalization to computing endomorphism rings of abelian surfaces over finite fields. 1.

Modular polynomials are an important tool in many algorithms involving elliptic curves. In this article we investigate their generalization to the genus 2 case following pioneering work by Gaudry and Dupont. We prove various properties of these genus 2 modular polynomials and give an improved way to explicitly compute them.

Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CM-field K, the Igusa invariants j1(A), j2(A), j3(A) generate an abelian extension of the reflex field of K. In this paper we give an explicit description of the Galois action of the class group of this reflex field on j1(A), j2(A), j3(A). We give a geometric description which can be expressed by maps between various Siegel modular varieties. We can explicitly compute this action for ideals of small norm, and this allows us to improve the CRT method for computing Igusa class polynomials. Furthermore, we find cycles in isogeny graphs for abelian surfaces, thereby implying that the ‘isogeny volcano ’ algorithm to compute endomorphism rings of ordinary elliptic curves over finite fields does not have a straightforward generalization to computing endomorphism rings of abelian surfaces over finite fields. 1.

My research is mainly in algorithmic number theory and arithmetic geometry with particular interest in cryptography, coding theory, complex multiplication theory and explicit class field theory. This outline is intended as a brief description of the research projects I have undertaken. It projects forward to research projects I am currently working on and others I am planning to undertake after my Phd. 1 Construction of elliptic and hyperelliptic curves over finite fields with CM method Since Kronecker, number theorists have kept exploiting the idea of generating abelian extensions of number fields k by means of special values of appropriately chosen analytic functions. In the simplest case, i. e. k = Q, the Kronecker-Weber theorem says that the abelian extensions of Q are completely classified by using the special values of the transcendental function z ↦ → e 2πiz at points of finite order on the circle R/Z, see [Gr]. Hence, the question of extending this theorem to any base number field k, i. e. the famous Hilbert’s 12th problem, can be formulated whether abelian extensions of k can be generated by adjoining torsion points of suitable abelian groups.

Abstract. Consider the Jacobian of a hyperelliptic genus two curve de ned over a nite eld. Under certain restrictions on the endomorphism ring of the Jacobian, we give an explicit description of all non-degenerate, bilinear, anti-symmetric and Galois-invariant pairings on the Jacobian. From this description it follows that no such pairing can be computed more e ciently than the Weil pairing. To establish this result, we need an explicit description of the representation of the Frobenius endomorphism on the ℓ-torsion subgroup of the Jacobian. This description is given. In particular, we show that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo ℓ, then the Frobenius is diagonalizable. Finally, under the restriction that the Frobenius element is an element of a certain subring of the endomorphism ring, we prove that if the characteristic polynomial of the Frobenius endomorphism splits into linear factors modulo ℓ, then the embedding degree and the total embedding degree of the Jacobian with respect to ℓ are the same number. 1.

Abstract. We prove that in most cases relevant to cryptography, the Frobenius endomorphism on the Jacobian of a genus two curve is represented by a diagonal matrix with respect to an appropriate basis of the subgroup of ℓ-torsion points. From this fact we get an explicit description of the Weilpairing on the subgroup of ℓ-torsion points. Finally, the explicit description of the Weil-pairing provides us with an e cient, probabilistic algorithm to nd generators of the subgroup of ℓ-torsion points on the Jacobian of a genus two curve. 1.

Abstract. We construct Weil numbers corresponding to genus-2 curves with p-rank 1 over the finite field Fp2 of p2 elements. The corresponding curves can be constructed using explicit CM constructions. In one of our algorithms, the group of Fp2-valued points of the Jacobian has prime order, while another allows for a prescribed embedding degree with respect to a subgroup of prescribed order. The curves are defined over Fp2 out of necessity: we show that curves of p-rank 1 over Fp for large p cannot be efficiently constructed using explicit CM constructions. 1.