Abstract. For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties (in terms of the dimension of the abelian variety and the size of the finite field), and gives constructions of supersingular abelian varieties that are optimal for use in cryptography. 1

Abstract. In this article we show how to generalize the CM-method for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.

It is well-known that an abelian variety is (absolutely) simple or is isogenous to a self-product of an (absolutely) simple abelian variety if and only if the center of its endomorphism algebra is a field. In this paper we prove that the center is a field if the field of definition of points of prime order ℓ is “big enough”. The paper is organized as follows. In §1 we discuss Galois properties of points of order ℓ on an abelian variety X that imply that its endomorphism algebra End 0 (X) is a central simple algebra over the field of rational numbers. In §2 we prove that similar Galois properties for two abelian varieties X and Y combined with the linear disjointness of the corresponding fields of definitions of points of order ℓ imply that X and Y are non-isogenous (and even Hom(X, Y) = 0). In §3 we give applications to endomorphism algebras of hyperelliptic jacobians. In §4 we prove that if X admits multiplications by a number field E and the dimension of the centralizer of E in End 0 (X) is “as large as possible ” then X is an abelian variety of CM-type isogenous to a self-product of an absolutely simple abelian variety. Throughout the paper we will freely use the following observation [21, p. 174]: if an abelian variety X is isogenous to a self-product Z d of an abelian variety Z then a choice of an isogeny between X and Z d defines an isomorphism between End 0 (X) and the algebra Md(End 0 (Z)) of d × d matrices over End 0 (Z). Since the center of End 0 (Z) coincides with the center of Md(End 0 (Z)), we get an isomorphism

Abstract not found

Abstract. — We present a new method for constructing genus 2 curves over a finite field Fn with a given number of points on its Jacobian. This method has important applications in cryptography, where groups of prime order are used as the basis for discrete-log based cryptosystems. Our algorithm provides an alternative to the traditional CM method for constructing genus 2 curves. For a quartic CM field K with primitive CM type, we compute the Igusa class polynomials modulo p for certain small primes p and then use the Chinese remainder theorem (CRT) and a bound on the denominators to construct the class polynomials. We also provide an algorithm for determining endomorphism rings of ordinary Jacobians of genus 2 curves over finite fields, generalizing the work of Kohel for elliptic curves. Résumé (Un algorithme fondé sur le théorème chinois pour construire des courbes de genre 2 sur des corps finis) Nous présentons une nouvelle méthode pour construire des courbes de genre 2 sur un corps fini Fn avec un nombre donné de points sur sa jacobienne. Cette méthode a des applications importantes en cryptographie, où des groupes d’ordre premier sont employés pour former des cryptosystèmes fondés sur le logarithme discret. Notre algorithme fournit une alternative à la méthode traditionnelle de multiplication complexe pour construire des courbes de genre 2. Pour un corps quartique K à multiplication complexe de type primitif, nous calculons les polynômes de classe d’Igusa modulo p pour certain petit premiers p et employons le théorème chinois et une borne sur les dénominateurs pour construire les polynômes de classe. Nous fournissons également un algorithme pour déterminer les anneaux d’endomorphismes des jacobiennes de courbes ordinaires de genre 2 sur des corps finis, généralisant le travail de Kohel pour les courbes elliptiques.

Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2-adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field Q(i p 75 + 12 √ 17), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1, j2, j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre’s algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography. 1

In this paper, we prove many cases of the anticyclotomic main conjecture for general CM fields with p-ordinary CM type.

Abstract. We present probabilistic algorithms which, given a genus 2 curve C defined over a finite field and a quartic CM field K, determine whether the endomorphism ring of the Jacobian J of C is the full ring of integers in K. In particular, we present algorithms for computing the field of definition of, and the action of Frobenius on, the subgroups J[ℓ d] for prime powers ℓ d. We use these algorithms to create the first implementation of Eisenträger and Lauter’s algorithm for computing Igusa class polynomials via the Chinese Remainder Theorem [EL], and we demonstrate the algorithm for a few small examples. We observe that in practice the running time of the CRT algorithm is dominated not by the endomorphism ring computation but rather by the need to compute p 3 curves for many small primes p. 1.

It is a classical fact that the elliptic modular function λ = (ϑ10/ϑ00) 4 satisfies an algebraic differential equation of order 3 (this goes back to Jacobi’s Fundamenta nova), and none of lower order (cf. [Ra], [M]). In this paper, we show how these properties generalize to Siegel modular functions of arbitrary degree. Some notations are necessary before we can state our main results. Let g be a positive integer (called indifferently degree, or genus), let k be an algebraically closed subfield of C, and set Hg = Siegel half space of degree g; the Q-vector group Zg formed by symmetric matrices of order g has dimension n:= g(g + 1) 2 and Hg is open in Zg(C); τ = (τjl) a generic point on Hg, so that k(2πiτ) can be viewed as the field of rational functions on Zg/k; Γ = a congruence subgroup of Sp 2g (Z) (equivalently, a subgroup of finite index if g> 1). We recall that the symplectic group Sp 2g has dimension dimSp 2g = 2g 2 + g; Rw(Γ, k) = k-vector-space of k-rational modular forms of weight w (a non-negative integer) relative to Γ, i.e. holomorphic functions f on Hg which satisfy f(γτ) = det(cτ + d) w f(τ) for all ( γ = () a b, τ) ∈ Γ × Hg, c d

Abstract. We present an algorithm that, on input of a CM-field K, an integer k ≥ 1, and a prime r ≡ 1 mod k, constructs a q-Weil number π ∈ OK corresponding to an ordinary, simple abelian variety A over the field F of q elements that has an F-rational point of order r and embedding degree k with respect to r. We then discuss how CM-methods over K can be used to explicitly construct A. 1