Section: Scientific Foundations

Complex multiplication

Participants : Karim Belabas, Henri Cohen, Jean-Marc Couveignes, Andreas Enge, Nicolas Mascot, Aurel Page, Damien Robert.

Complex multiplication provides a link between number fields and algebraic curves; for a concise introduction in the elliptic curve case, see [36] , for more background material, [35] . In fact, for most curves $𝒞$ over a finite field, the endomorphism ring of ${Jac}_{𝒞}$, which determines its $L$-function and thus its cardinality, is an order in a special kind of number field $K$, called CM field. The CM field of an elliptic curve is an imaginary-quadratic field $\mathbb{Q}\left(\sqrt{D}\right)$ with $D<0$, that of a hyperelliptic curve of genus $g$ is an imaginary-quadratic extension of a totally real number field of degree $g$. Deuring's lifting theorem ensures that $𝒞$ is the reduction modulo some prime of a curve with the same endomorphism ring, but defined over the Hilbert class field $H_K$ of $K$.

Algebraically, $H_K$ is defined as the maximal unramified abelian extension of $K$; the Galois group of $H_K/K$ is then precisely the class group ${Cl}_K$. A number field extension $H/K$ is called Galois if $H\simeq K\left[X\right]/\left(f\right)$ and $H$ contains all complex roots of $f$. For instance, $\mathbb{Q}\left(\sqrt{2}\right)$ is Galois since it contains not only $\sqrt{2}$, but also the second root $-\sqrt{2}$ of $X^2-2$, whereas $\mathbb{Q}\left(\sqrt[3]{2}\right)$ is not Galois, since it does not contain the root $e^{2\pi i/3}\sqrt[3]{2}$ of $X^3-2$. The Galois group ${Gal}_{H/K}$ is the group of automorphisms of $H$ that fix $K$; it permutes the roots of $f$. Finally, an abelian extension is a Galois extension with abelian Galois group.

Analytically, in the elliptic case $H_K$ may be obtained by adjoining to $K$ the singular value $j\left(\tau \right)$ for a complex valued, so-called modular function $j$ in some $\tau \in {𝒪}_K$; the correspondence between ${Gal}_{H/K}$ and ${Cl}_K$ allows to obtain the different roots of the minimal polynomial $f$ of $j\left(\tau \right)$ and finally $f$ itself. A similar, more involved construction can be used for hyperelliptic curves. This direct application of complex multiplication yields algebraic curves whose $L$-functions are known beforehand; in particular, it is the only possible way of obtaining ordinary curves for pairing-based cryptosystems.

The same theory can be used to develop algorithms that, given an arbitrary curve over a finite field, compute its $L$-function.

A generalisation is provided by ray class fields; these are still abelian, but allow for some well-controlled ramification. The tools for explicitly constructing such class fields are similar to those used for Hilbert class fields.