Let $E$ be an elliptic curve without complex multiplication (CM) over a number field $K$ , and let $G_{E}(\ell )$ be the image of the Galois representation induced by the action of the absolute Galois group of  $K$ on the $\ell$ -torsion subgroup of  $E$ . We present two probabilistic algorithms to simultaneously determine $G_{E}(\ell )$ up to local conjugacy for all primes $\ell$ by sampling images of Frobenius elements; one is of Las Vegas type and the other is a Monte Carlo algorithm. They determine $G_{E}(\ell )$ up to one of at most two isomorphic conjugacy classes of subgroups of $\mathbf{GL}_{2}(\mathbf{Z}/\ell \mathbf{Z})$ that have the same semisimplification, each of which occurs for an elliptic curve isogenous to $E$ . Under the GRH, their running times are polynomial in the bit-size $n$ of an integral Weierstrass equation for  $E$ , and for our Monte Carlo algorithm, quasilinear in $n$ . We have applied our algorithms to the non-CM elliptic curves in Cremona’s tables and the Stein–Watkins database, some 140 million curves of conductor up to  $10^{10}$ , thereby obtaining a conjecturally complete list of 63 exceptional Galois images $G_{E}(\ell )$ that arise for $E/\mathbf{Q}$ without CM. Under this conjecture, we determine a complete list of 160 exceptional Galois images $G_{E}(\ell )$ that arise for non-CM elliptic curves over quadratic fields with rational $j$ -invariants. We also give examples of exceptional Galois images that arise for non-CM elliptic curves over quadratic fields only when the $j$ -invariant is irrational.

This article considers the positive integers $N$ for which ${\it\zeta}_{N}(s)=\sum _{n=1}^{N}n^{-s}$ has zeroes in the half-plane $\Re (s)>1$ . Building on earlier results, we show that there are no zeroes for $1\leqslant N\leqslant 18$ and for $N=20,21,28$ . For all other $N$ there are infinitely many such zeroes.

The aim of the discrete logarithm problem with auxiliary inputs is to solve for ${\it\alpha}$ , given the elements $g,g^{{\it\alpha}},\ldots ,g^{{\it\alpha}^{d}}$ of a cyclic group $G=\langle g\rangle$ , of prime order  $p$ . The best-known algorithm, proposed by Cheon in 2006, solves for ${\it\alpha}$ in the case where $d\mid (p\pm 1)$ , with a running time of $O(\sqrt{p/d}+d^{i})$ group exponentiations ( $i=1$ or $1/2$ depending on the sign). There have been several attempts to generalize this algorithm to the case of ${\rm\Phi}_{k}(p)$ where $k\geqslant 3$ . However, it has been shown by Kim, Cheon and Lee that a better complexity cannot be achieved than that of the usual square root algorithms.

We propose a new algorithm for solving the DLPwAI. We show that this algorithm has a running time of $\widetilde{O}(\sqrt{p/{\it\tau}_{f}}+d)$ group exponentiations, where  ${\it\tau}_{f}$ is the number of absolutely irreducible factors of $f(x)-f(y)$ . We note that this number is always smaller than $\widetilde{O}(p^{1/2})$ .

In addition, we present an analysis of a non-uniform birthday problem.

Primitive prime divisors play an important role in group theory and number theory. We study a certain number-theoretic quantity, called $\unicode[STIX]{x1D6F7}_{n}^{\ast }(q)$ , which is closely related to the cyclotomic polynomial $\unicode[STIX]{x1D6F7}_{n}(x)$ and to primitive prime divisors of $q^{n}-1$ . Our definition of $\unicode[STIX]{x1D6F7}_{n}^{\ast }(q)$ is novel, and we prove it is equivalent to the definition given by Hering. Given positive constants $c$ and $k$ , we provide an algorithm for determining all pairs $(n,q)$ with $\unicode[STIX]{x1D6F7}_{n}^{\ast }(q)\leq cn^{k}$ . This algorithm is used to extend (and correct) a result of Hering and is useful for classifying certain families of subgroups of finite linear groups.

A prime sieve is an algorithm that finds the primes up to a bound $n$ . We say that a prime sieve is incremental, if it can quickly determine if $n+1$ is prime after having found all primes up to  $n$ . We say a sieve is compact if it uses roughly $\sqrt{n}$ space or less. In this paper, we present two new results.

–

We describe the rolling sieve, a practical, incremental prime sieve that takes $O(n\log \log n)$ time and $O(\sqrt{n}\log n)$ bits of space.

The second result solves an open problem given by Paul Pritchard in 1994.

We investigate two routing problems that arise when order pickers traverse an aisle in a warehouse. The routing problems can be viewed as Euclidean travelling salesman problems with points on two parallel lines. We show that if the order picker traverses only a section of the aisle and then returns, then an optimal solution can be found in linear time, and if the order picker traverses the entire aisle, then an optimal solution can be found in quadratic time. Moreover, we show how to approximate the routing cost in linear time by computing a minimum spanning tree for the points on the parallel lines.

We propose to generalize the work of Régis Dupont for computing modular polynomials in dimension $2$ to new invariants. We describe an algorithm to compute modular polynomials for invariants derived from theta constants and prove heuristically that this algorithm is quasi-linear in its output size. Some properties of the modular polynomials defined from quotients of theta constants are analyzed. We report on experiments with our implementation.

We prove that formal Fourier Jacobi expansions of degree two are Siegel modular forms. As a corollary, we deduce modularity of the generating function of special cycles of codimension two, which were defined by Kudla. A second application is the proof of termination of an algorithm to compute Fourier expansions of arbitrary Siegel modular forms of degree two. Combining both results enables us to determine relations of special cycles in the second Chow group.

Van Wamelen [Math. Comp. 68 (1999) no. 225, 307–320] lists 19 curves of genus two over $\mathbf{Q}$ with complex multiplication (CM). However, for each curve, the CM-field turns out to be cyclic Galois over  $\mathbf{Q}$ , and the generic case of a non-Galois quartic CM-field did not feature in this list. The reason is that the field of definition in that case always contains the real quadratic subfield of the reflex field.

We extend Van Wamelen’s list to include curves of genus two defined over this real quadratic field. Our list therefore contains the smallest ‘generic’ examples of CM curves of genus two.

We explain our methods for obtaining this list, including a new height-reduction algorithm for arbitrary hyperelliptic curves over totally real number fields. Unlike Van Wamelen, we also give a proof of our list, which is made possible by our implementation of denominator bounds of Lauter and Viray for Igusa class polynomials.

In this paper we improve the inequalities obtained by Chen in 2009 for the Euler–Mascheroni constant.

For an elliptic curve $E/\mathbb{Q}$ without complex multiplication we study the distribution of Atkin and Elkies primes $\ell$ , on average, over all good reductions of $E$ modulo primes $p$ . We show that, under the generalized Riemann hypothesis, for almost all primes $p$ there are enough small Elkies primes $\ell$ to ensure that the Schoof–Elkies–Atkin point-counting algorithm runs in $(\log p)^{4+o(1)}$ expected time.

We construct explicit bases for spaces of overconvergent $p$ -adic modular forms when $p=2,3$ and study their interaction with the Atkin operator. This results in an extension of Lauder’s algorithms for overconvergent modular forms. We illustrate these algorithms with computations of slope sequences of some $2$ -adic eigencurves and the construction of Chow–Heegner points on elliptic curves via special values of Rankin triple product L-functions.

Until recently, the ‘plus part’ of the class numbers of cyclotomic fields had only been determined for fields of root discriminant small enough to be treated by Odlyzko’s discriminant bounds.

However, by finding lower bounds for sums over prime ideals of the Hilbert class field, we can now establish upper bounds for class numbers of fields of larger discriminant. This new analytic upper bound, together with algebraic arguments concerning the divisibility properties of class numbers, allows us to unconditionally determine the class numbers of many cyclotomic fields that had previously been untreatable by any known method.

In this paper, we study in particular the cyclotomic fields of composite conductor.

Let $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}\mathcal{O}$ be a maximal order in the quaternion algebra $B_p$ over $\mathbb{Q}$ ramified at $p$ and $\infty $. The paper is about the computational problem: construct a supersingular elliptic curve $E$ over $\mathbb{F}_p$ such that ${\rm End}(E) \cong \mathcal{O}$. We present an algorithm that solves this problem by taking gcds of the reductions modulo $p$ of Hilbert class polynomials.

New theoretical results are required to determine the complexity of our algorithm. Our main result is that, under certain conditions on a rank three sublattice $\mathcal{O}^T$ of $\mathcal{O}$, the order $\mathcal{O}$ is effectively characterized by the three successive minima and two other short vectors of $\mathcal{O}^T\! .$ The desired conditions turn out to hold whenever the $j$-invariant $j(E)$, of the elliptic curve with ${\rm End}(E) \cong \mathcal{O}$, lies in $\mathbb{F}_p$. We can then prove that our algorithm terminates with running time $O(p^{1+\varepsilon })$ under the aforementioned conditions.

As a further application we present an algorithm to simultaneously match all maximal order types with their associated $j$-invariants. Our algorithm has running time $O(p^{2.5 + \varepsilon })$ operations and is more efficient than Cerviño’s algorithm for the same problem.

This paper presents an algorithm to construct cryptographically strong genus $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}2$ curves and their Kummer surfaces via Rosenhain invariants and related Kummer parameters. The most common version of the complex multiplication (CM) algorithm for constructing cryptographic curves in genus 2 relies on the well-studied Igusa invariants and Mestre’s algorithm for reconstructing the curve. On the other hand, the Rosenhain invariants typically have much smaller height, so computing them requires less precision, and in addition, the Rosenhain model for the curve can be written down directly given the Rosenhain invariants. Similarly, the parameters for a Kummer surface can be expressed directly in terms of rational functions of theta constants. CM-values of these functions are algebraic numbers, and when computed to high enough precision, LLL can recognize their minimal polynomials. Motivated by fast cryptography on Kummer surfaces, we investigate a variant of the CM method for computing cryptographically strong Rosenhain models of curves (as well as their associated Kummer surfaces) and use it to generate several example curves at different security levels that are suitable for use in cryptography.

Deciding whether an ideal of a number field is principal and finding a generator is a fundamental problem with many applications in computational number theory. For indefinite quaternion algebras, the decision problem reduces to that in the underlying number field. Finding a generator is hard, and we present a heuristically subexponential algorithm.

We present a higher-dimensional generalization of the Gama–Nguyen algorithm (STOC ’08) for approximating the shortest vector problem in a lattice. This generalization approximates the densest sublattice by using a subroutine solving the exact problem in low dimension, such as the Dadush–Micciancio algorithm (SODA ’13). Our approximation factor corresponds to a natural inequality on Rankin’s constant derived from Rankin’s inequality.

In the recent breakthrough paper by Barbulescu, Gaudry, Joux and Thomé, a quasi-polynomial time algorithm is proposed for the discrete logarithm problem over finite fields of small characteristic. The time complexity analysis of the algorithm is based on several heuristics presented in their paper. We show that some of the heuristics are problematic in their original forms, in particular when the field is not a Kummer extension. We propose a fix to the algorithm in non-Kummer cases, without altering the heuristic quasi-polynomial time complexity. Further study is required in order to fully understand the effectiveness of the new approach.

There is an algorithm of Schoof for finding divisors of class numbers of real cyclotomic fields of prime conductor. In this paper we introduce an improvement of the elliptic analogue of this algorithm by using a subgroup of elliptic units given by Weierstrass forms. These elliptic units which can be expressed in terms of $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}x$-coordinates of points on elliptic curves enable us to use the fast arithmetic of elliptic curves over finite fields.