The Chebotarev Density Theorem - The Arithmetic of Elliptic and Hyperelliptic Curves with Appli

III.6 The Chebotarev Density Theorem

This section gives a generalization to the case of function fields over finite fields of Dirichlet’s theorem on the infinitude of primes in the arithmetic progression {a, a+ n, a+ 2n, . . .}, when gcd(a, n) = 1, namely theChebotarev density theorem. We should state the ingredients of this result clearly:

Situation. Letk=Fq be a finite field withq elements of characteristic p >0,F/kbe a function field with full constant fieldk, and let F⁰ be a finite Galois extension of F. We denote the algebraic closure ofk inF⁰ by k⁰, i.e. F⁰/k⁰ is a function field with full constant fieldk⁰.

In order to be able to understand the notations used in the statement of the main result, we need to recall some notions and results from function field theory: Let P⁰ ∈PF⁰/k⁰ be an extension of a placeP ∈PF /k. We define the following subgroups of the Galois groupG:=G_F⁰_/F ofF⁰ overF:

1. D:={σ∈G|σ(P⁰) =P⁰}is called thedecomposition group of P⁰ overP. 2. I :={σ∈G|v⁰_P0(σ(z)−z)>0 for allz∈O⁰_P0} is called theinertia group of P⁰

overP.

There is one very important result concerning these two groups, we should recall.

Theorem III.6.1. In the situation of this section, the following statements hold:

1. The decomposition groupD has ordere(P⁰|P)·f(P⁰|P).

2. The inertia groupI is normal inD and has order e(P⁰|P).

3. The residue field extensionF_P⁰0/FP is a Galois extension, and we have an isomor-phism

G_F⁰

P0/FP

∼=D/I. (III.4)

Proof. This is [Sti93, Ch. III, theorem 8.2, p. 119].

Now, since k is finite, F_P is also a finite field, and so G_F⁰

P0/F_P is a cyclic group generated by the Frobenius automorphism (e.g. [Bos04, Ch. 3, Satz 9.6, p. 129])

σ :F_P⁰0 →F_P⁰0, x7→x^q^deg^P.

Recall that thenormof the placeP ofF, denoted byN(P), is defined as the cardinality ofF_P and henceq^deg^P =|F_P|=N(P).

By theorem III.6.1, we know that the order of the inertia group is precisely the ramification index e(P⁰|P). This implies that, if P is unramified (i.e. e(P⁰|P) = 1), thenI is trivial which, in turn means in conjunction with (III.4), that Dis generated

by the image of the Frobenius automorphism. We denote this element by hF⁰/F

P⁰

i and call it theFrobenius automorphism atP⁰. It should be noted that whenever we use the symbolh_F0/F

P⁰

, we will understand thatP is unramified.

We want to study what will happen to the Frobenius automorphism at P⁰, when P⁰ runs through all the places over P. Recall that G acts transitively on the set of all extensions {P⁰ ∈ PF⁰/k⁰ | P⁰ lies over P} by lemma III.3.10. Now, by the following result, we see that, whenP⁰ runs through all the places overP, the Frobenius automorphism runs through a conjugacy class ofG:

Proposition III.6.2. For everyσ ∈G we have:

F⁰/F σ(P⁰)

=σ F⁰/F

P⁰

σ⁻¹. Proof. This is [Sal06, Ch. 11, proposition 2.3, p. 378].

This allows us to define the Artin symbol:

Definition III.6.3. Let P⁰ be a place ofF⁰ lying over a place P of F such that P is unramified in F⁰. Then, theArtin symbol of P is defined as the conjugacy class

F⁰/F P

σ F⁰/F

P⁰

σ⁻¹ |σ∈G

We are almost able to state the main theorem of this section, the only ingredient that is still missing is the following quantitative measure on a subsetA of PF /k which we apply to test its infinitude by a qualitative description.

Definition III.6.4. LetA be a subset of PF /k. Then the limit (s∈R, s >1) δ(A) := lim

s→1⁺

P∈AN(P)^−s P

P∈PF /kN(P)^−s, is called theDirichlet density ofA, in case the limit exists.

We can finally state theChebotarev density theorem:

Theorem III.6.5. In the situation of this section, letCbe a conjugacy class ofG_F⁰_/F. Then the Dirichlet density of the set

P ∈PF /k |

F⁰/F P

exists and is equal to _[F^|C|0:F].

Proof. This is [Sal06, Ch. 11, theorem 2.20, p. 387].

We will need this theorem in section VI.3 to prove the non-degeneracy of a pairing that will be defined in that section. In [Sal06], the proof of the above theorem is done in several steps and there is one easy result on the Dirichlet density of a finite set that is of particular interest to us.

III.6. THE CHEBOTAREV DENSITY THEOREM 63 Proposition III.6.6. IfA⊆PF /k is finite, thenδ(A) = 0.

Proof. See [Sal06, Ch. 11, proposition 2.7, p. 379].

This means that, if the Dirichlet density of a given setA⊆PF /k is nonzero, the set Ahas infinitely many places. On the other hand, we have the following bound (which is a consequence of the Hasse-Weil bound, cf. theorem III.4.4) for the number B_d of places of degreed:

Lemma III.6.7. For alld≥1, we have the estimate

|B_d−q^d

d|<(2 + 7g)·q^d/2 d , whereg denotes the genus ofF/k.

In particular, there are only finitely many places of a given degreed, and ifd≥4g+3, thenB_d≥1.

Proof. See [Sti93, Ch. V, corollary 2.10, p. 179].

Now, let A ⊆ PF /k be a set of places of F such that δ(A) 6= 0, then the lemma ensures the existence of places inA of degree dfor alld≥some constant. This fact is crucial in the proof of the non-degeneracy of the Tate-Lichtenbaum pairing in section VI.3.

Chapter IV

The Arithmetic of Elliptic Curves

In the sequel of this thesis, we will need two special types of algebraic curves, namely elliptic and hyperelliptic curves. The present chapter deals with the former. It intends to give an overview on the arithmetic of elliptic curves, and will mostly rely on [Sil86].

We will follow our motto (cf. section I.2), and only prove those results that the author could not find in the literature, or for which he wants to present different approaches.

For the proofs of all other results, we will refer the reader to an appropriate source.

Starting with the definition of an elliptic curve and its Weierstraß equation in section IV.1.1, we show that the points on an elliptic curve form a group and give explicit formulae to perform the group law in section IV.1.2. Then, in section IV.1.3, we discuss isogenies, which are special morphisms between elliptic curves, and also give a summary of certain properties of them. In particular, we want to give some relations between isogenies and divisors in section IV.1.4. The most important part of this chapter is section IV.2, where we introduce supersingular elliptic curves, which will turn out to be very useful in cryptographic applications in chapter VII. One of the reasons for their usability is the fact that they have an embedding degree less or equal to 6, which we will see in section IV.3.

As we did in introductions of previous chapters, we want to highlight the author’s contribution in the present chapter:

• Proof of certain results that are missing/exercises in [Sil86]. See example IV.1.17 and lemma IV.1.16.

• An example of a supersingular elliptic curve overF11 of order 12 with embedding degree 2 (see examples IV.2.7 and IV.3.4).

In what follows,kwill denote a perfect field with a fixed algebraic closureK. Moreover, we will always understand anabsolutely irreducible nonsingular projective curve, when using the termcurve. Unlike in previous chapters, we will from now on denote a curve over the algebraic closureKsimply byC. Recall, that ifCis defined overk, we denote this byC/k. These conventions will be carried out until the end.

Im Dokument The Arithmetic of Elliptic and Hyperelliptic Curves with Applications to Pairing-Based Cryptography (Seite 67-72)