Morfismos, Vol 21, No 2, 2017

VOLUMEN 21 NÚMERO 2 JULIO A DICIEMBRE DE 2017 ISSN: 1870-6525

Chief Editors - Editores Generales • Isidoro Gitler • Jesús González

Associate Editors - Editores Asociados • Ruy Fabila • Onésimo Hernández-Lerma • Héctor Jasso Fuentes • Miguel Maldonado • Carlos Pacheco • Enrique Ramı́rez de Arellano • Enrique Reyes • Dai Tamaki • Enrique Torres Giese

Apoyo Técnico • Adriana Aranda Sánchez • Omar Hernández Orozco • Anabel Lagos Córdoba • Roxana Martı́nez Morfismos está disponible en la dirección http://www.morfismos.cinvestav.mx. Para mayores informes dirigirse al teléfono +52 (55) 5747-3871. Toda correspondencia debe ir dirigida a la Sra. Anabel Lagos, Departamento de Matemáticas del Cinvestav, Apartado Postal 14-740, México, D.F. 07000, o por correo electrónico a la dirección: morfismos@math.cinvestav.mx.

VOLUMEN 21 NÚMERO 2 JULIO A DICIEMBRE DE 2017 ISSN: 1870-6525

Morfismos Departamento de Matemáticas Cinvestav

Morfismos, Volumen 21, Número 2, julio a diciembre 2017, es una publicación semestral editada por el Centro de Investigación y de Estudios Avanzados del Instituto Politécnico Nacional (Cinvestav), a través del Departamento de Matemáticas. Av. Instituto Politécnico Nacional No. 2508, Col. San Pedro Zacatenco, Delegación Gustavo A. Madero, C.P. 07360, D.F., Tel. 55-57473800, www.cinvestav.mx, morfismos@math.cinvestav.mx, Editores Generales: Drs. Isidoro Gitler y Jesús González Espino Barros. Reserva de Derechos No. 04-2012-011011542900-102, ISSN: 1870-6525, ambos otorgados por el Instituto Nacional del Derecho de Autor. Certificado de Licitud de Tı́tulo No. 14729, Certificado de Licitud de Contenido No. 12302, ambos otorgados por la Comisión Calificadora de Publicaciones y Revistas Ilustradas de la Secretarı́a de Gobernación. Impreso por el Departamento de Matemáticas del Cinvestav, Avenida Instituto Politécnico Nacional 2508, Colonia San Pedro Zacatenco, C.P. 07360, México, D.F. Este número se terminó de imprimir en diciembre de 2017 con un tiraje de 50 ejemplares. Las opiniones expresadas por los autores no necesariamente reflejan la postura de los editores de la publicación. Queda estrictamente prohibida la reproducción total o parcial de los contenidos e imágenes de la publicación, sin previa autorización del Cinvestav.

Information for Authors The Editorial Board of Morfismos calls for papers on mathematics and related areas to be submitted for publication in this journal under the following guidelines: • Manuscripts should fit in one of the following three categories: (a) papers covering the graduate work of a student, (b) contributed papers, and (c) invited papers by leading scientists. Each paper published in Morfismos will be posted with an indication of which of these three categories the paper belongs to. • Papers in category (a) might be written in Spanish; all other papers proposed for publication in Morfismos shall be written in English, except those for which the Editoral Board decides to publish in another language. • All received manuscripts will be refereed by specialists.

• In the case of papers covering the graduate work of a student, the author should provide the supervisor’s name and affiliation, date of completion of the degree, and institution granting it. • Authors may retrieve the LATEX macros used for Morfismos through the web site http://www.math.cinvestav.mx, at “Revista Morfismos”. The use by authors of these macros helps for an expeditious production process of accepted papers. • All illustrations must be of professional quality.

• Authors will receive the pdf file of their published paper.

• Manuscripts submitted for publication in Morfismos should be sent to the email address morfismos@math.cinvestav.mx.

Información para Autores El Consejo Editorial de Morfismos convoca a proponer artı́culos en matemáticas y áreas relacionadas para ser publicados en esta revista bajo los siguientes lineamientos: • Se considerarán tres tipos de trabajos: (a) artı́culos derivados de tesis de grado de alta calidad, (b) artı́culos por contribución y (c) artı́culos por invitación escritos por lı́deres en sus respectivas áreas. En todo artı́culo publicado en Morfismos se indicará el tipo de trabajo del que se trate de acuerdo a esta clasificación. • Los artı́culos del tipo (a) podrán estar escritos en español. Los demás trabajos deberán estar redactados en inglés, salvo aquellos que el Comité Editorial decida publicar en otro idioma. • Cada artı́culo propuesto para publicación en Morfismos será enviado a especialistas para su arbitraje. • En el caso de artı́culos derivados de tesis de grado se debe indicar el nombre del supervisor de tesis, su adscripción, la fecha de obtención del grado y la institución que lo otorga. • Los autores interesados pueden obtener el formato LATEX utilizado por Morfismos en el enlace “Revista Morfismos” de la dirección http://www.math.cinvestav.mx. La utilización de dicho formato ayudará en la pronta publicación de los artı́culos aceptados. • Si el artı́culo contiene ilustraciones o figuras, éstas deberán ser presentadas de forma que se ajusten a la calidad de reproducción de Morfismos. • Los autores recibirán el archivo pdf de su artı́culo publicado.

• Los artı́culos propuestos para publicación en Morfismos deben ser dirigidos a la dirección morfismos@math.cinvestav.mx.

Editorial Guidelines Morfismos is the journal of the Mathematics Department of Cinvestav. One of its main objectives is to give advanced students a forum to publish their early mathematical writings and to build skills in communicating mathematics. Publication of papers is not restricted to students of Cinvestav; we want to encourage students in Mexico and abroad to submit papers. Mathematics research reports or summaries of bachelor, master and Ph.D. theses of high quality will be considered for publication, as well as contributed and invited papers by researchers. All submitted papers should be original, either in the results or in the methods. The Editors will assign as referees well-established mathematicians, and the acceptance/rejection decision will be taken by the Editorial Board on the basis of the referee reports. Authors of Morfismos will be able to choose to transfer copyrights of their works to Morfismos. In that case, the corresponding papers cannot be considered or sent for publication in any other printed or electronic media. Only those papers for which Morfismos is granted copyright will be subject to revision in international data bases such as the American Mathematical Society’s Mathematical Reviews, and the European Mathematical Society’s Zentralblatt MATH.

Morfismos

Lineamientos Editoriales Morfismos, revista semestral del Departamento de Matemáticas del Cinvestav, tiene entre sus principales objetivos el ofrecer a los estudiantes más adelantados un foro para publicar sus primeros trabajos matemáticos, a fin de que desarrollen habilidades adecuadas para la comunicación y escritura de resultados matemáticos. La publicación de trabajos no está restringida a estudiantes del Cinvestav; deseamos fomentar la participación de estudiantes en México y en el extranjero, ası́ como de investigadores mediante artı́culos por contribución y por invitación. Los reportes de investigación matemática o resúmenes de tesis de licenciatura, maestrı́a o doctorado de alta calidad pueden ser publicados en Morfismos. Los artı́culos a publicarse serán originales, ya sea en los resultados o en los métodos. Para juzgar ésto, el Consejo Editorial designará revisores de reconocido prestigio en el orbe internacional. La aceptación de los artı́culos propuestos será decidida por el Consejo Editorial con base a los reportes recibidos. Los autores que ası́ lo deseen podrán optar por ceder a Morfismos los derechos de publicación y distribución de sus trabajos. En tal caso, dichos artı́culos no podrán ser publicados en ninguna otra revista ni medio impreso o electrónico. Morfismos solicitará que tales artı́culos sean revisados en bases de datos internacionales como lo son el Mathematical Reviews, de la American Mathematical Society, y el Zentralblatt MATH, de la European Mathematical Society.

Morfismos

Contents - Contenido Bilinear maps, embeddings, topological complexity and antisymmetric index of projective spaces Carlos Domı́nguez . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Criptografı́a de curva elı́ptica en campos de caracterı́stica 3 Edgar González Fernández y Feliú D. Sagols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Enumeration of integer lattices by quotient group Álvar Ibeas Martı́n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Morfismos, Vol. 21, No. 2, 2017, pp. 1–16 Morfismos, Vol. 21, No. 2, 2017, pp. 1–16

Bilinear maps, embeddings, topological Bilinear maps, embeddings, index topological complexity and antisymmetric of complexity and antisymmetric index of projective spaces. ∗ ∗ projective spaces. 1 Carlos Domínguez

Carlos Domínguez

1

Abstract We provide a straight new proofAbstract using direct calculations on integral cohomology which can be considered as a substitute, in an Wenumber provideofa cases, straight proof using direct calculations on ininfinite fornew a fact concerning bilinear maps, (emtegral cohomology which can be considered as a substitute, beddings) immersions and (symmetric) topological complexity ofin an infinitespaces, number of equivariant cases, for a maps. fact concerning bilinear maps, (emprojective and beddings) immersions and (symmetric) topological complexity of projectiveSubject spaces, Classification: and equivariant 57R40, maps. 57R42, 57R19, 55R80, 2010 Mathematics

55M30, 11D09. 2010 Mathematics Subject Classification: 57R40, 57R42, 57R19, 55R80, Keywords and phrases:Embedding, Immersion, Projective Spaces, Topo55M30, 11D09. logical Complexity, Equivariant Maps. Keywords and phrases:Embedding, Immersion, Projective Spaces, Topological Complexity, Equivariant Maps.

1

Introduction 1 theIntroduction When classical embedding problem for smooth manifolds is restricted

to the case of real projective spaces, it may be seen as a connection When the classical embedding problem for smooth manifolds is restricted between real bilinear, embeddings, and equivariant type problems. In to the case of real projective spaces, it may be seen as a connection this article it is intended to describe this question starting from some between real bilinear, embeddings, and equivariant type problems. In results in the work of A. Haefliger [16] and H. Hopf [18] on the matter. this article it is intended to describe this question starting from some The existence of a symmetric nonsingular bilinear map Rm × Rm → results in the work of A. Haefliger [16] and H. Hopf [18] on the matter. Rk gives an embedding of the projective space RP m−1 → Rk−1m, andm The existence of a symmetric nonsingular bilinear map R × R → −equivariant an embedding of a topological space X → Rk defines a Zm−1 Rk gives an embedding of the projective space RP 2 → Rk−1 , and map X × X − ∆ → S k−1 . In these three caseskthe main question is, an embedding of a topological space X → R defines a Z2 −equivariant ∗ . In these three cases the main question is, mapresearch X×X − ∆ → Sbyk−1 This is supported DGAPA-UNAM postdoctoral scholarship.

1 This article contains part of the results of the author’s PhD. Thesis directed by ∗ is supported by DGAPA-UNAM scholarship. ProfessorThis Jesúsresearch González at Department of Mathematicspostdoctoral CINVESTAV-IPN. 1 This article contains part of the results of the author’s PhD. Thesis directed by Professor Jesús González at Department of Mathematics CINVESTAV-IPN.

1

1

2

Carlos Domínguez

what is the minimum k such that there exist these kind of maps? For the equivariant case we refer to this number as the antisymmetric index of X. If X is a compact manifold, calculating its antisymmetric index and its embedding dimension are equivalent matters in Haefliger’s range established in theorem 2.1. Outside of that range it is not known in general if the existence of an equivariant map implies an embedding in this context, but also, to decide whether or not an equivariant map exists within this range has not a definite answer yet. For real projective spaces this is still an open question in a finite number of cases. Solving the known ones can be considered as the starting point in the work of J. Adem, S. Gitler, and I. M. James [1] on immersions. Immersion concept for projective spaces was related to a relatively new sectional category type definition of M. Farber, the so called topological complexity by Farber, Tabachnikov, and Yuzvinsky [11]. It was proved by J. Gonzalez and P. Landweber [15] that the calculation of the symmetric version of topological complexity and the antisymmetric index are equivalent for real projective spaces. This gives most of the known answers on the topic until now, see Theorem 3.8. Non embedding results for projective spaces give lower bounds for most of the cases in the problems described in the second paragraph of this section. As it is well known, the embedding problem has been studied for long time in topology [19]. We focus our attention on works by M. Mahowald [22] and J. Levine [21] which give the embedding dimension of e RP 2 +1 for all e. Using the arguments given in previous paragraph, this gives a complete answer in the said dimensions, the method could be considered as category, immersion, and embedding combination techniques worked out for about fifty years. After the work of Gonzalez-Landweber [15], only the antisymmetric index of RP 3 , RP 5 remained unknown (we are still talking about dimensions equal to 2e + 1) as non-immersion results do not give answer for this couple of cases. Studying integral cohomology of RP 3 × RP 3 − ∆ gives the answer for e = 1, as shown by J. Gonzalez in [14]. Following this idea it was obtained the integral cohomology ring of RP m × RP m − ∆ for all m by J. Gonzalez, P, Landweber and the author in [7], which answered the case e = 2. Actually, calculations in the integral cohomology ring allowing us to recover these results, for all e, in a direct way which can be considered as an “antisymmetric index type technique”. Here we emphasize on the novelty of this proof rather than on the results in this article. In Section 2 we recall some classical definitions an well known theo-

A new proof on bilinear maps

3

rems. Section 3 is about the role of topological complexity on the matter, and in the final section, we describe the idea and write out our new proof which has as a consequence some results concerning real symmetric non-singular bilinear maps also implied by well known (non-)embedding theorems for real projective spaces due to H. Hopf, J. Levine, and M. Mahowald .

2

Some classical results on embeddings, equivariant, and bilinear maps

Let X be a topological space, we denote by F (X, 2) the space X ×X −∆, where ∆ is the diagonal in X × X. Of course this is the space of pairs of different points in X, also known as the configuration space of two points in X. If now we consider the group of two elements Z2 = {1, −1} there is an action of this group on F (X, 2) given by (−1)(x, y) = (y, x). We refer to this action as the symmetric action of Z2 on F (X, 2). The orbit space resulting from the symmetric action is denoted as B(X, 2) and is the space of pairs of unordered points in X commonly named the unordered configuration space of two points in X. Let S n−1 be the n − 1 dimensional sphere contained in the Euclidean space Rn , the antipodal action of Z2 helps to state the classical question, what is the least integer n such that there exits an equivariant map f : F (X, 2) → S n−1 with respect to the symmetric and antipodal actions? Such a map is called antisymmetric, and te minimal such n is called antisymmetric index of X, and it is denoted by Ias (X). This question is important due to its connection with the embedding problem of manifolds stated by A. Haefliger as follows. Suppose M is a k−dimensional smooth manifold embedded in Rn via g : M → Rn , then this would define an antisymmetric map f : F (M, 2) → S n−1 defined by the formula g(x) − g(y) . f (x, y) = ||g(x) − g(y)|| In the work of Haefliger [16] we can find the following result.

Theorem 2.1. Suppose M is an m−dimensional smooth compact manifold. Then, M smoothly embeds in Rn if there exists an antisymmetric map F (M, 2) → S n−1 and n ≥ 32 (m + 1).

4

Carlos Domínguez

When M is the real m−dimensional projective space RP m there are other relations concerning this kind of question coming from a problem in algebra and is about systems of real symmetric bilinear forms. Consider a homogeneous system of real symmetric bilinear equations f1 (x, y) = a111 x1 y1 + · · · + a1rr xm ym = 0 .. .. .. . . . (1)

fn (x, y) = an11 x1 y1 + · · · + anmm xm ym = 0.

This means that every fi : Rm × Rm → R, i = 1 . . . n, is real symmetric (fi (x, y) = fi (y, x) for all x, y ∈ Rm ) bilinear form. A trivial solution to this system is one of the form (0, y) ∈ Rm × Rm . The problem about whether there exists a non-trivial solution to (1) was established by Stiefel, and Hopf gave in [18] a topological context for the problem. In general, the system (1) defines a map µ : Rm × Rm → Rn which is bilinear and symmetric, when the system only has non-trivial solutions we say that µ is non-singular. Hopf’s idea is as follows, suppose µ is bilinear, symmetric, and nonsingular, then it defines a map f : RP m−1 → S n−1 by f ([x]) =

µ(x, x) . ||µ(x, x)||

It is not difficult to prove that this map is well defined, continuous, and injective, a topological embedding; and for m > 2 it would give an embedding of RP m−1 in Rn−1 . Then the question, given a projective space RP r , does there exist an Euclidean model for it? arose in this context. Following this line, real and complex polynomial product provides symmetric non-singular bilinear maps for odd and even dimensional cases, giving well known embedding results for real projective spaces. Theorem 2.2. Let m be higher than 2. If m is odd, RP m−1 can be embedded in R2m−2 . For even m, it can be embedded in R2m−3 . It is remarkable that Hopf also proved: Theorem 2.3. [18, 8] If m > 2, it is not possible to embed RP m−1 in Rm .

A new proof on bilinear maps

5

Let us call E(k) and N (k) to the least dimension of a Euclidean space where it is possible to embed RP k and such that there exists a real symmetric non-singular bilinear map from Rk × Rk respectively. Then, Theorems 2.2 and 2.3 prove at the same time. Theorem 2.4. 1. k + 2 ≤ E(k) ≤ N (k + 1) − 1 ≤

2k-1 if k is odd, 2k if k is even.

2. The Fundamental Theorem of Algebra. 3. N (3) = 5, and N (4) = 6. 4. E(2) = 4, and E(3) = 5. We remark the following direct inequalities: (2)

Ias (RP k ) ≤ E(k) ≤ N (k + 1) − 1.

Some numerical conditions can be given on the existence of nonsingular real homogeneous bilinear systems by using different topological methods, a good reference for this matter is [20].

3

Antisymmetric index in relation to (symmetric) topological complexity and (embeddings) immersions of real projective spaces

From the study of robot motion planning problem, a couple of topological concepts, the (Symmetric) Topological Complexity, were extracted by M. Farber and M. Grant [9, 10]. These concepts were formalized using a Lusternik-Schnirelmann Category type notion, namely Sectional Category. We refer to [4] for a general introduction to L-S Category and related topics. The sectional category of a continuous map p : E → B, secat(p), is one less than the smallest number of open sets U covering B in such a way that p admits a (continuous) section over each U. Note that we are using a normalized version of the concept for notational considerations in some of the relations appearing in this article. Consider the following diagram of fibrations,

6

Carlos Domínguez

P2 (X) (3)

p2

P1 (X)

P (X)

p1

B(X, 2)

p

F (X, 2)

X × X,

where: P (X) is the free path space X [0,1] with the compact-open topology, p is the end-points evaluation map, and P1 (X) is the subspace of P (X) obtained by removing the free loops on X (p1 is the restriction of p). The group Z/2 acts freely on both P1 (X) and F (X, 2), by running a path backwards in the former (i.e. via γ → γ where γ (t) = γ(1−t)), and by symmetric action on the latter. Furthermore, p1 is a Z/2-equivariant map, so that P2 (X) and B(X, 2) are the corresponding orbit spaces, and p2 : P2 (X) → B(X, 2) denotes the fibration induced by p1 . The Topological Complexity of X is T C(X) = secat(p) and the Symmetric Topological Complexity of X is defined as T C S (X) = secat(p2 ) + 1. Suppose U is an open subset of B(X, 2) such that there exists a be the inverse continuous section U → P2 (X), with respect to p2 , let U image of U under the double covering map F (X, 2) → B(X, 2), then . From this fact and asking there exists an equivariant section for p1 on U X to be an ENR, see Lemma 8 in [10], it is proved the following: Theorem 3.1. [10]

T C(X) ≤ T C S (X).

We will use this result for real projective spaces in connection with embeddings and immersions. For the last one, concepts of Axial and nonsingular maps are remarked now in the context of [11]. A continuous map g : RP m × RP m → RP k , m < k, is called axial if its restriction on each axis is homotopic to the inclusion RP m → RP k . A continuous map f : Rm × Rm → Rk is called nonsingular if f (x, y) = 0 then x = 0 or y = 0 and f (λx, y) = f (x, λy) = λf (x, y) for all x, y ∈ Rm and λ ∈ R. In [11] M. Farber, S. Tabachnikov, and S. Yuzvinsky proved that, if 1 < m < k, there is a bijection between the existence of axial maps RP m × RP m → RP k , and nonsingular maps Rm+1 × Rm+1 → Rk+1 . But the main result from the cited work is the next one.

A new proof on bilinear maps

7

Theorem 3.2. [11] T C(RP m ) coincides with the smallest k such that there exists a nonsingular map Rm+1 × Rm+1 → Rk+1 . To relate previous concepts, next classical theorem by J. Adem, S. Gitler, and I. M. James is the key point. Theorem 3.3. [1] There exists an immersion RP m → Rk (where k > m) if and only if there exists an axial map RP m × RP m → RP k . Now immersion and categorical concepts can be related in this context. Theorem 3.4. [11] For any m = 1, 3, 7, the number T C(RP m ) equals the smallest k such that the projective space RP m admits an immersion into Rk On the other hand, regarding to embeddings and antisymmetric index of projective spaces, the question about whether they are equal or not remains open in general, but a partial answer on this matter, was given by J. González and P. Landweber using (symmetric) topological complexity in [15]. In the following we give a slightly more direct proof of that result plus some cases obtained in [14, 7]. The starting point is the following theorem, which can be considered as the analogue of 3.2 (note that what we call antisymmetric index is named level there). Theorem 3.5. [15] For all m ∈ N T C S (RP m ) = Ias (RP m ). Let us denote by Imm (m) to the smallest dimension of the euclidean space where it is possible to immerse the real projective space RP m . Then from (2), 3.1, 3.4, and 3.5 we immediately obtain: Theorem 3.6. Suppose m = 1, 3, 7, then Imm (m) = T C(RP m ) ≤ T C S (RP m ) = Ias (RP m ) ≤ E(RP m ) ≤ N (m + 1) − 1. Note that, from previous theorem, if there exists an antisymmetric map F (RP m , 2) → S n−1 , then there must exits an immersion RP m → Rn (m = 1, 3, 7). The following results on immersions concerns the numerical range established in Theorem 2.1.

8

Carlos Domínguez

Lemma 3.7. Let m be higher than 15 or equal to 8, 9, 13. An immersion of RP m → Rn can exists only if 2n ≥ 3(m + 1). Proof. For cases m ≤ 22 it is just necesary to see the table at the end of [19]. For m ≥ 23 non immersion results follow from [1, 5] finishing the proof. Starting in an idea first observed by A. J. Berrick, S Feder, and S. Gitler in [2], it is possible to determine in almost all of cases whether E(RP m ) and Ias (RP m ) are equal or not just by applying Theorem 2.1 and Lemma 3.7. Therefore, from 3.5, it is obtained the following result which can be considered as the analogue of 3.4. Theorem 3.8. Let m ∈ {1, 2, 3, 4, 5, 8, 9, 13} and r > 15. Then: 1. T C S (RP m ) = Ias (RP m ) = E(RP m ). 2. There exists a smooth embedding of RP m in a Euclidean space if and only if there exists a topological embedding in the same Euclidean space. Proof. In view of previous paragraph, item 1 follows from Lemma 3.7 and Theorem 2.1 for m ∈ {8, 9, 13} and m > 15. Cases m = 1, 2, 4 were treated in [15]. m = 3 was proved in [14], and m = 5 was obtained in [7]. In the final section of this work we will comment on these couple of cases. To prove item 2, just apply Theorem 2.1 and the second equality in previous item. This kind of argument was remarked by I. M. James in [19] at the end of his introduction. Now any numerical result for embedding dimensions in the range established by previous theorem gives the corresponding answer for symmetric topological complexity and antisymmetric index for real projective spaces, we remark the following, because we will recover it from different point of view in final section. Theorem 3.9. T C S (RP 2

e +1

) = Ias (RP 2

e +1

) = 2e+1 + 1.

Proof. From previous theorem it is just a consequence of embedding results for the corresponding projective spaces due to M. Mahowald [22] or J. Levine [21].

9

A new proof on bilinear maps

4

The calculation of a family of antisymmetric indices from the cohomology of reduced symmetric product of Projective spaces.

A classical point of view [17] to calculate the antisymmetric index of projective spaces, as it is argued after the proof of Lemma 4.4, comes from the cohomology of B(RP k , 2). This space is also known as the reduced symmetric product of RP k . The corresponding cohomology ring structure with coefficients in Z/2 was calculated by Handel in [17], see also [6, 12, 13]. These results together with obstruction theory gave some embedding results for projective spaces [17]. Theorem 4.1. [17] ∗

H (B(RP

m−1

, 2), Z/2Z) âˆź =

Z 2Z [u, v, w]

J

,

such that, dim(u) = dim(v) = 1, dim(w) = 2, and J is the ideal, of the Z [u, v, w], generated by the three elements: polynomial ring 2Z m − i m−1−i m−1−2i i v v m−2i wi , and uv + u2 . w, i i i=0

i=0

From the antisymmetric index point of view, J. Gonzalez started studying the problem of calculating the symmetric topological complexity of projective spaces in [14]. He obtained the value of T C S (RP 3 ), proposing the calculation of integral cohomology of B(RP m , 2), which was finally achieved basically by the usage of Bokstein spectral sequence and 4.1 in [7]. Theorem 4.2. [7] Let m = 2t, t ≼ 1. The integral cohomology ring H ∗ (B(RP m , 2)) is generated by five classes a2 , b2 , c3 , d4 and e2m−1 , where subscripts denote dimension of the corresponding element, subject only to the relations (where we are omitting the subscripts): 1. 2a = 2b = 2c = 4d = 0; 2. b2 = ab; 3. c2 = ad; i+j i j 4. j a cd = 0, where the sum runs over i, j ≼ 0 with i + 2j = t − 1;

10

Carlos Domínguez

5.

i+j j

ai bdj

=

2d 0,

t+1 2

, t odd, where the sum runs over i, j ≥ 0 t even,

with i + 2j = t; i+j i+1 j d = 0, where the sum runs over i, j ≥ 0 with i+2j = 6. j a t; i+j i j 7. j a cd = 0, where the sum runs over i, j ≥ 0 with i + 2j = t; t+2 i+j i j+1 2d 2 , t even, where the sum runs over i, j ≥ = 8. j a bd 0, t odd, 0 with i + 2j = t − 1; 9. dt = 0; 10. eε = 0, for ε ∈ {a, b, c, d, e}. Theorem 4.3. [7] Let m = 2t + 1, t ≥ 0. The integral cohomology ring H ∗ (B(RP m , 2)) is generated by five classes a2 , b2 , c3 , d4 and em , where subscripts denote dimension of the corresponding element and we omit them from now on, subject only to the relations: 1. 2a = 2b = 2c = 4d = 0; 2. b2 = ab; 3. c2 = ad; t+1 i+j i j 2d 2 , t odd, 4. where the sum runs over i, j ≥ 0 j a bd = 0, t even, with i + 2j = t; i+j i+1 j 5. d = 0, where the sum runs over i, j ≥ 0 with i+2j = j a t; i+j i j 6. j a cd = 0, where the sum runs over i, j ≥ 0 with i + 2j = t; t+2 i+j i j 2d 2 , t even, 7. where the sum runs over i, j ≥ 0 a bd = j 0, t odd, with i + 2j = t + 1; i+j i+1 j d = 0, where the sum runs over i, j ≥ 0 with i+2j = 8. j a t + 1;

A new proof on bilinear maps

9.

11

i+j j

t + 1;

ai cdj = 0, where the sum runs over i, j ≼ 0 with i + 2j =

10. dt+1 = 0; 11. (a) e2 = 0, (b) Âľe = ÎşbÎş cdl , (c) ce = Ρdl+1 , t−i t−2i i (d) and de = li=1 i−1 bcd . a Here Âľ ∈ {a, b}, t = 2l + Îş with Îş ∈ {0, 1} and Ρ = b, if Îş = 1 whereas Ρ = 2 if Îş = 0, except perhaps for m = 5. Note that this description is presented slightly more explicit than the one given in [7]. The key point is the proof of next lemma, where we use the above algebraic structures in order to obtain the height of a certain relevant element. Lemma 4.4. Consider the element b ∈ H 2 (B(RP m , 2); Z) coming from previous theorems. If k is the smallest positive integer such that bk = 0 : Suppose m = 2e . Then k = 2e . On the other hand, let m ∈ {2e + 1, . . . , 2e+1 − 1}. Then k = 2e + 1. Proof. First suppose m = 2e + 1; from 4) and 7) in Theorem 4.3 we have t − 1 t−2 t − 2 t−4 2 t (4) ab= a bd + a bd + ¡ ¡ ¡ 1 2 and (5)

a

t−1

bd =

t+2 t − 2 t−3 2 t − 3 t−5 3 a bd + a bd + ¡ ¡ ¡ + 2d 2 . 1 2

Note that, in this case, t = 2e−1 , then using the formula e−1 2 −k ≥ 0 mod 2 ∀ k k−1 it follows that (6)

at−1 bd = 2d

t+2 2

and therefore at bd = 0.

12

Carlos Domínguez

Multiplying (4) by at−1 and using (6) we get e

(7) b2 = bm−1 = b2t = a2t−1 b = at−1 bdt/2 = 2d

2t+2 2

dt/2−1 = 2dt = 0. e

From dimensional conditions in Theorem 4.3, it is obvious that b2 +1 = 0, therefore the proof is complete for this case. Note that this is all what we need to prove Theorem 4.4. If we consider the case m = 2e+1 − 1, then t = 2e − 1, and from 4) in 4.3 we get t+1 t − 1 t−2 t − 2 t−4 2 t (8) ab= a bd + a bd + · · · + 2d 2 1 2 and from here applying

2e − k k−1

≡0

mod 2 ∀ k

we get e

b2 = bt+1 = at b = 2d

(9) b2

e +1

t+1 2

= 0 and

= bt+2 = at+1 b = aat b = 2ad

t+1 2

= 0.

It is not difficult to analyze the case m = 2e in a similar manner, but this time using 4.2, the rest of the cases now follow from these three cases and an inductive argument. Now, suppose there exists an antisymmetric map f : F (RP r−1 , 2) → S n−1 , passing to the orbit spaces we have the following diagram (10)

f

S n−1

P (f )

P n−1 .

F (RP r−1 , 2)

B(RP r−1 , 2)

The generator z in the second cohomology group of RP n−1 corresponds to the element b2 appearing in 4.4 under P (f )∗ , this fact is proved in [7] using group actions on the Stiefel manifold Vr,2 , as is described next. Consider the dihedral group of order 8 (11)

D8 = {t, y|t4 = y 2 = 1, yt = t3 y}.

13

A new proof on bilinear maps

D8 acts freely on the Stiefel manifold Vm,2 ⊂ Rm × Rm as (v1 , v2 )t = (v2 , −v1 ), (v1 , v2 )y = (v1 , −v2 ). Let H denote the subgroup of D8 generated by y, yt2 . It is not difficult to prove that H ∼ = Z2 × Z2 . If we restrict the action of D8 V to H on Vm,2 , then the orbit space m,2 H , has the homotopy type of V m−1 F (RP in comparison to , 2), and the same assertion olds for Dm,2 8 m−1 m−1 B(RP , 2). To prove this for B(RP , 2), just consider the map g : Vm,2 → B(RP m−1 , 2) given by g(v1 , v2 ) = ([v1 ], [v2 ]). This map V → B(RP m−1 , 2). clearly passes to the quotient and gives a map Dm,2 8 The homotopy inverse is provided by Gram-Schmidt orthogonalization process, applied to generators of a pair of different lines in Rm . Everything is well defined and works right due to identifications on the orbit space, and the argument is similar for F (RP m−1 , 2). In particular this gives a homotopy type fibration Vm,2 → B(RP m−1 , 2) → BD8 ,

(12)

where BD8 is the classifying space of D8 . The exact sequence of groups D8 ∼ 1 → Z2 × Z2 ∼ = H → D8 → = Z2 → 1, H (12), and the double covering fibration F (RP m−1 ) → B(RP m−1 , 2) → RP ∞ where used to prove that, in Diagram (10), P (f )∗ (z) = b. Then a contradiction argument and 4.4, prove the following: Theorem 4.5. 2e+1 < Ias (RP 2

e +1

). e

Proof. Suppose there exists an antisymmetric map f : F (RP 2 +1 , 2) → e+1 e RP 2 −1 , then from previous paragraph P (f )∗ (z) = b but z 2 = 0 while e from 4.4 b2 = 0. E. Rees proved in [23] that Ias (RP 6 ) ≤ 9. Due to the fact Ias (RP k ) ≤ Ias (RP k+1 ) for all k, we deduce: Corollary 4.6. Ias (RP 5 ) = Ias (RP 6 ) = 9.

14

Carlos Domínguez

It should be remarked that RP 6 is the first real projective space for which, to our knowledge, it is not known whether antisymmetric index coincides to embedding dimension. As we mentioned, it is not possible to know from non-immersion results if the cases m = 3, 5 are in the range of Haefliger’s theorem 2.1; they really were obtained and proven to be in the cited range by calculating the integral cohomology of symmetric reduced product of projective spaces in the corresponding dimensions. Due to Equation (2) and Theorem 2.4, the antisymmetric index non-existence point of view can be considered as the method used to obtain a general statement which can be viewed like a straight way to recover Theorem 3.9, part of 3.8, and the corresponding result on real symmetric non singular bilinear maps. It is stated as Theorem 4.7. 1. E(2e + 1) = T C S (RP 2

e +1

) = Ias (RP 2

e +1

) = 2e+1 + 1.

2. N (2e + 2) = 2e+1 + 2. Proof. Theorem 4.5 gives 2e+1 + 1 ≤ Ias (RP 2 2e+1 + 1 ≤ Ias (RP 2

e +1

e +1

), which implies

) ≤ E(2e + 1) ≤ N (2e + 2) − 1 ≤ 2e+1 + 1

in view of (2) and Theorem 2.4. Acknowledgement The author would like to thank Professor D. Juan for his useful suggestions on an earlier version of this article, and to Professor J. Gonzalez for the careful reading of the final version and the corresponding comments. Carlos Domínguez Centro de Ciencias Matemáticas, Universidad Nacional Autónoma de México, Campus Morelia, Apartado Postal 61-3 (Xangari), Morelia, Michoacán, México 58089, cda@matmor.unam.mx

References [1] J. Adem, S. Gitler, I. M. James, On axial maps of certain type, Bol. Soc.Mat.Mexicana (2) 17 (1972), 59-62.

A new proof on bilinear maps

15

[2] A. J. Berrick, S Feder, S Gitler. Symmetric axial maps and embeddings of projective spaces, Bol. Soc. Mat. Mexicana (2) 21 (1976) 39-41. [3] R. Bott, Lectures on K(X), Harvard, 1964. [4] O. Cornea, G. Lupton, J. Oprea and D. Tanre, LusternikSchnirelmann category, Mathematical Surveys and Monographs 103, American Mathematical Society, Providence, RI, 2003. [5] D. M. Davis, A strong nonimmersion theorem for real projective spaces, Ann. of Math. 2 120 (1984) 517-528. [6] C. Domínguez,Cohomology calculations associated with orthonormal 2-frames under dihedral group action. In progress. [7] C. Domínguez, J. González, and P. Landweber, The integral cohomology of configuration spaces of pairs of points in real projective spaces, Forum Mathematicum, Volume 25, Issue 6, 2013. [8] D. B. A. Epstein, Cohomology Operations Lectures by N. E. Steenrod, Princeton, New Jersey Princeton University Press 1962. [9] M. Farber, Topological complexity of motion planning, Discrete Comput. Geom. 29 (2003) 211–221. [10] M. Farber and M. Grant, Symmetric motion planning, in Topology and Robotics, Contemp. Math. 438, Amer. Math. Soc., Providence, RI (2007) 85–104. [11] M. Farber, S. Tabachnikov, and S. Yuzvinsky, Topological robotics: motion planning in projective spaces, Int. Math. Res. Not. 34 (2003) 1853–1870. [12] S. Feder, The reduced symmetric product of a projective space and the embedding problem, Boletín de la Sociedad Matemática Mexicana, 1967. [13] S. Feder, The reduced symmetric product of projective spaces and the generalized Whitney theorem, Illinois J. Math. 16 (1972), 323329. [14] J. González, Symmetric topological complexity as the first obstruction in Goodwillie’s Euclidean embedding tower for real projective spaces, Trans. Amer. Math. Soc. 363 (2011), no. 12, 6713-6741.

16

Carlos Domínguez

[15] J. González and P. Landweber, Symmetric topological complexity of projective and lens spaces, Algebr. Geom. Topol. 9 (2009) 473– 494. [16] A. Haefliger, Plongements differentiables dans le domaine stable, Comment. Math. Helvet. 37 (1962), 155-176. [17] D. Handel, An embedding theorem for real projective spaces, Topology 7 (1968) 125–130. [18] H. Hopf, Systeme symmetrischer Bilinearformen und euklidische Modelle der projektiven Räume, Vierteljschr. Naturforsch. Gesellschaft Zürich 85 (1940) 165–177. [19] I.M. James, Euclidean Models in Projective Spaces, Bull. London Math. Soc. 3 (1971), 257–276. [20] Lam, K.Y., Borsuk-Ulam Type Theorems and Systems of Bilinear Equations. Geometry from the Pacfic Rim, Walter de Gruyer, Berlin-New York, 1997, pp. 183–194. [21] J. Levine, Embedding and immersion of real projective spaces, Amer. Math. Soc, 69 (1963), 806–809. [22] M. Mahowald, On the embeddability of the real projective spaces, Proc. Amer. Math. Soc, 13 (1962), 763–764. [23] E. Rees, Embedding odd torsion manifolds, Bull. London Math. Soc. 3 (1971) 356–362.

Morfismos, Vol. 21, No. 2, 2017, pp. 17–31 Morfismos, Vol. 21, No. 2, 2017, pp. 17–31

Criptografía de curva elíptica en campos de Criptografíacaracterística de curva elíptica 3 * en campos de característica 3* 1 2 Edgar González Fernández

Feliú D. Sagols

Edgar González Fernández

1

Feliú D. Sagols

2

Resumen Se reúnen los elementos matemáticos involucrados en la construcResumen ción de sistemas criptográficos basados en curvas elípticas sobre Se reúnen loscaracterística elementos matemáticos en la construccampos finitos de tres, como involucrados son: la identificación de ción de sistemas criptográficos basados en curvas elípticas la arit-sobre polinomios irreducibles en el anillo de polinomios F3 [X], campos de característica tres, como son: la identificación y en curvas elípticas en forma Hessiana. Usando un de mética en F3nfinitos polinomios irreducibles en el anillo de polinomios 3 [X], la aritalgoritmo de conteo basado en el método de Satoh [12], Fadecuado n y en curvas elípticas en forma Hessiana. Usando un mética en F 3 para característica 3, decidimos si el grupo de puntos en la curalgoritmo de conteo basado en el método Satoh [12], adecuado va tiene un subgrupo cíclico adecuado. Estosdeelementos pueden para característica 3, decidimos si el grupo de puntos en la curayudar a la implementación de los esquemas de ElGamal y DSA. va tiene un subgrupo cíclico adecuado. Estos elementos pueden ayudar a la implementación de los 11T71, esquemas de ElGamal y DSA. 2010 Mathematics Subject Classification: 14H52.

Keywords and phrases: Criptografía, curvas elípticas, característica 3. 2010 Mathematics Subject Classification: 11T71, 14H52. Keywords and phrases: Criptografía, curvas elípticas, característica 3.

1.

Introducción 1. Introducción Desde la invención de la criptografía

de clave pública, se han propuesto diversos algoritmos para garantizar una comunicación segura enDesde la invención de la criptografía de clave pública, se han protre dos o más entidades mediante un canal que podría ser inseguro. Estos puesto diversos algoritmos para garantizar una comunicación segura enalgoritmos abordan dos de los principales problemas que pueden afectar tre dos o más entidades mediante un canal que podría ser inseguro. Estos la seguridad de la información: algoritmos abordan dos de los principales problemas que pueden afectar * la seguridad de resumen la información: Este trabajo es un de la tesis "Criptosistemas de curva elíptica en cam-

pos de característica 3" que presentó el primer autor para obtener el grado de Maestría * Este es un resumen de la tesisdel "Criptosistemas curva elíptica en camen Ciencias deltrabajo Departamento de Matemáticas CINVESTAV,de Trabajo presentado de característica 3" que presentó el primer autor para obtener el grado de Maestría el 14 pos de diciembre de 2012. 1 en Ciencias del Departamento de Matemáticas del CINVESTAV, Trabajo presentado Los autores agradecen a ABACUS-CINVESTAV, CONACyT apoyo EDOMEXel 14 de diciembre de 2012. 2011-C01-165873. 1 2 Los parcialmente autores agradecen a ABACUS-CINVESTAV, EDOMEXTrabajo soportado por el CONACyT bajoCONACyT el contratoapoyo No. 240211 3 2011-C01-165873. Trabajo parcialmente soportado por el SNI bajo el contrato No. 7008. 2 Trabajo parcialmente soportado por el CONACyT bajo el contrato No. 240211 3 Trabajo parcialmente soportado por el SNI bajo el contrato No. 7008.

17

17

18

Edgar González Fernández y Feliú D. Sagols

El problema de la distribución de claves. Si las entidades interesadas no tienen la posibilidad de acordar previamente una clave mediante un canal seguro, entonces podría comprometerse la comunicación si la clave es recuperada por una entidad ajena. Además, en un grupo de n entidades que requieren comunicarse entre sí, se requiere distribuir n(n − 1)/2 claves distintas. El problema de la firma. Una vez establecida la comunicación, se desea verificar que la información recibida proviene realmente de la entidad con la cual deseamos comunicarnos. Dos de los algoritmos más utilizados en la actualidad son el protocolo de Diffie-Hellman para el establecimiento de claves, y el algoritmo de firma digital DSA. Estos algoritmos están basados en el Problema del Logaritmo Discreto (PLD) en un grupo arbitrario. Inicialmente se propuso el grupo multiplicativo de Z/(pZ) para implementar esquemas criptográficos. Posteriormente Koblitz [9] y Miller [11] de forma independiente propusieron el uso del grupo aditivo en el conjunto de puntos de una curva elíptica para implementar estos algoritmos. Desde entonces se han realizado estandarizaciones y recomendaciones muy precisas para el caso de curvas elípticas definidas sobre campos primos o binarios (véase [5] y [2]), algo que aún no se tiene para campos de característica 3 (u otros campos de característica chica). En [8, 4.4-5] se muestra una variedad de sistemas de cifrado basados en curvas elípticas, así como esquemas de firma digital, basados principalmente en el problema del logaritmo discreto en curvas elípticas. Algunos de ellos presentan sólo algunas modificaciones al sistema básico de ElGamal. El presente artículo se estructura como sigue. En la Sección 2 definimos los objetos matemáticos que hacen posible la implementación de un sistema criptográfico basado en el problema del logaritmo discreto en curvas elípticas y establecemos la nomenclatura a utilizar. A continuación, en la Sección 3 introducimos los algoritmos que facilitan el manejo de la aritmética en campos de característica tres. Lo mismo hacemos en la Sección 4 para hacer posible la aritmética en curva elípticas sobre campos de característica tres de manera eficiente. Finalmente, exponemos el algoritmo de conteo propuesto en [7], el cual es una adaptación del algoritmo de Satoh [12] a característica tres, lo cuál nos permite realizar una búsqueda de curvas apropiadas para uso criptográfico.

Criptografía de curva elíptica en campos de característica 3

2.

19

Preliminares

Damos a continuación algunas definiciones básicas e introducimos la nomenclatura a utilizar en el resto del artículo.

2.1.

Campos finitos

Denotamos por Fq al campo finito de q elementos, por lo que q debe considerarse como una potencia de un primo. En lo consiguiente q = 3n para algún entero n > 0. El anillo de polinomios con coeficientes en Fq será denotado por Fq [X]. Consideraremos las extensiones de grado n de Fq como un anillo cociente Fq [X]/(p(X)), donde p ∈ Fq [X] es un polinomio irreducible de grado n. Así los elementos de Fqn se consideran como polinomios de grado a lo más n − 1 con coeficientes en Fq , y la aritmética queda definida mediante la aritmética usual en Fq [X] módulo p(X).

2.2.

Curvas elípticas

Dado un campo K algebraicamente cerrado y elementos ai ∈ K, i = 1, 2, 3, 4, 6, una curva elíptica afín está formada por el conjunto de puntos en el plano K 2 que satisfacen una ecuación de Weierstrass no singular (1)

E : Y 2 + a1 XY + a3 Y = X 3 + a2 X 2 + a4 X + a6

Para fines prácticos, una curva elíptica puede definirse aún cuando K no es un campo algebraicamente cerrado. En el caso de Fq basta con pedir que los coeficientes ai sean elementos de Fq . Denotamos mediante EFq al conjunto de puntos con entradas en Fq que yacen en la curva, los cuales llamaremos Fq -puntos racionales, o únicamente puntos racionales. Mediante las siguientes reglas podemos definir la operación que hace de los puntos en una curva elíptica un grupo conmutativo. 1. Identidad. Se agrega un punto O, conocido como puntos al infinito que sirve como neutro. 2. Inverso. El inverso (aditivo) del punto P = (x, y) será −P = (x, −y). Si Q = −P entonces P + Q = O.

20

Edgar González Fernández y Feliú D. Sagols

Y

Y

Y 2 = X3 − X

Q

Y 2 = X3 − X

P

P

X

R

(a) Suma

X

R

(b) Doblado

Figura 1: Suma de puntos en una curva elíptica afín 3. Suma. Si P = (x1 , y1 ), Q = (x2 , y2 ) son puntos en la curva con P = ±Q entonces existe un tercer punto de intersección. La reflexión sobre el eje x (como se muestra en la figura 1(a)) será el punto R = P + Q. 4. Doblado. Por último, si P = Q entonces se tomará la recta tangente sobre P y P + Q = 2P = R, como puede verse en la figura 1(b). En este grupo el PLD consiste de lo siguiente: dados dos puntos P, Q ∈ E encontrar un entero k tal que P = kQ siempre que éste exista. Afortunadamente el conjunto de puntos racionales en una curva también forma un grupo conmutativo y el PLD se define de manera similar para una pareja de puntos P, Q ∈ EFq . En general denotaremos por E tanto a la curva elíptica como a la ecuación que la define. Con esto en mente, y con la finalidad de abordar el algoritmo de conteo a tratar en la Sección 5, definimos los siguientes objetos. Una función racional es una función de la forma f /g donde f y g son elementos del anillo cociente Fq [X, Y ]/(E). Una isogenia entre dos curvas E1 y E2 es una función α : E1 → E2 dada por α(P ) = (α1 (P ), α2 (P )) donde α1 y α2 son funciones racionales y se cumple además que α es un homomorfismo de grupos. Finalmente denotamos por End(E) como el grupo de endomorfismos de una curva, esto

Criptografía de curva elíptica en campos de característica 3

21

es, el conjunto de isogenias de una curva en si misma. Aunque se puede definir la ley de grupo mediante operaciones aritméticas en Fq a partir de la ecuación de Weierstrass, la representación Hessiana, que introduciremos en la Sección 4, no ayudará a definir de forma más eficiente la aritmética en estas curvas. Para esto, definimos una curva elíptica proyectiva como el conjunto de puntos en el espacio proyectivo P 2 (K) que satisfacen una ecuación de Weierstrass proyectiva E : Y 2 Z + a1 XY Z + a3 Y Z 2 = X 3 + a2 X 2 Z + a4 XZ 2 + a6 Z 3 .

(2)

Para poder implementar de manera exitosa un criptosistema de curva elíptica debemos establecer los procedimientos mediante los cuales se desarrollará la aritmética en curvas elípticas. Iniciamos con los elementos necesarios para definir la aritmética en Fq .

Aritmética en F3n

3.

Como ya hemos mencionado, utilizaremos la representación polinomial dada por F3n ∼ = F3 [X]/(p(X)), con p ∈ F3 [X] de grado n irreducible, para definir la aritmética en campos de característica 3. Debemos entonces ser capaces de verificar cuando un polinomio es irreducible.

3.1.

Polinomios irreducibles

Es importante poder encontrar polinomios irreducibles adecuados para que la aritmética en F3n sea eficaz para propósitos prácticos. Algunas de las pruebas más comunes para decidir cuando un polinomio es irreducible pueden encontrarse en [6]. Mencionamos una de ellas a continuación. Algoritmo 1 Prueba de irreductibilidad de Ben-Or Entrada: Polinomio f ∈ Fq [X] de grado n Salida: f es irreducible o f es reducible 1: para i = 1 hasta n/2 hacer i 2: g = mcd(f, X q − X) 3: si g = 1 entonces 4: f es reducible y detenemos el algoritmo 5: f es irreducible Para poder construir polinomios irreducibles de grado alto de manera

22

Edgar González Fernández y Feliú D. Sagols

rápida, podemos utilizar un criterio que emplea polinomios primitivos [10, Teorema 3.63]. Proposición 3.1.1. Un polinomio f (X) = ni=0 ai X i sobre Fq es pri n i mitivo si y sólo F (X) = i=0 ai X q −1 es irreducible sobre Fq .

Para determinar si un polinomio irreducible es primitivo basta verificar que su orden no es un divisor propio de q n − 1, por lo que se tiene el siguiente criterio.

Proposición 3.1.2. Supongamos que f (X) es un polinomio irreducible de grado n sobre Fq y q n − 1 = pr11 . . . prkk , donde p1 , . . . pk son primos distintos. Entonces f (X) es primitivo sobre Fq si y sólo si X (q

n −1)/p

i

≡ 1 mod f (X)

para cada i = 1, . . . , k. Por ejemplo, para q = 3 y n = 3, tenemos que q n − 1 = 33 − 1 = 26 = 13 · 2. El polinomio f (X) = X 3 − X + 1 es irreducible sobre F3 . Tenemos X 13 ≡ −1 mód f (X) y por la tanto X 2 , X 13 ≡ 1 mód f (X). Así f (X) es primitivo. Además por Proposición 3.1.1 se tiene que X 26 − X 2 + 1 es irreducible, obteniendo así un trinomio para representar al campo con 326 elementos.

3.2.

Aritmética

La aritmética en F3 puede efectuarse de manera simple si utilizamos una representación alternativa mediante el conjunto {1, 0, −1}. Se tiene la ventaja que las operaciones de suma y multiplicación son efectuadas de manera casi idéntica a como se hace en Z, salvo por la regla 1 + 1 = −1. Esto nos ayuda a evitar la reducción módulo 3 y agiliza el cálculo de las operaciones en F3 [X], pues éstas también se pueden llevar a cabo de manera muy similar a lo realizado en Z[X]. La multiplicación en el anillo de polinomios F3 [X] puede efectuarse de manera eficiente mediante el algoritmo de Karatsuba-Ofman que se muestra a continuación. El paso tres de este algoritmo se calcula de manera recursiva, usando el mismo algoritmo de Karatsuba-Ofman o mediante el algoritmo usual. Como se ha observado al inicio de la sección, el campo finito F3n puede considerarse como el cociente F3 [X]/(p(X)) con p irreducible. Para adaptar el algoritmo de multiplicación al campo finito F3n , el paso cuatro

Criptografía de curva elíptica en campos de característica 3

23

Algoritmo 2 Algoritmo de multiplicación polinomial de KaratsubaOfman Entrada: Polinomios f (X), g(X) de grado k Salida: Multiplicación de f y g 1: l = k2 2: Expresar f (X) = (X l f1 + f0 ) y g(X) = (X l g1 + g0 ) con gi y hi de grado menor que l 3: Calcular a = f0 g0 , b = f1 g1 , c = (f1 + f0 )(g1 + g0 ) 4: El resultado es a + (c − a − b)X l + bX 2l se modifica ligeramente, aplicando un reducción módulo p si el resultado de la multiplicación tiene grado mayor o igual a n. Otra operación importante dentro la aritmética de campos finitos es la potenciación. Aprovechando la estructura de F3n , podemos evaluar f (X)n expresando a n como una suma de potencias de 3 con coeficientes en {0, 1, 2}. Por ejemplo 17 = 33 + 2 · 3 + 2 por lo que 2 f (X)17 = f (X)3 f (X)2·3 f (X)2 . Para evitar el cálculo de múltiples cuadrados, podemos almacenar el valor de f (X)2 y reutilizarlo para calcular 3 f (X)2 . Por último, para realizar el cálculo de inversos se puede utilizar el Algoritmo de Euclídes extendido. El Algoritmo de Euclídes para polinomios nos sirve para calcular el máximo común divisor de dos polinomios f, g. Si f es irreducible y el grado de g es menor que el grado de f entonces gcd(f, g) = 1, y podemos encontrar polinomios r, s tales que r(X)f (X) + s(X)g(X) = 1, por lo tanto s(X)g(X) ≡ 1 mod f (X), es decir, s será el inverso de g en F3 [X]/(f (X)). Además de la representación polinomial de campos finitos, existen representaciones mediante bases normales, esto es, mediante un conjunto de elementos {α1 , α2 , . . . , αn } los cuales forman una base de Fqn como i espacio vectorial sobre Fq y tales que αi = α1q para cada i = 1, . . . , n. Entonces un elemento a ∈ Fqn se expresa como una combinación lineal de los elementos αi . Para revisar con más a detalle este enfoque, puede consultarse [1], donde se detallan métodos para la implementación en software de la aritmética en campos finitos de característica 3 utilizando tanto la representación polinomial como la representación mediante bases normales,

24

Edgar González Fernández y Feliú D. Sagols

donde además se concluye que la representación polinomial es preferible para la implementación en software.

4.

Aritmética en curvas elípticas sobre F3n

Consideremos una ecuación de Weierstrass no singular dada por (2) sobre un campo K. Si la característica de K es distinta de 2 entonces la curva puede transformarse a una de las siguientes: (3) (4)

E1 : Y 2 Z = X 3 + aX 2 Z + cZ 3 , 2

3

2

3

E2 : Y Z = X + bXZ + cZ ,

a = 0, c = 0

b = 0, c = 0.

Las curvas elípticas que puede transformarse en la forma (3) son llamadas ordinarias, mientras que aquellas que pueden transformarse en la forma (4) son conocidas como supersingulares. Usualmente se utilizan curva ordinarias para fines criptográficos. Es el caso de implementaciones del algoritmo ElGamal y para el intercambio seguro de claves mediante el protocolo de Diffie-Hellman, aunque existen algoritmos en los cuales las curvas supersingulares son preferibles, por ejemplo, en criptosistemas basados en identidad (véase [4]). Aunque las fórmulas para la operación de grupo se simplifican al transformar la curva expresada mediante la fórmula general (2) a alguna de las mencionadas anteriormente, existen representaciones que hacen más ágiles las implementaciones prácticas.

4.1.

Forma Hessiana de una curva elíptica

Consideremos un elemento d ∈ Fq donde q es una potencia de 3. La representación Hessiana de una curva elíptica es una ecuación de la forma (5)

Ed : X 3 + Y 3 + Z 3 = dXY Z,

d = 0.

De acuerdo con [14] una curva escrita en esta forma puede ser llevada a una en la forma normal de Weierstrass mediante el cambio de variables X → d(X + Y ), Y → d(X − Y ), con lo que conseguimos una ecuación normal de Weierstrass de la forma Y 2 Z = X 3 + X 2 Z − d−3 Z 3 , la cual es ordinaria.

Criptografía de curva elíptica en campos de característica 3

4.2.

25

Aritmética en curvas en forma Hessiana

Sean P = (x1 , y1 , z1 ) y Q = (x2 , y2 , z2 ) dos puntos en Ed . La ley de grupo de una curva elíptica en forma Hessiana está definida por las siguientes reglas: El elemento identidad está dado por O = (1, −1, 0). El inverso de P es −P = (y1 , x1 , z1 ). Si P = Q y P , Q = O la suma está dada por P + Q = (x3 , y3 , z3 ) donde x3 = y12 x2 z2 − y22 x1 z1 , y3 = x21 y2 z2 − x22 y1 z1 ,

(6)

z3 = z12 x2 y2 − z22 x1 y1 . si P = Q entonces P + Q está dada por x3 = y1 (z1 − x1 )3 , y3 = x1 (y1 − z1 )3 ,

(7)

z3 = z1 (x1 − y1 )3 .

Suponiendo que z1 = 1 en (6), podemos calcular P + Q mediante 10 multiplicaciones y 3 sumas en Fq : M: O1 = y1 x2

M: O8 = O3 y2

M: O2 = y1 z2

M: O9 = O1 x2

M: O3 = x1 y2 M: O4 = x1 z2

M: O10 = O2 O4

M: O5 = O1 O2

A: x3 = O11 = O5 − O8

M: O6 = O3 O4

A: y3 = O12 = O6 − O9

M: O7 = x2 y2

A: z3 = O13 = O7 − O10

En cuanto a (7), podemos expresar a z3 como z3 = −z1 [(z1 − x1 ) + (y1 − z1 )]3 con lo cuál requerimos de calcular

26

4.3.

Edgar González Fernández y Feliú D. Sagols

A: O1 = z1 − x1

A: O5 = O3 + O4

A: O2 = y1 − z1

M: x3 = O6 = y1 O3

C: O3 = O13

M: y3 = O7 = x1 O4

C: O4 = O23

M: z3 = O8 = −z1 O5

El grupo formal de una curva elíptica

Consideremos una curva elíptica en forma Hessiana Ed sobre Fq y y ω = YZ . Notemos que el punto (0, 0) las funciones racionales τ = X+Y Y del plano afín (τ, ω) corresponde al punto (1, −1, 0) de nuestro espacio proyectivo original. Dividiendo la ecuación (5) entre Y 3 , esta queda como (τ − 1)3 + ω 3 + 1 = d(τ − 1)ω.

Despejando a ω del lado derecho de la ecuación y sustituyendo sucesivamente en el lado izquierdo obtenemos una serie de potencias ω en Z[d−1 ][[τ ]] como sigue (8)

ω = −3d−1 τ + 3d−1 τ 2 − d−1 τ 3 + . . . .

La ecuación afín x3 + y 3 + 1 = dxy donde x = X/Z y y = Y /Z puede expresarse en términos del parámetro formal τ , pues x = (τ − 1)/ω, y = 1/ω. Con esto, la ley de grupo de Ed puede expresarse en términos de τ , y el conjunto de puntos (τ, ω) forma un grupo conocido como el grupo formal de Ed .

5.

Conteo de puntos

El Teorema de Hasse establece una cota para el número de puntos racionales en una curva elíptica. Denotando por |EFq | a la cardinalidad de puntos en EFq se tiene que √ √ q + 1 − 2 q < |EFq | < q + 1 + 2 q.

Al entero t que satisface t = q + 1 − |EFq | se le conoce como la traza de Frobenius, ya que se relaciona con el endomorfismo de Frobenius , definido por F (x, y) = (xq , y q ), el cual cumple F 2 − [t] ◦ F + [q] = [0] ([13, Teorema V.2.3.1]), donde [n] es el endomorfismo definido por la multiplicación por n. Continuamos esta sección desarrollando el algoritmo de conteo para curvas elípticas sobre F3n , mismo que está enfocado en calcular Tr(F ).

Criptografía de curva elíptica en campos de característica 3

5.1.

27

Levantamiento de una curva elíptica

Sea Q3 el campo de números 3-ádicos, Qq una extensión no ramificada de grado n de Q3 y Zq su anillo de enteros. Un levantamiento de una curva elíptica Ed con d ∈ Fq , es una curva ED con D ∈ Zq y tal que D ≡ d mod 3. Si además End(Ed ) ∼ =End(ED ) entonces este levantamiento, conocido como el levantamiento canónico, es único [3]. Consideremos una curva elíptica Ed y el automorfismo de Frobenius σ : Fq −→ Fq dado por σ(a) = a3 para todo a ∈ Fq . Entonces σ induce una isogenia de curvas Ed −→ Eσ(d) conocida como la isogenia de Frobenius. Proposición 5.1.1. Existe un único Σ ∈ End(Qq ) tal que el siguiente diagrama es conmutativo Σ Zq Zq π

π

σ

Fq

Fq

donde π es la reducción módulo p. A la función Σ se le conoce como sustitución de Frobenius. El algoritmo propuesto por Satoh en [12] está basado en el levantamiento canónico de una curva elíptica. Consideremos una curva Ed sobre Fq . Si q = 3n entonces tenemos una colección de m curvas obtenidas al aplicar sucesivamente la isogenia de Frobenius σi : Ed3i −→ Ed3i+1 . Tenemos así el siguiente diagrama conmutativo E0

Σ0

σ0

E1

Σ1

σ1

···

Σn−2

σn−2

En−1 Σn−1

σn−1

E0

E 3 ··· E 3n−1 Ed Ed d d donde Σi es la isogenia inducida por la sustitución de Frobenius y Ei es un levantamiento de Ed3i . Asimismo, obtenemos un endomorfismo F : E0 −→ E0 dado por la composición Σ0 ◦ · · · ◦ Σn−1 el cual es el levantamiento del endomorfismo de Frobenius F : Ed −→ Ed y cumple T r(F ) = T r(F). El siguiente resultado, debido a Satoh [12], se aplicará al endomorfismo dual de F para poder calcular a traza de Frobenius.

Proposición 5.1.2. Sea E una curva elíptica sobre K y sea f ∈End(E) de grado d. Sea τ el parámetro formal de E en O y asumamos que la reducción π(f ) de f mód 3 es separable y que f (kerπ) ⊆ kerπ. Sea c el

28

Edgar González Fernández y Feliú D. Sagols

coeficiente del término lineal del homomorfismo fˆ inducido por f en el grupo formal de E. Entonces T r(f ) = c + d/c. Debido a que el endomorfismo de Frobenius no es separable, la proposición anterior no es válida para F . Sin embargo, el endomorfismo dual F es separable siempre que la curva E sea ordinaria. Se tiene además = T r(F), por lo que al calcular T r(F) habremos obtenido el que T r(F) número de puntos contenidos en la curva Ed . La técnica usada por Satoh consiste en obtener levantamientos de las isogenias duales σ i para cada i E0

n−1 Σ σ n−1

En−1 Σn−2 · · ·

σ n−2

1 Σ σ 1

E1

0 Σ

E0

σ 0

En−1 ··· E0 E1 E0 las cuales son separables y por lo tanto satisfacen la proposición 5.1.2. Una vez calculados estos levantamientos, tenemos que

= T r(F ) = T r(F)

(9)

5.2.

n−1 i=0

i ). T r(Σ

Algoritmo de conteo

A continuación citamos algunos resultados presentados en [7] para conseguir levantamientos de σ i que aproximen suficientemente al levantamiento canónico. i

Lema 5.2.1. Dado un elemento Di ∈ Zq tal que Di ≡ d3 mod 3, existe un único elemento Di+1 ∈ Zq tal que 2 + 3Di+1 + 9)Di3 = 0, Di+1 ≡ d3 (10) (Di+1 + 6)3 − (Di+1

i+1

mod 3

De acuerdo a [7, Corolario 1], la secuencia de curvas EDi se aproxima al levantamiento canónico, y la función φi : EDi+1 → EDi dada por φi (X, Y, Z) =

Di+1 + 6 Y 2 Z + Z 2 X + X 2 Y, Y 2 X + Z 2 Y + X 2 Z, XY Z Di

define la isogenia dual inducida por la sustitución de Frobenius de los levantamientos EDi , EDi+1 . Considerando φi como la reducción módulo 3 de φi , se puede ver que i. i y entonces φi = Σ σi ◦ φi = [3], por lo tanto φi es la isogenia dual σ

CriptografĂ­a de curva elĂ­ptica en campos de caracterĂ­stica 3

29

Encontrando el valor de Di que definen al levantamiento canĂłnico de Ed3i podremos calcular la traza de Frobenius. La sucesiĂłn de curvas EDi representan una aproximaciĂłn del levantamiento canĂłnico Ei de Ed3i . Con esto, podemos finalmente calcular Tr( Ďƒi ) a partir del grupo formal de Ei alrededor de O y el homomorfis i. mo inducido por ÎŁ

ProposiciĂłn 5.2.2. Consideremos el parĂĄmetro formal Ď„ = (Y + X)/Y del grupo formal de EDi en O y ω = Z/Y . Sea c el coeficiente del tĂŠrmino lineal del homomorfismo inducido por φi : EDi+1 → EDi . Entonces c = 6 . 1+ Di+1 n−1 â—Ś Como hemos notado anteriormente, tenemos la igualdad F = ÎŁ 0 por lo que podemos calcular Tr(F ) a partir de cada una de las ... â—Ś ÎŁ i mediante funciones ÎŁ 0 ). n−1 ) ¡ ¡ ¡ Tr(ÎŁ Tr(F ) = Tr(F ) = Tr(ÎŁ

Entonces, de acuerdo a la conclusiĂłn de la proposiciĂłn 5.2.2, la traza del endomorfismo de Frobenius estĂĄ dada por

T r(F ) =

n−1

1+

i=0

6 Dn+i

mod 3n .

donde n debe ser elegido de tal manera que el entero Tr(F ) estĂŠ comple√ tamente definido. Por el teorema de Hasse tenemos que |Tr(F )| ≤ 2 q, por lo que esta cota es suficiente para determinar Tr(F ). m nEntonces √ n n/2 debe cumplir 3 > 2 q = 2 ¡ 3 . Basta con tomar m = 2 + 2. Para encontrar las raĂ­ces de las ecuaciones dadas por (10) puede utilizarse el mĂŠtodo de Newton, utilizando como punto inicial cualquier i levantamiento del elemento d3 correspondiente para satisfacer el lema de Hensel. El algoritmo de conteo utiliza el algoritmo 3 para calcular la traza de Frobenius t. El nĂşmero de puntos se determina mediante la identidad |EFq | = q + 1 − t.

30

Edgar GonzĂĄlez FernĂĄndez y FeliĂş D. Sagols

Algoritmo 3 CĂĄlculo de la Traza de Frobenius Entrada: Curva elĂ­ptica en forma de Hasse con d ∈ Fq \ F32 y un levantamiento D0 ∈ Zq de d. Salida: Traza del endomorfismo de Frobenius. 1: m â†? n 2 + 2 2: para i = 1 hasta m hacer 3: Di+1 â†? Resolver((X + 6)3 − (X 2 + 3X + 9)Di3 = 0) moĚ d 3i 4: t â†? (1 + 6/Dm ) 5: para i = m + 1 hasta m + n − 1 hacer 6: Di+1 â†? Resolver((X + 6)3 − (X 2 + 3X + 9)Di3 = 0) moĚ d 3m m+1 7: t â†? t(1 √ + 6/Di ) mod 3 n 8: si t > 2 3 entonces 9: t â†? t − 3m Edgar GonzĂĄlez FernĂĄndez Departamento de ComputaciĂłn, Centro de InvestigaciĂłn y de Estudios Avanzados del Instituto PolitĂŠcnico Nacional, Av. Instituto PolitĂŠcnico Nacional 2508 San Pedro Zacatenco, Gustavo A. Madero, 07360 Ciudad de MĂŠxico, Distrito Federal, egonzalez@computacion.cs.cinvestav.mx

FeliĂş D. Sagols Troncoso Departamento de MatemĂĄticas, Centro de InvestigaciĂłn y de Estudios Avanzados del Instituto PolitĂŠcnico Nacional, Av. Instituto PolitĂŠcnico Nacional 2508 San Pedro Zacatenco, Gustavo A. Madero, 07360 Ciudad de MĂŠxico, Distrito Federal, fsagols@math.cinvestav.mx

Referencias [1] Ahmadi, O., Hankerson, D., and Menezes, A. Software Implementation of Arithmetic in F3m . In First International Workshop on the Arithmetic of Finite Fields (WAIFI 2007) Proceedings (Berlin, 2007), vol. 4547 of Lecture Notes in Comput. Sci., Springer, pp. 85–102. [2] Certicom. Standards For Efficient Cryptography (SEC 1 v2), Sept. 2009. [3] Deuring, M. Die typen der multiplikatorringe elliptischer funktionen korper. Abh. Math. Sem. Univ. Hamburg 14 (1941), 197–272. [4] Galbraith, S. D. Supersingular curves in cryptography. In Advances in Cryptology — ASIACRYPT 2001 Proceedings (Berlin, 2001), Lecture Notes in Comput. Sci., Springer. [5] Gallagher, P., Cameron F. Kerry, A. S., and Director, C. R. FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS), 2009. [6] Gao, S., and Panario, D. Tests and constructions of irreducible polynomials over finite fields. In Selected Papers of a Conference Held at Rio de Janeiro, January 1997 (1997), Found. Comput. Math., Springer, pp. 346–361.

Criptografía de curva elíptica en campos de característica 3

31

[7] Gustavsen, T. S., and Ranestad, K. A Simple Point Counting Algorithm for Hessian Elliptic Curves in Characteristic Three. Appl. Algebra Eng. Commun. Comput. 17, 2 (2006), 141–150. [8] Hankerson, D., Menezes, A., and Vanstone, S. Guide to Elliptic Curve Cryptography. Springer-Verlag, 2004. [9] Koblitz, N. Elliptic Curve Cryptosystems. Math. Comp. 48 (1997), 203–209. [10] Lidl, R., and Niederreiter, H. Introduction to Finite Fields and Their Applications. Cambridge University Press, New York, NY, USA, 1986. [11] Miller, V. Use of elliptic curves in cryptography. In Advances in Cryptology — Crypto ’85 Proceedings (Berlin, 1986), vol. 218 of Lecture Notes in Comput. Sci., Springer, pp. 417–426. [12] Satoh, T. The canonical lift of an ordinary elliptic curve over a finite field and its point counting. J. Ramanujan Math. Soc., 4 (2000), 247–270. [13] Silverman, J. The Arithmetic of Elliptic Curves. Springer-Verlag, New York, 1986. [14] Smart, N. P., and Westwood, E. J. Point Multiplication on Ordinary Elliptic Curves over Fields of Characteristic Three. Appl. Algebra Engrg. Comm. Comput., 13 (2003), 485–497.

Morfismos, Vol. 21, No. 2, 2017, pp. 33–55 Morfismos, Vol. 21, No. 2, 2017, pp. 33–55

Enumeration of integer lattices by quotient group Enumeration of integer lattices by quotient group Álvar Ibeas Martı́n Álvar Ibeas Martı́n Abstract Motivated by the enumeration of graph regular coverings, Kwak, Abstract Chun, and Lee gave a formula that counts the subgroups of a Motivated byfree the abelian enumeration graph regular coverings, Kwak, finitely generated groupofwith a given finite quotient. Chun, and Lee gave a formula that counts the subgroups This article examines that result from several viewpoints, provid- of a generated with a given finite quotient. ing anfinitely alternative prooffree withabelian a plaingroup combinatorial interpretation. This article examines that result from several viewpoints, providing an alternative with a plain combinatorial 2010 Mathematics Subject proof Classification: 05E15, 20K27 interpretation.

Keywords and phrases: integer lattices, combinatorics 2010 Mathematics Subject Classification: 05E15, 20K27 Keywords and phrases: integer lattices, combinatorics

1

Introduction 1 Introduction An integer (point) lattice in dimension r

is a subgroup of the additive group Zr , equipped with the metric inherited from the Euclidean space An integer (point) lattice in dimension r is a subgroup of the additive Rr . Such anr object is conveniently set down by means of a basis: an group Z , equipped with the metric inherited from the Euclidean space integerr matrix with r rows and linearly independent columns that genR . Such an object is conveniently set down by means of a basis: an erate the subgroup (elements of Zr are treated as column vectors in this integer matrix with r rows and linearly independent columns that genarticle). In symbols, if B is a d-column basis for lattice Λ, we have erate the subgroup (elements of Zr are treated as column vectors in this Λ = BZd = {Bv : v ∈ Zd }. We shall only consider full-dimensional article). In symbols, if B is a d-column basis for lattice Λ, we have lattices, i.e. those generated by square matrices. For example, here are Λ = BZd = {Bv : v ∈ Zd }. We shall only consider full-dimensional three different lattices in Z2 : lattices, i.e. those generated by square matrices. For example, here are three different lattices in Z2 :

4 0 0 1

4 0

Z2 0 1

Z

2

2 1 0 2

2 0

33

Z2 1 2

33

Z

2

2 0 0 2

2 0

Z2 0 2

Z2

34

Á. Ibeas

Let us determine the quotient group (which must be abelian of order 4) for each of the three examples above. In the first two, a point in Z2 can be found whose order modulo the lattice is 4, so that the quotient is cyclic (C4 ) in both cases. In contrast, the double of every point lies in the third lattice (which is indeed 2Z2 ), so that the quotient is C2 ⊕ C2 in this case (and in no other in dimension 2, see Lemma 4.1). This paper focuses on the following enumeration problem: given a positive integer r and a finite abelian group G, how many lattices are there in dimension r whose quotient group is G? We look, therefore, for the cardinality of the set Lr (G) = {Λ ⊆ Zr : Zr /Λ ∼ = G}. In other words, we are interested in counting lattices whose bases have a given Smith Normal Form. As the Euclidean metric is not relevant to this matter,1 the problem can be phrased just in terms of subgroups of a finitely generated free abelian group. The question above is settled by a theorem published by Kwak, Chun, and Lee [11, Thm. 3.4] and restated here as Theorem 5.2. These authors’ aim was to enumerate graph regular coverings and used this result—put as the enumeration of connected coverings—as an intermediate step. Nevertheless, they have also pointed out [12, p. 125] the subgroup-enumerating reading of their study. In spite of presenting such a plain statement, the mentions to the studied problem that we have found in the literature are scarce. This might be explained by the fact that Theorem 5.2 can be thought of as a straightforward corollary to the long-known result [5, 6, 19] which enumerates (through Equation (4)) subgroups of a given type in a finite abelian group. However, we have considered it worth to provide a detailed account of the topic. Due to the structure properties of finite abelian groups, only finite abelian p-groups (i.e. with a prime-power order) need to be considered. These are conveniently described by means of integer partitions, as recalled in Section 3. Hence, the formula solving the addressed problem is parameterized by a positive integer r, a prime p, and an integer partition λ (with no more than r parts). Delving further into that formula, we explore several ways to understand it. We start by analysing (in Section 6) a couple of special cases: when the quotient group is cyclic and when it is elementary abelian. In 1

We will however turn to it to define dual lattices.

Enumeration of integer lattices by quotient group

35

dimension 2, the cyclic case is enough to fully solve the problem; but this reduction is not extendable to an arbitrary dimension. When the quotient is an elementary abelian p-group, our problem is equivalent to finding subspaces of a vector space over a finite prime field. Lattices with a given abelian p-group quotient can be recursively constructed drawing on the elementary abelian case. In this way, we contribute (in Section 7) an inductive proof for Theorem 5.2 which allows a combinatorial interpretation of its formula, according to which the sought lattices are classified as liftings of chains of subspaces in (Z/pZ)r with dimensions prescribed by the quotient group. Summing up, we count three approaches for proving the result we are dealing with. Apart from the interpretation sketched out in the previous paragraph, we have the original proof by Kwak, Chun, and Lee and the reduction to the subgroup-enumerating formula (4). In the closing section, the last two are presented in a unified fashion that boils down to the enumeration of epimorphisms from a finitely generated free abelian group to an abelian p-group.

2

Enumeration by volume

A characterization of a full-dimensional lattice Λ, alternative to the one given in the introduction, is that the quotient group is finite. In this case, the lattice volume is the index [Zr : Λ]. It equals the absolute value of the determinant of every lattice basis. This suggests the problem of counting ar (n), the number of integer lattices in Zr with volume n [14, A128119, A160870]. When r = 1, there is exactly one lattice (namely, nZ) for every volume n. When r = 2, a2 (n) = σ(n), the sum of divisors of n. This can be proved describing a system of bases of lattices with volume n. To this end, since a lattice admits (infinitely) many bases, it will be useful to fix a canonical choice. Two bases for the same lattice are related by a unimodular matrix (i.e. an integer matrix with an integer inverse), and conversely. In other words, a matrix is a basis of lattice BZr if and only if it is of the form BP , with P ∈ Zr×r and | det(P )| = 1. As a normalized basis, we adopt a variant of the Hermite form. Namely, an upper triangular matrix with nonnegative entries and positive diagonal elements (called pivots), each of them bigger than the rest of entries in its row. Now, the set of normalized bases for 2-dimensional

36

AĚ . Ibeas

lattices of volume n is d b (1) : d | n, 0 n/d

0≤b<d ,

affording the statement a2 (n) = Ďƒ(n). The enumeration of normalized bases settles the question for arbitrary dimension as well. Namely, ar (n) can be expressed as the sum of d01 d12 ¡ ¡ ¡ dr−1 r , extended over every factorization n = d1 ¡ ¡ ¡ dr of the volume into r ordered factors: the pivots arranged from bottom to top. The following recursive expressions can be provided too: (2)

n r−1

ar (n) =

d|n

d

ar−1 (d) =

d|n

d ¡ ar−1 (d).

The first one is deduced from the observation that, in the Hermite Normal Form of a lattice with volume n, the bottom-right (r − 1) Ă— (r − 1) block generates a lattice of volume d, for a certain divisor d of n. Moreover, the first pivot is n/d and every entry in the first row (shadowed in the left figure below) can take n/d different values. The other recurrence reflects the decomposition shown in the right figure, where each element on the shadowed column can take as many values as the corresponding pivot on the top-left block, and the pivot product is d (cf. [17, §63, Aufg. 13], [1, Appx. A]). n d

vol. d 0

vol. d 0

n d

It can be proved from the expressions above that, for a fixed dimension, the amount of lattices of a given volume is a multiplicative function. As shown in the cited exercise from [17], as well as in [7, 20] (see also below), e+r−1 e (3) ar (p ) = e p and the associated Dirichlet generating function is ar (n)

n≼1

ns

= Îś(s)Îś(s − 1) ¡ ¡ ¡ Îś(s − r + 1).

Enumeration of integer lattices by quotient group

37

The bracket above stands for a Gaussian polynomial. Namely, we use n −1 , [n]p ! = [n]p [n − 1]p ¡ ¡ ¡ [2]p , the notation [n]p = 1 + p + ¡ ¡ ¡ + pn−1 = pp−1 [r]p ! r x1 ,...,xl+1 p = [x1 ]p !¡¡¡[xl+1 ]p ! (where r = x1 +¡ ¡ ¡+xl+1 ) for the p-analogue r for Gaussian polynomiof multinomial coefficients, and xr p = x,r−x p als. Note that the latter can be defined through any of the recurrences x x x+y (x−i)y i + y − 1 i i+y−1 = p (if y > 0) = p x, y p i, y − 1 p i, y − 1 p i=0 i=0 y x = 1. Therefore, (3) follows = 0,y and the boundary conditions x,0 p

p

from any of the recurrences in (2) and the boundary conditions ar (p0 ) = a1 (pe ) = 1. Our aim is studying the refined enumeration of lattices by their quotient group. For instance, the three examples listed in the introduction lie among the 7 = Ďƒ(4) two-dimensional lattices with volume 4. As we have already pointed out, all of the seven give a cyclic quotient except the third example (see Figure 3). Let us recall some facts about the kind of groups that we will come across as quotients.

3

Finite abelian groups

There are two standard structure results for finite abelian groups. On the one hand, every such an object can be uniquely decomposed as the direct sum of cyclic groups Cd1 ⊕ ¡ ¡ ¡ ⊕ Cdl such that 1 < dl | ¡ ¡ ¡ | d1 . The orders of these components are called invariant factors. If B is a basis of a lattice Λ ⊆ Zr such that Zr /Λ has an invariant factor decomposition as above, there exist unimodular matrices P, Q such that P BQ = diag(d1 , . . . , dl , 1, . . . , 1), the Smith Normal Form of B. r−l

On the other hand, a finite abelian group can be written as the direct sum of abelian groups with a prime-power order (i.e. finite abelian p-groups). It is sufficient to take these into account for the sake of the enumeration dealt with in this article (see Lemma 5.1). As for these components, every finite abelian p-group is itself (in a unique way, except for the ordering) the direct sum of cyclic groups CpÎťi . For every occurring exponent Îťi , let xi be the number of copies present in the decomposition. Thus, every finite abelian group takes the form Gp (Îť), where Gp (Îť) = CpxÎť11 ⊕ ¡ ¡ ¡ ⊕ CpxÎťl l . p

38

λ1 λ2

Á. Ibeas

x1

pi G

i

G/p G

x2

x1

λ i λ 1 r λl−1 λl

r

xl−1 xl xl+1

xl+1

Figure 1: Partition (λ; r) = (λx1 1 , . . . , λxl l , 0xl+1 ) Arranging the set of occurring exponents in the decreasing order (λ1 > · · · > λl > 0) leads to the identification of a finite abelian p-group with its type: the integer partition λ = (λx1 1 , . . . , λxl l ), written here in exponential notation. A partition is conveniently displayed by means of its associated Young diagram (see Figure 1). The order of Gp (λ) is p to the power of the partition’s size: |λ| = xi λi . On the other hand, every2 minimal system of generators of xi elements. Recall that we are interested in Gp (λ) has len(λ) = groups arising from a quotient of Zr , which have therefore a system of r generators. This provides the constraint len(λ) ≤ r for Lr (Gp (λ)) to be nonempty. Indeed, we will find it convenient to add xl+1 empty parts to λ, so that len(λ) +xl+1 = r, as depicted in the figure, using the notation (λ; r) = (λx1 1 , . . . , λxl l , 0xl+1 ) for the resulting object. Cyclic groups (of prime-power order) are associated with one-part partitions. The other degenerate case is constituted by groups where the order of every nonzero element is p (i.e. elementary abelian groups), which are associated with one-column partitions (1x ) and can be identified with vector spaces over the field Z/pZ. For an arbitrary partition λ, len(λ) setting G = Gp (λ), its first column (associated with the group Cp ) 2 This follows from Burnside Basis Theorem. In the general case of a finite abelian group, there exist minimal systems of generators whose cardinality is any of the numbers in the range [max(len(λ)), len(λ)], where the maximum and the sum are extended over the partitions associated with the different primary components.

Enumeration of integer lattices by quotient group

39

can be thought of as G/pG (the quotient of G by its Frattini subgroup) or as the subgroup consisting of zero and the elements of order p (the group socle). In general, G/pi G is a p-group associated with the partition composed by the first i columns of Îť. Analogously, pi G matches the last Îť1 − i columns. The column lengths in the Young diagram constitute the parts of the conjugate partition (Îť 1 , . . . , Îť Îť1 ).3 We have Îť i = dim(Z/pZ)

pi−1 Gp (Îť) . pi Gp (Îť)

(Note that these quotient groups are elementary abelian.) In particular, Îť 1 = len(Îť). The group Gp (Âľ) admits a subgroup of type Îť if and only if the partition Îť “fitsâ€? into Âľ, i.e. Îť ≤ Âľ part-wise. If this is the case, the number of occurring subgroups is (see [3, Lemma 1.4.1]) (4)

p

Îť j+1 (Âľ j âˆ’Îť j )

j≼1

Âľ j − Îť j+1 Îť j − Îť j+1

. p

Every quotient of a finite abelian group can be regarded as a subgroup of it. This derives from the identification of G with the (isomor = Hom(G, C∗ ). In this way, a duality is established phic) dual group G = {Ξ âˆˆ G | Ξ(S) = 0} ⊆ G between subgroups of G, linking S with G/S (see [2], [13, II.(1.5)]). The set of subgroups of a finite abelian group is, then, a self-dual poset. If G is a finite abelian p-group, the cotype of a subgroup S is defined as the type of the quotient G/S. For example, in Figure 2, the 4-cyclic subgroup 2x has cotype (1, 1), whereas the subgroup 2x + y (4-cyclic as well) is self-dual (its cotype is (2)). Even though the type of a subgroup does not necessarily determine its cotype, the formula in (4) also counts—by virtue of the duality— subgroups of Gp (Âľ) with cotype Îť. In Section 5, we see how that formula quickly solves the problem studied in this paper.

4

A lattice lattice

This ill-sounding heading reflects the double meaning in Mathematics of the term lattice. Throughout the paper, we are using it to denote 3

We find it useful to assign different indices to these parts, disregarding whether some of them are equal, in contrast to those of Îť, which we have indexed by blocks.

40

Á. Ibeas

x, y

y

2x, y

x + y

4x, y

2x + y

2x

4x + y

4x

x

0

Figure 2: Subgroups of C8 ⊕ C2 = x, y | 8x = 2y = 0

the objects studied by the Geometry of Numbers. However, it more commonly refers to a poset-related concept [18, Sec. 3.3]. In this section, we employ the term in both ways, taking a glance at the interplay between the set of studied lattices and the set of finite abelian groups. This may complete the picture of the proof for the enumeration result given in the following section. We consider the poset of lattices in dimension r, ordered by reverse inclusion. In general, it will be sufficient to deal with the restriction to lattices with a p-group quotient (see, for instance, Figure 3). That poset is a lattice. Indeed, the intersection of two subgroups of Zr is their join as poset elements, and the lattice sum corresponds to the meet operator: Λ 1 ∨ Λ 2 = Λ1 ∩ Λ 2 ,

Λ 1 ∧ Λ 2 = Λ1 + Λ 2 .

The poset is infinite and has a zero (namely, Zr ). Note that, for a fixed lattice Λ ⊆ Zr , there is a natural bijection between its superlattices and the subgroups of Zr /Λ. In this way, every principal order ideal (the superlattices of an element) and, more generally, every poset interval corresponds to the lattice of subgroups of a finite abelian group.

41

Z2

21 1 2 1

1 2

2 2 4 1

42 1

41 1

43 1

1 4

21 2

Enumeration of integer lattices by quotient group

Figure 3: Lattices in Z2 whose volume is a power of 2

42

Á. Ibeas

For instance, the lattice of Figure 2 matches six principal ideals from Figure 3. On the other hand, the subposet conformed by the sublattices of an element (a principal filter) is isomorphic to the whole poset. When restricted to lattices whose volume is a power of a prime p, every element is covered by [r]p = 1 + p + · · · + pr−1 sublattices. Taking the type of the quotient groups makes our poset collapse onto a subposet of the Young lattice, including only partitions with no more than r parts. In the general case, if two lattices have the same quotient group, they are indistinguishable as poset elements. Indeed, two such lattices admit bases (B1 , B2 ) related by a unimodular change of coordinates: B1 = P B2 , with | det(P )| = 1. Note that P is an automorphism of Zr and induces an automorphism on the studied poset. According to next result, a lattice in Zr is a characteristic subgroup if and only if it is of the form nZr , for a positive integer n. Lemma 4.1. Let r be a positive integer. Then, |Lr (G)| = 1 if and only if G is trivial or has r equal invariant factors. In particular, if G is a finite abelian p-group, |Lr (G)| = 1 if and only if G is associated to a partition with r equal (possibly empty) parts. Proof. Let n be a positive integer (including the case n = 1). If Λ is a lattice in dimension r such that Zr /Λ ∼ = Cnr , the order of every integer r vector modulo Λ divides n, so that nZ ⊆ Λ (and both lattices coincide, since Zr /nZr ∼ = Cnr ). Hence, |Lr (Cnr )| = 1. Alternatively, if B is a basis for a lattice with quotient group Cnr , there exist unimodular matrices P and Q such that P BQ = nIr ⇒ BQ = P −1 nIr = nIr P −1 , so that the lattice generated by B is nZr . In order to prove the converse, let G be a finite (r or less)-generated abelian group not under the hypothesis. We consider the invariant factor decomposition of G, completed with trivial groups, if necessary, up to r factors: G = Cd1 ⊕ · · · ⊕ Cdr , dr | · · · | d1 . There must be at least two different factors di = dj . Then, the lattices spanned by bases diag(. . . , di , . . . , dj , . . .) and diag(. . . , dj , . . . , di , . . .) are different and give both G as quotient group.

5

Enumeration by quotient

Our goal is enumerating Lr (G), the set of subgroups of Zr whose quotient is G, keeping in mind that only finite abelian (r or less)-generated

Enumeration of integer lattices by quotient group

43

parameters G need to be taken into account. The problem is trivial in dimension 1: the quotient group of Z by the only lattice of volume n (i.e. nZ) is cyclic. For dimension 2, there is a neat solution as well (the picture provided by Rutherford [16] is correct in dimension 2). On the one hand, for a cyclic quotient, |L2 (Cn )| = Ďˆ(n), the Dedekind Ďˆ function [14, A001615], i.e. the sum of the divisors of n whose codivisor is squarefree. Indeed, the Smith Normal Form of a basis in (1) is the diagonal (n, 1) if and only if gcd(d, b, n/d) = 1, so that |L2 (Cn )| equals the cardinality of the set A below. Those matrices can be classified according to the squarefree kernel of n/d. We recall that the squarefree kernel, written rad(m), of a positive integer m is the largest squarefree integer dividing m. It is also the product of all the different prime divisors of m. The following map is a bijection from A to a set readily enumerated by Ďˆ(n). d b A= : d | n, 0 ≤ b < d, gcd(d, b, n/d) = 1 0 n/d d b B= : d | n, 0 ≤ b < d, n/d squarefree 0 n/d

A

d b 0 n/d

−→ →

B

n rad(n/d)

b¡n/d rad(n/d)

0

rad(n/d)

On the other hand, if d | n, we have |L2 (Cn ⊕ Cd )| = |L2 (Cn/d )| = Ďˆ(n/d), after the bijection that maps a lattice Λ ∈ L2 (Cn ⊕ Cd ) to 1 d Λ. This reduction to the cyclic case cannot be extended to higher dimensions, apart from the full-column removal considered in Section 9. Before proceeding to arbitrary dimension, we notice that, as announced, the problem can be reduced to p-groups. The enumeration by volume studied in Section 2 is solved by a multiplicative function (ar (uv) = ar (u)ar (v), for coprime u and v). As for the enumeration by quotient, we can rely on the following property (cf. [11, Thm. 2.7]). Lemma 5.1. Let G1 , G2 be two finite abelian groups with coprime orders. Then, |Lr (G1 ⊕ G2 )| = |Lr (G1 )| ¡ |Lr (G2 )|. Proof. We draw on the bijection between superlattices of a lattice Λ and subgroups of Zr /Λ. Among the subgroups of G1 ⊕ G2 , there are unique copies of G1 and G2 .

44

Á. Ibeas

As a consequence, every element of Lr (G1 ⊕ G2 ) can be expressed in exactly one way as the intersection of a pair of lattices in Lr (G1 ) × Lr (G2 ); conversely, every such intersection has quotient G1 ⊕ G2 . With this result in mind, in order to enumerate lattices by quotient in arbitrary dimension, we restate a result proved by Kwak, Chun, and Lee [11, Thm. 3.4] (see also [12, Thm. 13]) under a different language. Theorem 5.2. Let p be a prime number, r a positive integer, and λ a partition with no more than r parts. Let x1 , . . . , xl be the part multiplicities, so that len(λ) = xi , and xl+1 = r − len(λ). Then, the number of lattices in Zr whose quotient is a p-group of type λ is r c(λ;r) |Lr (Gp (λ))| = p , x1 , . . . , xl , xl+1 p where, writing (λ 1 , . . . , λ λ1 ) for the conjugate partition (the columns in λ1 −1 the associated Young diagram), c(λ; r) equals i=1 (r − λ i )λ i+1 .

Writing λ(i) for the partition obtained from the first x1 +· · ·+xi parts of λ, with λi+1 units removed from each (see Figure 4), the exponent above can also be expressed as c(λ; r) = li=1 xi+1 (|λ(i) | − len(λ(i) )). x1

λ(1)

x2

λ(2) λ 1 r λ(l−2)

xl−1

λ(l−1)

xl

λ = λ(l)

xl+1

Figure 4: Partition (λ; r) = (λx1 1 , . . . , λxl l , 0xl+1 ) In the following three sections, we set our focus into a proof which provides a natural interpretation for the theorem formula. Below, we

Enumeration of integer lattices by quotient group

45

show instead how the result can be considered a particular case of Equation (4). In this way, the theorem is handily proved, after paying the toll of turning to that enumeration result. We recall again the bijection between superlattices of Λ ⊆ Zr and subgroups of Zr /Λ. Among the latter, those with a certain type (or cotype) are enumerated through Equation (4), but we are not interested (in principle) in counting superlattices of a fixed lattice. However, in our setting (counting lattices with a fixed quotient), it turns out that there is a sublattice common to every sought lattice and it presents a simple quotient group. Proof of Theorem 5.2. Partition λ is “contained” into (λr1 ), so Cprλ1 has a subgroup isomorphic to Gp (λ). Therefore, there exists Λ ∈ Lr (Gp (λ)) such that pλ1 Zr ⊆ Λ ⊆ Zr . As pointed out in the previous section, elements with the same quotient group play an identical role in the poset of lattices. Any other element Λ ∈ Lr (Gp (λ)) must then contain a sublattice with quotient group Cprλ1 . After Lemma 4.1, that lattice is unique, so pλ1 Zr is a sublattice common to every element of Lr (Gp (λ)). In other words, the searched for lattices are all superlattices Λ ⊇ pλ1 Zr with Zr /Λ ∼ = Gp (λ). Setting µ j = r for j = 1, . . . , λ1 , Equation (4) proves the result. Notice that the common sublattice used in the prove above is just the join of the elements in Lr (Gp (λ))—a finite set, since ar (p|λ| ) is finite—, i.e. their intersection. We have seen that pλ1 Zr ⊆ {Λ ∈ Lr (Gp (λ))}. Conversely, that intersection must be the only lattice with its quotient group (if there were another, this would be contained in every element of Lr (Gp (λ)) as well). Then, after Lemma 4.1, the intersection’s quotient group is associated to a partition with r equal parts.

6

Elementary abelian case

Let us consider the specialization of Theorem 5.2 in degenerate cases of the partition λ. Firstly, when the quotient group is cyclic—i.e. one-row partitions—we get [14, A263950] (5)

c(λ1 , 0r−1 ) = (r − 1)(λ1 − 1),

|Lr (Cpλ1 )| = p(r−1)(λ1 −1) [r]p .

Note that, in dimension 2, |L2 (Cpλ1 )| = pλ1 −1 (1 + p) = ψ(pλ1 ).

46

AĚ . Ibeas

1 x

r−1 r−x

Îť1

1

The case of a one-column partition is of particular interest, since it constitutes the basis for the inductive proof presented in Section 7. We have c(1x , 0r−x ) = 0, so that Theorem 5.2 is reduced to |Lr (Cpx )| = xr p , a coefficient which is known to enumerate subspaces of (Z/pZ)r with dimension x (as well as those with dimension r − x). The componentwise projection from Zr onto (Z/pZ)r , to which we come back in the next section, yields a bijection between subspaces of (Z/pZ)r and lattices with a p-elementary quotient. Let us characterize normalized bases of such lattices. The diagonal is a permutation Ďƒ of the multiset {1r−x , px } and an entry above the diagonal is zero if its row’s diagonal element is 1 or if its column’s diagonal element is p. In other case (shadowed regions in the figure below), the entry can take any value from 0 to p − 1. p

p

1 p 1 1

The number of nondiagonal entries that can take nonzero values is the number of inversions of Ďƒ. Hence, these matrices add up to

ĎƒâˆˆS({1r−x ,px })

p

inv(Ďƒ)

r = , x p

after Carlitz summation formula [4], [18, Prop. 1.3.17]. Incidentally, note the following identity, which we fail to top off with a suitable bijection: |Lr (Cpx )| = ar−x+1 (px ) = ax+1 (pr−x ).

47

Enumeration of integer lattices by quotient group

7

Subspace chain liftings

In this article, we intend to stress the combinatorial interpretation presented below for the formula of Theorem 5.2, providing thus an alternative proof. That formula involves two parts: a p-multinomial coefficient and a power of p. The former can be factorized as

r x1 , . . . , xl+1

p

xl + xl+1 = xl+1

r − len(λ(i−1) ) ··· r − len(λ(i) ) p

r ··· r − x1 p

, p

showing that it enumerates subspace chains of the form (6)

Vl · · · V1 V0 = (Z/pZ)r ,

dim(Vi ) = r − len(λ(i) ).

The componentwise projection π : Zr −→ (Z/pZ)r relates lattices and vector spaces by means of a monotone Galois connection. As we have already pointed out, it induces a bijection between (Z/pZ)-spaces of codimension x and lattices with an elementary abelian quotient Cpx (joins of x atoms in the poset of Figure 3). Any (Z/pZ)-vector space V satisfies V = π(π −1 (V )). For a lattice Λ, we have Λ ⊆ π −1 (π(Λ)). The latter is a lattice with a p-elementary quotient; moreover, it is contained in every lattice that contains Λ and has a p-elementary quotient. Therefore, if Λ1 ⊆ Λ2 are two lattices whose volume is a power of p and their respective quotients are associated to partitions λ1 and λ2 , we have π(Λ1 ) = π(Λ2 ) if and only if len(λ1 ) = len(λ2 ). Hence, that projection is a vector space of dimension r − len(λ). In Figure 3, lattices are divided into five classes, according to which of the five vector subspaces of (Z/2Z)2 they project onto. For Λ ∈ Lr (Gp (λ)), let us build a lattice chain projecting to the vector spaces in (6). As a first step, we set up a superlattice whose quotient group is pGp (λ) ∼ = Gp (λ̂), where λ̂ is the partition obtained by removing the leftmost column from λ.

=

p−1 Λ ∩ Zr Λ ⊆ {x ∈ Zr : px ∈ Λ} ⊆ Zr λ 1

λ̂

48

Á. Ibeas

That is achieved by appending to Λ those integer vectors whose order in the quotient group is p. Iterating the process, the following chain is reached (refer to (8) for a couple of examples): (7)

Λ p−1 Λ ∩ Zr p−2 Λ ∩ Zr · · · p1−λ1 Λ ∩ Zr Zr .

This recursive technique of trimming partition columns from the left, building on the simple case of elementary abelian groups, is common in relevant literature. The following result, inspired by a memoir of Butler [3], adapts to our problem the concept of fibre count per subspace chain and provides, in this manner, a natural interpretation of Theorem 5.2. Proposition 7.1. Let p be a prime number, r a positive integer, and λ a partition with no more than r parts. For every subspace chain as in (6), there are exactly pc(λ;r) lattices Λ with a p-power volume such that, for i = 0, 1, . . . , λ1 , π(p−i Λ ∩ Zr ) = Vj , where j ≤ l is the maximum index satisfying i < λj (and j = 0, if i = λ1 ). The quotient of Zr by each of these lattices is Gp (λ). Proof. We use induction on λ1 . If λ is empty, the subspace chain is reduced to V0 = (Z/pZ)r , and the only lattice with a p-power volume that projects onto it is Zr . In other case, the induction hypothesis shows that there are pc(λ̂;r) possibilities for Λ̂ = p−1 Λ ∩ Zr . For each of these, Zr /Λ̂ ∼ = Gp (λ̂). Now, candidates for Λ are sublattices of Λ̂ such r that Z /Λ is a p-group whose type is λ̂ plus a column attached on the λ left. The condition π(Λ) = Vl implies Λ̂/Λ ∼ = Cp 1 , and is enough to guarantee Λ ∈ Lr (Gp (λ)). λ 2

r − λ 1 1

p

B1

A1

1

r

p

B2

λ 2

∗

λ 2

If A is a basis for Λ̂, any basis of any sublattice takes the form AB, for a certain square matrix B. Basis A can be taken with its last

Enumeration of integer lattices by quotient group

49

λ 2 = len(λ̂) columns in pZ, the first ones describing a (Z/pZ)-basis of π(Λ̂). Then, with the notation from the figure, π(ABZr ) is spanned by the columns of A1 B1 . λ The condition on Λ̂/Λ is equivalent to BZr ∈ Lr (Cp 1 ). In this way, projection π identifies the choices for BZr with (r − λ 1 )-dimensional subspaces of (Z/pZ)r . The projection of B1 is determined by Vl . Therefore, the sought sublattices are in bijection with vector spaces of dimension r − λ 1 with the projection onto the first r − λ 2 components fixed. They are in number p(r−λ1 )λ2 , then. Finally, note that c(λ; p) = c(λ̂; p) + (r − λ 1 )λ 2 .

8

Examples

Let r = 3, p = 2, and λ = (2, 1). The number of subspace chains of dimensions 1 and 2 in (Z/pZ)3 is [3]2 [2]2 = 21. For each of these, there are two lattices (since c(2, 1, 0) = 1) in Z3 with quotient group C4 ⊕ C2 , bases for which share a cell in Table 1. For instance, for the last two lattices listed, the superlattice sequences described in (7) are (8)        4 2 1 2 1 4 2 3 2 1  2 1 Z3  1  Z3 ,  2 1 Z3  1  Z3 . 1 1 1 1

Those are the two lattices projecting to the subspace chain     1 1  1  (Z/2Z)  1  (Z/2Z)2 . 1 1

Recovering the poset of Figure 3, let us count the sublattices of Z2 whose quotient is C8 . In this case, the vector chain of (6) is simply V1 (Z/2Z)2 ,

dim(V1 ) = 1.

There are therefore three options, as shown in the figure. Each suitable lattice determines a chain Λ 2−1 Λ ∩ Z2 2−2 Λ ∩ Z2 Z2 , where the first three elements project onto V1 . These chains can be determined from right to left. Once V1 is fixed, there is only one choice

50

Á. Ibeas

 1  2  2  1  2 1  1  2  4  2  4  2  4  2  4

 2  4  2  4  2  4  2  1  1 2  1  2 1 1  1 2 1 1

  1 1   2 2   4 2 1  2   1 4 2 1  2   4   4 2 1   1 4   4 2 1   4 4 3  1   1 4 4 3  1

4

1 1 1

2

2

2

2

 2  2  4  2  4  2  4  1  1 4  1  4 1 1  1 4 1 1

1 2 2 1 3 1

2

2

2

2

  1   2   4   2   4   2   2 4   1   3 4   1   2 4 1  1   3 4 1  1

4

1 1 1 2 2 2 2 2 2 2 2

Table 1: |L3(G2( ))| = |L3(C4 ⊕ C2)| = 42

 2   2 2  2 4  2  2 4  2  4  1  1 4  1  4 1 1  1 4 1 1

 1 1 2  2  2 2 1  2  3 2 1  2  2 2 2  1  2 3 2  1  2 2 2 1 1  2 3 2 1 1

for 2−2 Λ ∩ Z2 and 2 = 2c(2,0) choices for 2−1 Λ ∩ Z2 . For each of these, there are two choices for Λ. In total, there are 4 = 2c(3,0) lattices projecting to a fixed vector space chain. In contrast, if Z2 /Λ ∼ = C4 ⊕ C2 , we have π(Λ) = 0 and dim(π(2−1 Λ ∩ Z2 )) = 1. For every line in (Z/2Z)2 , there is a single (c(2, 1) = 0) lattice in L2 (C4 ⊕ C2 ).

9

Conservative transformations

We remark in this section a couple of partition transformations that keep the amount of associated lattices unchanged, as is apparent from Theorem 5.2. We have seen at the beginning of Section 5 how, in dimension 2, the enumeration of lattices with a cyclic quotient solves the general case. The transformation that removes (or appends) full columns (as long as

Enumeration of integer lattices by quotient group

51

the dimension r) from a partition can be thought of as a generalization to arbitrary dimension of the reduction from the group Cn ⊕ Cd to Cn/d , valid in dimension 2.

λ

λ#

That removal does not affect the part multiplicities x1 , . . . , xl+1 , nor the exponent c(λ; r), so that the number of associated lattices remains the same. An explicit bijection is given by Λ → p−λl Λ. Notice that, in a lattice whose quotient is associated to a partition with λl full columns, the entries of every element are multiples of pλl . It is not that simple to describe the effect on the number of associated lattices produced by the removal of trailing empty rows (i.e. reducing the dimension). This, combined with the previous remark, would lead to another inductive technique to solve the enumeration considered in this paper. Another conservative partition transformation consists of taking the complement to a box with r rows and (at least) λ1 columns. In this case, a bijection can be achieved by Λ → pλ1 Λ# , where Λ# is the dual lattice, defined as Λ# = {x ∈ Qr : x, v ∈ Z, ∀v ∈ Λ}. Note that this is not necessarily an integer lattice. Indeed, Zr is the only integer lattice whose dual is also integer. The dual Λ# is spanned by the transpose inverse of any basis of Λ. From the computational point of view, this object is an important tool to deal with lattice intersections. Since we have algorithms to compute the dual of a lattice (just given) and a lattice sum (reducing the juxtaposition of summand bases), the intersection can be obtained through the following formula: # # Λ1 ∩ Λ2 = (Λ# 1 + Λ2 ) .

In particular, the elements in the lattice chain (7) can be computed as (pi Λ# + Zr )# .

52

10

Á. Ibeas

Epimorphism count

The enumeration result studied in this article has been proved (see Section 5) relying on Equation (4). As pointed out by Butler [3], the count of subgroups with a given type appeared in three different papers published in the same year. From the exposition of Delsarte [5, §2.(4),(20)], the following expression for that count can be extracted: |Epi(Gp (µ), Gp (λ))| . |Aut(Gp (λ))| The approach followed by Kwak, Chun, and Lee relies instead on a technique due to Hall [8, Thm. 1.4], who enumerates subgroups of an arbitrary group (not necessarily abelian) with a prescribed quotient, focusing on subgroups of free groups. Applying that method to our problem, we get (see [11, Thm. 2.6], [12, Thm. 10]) |Lr (G)| =

|Epi(Zr , G)| . |Aut(G)|

Notice the coincidence of numerators in both approaches when µ is set to (λr1 ), as is done in Section 5. Both fractions above admit a simple interpretation as the orbit count relative to the free action by composition of the automorphism group on the set of epimorphisms [10]. In the second case, the epimorphism enumeration can be directly derived [11, Lemma 3.3]. Setting (for the rest of the section) x = len(λ), |Epi(Zr , Gp (λ))| =pr(|λ|−x) |Epi(Zr , Cpx )| = (9)

pr(|λ|−x) (pr − 1)(pr − p) · · · (pr − px−1 ) = x(x−1) [r]p ! . pr(|λ|−x) p 2 (p − 1)x [xl+1 ]p !

This, combined with the automorphism count below (which follows [5, §2.(18)], cf. [13, II.(1.6)], [9, Thm. 4.1], [11, Lemma 3.3]), proves Theorem 5.2. |Aut(Gp (λ))| = p

x(x−1) + λi λi+1 2

(p − 1)x [x1 ]p ! · · · [xl ]p !

Epimorphism enumeration is a natural application of the extended Möbius principle [15]. Indeed, the sources of both approaches above [5, 8] constitute two among the first antecedents to Rota’s formalization of the concept, using the poset of subgroups of a finite group.

Enumeration of integer lattices by quotient group

53

Classifying homomorphisms with respect to their image, we get the expression |Epi(Zr , S)|, |Hom(Zr , G)| = S≤G

where the sum is extended over the subgroups of G. As the computation of homomorphisms is easily done (for abelian G, |Hom(Zr , G)| = |G|r ), it is useful to invert previous expression: |Epi(Zr , G)| = ¾([S, G])|S|r = ¾([0, S])|G/S|r . S≤G

S≤G

When G = Cn is cyclic, the MoĚˆbius function on the poset of subgroups coincides with the classic number-theoretic MoĚˆbius function on the divisors of n. This gives Jr (n) 1 n r d = , Âľ |Lr (Cn )| = Ď•(n) d Ď•(n) d|n

where Ď• denotes Euler’s totient function and Jr is the r-th Jordan function. This expression recovers the one given in (5), when the group order is a prime power. Going back to the general case, in any finite (poset) lattice, the MoĚˆbius function Âľ([0, a]) is zero for every poset element a, except possibly for joins of atoms [8, Thm. 2.3 and 2.4], [15, Sec. 5, Cor. to Prop. 2], [18, Cor. 3.9.5]. In the lattice of subgroups of Gp (Îť), atoms are the several copies of Cp , and their joins correspond to elementary abelian k(k−1) subgroups. For these, Âľ [0, Cpk ] = (−1)k p 2 [5, p. 603], [15, Sec. 5, Ex. 2], [18, Ex. 3.10.2]. Moreover, the amount of subgroups of the form Cpk in Gp (Îť) is xk p . Then, r

|Epi(Z , Gp (Îť))| =

x x k=0

p

k

r(|Îť|−x)

(−1)k p

k(k−1) 2

pr(|Îť|−k) =

p

x x k=0

k

(−1)k p

k(k−1) 2

pr(x−k) .

p

Developing the Gaussian polynomial with Carlitz formula, the sum above equals (10)

x k=0

(−1)k p

k(k−1) 2

pr(x−k)

ĎƒâˆˆS({1k ,0x−k })

pinv(Ďƒ) ,

54

Á. Ibeas

where inv(σ) is the number of inversions of a permutation of the multiset {1k , 0x−k }. These permutations correspond to subsets of {0, 1, . . . , x−1} with k elements. Moreover, the sum of the elements in such a subset is 0 + 1 + · · · + (k − 1) plus the number of inversions of the associated permutation. This turns (10) into x k=0

(−1)k pr(x−k)

I⊆{0,...,x−1} |I|=k

p

i∈I

i

,

which equals (pr − 1) · · · (pr − px−1 ), recovering (9). Álvar Ibeas Martı́n ibeas@gmx.com

References [1] Michael Baake, Solution of the coincidence problem in dimensions d ≤ 4, arXiv:math/0605222 [math.MG] (2006). [2] Reinhold Baer, Dualism in abelian groups, Bull. Amer. Math. Soc., 43 no. 2 (1937), 121–124. [3] Lynne Butler, Subgroup Lattices and Symmetric Functions, Mem. Amer. Math. Soc., 112 no. 539 (1994). [4] L. Carlitz, Sequences and inversions, Duke Math. J., 37 (1970), 193–198. [5] S. Delsarte, Fonctions de Möbius sur les groupes abeliens finis, Annals of Math., 49 (1948), 600–609. [6] P. E. Dyubyuk, On the number of subgroups of an abelian p-group, Izv. Akad. Nauk. Ser. Mat., 12 no. 4 (1948), 351–378 (in Russian). [7] B. Gruber, Alternative formulae for the number of sublattices, Acta Cryst., A53 (1997), 807–808. [8] P. Hall, The Euclidean functions of a group, Quat. J. Math., 7 (1936), 134–151. [9] Christopher J. Hillar, Darren L. Rhea, Automorphisms of finite abelian groups, Amer. Math. Monthly., 114 no. 10 (2007), 917–923. [10] Gareth. A. Jones, Counting subgroups of non-Euclidean crystallographic groups, Math. Scand., 84 (1999), 23–29. [11] Jin Ho Kwak, Jang-Ho Chun, Jaeun Lee, Enumeration of regular graph coverings having finite abelian covering transformation groups, SIAM J. Discrete Math., 11 no. 2 (1998), 273–285. [12] Jin Ho Kwak, Jaeun Lee, Enumeration of graph coverings, surface branched coverings and related group theory, in Combinatorial and Computational Mathematics, edited by S. Hong et al., World Scientific, Singapore (2001), 97–161. [13] I. G. Macdonald, Symmetric Functions and Hall Polynomials, Oxford University Press (1998).

Enumeration of integer lattices by quotient group

55

[14] OEIS Foundation Inc. (2011), The On-Line Encyclopedia of Integer Sequences, http://oeis.org [15] Gian-Carlo Rota, On the foundations of combinatorial theory I. Theory of Möbius functions, Z. Wahrscheinlichkeitstheorie, 2 (1964), 340–368. [16] John S. Rutherford, The enumeration and symmetry-significant properties of derivative lattices. II. Classification by colour lattice group, Acta Cryst., A49 (1993), 293–300. [17] Günter Scheja, Uwe Storch, Lehrbuch der Algebra, Teil 2, BG Teubner, Stuttgart (1988). [18] Richard P. Stanley, Enumerative Combinatorics, Wadsworth Publ. Co., Belmont, CA (1986). [19] Yenchien Yeh, On prime power abelian groups, Bull. Amer. Math. Soc., 54 no. 4 (1948), 323–327. [20] Yi Ming Zou, Gaussian binomials and the number of sublattices, Acta Cryst., A62 (2006), 409–410.

Morfismos se imprime en el taller de reproducción del Departamento de Matemáticas del Cinvestav, localizado en Avenida Instituto Politécnico Nacional 2508, Colonia San Pedro Zacatenco, C.P. 07360, México, D.F. Este número se terminó de imprimir en el mes de diciembre de 2017. El tiraje en papel opalina importada de 36 kilogramos de 34 × 25.5 cm. consta de 50 ejemplares con pasta tintoreto color verde.

Apoyo técnico: Omar Hernández Orozco.

Contents - Contenido Bilinear maps, embeddings, topological complexity and antisymmetric index of projective spaces Carlos Domı́nguez . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Criptografı́a de curva elı́ptica en campos de caracterı́stica 3 Edgar González Fernández y Feliú D. Sagols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Enumeration of integer lattices by quotient group Álvar Ibeas Martı́n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33