Isogenous components of Jacobian surfaces
Lubjana Beshaj, Artur Elezi, Tony Shaska

TL;DR
This paper classifies certain genus 2 curves with reducible Jacobians having elliptic components that are isogenous, and explores their geometric structures and cryptographic applications.
Contribution
It proves finiteness results for genus 2 curves with specific isogeny conditions and determines associated Kummer and Shioda-Inose surfaces.
Findings
Finiteness of genus 2 curves with isogenous elliptic components under specified conditions.
Explicit descriptions of Kummer and Shioda-Inose surfaces for these Jacobians.
Potential cryptographic applications in positive characteristic fields.
Abstract
Let be a genus 2 curve defined over a field , , and its Jacobian, where is the principal polarization of attached to . Assume that is - geometrically reducible with and its elliptic components. We prove that there are only finitely many curves (up to isomorphism) defined over such that and are -isogenous for and with or , with . The same holds if and . Furthermore, we determine the Kummer and the Shioda-Inose surfaces for the above and show how such results in positive characteristic suggest nice applications in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Isogenous components of Jacobian surfaces
L. Beshaj
Department of Mathematical Sciences
United States Military Academy at West Point
West Point, NY, 10996.
,
A. Elezi
Department of Mathematics and Statistics
American University
4400 Mass. Ave., NW
Washington DC, 20016.
and
T. Shaska
Department of Mathematics
Oakland University
Rochester, MI, 48309-4485.
Abstract.
Let be a genus 2 curve defined over a field , , and its Jacobian, where is the principal polarization of attached to . Assume that is - geometrically reducible with and its elliptic components. We prove that there are only finitely many curves (up to isomorphism) defined over such that and are - isogenous for and with or , with . The same holds if and . Furthermore, we determine the Kummer and the Shioda-Inose surfaces for the above and show how such results in positive characteristic suggest nice applications in cryptography.
1. Introduction
An Abelian variety , defined over a field , is simple if it has no proper non-zero Abelian subvariety over . is called reducible (or decomposable) if it is isogenous to a direct product of Abelian varieties. We call geometrically simple (or absolutely simple) if it is simple over the algebraic closure of . Analouguesly we call geometrically reducible when it is reduced over the algebraic closure of . In this paper we will focus on 2-dimensional Jacobian varieties.
A 2-dimensional Jacobian variety is geometrically reducible if and only if it is -decomposable for some . Reducible Jacobian varieties have been studied extensively since the XIX-century, most notably by Friecke, Clebch, and Bolza. In the late XX-century they became the focus of many mathematicians through the work of Frey [frey-95, frey-kani], Shaska and Volklein [deg2, deg3, deg5], Kumar [kumar] and many others. If is a 2-dimensional reducible Jacobian variety defined over a field , then there is a degree isogeny to a product , where , are 1-dimensional. The main focus of this paper is to investigate when and are isogenous to each other and how often does this occurs for a fixed ?
The question has received attention lately for different reasons. In [kumar-kuwata] the authors were able to determine the rank of the Mordell-Weil rank of elliptic fibrations , for ; see [kumar-kuwata], when and were isogenous and show that in this case both and have rank 18. Such elliptic fibrations are studied extensively from other authors; see [m-sh-2, ma-1, ma-2, ma-3, cms]. Perhaps the most interest is due to the promising post-quantum cryptography applications of such varieties. In recent developments in supersingular isogeny based cryptography (SIDH) Costello [costello] focuses on the reducible Jacobians, where the addition is done via the Kummer surface. More importantly, it seems as the most interesting case is exactly the case when is isogenous to . In this case, since the decomposition of the Abelian varieties is determined up to isogeny, the 2-dimensional Jacobian is isogenous to . There are several interesting questions that arise when we consider such Jacobians over the finite field .
The focus of this paper is to investigate when the two elliptic components of the reducible 2-dimensional Jacobians are isogenous to each other. The space of genus 2 curves with reducible Jacobians, for or is odd is a 2-dimensional irreducible locus in the moduli space of curves . For this is the well known locus of curves with extra involutions [deg2, m-sh], for odd such spaces were computed for the first time in [thesis], [deg3], [deg5]. If and are -isogenous then their -invariants and satisfy the equation of the modular curve , say . Such curve can be embedded in . So we want to study the intersection between and for given and . More precisely, for any number field we want to determine the number of -rational points of this intersection.
Our approach is computational. We will focus on the cases when and . We prove that for and there are only finitely many curves defined over such that and are -isogenous, unless is isomorphic to the dihedral group (resp. ) in which case there is a 1-dimensional family such that and are 2-isogenous (resp. 3-isogenous), and for and there are only finitely many curves defined over such that are -isogenous. Our proof makes repeated use of the Faltings theorem [Faltings].
Our paper is organized as follows. In Section 2 we give a review of the Abelian varieties and their isogenies. In the second half of Section 2 we focus on Jacobian varieties. In Section 3 we give the general setup for Abelian surfaces, Kummer surface, and Shioda-Inose surfaces. In Section 4.1 we prove that for there are finitely many genus curves defined over a number field with whose elliptic components are -isogenous for . Also, for and , there are only finitely many such (up to isomorphism) with . That is defined over follows from the important fact that the invariants and are in the field of moduli of the curve and that for every curve in , the field of moduli is a field of definition; see [m-sh]. This is not necessarily true for curves in , when . However, a proof of the above result it is still possible using the computational approach by using invariants , of two cubics in [deg3]. These invariants are denoted by and here.
In Section 4.2 we study with the case. The equation of was computed in [deg3]. A birational parametrization of was also found there in terms of the invariants , ( and in the current paper) of two cubics. We are able to compute the -invariants of and in terms of and and find the conditions that and must satisfy. Since ordered pairs are on a one to one correspondence with genus two curves with -split Jacobians, then we try to determine pairs such that the corresponding -invariants and satisfy the equation of the modular curve . This case is different from in that a rational ordered pair does not necessarily correspond to a genus two defined over . However, a genus two curve defined over gives rise to rational invariants . Hence, it is enough to count the rational ordered pairs that satisfy the equation of the modular curve . We are able to prove that for there are only finitely many genus two curves such that they have -split Jacobian and and are -isogenous. We could not prove such result for , and since the corresponding curve has genus zero components in such cases. It remains open to further investigation if there is any theoretical interpretation of such surprising phenomena.
Notation: Throughout this paper denotes a genus curve defined over a field and its function field. By we denote the automorphism group of over or equivalently . The reduced automorphism group is the quotient of the automorphism group by the hyperelliptic involution and is denoted by . The Jacobian of over a field is denoted by or simply by when the context is clear. By we denote the dihedral group of order and by the Klein -group.
2. Preliminaries
An Abelian variety defined over is an absolutely irreducible projective variety defined over which is a group scheme. We will denote an Abelian variety defined over a field by or simply when there is no confusion. A morphism from the Abelian variety to the Abelian variety is a homomorphism if and only if it maps the identity element of to the identity element of .
An abelian variety over a field is called simple if it has no proper non-zero Abelian subvariety over , it is called absolutely simple (or geometrically simple) if it is simple over the algebraic closure of . An Abelian variety of dimension 1 is called an elliptic curve.
2.1. Isogenies
A homomorphism is called an isogeny if and is a finite group scheme. If an isogeny exists we say that and are isogenous. This relation is symmetric. The degree of an isogeny is the degree of the function field extension . It is equal to the order of the group scheme , which is, by definition, the scheme theoretical inverse image .
The group of -rational points has order , where is the degree of the maximally separable extension in . We say that is a separable isogeny if and only if .
Lemma 1**.**
For any Abelian variety there is a one to one correspondence between the finite subgroup schemes and isogenies , where is determined up to isomorphism. Moreover, and .
The following is often called the fundamental theorem of Abelian varieties. Let be an Abelian variety. Then is isogenous to
[TABLE]
where (up to permutation of the factors) , for are simple, non-isogenous, Abelian varieties. Moreover, up to permutations, the factors are uniquely determined up to isogenies.
When , then let be a nonzero isogeny of . Its kernel is a subgroup scheme of . It contains and so its connected component, which is, by definition, an Abelian variety.
2.2. Computing isogenies between Abelian surfaces
Let be a curve of genus 2 defined over a perfect field such that and its Jacobian. Fix a prime and let be a maximal -Weil isotropic subgroup of , then we have . Let be the quotient variety and a genus 2 curve such that . Hence, the classical isogeny problem becomes to compute when given and .
If this problem is done with the Richelot construction. Over finite fields this is done by Lubicz and Robert in [L-R-2] using theta-functions. In general, if is the isogeny and , the corresponding theta divisors, then is in . Thus, the image of in the Kummer surface is a degree genus zero curve in of arithmetic genus . This curve can be computed without knowing ; see [D-L] or [frey-shaska] for details.
For given as in Eq. (9), we have the divisor at infinity
[TABLE]
The Weierstrass points of are the projective roots of , namely , for and the Weierstrass divisor is
[TABLE]
A canonical divisor on is
[TABLE]
Let , be a divisor expressed as . The effective divisor is determined by an ideal of the form such that , where is a cubic and a monic polynomial of degree .
We can define the -tuple embedding by
[TABLE]
and denote the image of this map by . It is a rational normal curve of degree in . Hence, any distinct points on are linearly independent. Therefore, the images under of the Weierstrass points of are linearly independent for . Thus, the subspace
[TABLE]
is -dimensional. For any pair of points in , the secant line is defined to be the line in intersecting in . In other words,
[TABLE]
The following is proved in [D-L].
Theorem 1** (Dolgachev-Lehavi).**
There exists a hyperplane such that:
1) contains and
2) the intersection of with the secants for each nonzero are contained in a subspace of codimension 3 in .
The image of the Weierstrass divisor under the map with centre lies on a conic , and the double cover of ramified over this divisor is a stable curve of genus such that .
2.3. Torsion points and Tate modules
The most classical example of an isogeny is the scalar multiplication by map . The kernel of is a group scheme of order (see [Mum]). We denote by the group . The elements in are called -torsion points of . Let be a degree isogeny. Then there exists an isogeny such that
[TABLE]
Next we consider the case when . Let be an Abelian variety, , and .
- i)
If , then is separable, and .
- ii)
If , then is inseparable. Moreover, there is an integer such that
[TABLE]
If then is called ordinary. If then the abelian variety has -rank . If (elliptic curve) then it is called supersingular if it has -rank 0. An abelian variety is called supersingular if it is isogenous to a product of supersingular elliptic curves.
Remark 1**.**
If and has -rank 0 then is supersingular. This is not true for .
2.4. -polynomial
Let be a projective smooth absolutely irreducible curve of genus defined over and be the set of -rational points of . The zeta function of is defined by
[TABLE]
It was shown by Artin and Schmidt that
[TABLE]
where is an integer polynomial of degree called the -polynomial of . Weil showed that where is the characteristic polynomial of the Frobenius endomorphism.
The characteristic polynomial of the Frobenius endomorphism, hence the -polynomial, of an abelian variety is an important invariant under isogeny that carries most of the relevant arithmetic information.
Theorem 2** (Tate).**
If and are abelian varieties defined over . Then, is -isogenous to an abelian subvariety of if and only if the characteristic polynomial of divides the characteristic polynomial of over . Moreover, and are -isogenous if and only if .
An immediate consequence of the above is that when the decomposes into a product of Abelian varieties of smaller dimensions then the characteristic polynomial is divisible by the characteristic polynomial of the abelian subvarieties.
Example 1**.**
For it can be shown that , where and for we have where is as above and . In general the coefficients of the -polynomial are determined by for .
2.5. Jacobian varieties
Let be a curve of positive genus and assume that there exists a -rational point with attached prime divisor . There exists an abelian variety defined over and a uniquely determined embedding
[TABLE]
such that
- (1)
for all extension fields of we get where this equality is given in a functorial way and 2. (2)
if is an Abelian variety and is a morphism sending to then there exists a uniquely determined homomorphism with .
is uniquely determined by these conditions and is called the Jacobian variety of . The map is given by sending a prime divisor of degree of to the class of in . For more details on the general setup see [frey-shaska] among many other authors.
Let be a finite algebraic extension. Then the Jacobian variety of is the scalar extension of with , hence a fiber product with projection to . The norm map is , and the conorm map is . By universality we get:
Lemma 2**.**
If is a surjective morphism of curves sending to , then there is a uniquely determined surjective homomorphism
[TABLE]
such that .
A useful observation is
Corollary 1**.**
Assume that is a curve of genus such that is a simple abelian variety, and that is a separable cover of degree . Then is the projective line.
2.5.1. Cantor’s Algorithm
Inspired by the group law on elliptic curves and its geometric interpretation we give an explicit algorithm for the group operations on Jacobian varieties of hyperelliptic curves.
Take a genus hyperelliptic curve with a least one rational Weierstrass point given by the affine Weierstrass equation
[TABLE]
over . We denote the prime divisor corresponding to by . The affine coordinate ring of is
[TABLE]
and so prime divisors of degree of correspond to prime ideals with . Let be the hyperelliptic involution of . It operates on and on and fixes exactly the prime ideals which ”belong” to Weierstrass points, i.e. split up in such points over .
Following Mumford [Mum] we introduce polynomial coordinates for points in . The first step is to normalize representations of divisor classes. In each divisor class we find a unique reduced divisor
[TABLE]
with , for and (we use Riemann-Roch and the fact that induces ).
Using the relation between divisors and ideals in coordinate rings we get that corresponds to an ideal of degree and the property that if the prime ideal is such that both and divide then it belongs to a Weierstrass point. The ideal is a free -module of rank and so
[TABLE]
We have that , monic of degree , and divides ; see [frey-shaska].
Moreover, is uniquely determined by , is uniquely determined by and so we can take as coordinates for .
Proposition 1** (Mumford).**
Let be a hyperelliptic curve of genus with affine equation
[TABLE]
where , , . Every non-trivial group element can be represented in a unique way by a pair of polynomials , such that
i) is a monic
ii)
iii)
How to find the polynomials ? We can assume without loss of generality that and identify prime divisors with points . Take the reduced divisor now with . Then
[TABLE]
Since occurs with multiplicity in we must have for that
[TABLE]
for and one determines by solving this system of equations.
The addition is computed as follows: take the divisor classes represented by and and in ”general position”. Then the product is represented by the ideal given by
[TABLE]
We have to determine a base, and this is done by Hermite reduction. The resulting ideal is of the form but not necessarily reduced. To reduce it one uses recursively the fact that .
Another approach to describe addition in the Jacobians of hyperelliptic curves is to use approximation by rational functions; see [Leitenberger]. This is analogous to the geometric method used for elliptic curves.
For simplicity we assume that . Let and be reduced divisors on given by
[TABLE]
where and can occur with multiplicities, and , . As usual we denote by respectively the points on corresponding to and .
Let be the unique rational function going through the points , . In other words we are determining and such that points , lie on the curve
[TABLE]
This rational function is uniquely determined and has the form
[TABLE]
where
[TABLE]
is the parity of . By replacing from Eq. 3 in Eq. 1 we get a polynomial of degree , which gives new roots apart from the -coordinates of . Denote the corresponding points on by and are the corresponding symmetric points with respect to the line. Then, we define
[TABLE]
For details we refer the reader to [Leitenberger].
Remark 2**.**
For we can take to be a cubic polynomial.
Let be a genus 2 curve defined over a field with a rational Weierstrass point. If the is birationally isomorphic to an affine plane curve with equation
[TABLE]
Let be the prime divisor corresponding to the point at infinity. Reduced divisors in generic position are given by
[TABLE]
where , are points in (since is algebraically closed) and . For any two divisors and in reduced form, we determine the cubic polynomial
[TABLE]
going through the points , , , and . This cubic will intersect the curve at exactly two other points and with coordinates
[TABLE]
where , are roots of the quadratic equation
[TABLE]
Let us denote by and . Then,
[TABLE]
After having defined explicitly the addition in it is a natural problem that given a reduced divisor , determine explicitly the formulas for , at least in generic cases similarly as in the case of elliptic curves. Hence, one wants to determine explicitly division polynomials (i.e polynomials that have torsion points of order as zeroes) or (or more generally, ideals which define zero-dimensional schemes containing ).
3. Jacobian surfaces
Abelian varieties of dimension 2 are often called Abelian (algebraic) surfaces. We focus on Abelian surfaces which are Jacobian varieties. Let be a genus 2 curve defined over a field . Then its gonality is . Hence, genus 2 curves are hyperelliptic and we denote the hyperelliptic projection by . By the Hurwitz’s formula this covering has branch points which are images of the Weierstrass points of . The moduli space has dimension .
The arithmetic of the moduli space of genus two curves was studied by Igusa in his seminal paper [Ig] expanding on the work of Clebsch, Bolza, and others. Arithmetic invariants by determine uniquely the isomorphism class of a genus two curve. Two genus two curves and are isomorphic over if and only if there exists such that , for ; see [Vishi] for details. If then the invariant is not needed.
From now on we assume . Then has an affine Weierstrass equation
[TABLE]
over , with discriminant . The moduli space of genus 2 curves, via the Torelli morphism, can be identified with the moduli space of the principally polarized abelian surfaces which are not products of elliptic curves. Its compactification is the weighted projective space via the Igusa invariants . Hence,
[TABLE]
Given a moduli point , we can recover the equation of the corresponding curve over a minimal field of definition following [m-sh].
3.1. Automorphisms
A of induce automorphisms of , or, to be more precise, of where is the principal polarization of attached to .
Theorem 3**.**
Let be an algebraic curve and with canonical principal polarization . Then,
[TABLE]
See [Milne] for a proof.
3.2. Reducible Jacobians
It is well known that a map of algebraic curves induces maps between their Jacobians and . When is maximal then is injective and is connected, see [jsc] for more details.
Let be a genus curve and be a degree maximal covering from to an elliptic curve . Then is injective and the kernel of is an elliptic curve which we denote by . For a fixed Weierstrass point , we can embed to its Jacobian via
[TABLE]
Let be the natural embedding of in , then there exists . Define . So we have the following exact sequence
[TABLE]
The dual sequence is also exact
[TABLE]
If or it is an odd number then the maximal covering is unique (up to isomorphism of elliptic curves). The Hurwitz space of such covers is embedded as a subvariety of the moduli space of genus two curves ; see [deg3] for details. It is a -dimensional subvariety of which we denote it by . An explicit equation for , in terms of the arithmetic invariants of genus curves, can be found in [deg2] or [m-sh] for , in [deg3] for , and in [deg5] for . From now on, we will say that a genus curve has an -decomposable Jacobian if is as above and the elliptic curves , are called the components of .
3.2.1. Humbert surfaces
For every there is a Humbert hypersurface in which parametrizes curves whose Jacobians admit an optimal action on ; see [HM95]. Points on parametrize curves whose Jacobian admits an -isogeny to a product of two elliptic curves. Such curves are the main focus of our study. We have the following result; see [lombardo, Prop. 2.14].
Proposition 2**.**
* is a geometrically simple Abelian variety if and only if it is not -decomposable for some .*
We will explain in more detail in the next section what it means for to be -decomposable.
A point lying on the intersection of two Humbert surfaces with corresponds either to a simple abelian surface with quaternionic multiplication by an (automatically indefinite) quaternion algebra over , or to the square of an elliptic curve. This is in particular true for points lying on Shimura curves.
3.3. Isogenies between elliptic components
We study pairs elliptic components and try to determine their number (up to isomorphism over ) when they are isogenous of degree , for an integer . We denote by the -th modular polynomial. Two elliptic curves with -invariants and are -isogenous if and only if . The equation is the canonical equation of the modular curve . The equations of are well known. We display for .
[TABLE]
Notice that all polynomials are symmetric in and , as expected. We denote and and express in terms of . Such expressions are much simpler and more convenient for our computations.
[TABLE]
3.4. Kummer surface and Shioda-Inose surface
Let be a genus curve and its Jacobian variety. To the Jacobian variety one can naturally attach two surfaces, the Kummer surface and a double cover of it called the Shioda-Inose surface.
Let be the involution automorphism on the Jacobian given by . The quotient , is a singular surface with sixteen ordinary double points. Its minimal resolution is called the Kummer surface and denoted by . We refer to [m-sh, m-sh-2] for further details. In Section 5 we will describe in more detail for reducible .
The Inose surface, denoted by , was originally constructed as a double cover of the Kummer surface. Shioda and Inose then showed that the following diagram of rational maps, called a Shioda-Inose structure, induces an isomorphism of integral Hodge structures on the transcendental latices of and , see [SI] for more details.
[TABLE]
A surface has Shioda-Inose structure if it admits an involution fixing the holomorphic two-form, such that the quotient is the Kummer surface of a principally polarized abelian surface and the rational quotient map of degree two induces a hodge isometry between the transcendental latices and , see [m-sh] for more details.
An elliptic surface fibered over with section can be described by a Weierstrass equation of the form
[TABLE]
and rational functions. If we assume that the elliptic fibration has at least one singular fiber then the following question is fundamental in arithmetic geometry. Find generators for the Mordell-Weil group of this elliptic surface fibered over .
A theorem of Shioda and Tate connects the Mordel-Weil group with the Picard group of the Néron-Severi group of . Therefore, determining the Mordell-Weil group it is equivalent to finding the Picard group of the Néron-Severi lattice of surface.
A surface is called an elliptic fibration if it is a minimal elliptic surface over with a distinguished section . The complete list of possible singular fibers has been given by Kodaira [kodaira]. To each elliptic fibration there is an associated Weierstrass model with a corresponding distinguished section obtained by contracting all fibers not meeting . The fibers of are all irreducible whose singularities are all rational double points, and is the minimal desingularization. If we choose some as a local affine coordinate on , we can present in the Weierstrass normal form
[TABLE]
where and are polynomials of degree respectively and in .
4. reducible Jacobians surfaces
Genus 2 curves with -decomposable Jacobians are the most studied type of genus curves due to work of Jacobi, Hermite, et al. They provide examples of genus two curves with large Mordell-Weil rank of the Jacobian, many rational points, nice examples of descent [ants], etc. Such curves have received new attention lately due to interest on their use on cryptographic applications and their suggested use on post-quantum crypto-systems and random self-reducibility of discrete logarithm problem; see [costello]. A detailed account of applications of such curves in cryptography is provided in [frey-shaska].
Let be a genus curve defined over an algebraically closed field , , the function field of , and a degree covering from to an elliptic curve ; see [jsc] for the basic definitions. The covering is called a maximal covering if it does not factor through a nontrivial isogeny. We call a degree elliptic subcover of . Degree elliptic subcovers occur in pairs, say . It is well known that there is an isogeny of degree between the Jacobian and the product . Such curve is said to have -decomposable (or -split) Jacobian. The focus of this paper is on isogenies among the elliptic curves and .
The locus of genus curves with -decomposable Jacobian it is denoted by . When or an odd integer, is a -dimensional algebraic subvariety of the moduli space of genus two curves; see [jsc] for details. Hence, we can get an explicit equation of in terms of the Igusa invariants ; see [deg2] for , [deg3] for , and [deg5] for . There is a more recent paper on the subject [kumar] where results of [deg3, deg5] are confirmed and equations for are studied.
4.1. reducible Jacobians surfaces
Let as above and its function field. We assume that is algebraically closed and . Since degree coverings correspond to Galois extensions of function fields, the elliptic subcover is fixed by an involution in . There is a group theoretic aspect of the case which was discussed in detail in [deg2]. The number of elliptic subcovers in this case correspond to the number of non-hyperelliptic involutions in , which are called elliptic involutions. The equation of is given by
[TABLE]
and in [lubjana, beshaj-thesis] it was shown that when defined over this equation is minimal. Hence, for , such that the corresponding discriminant is nonzero, we have a genus curve and two corresponding elliptic subcovers. Two such curves and are isomorphic if and only if their dihedral invariants and are the same; [deg2]. Thus, the points correspond to elliptic involutions of while the points correspond to elliptic involutions of the reduced automorphism group .
Let be a genus curve, its automorphism group, the hyperelliptic involution, and the reduced automorphism group. If has another involution , then the quotient space has genus one. We call such involution an elliptic involution. There is another elliptic involution . So the elliptic involutions come naturally in pairs. The corresponding coverings , , are the maximal covers as above and the elliptic subcovers of of degree . Also the corresponding Hurwitz space of such coverings is an irreducible algebraic variety which is embedded into . We denote its image in by . The following was proved in [deg2].
Lemma 3**.**
Let be a genus curve and its hyperelliptic involution. If is an elliptic involution of , then so is . Moreover, is isomorphic to a curve with affine equation
[TABLE]
for some and . The equations for the elliptic subcovers , for , are given by
[TABLE]
In [deg2] it was shown that is determined up to a coordinate change by the subgroup of generated by and , where is a primitive 6-th root of unity. Let . The coordinate change by replaces by and by . The coordinate change by switches and . Invariants of this -action are:
[TABLE]
which are known in the literature as dihedral invariants. The map
[TABLE]
is a branched Galois covering with group of the set by the corresponding open subset of -space if . In any case, it is true that if and have the same -invariants then they are conjugate under .
If char then and implies and , hence or . But this implies or .
For with , equation Eq. 11 defines a genus 2 field . Its reduced automorphism group contains the elliptic involution . Two such pairs and are isomorphic if and only if and (where and are associated with and , respectively, by Eq. 12). However, the ordered pairs classify the isomorphism classes of such elliptic subfields as it can be seen from the following theorem proved in [deg2].
Proposition 3**.**
i) The with bijectively parameterize the isomorphism classes of pairs where is a genus field and an elliptic involution of .
ii) The satisfying additionally
[TABLE]
bijectively parameterize the isomorphism classes of genus fields with ; equivalently, genus fields having exactly elliptic subfields of degree .
Our goal is to investigate when the pairs of elliptic subfields (respectively isomorphism classes ) are isogenous. We want to find if that happens when is defined over a number field . Hence, the following result is crucial.
Proposition 4**.**
Let be a number field and be a genus curve with geometrically reducible Jacobian and , its elliptic components. Then its dihedral invariants and is isomorphic (over ) to a twist whose polynomials are given as polynomials in and . Moreover, , for are defined over if and only if
[TABLE]
is a complete square in .
Proof.
Let and denote the -invariants of the elliptic components and from Lem. 3. The -invariants and of the elliptic components are given in terms of the coefficients by the following
[TABLE]
It is shown in [deg2] that they satisfy the quadratic
[TABLE]
where . The discriminant of this quadratic is as claimed. When is a complete square in , then and have values in . Since for elliptic curves the field of moduli is a field of definition, elliptic curves and are defined over .
∎
See [main] for details, where an explicit equation of is provided with coefficients as rational functions in and , or [m-sh] for a more general setup. Hence, we have the following.
Lemma 4**.**
Let be a genus curve with geometrically reducible Jacobian and , its elliptic components and its field of moduli. Then is reducible over if and only if is a complete square in .
Proof.
The elliptic components and are defined over when their -invariants are in . This happens when the discriminant of the above quadratic is a complete square. The discriminant of the quadratic is exactly as above.
∎
We define the following surface
[TABLE]
where is as Eq. 14. Coefficients of Eq. 15 can be expressed in terms of the Siegel modular forms or equivalently in terms of the Igusa arithmetic invariants; see [thesis] or [deg2]. They were discovered independently in [clingher-doran], where they are called modular invariants.
There is a degree 2 covering
[TABLE]
Then we have the following.
Proposition 5**.**
Let be a number field. There is a 2:1 correspondence between the set of -rational points on the elliptic surface and the set of Jacobians which are reducible over .
Proof.
Every pair of -rational points in gives the dihedral invariants which determine the field of moduli of the genus 2 curve . Since has extra involutions then is defined over the field of moduli. Hence, is defined over . The fact that is rational means that the -invariants and of elliptic components take values . Hence, and and are defined over .
The isogeny
[TABLE]
is defined by where , are as in Section 3.2. Since are defined over , then the isogeny is defined over .
∎
Next we turn our attention to isogenies between and . We have the following.
Proposition 6**.**
Let be a genus curve with -decomposable Jacobian and , its elliptic components. There is a one to one correspondence between genus curves defined over such that there is a degree isogeny and -rational points on the modular curve given in terms of and .
Proof.
If is defined over then the corresponding since they are in the field of moduli of , which is contained in . Conversely, if and satisfy the equation of then we can determine the equation of in terms of and as in [main].
∎
Let us now explicitly check whether elliptic components of are isogenous to each other. First we focus on the -dimensional loci, for .
Proposition 7**.**
For there are only finitely many curves defined over with -decomposable Jacobian and such that is -isogenous to .
Proof.
Let us now check if elliptic components are isogenous for . By replacing in the modular curve we get a curve
[TABLE]
This curve is symmetric in and and fixed by the -action described in the preliminaries. Therefore, such curve can be written in terms of the and ,
[TABLE]
We display all the computations below.
Let . is
[TABLE]
where and are
[TABLE]
[TABLE]
Notice that each one of these components has genus . From Falting’s theorem [Faltings] there are only finitely many -rational points.
Let . Then, from equation Eq. 13 and we have:
[TABLE]
where and are
[TABLE]
[TABLE]
Thus, there is a isogeny of degree 3 between and if and only if and satisfy equation Eq. 19. The vanishing of the first factor is equivalent to . So, if then and are isogenous of degree 3. The other factors are curves of genus and from [Faltings] have only finitely many -rational points.
For cases we only get one irreducible component, which in both cases is a curve of genus . We don’t display those equations here. Using [Faltings] we conclude the proof.
∎
Next we consider the case when . First notice that the invariants and are roots of the quadratic Eq. 15. If , then and are in the same conjugacy class. There are again two conjugacy classes of elliptic involutions in . Thus, there are two degree 2 elliptic subfields (up to isomorphism) of . One of them is determined by double root of the Eq. 15, for . Next, we determine the j-invariant of the other degree elliptic subfield and see how it is related to .
If then and the set of Weierstrass points
[TABLE]
Then, . Involutions of are , , . Since and fix no points of the they lift to involutions in . They each determine a pair of isomorphic elliptic subfields. The -invariant of elliptic subfield fixed by is the double root of Eq. 15, namely
[TABLE]
To find the -invariant of the elliptic subfields fixed by we look at the degree covering , such that , , , and . This covering is, . The branch points of are . From Lem. 3 the elliptic subfields and have 2-torsion points . The j-invariants of and are
[TABLE]
Then, we have the following result.
Proposition 8**.**
Let be a genus curve with and , , , as above. Then is -isogenous with and there are only finitely many genus curves defined over such that is -isogenous to for .
Proof.
By substituting and into the we get that
[TABLE]
We don’t display the and , but they are high genus curves. This completes the proof. ∎
4.2. reducible Jacobian surfaces
In this section we focus on genus curves with -split Jacobians. This case was studied in detail in[deg3], where it was proved that if is a genus field over and the number of -classes of elliptic subfields of of degree , then
i) , or
ii) if and only if the classical invariants of satisfy the irreducible equation displayed in [deg3, Appendix A].
There are exactly two genus curves (up to isomorphism) with . The case (resp., ) occurs for a -dimensional (resp., -dimensional) family of genus curves. We are interested on the -dimensional family, since the case is the singular locus of the case .
We let be a genus 2 curve define over , , and its function field.
Definition 1**.**
A non-degenerate pair (resp., degenerate pair) is a pair such that is a genus curve with a degree elliptic subcover where is ramified in two (resp., one) places. Two such pairs and are called isomorphic if there is a -isomorphism mapping .
If is a non-degenerate pair, then can be parameterized as follows
[TABLE]
where and the discriminant
[TABLE]
of the sextic is nonzero. We let . For the degree coverings are given by and where
[TABLE]
and the elliptic curves have equations:
[TABLE]
where
[TABLE]
The mapping such that , has degree .
We define the following invariants of two cubic polynomials. For and define
[TABLE]
We denote by the resultant of and and by the discriminant of . Also, , , and . In [Vishi] it was shown that , and form a complete system of invariants for unordered pairs of cubics. For and as in Eq. 24 we have
[TABLE]
It was shown in [deg3] that the function field of the locus , genus 2 curves with reducible Jacobians, is exactly .
Lemma 5**.**
.
By eliminating and we have rational expressions of absolute invariants in terms of and as in [deg3, Eq. (19)]. We can take
[TABLE]
Hence, we have
[TABLE]
It would be an interesting problem to determine for what values of and the curve is defined over the field of moduli.
4.2.1. Elliptic components
We express the j-invariants of the elliptic components of , from Eq. Eq. 26, in terms of and as follows:
[TABLE]
where . Moreover, we can express and in terms of the and invariants as follows:
Lemma 6**.**
The -invariants of the elliptic components satisfy the following quadratic equations over ;
[TABLE]
*where *
[TABLE]
Proof.
Substitute and as in Eq. Eq. 28 in equation Eq. Eq. 29. ∎
Remark 3**.**
The computation of the above equation is rather involved; see [deg3] or [sh-comm] for details. Notice that if is defined over a field then . The converse is not necessarily true.
Invariants and are modular invariants similar to the case and can be expressed in terms of the Siegel modular forms or equivalently in terms of the Igusa arithmetic invariants.
Let be the field of moduli of . The discriminant of the quadratic in Eq. 29 is given by
[TABLE]
Notice that this is a perfect square if and only if the second factor is a perfect square in . Similarly with the case we define the following;
[TABLE]
where
[TABLE]
is the second factor in the discriminant . Even in this case there is a degree 2 covering
[TABLE]
from to the space of genus 2 curves with -reducible Jacobians.
Lemma 7**.**
Let be a genus 2 curve with reducible Jacobian. The elliptic components of are defined over the field of moduli of only when is a complete square in or equivalently when the surface , has -rational point.
Proof.
The proof is similar to that of the case . Invariants are in the field of moduli of ; see [deg3]. When the surface , has -rational point that means that and therefore and are defined over .
∎
Notice that in this case the curve is not necessarily defined over its field of moduli . In [m-sh] we determine exact conditions when this happens.
4.2.2. Isogenies between the elliptic components
Now let us consider the case when . In an analogous way with the case we will study the locus which represents the modular curve . For prime, two elliptic curves are -isogenous if and only if . We will consider the case when , and . We will omit part of the formulas since they are big to display.
Proposition 9**.**
Let be a genus curve with -split Jacobian and , its elliptic subcovers. There are only finitely many genus curves defined over such that is -isogenous to .
Proof.
Let be the modular polynomial of level . As in the previous section, we let and . Then, can be written in terms of . We replace and by expressions in Eq. Eq. 30. We get a curve in , of genus 169. From Faltings theorem there are only finitely many -rational points . Since, is the field of moduli of , then can not be defined over if are not in . This completes the proof.
∎
Let us now consider the other cases. If , then the curve can be expressed in terms of the invariants and computations show that the locus becomes
[TABLE]
where is a genus zero component given by
[TABLE]
while the other component has genus . To conclude about the number of -isogenies between and we have to check for rational points in the conic .
The computations for the case shows similar results. The locus becomes
[TABLE]
where is a genus zero component and is a curve with singularities.
Also the case show that the curve becomes
[TABLE]
where is a genus zero component and is a genus one curve. Summarizing we have the following remark.
Proposition 10**.**
Let be a genus curve with -split Jacobian and , its elliptic subcovers. There are possibly infinite families of genus curves defined over such that is -isogenous to , when .
As a final remark we would like to mention that we can perform similar computations for by using the equation of as computed in [deg5]. One can possibly even investigate cases for by using results of [kumar]. However, the computations will be much more complicated.
We summarize our results in the following theorem.
Theorem 4**.**
Let be e genus 2 curve, defined over a number field , and with canonical principal polarization , such that is geometrically reducible to . Then the following hold:
**i): **
If and then there are finitely many elliptic components defined over and -isogenous to each other
**ii): **
If and then
a) there are infinitely many elliptic components defined over and -isogenous to each other
b) there are finitely many elliptic components defined over and -isogenous to each other
**iii): **
If then
a) there are finitely many elliptic components defined over and -isogenous to each other
b) there are possible infinitely many elliptic components defined over and -isogenous to each other
Proof.
From [frey-shaska, Thm. 32] or [zarhin] we have that . Consider now the case when and . From Prop. 7 we have the result. If then from Prop. 8 we have the result ii).
Part iii) a) follows from Prop. 9 and part iii) b) from Prop. 10.
∎
Corollary 2**.**
Let be a 2-dimensional Jacobian variety, defined over a number field , and isogenous to the product of elliptic curves . Then there are infinitely many curves defined over and -isogenous to each other.
Proof.
We computationally check that the corresponding conic has a -rational point.
∎
As a final remark we would like to add that we are not aware of any other methods, other than computational ones, to determine for which pairs we have many -rational elliptic components.
5. Kummer and Shioda-Inose surfaces of reducible Jacobians
Consider a genus two curve with -decomposable Jacobian and , its elliptic components. We continue our discussion of Kummer and Shioda-Inose surfaces of started in Section 3.4.
Malmendier and Shaska in [m-sh-2] proved that as a genus two curve varies the Shioda-Inose surface fits into the following forur parameter family in given in terms of the variables by the equation
[TABLE]
where the parameters can be given in terms of the Igusa-Clebsch invariants by
[TABLE]
Denote by the moduli space of the Shioda-Inose surfaces given in Eq. 36 and the locus in of -reducible genus 2 curves. Then there is a map
[TABLE]
such that every curve goes to the corresponding . Then we have the following:
Proposition 11**.**
For the map is given as follows:
i) If then the Shioda-Inose surface is given by Eq. 35 for
[TABLE]
ii) if then the Shioda-Inose surface is given by Eq. 35 for
[TABLE]
Proof.
Case i) is a direct substitution of , given in terms of and in [deg2], in Eq. 36. To prove case ii) we first express the Igusa invariants in terms of and . Then using Eq. 36 we have the desired result.
∎
Remark 4**.**
It was shown in [deg2] (resp. [deg3]) that invariants and (resp. and ) are modular invariants given explicitly in terms of the genus 2 Siegel modular forms.
Corollary 3**.**
Let be e genus 2 curve, defined over a number field , with canonical principal polarization , such that is geometrically reducible to and is -isogenous to . There are only finitely many surfaces defined over such that
**i): **
, , and .
**ii): **
, , and .
**iii): **
* and *
Proof.
The Eq. 35 of the surface is defined over when and (resp. and ) are defined over . From Thm. 4 we know that there are only finitely many -rational ordered pairs (resp. )).
∎
If the elliptic curves are defined by the equations
[TABLE]
then an affine singular model of the is given as follows
[TABLE]
The map
[TABLE]
is an elliptic fibration, which in the literature it is known as Kummer pencil. This elliptic fibration has geometric sections that are defined only over the extension .
Take a parameter such that and consider Eq. 39 as a family of cubic curves in over the field . This family has a rational point and using this rational point we can get the Weierstrass form of the Eq. 39 as follows
[TABLE]
where and are respectively the discriminant of the elliptic curves and . Note that if we choose other equations of and then we get an isomorphic equation for the Kummer surface. Setting in the above equation we get an elliptic curve which will be denoted with and the Néron-Severi model of this elliptic curve over is called the *Inose surface * associated with and , see [kumar-kuwata] for more details.
Definition 2**.**
For let be a parameter satisfying . Define the elliptic curve over by
[TABLE]
Note that the Kodaira-Néron model of is a surface for but not for .
The following proposition is a direct consequence of [kumar-kuwata, Prop. 2.9] and Thm. 4.
Lemma 8**.**
Let be an -decomposable Jacobian and , its elliptic components. For there are infinitely many values for and such that the Mordell-Weil groups and have rank 18.
Proof.
From Thm. 4 we know that for there are infinitely many curves that are isogenous to . From [kumar-kuwata, Prop. 2.9] we have that if is isogenous to and they have complex multiplication, then the rank of and is .
∎
Corollary 4**.**
The field of definition of the Mordell-Weil group of is contained in , for almost all .
Proof.
From Thm. 4 we know that for almost all -Jacobians, , is not isogenous to . The result follows as a consequence of [kumar-kuwata, Thm.2.10 (i)].
∎
5.1. Kummer surfaces in positive characteristic and applications to cryptography
Supersingular isogeny based cryptography currently uses elliptic curves that are defined over a quadratic extension field of a non-binary field and such that its entire -torsion is -rational. More specifically implementations of supersingular isogeny Diffie Hellman (SIDH) fix a large prime field with for , construct and work with supersingular isogeny elliptic curves over whose group structures are all isomorphic to . Hence, all such elliptic curves have full rational -torsion and can be written in Montgomery form.
What is the relation between the Abelian surfaces defined over when the elliptic components are supersingular Montgomery curves defined over ? This is relevant in supersingular isogeny based cryptography since computing isogenies in the Kummer surface associated to supersingular Jacobians is much more efficient than computing isogenies in the full Jacobian group.
In [costello] are studied -reducible Jacobians and it is pointed out that most of the literature on the topic studies the splitting of over the algebraic closure . However, form our Lem. 4 we get necessary and sufficient conditions when splits over .
From [deg2] we know that for a curve , we can choose the curve to have equation
[TABLE]
and its elliptic subcovers have equations and .
We can reverse the above construction as follows. Let and for . Consider the following supersingular Montgomery curve
[TABLE]
for and such that , for some . Then by lifting to a genus 2 curve we get a genus two curve given as follows
[TABLE]
where
[TABLE]
Then, Thus, is -reducible with elliptic components the above curves.
The Weil restriction of the 1-dimensional variety is the the variety
[TABLE]
where
[TABLE]
are obtained by putting , , , and for .
In [costello] it was proved the following:
Lemma 9**.**
Let and be as defined above. Then, the Weil restriction of is -isogenous to the Jacobian i.e.
[TABLE]
Moreover, since is supersingular then is supersingular.
From our results in the previous section we have that
Corollary 5**.**
Let be defined over . Then, is reducible over if and only if is a complete square in or equivalently has points.
Proof.
Since the equation of both elliptic components is defined over their field of moduli that means that their minimal field of definition is determined by their -invariants. Such invariants are defined over if and only if when in Eq. 14 is a complete square in .
∎
What about -reducible Jacobians? The situation is slightly different. The main reason is that a curve is not necessarily defined over its field of moduli. However, if we start with a curve defined over , then from Lem. 7 we can determine precisely when splits over . The above construction via the Weils restriction is a bit more complicated for curves in . Further details will be provided in [b-sh-2019].
6. Further remarks
The case for the Kummer approach in supersingular isogeny-based cryptography would be much stronger if it were able to be applied efficiently for both parties. There has been some explicit work done in the case of (3, 3) [deg3] and (5, 5)-isogenies [deg5], but those situations are much more complicated than the case of Richelot isogenies.
As pointed out by Costello in the last paragraph of [costello]: One hope in this direction is the possibility of pushing odd degree l-isogeny maps from the elliptic curve setting to the Kummer setting. This was difficult in the case of 2-isogenies because the maps themselves are (2, 2)- isogenies, but in the case of odd degree isogenies there is nothing obvious preventing this approach.
We intend to further investigate the case of reducible Jacobians in [b-sh-2019].
References
