Infrastructure (number theory)

In mathematics, an infrastructure is a group-like structure appearing in global fields.

Historic development

In 1972, D. Shanks first discovered the infrastructure of a real quadratic number field and applied his baby-step giant-step algorithm to compute the regulator of such a field in $\mathcal(D^)$ binary operations (for every $\varepsilon > 0$), where $D$ is the discriminant of the quadratic field; previous methods required $\mathcal(D^)$ binary operations.D. Shanks: The infrastructure of a real quadratic field and its applications. Proceedings of the Number Theory Conference (Univ. Colorado, Boulder, Colo., 1972), pp. 217-224. University of Colorado, Boulder, 1972. Ten years later, H. W. Lenstra publishedH. W. Lenstra Jr.: On the calculation of regulators and class numbers of quadratic fields. Number theory days, 1980 (Exeter, 1980), 123–150, London Math. Soc. Lecture Note Ser., 56, Cambridge University Press, Cambridge, 1982. a mathematical framework describing the infrastructure of a real quadratic number field in terms of "circular groups". It was also described by R. SchoofR. J. Schoof: Quadratic fields and factorization. Computational methods in number theory, Part II, 235–286, Math. Centre Tracts, 155, Math. Centrum, Amsterdam, 1982. and H. C. Williams,H. C. Williams: Continued fractions and number-theoretic computations. Number theory (Winnipeg, Man., 1983). Rocky Mountain J. Math. 15 (1985), no. 2, 621–655. and later extended by H. C. Williams, G. W. Dueck and B. K. Schmid to certain cubic number fields of unit rank oneH. C. Williams, G. W. Dueck, B. K. Schmid: A rapid method of evaluating the regulator and class number of a pure cubic field. Math. Comp. 41 (1983), no. 163, 235–286. G. W. Dueck, H. C. Williams: Computation of the class number and class group of a complex cubic field. Math. Comp. 45 (1985), no. 171, 223–231. and by J. Buchmann and H. C. Williams to all number fields of unit rank one.J. Buchmann, H. C. Williams: On the infrastructure of the principal ideal class of an algebraic number field of unit rank one. Math. Comp. 50 (1988), no. 182, 569–579. In his habilitation thesis, J. Buchmann presented a baby-step giant-step algorithm to compute the regulator of a number field of ''arbitrary'' unit rank.J. Buchmann: Zur Komplexität der Berechnung von Einheiten und Klassenzahlen algebraischer Zahlkörper. Habilitationsschrift, Düsseldorf, 1987
PDF
/ref> The first description of infrastructures in number fields of arbitrary unit rank was given by R. Schoof using Arakelov divisors in 2008.R. Schoof: Computing Arakelov class groups. (English summary) Algorithmic number theory: lattices, number fields, curves and cryptography, 447–495, Math. Sci. Res. Inst. Publ., 44, Cambridge University Press, 2008.
PDF
/ref>

The infrastructure was also described for other global fields, namely for algebraic function fields over finite fields. This was done first by A. Stein and H. G. Zimmer in the case of real hyperelliptic function fields.A. Stein, H. G. Zimmer: An algorithm for determining the regulator and the fundamental unit of hyperelliptic congruence function field. In "Proceedings of the 1991 International Symposium on Symbolic and Algebraic Computation, ISSAC '91," Association for Computing Machinery, (1991), 183–184. It was extended to certain cubic function fields of unit rank one by R. Scheidler and A. Stein.R. Scheidler, A. Stein: Unit computation in purely cubic function fields of unit rank 1. (English summary) Algorithmic number theory (Portland, OR, 1998), 592–606, Lecture Notes in Comput. Sci., 1423, Springer, Berlin, 1998. R. Scheidler: Ideal arithmetic and infrastructure in purely cubic function fields. (English, French summary) J. Théor. Nombres Bordeaux 13 (2001), no. 2, 609–631. In 1999, S. Paulus and H.-G. Rück related the infrastructure of a real quadratic function field to the divisor class group.S. Paulus, H.-G. Rück: Real and imaginary quadratic representations of hyperelliptic function fields. (English summary) Math. Comp. 68 (1999), no. 227, 1233–1241. This connection can be generalized to arbitrary function fields and, combining with R. Schoof's results, to all global fields.

One-dimensional case

Abstract definition

A one-dimensional (abstract) infrastructure $(X, d)$ consists of a real number $R > 0$, a finite set $X \neq \emptyset$ together with an injective map $d : X \to \mathbb/R\mathbb$.F. Fontein: Groups from cyclic infrastructures and Pohlig-Hellman in certain infrastructures. (English summary) Adv. Math. Commun. 2 (2008), no. 3, 293–307. The map $d$ is often called the ''distance map''.

By interpreting $\mathbb/R\mathbb$ as a circle of circumference $R$ and by identifying $X$ with $d(X)$, one can see a one-dimensional infrastructure as a circle with a finite set of points on it.

Baby steps

A baby step is a unary operation $bs : X \to X$ on a one-dimensional infrastructure $(X, d)$. Visualizing the infrastructure as a circle, a baby step assigns each point of $d(X)$ the next one. Formally, one can define this by assigning to $x \in X$ the real number $f_x := \inf\$; then, one can define $bs(x) := d^(d(x) + f_x)$.

Giant steps and reduction maps

Observing that $\mathbb/R\mathbb$ is naturally an abelian group, one can consider the sum $d(x) + d(y) \in \mathbb/R\mathbb$ for $x, y \in X$. In general, this is not an element of $d(X)$. But instead, one can take an element of $d(X)$ which lies ''nearby''. To formalize this concept, assume that there is a map $red : \mathbb/R\mathbb \to X$; then, one can define $gs(x, y) := red(d(x) + d(y))$ to obtain a binary operation $gs : X \times X \to X$, called the giant step operation. Note that this operation is in general ''not'' associative.

The main difficulty is how to choose the map $red$. Assuming that one wants to have the condition $red \circ d = \mathrm_X$, a range of possibilities remain. One possible choice is given as follows: for $v \in \mathbb/R\mathbb$, define $f_v := \inf\$; then one can define $red(v) := d^(v - f_v)$. This choice, seeming somewhat arbitrary, appears in a natural way when one tries to obtain infrastructures from global fields. Other choices are possible as well, for example choosing an element $x \in d(X)$ such that $, d(x) - v,$ is minimal (here, $, d(x) - v,$ is stands for $\inf\$, as $d(x)$ is of the form $v + R\mathbb$); one possible construction in the case of real quadratic hyperelliptic function fields is given by S. D. Galbraith, M. Harrison and D. J. Mireles Morales.S. D. Galbraith, M. Harrison, D. J. Mireles Morales: Efficient hyperelliptic arithmetic using balanced representation for divisors. (English summary) Algorithmic number theory, 342–356, Lecture Notes in Comput. Sci., 5011, Springer, Berlin, 2008.

Relation to real quadratic fields

D. Shanks observed the infrastructure in real quadratic number fields when he was looking at cycles of reduced binary quadratic forms. Note that there is a close relation between reducing binary quadratic forms and continued fraction expansion; one step in the continued fraction expansion of a certain quadratic irrationality gives a unary operation on the set of reduced forms, which cycles through all reduced forms in one equivalence class. Arranging all these reduced forms in a cycle, Shanks noticed that one can quickly jump to reduced forms further away from the beginning of the circle by composing two such forms and reducing the result. He called this binary operation on the set of reduced forms a giant step, and the operation to go to the next reduced form in the cycle a baby step.

Relation to $\mathbb/R\mathbb$

The set $\mathbb/R\mathbb$ has a natural group operation and the giant step operation is defined in terms of it. Hence, it makes sense to compare the arithmetic in the infrastructure to the arithmetic in $\mathbb/R\mathbb$. It turns out that the group operation of $\mathbb/R\mathbb$ can be described using giant steps and baby steps, by representing elements of $\mathbb/R\mathbb$ by elements of $X$ together with a relatively small real number; this has been first described by D. Hühnlein and S. PaulusD. Hühnlein, S. Paulus: On the implementation of cryptosystems based on real quadratic number fields (extended abstract). Selected areas in cryptography (Waterloo, ON, 2000), 288–302, Lecture Notes in Comput. Sci., 2012, Springer, 2001. and by M. J. Jacobson, Jr., R. Scheidler and H. C. WilliamsM. J. Jacobson Jr., R. Scheidler, H. C. Williams: The efficiency and security of a real quadratic field based key exchange protocol. Public-key cryptography and computational number theory (Warsaw, 2000), 89–112, de Gruyter, Berlin, 2001 in the case of infrastructures obtained from real quadratic number fields. They used floating point numbers to represent the real numbers, and called these representations CRIAD-representations resp. $(f, p)$-representations. More generally, one can define a similar concept for all one-dimensional infrastructures; these are sometimes called $f$-representations.

A set of $f$-representations is a subset $fRep$ of $X \times \mathbb/R\mathbb$ such that the map $\Psi_ : fRep \to \mathbb/R\mathbb, \; (x, f) \mapsto d(x) + f$ is a bijection and that $(x, 0) \in fRep$ for every $x \in X$. If $red : \mathbb/R\mathbb \to X$ is a reduction map, $fRep_ := \$ is a set of $f$-representations; conversely, if $fRep$ is a set of $f$-representations, one can obtain a reduction map by setting $red(f) = \pi_1(\Psi_^(f))$, where $\pi_1 : X \times \mathbb/R\mathbb \to X, \; (x, f) \mapsto x$ is the projection on $X$. Hence, sets of $f$-representations and reduction maps are in a one-to-one correspondence.

Using the bijection $\Psi_ : fRep \to \mathbb/R\mathbb$, one can pull over the group operation on $\mathbb/R\mathbb$ to $fRep$, hence turning $fRep$ into an abelian group $(fRep, +)$ by $x + y := \Psi_^(\Psi_(x) + \Psi_(y))$, $x, y \in fRep$. In certain cases, this group operation can be explicitly described without using $\Psi_$ and $d$.

In case one uses the reduction map $red : \mathbb/R\mathbb \to X, \; v \mapsto d^(v - \inf\)$, one obtains $fRep_ = \$. Given $(x, f), (x', f') \in fRep_$, one can consider $(x'', f'')$ with $x'' = gs(x, x')$ and $f'' = f + f' + (d(x) + d(x') - d(gs(x, x'))) \ge 0$; this is in general no element of $fRep_$, but one can reduce it as follows: one computes $bs^(x'')$ and $f'' - (d(x'') - d(bs^(x'')))$; in case the latter is not negative, one replaces $(x'', f'')$ with $(bs^(x''), f'' - (d(x'') - d(bs^(x''))))$ and continues. If the value was negative, one has that $(x'', f'') \in fRep_$ and that $\Psi_(x, f) + \Psi_(x', f') = \Psi_(x'', f'')$, i.e. $(x, f) + (x', f') = (x'', f'')$.

References

{{DEFAULTSORT:Infrastructure (Number Theory)
Algebra
Algebraic structures