HAL Id: hal-00828070

HAL Id: hal-00828070

https://hal.archives-ouvertes.fr/hal-00828070

Submitted on 31 May 2013

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Shimura modular curves and asymptotic symmetric tensor rank of multiplication in any finite field

Stéphane Ballet, Jean Chaumine, Julia Pieltant

To cite this version:

Stéphane Ballet, Jean Chaumine, Julia Pieltant. Shimura modular curves and asymptotic symmetric

tensor rank of multiplication in any finite field. Conference on Algebraic Informatics, Sep 2013,

Porquerolles Island, France. pp.160-172, �10.1007/978-3-642-40663-8_16�. �hal-00828070�

symmetric tensor rank of multiplication in any finite field

St´ephane Ballet¹, Jean Chaumine², and Julia Pieltant³

1 Aix-Marseille Universit´e, CNRS IML FRE 3529 Case 930, 13288 Marseille Cedex 9, France

stephane.ballet@univ-amu.fr

2 Universit´e de la Polyn´esie Fran¸caise, GAATI EA 3893 B.P. 6570, 98702 Faa’a, Tahiti, France

jean.chaumine@upf.pf

3 INRIA Saclay, LIX, ´Ecole Polytechnique, 91128 Palaiseau Cedex, France pieltant@lix.polytechnique.fr

Abstract. We obtain new asymptotical bounds for the symmetric ten- sor rank of multiplication in any finite extension of any finite fieldFq. In this aim, we use the symmetric Chudnovsky-type generalized algorithm applied on a family of Shimura modular curves defined overFq² attain- ing the Drinfeld-Vl˘adut¸ bound and on the descent of this family over the definition fieldFq.

Keywords: Algebraic function field, tower of function fields, tensor rank, algorithm, finite field, modular curve, Shimura curve.

1 Introduction

1.1 General context

The determination of the tensor rank of multiplication in finite fields is a problem which has been widely studied over the past decades both for its theoretical and practical importance. Besides it allows one to obtain multiplication algorithms with a low bilinear complexity, which determination is of crucial significance in cryptography, it has also its own interest in algebraic complexity theory. The pioneer work of D.V. and G.V. Chudnovsky [15] resulted in the design of a Karatsuba-like algorithm where the interpolation is done on points of algebraic curves with a sufficient number of rational points over the ground field. Follow- ing these footsteps, several improvements and generalizations of this algorithm leading to ever sharper bounds have been proposed since by various authors [9, 1, 14, 19], and have required to investigate and combine different techniques and objects from algebraic geometry such as evaluations on places of arbitrary de- gree, generalized evaluations, towers of algebraic function fields. . . Furthermore, a lot of connexions with other topics have been made : Shparlinski, Tsfasman and Vl˘adut¸ [21] have first developed a correspondence between decompositions

of the tensor of multiplication and a family of linear codes with good param- eters that they called(exact) supercodes. These codes, renamedmultiplication friendly codes, had recently be more extensively studied and exploited by Cas- cudo, Cramer, Xing and Yang [13] to obtain good asymptotic results on the ten- sor rank. Moreover they combined their notion of multiplication friendly codes with two newly introduced primitives for function fields over finite fields [11], namely the torsion limit and systems of Riemann-Roch equations, to get news results not only on asymptotic tensor rank but also on linear secret sharing sys- tems and frameproof codes. This stresses that the tensor rank determination problem has just as many mathematical interests as consequences and applica- tions in various domains of computer science.

1.2 Tensor rank of multiplication

Let q = p^s be a prime power, Fq be the finite field with q elements and Fqⁿ

be the degree n extension of F^q. The multiplication of two elements of F^qn is anFq-bilinear application from Fqⁿ×Fqⁿ onto Fqⁿ. Then it can be considered as anFq-linear application from the tensor productFqⁿ⊗_FqFqⁿ ontoFqⁿ. Con- sequently it can be also considered as an element T of (Fqⁿ⊗_FqFqⁿ)^?⊗_FqFqⁿ, namely an element ofFqⁿ?

⊗_FqFqⁿ?

⊗_FqFqⁿ. More precisely, whenT is written T =

r

X

i=1

x^?_i ⊗y^?_i ⊗c_i, (1)

where ther elementsx^?_i and therelementsy^?_i are in the dualFqⁿ?

of Fqⁿ and therelementsci are inFqⁿ, the following holds for anyx, y∈Fqⁿ:

x·y=

r

X

i=1

x^?_i(x)y_i^?(y)ci.

Unfortunately, the decomposition (1) is not unique.

Definition 1. The minimal number of summands in a decomposition of the ten- sor T of the multiplication is called the bilinear complexity of the multiplication and is denoted byµq(n):

µq(n) = min (

r T =

r

X

i=1

x^?_i ⊗y^?_i ⊗ci

) .

However, the tensorT admits also a symmetric decomposition:

T =

r

X

i=1

x^?_i ⊗x^?_i ⊗ci. (2)

Definition 2. The minimal number of summands in a symmetric decomposition of the tensorT of the multiplication is called the symmetric bilinear complexity of the multiplication and is denoted byµ^sym_q (n):

µ^sym_q (n) = min (

r T =

r

X

i=1

x^?_i ⊗x^?_i ⊗ci

) .

One easily gets that µq(n)≤µ^sym_q (n). We know some cases where µq(n) =µ^sym_q (n) but to the best of our knowledge, no example is known where we can prove that µ_q(n)< µ^sym_q (n). However, better upper bounds have been established in the asymmetric case and this may suggest that in general the asymmetric bilinear complexity of the multiplication and the symmetric one are distinct. In any case, at the moment, we must consider separately these two quantities. Remark that from an algorithmic point on view, as well as for some specific applications, a symmetric bilinear algorithm can be more interesting than an asymmetric one, unless if a priori, the constant factor in the bilinear complexity estimation is a little worse. In this note we study the asymptotic be- havior of the symmetric bilinear complexity of the multiplication. More precisely we study the two following quantities:

M_q^sym= lim sup

k→∞

µ^sym_q (k)

k , (3)

m^sym_q = lim inf

k→∞

µ^sym_q (k)

k . (4)

1.3 Known results

The bilinear complexity µ_q(n) of the multiplication in the n-degree extension of a finite field Fq is known for certain values of n. In particular, S. Winograd [24] and H. de Groote [16] have shown that this complexity is ≥2n−1, with equality holding if and only if n≤¹₂q+ 1. Using the principle of the D.V. and G.V. Chudnovsky algorithm [15] applied to elliptic curves, M.A. Shokrollahi has shown in [20] that the symmetric bilinear complexity of multiplication is equal to 2nfor ¹₂q+ 1< n < ¹₂(q+ 1 +(q)) where is the function defined by:

(q) =

greatest integer≤2√

qprime toq, ifq is not a perfect square 2√

q, ifqis a perfect square.

Moreover, U. Baum and M.A. Shokrollahi have succeeded in [10] to construct effective optimal algorithms of type Chudnovsky in the elliptic case.

Recently in [3], [4], [9], [8], [7], [6] and [5] the study made by M.A. Shokrollahi has been generalized to algebraic function fields of genusg.

Let us recall that the original algorithm of D.V. and G.V. Chudnovsky in- troduced in [15] is symmetric by definition and leads to the following theorem:

Theorem 3. Let q=p^r be a power of the prime p. The symmetric tensor rank µ^sym_q (n) of multiplication in any finite field Fqⁿ is linear with respect to the extension degree; more precisely, there exists a constantC_q such that:

µ^sym_q (n)≤C_qn.

General forms for C_q have been established since, depending on the cases whereqis a prime or a prime power, a square or not. . . In order to obtain these good estimates for the constantC_q, S. Ballet has given in [3] some easy to verify conditions allowing the use of the D.V. and G.V. Chudnovsky algorithm. Then S. Ballet and R. Rolland have generalized in [9] the algorithm using places of degree one and two. The best finalized version of this algorithm in this direc- tion is a generalization introduced by N. Arnaud in [1] and developed later by M. Cenk and F. ¨Ozbudak in [14]. This generalization uses several coefficients, instead of just the first one in the local expansion at each place on which we perform evaluations. Recently, Randriambolona introduced in [19] a new gener- alization of the algorithm, which allows asymmetry in the construction.

From the results of [3] and the generalized symmetric algorithm, we obtain (cf. [3], [9]):

Theorem 4. Let q be a prime power and letn >1 be an integer. Let F/Fq be an algebraic function field of genusg andNk be the number of places of degree k inF/Fq. If F/Fq is such that 2g+ 1≤qⁿ⁻¹² (q¹² −1)then:

1) if N₁>2n+ 2g−2, then

µ^sym_q (n)≤2n+g−1,

2) if there exists a non-special divisor of degreeg−1andN1+ 2N2>2n+ 2g−2, then

µ^sym_q (n)≤3n+ 3g, 3) if N1+ 2N2>2n+ 4g−2, then

µ^sym_q (n)≤3n+ 6g.

Theorem 5. Let qbe a square ≥25. Then m^sym_q ≤2

1 + 1

√q−3

.

Moreover, let us recall a very useful lemma due to D.V. and G.V. Chud- novsky [15] and Shparlinski, Tsfasman and Vl˘adut¸ [21, Lemma 1.2 and Corollary 1.3].

Lemma 6. For any prime power q and for all positive integers n andm, one has

µq(m)≤µq(mn)≤µq(n)·µqⁿ(m), mq ≤mqⁿ·µq(n)/n,

Mq≤Mqⁿ·µq(n).

Note that these inequalities are also true in the symmetric case. Recall the following definitions that will be useful in the sequel. Let F/Fq be a function field over the finite fieldFq andN₁(F) be the number of places of degree one of F/F^q. Let us define:

N_q(g) = maxn N₁(F)

F is a function field over Fq of genusgo and

A(q) = lim sup

g→+∞

Nq(g) g . We know that (Drinfeld-Vl˘adut¸ bound):

A(q)≤q¹² −1, the bound being reached if and only ifqis a square.

2 New upper bounds for m

and M

In this section, we give upper bounds for the asymptotical quantitiesM_q^symand m^sym_q which are defined respectively by (3) and (4). As was noted in [11, p. 694]

and more precisely in [12, Section 5] (cf. also [18]), Theorems 3.1 and 3.9 in [21] are not completely correct. We are going to repair that in the following two propositions.

Proposition 7. Let qbe a prime power such that A(q)>2. Then m^sym_q ≤2

1 + 1

A(q)−2

.

Proof. Let{Fs/Fq}s be a sequence of algebraic function fields defined overFq. Let us denote by g_s the genus of F_s/Fq and by N₁(s) the number of places of degree 1 ofF_s/Fq. Suppose that the sequence (F_s/Fq)_swas chosen such that:

1. lims→+∞gs= +∞, 2. lim_s→+∞^N1_g^(s)

s =A(q).

Letbe any real number such that 0< <^A(q)₂ −1. Let us define the following integer

ns=

N1(s)−2gs(1 +) 2

.

Let us remark that

N₁(s) =g_sA(q) +o(g_s), soN1(s)−2(1 +)gs=gs A(q)−2(1 +)

+o(gs).

Then the following holds:

1. there exists an integers₀ such that for any s≥s₀ the integern_sis strictly positive,

2. for any real number c such that 0 < c < A(q)−2(1 +) there exists an integer s1 such that for any integer s≥ s1 the following holds: ns ≥ ₂^cgs, hencenstends to +∞,

3. there exists an integers2such that for any integers≥s2the following holds:

2g_s+ 1≤q^ns−12

q¹² −1

and consequently there exists a place of degreen_s (cf. [22, Corollary 5.2.10 (c) p. 207]),

4. the following inequality holds:N₁(s)>2n_s+ 2g_s−2 and consequently, using Theorem 4 we conclude thatµ^sym_q (n_s)≤2n_s+g_s−1.

Consequently,

µ^sym_q (n_s)

n_s ≤2 +gs−1 n_s , so

m^sym_q ≤2 + lim

s→+∞

2gs−2

N1(s)−2(1 +)gs−2 ≤2

1 + 1

A(q)−2(1 +)

.

This inequality holding for any >0 sufficiently small, we then obtain the result.

u t

Corollary 8. Let q=p^m be a prime power such thatq≥4. Then m^sym_q2 ≤2

1 + 1

q−3

.

Note that this corollary lightly improves Theorem 5. Now in the case of arbitraryq, we obtain:

Corollary 9. For any q=p^m>3, m^sym_q ≤3

1 + 1

q−3

.

Proof. For any q=p^m>3, we haveq²=p^2m≥16 and thus Corollary 8 gives m^sym_q2 ≤2

1 +_q−3¹

. Then, by Lemma 6, we have m^sym_q ≤m^sym_q2 ·µ^sym_q (2)/2

which gives the result since µ^sym_q (2) = 3 for anyq. ut Now, we are going to show that forM_q^symthe same upper bound as form^sym_q can be proved though only in the case of q being an even power of a prime.

However, we are going to prove that in the case of q being an odd power of a prime, the difference between the two bounds is very slight.

Proposition 10. Let q=p^m be a prime power such thatq≥4. Then M_q^sym2 ≤2

1 + 1

q−3

.

Proof. Let q = p^m be a prime power such that q ≥ 4. Let us consider two cases. First, we suppose that q=p. Moreover, firstly, let us consider the char- acteristic p such that p6= 11. Then it is known ([23] and [21]) that the curve X_k = X₀(11`<sub>k</sub>), where `_k is the kth prime number, has a genus g_k = `<sub>k</sub> and satisfies N1(Xk(Fq<sup>2</sup>))≥(q−1)(gk+ 1) where N1(Xk(Fq<sup>2</sup>)) denotes the num- ber of rational points over Fq<sup>2</sup> of the curve Xk. Let us consider a sufficiently large n. There exist two consecutive prime numbers `k and `k+1 such that (p−1)(`k+1+ 1)>2n+ 2`k+1−2 and (p−1)(`k+ 1)≤2n+ 2`k−2. Let us consider the algebraic function field Fk+1/Fp<sup>2</sup> associated to the curveXk+1 of genus `k+1 defined overFp². LetNi(Fk/Fp²) be the number of places of degree i of Fk/Fp². Then we get N1(Fk+1/Fp²)≥(p−1)(`k+1+ 1)>2n+ 2`k+1−2.

Moreover, it is known that Nn(Fk+1/Fp²) > 0 for any integer n sufficiently large. We also know that `k+1 −`k ≤ `^0,525_k for any integer k ≥ k0 where k0

can be effectively determined by [2]. Then there exists a real number >0 such that `k+1−`k =`k ≤`^0,525_k namely `k+1≤(1 +)`k. It is sufficient to choose such that `<sup>0,475</sup><sub>k</sub> ≤1. Consequently, for any integer n sufficiently large, this algebraic function field F<sub>k+1</sub>/Fp<sup>2</sup> satisfies Theorem 4, and so µ<sup>sym</sup><sub>p</sub>2 (n)≤2n+`k+1−1≤2n+ (1 +)`k−1 with `k≤ _p−3²ⁿ −^p+1_p−3. Thus, asn→+∞then`k →+∞and→0, so we obtainM_p^sym2 ≤2

1 + _p−3¹ . Note that forp= 11, Proposition 4.1.20 in [23] enables us to obtain g_k=`_k+O(1).

Now, let us study the more difficult case whereq=p^m withm >1. We use the Shimura curves as in [21]. Recall the construction of this good family. Let Lbe a totally real abelian over Qnumber field of degreem in whichpis inert, thus the residue class field OL/(p) of p, where OL denotes the ring of integers ofL, is isomorphic to the finite fieldFq. Let ℘be a prime of Lwhich does not divide pand letB be a quaternion algebra for which

B⊗_QR= M₂(R)⊗H⊗ · · · ⊗H

whereHis the skew field of Hamilton quaternions. LetB be also unramified at any finite place if (m−1) is even; letB be also unramified outside infinity and℘ if (m−1) is odd. Then, overLone can define the Shimura curve by its complex points XΓ(C) =Γ\h, where h is the Poincar´e upper half-plane and Γ is the group of units of a maximal order O of B with totally positive norm modulo its center. Hence, the considered Shimura curve admits an integral model over L and it is well known that its reduction X_Γ,p(Fp^2m) modulo p is good and is defined over the residue class fieldO_L/(p) ofp, which is isomorphic toFq since p is inert in L. Moreover, by [17], the number N₁(X_Γ,p(Fq²)) of Fq²-points of XΓ,p is such thatN1(XΓ,p(Fq²))≥(q−1)(g+ 1), whereg denotes the genus of XΓ,p(Fq²). Let now` be a prime which is greater than the maximum order of stabilizersΓz, wherez ∈his a fixed point ofΓ and let℘-`. Let Γ0(`)` be the

following subgroup of GL₂(Z`):

Γ0(`)`= a b

c d

∈GL2(Z`) ;c≡0 (mod `)

.

Suppose that`splits completely inL. Then there exists an embeddingL→Q`

where Q` denotes the usual `-adic field, and sinceB⊗_QQ`= M2(Q`), we have a natural map:

φ`:Γ →GL2(Z`).

LetΓ<sub>`</sub> be the inverse image ofΓ<sub>0</sub>(`)_{`</sub> in Γ under φ<sub>`}. Then Γ<sub>`</sub> is a subgroup of Γ of index `. We consider the Shimura curveX_` with

X`(C) =Γ`\h.

It admits an integral model over L and so can be defined over L. Hence, its reduction X`,p modulo p is good and it is defined over the residue class field OL/(p) of p, which is isomorphic to Fq since p is inert in L. Moreover the supersingularFp-points ofX_Γ,p split completely in the natural projection

π`:X`,p→XΓ,p.

Thus, the number of rational points ofX`,p(Fq²) verifies:

N₁(X<sub>`,p</sub>(Fq<sup>2</sup>))≥`(q−1)(g+ 1).

Moreover, since`is greater than the maximum order of a fixed point ofΓ onh, the projectionπ` is unramified and thus by Hurwitz formula,

g`= 1 +`(g−1) whereg` is the genus ofX`(and also ofX`,p).

Note that since the fieldLis abelian over Q, there exists an integerN such that the fieldLis contained in a cyclotomic extensionQ(ζ_N) whereζ_N denotes a primitive root of unity with minimal polynomial Φ_N. Let us consider the reductionΦ_{N,`</sub>ofΦ<sub>N</sub> modulo the prime`. Then, the prime`is totally split in the integer ring ofLif and only if the polynomialΦ<sub>N,`} is totally split inF`=Z/`Z i.e. if and only if F<sup>`</sup> contains the Nth roots of unity which is equivalent to N |`−1. Hence, any prime`such that`≡1 (modN) is totally split inQ(ζN) and then inL. Since`runs over primes in an arithmetical progression, the ratio of two consecutive prime numbers`≡1 (modN) tends to one.

Then for any real number >0, there exists an integerk0 such that for any integer k≥k0, `k+1≤(1 +)`k where `k and `k+1 are two consecutive prime numbers congruent to one moduloN. Then there exists an integern such that for any integern≥n, the integerksuch that the two following inequalities hold

`<sub>k+1</sub>(q−1)(g+ 1)>2n+ 2g<sub>`k+1</sub>−2 and

`k(q−1)(g+ 1)≤2n+ 2g`_k−2,

satisfies k≥k₀; whereg<sub>`i</sub>= 1 +`_i(g−1) for any integeri. Let us consider the algebraic function fieldF_k/Fq² defined over the finite fieldFq² associated to the Shimura curve X_{`k</sub> of genus g<sub>`k}. Let N_i(F_k/Fq²) be the number of places of degreeiof Fk/Fq². ThenN1(Fk+1/Fq²)≥`k+1(q−1)(g+ 1)>2n+ 2g`_k+1−2 wheregis the genus of the Shimura curveXΓ,p(Fq²). Moreover, it is known that there exists an integern0 such that for any integern≥n0,Nn(Fk+1/Fq²)>0.

Consequently, for any integer n≥max(n, n0) this algebraic function field Fk+1/Fq² satisfies Theorem 4 and so

µ^sym_q2 (n)≤2n+g`<sub>k+1</sub>−1≤2n+`k+1(g−1)≤2n+ (1 +)`k(g−1) with `_k< (q−1)(g+1)−2(g−1)²ⁿ . Thus, for any real number >0 and for any n≥max(n, n0), we obtain µ^sym_q2 (n)≤2n+ 2n(1+)(g−1)

(q−1)(g+1)−2(g−1) which gives M_q^sym2 ≤2

1 +_q−3¹

. ut

Proposition 11. Let q = p^m be a prime power with odd m such that q≥5.

Then

M_q^sym≤3

1 + 2 q−3

.

Proof. It is sufficient to consider the same families of curves than in Proposi- tion 10. These families of curves {Xk} are defined over the residue class field of p which is isomorphic to Fq. Hence, we can consider the associated alge- braic function fieldsFk/Fq defined over Fq. Ifq=p, we haveN1(Fk+1/Fp²) = N1(Fk+1/Fp) + 2N2(Fk+1/Fp) ≥ (p−1)(`k+1 + 1) > 2n+ 2`k+1 −2 since Fk+1/Fp² =Fk+1/Fp⊗_FpFp². Then, for any real number >0 and for any inte- gernsufficiently large, we haveµ^sym_p (n)≤3n+ 3g`<sub>k+1</sub> ≤3n+ 3(1 +)`kby The- orem 4 sinceN_n(F_k+1/Fq²)>0. Then, by using the condition `_k ≤_p−3²ⁿ −_p−3^p+1, we obtainM_p^sym≤3

1 + _p−3²

. Ifq=p^mwith oddm, we haveN1(Fk+1/Fq²) = N1(Fk+1/Fq) + 2N2(Fk+1/Fq) ≥ `k+1(q−1)(g + 1) > 2n+ 2g`_k+1 −2 since F_k+1/Fq²=F_k+1/Fq⊗_FqFq². Then, for any real number >0 and for any inte- ger n sufficiently large as in Proof of Proposition 10, we have µ^sym_q (n)≤3n+ 3g<sub>`k+1</sub> ≤3n+ 3(1 +)`_k(g−1) by Theorem 4 since N_n(F_k+1/Fq²)>0. Then, by using the condition`_k <(q−1)(g+1)−2(g−1)²ⁿ we ob- tainM_q^sym≤3

1 + _q−3²

. ut

Remark 12. Note that in [13, Lemma IV.4], Elkies gives another construction of a family{χs}^∞_s=1 of Shimura curves overFq satisfying for any prime powerq and for any integert≥1 the following conditions:

(i) the genusg(Fs) tends to +∞as s tends to +∞, whereFs stands for the function fieldFq(χs),

(ii) lim_s→+∞g(F_s)/g(F_s−1) = 1,

(iii) lim_s→+∞B2t(Fs)/g(Fs) = (q^t−1)/(2t), whereB2t(Fs) stands for the num- ber of places of degree 2tin Fs.

However, this construction is not sufficiently explicit to enable Cascudo and al. [12] (and [13]) to derive the best bounds in all the cases (cf. Section 3). Indeed, let us recall the construction of Elkies.

Letq=p^rbe a prime power and putf =rt. LetK be a totally real number field such thatK/Qis a Galois extension of degreef andpis totally inert inK.

LetB be a quaternion algebra over K such that the set Sof non-archimedean primes of K that are ramified in B is Galois invariant. Note that B can be constructed by taking S to be either the empty set for odd f, or the set of primes lying overpfor evenf (see [21]).

Let`6=pbe a rational prime outsideSsuch that`is totally inert inK(note that in [21],`is chosen such that it is completely splitting). Consider the Shimura curveX<sub>0</sub><sup>B</sup>(`) :=Γ0(`OK)\h, wherehis the upper half-plane andΓ0(`OK) is the subgroup of the unit group of the maximal order ofBmapping to upper triangle matrices modulo`OK. Then X<sub>0</sub><sup>B</sup>(`) is defined over the rational fieldQand has a good reduction modulo p. Thus, the reduction of X₀^B(`) is defined over Fp, and therefore overFq as well. This curve has at least (p<sup>f</sup>−1)g<sub>`</sub> supersingular points over Fp^2f =Fq^2t, where g<sub>`</sub> is the genus of X<sub>0</sub><sup>B</sup>(`). One knows that the ratiog<sub>`</sub>/`^f tends to a fixed numberawhen` tends to +∞. Now let{`_s}^+∞_s=1 be the set of consecutive primes such that`s are totally inert inK and`s∈/ S. By Chebotarev’s density theorem, we have `s/`_s−1→1 as s tends to +∞. Hence, g`<sub>s</sub>/g`s−1 →1 asstends to +∞.

For the family of function fields {Fs/Fq} of the above Shimura curves, the number N2t(Fs) ofFq^2t-rational places ofFssatisfies

lim

g(Fs)→+∞

N_2t(F_s)

g(Fs) =p^f−1 =q^t−1.

Moreover, (i) and (ii) are satisfied as well.

By the identityN_2t(F_s) =P

i|2tiB_i(F_s), we get lim inf

g(F_s)→+∞

1 g(Fs)

2t

X

i=1

iBi(Fs)

q^t−1 ≥ lim inf

g(F_s)→+∞

1 g(Fs)

X

i|2t

iBi(Fs) q^t−1

= lim inf

g(F_s)→+∞

N2t(Fs) g(Fs)(q^t−1) = 1.

Thus, the inequality

lim inf

g(Fs)→+∞

1 g(Fs)

2t

X

i=1

iB_i(F_s) q^t−1 ≥1

is satisfied and consequently (iii) is also satisfied by [13, Lemma IV.3].

3 Comparison with the current best asymptotical bounds

In this section, we recall the results obtained in [13, Theorem IV.6 and IV.7] and [12, Theorem 5.18] which are known to give the best current estimates forM_q^sym, and compare these bounds to those established in Propositions 10 and 11.

3.1 Comparison with the bounds in [13]

In [13], the authors establish the following results:

Theorem 13. For any prime powerq≥2, one has M_q^sym≤µ^sym_q (2t) q^t−1

t(q^t−5) (5)

for any t≥1 as long asq^t−5>0, and

M_q^sym₂ ≤µ^sym_q2 (t)2(q^t−1)

t(q^t−5) (6)

for any t≥1 as long asq^t−5>0.

Let us show that our results are better than those of this theorem except for some small values ofq.

Bounds overFq. The estimates obtained in [13, Corollary IV.8.] show that (5) gives better bounds than Proposition 11 for any q≤13. Indeed, one has:

q 5 7 8 9 11 13

M_q^sym[13, Cor. IV.8] 4.8 3.82 3.74 3.68 3.62 3.59 M_q^sym[Prop. 11] 6 4.5 4.2 4 3.75 3.6

However, as soon as q≥15, our estimate is sharper than (5). Indeed, for q≥15, Proposition 11 gives:

M_q^sym≤3.5.

On the other hand, since µ^sym_q (2t)≥4t−1, the best estimate that can be ob- tained with Bound (5) is:

M_q^sym≤(4t−1)· q^t−1 t(q^t−5) =

4−1

t

·

1 + 4 q^t−5

. (7)

Thus one must have 4−¹_t <3.5 to obtain a better estimate than 3.5, which requirest= 1. In this case, (7) becomes:

M_q^sym≤3

1 + 4 q−5

which is less precise than the bound of Proposition 11 for anyq≥15.

Bounds over Fq². For q= 4, Proposition 10 gives M_q^sym₂ ≤4, which is less sharp than Bound (6) applied witht= 4, which leads toM_q^sym2 ≤3.56.

However, for anyq≥5, Proposition 10 gives better bounds than (6). Indeed, sinceµ^sym_q2 (t)≥2t−1, the best estimate that can be obtained with (6) is:

M_q^sym₂ ≤2(2t−1)· q^t−1 t(q^t−5) =

4−2

t

·

1 + 4 q^t−5

. (8)

Since Proposition 10 givesM_q^sym₂ ≤3 for any q≥5, it is necessary to have 4−²_t <3 to obtain a better bound with (8), which requires t= 1. This is im- possible for q= 5 since Bound (6) is undefined in this case, and forq >5 and t= 1, (8) becomes:

M_q^sym2 ≤2

1 + 4 q−5

which is less sharp than the bound obtained from Proposition 10.

3.2 Comparison with the bounds in [12]

In [12] (which is an extended version of [11]), the authors establish the following asymptotic bounds:

Theorem 14. For a prime powerq, one has

M_q^sym≤







µ^sym_q (2t)_t(qt−2−log^qt−1 _q2), if 2|q µ^sym_q (2t)_{t(qt−2−2 log}^qt−1

q2),otherwise

for any t≥1 as long as q^t−2−log_q2>0 for even q; and q^t−2−2 log_q2>0 for odd q.

This bound always beats the one of Proposition 11 for arbitrary q (for ex- ample, by settingt= 1 andµ^sym_q (2t) = 4t−1). Nevertheless, if we focus on the case ofM_q^sym₂ , then the bound of Proposition 10 is better as soon asq >5 since in this case, it gives:

M_q^sym₂ <3

which can not be reached with the bound of Theorem 3.2, since the best that one can get is:

M_q^sym≤







4−¹_t

1 +_qt^1+log_−2−log^q2

q2

, if 2|q 4−¹_t

1 +_qt^{1+2 log}−2−2 log^q2_q2

,otherwise which obviously can not be<3.

References

1. Nicolas Arnaud. Evaluations d´´ eriv´ees, multiplication dans les corps finis et codes correcteurs. PhD thesis, Universit´e de la M´editerran´ee, Institut de Math´ematiques de Luminy, 2006.

2. Roger Baker, Glyn Harman, and J´anos Pintz. The difference between consecutive primes, II. InProceedings of the London Mathematical Society, volume 83(3), pages 532–562, 2001.

3. St´ephane Ballet. Curves with many points and multiplication complexity in any extension ofFq. Finite Fields and Their Applications, 5:364–377, 1999.

4. St´ephane Ballet. Low increasing tower of algebraic function fields and bilinear complexity of multiplication in any extension ofF^q. Finite Fields and Their Ap- plications, 9:472–478, 2003.

5. St´ephane Ballet. On the tensor rank of the multiplication in the finite fields.

Journal of Number Theory, 128:1795–1806, 2008.

6. St´ephane Ballet and Jean Chaumine. On the bounds of the bilinear complexity of multiplication in some finite fields. Applicable Algebra in Engineering Communi- cation and Computing, 15:205–211, 2004.

7. St´ephane Ballet and Dominique Le Brigand. On the existence of non-special divi- sors of degreegandg−1 in algebraic function fields overFq. Journal on Number Theory, 116:293–310, 2006.

8. St´ephane Ballet, Dominique Le Brigand, and Robert Rolland. On an application of the definition field descent of a tower of function fields. InProceedings of the Conference Arithmetic, Geometry and Coding Theory (AGCT 2005), volume 21, pages 187–203. Soci´et´e Math´ematique de France, s´er. S´eminaires et Congr`es, 2009.

9. St´ephane Ballet and Robert Rolland. Multiplication algorithm in a finite field and tensor rank of the multiplication. Journal of Algebra, 272(1):173–185, 2004.

10. Ulrich Baum and Amin Shokrollahi. An optimal algorithm for multiplication in F256/F4. Applicable Algebra in Engineering, Communication and Computing, 2(1):15–20, 1991.

11. Ignacio Cascudo, Ronald Cramer, and Chaoping Xing. The torsion-limit for alge- braic function fields and its application to arithmetic secret sharing. InProceedings of 31st Annual IACR CRYPTO, Santa Barbara, Ca., USA, volume 6841 ofLecture Notes in Computer Science, pages 685–705, 2011.

12. Ignacio Cascudo, Ronald Cramer, and Chaoping Xing. Torsion limits and Riemann-Roch systems for function fields and applications. ArXiv e-prints, http://arxiv.org/abs/1207.2936v1, 2012.

13. Ignacio Cascudo, Ronald Cramer, Chaoping Xing, and An Yang. Asymptotic bound for multiplication complexity in the extensions of small finite fields. IEEE Transactions on Information Theory, 58(7):4930–4935, 2012.

14. Murat Cenk and Ferruh ¨Ozbudak. On multiplication in finite fields. Journal of Complexity, 26(2):172–186, 2010.

15. David Chudnovsky and Gregory Chudnovsky. Algebraic complexities and algebraic curves over finite fields. Journal of Complexity, 4:285–316, 1988.

16. Hans F. de Groote. Characterization of division algebras of minimal rank and the structure of their algorithm varieties.SIAM Journal on Computing, 12(1):101–117, 1983.

17. Yasutaka Ihara. Some remarks on the number of rational points of algebraic curves over finite fields. Journal of the Faculty of Science. University of Tokyo. Section IA. Mathematics, 28:721–724, 1981.

18. Julia Pieltant. Tours de corps de fonctions alg´ebriques et rang de tenseur de la multiplication dans les corps finis. PhD thesis, Universit´e d’Aix-Marseille, Institut de Math´ematiques de Luminy, 2012.

19. Hugues Randriambololona. Bilinear complexity of algebras and the Chudnovsky- Chudnovsky interpolation method. Journal of Complexity, 28:489–517, 2012.

20. Amin Shokrollahi. Optimal algorithms for multiplication in certain finite fields using algebraic curves. SIAM Journal on Computing, 21(6):1193–1198, 1992.

21. Igor Shparlinski, Michael Tsfasman, and Serguei Vl˘adut¸. Curves with many points and multiplication in finite fields. In H. Stichtenoth and M.A. Tsfasman, editors,

Coding Theory and Algebraic Geometry, number 1518 in Lectures Notes in Math- ematics, pages 145–169, Berlin, 1992. Springer-Verlag. Proceedings of AGCT-3 Conference, June 17-21, 1991, Luminy.

22. Henning Stichtenoth. Algebraic Function Fields and Codes. Number 314 in Lec- tures Notes in Mathematics. Springer-Verlag, 1993.

23. Michael Tsfasman and Serguei Vl˘adut¸. Asymptotic properties of zeta-functions.

Journal of Mathematical Sciences, 84(5):1445–1467, 1997.

24. Shmuel Winograd. On multiplication in algebraic extension fields. Theoretical Computer Science, 8:359–377, 1979.