public key – Y coordinate of PubKey on elliptic curve prefix

Public keys in the form of 04(x,y) can be compressed since the x axis is symmetrical. Hence we only need the x-coordinate with the 02/03 prefix which states if Y is odd or even. I don’t understand the latter, are odd/even on an elliptic curve the same as pos/neg on a Cartesian plain? This makes sense since negative integers can’t be expressed in keys. So would the ‘negative’ Y-coordinate correspond to an ‘odd’ (03 prefix). If so, how are these coordinates differ in odd/even if the x axis is symmetrical?

ag.algebraic geometry – Log canonical surface with an elliptic singularity

I would like to know if there is an example as follows:

$X$ is a log canonical surface and $x in X$ is an elliptic singularity such that

  1. The minimal resolution of $x$ is a circle of rational curves (or a single nodal rational curve).
  2. The singularity $x$ is non-$mathbb{Q}$-factorial.

I think it looks reasonable, but I do not know any explicit example of such a surface. I searched some papers but none of them discuss the $mathbb{Q}$-factoriality.

Second order elliptic PDE problem with boundary conditions whose solutions depend continuously on the initial data

Consider the following problem
-Delta u+cu=f,&xinOmega\

where $Omegasubseteqmathbb R^n$ is open with regular boundary, $cgeq0$ is a constant, $fin L^2(Omega)$ and $g$ is the trace of a function $Gin H^1(Omega)$. If we consider $u$ a weak solution to this problem, and define $U=u-Gin H_0^1(Omega)$, it is easy to see that $U$ is a weak solution to the following problem
-Delta U+cU=f+Delta G-cG,&xinOmega\

It is also easy to see that we can apply Lax-Milgram theorem with the bilinear form
and the bounded linear functional
$$L_f(v)=int_Omega(f-cG)v-int_Omegasum_{i=1}^n G_{x_i}v_{x_i}$$
to conclude there exists a unique weak solution $U$ to the auxiliary problem defined above. If we define $u=U+Gin H^1(Omega)$, it is clear then that this function will be a solution to the original problem.

Now to the question: I would like to prove that this solution $u$ depends continuously on the initial data, that is, that there exists a constant $C>0$ such that
$$lVert urVert_{H^1(Omega)}leq C(lVert frVert_{L^2(Omega)}+lVert GrVert_{H^1(Omega)})$$
I feel that the work I have done to prove that $L_f$ is bounded should be relevant for our purposes, because
$$lVert urVert_{H^1(Omega)}leqlVert UrVert_{H^1(Omega)}+lVert GrVert_{H^1(Omega)}$$
$$lVert UrVert_{H^1(Omega)}leq C B(U,U)^{1/2}= C|L_f(U)|^{1/2}$$
The problem is that I don’t know how to manipulate $L_f(U)$ to obtain the result. I have managed to prove a completely useless inequality, for it involves the norm of $U$.

I would appreciate any kind of suggestion. Thanks in advance for your answers.

P.S. The problem is that a priori $Delta G$ doesn’t have to be in $L^2(Omega)$, which makes it hard to use the $H^2$ regularity of $U$ (which would solve the problem instantly).

P.S.S. Also posted this question in SE.

private key – can finding a Weil Pairing point for a point on secp256k1 elliptic curve transform it into discrete logarithm problem over an integer

First part of question: Pairing friendly curves exist and secp256k1 is not one of those. Does that exclusively mean one cannot find a Weil pairing for secp256k1 curve, or does that only imply that we cannot build useful PBC(pairing based cryptography) applications since the k value(embedding degree) is very large compared to the pairing friendly curves.

I am a beginner in the field and trying to understand these concepts by trial and error, but could not find a definitive answer to this question anywhere else: is it possible to get a weil pairing for secp256k1, or is it just impossible to compute due to large k.

second part of the question: If weil paring exists the problem of finding a discrete logarithm of the curve could be translated into finding discrete logarithm of an integer equation. The difficulty of the problem would not change but I am interested in inter-portability of this problem: from discrete log of curve to discrete log of an integer equation.

posted on crypto stackexchange, link for your reference.

homotopy theory – Why does elliptic cohomology fail to be unique up to contractible choice?

It is often stated that the derived moduli stack of oriented elliptic curves $mathsf{M}^mathrm{or}_mathrm{ell}$ is the unique lift of the classical moduli stack of elliptic curves satisfying some conditions, meaning the moduli space $Z$ of all such lifts is connected. This is mentioned in Theorem 1.1 of Lurie’s “A Survey of Elliptic Cohomology” (Surv), for example.

In Remark 7.0.2 of Lurie’s “Elliptic Cohomology II: Orientations” ((ECII)), Lurie says “…beware, however, that $Z$ is not contractible“. In other words, $mathsf{M}^mathrm{or}_mathrm{ell}$ is not the unique lift up to contractible choice (the gold standard of uniqueness in homotopy theory).

(Side note: in (ECII) and (Surv), Lurie is talking about the moduli stack of smooth elliptic curves, but the uniqueness up to homotopy of a derived stack $overline{mathsf{M}}_mathrm{ell}^mathrm{or}$ lifting the compactification of the moduli stack of smooth elliptic curves is also stated in the literature; for example, in Theorem 1.2 of Goerss’ “Topological Modular Forms (after Hopkins, Miller, and Lurie)”. I am interested in the compactified situation mostly, but both are related.)

Although I do not hope that $mathsf{M}^mathrm{or}_mathrm{ell}$ does possess this much stronger form of uniqueness, I would like to understand the reason for this failure:

Why is the moduli space $Z$ not contractible? and Does a similar statement apply in the compactified case?

To be a little more precise, let $mathcal{O}^mathrm{top}$ be the Goerss–Hopkins–Miller–Lurie sheaf of $mathbf{E}_infty$-rings on the small affine site of the moduli stack of elliptic curves $mathsf{M}_mathrm{ell}$. Denote this site by $mathcal{U}$. The moduli space $Z$ can then be defined as the (homotopy) fibre product
$$Z=mathrm{Fun}(mathcal{U}^{op}, mathrm{CAlg})underset{mathrm{Fun}(mathcal{U}^{op}, mathrm{CAlg}(mathrm{hSp}))}{times}{mathrm{h}mathcal{O}^mathrm{top}},$$
where $mathrm{CAlg}$ is the $infty$-category of $mathbf{E}_infty$-rings, and $mathrm{CAlg(hSp)}$ is the 1-category of commutative monoid objects in the stable homotopy category. The presheaf $mathrm{h}mathcal{O}^mathrm{top}$ can be defined using the Landweber exact functor theorem (at least on elliptic curves whose formal group admits a coordinate), and hence $Z$ can be seen as the moduli space of presheaves of $mathbf{E}_infty$-rings recognising the classical Landweber exact elliptic cohomology theories.

To prove uniqueness up to homotopy, I am aware one should use some arithmetic and chromatic fracture squares to break down the problem into rational, $p$-complete, $K(1)$-local, and $K(2)$-local parts. The $K(2)$-local part of $mathcal{O}^mathrm{top}$ is unique up to contractible choice by the Goerss–Hopkins–Miller theorems surrounding Lubin–Tate spectra (see Chapter 5 of (ECII) for a reference which you might already have open). The $K(1)$-local part also seems to be unique up to contratible choice, as all of the groups occuring in the Goerss–Hopkins obstruction theory vanish (this is discussed at length in Behrens’ “The construction of $tmf$” chapter in the “TMF book” by Douglas et al). Similarly, the rational case also has vanishing obstruction groups; see ibid.

I’m then lead to believe that is something interesting (being a pseudonym for “I don’t know what’s”) going on in the chromatic/arithmetic fracture squares gluing all this stuff together. Are their calculable obstructions/invariants to see this? Or otherwise known examples that contradict the contractibility of $Z$?

Any thoughts or suggestions are appreciated!

elliptic pde – Does unique continuation hold for the derivatives of solutions of PDE?

Let $D subset mathbf{R}^n$ be the unit ball, and $u in C^2(D)$ be a solution of the linear elliptic PDE
a^{ij} D_{ij} u + b^i D_i u + cu = 0 quad text{in $D$},

where the coefficients are regular, say of class $C^d$ for some integer $d geq 1$.

Assume that $u(0) = 0$, $Du(0) = 0$. Strong unique continuation means that $u$ has finite order of vanishing at the origin unless it vanishes identically: there exists $N > 0$ so that
$r^{-n} int_{D_r} u^2 notin O(r^N)$ as $r to 0$ if $u not equiv 0$.

Question. Does this also hold for its partial derivatives $D_k u$?

ag.algebraic geometry – Are there non-trivial $mathbb{F}_q$-covers of the j-invariant 0 elliptic curve by a hyperelliptic or cyclic trigonal curve?

Consider the ordinary elliptic curve $E!: y^2 = x^3 + b$ (of $j$-invariant $0$) over a finite field $mathbb{F}_q$ such that $sqrt{b}, sqrt(3){b} notin mathbb{F}_q$. Also, for any $n in mathbb{N}$ we have the hyperelliptic curve $H_n!: y^2 = x^{3n} + b$ and the cyclic trigonal curve $T_n!: x^3 = y^{2n} – b$. There are the obvious covers
H_n to E qquad (x,y) mapsto (x^{n}, y), qquadqquad T_n to E qquad (x,y) mapsto (x, y^{n})

Are there other $mathbb{F}_q$-covers of $E$ by a hyperelliptic or cyclic trigonal curve?

Thanks in advance.

nt.number theory – 2-descent on elliptic curves, and units modulo squares of units

Setup: Let $p$ be a prime, let $f(x) in mathbb{Q}_p(x)$ be a separable monic cubic polynomial cutting out the maximal order $mathcal{O}_{K_f}$ in the etale algebra $K_f := mathbb{Q}_p(x)/(f(x))$, and let $E$ denote the elliptic curve with affine equation $y^2 = f(x)$. The standard theory of $2$-descent on $E$ gives us an injective group homomorphism

$$E(mathbb{Q}_p)/2E(mathbb{Q}_p) hookrightarrow H^1(mathbb{Q}_p,E(2)) simeq {delta in K_f^times/K_f^{times2} : operatorname{Nm}(delta) in mathbb{Q}_p^{times 2}}.$$

In fact, because $f$ cuts out the maximal order $mathcal{O}_{K_f}$, the image of the above map lies in the unit subgroup ${delta in mathcal{O}_{K_f}^times/mathcal{O}_{K_f}^{times 2} : operatorname{Nm}(delta) in mathbb{Z}_p^{times 2}}$, with equality when $p$ is odd.

Next, let $g(x) in mathbb{Q}_p(x)$ be a separable monic quartic polynomial such that the genus-$1$ curve $C$ with affine equation $y^2 = g(x)$ is a $2$-covering of $E$, and let $J$ denote the Jacobian of $C$. Once again, we have an injective group homomorphism

$$J(mathbb{Q}_p)/2J(mathbb{Q}_p) hookrightarrow H^1(mathbb{Q}_p,J(2)).$$

Let $K_g := mathbb{Q}_p(x)/(g(x))$, and let $mathcal{O}_{K_g}$ denote its ring of integers. Unlike in the cubic case, we cannot necessarily identify $H^1(mathbb{Q}_p, J(2))$ with units in $K_g$ modulo squares of units. Indeed, consider the short exact sequence
$$1 to J(2) to operatorname{Res}_{K_g/mathbb{Q}_p}mu_2/mu_2 to mu_2 to 1$$
that realizes $J(2)$ as the kernel of the norm map on $operatorname{Res}_{K_g/mathbb{Q}_p}mu_2/mu_2$. Taking Galois cohomology, we obtain a group homomorphism
$$H^1(mathbb{Q}_p, J(2)) to S := kerbig(operatorname{Nm}colon H^1(mathbb{Q}_p, operatorname{Res}_{K_g/mathbb{Q}_p} mu_2/mu_2) to H^1(mathbb{Q}_p,mu_2)big)$$
The group ${delta in K_g^times/K_g^{times2}mathbb{Q}_p^times : operatorname{Nm}(delta) in mathbb{Q}_p^{times 2}}$ is a subgroup of $S$, and the image of $J(mathbb{Q}_p)/2J(mathbb{Q}_p)$ in $S$ lies in this subgroup. In fact, because $f$ cuts out the maximal order $mathcal{O}_{K_f}$, it follows that $g$ cuts out the maximal order $mathcal{O}_{K_g}$, and so the image of $J(mathbb{Q}_p)/2J(mathbb{Q}_p)$ lies in the unit subgroup ${delta in mathcal{O}_{K_g}^times/mathcal{O}_{K_g}^{times2}mathbb{Z}_p^times : operatorname{Nm}(delta) in mathbb{Z}_p^{times 2}}$.

Combining the above data, we see that at least when $p$ is odd, we have a composite group homomorphism
$$(star)quad{mathcal{O}_{K_f}^times/mathcal{O}_{K_f}^{times2} : operatorname{Nm}(delta) in mathbb{Z}_p^{times 2}} simeq E(mathbb{Q}_p)/2E(mathbb{Q}_p) simeq J(mathbb{Q}_p)/2J(mathbb{Q}_p) to {delta in mathcal{O}_{K_g}^times/mathcal{O}_{K_g}^{times 2}mathbb{Z}_p^times : operatorname{Nm}(delta) in mathbb{Z}_p^{times 2}}.$$
Question: Does the map $(star)$ from units modulo squares of $K_f$ to units modulo squares of $K_g$ have a natural interpretation in terms of the cubic and quartic algebras $K_f$ and $K_g$? I.e., can this map be constructed without relying on the connection to elliptic curves as a crutch?

Partial answer: I guess the answer is obvious when $g$ has a linear factor over $mathbb{Q}_p$, for then $K_f$ is a sub-algebra of $K_g$, and the inclusion $K_f hookrightarrow K_g$ induces the map $(star)$. But what if $g$ has only quadratic or quartic irreducible factors?

fa.functional analysis – Elliptic Estimates with Trace

Say $Omegasubsetmathbb{R}^3$ is a bounded domain with smooth boundary. Let $Bin C^infty(barOmega)$, and consider the set $X={u in H^1(Omega)|u_{|partialOmega}=B_{|partialOmega} text{ in the sense of traces}}$. Due to the Sobolev inequality, we know that $H^1(Omega)$ is continuously embedded in $L^p(Omega)$ for $pin(1,6)$. Say we wanted to prove, for fixed $pin(1,6)$, that there exists $C$ such that for all $uin X$, we have
$$|u|_{L^p}le C(|nabla u|_{L^2}+|B|_{L^infty}).$$
A pretty standard proof probably goes something like this: assume not, then there exists a sequence of functions $u_nin X$ such that
$$frac{1}{n}|u_n|_{L^p}ge|nabla u_n|_{L^2}+|B|_{L^infty}.$$
we have that $|v_n|_{L^p}=1$ for each $n$ and
$$frac{1}{n}ge |nabla v_n|_{L^2}+|B|_{L^infty}/|u_n|_{L^p}.$$
From this, we see, in particular, that $v_n$ is bounded in $H^1$. Therefore if $pin(1,6)$, then due to Rellich’s theorem, we have that there exists $vin H^1$ such that (after passing to a subsequence) $v_nto v$ weakly in $H^1$ and strongly in $L^p$. In addition, since $|nabla v_n|_{L^2}to 0$, we conclude that $v$ is constant.

On the other hand, by definition, ${v_n}_{|partialOmega}=(B/|u_n|_{L^p})_{|partialOmega}$. But we see from the above inequality that $|B|_{L^infty}/|u_n|_{L^p}$ must also go to zero as $nto infty$. Therefore, by the continuity of the trace operator from $H^1(Omega)$ to $H^frac{1}{2}(partialOmega)$ and the weak convergence of $v_n$ to $v$ in $H^1$, we have $v_{|partialOmega}=0$. Therefore, since we already know $v$ must be constant, we conclude that $vequiv 0$. However, since $v_nto v$ strongly in $L^p$, we have $|v|_{L^p}=1$, a contradiction.

OK, assuming that’s all more or less fine, notice that the contradiction comes for the fact that we were able to extract a subsequence of $v_n$ that converges strongly in $L^p$, and this followed from Rellich.

My question is, what about the case of $p=6$? The embedding $H^1subset L^6$ is continuous, but not compact, so we’d only be able to extract a subsequence $v_n$ that converges weakly in $L^6$. Then, in the last line of the proof above, we’d only be able to conclude $|v|_{L^6}le 1$, so no contradiction. I’m inclined to believe that the statement still holds for $p=6$, but how does one prove it?

Edit: it occurred to me soon after writing this that we could simply say that from the Sobolev inequality we have
$$|u|_{L^6}le C(|nabla u|_{L^2}+|u|_{L^2})$$
at which point we can bound
$$|u|_{L^2}le C(|nabla u|_{L^2}+|B|_{L^infty})$$
in the way that I explained above. And this gives me what I need. I guess this is fine, but a small part of me still wonders if there’s a “direct” proof…

Jacobian elliptic function argument – Mathematica Stack Exchange

I have a C++ code that computes jacobian elliptic sn, cn and dn. This code is from GSL library.

github source cpp file

void elipticjacobi(double u, double m, double * sn, double * cn, double * dn) {
    if(fabs(m) > 1.0) {
        *sn = 0.0;
        *cn = 0.0;
        *dn = 0.0;
        //error code

If I calculate sn(2,0.2) with my code, and if I calculate sn(2,0.2) with WolframAlpha I am getting the same result and the result is 0.953667.

The elliptic function second argument must be |m|<1 but if I calculate sn(2,4) with WolframAlpha I am getting -0,29.

What could be the problem?