Computing all J i ’s

Suppose that we have determined the sequence [ (Pi, Si, mi,Hi) ]1≤i≤s of the previous sub-

section; we now want to compute a power series J as defined in Section 3.5. Compared to that section, there is a slight difference: we are not working at a point (x, y) with coordinates in _K2, but with points given through Shape Lemma representations.

Let us thus fix an index i in {1, . . . , s}. Associated to Pi, one can define the ring

Bi =K[X]/hPii; this is in general not a field, but only a product of fields. Two elements

will be highlighted in_Bi: the residue classxiofX, and the residue classyiofTi(X). Thus,

by construction, F(xi, yi) = G(xi, yi) = 0 (whereF and G are viewed as polynomials in

B, through the injection K → B). In addition, the polynomial Hi associated to Pi and

Ti is such that ∂mi−1_H i ∂Ymi−1 (xi, yi) = 0 in Bi and ∂mi_H i ∂Ymi (xi, yi) is a unit inBi. (3.4)

Bi[[ξ]] such that

∂mi_H

i

∂Ymi (xi+ξ, Ji) = 0 and Ji(0) =yi.

The following algorithm describes this process. This algorithm will be used in a slightly more general context: instead of taking as input the exact polynomials Pi and Si com-

puted in the previous section, we will as well call it using only a factor of the actual polynomial Pi (with Si being correspondingly reduced modulo this factor); this will not

change the analysis. These polynomials will be written (Ci, Ti) instead of (Pi, Si).

As input, this algorithm also takes extra parameters ni, which give the required

precision in ξ for the power series Ji.

Algorithm 6: compute J(F, G,[ (Ci, Ti, mi,Hi, ni) ]1≤i≤s)

Input: F, G, a sequence of polynomials Ci and Ti in K[X], strings Hi and indices

mi and ni

Output: a sequence [Ji]1≤i≤s, where Ji ∈Bi[[ξ]] is known modulo ξni and

satisfies (3.4) 1 λ = 1 2 [J_i]₁≤i≤s = [Ti]1≤i≤s 3 I = [i | 1≤i≤s and λ < n_i] 4 I_F = [i | 1≤i≤s and Hi = ”F” ] 5 I_G = [i | 1≤i≤s and H_i = ”G” ] 6 while I is not empty do

7 [η_i]_i∈I = [∂

mi−1_F

∂Ymi−1(X+ξ, Ji) mod hCi(X), ξ2λi]i∈I∩IF cat 8 [ηi]i∈I =[∂mi

−1_G

∂Ymi−1(X+ξ, Ji) mod hCi(X), ξ2λi]i∈I∩IG 9 [η0_i]i∈I = [∂

mi_F

∂Ymi(X+ξ, Ji) mod hCi(X), ξ2λi]i∈I∩IF cat 10 [η0_i]i∈I =[∂ miG ∂Ymi(X+ξ, Ji) mod hCi(X), ξ2λi]i∈I∩IG 11 for i in I do 12 J_i =J_i−η/η0 modhC_i(X), ξ2λi 13 end 14 λ= 2λ 15 I = [i | 1≤i≤s and λ < n_i] 16 end 17 return [J_i modξni_]

1≤i≤s we may knowJi at a slightly higher precision thanni

Lemma 19. Algorithm compute J is correct. When _K = _Fp, for any ε > 0, one

can implement it so that it takes d2+εO˜(log(p)) bit operations, provided the inequality

P

1≤i≤s(ni+ 1)(mi+ 1) deg(Ci) = O(d

Proof. The algorithm essentially implements Newton iteration, over allBi[[ξ]] indepen-

dently. We saw that by construction, for all i, ∂mi−1Hi

∂Ymi−1(xi, yi) = 0 in Bi and ∂

miHi

∂Ymi (xi, yi)

is a unit in _Bi; thus, we can indeed run Newton iteration. The sequence I indicates the

indices for which we have not reached the required precision yet; these are the indices for which we do further iteration steps. Sequences IF and IG indicate which indices use F

orG to do the lifting.

It remains to do the cost analysis, in the case where _K=_Fp; all the cost is spent in

the main loop (at the beginning, theTi’s are already reduced modulo the respectiveCi’s;

at the end, truncation is free).

First, remark that the highest valueλwill reach will beO(maxini), which isO(d2) by

assumption. As a consequence, the number of times we will enter the loop is O(log(d)), which we will be able to absorb in the term d2+ε_{. Thus, we can focus on the cost of a}

single pass through the loop.

The inversion and multiplication at Step 12 takeO˜(P

i∈Ideg(Ci)λ) operations inFp,

orO˜(P

i∈Ideg(Ci)λlog(p)) bit operations. The most delicate steps are 7 and 9. To keep

their cost admissible, we use algorithm normal forms to compute the values ηi and ηi0,

simultaneously for all indices i inI. We call this algorithm twice: once for the indices i

inIF, then for those indices i inIG; it is enough to analyze the cost for, say,F.

We call algorithm normal forms with an input size tF (the cardinality of I ∩ IF),

lists L, L0, L00 and polynomial F; we set L = [ (2λ−1, mi) ]i∈I∩IF, L

0 _{= [C}

i]i∈I∩IF and L00 = [Ji]i∈I∩IF. The input size satisfies

X i∈I∩IF 2λ(mi+ 1) deg(Ci)≤ X i∈I∩IF (4ni+ 1)(mi+ 1) deg(Ci),

which is O(d2_{) by assumption. Thus, for any ε >0, we can compute}

Di,µ =

∂µF

∂Yµ(X+ξ, Ji) modhCi(X), ξ

2λ_i,

for all i in I∩IF and µ= 0, . . . , mi, using d2+εO˜(log(p)) bit operations. Keeping those

derivatives of order mi and mi−1 gives us the requires values ηi and η0i.

When_K=_Q, all computations can be reduced modulop, for any primepthat satisfies the assumptions of Lemma 18. Indeed, for such a p and for i in {1, . . . , s}, ∂miHi

∂Ymi (X, Si)