1 Introduction

The purpose of this paper is to prove the statement enunciated in its title, namely that for every integer \(m>0\) there is an ordinary abelian variety over \({{\mathbb {F}}}_2\) that has exactly m points over \({{\mathbb {F}}}_2\). More specifically, we prove the following.

Theorem 1

Let \(m > 0 \) and \(d > 2\) be integers with \(m < (4/3)2^d + 1.\) Then there is a squarefree ordinary abelian variety A over \({{\mathbb {F}}}_2\) of dimension at most d with \(m = \# A({{\mathbb {F}}}_2)\).

(We say that an abelian variety is squarefree if its decomposition up to isogeny as a product \(\prod B_i^{e_i}\) of powers of mutually non-isogenous simple abelian varieties does not include any factors with \(e_i > 1\).)

The supersingular elliptic curve E over \({{\mathbb {F}}}_2\) given by \({y^2 + y = x^3 + x + 1}\) satisfies \({\#E({{\mathbb {F}}}_2) = 1}\). If we have an n-dimensional abelian variety \(A/{{\mathbb {F}}}_2\) with \(m = \# A({{\mathbb {F}}}_2)\), then by considering products \(A \times E^e\) we see that there are abelian varieties over \({{\mathbb {F}}}_2\) of every dimension greater than or equal to n that have m points. As \(A \times E^e\) is not simple when \(e > 0\), this leads us to a question of Kadets [5]: For a given positive integer m, do there exist infinitely many simple abelian varieties A over \({{\mathbb {F}}}_2\) with \(\#A({{\mathbb {F}}}_2) = m\)? For \(m=1\) the answer is known to be yes, thanks to the classification of such varieties given by Madan and Pal [11]; moreover, infinitely many of these varieties are ordinary. Resolving this question for \(m>1\) probably requires a better understanding of the space of Weil polynomials; see Sect. 3.

One might ask whether there is a result analogous to Theorem 1 for other finite fields. Since the number of rational points on a d-dimensional abelian variety over \({{\mathbb {F}}}_q\) lies in the interval \([(\sqrt{q}-1)^{2d}, (\sqrt{q}+1)^{2d}]\), we see that for \(q\ge 7\) the integer \(m = 2\) is too small to be the group order of an abelian variety over \({{\mathbb {F}}}_q\) of positive dimension, and it is not equal to the order of the unique 0-dimensional abelian variety over \({{\mathbb {F}}}_q\).

On the other hand, building on our techniques, van Bommel, Costa, Li, Poonen, and Smith [17] have shown that for \(q \le 5\), every positive integer is the order of an abelian variety over \({{\mathbb {F}}}_q\). The same holds for ordinary abelian varieties with a single exception: for \(q=4\) the order 3 cannot occur.

The work of van Bommel et al. also shows that for all q, every sufficiently large positive integer is the order of an abelian variety over \({{\mathbb {F}}}_q\), which can also be taken to be ordinary, geometrically simple, and principally polarizable. However, for \(q > 2\) requiring both ordinariness and geometric simplicity makes it impossible to achieve all orders. Combining [5, Theorem 3.2] with data from the LMFDB [10], one can prove the following:

  • There is no geometrically simple ordinary abelian variety over \({{\mathbb {F}}}_3\) with 4 points.

  • There is no geometrically simple ordinary abelian variety over \({{\mathbb {F}}}_4\) with 7 points.

  • There is no geometrically simple ordinary abelian variety over \({{\mathbb {F}}}_5\) with 6 points.

We do not know whether every positive integer m is the order of an ordinary, geometrically simple, principally polarizable abelian variety over \({{\mathbb {F}}}_2\). One way to check this would be to make the “sufficiently large” condition effective (this is doable in principle but not carried out in [17]), and then to tabulate isogeny classes of abelian varieties over \({{\mathbb {F}}}_2\) as far as is needed to close the gap. (The LMFDB currently contains all isogeny classes of abelian varieties over \({{\mathbb {F}}}_2\) of dimension at most 6.)

One can also ask about group structures rather than group orders. Addressing this question requires additional ideas, because the group structure of an abelian variety over a finite field is not an isogeny invariant. Using Theorem 1 as a starting point, Marseglia and Springer [12] show that every finite abelian group is isomorphic to \(A({{\mathbb {F}}}_2)\) for some ordinary abelian variety A over \({{\mathbb {F}}}_2\).

2 Proof of the theorem

The Weil polynomial of an abelian variety A over a finite field \({{\mathbb {F}}}_q\) is the characteristic polynomial of the Frobenius endomorphism of A, acting, say, on the \(\ell \)-adic Tate modules of A. The Weil polynomial f of A lies in \({{\mathbb {Z}}}[x]\), and if the dimension n of A is positive, then f has the shape

$$\begin{aligned} f = x^{2n} + a_1 x^{2n-1} + \cdots + a_{n-1} x^{n+1} + a_n x^n + q a_{n-1} x^{n-1} + \cdots + a_1 q^{n-1} x + q^n.\nonumber \\ \end{aligned}$$
(1)

Furthermore, all of the complex roots of f lie on the circle \(|z|= \sqrt{q}\). The variety A is ordinary if \(a_n\) is coprime to q. Conversely, every polynomial \(f\in {{\mathbb {Z}}}[x]\) of the shape (1) that has all of its roots on the circle \(|z|= \sqrt{q}\) and with \(a_n\) coprime to q is the Weil polynomial of an n-dimensional ordinary abelian variety over \({{\mathbb {F}}}_q\); this follows from the Honda–Tate classification of Weil polynomials [16, Théorème 1, p. 96]. This classification also shows that an ordinary Weil polynomial is squarefree as a polynomial if and only if the associated isogeny class is squarefree, in the sense defined in the introduction.

The number of points on the variety A is given by f(1), so to prove Theorem 1 we would like to have a large supply of Weil polynomials at our disposal so that we can find or construct one whose value at 1 is a given integer m. There are a number of papers that give results that can be used to produce such polynomials—see for example [1, 2, 6,7,8,9, 14, 15, 17]. We will use Lemma 3.3.1 (p. 447) of [2]; for the convenience of the reader we reprove this result here, as Corollary 3, using an argument suggested by Bjorn Poonen. To state the result in terms helpful to us, we introduce some notation.

Let q be a prime power. If \((a_1,\ldots ,a_n)\) is a finite sequence of real numbers, we define the q-weight \(w_q((a_1,\ldots ,a_n))\) of the sequence to be the sum

$$\begin{aligned} w_q((a_1,\ldots ,a_n)) = \biggl |\frac{a_n}{2 q^{n/2}}\biggr |+ \sum _{i=1}^{n-1} \, \biggl |\frac{a_i}{q^{i/2}} \biggr |. \end{aligned}$$
(2)

Lemma 2

Let q be a prime power and let \((a_1,\ldots ,a_n)\) be a sequence of real numbers with q-weight at most 1. Then all of the complex roots of the polynomial f given by (1) lie on the circle \(|z|= \sqrt{q}\). Moreover, if the q-weight of the sequence is strictly less than 1, then the roots of  f are distinct, so that  f is squarefree.

Proof

By continuity, it suffices to prove the statement when \(w_q((a_1,\ldots ,a_n)) < 1\).

Consider the meromorphic function g defined for \(z\in {{\mathbb {C}}}\) by \(g(z) = f(z) / z^n\). We would like to show that g has 2n distinct zeros on the circle \(|z|= \sqrt{q}\). For z on this circle, we have

$$\begin{aligned} g(z) = (z^{n} + {\overline{z}}^n) + a_1 (z^{n-1} + {\overline{z}}^{n-1}) + \cdots + a_{n-1} (z + {\overline{z}}) + a_n, \end{aligned}$$
(3)

so we see that g is real-valued on this circle. Consider \(z\in {{\mathbb {C}}}\) of the form \(z = \sqrt{q}\,\zeta \), where \(\zeta ^{2n} = 1\). For such a z, the initial term \((z^{n} + {\overline{z}}^n)\) in (3) is equal to \(\pm 2q^{n/2}\), where the sign is equal to the value of \(\zeta ^n\). The absolute value of the sum of the other terms in (3) is bounded above by \(2q^{n/2} w_q((a_1,\ldots ,a_n)) < 2q^{n/2}\), so g(z) and \((z^{n} + {\overline{z}}^n)\) have the same sign. Thus, we have n points on the circle where the value of g is positive interlaced with n points where the value is negative, so g must have 2n distinct zeros on the circle. \(\square \)

Corollary 3

([2, Lemma 3.3.1, p. 447]) Let q be a prime power and let \((a_1,\ldots ,a_n)\) be a sequence of integers with q-weight at most 1 and with \(a_n\) coprime to q. Then the polynomial f given by (1) is the Weil polynomial of an n-dimensional ordinary abelian variety over \({{\mathbb {F}}}_q\). Moreover, if the q-weight of the sequence is strictly less than 1, then the abelian variety will be squarefree. \(\square \)

We will say that a sequence \((a_1,\ldots ,a_n)\) of integers represents an integer m if we have

$$\begin{aligned} m = (2^n + 1) + a_1(2^{n-1} + 1) + \cdots + a_{n-1}(2^1 + 1) + a_n. \end{aligned}$$
(4)

This condition means exactly that \(m = f(1)\) for the polynomial f given in (1), with \(q=2\).

We see that to prove Theorem 1, it will suffice to show that if \(m>0\) is an integer less than \((4/3)2^d + 1\) for some \(d>2\), then m is represented by a sequence \((a_1,\ldots ,a_n)\) of integers of length at most d and of 2-weight less than 1, and with \(a_n\) odd: for if this is the case we will have \(m = f(1)\) for the polynomial f given in (1) with \(q=2\), and f will be the Weil polynomial of a squarefree ordinary abelian variety over \({{\mathbb {F}}}_2\) by Corollary 3. Thus, the following lemma completes the proof of Theorem 1.

Lemma 4

Let \(m > 0\) and \(d > 2\) be integers such that \(m < (4/3)2^d + 1\). Then m is represented by a sequence \((a_1,\ldots ,a_n)\) of length \(n\le d\) and 2-weight less than 1, and with \(a_n\) odd.

Proof

We prove the lemma by induction on d. In Table 1 we give, for each \(m\le 22\), a sequence \((a_1, \ldots , a_n)\) of 2-weight less than 1 and with \(a_n\) odd that represents m. We observe that the lengths of these sequences are all at most 4, and for \(m\le 11\) the lengths are at most 3. Since \(\lfloor (4/3)2^3 + 1\rfloor = 11\) and \(\lfloor (4/3)2^4 + 1\rfloor = 22\), this proves the statement for \(d = 3\) and \(d = 4\).

Table 1 For each m\(\le \) 22 we give a sequence (\(a_{\mathrm{1}}\),..., \(a_{\mathrm{n}}\)) that represents m as in (4), together with its 2-weight, rounded to three decimal places
Full size table

Now suppose the statement of the lemma is true for all \(d < D\), where \(D\ge 5\), and consider an integer m with \(m < (4/3)2^{D} + 1\). If \(m < (4/3)2^{D-1} + 1\) then the conclusion of the lemma is true by the induction hypothesis, so we may assume that \(m > {(4/3)2^{D-1} + 1} = {(2/3)2^D + 1}\). Then

$$\begin{aligned} |m - (2^D + 1) |< (1/3) 2^D = (4/3)2^{D-2}. \end{aligned}$$

If \(m = 2^D + 1\) then m has a representation of length D given by \((0,\ldots ,0,1,-3)\), and the 2-weight of this sequence is \(1/2^{(D-1)/2} + 3/2^{(D+2)/2} < 1\). If \(m \ne 2^D + 1\), then by the induction hypothesis \(|m- (2^D + 1)|\) is represented by a sequence \((b_1,\ldots ,b_n)\) with \(n \le D-2\), with 2-weight less than 1, and with \(b_n\) odd. Let \(s =\pm 1\) be the sign of \(m- (2^D + 1)\). Then m is represented by the length-D sequence \((0, \ldots , 0, s, s b_1, \ldots , s b_n)\), where the initial s occurs at position \(D - n\ge 2\). We compute that then

$$\begin{aligned} w_2((0, \ldots , 0, s, s b_1, \ldots , s b_n))&= \frac{1}{2^{(D-n)/2}} \bigl ( 1 + w_2(( b_1, \ldots , b_n))\bigr )\\&< (1/2)(1 + 1) = 1. \end{aligned}$$

This completes the induction and proves the lemma. \(\square \)

3 Remarks

Remark 1

When \(m \ge 10\), the sequence \((a_1,\ldots ,a_n)\) produced by the proof of Lemma 4 satisfies \(a_1 = 0\), \(|a_i|\le 1\) for all \(i<n\), and \(a_i a_{i+1} = 0\) for all \(i < n-2\). Thus, the representation (4) of m by the sequence \((a_1,\ldots ,a_n)\) is closely related in spirit to the signed binary representations of integers described in [13, Sect. 8]; these are commonly known as balanced binary representations or NAF (non-adjacent form) representations, particularly in literature on efficient arithmetic in elliptic curve cryptography (for example, [4]).

Remark 2

Using a more naïve construction of sequences, DiPippo and Howe [2, Exercise 3.3.2, p. 450] show that for \(d>1\), every integer m with \(|m - (2^d+1)|\le (7/64)2^d\) is represented by a sequence of length d and 2-weight at most 1. Our use of the non-adjacent form construction allows us to replace 7/64 with 1/3 in this inequality when \(d>3\), and this allows us to cover all integers.

Remark 3

One obstacle to determining which integers occur as the group orders of abelian varieties over \({{\mathbb {F}}}_q\) is the difficulty of parametrizing the Weil polynomials of n-dimensional abelian varieties over \({{\mathbb {F}}}_q\). The coefficient space of these Weil polynomials can be viewed as a set of lattice points inside an explicitly given region \(V_n\) of \({{\mathbb {R}}}^n\) that is homeomorphic to a simplex; however, as n increases the simplex is stretched in ways that make it more and more difficult to analyze the lattice points it contains. See [2] for a discussion of these regions.