On Analysis of Recovering Short Generator Problems via Upper and Lower Bounds of Dirichlet L-Functions: Part 1

Abstract

This article is a survey on upper and lower bounds of Dirichlet L-functions \(L(s,\chi )\) associated with Dirichlet characters \(\chi \) at \(s=1\). We give proofs of well-known upper and lower bounds of \(L(1, \chi )\) to let the reader know the difficulty of giving (lower) bounds of \(L(1,\chi )\). In the last part, we also review some explicit upper and lower bounds of Dirichlet L-functions which will be applied to security analysis of ideal lattice-based cryptography for cyclotomic fields explained in Part 2 (S. Okumura, On analysis of recovering short generator problems via upper and lower bounds of Dirichlet L-functions : Part 2 [20]).

Appendices

8 Appendix 1

We prepare several lemmas on complex analysis for Theorem 1.2.

Lemma 8.1

(The Schwartz lemma) Set \(D=\{z \in \mathbb {C} \ | \ |z|<1 \}\). Let \(f : D \rightarrow D\) be a holomorphic map such that \(f(0)=0\). Then, \(|f(z)|\le |z|\) for all \(z \in D\) and \(f'(0)\le 1\).

Moreover, suppose either that there exists \(z_0 \in D\) such that \(|f(z_0)|=|z_0|\), or that \(f'(0)= 1\) holds. Then we have \(f(z)=az\) for some \(a \in \partial D\).

Proof

Set \(g(z)= f(z)/z\) if \(z \in D-\{0\}\) and \(g(z)=f'(0)\) if \(z=0\). Then, g is holomorphic on D. For each \(r\in (0, 1)\) and the closed disc \(D_r = \{z \in \mathbb {C} \ | \ |z|\le r \}\), by the maximum modulus principle, there exists \(z_r \in \partial D_r\) such that \(\max _{z \in D_r}|g(z)| = |g(z_r)|=\frac{|f(z_r)|}{|z_r|} \le 1/r\). As we take the limit \(r\rightarrow 1-0\), we have the first assertion. As for the second assertion, we have only to verify that g is a constant, which is proved by the maximum modulus principle similarly.\(\square \)

Lemma 8.2

(The Borel–Carathéodory theorem) Let f(s) be a holomorphic function on \(|s|\le R\) with \(R>0\). For any \(r \in (0, R)\), we have

$$\max _{|s|\le r} |f(s)| \ (= \max _{|s|=r}|f(s)|) \le \frac{2r}{R-r}\max _{|s|\le R} \mathfrak {R}(f(s)) +\frac{R+r}{R-r}|f(0)|.$$

Proof

First consider the case \(f(0)=0\). Set \(A=\max _{|s|\le R}\mathfrak {R}(f(s))\). Then \(A \ge \mathfrak {R}(f(0))=0\). In what follows, we may assume \(A>0\); indeed, if \(A = 0\), the function \(\mathfrak {R}(f(x+iy))\) in (x, y) with \(x+iy \in D_R\) is a harmonic function and attains a maximum at the interior point 0 of \(D_R\). By the maximum modulus principle, \(\mathfrak {R}(f(s))\) must be a constant \(\mathfrak {R}(f(0))=0\) on \(D_R\). Thus f(s) is identically equal to zero on \(D_R\).

Set \(H_a=\{z \in \mathbb {C} \ | \ \mathfrak {R}(z)\le a\}\) for \(a\in \mathbb {R}\). Let us define the functions g and h by \(g(z)=z/A-1\) and \(h(z)= \frac{z+1}{z-1}\), respectively. By applying the Schwartz lemma for the composite

$$D_R \xrightarrow {f} H_A \xrightarrow {g} H_0 \xrightarrow {h} D_R,$$

we have \(|h\circ g\circ f(s)| \le |s/R|\) for all \(s \in D_R\), that is,

$$\frac{|R \, f(s)|}{|f(s)-2A|} \le |s|,$$

by which we have \(R |f(s)| \le r|f(s)-2A| \le r|f(s)|+2Ar\) on \(D_r\). Hence we obtain \(|f(s)|\le \frac{2r}{R-r}A\), which proves the assertion for f such that \(f(0)=0\). For the case \(f(0)\ne 0\), by applying the estimate above to \(f(s)-f(0)\), we obtain

$$|f(s)| \le |f(s)-f(0)|+|f(0)| \le \frac{2r}{R-r}\max _{|s|\le R}\mathfrak {R}(f(s)-f(0)) + |f(0)|.$$

for \(s\in D_r\). This completes the proof.\(\square \)

Lemma 8.3

([27, p. 56]) Suppose \(r>0\) and let f(s) be a holomorphic function on \(|s-s_0|\le r\) with \(f(s_0)\ne 0\). For a constant \(M>0\), suppose that \(\left| \frac{f(s)}{f(s_0)}\right| <e^M\) on \(|s-s_0|\le r\). Then, there exists an absolute constant \(A>0\) such that

$$\left| \frac{f'(s)}{f(s)}-\sum _{\rho }\frac{1}{s-\rho }\right| <\frac{AM}{r},$$

where \(\rho \) runs over the zeros of f(s) such that \(|\rho -s_0|\le r/2\) (the set of zeros is regarded as a multi-set).

Furthermore, if we suppose \(f(s)\ne 0\) for all \(s\in \mathbb {C}\) such that \(|s-s_0|\le r\) and \(\mathfrak {R}(s_0)<\mathfrak {R}(s)\), then we have

$$-\mathfrak {R}\left( \frac{f'(s_0)}{f(s_0)}\right) <\frac{AM}{r}.$$

Proof

Set \(g(s)=f(s)\prod _{\rho }(s-\rho )^{-1}\) and \(h(s)=\log \frac{g(s)}{g(s_0)}\), where \(\rho \) runs over the zeros of f(s) such that \(|\rho -s_0|\le r/2\). Then, g(s) is holomorphic on \(|s-s_0|\le r\) and non-zero for \(|s-s_0| \le r/2\). For \(s \in \mathbb {C}\) such that \(|s-s_0|=r\), we have

$$\left| \frac{g(s)}{g(s_0)}\right| = \left| \frac{f(s)}{f(s_0)}\prod _{\rho }\frac{s_0-\rho }{s-\rho }\right| \le \left| \frac{f(s)}{f(s_0)}\right| <e^M$$

by \(|s_0-\rho | \le r/2 \le |s-\rho |\). This inequality as above is still valid for \(|s-s_0|\le r\) by the maximum modulus principle. From this, we have \(\mathfrak {R}(h(s))<M\) for \(|s-s_0|\le r\). Then, by the Borel–Carathéodory theorem, the estimate

$$|h(s)|< \frac{2\times 3r/8}{r/2-3r/8}M \le A_0 M$$

holds for \(|s-s_0| \le 3r/8\) with \(A_0>0\) being an absolute constant (\(A_0=6\) is sufficient). Hence, for \(|s-s_0| \le r/4\) we obtain

$$\left| \frac{f'(s)}{f(s)}-\sum _{\rho }\frac{1}{s-\rho }\right| = |h'(s)|= \left| \frac{1}{2\pi i}\oint _{|z-s|=r/4} \frac{h(z)}{(z-s)^2}dz \right| < \frac{4A_0M}{r}.$$

This completes the proof of the first assertion. The inequality as above gives us

$$-\mathfrak {R}\left( \frac{f'(s_0)}{f(s_0)}\right) < \frac{AM}{r} -\sum _{\rho }\mathfrak {R}\left( \frac{1}{s_0-\rho }\right) .$$

This completes the proof of the second assertion since \(\mathfrak {R}\left( \frac{1}{s_0-\rho }\right) \ge 0\) holds under the assumption.\(\square \)

Proposition 8.4

([27, p. 57] Let f(s) be a holomorphic function on \(|s-s_0|\le r\) such that \(f(s_0)\ne 0\)

$$\left| \frac{f(s)}{f(s_0)}\right|< e^M \quad \text {and} \quad \left| \frac{f'(s_0)}{f(s_0)}\right| < \frac{M}{r} \quad \text {on} \quad |s-s_0| \le r $$

for a constant \(M>0\). Furthermore, suppose that \(f(s)\ne 0\) for all \(s=\sigma +it\) such that \(\sigma \ge \sigma _0-2r'\) and \(|s-s_0|\le r\), where we set \(\sigma _0 = \mathfrak {R}(s_0)\) and \(r'\) is some real number such that \(0<r'<r/4\). Then, there exists an absolute constant \(A'>0\) such that

$$\left| \frac{f'(s)}{f(s)}\right| < \frac{A'M}{r} \qquad |s-s_0|\le r'.$$

Proof

As in Lemma 8.3, we have \(-\mathfrak {R}\left( \frac{f'(s)}{f(s)}\right) < \frac{AM}{r}\) for all \(s=\sigma +it\) such that \(|s-s_0|\le r/4\) and \(\sigma \ge \sigma _0 -2r'\). Therefore, the Borel–Carathéodory theorem yields the inequalities

$$\max _{|s-s_0|\le r'}\left| -\frac{f'(s)}{f(s)}\right| \le \frac{2r'}{2r'-r'}\max _{|s-s_0|\le 2r'}\mathfrak {R}\left( \frac{-f'(s)}{f(s)}\right) + \frac{2r'+r'}{2r'-r'} \left| \frac{-f'(s_0)}{f(s_0)} \right| < \frac{(2A+3)M}{r}.$$

Thus we are done.\(\square \)

9 Appendix 2

Let \(\chi \) be a primitive Dirichlet character modulo q. With the aid of a functional equation of \(L(s,\chi )\) in Proposition 3.1 and the Hadamard factorization theorem of entire functions of finite order (cf. [3, Sects. 11 and 12] or [17, Sect. 10.2]), and by taking the logarithmic derivative, there exists a constant \(B(\chi ) \in \mathbb {C}\) such that

$$\frac{L'(s,\chi )}{L(s,\chi )} = -\frac{a_\chi }{s-1}-\frac{1}{2}\log \frac{q}{\pi } -\frac{1}{2}\frac{\varGamma '(s/2+\delta _\chi /2)}{\varGamma (s/2+\delta _\chi /2)} +B(\chi ) + \sum _{\rho }\left( \frac{1}{s-\rho }-\frac{1}{\rho }\right) ,$$

where \(\rho \) runs over all zeros of \(L(s,\chi )\) in the region \(0<\mathfrak {R}(s)<1\), and we put \(a_\chi =1\) if \(\chi \) is trivial and \(a_\chi =0\) otherwise. Furthermore, taking the real part yields \(-\mathfrak {R}\left( \frac{L'(s,\chi )}{L(s,\chi )}\right) = \frac{1}{2}\log \frac{q}{\pi } +\frac{1}{2}\mathfrak {R}\left( \frac{\varGamma '(s/2+\delta _\chi /2)}{\varGamma (s/2+\delta _\chi /2)}\right) -\mathfrak {R}(B(\chi )) - \mathfrak {R}\sum _{\rho }\left( \frac{1}{s-\rho }-\frac{1}{\rho }\right) .\) With the aid of \(\mathfrak {R}(B(\chi )) = -\sum _{\rho }\mathfrak {R}(\frac{1}{\rho })\) (cf. [3, p. 83, (18)]) and \(\mathfrak {R}\left( \frac{\varGamma '(s/2+\delta _\chi /2)}{\varGamma (s/2+\delta _\chi /2)}\right) =\mathscr {O}(\log (3+|t|))\) from Stirling’s formula, we have the following.

Lemma 9.1

There exists an absolute constant \(C>0\) such that

$$\begin{aligned} -\mathfrak {R}\left( \frac{L'(s,\chi )}{L(s,\chi )}\right) < \mathfrak {R}\left( \frac{a_\chi }{s-1}\right) + C \log \{q(3+|t|)\} -\sum _{\rho }\mathfrak {R}\left( \frac{1}{s-\rho }\right) \quad \mathfrak {R}(s)>1. \end{aligned}$$

This inequality is often used in the proof of Proposition 6.1 on zero-free regions. Here we notice that the inequality in Proposition 8.4 holds on a closed disc but Lemma 9.1 holds on a half plane.

9 Appendix 3

For application to security analysis of ideal lattice-based cryptography for cyclotomic fields, we review explicit upper and lower bounds of \(L(1,\chi )\) (cf. [20, 22]). Such bounds of Dirichlet L-functions are related to the size of a dual basis of a log-unit lattice for a cyclotomic field, and moreover the size of such a dual basis is concerned with the RSG attack¹ as in [2].

Let \(\delta _{a,b}\) denote the Kronecker delta.

Theorem 10.1

([24, Corollaries 1 and 3] (see also [12, Corollary 1.2]) For any non-trivial primitive Dirichlet character modulo q with \(\chi (-1)=(-1)^\varepsilon \) for \(\varepsilon \in \{0,1\}\), we have

$$| L(1,\chi ) |\le \frac{1}{2}\log q+\delta _{\varepsilon , 1} \left( \frac{5}{2}-\log 6\right) .$$

Furthermore, if 2|q, then we have

$$| L(1,\chi ) | \le \frac{1}{4}\log q +\delta _{\varepsilon , 0}\left( \frac{1}{2}\log 2\right) + \delta _{\varepsilon ,1}\left( \frac{5}{4}-\frac{1}{2}\log 3\right) .$$

Theorem 10.2

([4, Theorem 1.1]) For any primitive Dirichlet character modulo q such that 3|q and \(\chi (-1)=(-1)^\varepsilon \) for \(\varepsilon \in \{0,1\}\), we have

$$ | L(1,\chi ) |\le \frac{1}{3}\log q + \delta _{\varepsilon ,0} \, 0.368296+\delta _{\varepsilon , 1} \, 0.838374. $$

By combining Theorems 10.1 and 10.2, we have the following estimates.

Corollary 10.1

Let \(\chi \) be a non-trivial even primitive Dirichlet character modulo \(q=p^k\), where p is prime and \(k \in \mathbb {N}\). Let \(k_\chi \) be the integer such that \(f_\chi =p^{k_\chi }\). Then, we have

$$\displaystyle |L(1,\chi )|\le {\left\{ \begin{array}{ll} \frac{1}{4}(\log f_\chi + 2\log 2) &{} (p=2),\\ \delta _{k_\chi ,2}\left( \frac{1}{2}\log f_\chi \right) +(\sum _{m=3}^{\infty }\delta _{k_\chi ,m})\,\frac{1}{3}(\log f_\chi +1.104888) &{} (p=3),\\ \frac{1}{2}\log f_\chi &{} (p\ge 5). \end{array}\right. }$$

Here we note \(k_\chi \ge 2 \) if \(p=3\) by the fact that there exists no even non-trivial Dirichlet characters modulo 3.

Theorem 10.3

([14, Corollary 2]) For any non-quadratic primitive Dirichlet character modulo \(q>1\), we have

$$|L(1, \chi )|\ge \frac{1}{10 \log (q/\pi )}.$$