Cryptography Reference
In-Depth Information
3.5.2 Weierstrass Equations
The nonsingular Weierstrass equation is defined over a field K as
2
3
2
y
++=+++
a y
ay
xaxaxa
(3.13)
1
3
2
4
6
where
δ along
with point to infinity ( ) (We can imagine in K as seated infinitely far up the y
axis). It is best explained using projective space (Washington 2003). If K is a finite
field F q , where q is the order and having characteristic p , and #E(K) denotes the num-
ber of elements in F q , then Hasse's theorem provides the tight bound for the cardinal-
ity of E ( K ):
Î The set K consists of the points (, )
xy
K K
aa a a
,,, and
a
.
1234
6
( )
2
( )
2
-£ £ +
q
1 (
)
q
1
(3.14)
The discriminant Δ is
2
3
2
Δ
=- - -
pp
8
p
27
p
+
9
ppp
(3.15)
28
4
6
246
where
2
pa
=+
4
a
( 3.16)
2
1
2
p
=+
2
a
a a
(3.17)
4
4
1
3
2
pa
=+
4
a
(3.18)
6
3
6
2
2
2
paa aaaaaaa a
=+- +-
4
(3.19)
8
1
6
2
6
1
3
4
2
3
4
This generalized Weierstrass equation is more useful in binary fields. Hence,
#( )
EK
=+-
q
1
t
wh e
t
£
2
q
(3.20)
If p is divisible by t , then E is said to be supersingular; otherwise it is ordinary.
However, if || 2
t
£
q
and p is not divisible by t , then there exists an elliptic curve E
over F q with
=+- .
The Weierstrass equation for elliptic curve E is defined as
EF
()
q
1
t
q
2
3
y
=++
x
x
B
(3.21)
where A , B , x , and y are taken to be elements of a field. Hence, the discriminant is
Search WWH ::




Custom Search