Cryptography Reference
In-Depth Information
3.5.2 Weierstrass Equations
The nonsingular Weierstrass equation is defined over a field
K
as
2
3
2
y
++=+++
a y
ay
xaxaxa
(3.13)
1
3
2
4
6
where
δ
along
with
point to infinity
(
) (We can imagine
in
K
as seated infinitely far up the
y
axis). It is best explained using projective space (Washington 2003). If
K
is a finite
field
F
q
, where
q
is the order and having characteristic
p
, and #E(K) denotes the num-
ber of elements in
F
q
, then Hasse's theorem provides the tight bound for the cardinal-
ity of
E
(
K
):
Î
The set
K
consists of the points
(, )
xy
K K
aa a a
,,, and
a
.
1234
6
( )
2
( )
2
-£ £ +
q
1 (
)
q
1
(3.14)
The discriminant Δ is
2
3
2
Δ
=- - -
pp
8
p
27
p
+
9
ppp
(3.15)
28
4
6
246
where
2
pa
=+
4
a
( 3.16)
2
1
2
p
=+
2
a
a a
(3.17)
4
4
1
3
2
pa
=+
4
a
(3.18)
6
3
6
2
2
2
paa aaaaaaa a
=+- +-
4
(3.19)
8
1
6
2
6
1
3
4
2
3
4
This generalized Weierstrass equation is more useful in binary fields. Hence,
#( )
EK
=+-
q
1
t
wh e
t
£
2
q
(3.20)
If
p
is divisible by
t
, then
E
is said to be supersingular; otherwise it is ordinary.
However, if
|| 2
t
£
q
and
p
is not divisible by
t
, then there exists an elliptic curve
E
over
F
q
with
=+-
.
The Weierstrass equation for elliptic curve
E
is defined as
EF
()
q
1
t
q
2
3
y
=++
x
x
B
(3.21)
where
A
,
B
,
x
,
and
y
are taken to be elements of a field. Hence, the discriminant is
Search WWH ::
Custom Search