Cryptography Reference
In-Depth Information
2
3
Table 3.4. Finite Subgroup
to
En
for
[]
EKy
/:
=+
,
x
3
x
Where
K
=
F
11
Point
P
Order
n
Point
P
Order
n
[0,0]
2
[3,6]
3
[1,9]
6
[6,5]
4
[1,2]
6
[6,6]
4
[2,5]
12
[7,1]
12
[2,6]
12
[7,10]
12
[3,5]
3
1
Let us review Mazur's theorem, by which we limit the number of groups to a ratio-
nal torsion subgroup.
Mazur's theorem:
Let
E
be a nonsingular cubic elliptic curve, and let
E
con-
tain a point
P
of finite order
m
. Then the torsion group is isomorphic to
Z
/
nZ
for
1
()
££
or
n
=
12 or
10
ZZZ Z
/2
´
/2
for
1
££
4.
3.9 Pairing-Based Cryptography
In recent years we have seen enormous usage of pairings in cryptography, which have
been particularly useful in implementing identity-based signature and encryption
schemes (Boneh and Boyen 2004; Boneh and Franklin 2001; Boneh and Shacham
2004; Boneh et al. 2004; Joux 2000; Sakai et al. 2000). In this section, we review Weil
and Tate pairings.
3.9.1 Divisor Theory
A
divisor
is the formal sum of points on the curve
E
:
y
2
=
x
3
+
Ax
+
B
defined over a
finite field
F
p
.
å
A
=
a P
[]
wh e
a
Î
Z
and
P
Î
E
(3.38)
i
i
i
i
i
The
degree
of the divisor is defined as
æ
ö
÷
ç
åå
÷
ç
[]
(3.39)
=Î
deg
aP
÷
a
Z
ç
÷
i
i
i
ç
÷
ç
è
i
i
Search WWH ::
Custom Search