Cryptography Reference
In-Depth Information
Since
-=+ on E , the above equation can be rewritten as
PPP
3
1
2
æ
ö
ax
++ ÷
by
c
ç
÷
+=++¥+ ç
(3.50)
[][ ] [
PP PP
][ ] div
÷
ç
1
2
1
2
÷
ç -
xx
è
ø

0
g
Lemma 3.2. Let D be a divisor on E with deg( D ) = 0. Then there exists a function f
on E such that
div ( )
f
=
(3.51)
if and only if
sum(
D
(3.52)
3.9.3 Weil Pairing
Weil pairing has existed since the introduction of Weierstrass's elliptic curve functions
and was introduced by him as a sigma function on the elliptic curves. In 1940, André
Weil gave a more abstract definition of this mapping in the Riemann hypothesis for
arbitrary genus curves over finite fields. Weil pairing is best explained mathematically.
Let E be an elliptic curve defined over a field K and let n be an integer such that it
is not divisible by the character i stic of K . Let z Î such that z n = 1. Then we define a
group of n th roots of unity in K such that
n
μ
=Î =
{
zKz
|
1}
(3.53)
n
The equation z n = 1 does not have multiple r oo ts, because n is not divisible by the
characteristic of K . Hence, the n roots exist in K and μ n is a cyclic group with order n .
Every cyclic group has a generator, and let be the generator for μ n . Here, is called a
primitive n th root of unity. Hence, Weil pairing is defined as a paring
eEnEn
:[] []
´
μ
(3.54)
n
n
Let
LE Î . Then, by Lemma 3.2, there exists a function such that
[]
=-¥
(3.55)
div(
f
)
nLn
[
]
[
]
¢ Î
[]
Let us choose
LEn
such that nL = L. Referring to Eq. (3.50), div( g ) is given as
å
¢
div(
g
)
=
([
L
+ -
M
]
[
M
])
(3.56)
MEn
Î
[]
Search WWH ::




Custom Search