Cryptography Reference
In-Depth Information
Since
-=+
on
E
, the above equation can be rewritten as
PPP
3
1
2
æ
ö
ax
++
÷
by
c
ç
÷
+=++¥+
ç
(3.50)
[][ ] [
PP PP
][ ] div
÷
ç
1
2
1
2
÷
ç
-
xx
è
ø
0
g
Lemma 3.2.
Let
D
be a divisor on
E
with deg(
D
)
=
0. Then there exists a function
f
on
E
such that
div ( )
f
=
(3.51)
if and only if
sum(
D
=¥
(3.52)
3.9.3 Weil Pairing
Weil pairing has existed since the introduction of Weierstrass's elliptic curve functions
and was introduced by him as a sigma function on the elliptic curves. In 1940, André
Weil gave a more abstract definition of this mapping in the Riemann hypothesis for
arbitrary genus curves over finite fields. Weil pairing is best explained mathematically.
Let
E
be an elliptic curve defined over a field
K
and let
n
be an integer such that it
is not divisible by the character
i
stic of
K
. Let
z
Î
such that
z
n
=
1. Then we define a
group of
n
th roots of unity in
K
such that
n
μ
=Î =
{
zKz
|
1}
(3.53)
n
The equation
z
n
=
1
does not have multiple r
oo
ts, because
n
is not divisible by the
characteristic of
K
. Hence, the
n
roots exist in
K
and μ
n
is a cyclic group with order
n
.
Every cyclic group has a generator, and let
be the generator for μ
n
. Here,
is called a
primitive
n
th root of unity. Hence,
Weil pairing
is defined as a paring
eEnEn
:[] []
´
μ
(3.54)
n
n
Let
LE
Î
. Then, by Lemma 3.2, there exists a function such that
[]
=-¥
(3.55)
div(
f
)
nLn
[
]
[
]
¢
Î
[]
Let us choose
LEn
such that
nL
=
L.
Referring to Eq. (3.50), div(
g
) is given as
å
¢
div(
g
)
=
([
L
+ -
M
]
[
M
])
(3.56)
MEn
Î
[]
Search WWH ::
Custom Search