Cryptography Reference
In-Depth Information
5.7 Weil restriction of scalars
Weil restriction of scalars is simply the process of re-writing a system of polynomial
equations over a finite algebraic extension
k
/
k
as a system of equations in more variables
1
(
2
(
over
k
. The canonical example is identifying the complex numbers
A
C
) with
A
R
)
1
(
2
(
via
z
). We only need to introduce this concept in the
special case of affine algebraic sets over finite fields.
=
x
+
iy
∈ A
C
)
→
(
x,y
)
∈ A
R
Lemma 5.7.1
Let q be a prime power, m
∈ N
and fix a vector space basis
{
θ
1
,...,θ
m
}
for
n
and let y
1
,
1
,...,y
1
,m
,...,y
n,
1
,...,y
n,m
F
q
m
over
F
q
. Let x
1
,...,x
n
be coordinates for
A
nm
. The map φ
:
nm
n
given by
be coordinates for
A
A
→ A
φ
(
y
1
,
1
,...,y
n,m
)
=
(
y
1
,
1
θ
1
+···+
y
1
,m
θ
m
,y
2
,
1
θ
1
+···+
y
2
,m
θ
m
,...,y
n,
1
θ
1
+···+
y
n,m
θ
m
)
A
nm
(
F
q
)
and
A
n
(
F
q
m
)
.
gives a bijection between
Exercise 5.7.2
Prove Lemma
5.7.1
.
n
be an affine algebraic set over
Definition 5.7.3
Let
X
=
V
(
S
)
⊆ A
F
q
m
.Let
φ
be as in
Lemma
5.7.1
. For each polynomial
f
(
x
1
,...,x
n
)
∈
S
⊆ F
q
m
[
x
1
,...,x
n
] write
φ
∗
(
f
)
=
f
◦
φ
=
f
(
y
1
,
1
θ
1
+···+
y
1
,m
θ
m
,y
2
,
1
θ
1
+···
+
y
2
,m
θ
m
,...,y
n,
1
θ
1
+···+
y
n,m
θ
m
)
(5.3)
as
f
1
(
y
1
,
1
,...,y
n,m
)
θ
1
+
f
2
(
y
1
,
1
,...,y
n,m
)
θ
2
+···+
f
m
(
y
1
,
1
,...,y
n,m
)
θ
m
(5.4)
where each
f
j
∈ F
q
[
y
1
,
1
,...,y
n,m
]. Define
S
⊆ F
q
[
y
1
,
1
,...,y
n,m
] to be the set of all such
polynomials
f
j
over all
f
∈
S
.The
Weil restriction of scalars
of
X
with respect to
F
q
m
/
F
q
mn
defined by
is the affine algebraic set
Y
⊆ A
V
(
S
)
.
Y
=
≡
F
p
2
= F
p
(
i
) where
i
2
=−
Example 5.7.4
Let
p
3 (mod 4) and define
1. Consider the
algebraic set
X
=
V
(
x
1
x
2
−
1)
⊆ A
2
. The Weil restriction of scalars of
X
with respect to
F
p
2
/
F
p
with basis
{
1
,i
}
is
4
.
Y
=
V
(
y
1
,
1
y
2
,
1
−
y
1
,
2
y
2
,
2
−
1
,y
1
,
1
y
2
,
2
+
y
1
,
2
y
2
,
1
)
⊆ A
Recall from Example
5.1.4
that
X
is an algebraic group. The multiplication operation
mult((
x
1
,x
2
)
,
(
x
1
,x
2
))
(
x
1
x
1
,x
2
x
2
)on
X
corresponds to the operation
mult((
y
1
,
1
,y
1
,
2
,y
2
,
1
,y
2
,
2
)
,
(
y
1
,
1
,y
1
,
2
,y
2
,
1
,y
2
,
2
))
=
(
y
1
,
1
y
1
,
1
−
y
1
,
2
y
1
,
2
,y
1
,
1
y
1
,
2
+
y
1
,
2
y
1
,
1
,y
2
,
1
y
2
,
1
−
y
2
,
2
y
2
,
2
,y
2
,
1
y
2
,
2
+
y
2
,
2
y
2
,
1
)
=
on
Y
.
