Cryptography Reference
In-Depth Information
6.4.1 The torus
T
6
6
defined by the intersection of the
kernels of the norm maps N
F
q
6
/
F
q
3
and N
F
q
6
/
F
q
2
. It is known that
Recall that
T
6
is a two-dimensional algebraic set in
A
T
6
is rational, so the goal
is to represent elements of
G
q,
6
using only two elements of
F
q
.
2
(
The kernel of the norm map N
F
q
6
/
F
q
3
is identified with
T
2
(
F
q
3
)
⊂ A
F
q
3
). As in Sec-
1
(
3
(
tion
6.3.1
,
T
2
is birational to
A
F
q
3
) (which can then be identified with
A
F
q
)) via the
map decomp
2
(
a
)
=
(
a
+
θ
)
/
(
a
+
θ
) where
F
q
6
= F
q
3
(
θ
). The next step is to compute the
kernel of the norm map with respect to
F
q
6
/
F
q
2
.
Lemma 6.4.1
The Weil restriction of the kernel of
N
F
q
6
/
F
q
2
on
T
2
(
F
q
3
)
is birational with a
3
(
quadratic hypersurface U in
A
F
q
)
.
Proof
First, we represent an element of
T
2
(
F
q
3
)
−{
1
}
as a single value
a
∈ F
q
3
.Now
impose the norm equation on the image of decomp
2
(
a
)
a
a
q
2
a
q
4
+
θ
+
θ
+
θ
N
F
q
6
/
F
q
2
(decomp
2
(
a
))
=
a
+
θ
a
+
θ
a
+
θ
a
q
2
a
q
4
.
a
+
θ
+
θ
+
θ
=
a
q
2
a
q
4
a
+
θ
+
θ
+
θ
=
To solve N
F
q
6
/
F
q
2
(decomp
2
(
a
))
1 one clears the denominator and equates coefficients of
θ
,giving
a
1
+
q
2
+
q
4
θ
(
a
1
+
q
2
a
1
+
q
4
a
q
2
+
q
4
a
q
2
a
q
4
)
θ
2
(
a
θ
3
+
+
+
)
+
+
+
+
θ
2
(
a
θ
3
.
a
1
+
q
2
+
q
4
θ
(
a
1
+
q
2
a
1
+
q
4
a
q
2
+
q
4
a
q
2
a
q
4
)
=
+
+
+
)
+
+
+
+
θ
2
The cruci
al
observations are th
a
t the cubic terms in
a
cancel and that
θ
2
−
=−
A
(
θ
−
θ
)
θ
3
and
θ
3
(
A
2
−
=
−
B
)(
θ
−
θ
). Hence, we obtain a single equation in
a
.
1
(
3
(
Now, we identify
a
∈ A
F
q
3
)witha3-tuple(
a
0
,a
1
,a
2
)
∈ A
F
q
). Using the fact that
F
q
), it follows that the single equation
given above is actually a quadratic polynomial in (
a
0
,a
1
,a
2
). In other words, the values
(
a
0
,a
1
,a
2
) corresponding to solutions of the norm equation are points on a quadratic
hypersurface in
→
a
q
corresponds to an
F
q
-linear map on
A
3
(
a
A
3
(
F
q
), which we call
U
.
The general theory (see Rubin and Silverberg [
453
]) implies that
U
is irreducible, but
we do not prove this. It remains to give a rational parameterisation
p
U
:
U
2
→ A
of the
hypersurface. This is done using essentially the same method as Example
5.5.14
.
⊂ A
3
over a field
k
Lemma 6.4.2
An irreducible quadratic hypersurface U
is birational
k
A
2
.
over
to
Proof
(Sketch) Let
P
(
x
P
,y
P
,z
P
) be a point on
U
and change variables so that the
tangent plane
T
to
U
at
P
is
x
=
x
P
. We have not discussed
T
in this topic; the only
property we need is that
T
contains every line through
P
that is not contained in
U
and that
intersects
U
at
P
with multiplicity 2.
=
