Cryptography Reference
In-Depth Information
P
and such that the line between
P
and
Q
is not
contained in
U
(this is generically the case for an irreducible quadratic hypersurface). Then
the line between
P
and
Q
does not lie in
T
and so is given by an equation of the form
7
Let
Q
∈
U
(
k
) be such that
Q
=
(
x,y,z
)
=
P
+
t
(1
,a,b
)
(6.3)
for some
a,b
∈ k
(in other words, the equations
x
=
x
P
+
t,y
=
y
P
+
at
, etc). Such a
line hits
U
at precisely one point
Q
∈
U
(
k
) with
Q
=
P
. Writing
U
=
V
(
F
(
x,y,z
))
it follows that
F
(
x
P
+
t,y
P
+
at,z
P
+
bt
)
=
0 has the form
t
(
h
(
a,b
)
t
−
g
(
a,b
))
=
0for
some quadratic polynomial
h
(
a,b
)
∈ k
[
a,b
] and some linear polynomial
g
(
a,b
)
∈ k
[
a,b
].
2
Hence, we have a rational map
A
→
U
given by
g
(
a,b
)
h
(
a,b
)
(1
,a,b
)
.
(
a,b
)
→
P
+
The inverse is the rational map
=
((
y
Q
−
y
P
)
/
(
x
Q
−
x
P
)
,
(
z
Q
−
z
P
)
/
(
x
Q
−
p
U
(
x
Q
,y
Q
,z
Q
)
x
P
))
2
.
such that
p
U
:
U
→ A
1
(
1
(
Recall the map comp
2
:
G
q
3
,
2
→ A
F
q
3
) from the study of
T
2
. We identify
A
F
q
3
)
3
(
2
. This motivates
with
A
F
q
). The image of comp
2
is
U
, which is birational via
p
U
to
A
the following definition.
2
Definition 6.4.3
The
T
6
compression map
is comp
6
:
G
q,
6
→ A
is given by comp
6
=
decomp
2
p
−
U
.
p
U
comp
2
. The inverse of comp
6
is the
T
6
decompression map
decomp
6
=
Example 6.4.4
Let
q
≡
2
,
5 (mod 9) be an odd prime power so that
F
q
6
= F
q
(
ζ
9
) where
ζ
−
1
9
ζ
9
ζ
9
is a primitive 9th root of unity (see Exercise
6.4.5
). Let
θ
=
and
α
=
ζ
9
+
. Then
= F
q
(
α
). Note that
α
3
3
(
1
(
F
q
2
= F
q
(
θ
) and
F
q
3
−
3
α
+
1
=
0. Identify
A
F
q
) with
A
F
q
3
)
z
(
α
2
by
f
:(
x,y,z
)
→
x
+
yα
+
−
2). As in the proof of Lemma
6.4.1
one can verify that
the equation
N
F
q
6
/
F
q
2
((
f
(
x,y,z
)
+
θ
)
/
(
f
(
x,y,z
)
+
θ
))
=
1
is equivalent to
x
2
y
2
z
2
F
(
x,y,z
)
=
−
x
−
+
yz
−
=
0
.
Denote by
U
the hyperplane
V
(
F
(
x,y,z
)) in
A
3
.Let
P
=
(0
,
0
,
0). The tangent plane to
U
at
P
is given by the equation
x
=
0. Note that, since
−
3 is not a square in
F
q
, the o
n
ly
solution to
F
(0
,y,z
)
=
0 over
F
q
is (
y,z
)
=
(0
,
0) (but this statement is not true over
F
q
;
U
contains, for example, the line (0
,
−
ζ
3
t,t
)). Given
a,b
∈ F
q
the line (
t,at,bt
) hits
U
at
t
=
0 and
a
2
b
2
)
.
t
=
1
/
(1
−
+
ab
−
7
Here, and below,
P
+
Q
denotes the usual coordinate-wise addition of 3-tuples over a field.