Cryptography Reference
In-Depth Information
groups and then prove that the map
P
→
(
P
)
−
(
O
E
) is a group homomorphism; whereas
we use this map to prove that
E
(
k
) is a group.
Theorem 7.9.9
Let E be an elliptic curve over a field
)
by pulling back the divisor class group operations via the bijection of Theorem
7.9.8
is the
chord-and-tangent rule.
k
. The group law induced on E
(
k
Proof
Let
P
1
,P
2
∈
E
(
k
). To add these points, we map them to divisor classes (
P
1
)
−
(
O
E
)
O
E
)inPic
0
and (
P
2
)
−
(
(
E
). Their sum is (
P
1
)
+
(
P
2
)
−
2(
O
E
), which is reduced to the
k
form (
S
)
−
(
O
E
) by applying the rules in the proof of Theorem
7.9.8
. In other words, we get
+
−
O
E
)
=
−
O
E
)
+
=
v
(
x
)if
P
1
=
(
P
1
)
(
P
2
)
2(
(
S
)
(
div(
f
(
x,y
)) where
f
(
x,y
)
ι
(
P
2
)or
=
f
(
x,y
)
l
(
x,y
)
/v
(
x
) in the general case, where
l
(
x,y
) and
v
(
x
) are the lines from
Definition
7.9.1
. Since these are precisely the same lines as in the description of the
chord-and-tangent rule it follows that the point
S
is the same point as produced by the
chord-and-tangent rules.
A succinct way to describe the elliptic curve addition law (since there is a single
point at infinity) is that three points sum to zero if they lie on a line. This is simply a
restatement of the fact that if
P
,
Q
and
R
line on the line
l
(
x,y,z
)
=
0 then the divisor
(
P
)
+
(
Q
)
+
(
R
)
−
3(
O
E
) is a principal divisor.
Exercise 7.9.10
One can choose any
k
-rational point
P
0
∈
E
(
k
) and define a group law on
E
(
) such that
P
0
is the identity element. The sum of points
P
and
Q
is defined as follows:
let
l
be the line through
P
and
Q
(taking the tangent if
P
k
Q
, which uniquely exists since
E
is non-singular). Then
l
hits
E
at a third point (counting multiplicities)
R
. Draw a line
v
between
P
0
and
R
. This hits
E
at a third point (again counting with multiplicities)
S
. Then
P
=
+
Q
is defined to be the point
S
. Show that this operation satisfies the axioms of a group.