Elliptic curves - Mathematics of Public Key Cryptography

Cryptography Reference

In-Depth Information

Clearly, τ Q is a rational map that is defined everywhere on E and so is a morphism.

Since τ Q has inverse map τ − Q it follows that τ Q is an isomorphism of the curve E to itself

(though be warned that in the next section we will define isomorphism for pointed curves

and τ Q will not be an isomorphism in this sense).

Corollary 9.2.3 Let E 1 and E 2 be elliptic curves over

E 2 be a rational

map. Then φ is the composition of a group homomorphism and a translation map.

and let φ : E 1 →

Proof First, by Lemma 7.3.6 a rational map to a projective curve is a morphism. Now

let φ (

O E 1 )

∈

E 2 (

). The composition ψ

τ − Q ◦

φ is therefore a morphism. As in

Theorem 9.2.1 it is a group homomorphism.

Hence, every rational map between elliptic curves corresponds naturally to a map of

groups. Theorem 9.6.19 gives a partial converse.

Example 9.2.4 Let E : y 2

x 3

x and Q

(0 , 0). We determine the map τ Q on E .

Let P

( x,y )

∈

E (

) be a point such that P is neither Q nor

O E . To add P and Q to

obtain ( x 3 ,y 3 ) we compute λ

( y

−

0) / ( x

−

y/x . It follows that

y 2

x 2 −

y 2

x 3

−

λ 2

x 3 =

−

x 2

and

= −

x 2 .

y 3 =−

λ ( x 3 −

−

y/x 2 )awayfrom

Hence, τ Q ( x,y )

. It is clear that τ Q is a rational map

of degree 1 and hence an isomorphism of curves by Lemma 8.1.15 . Indeed, it is easy to see

that the inverse of τ Q is itself (this is because Q has order 2).

One might wish to write τ Q projectively (we write the rational map in the form mentioned

in Exercise 5.5.2 ). Replacing x by x/z and y by y/z gives τ Q ( x/z,y/z )

(1 /x,

−

{ O E ,Q

}

yz/x 2 )

( z/x,

−

from which we deduce

yz : x 2 ) .

τ Q ( x : y : z )

( xz :

−

(9.7)

Note that this map is not defined at either

O E =

(0 : 1 : 0) or Q

(0:0:1),inthesense

that evaluating at either point gives (0 : 0 : 0).

To get a map defined at Q one can multiply the right-hand side of equation ( 9.7 ) through

by y to get

y 2 z : x 2 y )

x 3

xz 2

: x 2 y )

( xyz :

−

( xyz :

−

x 2

z 2

and dividing by x gives τ Q ( x : y : z )

( yz :

−

: xy ). One can check that τ Q (0 :

0:1)

(0 :

−

1:0)

(0 : 1 : 0) as desired. Similarly, to get a map defined at

O E one can

multiply ( 9.7 )by x , rearrange, and divide by z to get

( x 2

xy : y 2

τ Q ( x : y : z )

−

xz ) ,

which gives τ Q (0 : 1 : 0)

(0 : 0 : 1) as desired.

Mathematics of Public Key Cryptography

Search WWH ::

Custom Search

Home