Cryptography Reference
In-Depth Information
x
3
a
2
x
2
a
6
and let
E
:
y
2
Exercise 9.5.5
Let
F
(
x
)
=
+
+
a
4
x
+
+
(
a
1
x
+
a
3
)
y
=
F
(
x
)be
1. Define
E
:
y
2
an elliptic curve over
F
2
n
.Let
α
∈ F
2
n
be such that Tr
F
2
n
/
F
2
(
α
)
=
+
(
a
1
x
+
a
3
)
2
. For the special case (see Exercise
7.2.7
)
E
:
y
2
x
3
a
3
)
y
=
F
(
x
)
+
α
(
a
1
x
+
+
xy
=
+
a
6
,thisis
E
:
y
2
a
2
x
2
x
3
α
)
x
2
+
+
xy
=
+
(
a
2
+
+
a
6
.
F
2
n
. Hence, it makes sense to call
E
a
quadratic twist
of
E
. Show, using Exercise
2.14.7
, that #
E
(
Show that
E
is isomorphic to
E
over
F
2
2
n
but not over
#
E
(
2(2
n
F
2
n
)
+
F
2
n
)
=
+
1).
t
then #
E
(
2
n
2
n
Hence, if #
E
(
F
2
n
)
=
+
1
−
F
2
n
)
=
+
1
+
t
.
Let
E
and
E
be elliptic curves over
→
E
be an isomorphism that is
k
.Let
φ
:
E
:
E
. Then
φ
−
1
not defined over
k
→
E
is also an isomorphism t
h
at is not defined over
. One can therefore consider
σ
(
φ
−
1
):
E
k
→
E
for any
σ
∈
Gal(
k
/
k
). The composition
σ
(
φ
−
1
)
ψ
(
σ
)
=
◦
φ
is therefore an automorphism of
E
.
Exercise 9.5.6
Let
E
and
E
be elliptic curves over
→
E
is an
k
. Show that if
φ
:
E
isomorphism that is not defined over
k
then there exists some
σ
∈
Gal(
k
/
k
) such that
σ
(
φ
−
1
)
◦
φ
is not the identity.
σ
(
φ
−
1
)
φ
is a 1-cocycle with values in Aut(
E
). We refer to
Section X.2 of Silverman [
505
] for further discussion of this aspect of the theory (note that
Silverman considers twists for general curves
C
and his definition of Twist(
C
) is not for
pointed curves).
One can show that
σ
→
◦
Lemma 9.5.7
Let E be an elliptic curve over a finite field
k
where
char(
k
)
=
2
,
3
and
j
(
E
)
=
0
,
1728
. Then
#Twist(
E
)
=
2
.
Proof
Let
E/
be isomorphic to
E
. Without loss of generality,
E
and
E
are given in short
Weierstrass form
y
2
k
=
x
3
+
+
a
6
and
Y
2
=
X
3
+
a
4
X
+
a
6
with
a
4
,a
4
,a
6
,a
6
=
a
4
x
0.
Sinc
e
E
=
it follows from Theorem
9.3.4
that
a
4
=
u
4
a
4
and
a
6
=
E
over
k
u
6
a
6
for some
∗
. Hence,
u
2
a
6
a
4
/
(
a
6
a
4
)
∈ k
∗
. Since
u
∈ k
=
k
is finite and char(
k
)
=
2 the result follows
k
∗
:(
k
∗
)
2
]
from the fact that [
=
2.
An immediate consequence of Lemma
9.5.7
is that the number of
F
q
-isomorphism
classes of elliptic curves over
F
q
is approximately 2
q
.
Exercise 9.5.8
Let
k
be a finite field such that char(
k
)
≥
5 and let
E
be an elliptic curve
over
k
. Show that #Twist(
E
)
=
d
where
d
=
2if
j
(
E
)
=
0
,
1728,
d
=
4if
j
(
E
)
=
1728,
d
=
6if
j
(
E
)
=
0.
Due to Theorem
9.4.4
one might be tempted to phrase Lemma
9.5.7
and Exercise
9.5.8
as #Twist(
E
)
=
#Aut(
E
), but the following example shows that this statement is not true
in general.
Exercise 9.5.9
Let
E
:
y
2
x
3
+
y
=
over
F
2
. Show that the number of non-equivalent
twists of
E
over
F
2
is 4, whereas #Aut(
E
)
=
24.
