Cryptography Reference
In-Depth Information
while the right-hand side is
−
φ
(
P
)
=
(
φ
1
(
x
)
+
yf
(
x
)
,
−
yφ
2
(
x
)
−
φ
3
(
x
)
−
a
1
(
φ
1
(
x
)
+
yf
(
x
))
−
a
3
)
.
It follows that (2
y
+
a
1
x
+
a
3
)
f
(
x
) is a function that is zero for all points (
x,y
)
∈
E
(
k
).
Since 2
y
+
a
1
x
+
a
3
is not the zero function (if it was zero then
k
(
E
)
= k
(
x,y
)
= k
(
y
),
which contradicts Theorem
8.6.4
) it follows that
f
(
x
)
=
0.
It then follows that
2
φ
3
(
x
)
=−
a
1
φ
1
(
x
)
−
a
3
+
(
a
1
x
+
a
3
)
φ
2
(
x
)
.
Lemma
9.6.12
will be refined in Theorem
9.7.5
.
→
E be as in Lemma
9.6.12
where φ
1
(
x
)
Lemma 9.6.13
Let φ
:
E
=
a
(
x
)
/b
(
x
)
. Then the
degree of φ is
max
{
deg
x
(
a
(
x
))
,
deg
x
(
b
(
x
))
}
.
Corollary
25.1.8
will give a more precise version of this result in a special case.
(
E
)
Proof
We have
k
(
E
)
= k
(
x,y
) being a quadratic extension of
k
(
x
), and
k
= k
(
x,
y
)
1
1
being a quadratic extension of
k
(
x
). Now
φ
1
(
x
) gives a morphism
φ
1
:
P
→ P
and this
morphism has degree
d
=
max
{
deg
x
(
a
(
x
))
,
deg
x
(
b
(
x
))
}
by Lemma
8.1.9
. It follows that
(
x
) is a degree
d
extension of
φ
1
k
k
(
x
). We therefore have the following diagram of field
extensions
k
(
E
)
2
(
E
)
k
(
x
)
k
d
2
k
(
x
)
(
E
)]
(
E
):
φ
∗
k
and it follows that [
k
=
d
.
p
m
for some
m
Example 9.6.14
Let
p
be a prime and let
q
=
∈ N
.Let
E
be an elliptic
F
q
.The
q
-power
Frobenius map
is the rational map
π
q
:
E
→
curve over
E
such that
O
E
it is an isogeny
(this can also be easily seen by explicit computation). If
E
has equation
y
2
O
E
)
=
O
E
and
π
q
(
x,y
)
=
(
x
q
,y
q
). Since
π
q
is a morphism that fixes
π
q
(
=
F
(
x
) (and so
q
(
x
q
,yF
(
x
)
(
q
−
1)
/
2
).
is odd) then one can write
π
q
in the form of Lemma
9.6.12
as
π
q
(
x,y
)
=
Note that
π
q
is the identity map on
E
(
F
q
) but is not the identity on
E
(
F
q
).
Corollary 9.6.15
Let the notation be as in Example
9.6.14
. The q-power Frobenius map
is inseparable of degree q.
Exercise 9.6.16
Prove Corollary
9.6.15
.
