Cryptography Reference
In-Depth Information
Theorem 9.6.17
Let p be a prime and E,E elliptic curves over
→
E be
F
p
. Let ψ
:
E
a non-zero isogeny. Then there is an integer m and an elliptic curve E
(
q
)
(namely, the
p
m
-power Frobenius map to the coefficients of E;
the reader should not confuse the notation E
(
q
)
with the quadratic twist E
(
d
)
) and a
separable isogeny φ
:
E
(
q
)
curve obtained by applying the q
=
→
E of degree
deg(
ψ
)
/q such that ψ
=
φ
◦
π
q
where π
q
:
E
(
q
)
E
→
is the q-power Frobenius morphism.
Proof
See Corollary II.2.12 of [
505
].
The following result is needed to obtain many useful results in this chapter and in
Chapter
25
.
Theorem 9.6.18
Let E
1
,E
2
,E
3
be elliptic curves over
k
and φ
:
E
1
→
E
2
, ψ
:
E
1
→
E
3
isogenies over
k
. Suppose
ker(
φ
)
⊆
ker(
ψ
)
and that ψ is separable. Then there is a unique
isogeny λ
:
E
2
→
E
3
defined over
k
such that ψ
=
λ
◦
φ.
Proof
(Sketch) See Corolla
r
y III.4.11 of [
505
] for the case w
h
ere
k
is algebraically closed.
(
E
1
) is a Galois e
xt
ension of
φ
∗
(
The proof uses the fact that
k
k
(
E
2
)) (
wi
th Galois group iso-
morphic to ker(
φ
)). Furthermore, one has
ψ
∗
(
φ
∗
(
(
E
1
). The ex
is
tence
and uniqueness of the morphism
λ
follows from the Galois extension
φ
∗
(
k
(
E
3
))
⊆
k
(
E
2
))
⊆ k
(
E
2
))
/ψ
∗
(
k
k
(
E
3
))
and Theorem
5.5.24
. The uniqueness of
λ
implies it is actually defined over
k
, since
ψ
=
σ
(
ψ
)
=
σ
(
λ
)
◦
σ
(
φ
)
=
σ
(
λ
)
◦
φ.
for all
σ
∈
Gal(
k
/
k
).
Let
E
and
E
be elliptic curves over
→
E
(
)
is an isogeny. In particular, a non-zero isogeny has finite degree and hence finite kernel,
whereas one can have groups such as
E
(
k
. Not every group homomorphism
E
(
k
)
k
)
= Z
)
= Z
and
E
(
Q
Q
/
2
Z
for which there is a
→
E
(
non-zero group homomorphism
E
(
) whose kernel is infinite. It is natural to ask
whether every group homomorphism with finite kernel is an isogeny. The following result
shows that this is the case (the condition of being defined over
Q
)
Q
k
can be ignored by taking
a field extension).
Theorem 9.6.19
Let E be an elliptic curve over
k
. Let G
⊆
E
(
k
)
be a finite group that is
defined over
k
(i.e., σ
(
P
)
∈
G for all P
∈
G and σ
∈
Gal(
k
/
k
)
). Then there is a unique
) elliptic curve E over
(up to isomorphism over
k
k
and a (not necessarily unique) isogeny
→
E over
φ
:
E
k
such that
ker(
φ
)
=
G.
Proof
See Proposition III.4.12 and Exercise 3.13(e) of [
505
]. We will give a constructive
proof (Velu's formulae) in Section
25.1.1
, which also proves that the isogeny is defined
over
k
.
The elliptic curve
E
in Theorem
9.6.19
is sometimes written
E/G
. As noted, the isogeny
in Theorem
9.6.19
is not necessarily unique, but Exercise
9.6.20
shows the only way that
non-uniqueness can arise.
