Elliptic curves - Mathematics of Public Key Cryptography

Cryptography Reference

In-Depth Information

9.7 The invariant differential

Let E over

be an elliptic curve. Recall the differential

ω E =

(9.10)

2 y

a 1 x

a 3

on the Weierstrass equation for E , which was studied in Example 8.5.32 . We showed that

the divisor of ω E is 0. Let Q

∈

) and τ Q be the translation map. Then τ Q ( ω E )

∈

E (

k ( E )

and so, by Theorem 8.5.21 , τ Q ( ω E )

∈ k

fω E for some f

( E ). Lemma 8.5.36 implies

τ Q (div( ω E ))

0. It follows that τ Q ( ω E )

∈ k ∗ .The

0 and so div( f )

cω E for some c

following result shows that c

1 and so ω E is fixed by translation maps. This explains

why ω E is called the invariant differential .

Theorem 9.7.1 Let E be an elliptic curve in Weierstra ss form and let ω E be the differential

in equation ( 9.10 ). Then τ Q ( ω E )

ω E for all Q

∈

E (

) .

Proof See Proposition III.5.1 of [ 505 ].

An important fact is that the action of isogenies on differentials is linear.

Theorem 9.7.2 Let E,E be elliptic curves over

and ω E the invariant differential on E.

→ E are isogenies. Then

Suppose φ,ψ : E

ψ ) ∗ ( ω E )

φ ∗ ( ω E )

ψ ∗ ( ω E ) .

( φ

Proof See Theorem III.5.2 of [ 505 ].

A crucial application is to determine when certain isogenies are separable. In particular,

if E is an elliptic curve over

F p n then [ p ] is inseparable on E , while π p n

−

1 is separable

(where π p n is the p n -power Frobenius).

Corollary 9.7.3 Let E be an elliptic curve over

. Let m

∈ Z

. Then [ m ] is separable if

and only if m is coprime to the characteristic of

. Let

k = F q and π q be the q-power

Frobenius. Let m,n

∈ Z

. Then m

nπ q is separable if and only if m is coprime to q.

Proof (Sketch) Theorem 9.7.2 implies [ m ] ∗ ( ω E )

mω E .So[ m ] ∗ maps k ( E )to

{

}

and only if the characteristic of

divides m . The first part then follows from Lemma 8.5.35 .

The second part follows by the same argument, using the fact that π q is inseparable and so

π q ( ω E )

0. For full details see Corollaries III.5.3 to III.5.5 of [ 505 ].

This result has the following important consequence.

Theorem 9.7.4 Let E and E be elliptic curves over a finite field

→ E is an

F q .Ifφ : E

# E (

isogeny over

F q then # E (

F q )

F q ) .

Proof Let π q be the q -power Frobenius map on E .For P

∈

E (

F q )wehave π q ( P )

P if

and only if P

∈

E (

F q ). Hence, E (

F q )

ker( π q −

1). Since π q −

1 is separable it follows

that # E (

F q )

deg( π q −

1).

Mathematics of Public Key Cryptography

Search WWH ::

Custom Search

Home