Cryptography Reference
In-Depth Information
Now, returning to the problem of the Theorem, write
π
q
and
π
q
for the
q
-power Frobenius
maps on
E
and
E
respectively. Since
φ
is defined over
F
q
it follows that
π
q
◦
φ
=
φ
◦
π
q
.
Hence, (
π
q
−
1)
◦
φ
=
φ
◦
(
π
q
−
1) and so (applying Exercise
8.1.12
twice) deg(
π
q
−
1)
=
1) and #
E
(
deg(
π
q
−
1). The result follows since #
E
(
F
q
)
=
deg(
π
q
−
F
q
)
=
deg(
π
q
−
1).
The converse (namely, if
E
and
E
are elliptic curves over
#
E
(
F
q
and #
E
(
F
q
)
=
F
q
)
then there is an isogeny from
E
to
E
over
F
q
) is Tate's isogeny theorem [
540
]. This can be
proved for elliptic curves using the theory of complex multiplication (see Remark
25.3.10
).
We now give a refinement of Lemma
9.6.12
. This result shows that a separable isogeny
is determined by
φ
1
(
x
) when char(
k
=
)
2.
→
E be a separable
Theorem 9.7.5
Let the notation be as in Lemma
9.6.12
. Let φ
:
E
isogeny over
k
. Then φ may be expressed by a rational function in the form
(
φ
1
(
x
)
,cyφ
1
(
x
)
+
φ
(
x,y
)
=
φ
3
(
x
))
whe
re
φ
1
(
x
)
=
dφ
1
(
x
)
/dx is the (formal) derivative of the rational function φ
1
(
x
)
, where
∗
is a non-zero constant, and where
c
∈ k
a
3
)
φ
1
(
x
)
.
2
φ
3
(
x
)
=−
a
1
φ
1
(
x
)
−
a
3
+
c
(
a
1
x
+
Proof
Let
ω
E
=
dx/
(2
y
+
a
1
x
+
a
3
) be the invariant differential on
E
and
ω
E
=
a
3
) be the invariant differential on
E
. Since
φ
is separable, then
φ
∗
(
ω
E
) is non-zero. Furthermore, since
φ
is unramified, Lemma
8.5.36
implies that
div(
φ
∗
(
ω
E
))
dX/
(2
Y
+
a
1
X
+
φ
∗
(div(
ω
E
))
0. Hence,
φ
∗
(
ω
E
) is a multiple of
ω
E
and so
=
=
cφ
∗
(
dX/
(2
Y
dx/
(2
y
+
a
1
x
+
a
3
)
=
+
a
1
X
+
a
3
))
for some non-zero constant
c
∈ k
.
By Lemma
9.6.12
,
X
=
φ
1
(
x
),
Y
=
yφ
2
(
x
)
+
φ
3
(
x
) and
=−
−
a
3
+
+
2
φ
3
(
x
)
a
1
φ
1
(
x
)
(
a
1
x
a
3
)
φ
2
(
x
)
.
Now, since
dX/dx
=
φ
1
(
x
)
φ
∗
(
dX/
(2
Y
φ
1
(
x
)
dx/
(2(
yφ
2
(
x
)
+
a
1
X
+
a
3
))
=
+
φ
3
(
x
))
+
a
1
φ
1
(
x
)
+
a
3
)
.
Hence, substituting for
φ
3
(
x
)
φ
∗
(
dX/
(2
Y
φ
1
(
x
)
dx/
((2
y
+
a
1
X
+
a
3
))
=
+
a
1
x
+
a
3
)
φ
2
(
x
))
(
φ
1
(
x
)
/φ
2
(
x
))
dx/
(2
y
=
+
a
1
x
+
a
3
)
.
∗
, which proves the result.
cφ
1
(
x
)
for some
c
It follows that
φ
2
(
x
)
=
∈ k
In Section
25.1.1
we will make use of Theorem
9.7.5
in the case
c
=
1.
Exercise 9.7.6
Let the notation be as in Theorem
9.7.5
and suppose char(
k
)
=
2. Show
that there are only two possible values for the rational function
φ
3
(
x
).
