Cryptography Reference
In-Depth Information
Example 10.1.7
The affine curve
y
2
x
3
y
x
6
F
2
2
to
Y
2
+
=
+
x
+
1 is isomorphic over
+
x
3
Y
ux
3
∈ F
2
2
satisfies
u
2
=
x
+
1via
Y
=
y
+
where
u
+
u
=
1. (Indeed, these curves
are quadratic twists; see Definition
10.2.2
.)
Lemma 10.1.8
Let
k
be a field such that
char(
k
)
=
2
. Every hyperelliptic curve over
k
to an equation of the form y
2
(
H
d
x
d
F
2
d
x
2
d
is isomorphic over
k
+
+···+
H
0
)
y
=
+
F
2
d
−
1
x
2
d
−
1
+···+
F
0
where either:
1. H
d
=
0
and (F
2
d
=
0
or F
2
d
−
1
=
0
);
(
H
d
/
2)
2
or F
2
d
−
1
=−
2. H
d
=
0
and (F
2
d
=−
H
d
H
d
−
1
/
2
).
Proof
If
H
d
=
F
2
d
=
F
2
d
−
1
=
0 then just replace
d
by
d
−
1. If
H
d
=
0 and both
F
2
d
=
(
H
d
/
2)
2
H
2
x
d
)
−
and
F
2
d
−
1
=−
H
d
H
d
−
1
/
2 then the morphism (
x,y
)
→
(
x,Y
=
y
+
maps the hyperelliptic equation to
H
d
2
x
d
)
2
(
H
d
x
d
H
d
2
x
d
)
(
F
2
d
x
2
d
F
2
d
−
1
x
2
d
−
1
−
+
+···+
−
−
+
+···+
(
Y
H
0
)(
Y
F
0
)
.
This can be shown to have the form
Y
2
+
h
(
x
)
Y
=
f
(
x
)
with deg(
h
(
x
))
≤
d
−
1 and deg(
f
(
x
))
≤
2
d
−
2. (This
is what happened
in Exer-
cise
10.1.5
.)
Exercise 10.1.9
Show that the hyperelliptic curve
y
2
(2
x
3
x
6
x
5
+
+
1)
y
=−
+
+
x
+
1
is isomorphic to
Y
2
x
5
x
3
+
Y
=
+
+
x
+
1.
10.1.1 Projective models for hyperelliptic curves
For the rest of the chapter we will assume that our hyperelliptic equations are
k
-irreducible
and non-singular as affine algebraic sets. We also assume that when char(
k
)
=
2 one of
the conditions of Lemma
10.1.6
holds and when char(
2 one of the conditions of
Lemma
10.1.8
holds. The interpretation of deg(
H
(
x
)) and deg(
F
(
x
)) in terms of the genus
of the curve will be discussed in Section
10.1.3
.
Suppose
y
2
k
)
=
+
=
F
(
x
) is a non-singular affine hyperelliptic equation for a projec-
tive non-singular curve
C
. Write
H
j
for the coefficients of
H
(
x
) and
F
j
for the coefficients
of
F
(
x
). Define
d
H
=
H
(
x
)
y
deg(
H
(
x
)) and
d
F
=
deg(
F
(
x
)). Let
d
=
max
{
d
H
,
d
F
/
2
}
and sup-
pose
d>
0. Set
H
d
=···=
H
d
H
+
1
=
0 and
F
2
d
=···=
F
d
F
+
1
=
0 if necessary.
(1
/x,y/x
d
) maps
C
to the affine algebraic set
The rational map (
Z,Y
)
=
ρ
(
x,y
)
=
C
†
:
Y
2
H
0
Z
d
)
Y
F
0
Z
2
d
.
+
(
H
d
+
H
d
−
1
Z
+···
=
F
2
d
+
F
2
d
−
1
Z
+···
(10.2)
It is easy to check that
C
†
is geometrically irreducible, since
C
is. Now, all affine points
(
z,y
)on
C
†
0 correspond to affine points on
C
and so are non-singular (since
non-singularity is a local property; see Remark
7.1.3
). To show that
C
†
is non-singular it is
sufficient to consider the points (
z,y
)
with
z
=
(0
,α
) where
α
2
=
+
H
d
α
−
F
2
d
=
0.
