Cryptography Reference
In-Depth Information
non-singular and with degrees reduced as in Lemma
10.1.6
and Lemma
10.1.8
then the
genus is max
. (Theorem
8.7.3
, as it is stated, cannot be
applied for hyperelliptic curves in characteristic 2, but a more general version of the Hurwitz
genus formula proves the above statement about the genus.) Hence, writing
d
{
deg(
H
(
x
))
−
1
,
deg(
F
(
x
))
/
2
−
1
}
=
g
+
1, the
conditions of Lemma
10.1.6
and Lemma
10.1.8
together with
deg(
H
(
x
))
=
d
or
2
d
−
1
≤
deg(
F
(
x
))
≤
2
d
(10.4)
are equivalent to the curve
y
2
F
(
x
) having genus
g
.
It is not necessary for us to prove the Riemann-Roch theorem or the Hurwitz genus
formula. Our discussion of Cantor reduction (see Lemma
10.3.20
and Lemma
10.4.6
) will
directly prove a special case of the Riemann-Roch theorem for hyperelliptic curves, namely
that every divisor class contains a representative corresponding to an effective divisor of
degree at most
g
+
H
(
x
)
y
=
1.
The reader should interpret the phrase “hyperelliptic curve of genus
g
” as meaning
the conditions of Lemma
10.1.6
and Lemma
10.1.8
together with equation (
10.4
)onthe
degrees of
H
(
x
) and
F
(
x
) hold.
=
d
−
10.2 Isomorphisms, automorphisms and twists
We consider maps between hyperelliptic curves in this section. We are generally interested
in isomorphisms over
.
In the elliptic curve case (see Section
9.3
) there was no loss of generality by assuming
that isomorphisms fix infinity (since any isomorphism can be composed with a translation
map). Since the points on a hyperelliptic curve do not, in general, form a group, one can
no longer make this assumption. Nevertheless, many researchers have restricted attention
to the special case of maps between curves that map points at infinity (with respect to
an affine model of the domain curve) to points at infinity on the image curve. Theorem
10.2.1
classifies this special case.
In this chapter, and in the literature as a whole, isomorphisms are usually not assumed
to fix infinity. For example, the isomorphism
ρ
P
defined earlier in Exercise
10.1.14
does
not fix infinity. Isomorphisms that map points at infinity to points at infinity map ramified
models to ramified models and unramified models to unramified models.
k
rather than just
k
Theorem 10.2.1
Let C
1
:
y
1
+
F
1
(
x
1
)
and C
2
:
y
2
+
H
1
(
x
1
)
y
1
=
H
2
(
x
2
)
y
2
=
F
2
(
x
2
)
be
hyperelliptic curves over
k
of genus g. Then every isomorphism φ
:
C
1
→
C
2
over
k
that
maps points at infinity of C
1
to points at infinity of C
2
is of the form
φ
(
x
1
,y
1
)
=
(
ux
1
+
r,wy
1
+
t
(
x
1
))
where u,w,r
∈ k
and t
∈ k
[
x
1
]
.IfC
1
and C
2
have ramified models then
deg(
t
)
≤
g.IfC
1
and C
2
have split or inert models then
deg(
t
)
≤
g
+
1
, and the leading coefficient of t
(
x
1
)
wG
+
(
x
1
)
or
wG
−
(
x
1
)
(where G
+
and G
−
are
is not equal to the leading coefficient of
−
−
as in Exercise
10.1.22
).
