Cryptography Reference
In-Depth Information
Proof
(Sketch) The proof is essentially the same as the proof of Proposition 3.1(b) of
Silverman [
505
]; one can also find the ramified case in Proposition 1.2 of Lockhart [
353
].
One notes that the valuations at infinity of
x
1
and
x
2
have to agree, and similarly for
y
1
and
y
2
. It follows that
x
2
lies in the same Riemann-Roch spaces as
x
1
and similarly for
y
2
and
y
1
. The result follows (the final conditions are simply that the valuations at infinity of
y
1
and
y
2
must agree, so we are prohibited from setting
y
2
=
w
(
y
1
+
t
(
x
)) such that it lowers
the valuation of
y
2
).
We now introduce quadratic twists in the special case of finite fields. As mentioned
in Example
9.5.2
, when working in characteristic zero there are infinitely many quadratic
twists.
Definition 10.2.2
Let
C
:
y
2
=
F
(
x
) be a hyperelliptic curve over a finite field
k
where
∈ k
∗
be a non-square (i.e., there is no
v
∈ k
∗
such that
u
v
2
) and
char(
k
)
=
2. Let
u
=
define
C
(
u
)
:
y
2
=
uF
(
x
).
Let
C
:
y
2
+
H
(
x
)
y
=
F
(
x
) be a hyperelliptic curve over a finite field
k
where char(
k
)
=
1. Define
C
(
u
)
:
y
2
uH
(
x
)
2
.
2. Let
u
∈ k
be such that Tr
k
/
F
2
(
u
)
=
+
H
(
x
)
y
=
F
(
x
)
+
-isomorphism class of the curve
C
(
u
)
In both cases, the
k
is called the non-trivial
quadratic twist
of
C
.
Exercise 10.2.3
Show that the quadratic twist is well-defined when
k
is a finite field. In
2if
u
and
u
are two different non-squares in
k
∗
then the corresponding curves
C
(
u
)
and
C
(
u
)
as in Definition
10.2.2
are isomorphic over
k
other words, show that in the case char(
k
)
=
2 and for two different choices of trace one elements
u,u
∈ k
show that the corresponding curves
C
(
u
)
and
C
(
u
)
are isomorphic over
. Similarly, if char(
k
)
=
k
.
and let
C
(
u
)
Exercise 10.2.4
Let
C
be a hyperelliptic curve over a finite field
k
be a
#
C
(
u
)
(
non-trivial quadratic twist. Show that #
C
(
F
q
)
+
F
q
)
=
2(
q
+
1).
We now cons
id
er automorphisms. Define Aut(
C
) to be the set of all isomorphisms
φ
:
C
→
k
C
over
. As usual, Aut(
C
) is a group under composition.
Example 10.2.5
Let
p>
2 be a prime and
C
:
y
2
=
x
p
−
x
over
F
p
.For
a
∈ F
p
,b
∈ F
p
one has isomorphisms
±
√
ay
)
φ
a
(
x,y
)
=
(
ax,
and
ψ
b,
±
(
x,y
)
=
(
x
+
b,
±
y
)
from
C
to itself (in both cases they fix the point at infinity). Hence, the subgroup of Aut(
C
)
consisting of maps that fix infinity is a group of at least 2
p
(
p
−
1) elements.
1
/x,y/x
(
p
+
1)
/
2
) that corresponds to an
There is also the birational map
ρ
(
x,y
)
=
(
−
isomorphism
ρ
:
C
C
on the projective curve. This morphism does not fix infinity. Since
all the compositions
ψ
b
,
±
◦
→
φ
a
are distinct one has 2
p
2
(
p
ρ
◦
ψ
b,
±
◦
−
1) isomorphisms of
2
p
2
(
p
this form. Hence, Aut(
C
) has size at least 2
p
(
p
−
1)
+
−
1)
=
2
p
(
p
+
1)(
p
−
1).
Exercise 10.2.6
Let
p>
2 be a prime and
C
:
y
2
x
p
F
p
. Show that the
subgroup of Aut(
C
) consisting of automorphisms that fix infinity has order 2
p
.
=
−
x
+
1 over
