Cryptography Reference
In-Depth Information
numbers (analogous to the Hasse bound for elliptic curves). Most results are presented for
general curves (i.e., not only hyperelliptic curves).
One of the most important results in the theory of curves over finite fields is the foll
ow
ing
theorem of Hasse and Weil. The condition that the roots of
L
(
t
) have absolute value
√
q
can
be interpreted as an analogue of the Riemann hypothesis. This result gives precise bounds
on the number of points on curves and divisor class groups over finite fields.
Theorem 10.7.1
(Hasse-Weil) Let C be a curve of genus g over
F
q
. There exists a
polynomial L
(
t
)
∈ Z
[
t
]
of degree
2
g with the following properties:
#Pic
0
1. L
(1)
F
q
(
C
)
.
2. One can write L
(
t
)
=
=
2
g
i
1
(
1
−
α
i
t
)
with α
i
∈ C
such that α
g
+
i
=
α
i
(this is complex
=
α
i
|=
√
q for
1
conjugation) and
|
≤
i
≤
g.
q
g
t
2
g
L
(1
/
(
qt
))
and so
3. L
(
t
)
=
a
g
−
1
t
g
−
1
a
g
t
g
qa
g
−
1
t
g
+
1
q
g
−
1
a
1
t
2
g
−
1
q
g
t
2
g
.
L
(
t
)
=
1
+
a
1
t
+···+
+
+
+···+
+
=
2
g
α
i
t
)
. Then
#Pic
0
4. For n
∈ N
define L
n
(
t
)
i
=
1
(1
−
F
q
n
(
C
)
=
L
n
(1)
.
Proof
The polynomial
L
(
t
) is the numerator of the zeta function of
C
. For detail
s
see
Section V.1 of Stichtenoth [
529
], especially Theorem V.1.15. The proof that
α
i
|=
√
q
for
|
all 1
2
g
is Theorem V.2.1 of Stichtenoth [
529
].
A proof of some parts of this result in a special case is given in Exercise
10.7.14
.
≤
i
≤
Exercise 10.7.2
Show that part 3 of Theorem
10.7.1
follows immediately from part 2.
Definition 10.7.3
The polynomial
L
(
t
) of Theorem
10.7.1
is called the
L
-polynomial
of
the curve
C
over
F
q
.
Theorem 10.7.4
(Schmidt) Let C be a curve of genus g over
F
q
. There there exists a divisor
D on C of degree 1 that is defined over
F
q
.
We stress that this result does not prove that
C
has a point defined over
F
q
(though when
q
is large compared with the genus, existence of a point in
C
(
F
q
) will follow by the Weil
bounds). The result implies that even a curve with no points defined over
F
q
does have a
divisor of degree 1 (hence, not an effective divisor) that is defined over
F
q
.
Proof
See Corollary V.1.11 of Stichtenoth [
529
].
We now describe the precise connection between the roots
α
i
of the polynomial
L
(
t
)
(corresponding to Pic
0
F
q
(
C
)) and #
C
(
F
q
n
)for
n
∈ N
.
F
q
and let α
i
∈ C
≤
≤
Theorem 10.7.5
Let C be a curve of genus g over
for
1
i
2
g be as
∈ N
in Theorem
10.7.1
. Let n
. Then
2
g
q
n
α
i
.
#
C
(
F
q
n
)
=
+
1
−
(10.18)
i
=
1
