Cryptography Reference
In-Depth Information
Let G be a finite subgroup of E
(
k
)
. Let G
2
be the set of points in G
−{
O
E
}
of order
2
and
let G
1
be such that
#
G
=
1
+
#
G
2
+
2#
G
1
and
G
={
O
E
}∪
G
2
∪
G
1
∪{−
Q
:
Q
∈
G
1
}
.
Write
∂F
∂x
=
∂F
∂y
=−
3
x
2
F
x
=
+
2
a
2
x
+
a
4
−
a
1
y and F
y
=
2
y
−
a
1
x
−
a
3
.
For a point Q
=
(
x
Q
,y
Q
)
∈
G
1
∪
G
2
define the quantities
=
F
y
(
Q
)
2
=
−
a
3
2
u
(
Q
)
2
y
Q
−
a
1
x
Q
−
and
F
x
(
Q
)
∈
if Q
G
2
t
(
Q
)
=
−
∈
2
F
x
(
Q
)
a
1
F
y
(
Q
)
if Q
G
1
.
Note that if Q
∈
G
2
then F
y
(
Q
)
=
0
and so u
(
Q
)
=
0
.
Define
t
(
G
)
=
t
(
Q
)
and w
(
G
)
=
(
u
(
Q
)
+
x
Q
t
(
Q
))
Q
∈
G
1
∪
G
2
Q
∈
G
1
∪
G
2
and set
(
a
1
+
A
1
=
a
1
,A
2
=
a
2
,A
3
=
a
3
,A
4
=
a
4
−
5
t
(
G
)
,A
6
=
a
6
−
4
a
2
)
t
(
G
)
−
7
w
(
G
)
.
Then the map φ
:(
x,y
)
→
(
X,Y
)
where
t
(
Q
)
u
(
Q
)
X
=
x
+
x
Q
+
x
−
(
x
−
x
Q
)
2
Q
∈
G
1
∪
G
2
and
+
+
−
+
−
u
(
Q
)
2
y
a
1
x
a
3
t
(
Q
)
a
1
(
x
x
Q
)
y
y
Q
=
−
+
Y
y
x
Q
)
3
x
Q
)
2
(
x
−
(
x
−
Q
∈
G
1
∪
G
2
a
1
u
(
Q
)
−
F
x
(
Q
)
F
y
(
Q
)
+
x
Q
)
2
is a separable isogeny from E to
−
(
x
E
:
Y
2
X
3
A
2
X
2
+
A
1
XY
+
A
3
Y
=
+
+
A
4
X
+
A
6
with kernel G. Further, φ satisfies
φ
∗
dX
dx
=
.
2
Y
+
A
1
X
+
A
3
2
y
+
a
1
x
+
a
3
Proof
(Sketch) The basic idea (as used in Example
25.1.5
) is that the function
X
(
P
)
=
x
(
P
+
Q
)
Q
∈
G