Cryptography Reference
In-Depth Information
O
for cryptographic purposes, we may simply regard
as a formal symbol subject
to certain computational rules. However, to obtain an idea about where these rules
come from, we may look at this point geometrically as sitting infinitely far up the
y
-axis in such a way that all vertical lines pass through it and it is the only common
point of all these lines (as suggested by the saying 'parallels meet at infinity'). Since
this point is unique we may also visualize it sitting infinitely far down the
y
-axis but
one should bear in mind that the term 'infinitely far' is meaningless for finite fields
which, in addition, may not have an ordering of elements that allows us to distinguish
up from down. However,
can be simply thought of as the unique common point
to all vertical lines also in this case.
Another aspect that deserves comment is the condition 4
a
3
O
27
b
2
+
=
0inthe
4
a
3
27
b
2
definition above, which amounts to
is
the
discriminant
of the curve. This is equivalent to the curve being
nonsingular
or
smooth
, i.e., to the fact that there is a unique well-defined tangent at each point on
the curve. To understand why this is so let us elaborate this point a little further. For
example, it is intuitively clear that the real curve
y
2
Δ
=
0, where
Δ
=−
16
(
+
)
∈ F
x
3
—for which
=
Δ
=
0—has a
“corner” at the point
and there are many different lines that intersect the curve
only at this point, so that the tangent is not well defined.
The concept of
singular point
on the curve of equation
F
(
0
,
0
)
(
x
,
y
)
=
0, where
F
(
x
,
y
)
∈ F[
x
,
y
]
is a polynomial in the variables
x
,
y
, with coefficients in
F
, can
then be formalized as follows. The point
P
on the curve is said to be
singular if, denoting by
F
x
and
F
y
, respectively, the partial derivatives of
F
with
respect to
x
and
y
it holds that
=
(
x
0
,
y
0
)
F
x
(
x
0
,
y
0
)
=
F
y
(
x
0
,
y
0
)
=
0
.
Otherwise,
P
is said to be
smooth
2
and the curve is smooth if all the
K
-rational points
on the curve are smooth for all finite extensions
K
of
F
. This is usually expressed
in terms of algebraic closures. A field
K
is called
algebraically closed
if every
polynomial of degree
≥
1 with coefficients in
K
has a zero in
K
or, equivalently by
Theorem 2.21, every polynomial of degree
≥
1in
K[
X
]
splits into linear factors. An
algebraic closure
K
of
F
is an extension of
F
which is algebraically closed and such
that each element of
K
is a zero of a nonzero polynomial with coefficients in
F
(the
latter property is that
K
is an algebraic extension of
F
). Each field has an algebraic
closure, with the best known example being
C
, which is an algebraic closure of
R
.
Returning to the curve, we have that
F
(
x
,
y
)
=
0 is smooth precisely when all the
K
.We
also remark here that the (partial) derivatives of polynomials may be algebraically
defined by the usual rules over an arbitrary field.
-rational points on the curve are smooth, with
K
being an algebraic closure of
F
is a singular point on the curve
y
2
x
3
Exercise 11.1
Show that if
(
x
0
,
y
0
)
=
+
ax
+
b
,
then this point lies in the
x
-axis.
2
The point at infinity in an elliptic curve is regarded as smooth and the tangent to the curve at this
point is the line at infinity, which intersects the curve only at this point.
