PROOF Let n be any integer not divisible by the characteristic of K .

Represent α and β by matrices α n and β n (with respect to some basis of

E [ n ]). Then aα n + bβ n gives the action of aα + bβ on E [ n ]. A straightforward

calculation yields

det( aα n + bβ n )= a 2 det α n + b 2 det β n + ab (det( α n + β n ) − det α n − det β n )

for any matrices α n and β n (see Exercise 3.4). Therefore

deg( aα + bβ )

≡

a 2 deg α + b 2 deg β + ab (deg( α + β )

−

deg α

−

deg β )(mod n ) .

Since this holds for infinitely many n , it must be an equality.

3.4 The Tate-Lichtenbaum Pairing

Starting from the Weil pairing, it is possible to define a pairing that can be

used in cases where the full n -torsion is not available, so the Weil pairing does

not apply directly. The approach used in this section was inspired by work of

Schaefer [96].

THEOREM 3.17

Let E be an elliptic curve over F q .Let n be an integer such that n

1 .

Denoteby E ( F q )[ n ] the elem entsof E ( F q ) of order dividing n ,and let μ n =

{

|

q

−

x n =1

E ( F q )

satisfying nR = Q .Denoteby e n the n thWeilpairing and by φ = φ q the q th

pow er Frobenius endom orphism . D efine

x

∈

F q |

} .Let P

∈

E ( F q )[ n ] and Q

∈

E ( F q ) and choose R

∈

τ n ( P, Q )= e n ( P, R − φ ( R )) .

Then

τ n : E ( F q )[ n ]

×

E ( F q ) /nE ( F q )

−→

μ n

isawell-defined nondegeneratebilinear pairing.

The pairing of the theorem is called the modified Tate-Lichtenbaum

pairing . The original Tate-Lichtenbaum pairing is obtained by taking

the n th root of τ n , thus obtaining a pairing

−→ F q / ( F q ) n .

·

,

· n : E ( F q )[ n ]

×

E ( F q ) /nE ( F q )

The pairing τ n is better suited for computations since it gives a definite answer,

rather than a coset in F q mod n th powers. These pairings can be computed