Cryptography Reference
In-Depth Information
which can be written as
s
=
t
3
+
Ats
2
+
Bs
3
.
In the following, it will be convenient to write
p
j
|z
for a rational number
z
when
p
j
divides the numerator of
z
. Similarly, we'll write
z ≡
0(mod
p
j
)
in this case. These extended notions of divisibility and congruence satisfy
properties similar to those for the usual notions.
LEMMA 8.3
(
x, y
)
∈ E
r
ifand onlyif
p
3
r
|s
.If
p
3
r
|s
,then
p
r
|t
.
E
r
,then
p
3
r
divides the denominator of
y
,so
p
3
r
PROOF
If (
x, y
)
∈
s
.Then
p
3
r
divides the denominator of
y
. Part (2) of the theorem shows that
p
2
r
divides
the denominator of
x
. Therefore, (
x, y
)
∈ E
r
.
If
p
3
r
Conversely, suppose
p
3
r
divides the numerator of
s
=1
/y
.
|
|s
, then the exact power of
p
dividing the denominator of
y
is
p
3
k
,
with
k ≥ r
. Part (2) of the theorem implies that the exact power of
p
dividing
t
=
x/y
is
p
k
.Since
k ≥ r
,wehave
p
r
|t
.
We now continue with the proof of Theorem 8.1.
Let
λ
r
be as in the
statement of the theorem. Note that
p
−r
x/y
=
λ
r
(
−
(
x, y
)) =
λ
r
(
x,
−
y
)=
−
−
λ
r
(
x, y
)
.
We now claim that if
P
1
+
P
2
+
P
3
=
∞
then
λ
r
(
P
1
)+
λ
r
(
P
2
)+
λ
r
(
P
3
)
≡
0(mod
p
4
r
)
.
The proof will also show that if
P
1
,P
2
∈ E
r
,then
P
3
∈ E
r
(hence
E
r
is a
subgroup). Therefore,
λ
r
(
P
1
+
P
2
)=
λ
r
(
−
P
3
)=
−
λ
r
(
P
3
)=
λ
r
(
P
1
)+
λ
r
(
P
2
)
,
so
λ
r
is a homomorphism.
Recall that three points add to
∞
if and only if they are collinear (Exercise
2.6). To prove the claim, let
P
1
,P
2
,P
3
lie on the line
ax
+
by
+
d
=0
and assume that
P
1
,P
2
∈
E
r
. Dividing by
y
yields the
s, t
line
at
+
b
+
ds
=0
.
Let
P
i
denote the point
P
i
written in terms of the
s, t
coordinates. In other
words, if
P
i
=(
x
i
,y
i
)
,
Search WWH ::
Custom Search