Cryptography Reference
In-Depth Information
The slope of the tangent line to the curve can be found by implicit differ-
entiation:
ds
dt
=3
t
2
+
As
2
+2
Ast
ds
dt
+3
Bs
2
ds
dt
,
so
3
t
2
+
As
2
ds
dt
3
Bs
2
.
If the line
t
=
c
is tangent to the curve at (
s, t
), then 1
−
2
Ast −
3
Bs
2
=0.
But
s ≡ t ≡
0(mod
p
) implies that
=
1
−
2
Ast
−
3
Bs
2
1
−
2
Ast
−
≡
1
≡
0(mod
p
)
.
Therefore,
t
=
c
is not tangent to the curve.
If
d
= 0, then our line is of the form in the lemma. But it passes through
the points
P
1
and
P
2
,sowemusthave
P
1
=
P
2
, and the line is tangent to the
curve. Changing back to
x, y
coordinates, we obtain
P
1
=
P
2
. The definition
of the group law says that since the points
P
1
and
P
2
are equal, the line
ax
+
by
+
d
=0istangentat(
x, y
). As pointed out above, this means that
at
+
b
+
ds
=0istangentat(
s, t
). The lemma says that this cannot happen.
Therefore,
d
=0.
Dividing by
d
,weobtain
s
=
αt
+
β
for some
α, β ∈
Q
.Then
P
1
,P
2
,P
3
lie on the line
s
=
αt
+
β
.
LEMMA 8.5
t
2
+
t
1
t
2
+
t
1
+
As
2
α
=
1
− A
(
s
1
+
s
2
)
t
1
− B
(
s
2
+
s
1
s
2
+
s
1
)
.
t
1
). Since
s
i
=
t
i
+
As
i
t
i
+
Bs
i
,
PROOF
If
t
1
=
t
2
,then
α
=(
s
2
−
s
1
)
/
(
t
2
−
we have
(
s
2
− s
1
)
1
− A
(
s
1
+
s
2
)
t
1
− B
(
s
2
+
s
1
s
2
+
s
1
)
=(
s
2
−
A
(
s
2
−
s
1
)
t
1
−
B
(
s
2
−
s
1
)
s
1
)
−
As
2
t
2
−
Bs
2
)
As
1
t
1
−
Bs
1
)+
As
2
(
t
2
−
=(
s
2
−
−
(
s
1
−
t
1
)
=
t
2
− t
1
+
As
2
(
t
2
− t
1
)
=(
t
2
− t
1
)(
t
2
+
t
1
t
2
+
t
1
+
As
2
)
.
This proves that (
s
2
− s
1
)
/
(
t
2
− t
1
) equals the expression in the lemma.
Now suppose that
t
1
=
t
2
. Since a line
t
=
c
with
c ≡
0(mod
p
) intersects
the curve
s
=
t
3
+
As
2
t
+
Bs
3
in only one point with
s ≡
0(mod
p
)by
Lemma 8.4, the points (
s
1
,t
1
)and(
s
2
,t
2
) must be equal. The line
s
=
αt
+
β
Search WWH ::
Custom Search