Cryptography Reference
In-Depth Information
E
1
has order
n
.Since
n
is not a power of
p
,we
may multiply
P
by the largest power of
p
dividing
n
and obtain a point, not
equal to
PROOF
Suppose
P
∈
∞
,oforderprimeto
p
. Therefore, we may assume that
P
has order
n
with
p
n
.Let
r
be the largest integer such that
P
∈
E
r
.Then
nλ
r
(
P
)=
λ
r
(
nP
)=
λ
r
(
∞
)
≡
0(mod
p
4
r
)
.
0(mod
p
4
r
), so
P
Since
p
E
5
r
.Since5
r>r
,this
contradicts the choice of
r
. Therefore,
P
does not exist.
n
,wehave
λ
r
(
P
)
≡
∈
The following theorem was proved independently by Lutz and Nagell in the
1930s. Quite often it allows a quick determination of the torsion points on an
elliptic curve over
Q
. See Section 9.6 for another method.
THEOREM 8.7 (Lutz-Nagell)
Let
E
be given by
y
2
=
x
3
+
Ax
+
B
with
A, B ∈
Z
.Let
P
=(
x, y
)
∈ E
(
Q
)
.
Suppose
P
has finiteorder.Then
x, y ∈
Z
.If
y
=0
then
y
2
4
A
3
+27
B
2
.
|
PROOF
Suppose
x
or
y
is not in
Z
. Then there is some prime
p
dividing
the denominator of one of them. By part (2) of Theorem 8.1,
P ∈ E
r
for
some
r
1. Let
be a prime dividing the order
n
of
P
.Then
Q
=(
n/
)
P
has order
. By Corollary 8.6,
=
p
. Choose
j
such that
Q
≥
∈
E
j
,Q
∈
E
j
+1
.
Then
λ
j
(
Q
)
≡
0(mod
p
), and
pλ
j
(
Q
)=
λ
j
(
pQ
)
≡
0(mod
p
4
j
)
.
Therefore,
0(mod
p
4
j−
1
)
.
λ
j
(
Q
)
≡
This contradicts the fact that
λ
j
(
Q
)
≡
0(mod
p
). It follows that
x, y ∈
Z
.
Assume
y
=0. Then2
P
=(
x
2
,y
2
)
=
∞
.Since2
P
has finite order,
x
2
,y
2
∈
Z
. By Theorem 3.6,
x
2
=
x
4
2
Ax
2
8
Bx
+
A
2
−
−
.
4
y
2
Since
x
2
∈
Z
, this implies that
y
2
|x
4
−
2
Ax
2
−
8
Bx
+
A
2
.
A straightforward calculation shows that
(3
x
2
+4
A
)(
x
4
2
Ax
2
8
Bx
+
A
2
)
(3
x
3
27
B
)(
x
3
+
Ax
+
B
)
=4
A
3
+27
B
2
.
−
−
−
−
5
Ax
−
Search WWH ::
Custom Search