Cryptography Reference
In-Depth Information
Evaluating at
e
i
yields
∈
Q
×
2
.
e
i
)=(
ae
i
+
b
)
2
(
x
1
−
e
i
)(
x
2
−
e
i
)(
x
3
−
Since this is true for each
i
,
Q
×
/
Q
×
2
Q
×
/
Q
×
2
Q
×
/
Q
×
2
φ
(
P
1
)
φ
(
P
2
)
φ
(
P
3
)=1
∈
⊕
⊕
(that is, the product is a square, hence is equivalent to 1 mod squares). Since
any number
z
is congruent to its multiplicative inverse mod squares (that is,
z
equals 1
/z
times a square),
φ
(
P
3
)
−
1
=
φ
(
P
3
)=
φ
(
−P
3
)
.
Therefore,
φ
(
P
1
)
φ
(
P
2
)=
φ
(
−P
3
)=
φ
(
P
1
+
P
2
)
.
To show that
φ
is a homomorphism, it remains to check what happens when
one or both of
P
1
,P
2
is a point of order 1 or 2. The case where a point
P
i
is of
order 1 (that is,
P
i
=
∞
) is trivial. If both
P
1
and
P
2
have order 2, a case by
case check shows that
φ
(
P
1
+
P
2
)=
φ
(
P
1
)
φ
(
P
2
). Finally, suppose that
P
1
has
order 2 and
P
2
has
y
2
= 0. Let's assume
P
1
=(
e
1
,
0). The other possibilities
are similar. Since the values of
φ
are triples, let
φ
1
,φ
2
,φ
3
denote the three
components of
φ
(so
φ
=(
φ
1
,φ
2
,φ
3
)). The proof given above shows that
φ
i
(
P
1
)
φ
i
(
P
2
)=
φ
i
(
P
1
+
P
2
)
for
i
=2
,
3. So it remains to consider
φ
1
.
By inspection,
φ
1
(
P
)
φ
2
(
P
)
φ
3
(
P
) = 1 for all
P
.Sin e
φ
i
(
P
1
)
φ
i
(
P
2
)=
φ
i
(
P
1
+
P
2
)for
i
=2
,
3, the relation holds for
i
= 1, too. Therefore,
φ
is a
homomorphism.
Putting everything together, we see that
φ
is a homomorphism.
To prove the second half of the theorem, we need to show that if
x
−
e
i
is
a square for all
i
,then(
x, y
)=2
P
for some point
P
∈
E
(
Q
). Let
x − e
i
=
v
i
,
i
=1
,
2
,
3
.
For simplicity, we'll assume that
e
1
+
e
2
+
e
3
= 0, which means that the
equation for our elliptic curve has the form
y
2
=
x
3
+
Ax
+
B
.(If
e
1
+
e
2
+
e
3
=
0, the coecient of
x
2
is nonzero. A simple change of variables yields the
present case.) Let
f
(
T
)=
u
0
+
u
1
T
+
u
2
T
2
satisfy
f
(
e
i
)=
v
i
,
i
=1
,
2
,
3
.
Search WWH ::
Custom Search