Cryptography Reference
In-Depth Information
Such an
f
exists since there is a unique quadratic polynomial whose graph
passes through any three points that have distinct
x
-coordinates. In fact
1
(
e
1
− e
2
)(
e
1
− e
3
)
(
T
f
(
T
)=
v
1
−
e
2
)(
T
−
e
3
)
1
+
v
2
e
3
)
(
T − e
1
)(
T − e
3
)
(
e
2
−
e
1
)(
e
2
−
1
(
e
3
− e
1
)(
e
3
− e
2
)
(
T
+
v
3
−
e
1
)(
T
−
e
2
)
.
f
(
T
)
2
.Then
g
(
e
i
) = 0 for all
i
,so
Let
g
(
T
)=
x
−
T
−
T
3
+
AT
+
B
=(
T
−
e
1
)(
T
−
e
2
)(
T
−
e
3
) divides
g
(
T
)
.
Therefore,
g
(
T
)
≡
0(mod
T
3
+
AT
+
B
), so
x − T ≡
(
u
0
+
u
1
T
+
u
2
T
2
)
2
(mod
T
3
+
AT
+
B
)
.
(We say that two polynomials
P
1
,P
2
are congruent mod
P
3
if
P
1
− P
2
is a
multiple of
P
3
.) This congruence for
x − T
can be thought of as a way of
simultaneously capturing the information that
x − e
i
is a square for all
i
.
Mod
T
3
+
AT
+
B
,wehave
T
3
T
4
≡ T · T
3
≡−AT
2
≡−AT − B,
− BT.
Therefore,
x − T ≡
(
u
0
+
u
1
T
+
u
2
T
2
)
2
≡ u
0
+2
u
0
u
1
T
+(
u
1
+2
u
0
u
2
)
T
2
+2
u
1
u
2
T
3
+
u
2
T
4
≡
(
u
0
−
Bu
2
)
T
2
Bu
1
u
2
)+(2
u
0
u
1
−
2
Au
1
u
2
−
+(
u
1
+2
u
0
u
2
−
Au
2
)
T
2
.
If two polynomials
P
1
and
P
2
of degree at most two are congruent mod a
polynomial of degree three, then their difference
P
1
−
P
2
is a polynomial of
degree at most two that is divisible by a polynomial of degree three. This can
only happen if
P
1
=
P
2
. In our case, this means that
x
=
u
0
−
2
Bu
1
u
2
(8.1)
Bu
2
−
1=2
u
0
u
1
−
2
Au
1
u
2
−
(8.2)
0=
u
1
+2
u
0
u
2
−
Au
2
.
(8.3)
If
u
2
= 0 then (8.3) implies that also
u
1
=0. Then
f
(
T
) is constant, so
v
1
=
v
2
=
v
3
.
This means that
e
1
=
e
2
=
e
3
, contradiction.
Therefore,
= 0. Multiply (8.3) by
u
1
/u
2
and multiply (8.2) by 1
/u
2
, then subtract to
obtain
u
2
1
u
2
2
=
u
1
u
2
3
+
A
u
1
u
2
+
B.
Search WWH ::
Custom Search