Cryptography Reference
In-Depth Information
(a,b)=(10, 1).
We have
x
=10
u
2
x −
5=
v
2
x
+5=10
w
2
.
Therefore,
10
u
2
v
2
=5
,
10
w
2
10
u
2
=5
.
−
−
As before, the denominators of
u, v, w
are not divisible by 5. Write
v
=5
v
1
.
Then 2
u
2
−
5
v
1
=1,so2
u
2
≡
1 (mod 5). This is impossible, so the pair
(
a, b
)=(10
,
1) is eliminated.
The pairs (
a,
1) with
a<
0 are eliminated since
a, b
must have the same
sign. Therefore, (1
,
1) =
φ
(
∞
) is the only pair of the form (
a,
1) corresponding
to a point.
Let (
a, b
) be any pair. There is a point
P
with
φ
(
P
)=(
a
,b
) on the list
L
for some
a
.Ifthereisapoint
Q
with
φ
(
Q
)=(
a, b
), then
Q
)=(
a
,b
)(
a, b
)
−
1
=(
a
,
1)
φ
(
P
−
for some
a
. We showed that (
a
,
1) is not in the image of
φ
when
a
=1.
Therefore,
a
=1,so
a
=
a
and (
a, b
)=(
a
,b
)=
φ
(
P
). Consequently, the
only pairs in the image of
φ
are those on the list
L
.
As stated above, the torsion subgroup of
E
(
Q
)is
E
[2], so
E
(
Q
)
/
2
E
(
Q
)
Z
2
⊕
Z
2
⊕
Z
2
for some
r
. Since the image of
φ
has order 8 and the kernel of
φ
is 2
E
(
Q
),
the order of
E
(
Q
)
/
2
E
(
Q
) is 8. Therefore,
r
= 1. This implies that
E
(
Q
)
Z
2
⊕
Z
2
⊕
Z
.
Notethatwehavealsoprovedthat
E
[2] and (
−
4
,
6) generate a subgroup of
E
(
Q
) of odd index. It can be shown that they actually generate the whole
group. This would require making the constants in the proof of Theorem 8.17
more explicit, then finding all points with heights less than an explicit bound
to obtain a generating set.
Silverman [110] proved the following.
THEOREM 8.23
Let
E
be defined over
Q
by the equation
y
2
=
x
3
+
Ax
+
B
Search WWH ::
Custom Search