Cryptography Reference
In-Depth Information
If
C
has a rational point
Q
, choose
P
such that
φ
(
P
)=
Q
.Then
gQ
=
Q
for
all
g
implies that
T
g
=
g
(
−P
)
−
(
−P
)
for all
g ∈ G
. Conversely, if
T
g
=
g
(
−P
)
−
(
−P
) for all
g
then
gφ
(
P
)=
φ
(
P
)
for all
g
∈
G
,so
φ
(
P
) is a rational point.
Propositions 8.33 and 8.34 give us a reinterpretation in terms of cohomol-
ogy groups of the fundamental question of when certain curves have rational
points.
Example 8.12
Consider the curve
C
1
,p,p
from Section 8.8. It was given by the equations
x
=
u
2
x −
2
p
=
pv
2
x
+2
p
=
pw
2
.
These were rewritten as
w
2
− v
2
=4
,
2
− pv
2
=2
p.
The method of Section 2.5.4 changes this to
C
:
s
2
=2
p
(
t
4
+6
t
2
+1)
.
Finally, the transformation
t
=
√
2
p
(
x
+2
p
)
y
−
2
p
+
2
t
2
(
x
−
p
)
=
2
p
x
2
+4
px
−
4
p
2
x
(
x −
2
p
)
,
s
=
√
2
p
(use the formulas of Section 2.5.3, plus a minor change of variables) changes
the equation to
E
:
y
2
=
x
(
x
−
2
p
)(
x
+2
p
)
.
We want
to
relate the curve
C
1
,p,p
from Section 8.8 to a cohomology class in
H
1
(
G, E
(
Q
)). The map
φ
:
E → C
(
x, y
)
→
(
t, s
)
gives a map from
E
to
C
. Since the equations for
E
and
C
have coecients
in
Q
, these curves are defined over
Q
. However,
φ
is not defined over
Q
.
A short computation shows that
(
x, y
)+(
−
2
p,
0) = (
x
1
,y
1
)
Search WWH ::
Custom Search