Cryptography Reference
In-Depth Information
The theorem then says that
℘
(
z
)
2
=4
℘
(
z
)
3
−
g
2
℘
(
z
)
−
g
3
.
(9.5)
Therefore, the points (
℘
(
z
)
,℘
(
z
)) lie on the curve
y
2
=4
x
3
− g
2
x − g
3
.
It is traditional to leave the 4 as the coecient of
x
3
, rather than performing a
change of variables to make the coe
cient of
x
3
equal to 1. The discriminant
of the cubic polynomial is 16(
g
2
−
27
g
3
).
PROPOSITION 9.9
Δ=
g
2
−
27
g
3
=0
.
Since
℘
(
z
) is doubly periodic,
℘
(
ω
i
/
2) =
℘
(
−ω
i
/
2).
PROOF
Since
℘
(
−z
)=
−℘
(
z
), it follows that
℘
(
ω
i
/
2) = 0
,
i
=1
,
2
,
3
.
(9.6)
Therefore, each
℘
(
ω
i
/
2) is a root of 4
x
3
g
3
, by (9.5). If we can show
that these roots are distinct, then the cubic polynomial has three distinct
roots, which means that its discriminant is nonzero. Let
−
g
2
x
−
h
i
(
z
)=
℘
(
z
)
− ℘
(
ω
i
/
2)
.
Then
h
i
(
ω
i
/
2) = 0 =
h
i
(
ω
i
/
2), so
h
i
vanishes to order at least 2 at
ω
i
/
2. Since
h
i
(
z
) has only one pole in
F
, namely the double pole at
z
= 0, Theorem 9.1(5)
implies that
ω
i
/
2 is the only zero of
h
i
(
z
). In particular,
h
i
(
ω
j
/
2)
=0
,
when
j
=
i.
Therefore, the values
℘
(
ω
i
/
2) are distinct.
The proposition implies that
E
:
y
2
=4
x
3
− g
2
x − g
3
is the equation of an elliptic curve, so we have a map from
z
C
to the
points with complex coordinates (
℘
(
z
)
,℘
(
z
)) on an elliptic curve. Since
℘
(
z
)
and
℘
(
z
) depend only on
z
mod
L
(that is, if we change
z
by an element of
L
, the values of the functions do not change), we have a function from
C
/L
to
E
(
C
). The group
C
/L
is a group, with the group law being addition of
complex numbers mod
L
. In concrete terms, we can regard elements of
C
/L
as elements of
F
. When we add two points, we move the result back into
F
by
subtracting a suitable element of
L
. For example, (
.
7
ω
1
+
.
8
ω
2
)+(
.
4
ω
1
+
.
9
ω
2
)
yields
.
1
ω
1
+
.
7
ω
2
.
∈
Search WWH ::
Custom Search