Cryptography Reference
In-Depth Information
Suppose
f
(
P
+
T
)=
f
(
P
)
for all
P
∈
E
(
K
)
and all
T
∈
E
[
n
]
.Thenthere is
afunction
h
on
E
su ch that
f
(
P
)=
h
(
nP
)
for all
P
.
PROOF
The case
n
= 1 is trivial, so we assume
n>
1. Let
T ∈ E
[
n
].
There are rational functions
R
(
x, y
)
,S
(
x, y
) depending on
T
such that
(
x, y
)+
T
=(
R
(
x, y
)
,S
(
x, y
))
.
Let
y
2
=
x
3
+
A
x
+
B
be the equation of
E
and regard
K
(
x, y
) as the quadratic
extension of
K
(
x
) given by adjoining
√
x
3
+
Ax
+
B
.Since(
R, S
) lies on
E
,
we have
S
2
=
R
3
+
AR
+
B
.Themap
σ
T
:
K
(
x, y
)
→ K
(
x, y
)
f
(
x, y
)
→ f
(
R, S
)
is a homomorphism from
K
(
x, y
) to itself. Since
σ
−T
is the inverse of
σ
T
,the
map
σ
T
is an automorphism. Because (
x, y
)+
T
=(
x, y
)+
T
when
T
=
T
,
we have
σ
T
(
x, y
)
=
σ
T
(
x, y
)when
T
=
T
. Therefore, we have a
gro
up of
n
2
distinct automorphisms
σ
T
,where
T
runs through
E
[
n
], acting on
K
(
x, y
). A
basic result in Galois theory says that if
G
is a group of distinct automorphisms
of a field
L
, then the fixed field
F
of
G
satisfies [
L
:
F
]=
. Therefore, the
field
F
of functions
f
satisfying the conditions of the proposition satisfies
|
G
|
[
K
(
x, y
):
F
]=
n
2
.
(9.26)
Let
n
(
x, y
)=(
g
n
(
x
)
,yh
n
(
x
)) for rational functions
g
n
,h
n
.Then
K
(
g
n
(
x
)
,yh
n
(
x
))
⊆
F.
(9.27)
Moreover,
[
K
(
g
n
(
x
)
,yh
n
(
x
)) :
K
(
g
n
(
x
))]
≥
2
(9.28)
since clearly
yh
n
(
x
)
∈ K
(
g
n
(
x
)). Therefore, by (9.26), (9.27), and (9.28),
[
K
(
x, y
):
K
(
g
n
(
x
))]
≥
2
n
2
.
From Theorem 3.6,
g
n
(
x
)=
φ
n
ψ
n
,
and
φ
n
and
ψ
n
are polynomials in
x
.
Therefore,
X
=
x
is a root of the
polynomial
g
n
(
x
)
ψ
n
(
X
)
P
(
X
)=
φ
n
(
X
)
−
∈
K
[
g
n
(
x
)][
X
]
.
By Lemma 3.5,
φ
n
(
X
)=
X
n
2
+
···
Search WWH ::
Custom Search