Cryptography Reference
In-Depth Information
and
ψ
n
(
X
) has degree
n
2
−
1. Therefore,
P
(
X
)=
X
n
2
+
···
,
so
x
is of degree at most
n
2
over
K
(
g
n
(
x
)). Since
[
K
(
x, y
):
K
(
x
)] = 2
,
we obtain
[
K
(
x, y
):
K
(
g
n
(
x
))]
≤
2
n
2
.
Combined with the previous inequality from above, we obtain equality, which
means that we had equality in all of our calculations. In particular,
F
=
K
(
g
n
(
x
)
,yh
n
(
x
))
.
The functions in
F
are those that are invariant under translation by elements
of
E
[
n
]. Those on the right are those that are of the form
h
(
n
(
x, y
)). There-
fore, we have proved the proposition.
9.6 The Torsion Subgroup: Doud's Method
Let
E
:
y
2
=
x
3
+
Ax
+
B
be an elliptic curve defined over
Z
. The Lutz-
Nagell Theorem (Section 8.1) says that if (
x, y
)
∈
E
(
Q
) is a torsion point,
then either
y
=0or
y
2
4
A
3
+27
B
2
. This allows us to determine the torsion,
as long as we can factor 4
A
3
+27
B
2
, and as long as it does not have many
square factors. In this section, we present an algorithm due to Doud [35] that
avoids these di
culties and is usually much faster in practice.
Let
p ≥
11 be a prime not dividing 4
A
3
+27
B
2
. By Theorem 8.9, the kernel
of the map from the torsion of
E
(
Q
)to
E
(
F
p
) is trivial. Therefore, the order
of the torsion subgroup of
E
(
Q
) divides #
E
(
F
p
). If we use a few values of
p
and take the greatest common divisor of the values of #
E
(
F
p
), then we
obtain a value
b
that is a multiple of the order of the torsion subgroup of
E
(
Q
). We consider divisors
n
of
b
, running from largest divisor to smallest,
and look for a point of order
n
on
E
(of course, we should look at only the
values of
n
allowed by Mazur's theorem).
In order to work analytically, we multiply the equation for
E
by 4 to obtain
E
1
:
y
1
=4
x
3
+4
Ax
+4
B
,with
y
1
=2
y
.
The period lattice for
E
1
is generated by
ω
1
and
ω
2
,with
ω
2
∈
R
.The
points in the fundamental parallelogram corresponding to real
x, y
under the
map of Theorem 9.10 lie on the line
ω
2
R
, and also on the line
|
1
2
ω
1
+
ω
2
R
when the cubic polynomial 4
x
3
+4
Ax
+4
B
has 3 real roots. Doubling a point
on the second line yields a point on the first line. Therefore, if
n
is odd, all
Search WWH ::
Custom Search