Cryptography Reference
In-Depth Information
PROOF
Let
L
=
Z
ω
1
+
Z
ω
2
be the lattice corresponding to
E
,andlet
R
=
{β ∈
C
| βL ⊆ L}.
It is easy to see that
Z
⊆ R
and that
R
is closed under addition, subtraction,
and multiplication.
Therefore,
R
is a ring.
Suppose
β
∈
R
.
There exist
integers
j, k, m, n
such that
βω
1
=
jω
1
+
kω
2
,
βω
2
=
mω
1
+
nω
2
.
Then
β − j −k
−mβ− n
ω
1
ω
2
=0
,
so the determinant of the matrix is 0. This implies that
β
2
−
(
j
+
n
)
β
+(
jn − km
)=0
.
Since
j, k, m, n
are integers, this means that
β
is an algebraic integer, and
that
β
lies in some quadratic field
K
.
Suppose
β
kω
2
= 0 gives a dependence relation
between
ω
1
and
ω
2
with real coecients. Since
ω
1
and
ω
2
are linearly inde-
pendent over
R
,wehave
β
=
j ∈
Z
. Therefore,
R ∩
R
=
Z
.
Suppose now that
R
=
Z
.Let
β ∈ R
with
β ∈
Z
.Then
β
is an algebraic
integer in a quadratic fiel
d
K
.Since
β ∈
R
, the field
K
must be imaginary
∈
R
.Then(
β
−
j
)
ω
1
−
quadratic, say
K
=
Q
(
√
−d
). Let
β
∈
Z
be another element of
R
.Then
β
∈ K
=
Q
(
√
−d
)forsome
d
.Since
β
+
β
also must lie in a quadratic
field, it follows (see Exercise 10.1) that
K
=
K
. Therefore,
R
⊂
K
, and since
all elements of
R
are algebraic integers, we have
R ⊆O
K
.
Therefore, if
R
=
Z
,then
R
is an order in an imaginary quadratic field.
Example 10.1
Let
E
be
y
2
=4
x
3
−
4
x
. We showed at the beginning of this section that
Z
[
i
]
End(
E
). Since End(
E
)isanorderin
Q
(
i
) and every such order is
contained in the ring
Z
[
i
] of algebraic integers in
Q
(
i
), we must have
⊆
End(
E
)=
Z
[
i
]
.
Suppose from now on that
E
has complex multiplication, which means that
R
= End(
E
) is an order in an imaginary quadratic field
K
. Rescaling
L
does
not change
R
, so we may consider
ω
−
1
L
=
Z
+
Z
τ,
2
Search WWH ::
Custom Search