Complex Multiplication - Elliptic Curves: Number Theory and Cryptography

Cryptography Reference

In-Depth Information

ω − 1

with τ

∈H

{

∈

( z ) > 0

}

.Let β

∈

R with β

∈

Z .Since1

∈

L ,we

have β

1= m

1+ nτ with m, n

∈

Z and n

= 0. Therefore,

τ =( β

−

m ) /n

∈

(10.1)

Let u be an integer such that uτ

R . Such an integer exists since τ multiplied

by n is in O K ,and R is of finite index in O K .Then

∈

L = uω − 2 L = Z u + Z uτ ⊆ R.

Then L is a nonempty subset of R that is closed under addition and sub-

traction, and is closed under multiplication by elements of R (since L is a

rescaling of L ). This is exactly what it means for L to be an ideal of R .We

have proved the first half of the following.

PROPOSITION 10.3

Let R be an order inan maginary quadraticfie d. Let L be a lattice su ch

that R = End ( C /L ) .Thenthere exists γ

∈ C × su ch that γL isanideal of

R . C onversely, if L is a subset of C and γ ∈ C × issuchthat γL isanideal

of R ,then L isalattice an d R ⊆ End ( C /L ) .

PROOF By End( C /L ), we mean End( E ), where E is the elliptic curve

corresponding to L under Theorem 9.10.

We proved the first half of the proposition above. For the converse, assume

that γL is an ideal of R .Let0

= x

∈

γL .Then

⊆

γL

⊆

Since R and therefore also Rx are abelian groups of rank 2 (that is, isomorphic

to Z ⊕ Z ), the same must be true for γL . This means that there exist ω 1 ,ω 2 ∈

such that

γL = γ Z ω 1 + γ Z ω 2 .

Since R contains two elements linearly independent over R ,sodoes Rx ,and

therefore so does L . It follows that ω 1 and ω 2 are linearly independent over

R . Therefore, L = Z ω 1 + Z ω 2 is a lattice. Since γL is an ideal of R ,wehave

RγL ⊆ γL , and therefore RL ⊆ L . Therefore R ⊆ End( C /L ).

Note that sometimes R is not all of End( C /L ).

For example, suppose

R = Z [2 i ]=

{

a +2 bi

a, b

∈

}

and let L = Z [ i ]. Then R is an order in Q ( i )

and RL

= R .

We say that two lattices L 1 ,L 2 are homothetic if there exists γ ∈ C ×

such that γL 1 = L 2 . We say that two ideals I 1 ,I 2 of R are equivalent if there

exists λ ∈ K × such that λI 1 = I 2 . Regard I 1 and I 2 as lattices, and suppose

I 1 and I 2 are homothetic. Then γI 1 = I 2 for some γ .Chooseany x =0in I 1 .

⊆

L , but End( C /L )= Z [ i ]

Elliptic Curves: Number Theory and Cryptography

Search WWH ::

Custom Search

Home