Cryptography Reference
In-Depth Information
lie on E , except possibly for P 33 . We show in Theorem 2.6 that having the
eight points P ij
= P 33 on E forces P 33 to be on E .Since 3 intersects E at
the points R, P + Q,
(( P + Q )+ R ), we must have
(( P + Q )+ R )= P 33 .
Similarly,
( P +( Q + R )) = P 33 ,so
(( P + Q )+ R )=
( P +( Q + R )) ,
which implies the desired associativity.
There are three main technicalities that must be treated. First, some of
the points P ij could be at infinity, so we need to use projective coordinates.
Second, a line could be tangent to E , which means that two P ij could be
equal. Therefore, we need a careful definition of the order to which a line
intersects a curve. Third, two of the lines could be equal. Dealing with these
technicalities takes up most of our attention during the proof.
First, we need to discuss lines in P 2 K . The standard way to describe a line
is by a linear equation: ax + by + cz = 0. Sometimes it is useful to give a
parametric description:
x = a 1 u + b 1 v
y = a 2 u + b 2 v
(2.2)
z = a 3 u + b 3 v
where u, v run through K , and at least one of u, v is nonzero. For example, if
a
= 0, the line
ax + by + cz =0
can be described by
x =
( b/a ) u
( c/a ) v, y = u, z = v.
Suppose all the vectors ( a i ,b i ) are multiples of each other, say ( a i ,b i )=
λ i ( a 1 ,b 1 ). Then ( x, y, z )= x (1 2 3 ) for all u, v such that x =0. Soweget
a point, rather than a line, in projective space. Therefore, we need a condition
on the coecients a 1 ,...,b 3 that ensure that we actually get a line. It is not
hard to see that we must require the matrix
a 1 b 1
a 2 b 2
a 3 b 3
to have rank 2 (cf. Exercise 2.12).
If ( u 1 ,v 1 )= λ ( u 2 ,v 2 )forsome λ ∈ K × ,then( u 1 ,v 1 )and( u 2 ,v 2 ) yield
equivalent triples ( x, y, z ). Therefore, we can regard ( u, v ) as running through
points ( u : v ) in 1-dimensional projective space P 1 K . Consequently, a line
corresponds to a copy of the projective line P 1 K
embedded in the projective
plane.
Search WWH ::




Custom Search