Therefore, i g T ◦

τ −Q i

and g α ( T ) ◦

α have the same divisor and hence differ

by a constant C .

The definition of e n yields

e n ( α ( S ) ,α ( T )) = g α ( T ) ( α ( P + S ))

g α ( T ) ( α ( P ))

=

i

Q i )

g T ( P − Q i )

g T ( P + S

−

(the constant C cancels out)

=

i

e n ( S, T )

(since both P and P − Q i give the same value of e n )

= e n ( S, T ) k = e n ( S, T ) deg( α ) .

When α = φ q is the Frobenius endomorphism, then (5) implies that

e n ( φ q ( S ) ,φ q ( T )) = φ q ( e n ( S, T )) = e n ( S, T ) q ,

since φ q is the q th power map on elements of F q . From Lemma 2.20, we have

that q =deg( φ q ), which proves (6) when α = φ q . This completes the proof of

Theorem 11.7.

11.3 The Tate-Lichtenbaum Pairing

In this section, we give an alternative definition of the Tate-Lichtenbaum

pairing and the modified Tate-Lichtenbaum pairing, which were introduced in

Chapter 3. In Section 11.6.2, we show that these two definitions are equivalent.

THEOREM 11.8

Let E be an elliptic curve over F q .Let n be an integer such that n|q − 1 .

Let E ( F q )[ n ] denotethe elem entsof E ( F q ) of order dividing n ,and let μ n =

{

x n =1

x

∈

F q |

} .Thenthere are nondegeneratebilinear pairings

F q / ( F q ) n

·

,

· n : E ( F q )[ n ]

×

E ( F q ) /nE ( F q )

→

and

τ n : E ( F q )[ n ] × E ( F q ) /nE ( F q ) → μ n .

The first pairing of the theorem is called the Tate-Lichtenbaum pairing .

We'll refer to τ n as the modified Tate-Lichtenbaum pairing . The pairing

τ n is better suited for computations since it gives a definite answer, rather than

a coset in F q mod n th powers. As pointed out in Chapter 3, we should write