Isogenies - Elliptic Curves: Number Theory and Cryptography

Cryptography Reference

In-Depth Information

X, Y . Therefore the function Y 2 + A 1 XY + A 3 Y

X 3

A 2 X 2

−

A 4 X

−

A 6

can have poles only at the points of C .Itvanishesat

, since it is O ( t ). We

want to show that it also vanishes at the nontrivial points of C . A calculation

(see Exercise 12.6) shows that

X ( P )= x ( P )+

∞

[ x ( P + Q )

−

x ( Q )]

(12.2)

= Q

∈

Y ( P )= y ( P )+

∞

[ y ( P + Q )

−

y ( Q )] .

(12.3)

= Q

∈

In particular, X and Y are invariant under translation by elements of C .

Therefore, Y 2 + A 1 XY + A 3 Y − X 3

− A 2 X 2

− A 4 X − A 6 is invariant under

translation by elements of C . Since it vanishes at ∞ , it vanishes at all points of

C . Hence it has no poles. This means that it is constant (see Proposition 11.1).

Since it vanishes at ∞ ,itis0. Thisprovesthat X and Y satisfy the desired

generalized Weierstrass equation. The following shows that this equation gives

a nonsingular curve.

LEMMA 12.17

E 2 isnonsingular.

PROOF For simplicity, assume that the characteristic of K is not 2. By

completing the square, we may reduce to the case where A 1 = A 3 =0,sothe

equation of E 2 is

Y 2 = X 3 + A 2 X 2 + A 4 X + A 6 =( X

−

e 1 )( X

−

e 2 )( X

−

e 3 ) .

We need to show that e 1 ,e 2 ,e 3 are distinct. Suppose that e 1 = e 2 .Then

e 3 = Y

X − e 1

−

Let F = Y/ ( X − e 1 ), which is a function on E .

The function X −e 3 on E has double poles at the points of C and no other

poles. Therefore, its square root, namely F , has simple poles at the points of

C and no other poles. Note that F is inv ar iant under translation by elements

of C ,sinceboth X and Y are. Let a

a has N poles, where

N =# C ,ithas N zeros. If P is one of these zeros, then P + Q is also a zero

for each Q

∈

K .Since F

−

C . This gives all of the N zeros, so we conclude that F = a

occurs for exactly N distinct points of E .

We now need a special case of what is known as the Riemann-Hurwitz

formula. Consider an algebraic curve C defined by a polynomial equation

G ( x, y ) = 0 over an algebraically closed field K .Let F ( x, y ) be a rational

function on C .Let n be the number of poles of F , counted with multiplicity.

If a ∈ K ,then F −a has n poles, hence n zeros. It can be shown that if F is not

∈

Elliptic Curves: Number Theory and Cryptography

Search WWH ::

Custom Search

Home