Cryptography Reference
In-Depth Information
a
p
th power, where
p
is the characteristic of
K
, then for all but finitely many
a
, these
n
zeros are distinct (if
F
is a
p
th power, then
F
a
1
/p
)
p
,
so the roots cannot be distinct; that is why this case is excluded). We say
that
n
isthedegreeof
F
.If
F
a
=(
F
1
/p
−
−
a
has
n
distinct zeros for each
a
and
F
has
n
distinct poles, then we say that
F
is unramified.
−
PROPOSITION 12.18 (Riemann-Hurwitz)
Let
C
1
, C
2
be curves of genus
g
1
,g
2
defined over an algebraicallyc osed field
K
,and let
F
:
C
1
→C
2
be an u n ram ified rationalm ap of degree
n
.Then
2
g
1
−
2=
n
(2
g
2
−
2)
.
PROOF
See [49]. More generally, the Riemann-Hurwitz formula can be
extended to cover the case where
F
is ramified.
In our case,
F
is a function from the elliptic curve
E
, which has genus 1,
to the projective line
P
1
, which has genus 0. By the above discussion,
F
is
unramified of degree
n
. Therefore, 0 =
2
n
, which is a contradiction.
We conclude that
e
1
,e
2
,e
3
must be distinct and therefore that
E
2
is non-
singular. This completes the proof of Lemma 12.17.
−
We have shown that
α
:(
x, y
)
→
(
X, Y
) gives a map from
E
to
E
2
.Equa-
tions (12.2), (12.3) show that the points in the subgroup
C
are exactly the
points mapping to
∞
. In particular, since
∞
maps to
∞
, Theorem 12.10
shows that
α
is an isogeny. Its kernel is
C
. By Exercise 12.8,
α
is separable.
This completes the proof of Theorem 12.16.
Example 12.4
Let
E
be given by
y
2
=
x
3
+
ax
2
+
bx
,with
b
=0and
a
2
−
4
b
= 0 (these
conditions make the curve nonsingular). The point (0
,
0) is a point of order 2,
so this point, along with
∞
, gives a subgroup of order 2. The set
S
is
{
(0
,
0)
}
.
For
Q
=(0
,
0), we have
v
Q
=
g
Q
=
a
4
=
b
and
g
Q
=0,so
u
Q
= 0. Therefore,
b
x
,
by
x
2
.
X
=
x
+
Y
=
y −
The curve
E
2
is given by the equation
Y
2
=
X
3
+
aX
2
−
4
bX
−
4
ab.
Let
y
2
x
2
,
=
y
x
2
X
3
=
X
+
a
=
x
+
ax
+
b
x
by
x
2
− b
y
=
3
=
Y
=
y
−
.
Search WWH ::
Custom Search