Hyperelliptic Curves - Elliptic Curves: Number Theory and Cryptography

Cryptography Reference

In-Depth Information

Replace D with D + g [

∞

]. Then

( D + g [

∞

]) = (

K−

−

g [

∞

]) + 1

≥

1 ,

since ( K−D − g [ ∞ ]) ≥ 0. This means that there is a function F

=0such

that

div( F )+ D + g [ ∞ ] ≥ 0 .

Let D 1 = div( F )+ D , which is in the same divisor class as D .Then D 1 +

g [

]to D 1 makes

all coe cients nonnegative, and since deg( D 1 ) = 0, it follows easily that the

only point in D 1 with negative coe cients is [

∞

]

≥

0 and deg( D 1 ) = 0. Since adding a multiple of [

∞

] and that there are at most g

other points in the sum. If D 1 contains both [ P ]and[ w ( P )] for some P ,then

subtracting an appropriate multiple of the principal divisor [ P ]+[ w ( P )]

∞

]

removes either [ P ]or[ w ( P )] from D 1 and leaves the other with a nonnegative

coecient. Therefore, we may assume that D 1 is reduced, and hence D 1 is

the required divisor.

We now show that D 1 is unique. Suppose D

−

∞

−

D 1 =div( F )and D

−

D 2 =

div( G )withboth D 1 and D 2 reduced. Then

D 1 + w ( D 2 )= D + w ( D )

−

div( F )

−

w (div( G )) ,

which is principal, since D + w ( D ) is principal (Proposition 13.3) and w

applied to a principal divisor yields a principal divisor (Exercise 13.4). Write

D 1 + w ( D 2 )=div( H ). Then

div( H )+2 g [ ∞ ]= D 1 + g [ ∞ ] + w D 2 + g [ ∞ ] ≥ 0 ,

so H

]) (see Section 11.5).

The Riemann-Roch theorem says that

∈L

(2 g [

∞

(2 g [ ∞ ]) − ( K− 2 g [ ∞ ]) = 2 g − g +1= g +1 .

Since deg(

K−

2 g [

∞

]) =

−

2 < 0 by Corollary 11.16, we have (

K−

2 g [

∞

]) = 0

]) = g +1. Since x j

by Proposition 11.14. Therefore, (2 g [

∞

∈L

(2 j [

∞

]), the

set

1 ,x,x 2 ,...,x g

{

}

gives g + 1 functions in L (2 g [ ∞ ]). They are linearly independent since they

have poles of distinct orders. Therefore, they form a basis of L (2 g [ ∞ ]). This

means that every element can be written as a polynomial in x of degree at

most g .

We conclude that D 1 + w ( D 2 )=div( H ), where H is a polynomial in x .As

we showed earlier, this means that

D 1 + w ( D 2 )=

c j ([ P j ]+[ w ( P j )]

−

∞

])

Elliptic Curves: Number Theory and Cryptography

Search WWH ::

Custom Search

Home