Cryptography Reference
In-Depth Information
The parameter
λ
for
E
is not unique. In fact, each of
{λ,
1
1
λ
1
,
λ
−
1
λ
,
1
− λ,
λ
,
}
1
−
λ
−
λ
yields a Legendre equation for
E
. They correspond to the six permutations
of the roots
e
1
,e
2
,e
3
. It can be shown that these are the only values of
λ
corresponding to
E
,sothemap
λ
→
E
is six-to-one, except where
λ
=
1
,
1
/
2
,
2, or
λ
2
−
−
λ
+ 1 = 0 (in these situations, the above set collapses; see
Exercise 2.13).
2.5.2
Cubic Equations
It is possible to start with a cubic equation
C
(
x, y
) = 0, over a field
K
of
characteristic not 2 or 3, that has a point with
x, y ∈ K
and find an invertible
change of variables that transforms the equation to Weierstrass form (although
possibly 4
A
3
+27
B
2
= 0). The procedure is fairly complicated (see [25], [28],
or [84]), so we restrict our attention to a specific example.
ConsiderthecubicFermatequation
x
3
+
y
3
+
z
3
=0
.
The fact that this equation has no rational solutions with
xyz
= 0 was conjec-
tured by the Arabs in the 900s and represents a special case of Fermat's Last
Theorem, which asserts that the sum of two nonzero
n
th powers of integers
cannot be a nonzero
n
th power when
n ≥
3. The first proof in the case
n
=3
was probably due to Fermat. We'll discuss some of the ideas for the proof in
the general case in Chapter 15.
Suppose that
x
3
+
y
3
+
z
3
=0and
xyz
=0. Since
x
3
+
y
3
=(
x
+
y
)(
x
2
−
xy
+
y
2
), we must have
x
+
y
=0. Write
x
z
y
z
=
u
+
v,
=
u − v.
Then (
u
+
v
)
3
+(
u − v
)
3
+1=0, so 2
u
3
+6
uv
2
+ 1 = 0. Divide by
u
3
(since
x
+
y
=0,wehave
u
= 0) and rearrange to obtain
6(
v/u
)
2
=
(1
/u
)
3
−
−
2
.
Let
x
1
=
−
6
u
z
x
+
y
,
y
1
=
36
v
=36
x
y
x
+
y
.
−
=
−
12
u
Then
y
1
=
x
1
−
432
.
It can be shown (this is somewhat nontrivial) that the only rational solutions
to this equation are (
x
1
,y
1
)=(12
, ±
36), and
∞
. The case
y
1
= 36 yields
Search WWH ::
Custom Search