Cryptography Reference
In-Depth Information
2.9 Endomorphisms
The main purpose of this section is to prove Proposition 2.21, which will
be used in the proof of Hasse's theorem in Chapter 4. We'll also prove a few
technical results on separable endomorphisms. The reader willing to believe
that every endomorphism used in this topic is separable, except for powers
of the Frobenius map and multiplication by multiples of
p
in characteristic
p
,
can safely omit the technical parts of this section.
By an
endomorphism
of
E
, we mean a homomorphism
α
:
E
(
K
)
→ E
(
K
)
that is given by rational functions. In other words,
α
(
P
1
+
P
2
)=
α
(
P
1
)+
α
(
P
2
),
and there are ratio
nal
functions (quotients of polynomials)
R
1
(
x, y
)
,R
2
(
x, y
)
with coe
cients in
K
such that
α
(
x, y
)=(
R
1
(
x, y
)
,R
2
(
x, y
))
for all (
x, y
)
∈ E
(
K
). There are a few technicalities when the rational func-
tions are not defined at a point. These will be dealt with below. Of course,
since
α
is a homomorphism, we have
α
(
∞
)=
∞
. We will also assume that
α
is nontrivial; that is, there exists some (
x, y
) such that
α
(
x, y
)
=
∞
.The
trivial endomorphism that maps every point to
∞
will be denoted by 0.
Example 2.4
Let
E
be given by
y
2
=
x
3
+
Ax
+
B
and let
α
(
P
)=2
P
.Then
α
is a
homomorphism and
α
(
x, y
)=(
R
1
(
x, y
)
,R
2
(
x, y
))
,
where
R
1
(
x, y
)=
3
x
2
+
A
2
−
2
x
2
y
3
x
2
R
2
(
x, y
)=
3
x
2
+
A
3
x
2
+
A
2
y
−
−
y.
2
y
Since
α
is a homomorphism given by rational functions it is an endomorphism
of
E
.
It will be useful to have a standard form for the rational functions describing
an endomorphism. For simplicity, we assume that our elliptic curve is given in
Weierstrass form.
L
et
R
(
x, y
) be any rational function. Since
y
2
=
x
3
+
Ax
+
B
for all (
x, y
)
∈ E
(
K
), we can replace any even power of
y
by a polynomial in
x
and replace any odd power of
y
by
y
times a polynomial in
x
and obtain a
Search WWH ::
Custom Search