Cryptography Reference
In-Depth Information
PROOF
Since
φ
q
(
x, y
)=(
x
q
,y
q
), the map is given by rational functions
(in
f
act, by p
ol
ynomials) and the degree is
q
. The main point is
th
at
φ
q
:
E
(
F
q
)
→
E
(
F
q
) is a homomorphism.
Let (
x
1
,y
1
)
,
(
x
2
,y
2
)
∈
E
(
F
q
) with
x
1
=
x
2
.Thesumis(
x
3
,y
3
), with
y
1
x
2
− x
1
y
2
−
x
3
=
m
2
− x
1
− x
2
,
y
3
=
m
(
x
1
− x
3
)
− y
1
,
where
m
=
(we are working with the Weierstrass form here; the proof for the generalized
Weierstrass form is essentially the same). Raise everything to the
q
th power
to obtain
y
2
−
y
1
x
2
− x
1
x
3
=
m
2
x
1
−
x
2
,
y
3
=
m
(
x
1
−
x
3
)
y
1
,
where
m
=
−
−
.
This says that
φ
q
(
x
3
,y
3
)=
φ
q
(
x
1
,y
1
)+
φ
q
(
x
2
,y
2
)
.
The cases where
x
1
=
x
2
or where one of the points is
∞
are checked similarly.
However, there is one subtlety that arises when adding a point to itself. The
formula says that 2(
x
1
,y
1
)=(
x
3
,y
3
), with
where
m
=
3
x
1
+
A
2
y
1
x
3
=
m
2
−
2
x
1
,
y
3
=
m
(
x
1
− x
3
)
− y
1
,
.
When this is raised to the
q
th power, we obtain
where
m
=
3
q
(
x
1
)
2
+
A
q
x
3
=
m
2
−
2
x
1
,
y
3
=
m
(
x
1
− x
3
)
− y
1
,
.
2
q
y
1
Since 2
,
3
,A ∈
F
q
,wehave2
q
=2
,
3
q
=3
,A
q
=
A
. This means that we
obtain the formula for doubling the point (
x
1
,y
1
)on
E
(if
A
q
didn't equal
A
,
we would be working on a new elliptic curve with
A
q
in place of
A
).
Since
φ
q
is a homomorphism given by rational functions, it is an endo-
morphism of
E
.Since
q
=0in
F
q
, the derivative of
x
q
is identically zero.
Therefore,
φ
q
is not separable.
The following result will be crucial in the proof of Hasse's theorem in Chap-
ter 4 and in the proof of Theorem 3.2.
PROPOSITION 2.21
Let
α
=0
be a separable endom orphism of an ellipticcurve
E
.Then
deg
α
=#
Ker
(
α
)
,
w here K er
(
α
)
isthe kernel of the hom om orphism
α
:
E
(
K
)
→
E
(
K
)
.
If
α
=0
is not separable, then
deg
α>
#
Ker
(
α
)
.
Search WWH ::
Custom Search