Cryptography Reference
In-Depth Information
(0
,
0) causes problems if we try to include it in our group. So we leave it out.
The remaining points, which we denote
E
ns
(
K
), form a group, with the group
law defined in the same manner as when the cubic has distinct roots. The
only thing that needs to be checked is that the sum of two points cannot be
(0
,
0). But since a line through (0
,
0) has at most one other intersection point
with the curve, a line through two nonsingular points cannot pass through
(0
,
0) (this will also follow from the proof of the theorem below).
THEOREM 2.30
Let
E
be the curve
y
2
=
x
3
and let
E
ns
(
K
)
be the nonsingular pointsonthis
curve w ithcoordinates in
K
,including the point
∞
=(0:1:0)
.Themap
x
y
,
E
ns
(
K
)
→
K,
(
x, y
)
→
∞ →
0
isagroupisom orphism between
E
ns
(
K
)
and
K
,regarded as an additive group.
PROOF
Let
t
=
x/y
.Then
x
=(
y/x
)
2
=1
/t
2
and
y
=
x/t
=1
/t
3
.
Therefore we can express all of the points in
E
ns
(
K
) in terms of the parameter
t
.Let
t
= 0 correspond to (
x, y
)=
∞
. It follows that the map of the theorem
is a bijection. (Note that 1
/t
is the slope of the line through (0
,
0) and (
x, y
),
so this parameterization is obtained similarly to the one obtained for quadratic
curves in Section 2.5.4.)
Suppose (
x
1
,y
1
)+(
x
2
,y
2
)=(
x
3
,y
3
). We must show that
t
1
+
t
2
=
t
3
,
where
t
i
=
x
i
/y
i
.If(
x
1
,y
1
)
=(
x
2
,y
2
), the addition formulas say that
x
3
=
y
2
−
y
1
x
2
− x
1
2
−
x
1
−
x
2
.
Substituting
x
i
=1
/t
i
and
y
i
=1
/t
i
yields
=
t
−
3
2
− t
−
3
t
−
2
2
1
t
−
2
t
−
2
−
−
.
3
1
2
t
−
2
− t
−
2
2
1
A straightforward calculation simplifies this to
t
−
2
=(
t
1
+
t
2
)
−
2
.
3
Similarly,
y
3
=
y
2
−
y
1
(
x
3
−
−
x
1
)+
y
1
x
2
− x
1
may be rewritten in terms of the
t
i
to yield
t
−
3
=(
t
1
+
t
2
)
−
3
.
3
Search WWH ::
Custom Search