Cryptography Reference
In-Depth Information
denominators and remove common factors from the numerators and therefore
obtain a triple of integers with gcd=1. Therefore,
P
2
(
Q
)and
P
2
(
Z
) will be
regarded as equal. Similarly, if
R
is a ring with
Z
⊆ R ⊆
Q
,
then
P
2
(
R
)=
P
2
(
Z
).
In order to work with elliptic curves over
R
, we need to impose two condi-
tions on
R
.
R
×
1. 2
∈
2. If (
a
ij
)isan
m
n
matrix such that (
a
11
,a
12
,...,a
mn
) is primitive and
such that all 2
×
2 subdeterminants vanish (that is,
a
ij
a
k
−a
i
a
kj
=0for
all
i, j, k,
), then some
R
-linear combination of the rows is a primitive
n
-tuple.
×
The first condition is needed since we'll be working with the Weierstrass equa-
tion. In fact, we should add the condition that 3
R
×
if we want to change
an arbitrary elliptic curve into Weierstrass form. Note that
Z
does not satisfy
the first condition. This can be remedied by working with
∈
x
2
k
Z
(2)
=
{
| x ∈
Z
,k≥
0
}.
This is a ring. As pointed out above,
P
2
(
Z
(2)
)equals
P
2
(
Z
), so the introduc-
tion of
Z
(2)
is a minor technicality.
The second condition is perhaps best understood when
R
is a field. In this
case, the primitivity of the matrix simply means that at least one entry is
nonzero. The vanishing of the 2
2 subdeterminants says that the rows are
proportional to each other. The conclusion is that some linear combination
of the rows (in this case, some row itself) is a nonzero vector.
When
R
=
Z
, the primitivity of the matrix means that the gcd of the
elements in the matrix is 1. Since the rows are assumed to be proportional,
there is a vector
v
and integers
a
1
,...,a
m
such that the
i
th row is
a
i
v
.The
m
-tuple (
a
1
,...,a
m
) must be primitive since the gcd of its entries divides the
gcd of the entries of the matrix. Therefore, there is a linear combination of
the
a
i
's that equals 1. This means that some linear combination of the rows
of the matrix is
v
. The vector
v
is primitive since the gcd of its entries divides
the gcd of the entries of the matrix. Therefore, we have obtained a primitive
vector as a linear combination of the rows of the matrix. This shows that
Z
satisfies the second condition. The same argument, slightly modified to
handle powers of 2, shows that
Z
(2)
also satisfies the second condition.
In general, condition 2 says that projective modules over
R
of rank 1 are
free (see [74]). In particular, this holds for local rings, for finite rings, and for
Z
(2)
. These suce for our purposes.
×
Search WWH ::
Custom Search