Cryptography Reference
In-Depth Information
respectively. Note that these are all the same point in
P
2
(
Z
25
)since
(5
,
23
,
0) = 6(5
,
8
,
0) = 4(20
,
12
,
0)
.
Ifwereducethepoint(5:8:0)mod5,weobtain(0:3:0)=(0:1:0),
which is the point
∞
. The fact that the point is at infinity mod 5 but not
mod 25 is what caused the di
culties in our calculations in Example 2.7.
Example 2.11
Let
E
be an elliptic curve. Suppose we use the formulas to calculate
(0:1:0)+(0:1:0)
.
Formulas I, II, III yield
(0
,
0
,
0)
,
(0
,
1
,
0)
,
(0
,
0
,
0)
,
respectively. The first and third outputs do not yield points in projective
space. The second says that
(0:1:0)+(0:1:0)=(0:1:0)
.
This is of course the rule
∞
+
∞
=
∞
from the usual group law on elliptic
curves.
The present version of the group law allows us to work with elliptic curves
over rings in theoretical settings. We give three examples.
COROLLARY 2.32
Let
n
1
and
n
2
be odd integers w ith
gcd(
n
1
,n
2
)=1
.Let
E
be an ellipticcurve
defined over
Z
n
1
n
2
.Thenthere isagroupisom orphism
E
(
Z
n
1
n
2
)
E
(
Z
n
1
)
⊕ E
(
Z
n
2
)
.
Suppose that
E
is given by
y
2
z
=
x
3
+
Axz
2
+
Bz
3
with
A, B
PROOF
∈
Z
n
1
n
2
and 4
A
3
+27
B
2
∈
Z
n
1
n
2
. Then we can regard
A
and
B
as elements of
Z
n
i
andwehave4
A
3
+27
B
2
∈
Z
n
i
. Therefore, we can regard
E
as an elliptic
curve over
Z
n
i
, so the statement of the corollary makes sense.
The Chinese remainder theorem says that there is an isomorphism of rings
Z
n
1
n
2
Z
n
1
⊕
Z
n
2
given by
x
mod
n
1
n
2
←→
(
x
mod
n
1
,x
mod
n
2
)
.
Search WWH ::
Custom Search