Cryptography Reference
In-Depth Information
Since
n
is odd, both
ψ
n
and
ψ
n
+2
δ
are polynomials in
x
.Moreover,
(
ψ
n
ψ
n
+2
δ
)
2
=
ψ
n
ψ
n
+2
δ
vanishes at
r
. Therefore
ψ
n
ψ
n
+2
δ
vanishes at
r
.Since
φ
n
+
δ
=
xψ
n
+
δ
− ψ
n
ψ
n
+2
δ
,
we find that
φ
n
+
δ
(
r
) = 0. Therefore,
φ
n
+
δ
and
ψ
n
+
δ
have a common root.
Note that
n
+
δ
is even.
When considering the case that
n
is even, we showed that if
φ
2
m
and
ψ
2
m
have a common root, then
φ
m
and
ψ
2
m
have a common root. In the present
case, we apply this to 2
m
=
n
+
δ
.Since
n
is assumed to be the smallest
index for which there is a common root, we have
n
+
δ
2
≥ n.
This implies that
n
= 1. But clearly
φ
1
=
x
and
ψ
1
= 1 have no common
roots, so we have a contradiction.
This proves that
φ
n
and
ψ
n
have no common roots in all cases. Therefore,
as pointed out at the beginning of the proof, the multiplication by
n
map has
degree
n
2
. This completes the proof of Corollary 3.7.
Recall from Section 2.9 that if
α
(
x, y
)=(
R
(
x
)
,yS
(
x
)) is an endomorphism
of an elliptic curve
E
,then
α
is separable if
R
(
x
) is not identically 0. Assume
n
is not a multiple of the characteristic
p
of the field. From Theorem 3.6 we
see that the multiplication by
n
map has
x
n
2
+
···
n
2
x
n
2
−
1
+
R
(
x
)=
.
···
The numerator of the derivative is
n
2
x
2
n
2
−
2
+
=0,so
R
(
x
)
= 0. Therefore,
multiplication by
n
is separable. From Corollary 3.7 and Proposition 2.21,
E
[
n
], the kernel of multiplication by
n
, has order
n
2
. The structure theorem
for finite abelian groups (see Appendix B) says that
E
[
n
]isisomorphicto
···
Z
n
1
⊕
Z
n
2
⊕···⊕
Z
n
k
,
for some integers
n
1
,n
2
,...,n
k
with
n
i
|n
i
+1
for all
i
.Let
be a prime dividing
n
1
.Then
|n
i
for all
i
. This means that
E
[
]
⊆ E
[
n
] has order
k
.Sincewe
have just proved that
E
[
] has order
2
,wemusthave
k
= 2. Multiplication by
n
annihilates
E
[
n
]
Z
n
1
⊕
Z
n
2
,sowemusthave
n
2
|n
.Since
n
2
=#
E
[
n
]=
n
1
n
2
, it follows that
n
1
=
n
2
=
n
. Therefore,
E
[
n
]
Z
n
⊕
Z
n
when the characteristic
p
of the field does not divide
n
.
Search WWH ::
Custom Search