x = 2 b2 + c 2 , y = 4 b(b2 + c 2 ) page 10, line -7: the coefficient of x should be a 4 + a 1a 3

Transcription

1 Errata for Elliptic Curves: Number Theory and Cryptography by Lawrence C. Washington page 5, line -5: change integer to rational page 7, line 5: change 881/6 to 881/60 page 7, line 17: the displayed formulas should be x = b + c, y = 4 b(b + c ) a a 3 page 10, line -7: the coefficient of x should be a 4 + a 1a 3 page 1, Figure.: The point P in the diagram should be P 3. page 14, line 11: change L to E page 1, line -5: change u u 0 v 0 to u u 0 page 1, line -4: change (v 0 u u 0 ) k to (u u 0 ) k page 1, line -3: change H(u, v) = v m k h(u/v) to H(u, v) = (v m k /v0 m )h(uv 0 /v) page 1, line -1: this line should read: ( ) v m ( ) ( ) uv0 G(u, v) = g = vm k (v v0 v v0 m 0 u u 0 v) k uv0 h = (v 0 u u 0 v) k H(u, v), v page 3, line -1: change (3x 3 + A) to (3x + A) page 3, Definition.4: change P 1 K to P K page 5, line 18: add comma between 0 and b 3 page 5, line 0: change F z / x to F z /F x page 6, lines 10, 11: change Since P 11, P 1, P 13 lie on m j, we have m j (u i, v i ) = 0 for i = 1,, 3 to Since P 1,j lies on m j, we have m j (u j, v j ) = 0 for j = 1,, 3 page 8, line -13: the first can be replaced by = page 3, line 9: add or Q + R = R page 3, line 1: Add the sentence The case Q + R = R is similar. page 37, line 9: change x to x + p to u to u + p page 39, line 1: change first to second page 41, line 15: change v = 1 m m to v = 1 m m 1+m 1+m page 41, line -9: change Weierstrass equation to generalized Weierstrass equation page 41, line -6: change y1 = x3 + x 5x + 8 to y1 = x3 + x 5x 6 page 4, line -3: change 0 to 4A 3 i + 7B i 0 page 43, line -3: change defined over K. to defined over K). 1

2 page 44, line 8: change y to y 0 page 48, line -9: change Section.8 to Proposition.7 page 50, line-6: change α 1 to α page 51, line 15: change z 3 + Aa + B to a 3 + Aa + B page 5, line 14: the a should be A (4 occurrences) page 53, line -5: change.3 to.5 page 56, line 15: change Substituting x i = 1/t 3 i yields to Substituting x i = 1/t i and y i = 1/t 3 i yields page 59, line 1: change x = 4αt i (t i to x = 4α t i 1) (t i 1) page 59, line 4: change = x = to = page 59, line 10: change t 1 t = t to t 1 t = t 3 page 60, line -8: the curve should be y = x 3 + 3x 3 page 60, line -6: the second coordinate of the point should be 16379/6859 (positive, not negative) page 61, line -4: change a primitive m n matrix to an m n matrix (primitivity is assumed later in the sentence) page 64, line -9: change (x 3, y 3, z 3 ) = (0, 1, 0) to (x 3, y 3, z 3 ) = (0, 1, 0) page 65. line 6: change if to is page 67, line 9: change 3x 3 + A to 3x + A page 67, line 13: change.1 to page 18, Section. page 68, line 16: change (1 : 1, 0) to (1 : 1 : 0) page 69, line -18: the second equation should be y = x 3 + a 4 x + a 6 page 69, line -16: the change of variables should be y ay, x bx + c, with a, b K and c K. page 77, line 13: change m to m 3 page 80, line 7: change a to A and b to B page 90, line 6: the equation should be 0 = x 3 4x + x + 1 page 9, line -1: the first φ should be φ q page 94, lines 1, 3: change φ n 1 to φ n q 1 page 94, line 7: change φ to φ q page 96, lines 5, 7, 8, 9 (twice): change φ to φ q page 98, line 7: change + ( 1+ 7 ) to ( 1 7 page 98, line 15: change the second 7 to 7 page 101, line 16: change the elliptic curve x 3 + 7x + 1 to the elliptic curve y = x 3 + 7x + 1 page 103, line -1: the line should be M is the order of the point P )

3 page 103, line -10: change greatest to least page 104, line 16: change (M/p i )P to (M/p i )g page 107, line -10: change points at infinity to the point at infinity page 11, line -3: remove one of the equality signs page 115, line 9: change q l = q to q l q page 115, line -10: change (x, y) to q l (x, y) page 115: the last few lines should read as follows: for integers j. We may compute x j and y j using division polynomials, as in Section 3.. Moreover, x j = r 1,j (x) and y j = r,j (x)y, as on page 47. We have ( ) y x q y ql = x q x x q x. ql ql Writing ( y q y ql ) = y ( y q 1 r,ql (x) ) = (x 3 + Ax + B) ( (x 3 + Ax + B) (q 1)/ r,ql (x) ), page 118, line 4: change (y y j ) to (y yj) q page 118, line -3: change x + 13x + 14 to x + 1x + 14 page 119, line -5: change (x 1, y 1 ) to (x, y ) and change (x, y ) to (x, y ) page 10, line : change x 1 to x and change x to x page 10, line 7: change (x 1, y 1 ) to (x, y ) page 10, line 1: change (y 1 + y 19 ) to (y + y 19 page 10, line 14: change (x 1, y 1 ) to (x, y ) page 11, line 10: change a n 1 to s n 1 page 11, Corollary 4.30: E is defined over F p page 1, line 7: insert if after only page 14, line -10: change the sentence to By Proposition 4.9, E is supersingular if and only if A q = 0 in F q. page 19, line 5: change δ (mod 3) to δ (3) and change δ 3 (mod 4) to δ 3(4) page 19, line 8: change j = 178 to j = 0 page 130, Exercise 4.: it should be n + 1 ( ) n/ if n is even page 130, line -13: change ( ) ( ) r s F q to r s F q ) 3

4 page 131, line 15: change Show that if n is sufficiently large, then to Use Hasse s theorem in the form a 4q to show that page 131, line 1: change () to (b) page 13, line 8: change #E(F q ) to #E (d) (F q ) page 13, line 10: change F to F q page 13, line -14: change a = 4b to a 4b page 135, line -16: change (mod 117) to (mod 116) page 135, line -3: change exp to exp page 136, line 10: Insert For simplicity, it is usually assumed that P generates G. page 136, line -11: change k 0 = k to k 0 k page 137, line 7: change 0 i 7 to 1 i 7 page 138, line -7: change (v j + b j )Q to v j + b i )Q page 149, line 7: change Ẽ1 to Ẽr page 150, lines -16 to -13: Remove the sentences Usually and replace with Since P 1 Ẽ, we have p in the denominator of x, so P 1 is already at mod p. Therefore, we cannot obtain information directly from calculating λ 1 ( P 1 ). page 151, lines 8-14: The curve should be Ẽ : y = x x + 4. The point Q should be (563, 66436). The point P should be (159511, 58855) and the point Q should be (56463, ). Also, and m 1 = = m = = (The curve given in the original text works if it is regarded as a curve mod 853.) page 151, line -4: this actually should say that a/(b + O(p k )) can be changed to (a/b) + O(p k ). (The problem with = is that the right side sometimes cannot be changed back to the left side.) page 15, line 4: the denominator v x 1 should be u x 1 page 154, line 6: change τ n (P 1 + P 1, Q) to τ n (P 1 + P, Q) page 155, lines 11, 1: change (mod p) to (mod l) page 155, line -9: change φ m I to ((φ q ) l ) m I 4

5 page 156, line -4: change Q jp for j = 0, 1,,, m to Q jmp for j = 0, 1,,, m 1 page 156, line -: change Q jp to Q jmp page 16, line -9: change Joux [43] to Joux [43] (see also [E. Verheul, Evidence that XTR is more secure than supersingular elliptic curve cryptosystems, in B. Pfitzmann (ed.), Eurocrypt 001, Springer LNCS 045 (001) ]) page 165, line 5: change E(F q ) to E(F q ) page 168, line 5: change h(m 1 ) = h(m ) to H(m 1 ) = H(m ) page 168, line 17: change V 1 = f(r)b + sr to V 1 = f(r H )B + s H R H page 171, line 13: change Equation 6.1 to (6.1) page 171, line -16: change Z n to Z n page 173, line -: change idbob to bobid page 174, line -5: change ẽ to ẽ l page 175, line 1: change ẽ to ẽ l page 175, line 4: (4 times) change ẽ to ẽ l page 175, line -4: change ) to.) page 176, line -11: insert for some n 0 (mod p) after E(F p ) page 180, lines -5, -6: change 4553 to 4453 page 181, line 14: change prime factors of B to prime factors of m page 183, line -6: change x (x 1) to x (x + 1) page 187, line -5: change t to t 1 4 page 188, line 11: change P modp to P mod p page 190, line 14: E r /E r+1 should be E r /E 5r page 191, line : change Ast to Ats page 191, line -11: insert (and therefore E r is a subgroup) before. Therefore page 19, line -15: change s = t 3 + Ats = Bs 3 to s = t 3 + Ats + Bs 3 page 19, line -15: change (t, s) = (x/y, 1/y) to (s, t) = (1/y, x/y) page 193, lines 3, 5, 6, 8: change 3s to 3Bs page 193, line 6: change (t, s) to (s, t) page 193, line -1: change (t 1, s 1 ) and (t, s ) to (s 1, t 1 ) and (s, t ) page 194, line : change s = t 3 + As t + Bs 3 to s = t 3 + Ats + Bs 3 page 195, line 6: change P E 4r. Since 4r > r to P E 5r. Since 5r > r page 196, line -18: change 17B to 7B 5

6 page 197, line -10: change order 1 times a power of 7 to order dividing 1 times a power of 7 page 197, line -7: change group of to in page 199, lines -16 to -13: change Note that... same sign. to Since x(x 1)(x + ) = y > 0, we have cw = x + > 0, so c > 0. Since abc > 0, it follows that a and b must have the same sign. page 00, line 3: change (,, 1) to (,, 1) page 00, line -10: change Write to Assuming that x, y Q, write page 01, line 18: change v 1 to u page 0, line -11 to page 03, line 6: Franz Lemmermeyer pointed out that the argument can be simplified as follows: By inspection, φ 1 (P )φ (P )φ 3 (P ) = 1 for all P. Since φ i (P 1 )φ i (P ) = φ i (P 1 + P ) for i =, 3, the relation holds for i = 1, too. Therefore, φ is a homomorphism. page 03, line -1: change the first e 1 to v 1 page 03, line -11: change the first e to v page 03, line -10: change the first e 3 to v 3 page 04, line 15: change u /u 3 to 1/u page 05, line 3: change (,, 1) to (,, 1) page 07, line 16: Add H(x, y) = H(x), H( ) = 1 to the displayed formula. page 09, line 4: the displayed formula should be h(p + Q) + h(p Q) h(p ) h(q) c 1 page 09, line 4: the displayed formula should be 1 h( n P + n Q) + 4 n h( n P n Q) h( n P ) h( n Q) c 1. 4 n page 10, line -5: remove with gcd(c i, d i ) = 1 for i = 1, page 11, line 8: change c 1 d to c d 1 page 1, line 9: change b 3 b 3 to b 3 b 4 page 17, line -6 to page 18, line 13: The argument in the last 6 lines of page 17 is incorrect and not needed. The whole argument can be simplified with the following: Let (a, b) be any pair. There is a point P with φ(p ) = (a, b) on the list L for some a. If there is a point Q with φ(q) = (a, b), then φ(p Q) = (a, b)(a, b) 1 = (a, 1) for some a. We showed that (a, 1) is not in the image of φ when a 1. Therefore, a = 1, so a = a and (a, b) = (a, b) = φ(p ). Consequently, the only pairs in the image of φ are those on the list L. 6

7 page 3, line 10: change Equation 8.13 to (8.13) page 4, line 7: change Equation 8.14 to (8.14) page 7, line 4: the equation should be y = x 3 Cx + (C 4A)x page 7, line 6: C should be A page 7, line 8: switch A and C page 30: The statement of Theorem 8.8 should read: If p 9 (mod 16), then C 1,p,p has q-adic points for all primes q, but has no rational points. page 31, line 17: change Equation 8.15 to (8.15) page 31, line -15: change p = to q = page 37, line -: add a right parenthesis at the end of the sentence page 38, line -14: change T 0 to T g page 38, line -5: change T g 1g to T g1 g page 39, line -15: change τ phii to τ φi page 40, line 3: change Equation 8.4 to (8.4) page 4, lines 8, 13, 14: change g p to g( p) page 4, line 1: add a right parenthesis at the end of the sentence page 44, line -5: (twice) change φ to ψ page 44,line -1: change φ to ψ page 47, line -: change C/L to C/L page 50, line -11: change f = to f(z) = page 53, line 1: the double integral should be multiplied by 1/area of F page 54, line -1: remove adding a page 55, line 15: change the second (z) to f(z) page 58, line -6: change By 9.1 to By Theorem 9.1 page 56, line 6: change ω 3 to ω page 63, line -4: change k 1 to k page 64, line -9: change (πi) k to (πi) k page 68, line -: change α + Zβ to Zα + Zβ page 73, line 16: change µ to µ 4 page 79, line : change the second displayed formula to b n b n 1 b n 1 = b n 1 page 79, line 6.5: Insert Therefore, a n b n (1/) n (a b), so a n b n 0. page 84, line 3: change f to f n page 85, line 6: change ω i to ω j page 85, line -10: the last factor should be squared 7

8 page 85, line -9: remove the, so the line should read = ( ) 1 1 n z +, page 9, lines 5 and 7: the summations should start at n = 0 instead of n = 1 page 9, line 14: the sum should be for z i, ρ, i page 93, line 7: change {y + 1y, y} to {y + 1 i, y} page 93, line -3: change 1 x 1 k to 1 k x x 1 x page 94, line 3: change 4aE( 1 (a/b) ) to 4bE( 1 (a/b) ) page 94, line -6: change 1 dx to x(x 1) 1 page 95, line -3: change i (z) to i (z) page 97, line 9: change α(z) to α(h) page 98, line -1: change δ to fδ page 99, line 15: change β = a to β = j page 99, line -9: change 4x 4 to 4x 4 page 303, line 5: change R to R page 307, line -3: Insert By multiplying by dx x(x 1) ( ) if necessary, we may also assume that s > 0. page 308, line 5: Insert S N after the matrix. page 308, line -9: change j S to (j S)(τ) page 317, line -4: change (1, ±17, 43), (5, ±11, 67), (1, 9, 9) to (17, ±1, 43), (11, ±5, 67), (9, 1, 9) page 318, lines 7, 8, 9(twice), -8, -7: change a to a p page 319, line3: change a to a p page 31, line -1: change the second factor to (a bi cj dk) page 37, line 7: the denominator of the fraction should be x x 3 page 37, line -13: change P 1 + P 1 to P 1 + P page 38, line -9: change E(K) to E(K) page 330, line 4: change ord Q = 0 to ord Q (f) = 0 page 330, line 11: the superscript on h should be ord Q (f) page 331, line 8: change P AP 1 P + BP 3 to P AP 1 P + BP 3 page 336, line -10: change f τ jt to f τ jt n page 338, line 9: (6) should be be (5) page 349, line -11: change deg(div(k)) to deg(k) page 358, line 8: the factors in the product should be ( 1 1 p s ) 1 8

9 page 36, line -4: change the first half of the line to f E (τ) is a modular form (in fact, a cusp form (see page 376)) of weight and level N. page 363, line -1: change e t to e t page 365, line -5: change 11π to 11/π page 376, formula 13.6: change n=1 b n q rn to n=1 rb n q rn page 379, line 5: change ρ M to ρ page 388, line -7: change p to p page 396, lines 11, 1, 16: insert l S in the product and move where S is a finite set of bad primes (in our example, S = {5, 17, 37}) to line 1 page 403,line -6: change g i = g j to ig = jg page 41, Proposition C.7: The assumption that the set is finite can be changed to assuming that the set is countable, with essentially the same proof. page 41, line -10: Change C.7 to C.5 (last updated 9/7/007) Many thanks to Satoshi Tomabechi, Ashvin Rajan, Michael Cheng, Susan Schmoyer, Pinaki Das, Simon Allewaert, David Goldberg, Steven Galbraith, Chris Christopoulos, Robin Chapman, Keith Conrad, Cory Brunson, Gottfried Barthel, Ryuji Tsushima, Ning Shang, Tsz Wo Sze, Anders Nielsen, Jerry Metzger, Ralph May, Susan Margulies, Franz Lemmermeyer, Will Murray, Chang An Zhao, Rainer Urian, Qiao Zhang, Rahul P, and Koichiro Harada for finding the above errors. 9