ELLIPTIC CURVES OVER FINITE FIELDS
|
|
- Marshall O’Brien’
- 5 years ago
- Views:
Transcription
1 Further ELLIPTIC CURVES OVER FINITE FIELDS FRANCESCO PAPPALARDI #4 - THE GROUP STRUCTURE SEPTEMBER 7 TH 2015 SEAMS School 2015 Number Theory and Applications in Cryptography and Coding Theory University of Science, Ho Chi Minh, Vietnam August 31 - September 08, 2015
2 Definition (Elliptic curve) An elliptic curve over a field K is the data of a non singular Weierstraß equation E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6, a i K If p = char K > 3, E := ( a 5 1 a 3a 4 8a 3 1 a 2a 3 a 4 16a 1 a 2 2 a 3a a 2 1 a2 3 a 4 a 4 1 a2 4 8a2 1 a 2a a2 2 a a 1a 3 a a3 4 + Further a 6 1 a a 4 1 a 2a a 2 1 a2 2 a a 3 2 a 6 36a 3 1 a 3a 6 144a 1 a 2 a 3 a 6 72a 2 1 a 4a 6 288a 2 a 4 a a 2 6 )
3 Elliptic curves over K After applying a suitable affine transformation we can always assume that E/K has a Weierstraß equation of the following form Example (Classification (p = char K )) E p E y 2 = x 3 + Ax + B 5 4A B 2 y 2 + xy = x 3 + a 2 x 2 + a 6 2 a 2 6 y 2 + a 3 y = x 3 + a 4 x + a 6 2 a 4 3 Further y 2 = x 3 + Ax 2 + Bx + C 3 4A 3 C A 2 B 2 18ABC +4B C 2 Let E/F q elliptic curve, an extra point. Set E(F q ) = {(x, y) F 2 q : y 2 = x 3 + Ax + B} { }
4 If P, Q E(F q ), r P,Q : { line through P and Q if P Q tangent line to E at P if P = Q, r P, : vertical line through P Further 3 3 R P 1 Q P 1 P P+ Q r P, E(F q ) = {P,, P } P := P r P,Q E(F q ) = {P, Q, R} P + E Q := R
5 Theorem The addition law on E/K (K field) has the following properties: (a) P + E Q E (b) P + E = + E P = P (c) P + E ( P) = (d) P + E (Q + E R) = (P + E Q) + E R (e) P + E Q = Q + E P So (E( K ), + E ) is an abelian group. Remark: If E/K L, K L K, E(L) is an abelian group. P, Q E P E P E P, Q, R E P, Q E Further P = (x 1, y 1 ) = (x 1, a 1 x 1 a 3 y 1 )
6 Formulas for Addition on E (Summary) P 1 = (x 1, y 1 ), P 2 = (x 2, y 2 ) E(K ) \ { }, Addition Laws for the sum of affine points If P 1 P 2 E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 x = x P 1 + E P 2 = 1 2 x 1 x 2 λ = y 2 y 1 x 2 x 1 1x ν = 2 y 2x 1 x 2 x 1 If P 1 = P 2 Further 2y + a x + a = 0 P 1 + E P 2 = 2P 1 = y 1 + a 1 x + a 3 0 Then λ = 3x a 2x 1+a 4 a 1y 1 2y 1+a 1x+a 3, ν = a 3y 1+x 3 1 a 4x 1 2a 6 2y 1+a 1x 1+a 3 P 1 + E P 2 = (λ 2 a 1 λ a 2 x 1 x 2, λ 3 a 2 1 λ + (λ + a 1)(a 2 + x 1 + x 2 ) a 3 ν)
7 Formulas for Addition on E (Summary for special equation) P 1 = (x 1, y 1 ), P 2 = (x 2, y 2 ) E(K ) \ { }, Addition Laws for the sum of affine points If P 1 P 2 E : y 2 = x 3 + Ax + B x = x P 1 + E P 2 = 1 2 x 1 x 2 λ = y 2 y 1 x 2 x 1 1x ν = 2 y 2x 1 x 2 x 1 If P 1 = P 2 Further Then y 1 = 0 y 1 0 λ = 3x 2 +A 1, ν = x 3 Ax 1 1 2B 2y 1 2y 1 P 1 + E P 2 = (λ 2 x 1 x 2, λ 3 + λ(x 1 + x 2 ) ν) P 1 + E P 2 = 2P 1 =
8 Group Structure Theorem (Classification of finite abelian groups) If G is abelian and finite, n 1,..., n k N >1 such that 1 n 1 n 2 n k 2 G = Cn1 C nk Furthermore n 1,..., n k (Group Structure) are unique Further Example (One can verify that:) C 2400 C 72 C 1440 = C288 C 1800 C 480 Shall show that E(F q ) = Cn C nk n, k N >0 (i.e. E(F q ) is either cyclic (n = 1) or the product of 2 cyclic groups)
9 Proof of the associativity P + E (Q + E R) = (P + E Q) + E R P, Q, R E We should verify the above in many different cases according if Q = R, P = Q, P = Q + E R,... Here we deal with the generic case. i.e. All the points ±P, ±R, ±Q, ±(Q + E R), ±(P + E Q), all different Mathematica code L[x_,y_,r_,s_]:=(s-y)/(r-x); M[x_,y_,r_,s_]:=(yr-sx)/(r-x); A[{x_,y_},{r_,s_}]:={(L[x,y,r,s]) 2 -(x+r), -(L[x,y,r,s]) 3 +L[x,y,r,s](x+r)-M[x,y,r,s]} Together[A[A[{x,y},{u,v}],{h,k}]-A[{x,y},A[{u,v},{h,k}]]] det = Det[({{1,x 1,x 3 1 -y2 1 },{1,x 2,x 3 2 -y2 2 },{1,x 3,x 3 3 -y2 3 }})] PolynomialQ[Together[Numerator[Factor[res[[1]]]]/det], {x 1,x 2,x 3,y 1,y 2,y 3 }] PolynomialQ[Together[Numerator[Factor[res[[2]]]]/det], {x 1,x 2,x 3,y 1,y 2,y 3 }] Further runs in 2 seconds on a PC For an elementary proof: An Elementary Proof of the Group Law for Elliptic Curves. Department of Mathematics: Rice University. Web. 20 Nov friedl/papers/aaelliptic.pdf More cases to check. e.g P + E 2Q = (P + E Q) + E Q
10 EXAMPLE: Elliptic curves over F 2 From our previous list: Groups of points E E(F 2 ) E(F 2 ) y 2 + xy = x 3 + x {, (0, 1)} 2 y 2 + xy = x {, (0, 1), (1, 0), (1, 1)} 4 y 2 + y = x 3 + x {, (0, 0), (0, 1), (1, 0), (1, 1)} 5 y 2 + y = x 3 + x + 1 { } 1 Further y 2 + y = x 3 {, (0, 0), (0, 1)} 3 So for each curve E(F 2 ) is cyclic except possibly for the second for which we need to distinguish between C 4 and C 2 C 2. Note: each C i, i = 1,..., 5 is represented by a curve /F 2
11 EXAMPLE: Elliptic curves over F 3 From our previous list: Groups of points i E i E i (F 3 ) E i (F 3 ) 1 y 2 = x 3 + x {, (0, 0), (2, 1), (2, 2)} C 4 2 y 2 = x 3 x {, (1, 0), (2, 0), (0, 0)} C 2 C 2 3 y 2 = x 3 x + 1 {, (0, 1), (0, 2), (1, 1), (1, 2), (2, 1), (2, 2)} C 7 4 y 2 = x 3 x 1 { } {1} 5 y 2 = x 3 + x 2 1 {, (1, 1), (1, 2)} C 3 6 y 2 = x 3 + x {, (0, 1), (0, 2), (1, 0), (2, 1), (2, 2)} C 6 7 y 2 = x 3 x {, (0, 1), (0, 2), (1, 1), (1, 2), } C 5 8 y 2 = x 3 x 2 1 {, (2, 0))} C 2 Further Note: each C i, i = 1,..., 7 is represented by a curve /F 3 ( Exercise: let a ) q be the kronecker symbol. Show that the number of non isomorphic (i.e. inequivalent) classes of elliptic curves over F q is ( ) 4 ( ) 3 2q q + 2 q
12 EXAMPLE: Elliptic curves over F 5 and F 4 E/F 5 (12 elliptic curves), #E(F 5 ) {2, 3, 4, 5, 6, 7, 8, 9, 10}. n, 2 n 10!E/F 5 : #E(F 5 ) = n with the exceptions: Example (Elliptic curves over F 5 ) E 1 : y 2 = x and E 2 : y 2 = x both order 6 { x 2x y E 1 and E 2 affinely equivalent over 3y F 5 [ 3] = F 25 (twists) E 3 : y 2 = x 3 + x and E 4 : y 2 = x 3 + x + 2 order 4 Further E 3 (F 5 ) = C2 C 2 E 4 (F 5 ) = C4 E 5 : y 2 = x 3 + 4x and E 6 : y 2 = x 3 + 4x + 1 both order 8 E 5 (F 5 ) = C2 C 4 E 6 (F 5 ) = C8 E 7 : y 2 = x 3 + x + 1 order 9 and E 7 (F 5 ) = C9 Exercise: Classify all elliptic curves over F 4 = F 2 [ξ], ξ 2 = ξ + 1
13 The j-invariant Let E/K : y 2 = x 3 + Ax + B, p 5 and E := 4A B 2. { x u 2 x y u 3 u K E E u : y 2 = x 3 + u 4 Ax + u 6 B y Definition The j invariant of E is j = j(e) = A 3 4A 3 +27B 2 Properties of j invariants 1 j(e) = j(e u ), u K Further 2 j(e /K ) = j(e /K ) u K s.t. E = E u 3 j 0, 1728 E : y 2 = x 3 + 3j 1728 j x + 2j 1728 j, j(e) = j 4 j = 0 E : y 2 = x 3 + B, j = 1728 E : y 2 = x 3 + Ax 5 j : K { K affinely equivalent classes of E/K }. 6 p = 2, 3 different definition if K = F q can take u F q 12
14 of j invariants From Friday E 1 : y 2 = x and E 2 : y 2 = x #E 1 (F 5 ) = #E 2 (F 5 ) = 6 and j(e 1 ) = j(e 2 ) = 0 { x 2x y 3y Definition (twisted curve) Let E/F q : y 2 = x 3 + Ax + B, µ F q \ (F q )2. E µ : y 2 = x 3 + µ 2 Ax + µ 3 B E 1 and E 2 affinely equivalent over F 5 [ 3] = F 25 (twists) Further is called twisted curve. Exercise: prove that j(e) = j(e µ ) E and E µ are F q [ µ] affinely equivalent #E(F q 2 ) = #E µ (F q 2 ) usually #E(F q ) #E µ (F q )
15 Determining points of order 2 Let P = (x 1, y 1 ) E(F q ) \ { }, P has order 2 2P = P = P So P = (x 1, a 1 x 1 a 3 y 1 ) = (x 1, y 1 ) = P = 2y 1 = a 1 x 1 a 3 If p 2, can assume E : y 2 = x 3 + Ax 2 + Bx + C P = (x 1, y 1 ) = (x 1, y 1 ) = P = y 1 = 0, x Ax Bx 1 + C = 0 Further Note the number of points of order 2 in E(F q ) equals the number of roots of X 3 + Ax 2 + Bx + C in F q roots are distinct since discriminant E 0 E(F q 6 ) has always 3 points of order 2 if E/F q E[2] := {P E( F q ) : 2P = } = C2 C 2
16 Determining points of order 2 (continues) If p = 2 and E : y 2 + a 3 y = x 3 + a 2 x 2 + a 6 P = (x 1, a 3 + y 1 ) = (x 1, y 1 ) = P = a 3 = 0 Absurd (a 3 = 0) and there are no points of order 2. If p = 2 and E : y 2 + xy = x 3 + a 4 x + a 6 P = (x 1, x 1 + y 1 ) = (x 1, y 1 ) = P = x 1 = 0, y 2 1 = a 6 So there is exactly one point of order 2 namely (0, a 6 ) Further Definition 2 torsion points E[2] = {P E : 2P = }. In conclusion E[2] = { C2 C 2 if p > 2 C 2 if p = 2, E : y 2 + xy = x 3 + a 4 x + a 6 { } if p = 2, E : y 2 + a 3 y = x 3 + a 2 x 2 + a 6
17 Elliptic curves over F 2, F 3 and F 5 Each curve /F 2 has cyclic E(F 2 ). E E(F 2 ) E(F 2 ) y 2 + xy = x 3 + x {, (0, 1)} 2 y 2 + xy = x {, (0, 1), (1, 0), (1, 1)} 4 y 2 + y = x 3 + x {, (0, 0), (0, 1), (1, 0), (1, 1)} 5 y 2 + y = x 3 + x + 1 { } 1 y 2 + y = x 3 {, (0, 0), (0, 1)} 3 E 1 : y 2 = x 3 + x E 2 : y 2 = x 3 x E 1 (F 3 ) = C4 and E 2 (F 3 ) = C2 C 2 Further E 3 : y 2 = x 3 + x E 4 : y 2 = x 3 + x + 2 E 3 (F 5 ) = C2 C 2 and E 4 (F 5 ) = C4 E 5 : y 2 = x 3 + 4x E 6 : y 2 = x 3 + 4x + 1 E 5 (F 5 ) = C2 C 4 and E 6 (F 5 ) = C8
18 Determining points of order 3 Let P = (x 1, y 1 ) E(F q ) P has order 3 3P = 2P = P Further So, if p > 3 and E : y 2 = x 2 + Ax + B 2P = (x 2P, y 2P ) = 2(x 1, y 1 ) = (λ 2 2x 1, λ 3 + 2λx 1 ν) P has order 3 x 2P = x 1 Substituting λ, x 2P x 1 = 3x 4 1 6Ax Bx 1+A 2 = 0 4(x 3 1 +Ax 1+4B) where λ = 3x 2 1 +A 2y 1, ν = x 3 1 Ax 1 2B 2y 1. Note ψ 3 (x) := 3x 4 + 6Ax Bx A 2 the 3 rd division polynomial (x 1, y 1 ) E(F q ) has order 3 ψ 3 (x 1 ) = 0 E(F q ) has at most 8 points of order 3 If p 3, E[3] := {P E : 3P = } = C3 C 3
19 Determining points of order 3 (continues) Exercise Let E : y 2 = x 3 + Ax 2 + Bx + C, A, B, C F 3 n. Prove that if P = (x 1, y 1 ) E(F 3 n ) has order 3, then 1 Ax AC B2 = 0 2 E[3] = C3 if A 0 and E[3] = { } otherwise Example (from Friday) If E : y 2 = x 3 + x + 1, then #E(F 5 ) = 9. ψ 3 (x) = (x + 3)(x + 4)(x 2 + 3x + 4) Further Hence { E[3] =, (2, ±1), (1, ± 3), (1 ± 2 3, ±(1 ± } 3)) 1 E(F 5 ) = {, (2, ±1), (0, ±1), (3, ±1), (4, ±2)} = C9 2 Since F 25 = F 5 [ 3] E[3] E(F 25 ) 3 #E(F 25 ) = 27 E(F 25 ) = C3 C 9
20 Determining points of order 3 (continues) Inequivalent curves /F 7 with #E(F 7 ) = 9. E ψ 3 (x) E[3] E(F 7 ) E(F 7 ) = y 2 = x x(x + 1)(x + 2)(x + 4) {, (0, ±3), ( 1, ±1), (5, ±1), (3, ±1)} C 3 C 3 y 2 = x 3 + 3x + 2 (x + 2)(x 3 + 5x 2 + 3x + 2) {, (5, ±3)} C 9 y 2 = x 3 + 5x + 2 (x + 4)(x 3 + 3x 2 + 5x + 2) {, (3, ±3)} C 9 y 2 = x 3 + 6x + 2 (x + 1)(x 3 + 6x 2 + 6x + 2) {, (6, ±3)} C 9 Can one count the number of inequivalent E/F q with #E(F q ) = r? Example (A curve over F 4 = F 2 (ξ), ξ 2 = ξ + 1; E : y 2 + y = x 3 ) We know E(F 2 ) = {, (0, 0), (0, 1)} E(F 4 ). E(F 4) = {, (0, 0), (0, 1), (1, ξ), (1, ξ + 1), (ξ, ξ), (ξ, ξ + 1), (ξ + 1, ξ), (ξ + 1, ξ + 1)} Further ψ 3 (x) = x 4 + x = x(x + 1)(x + ξ)(x + ξ + 1) E(F 4 ) = C3 C 3 Exercise (Suppose (x 0, y 0 ) E/F 2 n has order 3. Show that) 1 E : y 2 + a 3 y = x 3 + a 4 x + a 6 x a2 3 x 0 + (a 4 a 3 ) 2 = 0 2 E : y 2 + xy = x 3 + a 2 x 2 + a 6 x x a 6 = 0
21 Determining points of order (dividing) m Definition (m torsion point) Let E/K and let K an algebraic closure of K. E[m] = {P E( K ) : mp = } Further Theorem (Structure of Torsion Points) Let E/K and m N. If p = char(k ) m, E[m] = Cm C m If m = p r m, p m, E[m] = Cm C m or E[m] = Cm C m E/F p is called { ordinary supersingular if E[p] = Cp if E[p] = { }
22 Group Structure of E(F q ) Corollary Let E/F q. n, k N are such that Further E(F q ) = Cn C nk Proof. From classification Theorem of finite abelian group E(F q ) = Cn1 C n2 C nr with n i n i+1 for i 1. Hence E(F q ) contains n r 1 points of order dividing n 1. From Structure of Torsion Theorem, #E[n 1 ] n 2 1. So r 2 Theorem (Corollary of Weil Pairing) Let E/F q and n, k N s.t. E(F q ) = Cn C nk. Then n q 1. We shall discuss the proof of the latter tomorrow
23 Sketch of the proof of Structure Theorem of Torsion Points The division polynomials The proof generalizes previous ideas and determine the points P E(F q ) such that mp = or equivalently (m 1)P = P. Definition (Division Polynomials of E : y 2 = x 3 + Ax + B (p > 3)) ψ 0 =0 ψ 1 =1 ψ 2 =2y ψ 3 =3x 4 + 6Ax Bx A 2 ψ 4 =4y(x 6 + 5Ax Bx 3 5A 2 x 2 4ABx 8B 2 A 3 ). ψ 2m+1 =ψ m+2 ψ 3 m ψ m 1ψ 3 m+1 for m 2 ( ) ψm ψ 2m = (ψ m+2 ψ 2 m 1 2y ψ m 2ψ 2 m+1 ) for m 3 Further The polynomial ψ m Z[x, y] is called the m th division polynomial
24 The division polynomials Lemma Let E : y 2 = x 3 + Ax + B, (p > 3) and let ψ m Z[x, y] the m th division polynomial. Then Proof is an exercise. ψ 2m+1 Z[x] and ψ 2m 2yZ[x] True ψ 0, ψ 1, ψ 2, ψ 3, ψ 4 and for the rest apply induction, the identity y 2 = x 3 + Ax + B and consider the cases m odd and m even. Lemma ψ m = { y(mx (m2 4)/2 + ) mx (m2 1)/2 + if m is even if m is odd. Further Hence ψ 2 m = m2 x m2 1 + Proof is another exercise on induction:
25 Theorem (E : Y 2 = X 3 + AX + B elliptic curve, P = (x, y) E) where ( m(x, y) = x ψ m 1ψ m+1 ψ 2 m(x) ) ( ), ψ 2m(x, y) φm (x) = 2ψm(x) 4 ψm(x), ω m(x, y) 2 ψm(x, 3 y) φ m = xψ 2 m ψ m+1ψ m 1, ω m = ψ m+2ψ 2 m 1 ψ m 2ψ 2 m+1 4y We will omit the proof of the above (see [8, Section 9.5]) Exercise (Prove that after substituting y 2 = x 3 + Ax + B) Further 1 φ m (x) Z[x] 2 φ m (x) = x m2 + ψ m (x) 2 = m 2 x m ω 2m+1 yz[x], ω 2m Z[x] 4 ω m (x,y) yz(x) ψm 3 (x,y) 5 gcd(ψ 2 m (x), φ m(x)) = 1 this is not really an exercise!! - see [8, Corollary 3.7]
26 Lemma #E[m] = #{P E( K ) : mp = } { = m 2 if p m < m 2 if p m Further Proof. Consider the homomorphism: If p m, need to show that [m] : E( K ) E( K ), P mp # Ker[m] = #E[m] = m 2 We shall prove that P 0 = (a, b) [m](e( K )) \ { } s.t. #{P E( K ) : mp = P 0 } = m 2 Since E( K ) infinite, we can choose (a, b) [m](e( K )) s.t. 1 ab 0 2 x 0 K : (φ m ψ m 2φ m ψ m )(x 0)ψ m (x 0 ) = 0 a φ m(x 0 ) ψ m 2 (x 0) if p m, conditions imply that φ m (x) aψ 2 m (x) has m 2 = (φ m (x) aψ 2 m (x)) distinct roots in fact φ m (x) = m 2 and ψ 2 m (x) = m2 1
27 Proof continues. Write The map is a well defined bijection. mp = m(x, y) = ( φ m (x) ψ 2 m (x), ω m(x,y) ψ m (x) 3 ) = ( φ m (x) ψ 2 m (x), yr(x) ) {α K : φ m (α) aψ m (α) 2 = 0} {P E( K ) : mp = (a, b)} α 0 (α 0, br(α 0 ) 1 ) Hence there are m 2 points P E( K ) with mp = (a, b) Further So there are m 2 elements in Ker[m]. If p m, the proof is the same except that φ m (x) aψ m (x) 2 has multiple roots!! In fact φ m (x) aψ m (x)2 = 0
28 From Lemma, Theorem follows: If p m, apply classification Theorem of finite Groups: E[m] = Cn1 C n2 C nk, n i n i+1. Let l n 1, then E[l] E[m]. Hence l k = l 2 k = 2. So E[m] = Cn1 C n2 Finally n 2 m and n 1 n 2 = m 2 so m = n 1 = n 2. If p m, write m = p j m, p m and Further E[m] = E[m ] E[p j ] = Cm C m E[p j ] The statement follows from: which is done by induction. E[p j ] = { { } C p j and C m C p j = Cm p j
29 From Lemma, Theorem follows (continues) Induction base: E[p] = { { } C p if follows from #E[p] < p 2 If E[p] = { } E[p j ] = { } j 2: In fact if E[p j ] { } then it would contain some element of order p(contradiction). If E[p] = Cp, then E[p j ] = Cp j j 2: In fact E[p j ] is cyclic (otherwise E[p] would not be cyclic!) Fact: [p] : E( K ) E( K ) is surjective (to be proven tomorrow) If P E and ord P = p j 1 Q E s.t. pq = P and Q = p j. Hence E[p j ] = Cp j since it contains an element of order p j. Further Remark: E[2m + 1] \ { } = {(x, y) E( K ) : ψ 2m+1 (x) = 0} E[2m] \ E[2] = {(x, y) E( K ) : y 1 ψ 2m (x) = 0}
30 Theorem (Hasse) Let E be an elliptic curve over the finite field F q. Then the order of E(F q ) satisfies q + 1 #E(F q ) 2 q. So #E(F q ) [( q 1) 2, ( q + 1) 2 ] the Hasse interval I q Further Example (Hasse Intervals) q I q 2 {1, 2, 3, 4, 5} 3 {1, 2, 3, 4, 5, 6, 7} 4 {1, 2, 3, 4, 5, 6, 7, 8, 9} 5 {2, 3, 4, 5, 6, 7, 8, 9, 10} 7 {3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13} 8 {4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14} 9 {4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16} 11 {6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18} 13 {7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21} 16 {9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25} 17 {10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26} 19 {12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28} 23 {15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33} 25 {16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36} 27 {18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38} 29 {20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40} 31 {21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43} 32 {22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44}
31 Theorem (Waterhouse) Let q = p n and let N = q + 1 a. E/F q s.t.#e(f q ) = N a 2 q and one of the following is satisfied: (i) gcd(a, p) = 1; (ii) n even and one of the following is satisfied: 1 a = ±2 q; 2 p 1 (mod 3), and a = ± q; 3 p 1 (mod 4), and a = 0; (iii) n is odd, and one of the following is satisfied: 1 p = 2 or 3, and a = ±p (n+1)/2 ; 2 a = 0. Further Example (q prime N I q, E/F q, #E(F q ) = N. q not prime:) q a 4 = 2 2 { 4, 3, 2, 1, 0, 1, 2, 3, 4} 8 = 2 3 { 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5} 9 = 3 2 { 6, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, 6} 16 = 2 4 { 8, 7, 6, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, 6, 7, 8} 25 = 5 2 { 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10} 27 = 3 3 { 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10} 32 = 2 5 { 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}
32 Theorem (Rück) Suppose N is a possible order of an elliptic curve /F q, q = p n. Write N = p e n 1 n 2, p n 1 n 2 and n 1 n 2 (possibly n 1 = 1). There exists E/F q s.t. E(F q ) = Cn1 C n2 p e if and only if 1 n 1 = n 2 in the case (ii).1 of ; 2 n 1 q 1 in all other cases of. Example Further If q = p 2n and #E(F q ) = q + 1 ± 2 q = (p n ± 1) 2, then E(F q ) = Cp n ±1 C p n ±1. Let N = 100 and q = 101 E 1, E 2, E 3, E 4 /F 101 s.t. E 1 (F 101 ) = C10 C 10 E 2 (F 101 ) = C2 C 50 E 3 (F 101 ) = C5 C 20 E 4 (F 101 ) = C100
33 Further Reading... Further IAN F. BLAKE, GADIEL SEROUSSI, AND NIGEL P. SMART, Advances in elliptic curve cryptography, London Mathematical Society Lecture Note Series, vol. 317, Cambridge University Press, Cambridge, J. W. S. CASSELS, Lectures on elliptic curves, London Mathematical Society Student Texts, vol. 24, Cambridge University Press, Cambridge, JOHN E. CREMONA, Algorithms for modular elliptic curves, 2nd ed., Cambridge University Press, Cambridge, ANTHONY W. KNAPP, Elliptic curves, Mathematical Notes, vol. 40, Princeton University Press, Princeton, NJ, NEAL KOBLITZ, Introduction to elliptic curves and modular forms, Graduate Texts in Mathematics, vol. 97, Springer-Verlag, New York, JOSEPH H. SILVERMAN, The arithmetic of elliptic curves, Graduate Texts in Mathematics, vol. 106, Springer-Verlag, New York, JOSEPH H. SILVERMAN AND JOHN TATE, Rational points on elliptic curves, Undergraduate Texts in Mathematics, Springer-Verlag, New York, LAWRENCE C. WASHINGTON, Elliptic curves: Number theory and cryptography, 2nd ED. Discrete Mathematics and Its Applications, Chapman & Hall/CRC, HORST G. ZIMMER, Computational aspects of the theory of elliptic curves, Number theory and applications (Banff, AB, 1988) NATO Adv. Sci. Inst. Ser. C Math. Phys. Sci., vol. 265, Kluwer Acad. Publ., Dordrecht, 1989, pp
Introduction to Elliptic Curves
IAS/Park City Mathematics Series Volume XX, XXXX Introduction to Elliptic Curves Alice Silverberg Introduction Why study elliptic curves? Solving equations is a classical problem with a long history. Starting
More informationSchoof s Algorithm for Counting Points on E(F q )
Schoof s Algorithm for Counting Points on E(F q ) Gregg Musiker December 7, 005 1 Introduction In this write-up we discuss the problem of counting points on an elliptic curve over a finite field. Here,
More informationON TORSION POINTS ON AN ELLIPTIC CURVES VIA DIVISION POLYNOMIALS
UNIVERSITATIS IAGELLONICAE ACTA MATHEMATICA, FASCICULUS XLIII 2005 ON TORSION POINTS ON AN ELLIPTIC CURVES VIA DIVISION POLYNOMIALS by Maciej Ulas Abstract. In this note we propose a new way to prove Nagel
More informationElliptic curves and modularity
Elliptic curves and modularity For background and (most) proofs, we refer to [1]. 1 Weierstrass models Let K be any field. For any a 1, a 2, a 3, a 4, a 6 K consider the plane projective curve C given
More informationNumber Theory in Cryptology
Number Theory in Cryptology Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur October 15, 2011 What is Number Theory? Theory of natural numbers N = {1,
More informationLECTURE 7, WEDNESDAY
LECTURE 7, WEDNESDAY 25.02.04 FRANZ LEMMERMEYER 1. Singular Weierstrass Curves Consider cubic curves in Weierstraß form (1) E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6, the coefficients a i
More informationSome new families of positive-rank elliptic curves arising from Pythagorean triples
Notes on Number Theory and Discrete Mathematics Print ISSN 1310 5132, Online ISSN 2367 8275 Vol. 24, 2018, No. 3, 27 36 DOI: 10.7546/nntdm.2018.24.3.27-36 Some new families of positive-rank elliptic curves
More informationA Note on Scalar Multiplication Using Division Polynomials
1 A Note on Scalar Multiplication Using Division Polynomials Binglong Chen, Chuangqiang Hu and Chang-An Zhao Abstract Scalar multiplication is the most important and expensive operation in elliptic curve
More informationThe 8 th International Conference on Science and Mathematical Education in Developing Countries
On Never Primitive points for Elliptic curves The 8 th International Conference on Science and Mathematical Education in Developing Countries University of Yangon Myanmar 4 th -6 th December 2015, Francesco
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 2: Mathematical Concepts Divisibility Congruence Quadratic Residues
More informationIntroduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013
18.78 Introduction to Arithmetic Geometry Fall 013 Lecture #4 1/03/013 4.1 Isogenies of elliptic curves Definition 4.1. Let E 1 /k and E /k be elliptic curves with distinguished rational points O 1 and
More informationON A FAMILY OF ELLIPTIC CURVES
UNIVERSITATIS IAGELLONICAE ACTA MATHEMATICA, FASCICULUS XLIII 005 ON A FAMILY OF ELLIPTIC CURVES by Anna Antoniewicz Abstract. The main aim of this paper is to put a lower bound on the rank of elliptic
More informationModern Number Theory: Rank of Elliptic Curves
Modern Number Theory: Rank of Elliptic Curves Department of Mathematics University of California, Irvine October 24, 2007 Rank of Outline 1 Introduction Basics Algebraic Structure 2 The Problem Relation
More informationCONSTRUCTION OF HIGH-RANK ELLIPTIC CURVES WITH A NONTRIVIAL TORSION POINT
MATHEMATICS OF COMPUTATION Volume 66, Number 217, January 1997, Pages 411 415 S 0025-5718(97)00779-5 CONSTRUCTION OF HIGH-RANK ELLIPTIC CURVES WITH A NONTRIVIAL TORSION POINT KOH-ICHI NAGAO Abstract. We
More informationCyclic Groups in Cryptography
Cyclic Groups in Cryptography p. 1/6 Cyclic Groups in Cryptography Palash Sarkar Indian Statistical Institute Cyclic Groups in Cryptography p. 2/6 Structure of Presentation Exponentiation in General Cyclic
More informationMappings of elliptic curves
Mappings of elliptic curves Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Isogenies of Elliptic Curves
More informationElliptic Curves Spring 2017 Lecture #5 02/22/2017
18.783 Elliptic Curves Spring 017 Lecture #5 0//017 5 Isogenies In almost every branch of mathematics, when considering a category of mathematical objects with a particular structure, the maps between
More informationElliptic Curves Spring 2015 Lecture #7 02/26/2015
18.783 Elliptic Curves Spring 2015 Lecture #7 02/26/2015 7 Endomorphism rings 7.1 The n-torsion subgroup E[n] Now that we know the degree of the multiplication-by-n map, we can determine the structure
More informationOn Orders of Elliptic Curves over Finite Fields
Rose-Hulman Undergraduate Mathematics Journal Volume 19 Issue 1 Article 2 On Orders of Elliptic Curves over Finite Fields Yujin H. Kim Columbia University, yujin.kim@columbia.edu Jackson Bahr Eric Neyman
More information2-ADIC ARITHMETIC-GEOMETRIC MEAN AND ELLIPTIC CURVES
-ADIC ARITHMETIC-GEOMETRIC MEAN AND ELLIPTIC CURVES KENSAKU KINJO, YUKEN MIYASAKA AND TAKAO YAMAZAKI 1. The arithmetic-geometric mean over R and elliptic curves We begin with a review of a relation between
More informationCounting points on elliptic curves over F q
Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 p.2 Motivation Given an elliptic curve E over a finite
More informationCounting points on elliptic curves: Hasse s theorem and recent developments
Counting points on elliptic curves: Hasse s theorem and recent developments Igor Tolkov June 3, 009 Abstract We introduce the the elliptic curve and the problem of counting the number of points on the
More informationElliptic Curves Spring 2013 Lecture #8 03/05/2013
18.783 Elliptic Curves Spring 2013 Lecture #8 03/05/2013 8.1 Point counting We now consider the problem of determining the number of points on an elliptic curve E over a finite field F q. The most naïve
More informationArithmetic Progressions Over Quadratic Fields
Arithmetic Progressions Over Quadratic Fields Alexander Diaz, Zachary Flores, Markus Vasquez July 2010 Abstract In 1640 Pierre De Fermat proposed to Bernard Frenicle de Bessy the problem of showing that
More informationTwists of elliptic curves of rank at least four
1 Twists of elliptic curves of rank at least four K. Rubin 1 Department of Mathematics, University of California at Irvine, Irvine, CA 92697, USA A. Silverberg 2 Department of Mathematics, University of
More informationNon-generic attacks on elliptic curve DLPs
Non-generic attacks on elliptic curve DLPs Benjamin Smith Team GRACE INRIA Saclay Île-de-France Laboratoire d Informatique de l École polytechnique (LIX) ECC Summer School Leuven, September 13 2013 Smith
More informationCOMPUTING MODULAR POLYNOMIALS
COMPUTING MODULAR POLYNOMIALS DENIS CHARLES AND KRISTIN LAUTER 1. Introduction The l th modular polynomial, φ l (x, y), parameterizes pairs of elliptic curves with an isogeny of degree l between them.
More informationTHERE ARE NO ELLIPTIC CURVES DEFINED OVER Q WITH POINTS OF ORDER 11
THERE ARE NO ELLIPTIC CURVES DEFINED OVER Q WITH POINTS OF ORDER 11 ALLAN LACY 1. Introduction If E is an elliptic curve over Q, the set of rational points E(Q), form a group of finite type (Mordell-Weil
More informationCOUNTING POINTS ON ELLIPTIC CURVES OVER F q
COUNTING POINTS ON ELLIPTIC CURVES OVER F q RENYI TANG Abstract. In this expository paper, we introduce elliptic curves over finite fields and the problem of counting the number of rational points on a
More informationOn elliptic curves in characteristic 2 with wild additive reduction
ACTA ARITHMETICA XCI.2 (1999) On elliptic curves in characteristic 2 with wild additive reduction by Andreas Schweizer (Montreal) Introduction. In [Ge1] Gekeler classified all elliptic curves over F 2
More informationThe Kummer Pairing. Alexander J. Barrios Purdue University. 12 September 2013
The Kummer Pairing Alexander J. Barrios Purdue University 12 September 2013 Preliminaries Theorem 1 (Artin. Let ψ 1, ψ 2,..., ψ n be distinct group homomorphisms from a group G into K, where K is a field.
More informationTHE NUMBER OF TWISTS WITH LARGE TORSION OF AN ELLITPIC CURVE
THE NUMBER OF TWISTS WITH LARGE TORSION OF AN ELLITPIC CURVE FILIP NAJMAN Abstract. For an elliptic curve E/Q, we determine the maximum number of twists E d /Q it can have such that E d (Q) tors E(Q)[2].
More informationDip. Matem. & Fisica. Notations. Università Roma Tre. Fields of characteristics 0. 1 Z is the ring of integers. 2 Q is the field of rational numbers
On Never rimitive points for Elliptic curves Notations The 8 th International Conference on Science and Mathematical Education in Developing Countries Fields of characteristics 0 Z is the ring of integers
More informationCONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker
CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES Reinier Bröker Abstract. We give an algorithm that constructs, on input of a prime power q and an integer t, a supersingular elliptic curve over F q with trace
More informationOutline of the Seminar Topics on elliptic curves Saarbrücken,
Outline of the Seminar Topics on elliptic curves Saarbrücken, 11.09.2017 Contents A Number theory and algebraic geometry 2 B Elliptic curves 2 1 Rational points on elliptic curves (Mordell s Theorem) 5
More informationHONDA-TATE THEOREM FOR ELLIPTIC CURVES
HONDA-TATE THEOREM FOR ELLIPTIC CURVES MIHRAN PAPIKIAN 1. Introduction These are the notes from a reading seminar for graduate students that I organised at Penn State during the 2011-12 academic year.
More information14 Ordinary and supersingular elliptic curves
18.783 Elliptic Curves Spring 2015 Lecture #14 03/31/2015 14 Ordinary and supersingular elliptic curves Let E/k be an elliptic curve over a field of positive characteristic p. In Lecture 7 we proved that
More informationAN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES
AN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES Abstract. We give a proof of the group law for elliptic curves using explicit formulas. 1. Introduction In the following K will denote an algebraically
More informationFORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS
Sairaiji, F. Osaka J. Math. 39 (00), 3 43 FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS FUMIO SAIRAIJI (Received March 4, 000) 1. Introduction Let be an elliptic curve over Q. We denote by ˆ
More informationElliptic curves in Huff s model
Elliptic curves in Huff s model Hongfeng Wu 1, Rongquan Feng 1 College of Sciences, North China University of Technology, Beijing 1001, China whfmath@gmailcom LMAM, School of Mathematical Sciences, Peking
More informationFormulary for elliptic divisibility sequences and elliptic nets. Let E be the elliptic curve defined over the rationals with Weierstrass equation
Formulary for elliptic divisibility sequences and elliptic nets KATHERINE E STANGE Abstract Just the formulas No warranty is expressed or implied May cause side effects Not to be taken internally Remove
More informationCurves, Cryptography, and Primes of the Form x 2 + y 2 D
Curves, Cryptography, and Primes of the Form x + y D Juliana V. Belding Abstract An ongoing challenge in cryptography is to find groups in which the discrete log problem hard, or computationally infeasible.
More informationElliptic Curves over Finite Fields 1
Elliptic Curves over Finite Fields 1 B. Sury 1. Introduction Jacobi was the first person to suggest (in 1835) using the group law on a cubic curve E. The chord-tangent method does give rise to a group
More informationElliptic Curves Spring 2015 Lecture #23 05/05/2015
18.783 Elliptic Curves Spring 2015 Lecture #23 05/05/2015 23 Isogeny volcanoes We now want to shift our focus away from elliptic curves over C and consider elliptic curves E/k defined over any field k;
More informationThe Congruent Number Problem and the Birch and Swinnerton-Dyer Conjecture. Florence Walton MMathPhil
The Congruent Number Problem and the Birch and Swinnerton-Dyer Conjecture Florence Walton MMathPhil Hilary Term 015 Abstract This dissertation will consider the congruent number problem (CNP), the problem
More informationElliptic curve cryptography. Matthew England MSc Applied Mathematical Sciences Heriot-Watt University
Elliptic curve cryptography Matthew England MSc Applied Mathematical Sciences Heriot-Watt University Summer 2006 Abstract This project studies the mathematics of elliptic curves, starting with their derivation
More informationComputing a Lower Bound for the Canonical Height on Elliptic Curves over Q
Computing a Lower Bound for the Canonical Height on Elliptic Curves over Q John Cremona 1 and Samir Siksek 2 1 School of Mathematical Sciences, University of Nottingham, University Park, Nottingham NG7
More informationAbstracts of papers. Amod Agashe
Abstracts of papers Amod Agashe In this document, I have assembled the abstracts of my work so far. All of the papers mentioned below are available at http://www.math.fsu.edu/~agashe/math.html 1) On invisible
More informationA Remark on Implementing the Weil Pairing
A Remark on Implementing the Weil Pairing Cheol Min Park 1, Myung Hwan Kim 1 and Moti Yung 2 1 ISaC and Department of Mathematical Sciences, Seoul National University, Korea {mpcm,mhkim}@math.snu.ac.kr
More informationFrom the elliptic regulator to exotic relations
An. Şt. Univ. Ovidius Constanţa Vol. 16(), 008, 117 16 From the elliptic regulator to exotic relations Nouressadat TOUAFEK Abstract In this paper we prove an identity between the elliptic regulators of
More informationOn attaching coordinates of Gaussian prime torsion points of y 2 = x 3 + x to Q(i)
On attaching coordinates of Gaussian prime torsion points of y 2 = x 3 + x to Q(i) Gordan Savin and David Quarfoot March 29, 2010 1 Background One of the natural questions that arises in the study of abstract
More information1.6.1 What are Néron Models?
18 1. Abelian Varieties: 10/20/03 notes by W. Stein 1.6.1 What are Néron Models? Suppose E is an elliptic curve over Q. If is the minimal discriminant of E, then E has good reduction at p for all p, in
More informationCONGRUENT NUMBERS AND ELLIPTIC CURVES
CONGRUENT NUMBERS AND ELLIPTIC CURVES JIM BROWN Abstract. These are essentially the lecture notes from a section on congruent numbers and elliptic curves taught in my introductory number theory class at
More informationKatherine Stange. ECC 2007, Dublin, Ireland
in in Department of Brown University http://www.math.brown.edu/~stange/ in ECC Computation of ECC 2007, Dublin, Ireland Outline in in ECC Computation of in ECC Computation of in Definition A integer sequence
More informationFully maximal and minimal supersingular abelian varieties
Fully maximal and minimal supersingular abelian varieties Valentijn Karemaker (University of Pennsylvania) Joint with R. Pries Arithmetic, Geometry, Cryptography, and Coding Theory, CIRM June 19, 2017
More informationCongruent number elliptic curves of high rank
Michaela Klopf, BSc Congruent number elliptic curves of high rank MASTER S THESIS to achieve the university degree of Diplom-Ingenieurin Master s degree programme: Mathematical Computer Science submitted
More informationarxiv:math/ v1 [math.nt] 15 Mar 2001
arxiv:math/0103243v1 [math.nt] 15 Mar 2001 Mordell-Weil Groups and Selmer Groups of Two Types of Elliptic Curves QIU Derong and ZHANG Xianke Tsinghua University, Department of Mathematical Sciences, Beijing
More informationMath 2070BC Term 2 Weeks 1 13 Lecture Notes
Math 2070BC 2017 18 Term 2 Weeks 1 13 Lecture Notes Keywords: group operation multiplication associative identity element inverse commutative abelian group Special Linear Group order infinite order cyclic
More informationElliptic Nets and Points on Elliptic Curves
Department of Mathematics Brown University http://www.math.brown.edu/~stange/ Algorithmic Number Theory, Turku, Finland, 2007 Outline Geometry and Recurrence Sequences 1 Geometry and Recurrence Sequences
More informationComputing the image of Galois
Computing the image of Galois Andrew V. Sutherland Massachusetts Institute of Technology October 9, 2014 Andrew Sutherland (MIT) Computing the image of Galois 1 of 25 Elliptic curves Let E be an elliptic
More informationDefinition of a finite group
Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *
More informationCOMPLEX MULTIPLICATION: LECTURE 14
COMPLEX MULTIPLICATION: LECTURE 14 Proposition 0.1. Let K be any field. i) Two elliptic curves over K are isomorphic if and only if they have the same j-invariant. ii) For any j 0 K, there exists an elliptic
More informationElliptic curves, Factorization and Primality Testing Notes for talks given at London South bank University 7, 14 & 21 November 2007 Tony Forbes
Elliptic curves, Factorization and Primality Testing Notes for talks given at London South bank University 7, 14 & 21 November 2007 Tony Forbes ADF34C 3.3.3A PLANE CURVES, AFFINE AND PROJECTIVE Let K be
More informationKatherine Stange. Pairing, Tokyo, Japan, 2007
via via Department of Mathematics Brown University http://www.math.brown.edu/~stange/ Pairing, Tokyo, Japan, 2007 Outline via Definition of an elliptic net via Definition (KS) Let R be an integral domain,
More informationIRREDUCIBILITY OF ELLIPTIC CURVES AND INTERSECTION WITH LINES.
IRREDUCIBILITY OF ELLIPTIC CURVES AND INTERSECTION WITH LINES. IAN KIMING 1. Non-singular points and tangents. Suppose that k is a field and that F (x 1,..., x n ) is a homogeneous polynomial in n variables
More informationSummation polynomials and the discrete logarithm problem on elliptic curves
Summation polynomials and the discrete logarithm problem on elliptic curves Igor Semaev Department of Mathematics University of Leuven,Celestijnenlaan 200B 3001 Heverlee,Belgium Igor.Semaev@wis.kuleuven.ac.be
More informationFall 2004 Homework 7 Solutions
18.704 Fall 2004 Homework 7 Solutions All references are to the textbook Rational Points on Elliptic Curves by Silverman and Tate, Springer Verlag, 1992. Problems marked (*) are more challenging exercises
More informationON ISOGENY GRAPHS OF SUPERSINGULAR ELLIPTIC CURVES OVER FINITE FIELDS
ON ISOGENY GRAPHS OF SUPERSINGULAR ELLIPTIC CURVES OVER FINITE FIELDS GORA ADJ, OMRAN AHMADI, AND ALFRED MENEZES Abstract. We study the isogeny graphs of supersingular elliptic curves over finite fields,
More informationTwo Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map
Two Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map Jung Hee Cheon, Sungmo Park, Sangwoo Park, and Daeho Kim Electronics and Telecommunications Research Institute, 161 Kajong-Dong,Yusong-Gu,
More informationLocal root numbers of elliptic curves over dyadic fields
Local root numbers of elliptic curves over dyadic fields Naoki Imai Abstract We consider an elliptic curve over a dyadic field with additive, potentially good reduction. We study the finite Galois extension
More informationThe Number of Rational Points on Elliptic Curves and Circles over Finite Fields
Vol:, No:7, 008 The Number of Rational Points on Elliptic Curves and Circles over Finite Fields Betül Gezer, Ahmet Tekcan, and Osman Bizim International Science Index, Mathematical and Computational Sciences
More informationNOTES ON FINITE FIELDS
NOTES ON FINITE FIELDS AARON LANDESMAN CONTENTS 1. Introduction to finite fields 2 2. Definition and constructions of fields 3 2.1. The definition of a field 3 2.2. Constructing field extensions by adjoining
More informationElliptic Curves and the abc Conjecture
Elliptic Curves and the abc Conjecture Anton Hilado University of Vermont October 16, 2018 Anton Hilado (UVM) Elliptic Curves and the abc Conjecture October 16, 2018 1 / 37 Overview 1 The abc conjecture
More informationA course in. Elliptic Curves. Taught by T.A. Fisher. Lent 2013
A course in Elliptic Curves Taught by T.A. Fisher Lent 2013 Last updated: July 10, 2013 1 Disclaimer These are my notes from Prof. Fisher s Part III course on elliptic curves, given at Cambridge University
More informationElliptic Curves. Akhil Mathew (Department of Mathematics Drew UniversityElliptic MathCurves 155, Professor Alan Candiotti) 10 Dec.
Elliptic Curves Akhil Mathew Department of Mathematics Drew University Math 155, Professor Alan Candiotti 10 Dec. 2008 Akhil Mathew (Department of Mathematics Drew UniversityElliptic MathCurves 155, Professor
More informationIdentifying supersingular elliptic curves
Identifying supersingular elliptic curves Andrew V. Sutherland Massachusetts Institute of Technology January 6, 2012 http://arxiv.org/abs/1107.1140 Andrew V. Sutherland (MIT) Identifying supersingular
More informationHow many units can a commutative ring have?
How many units can a commutative ring have? Sunil K. Chebolu and Keir Locridge Abstract. László Fuchs posed the following problem in 960, which remains open: classify the abelian groups occurring as the
More informationLECTURE 2 FRANZ LEMMERMEYER
LECTURE 2 FRANZ LEMMERMEYER Last time we have seen that the proof of Fermat s Last Theorem for the exponent 4 provides us with two elliptic curves (y 2 = x 3 + x and y 2 = x 3 4x) in the guise of the quartic
More informationA note on López-Dahab coordinates
A note on López-Dahab coordinates Tanja Lange Faculty of Mathematics, Matematiktorvet - Building 303, Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark tanja@hyperelliptic.org Abstract López-Dahab
More informationarxiv: v1 [math.nt] 31 Dec 2011
arxiv:1201.0266v1 [math.nt] 31 Dec 2011 Elliptic curves with large torsion and positive rank over number fields of small degree and ECM factorization Andrej Dujella and Filip Najman Abstract In this paper,
More informationAlgorithm for Concordant Forms
Algorithm for Concordant Forms Hagen Knaf, Erich Selder, Karlheinz Spindler 1 Introduction It is well known that the determination of the Mordell-Weil group of an elliptic curve is a difficult problem.
More informationOn Partial Lifting and the Elliptic Curve Discrete Logarithm Problem
On Partial Lifting and the Elliptic Curve Discrete Logarithm Problem Qi Cheng 1 and Ming-Deh Huang 2 1 School of Computer Science The University of Oklahoma Norman, OK 73019, USA. Email: qcheng@cs.ou.edu.
More informationMathematics for Cryptography
Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1
More informationCORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS
CORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS DEPARTMENT OF MATHEMATICS AND STATISTICS UNIVERSITY OF OTTAWA SUPERVISOR: PROFESSOR MONICA NEVINS STUDENT: DANG NGUYEN
More informationQ N id β. 2. Let I and J be ideals in a commutative ring A. Give a simple description of
Additional Problems 1. Let A be a commutative ring and let 0 M α N β P 0 be a short exact sequence of A-modules. Let Q be an A-module. i) Show that the naturally induced sequence is exact, but that 0 Hom(P,
More informationNotes on p-divisible Groups
Notes on p-divisible Groups March 24, 2006 This is a note for the talk in STAGE in MIT. The content is basically following the paper [T]. 1 Preliminaries and Notations Notation 1.1. Let R be a complete
More informationAn introduction to the algorithmic of p-adic numbers
An introduction to the algorithmic of p-adic numbers David Lubicz 1 1 Universté de Rennes 1, Campus de Beaulieu, 35042 Rennes Cedex, France Outline Introduction 1 Introduction 2 3 4 5 6 7 8 When do we
More informationAN INTRODUCTION TO ELLIPTIC CURVES
AN INTRODUCTION TO ELLIPTIC CURVES MACIEJ ULAS.. First definitions and properties.. Generalities on elliptic curves Definition.. An elliptic curve is a pair (E, O), where E is curve of genus and O E. We
More information1. Vélu s formulae GENERALIZATION OF VÉLU S FORMULAE FOR ISOGENIES BETWEEN ELLIPTIC CURVES. Josep M. Miret, Ramiro Moreno and Anna Rio
Publ. Mat. 2007, 147 163 Proceedings of the Primeras Jornadas de Teoría de Números. GENERALIZATION OF VÉLU S FORMULAE FOR ISOGENIES BETWEEN ELLIPTIC CURVES Josep M. Miret, Ramiro Moreno and Anna Rio Abstract
More informationCONGRUENT NUMBERS AND ELLIPTIC CURVES
CONGRUENT NUMBERS AND ELLIPTIC CURVES JIM BROWN Abstract. In this short paper we consider congruent numbers and how they give rise to elliptic curves. We will begin with very basic notions before moving
More informationProjects on elliptic curves and modular forms
Projects on elliptic curves and modular forms Math 480, Spring 2010 In the following are 11 projects for this course. Some of the projects are rather ambitious and may very well be the topic of a master
More informationMathematical Research Letters 2, (1995) MODULARITY OF A FAMILY OF ELLIPTIC CURVES. Fred Diamond and Kenneth Kramer
Mathematical Research Letters 2, 299 304 (1995) MODULARITY OF A FAMILY OF ELLIPTIC CURVES Fred Diamond and Kenneth Kramer We shall explain how the following is a corollary of results of Wiles [W]: Theorem.
More informationHyperelliptic Jacobians in differential Galois theory (preliminary report)
Hyperelliptic Jacobians in differential Galois theory (preliminary report) Jerald J. Kovacic Department of Mathematics The City College of The City University of New York New York, NY 10031 jkovacic@member.ams.org
More informationConstructing Families of Pairing-Friendly Elliptic Curves
Constructing Families of Pairing-Friendly Elliptic Curves David Freeman Information Theory Research HP Laboratories Palo Alto HPL-2005-155 August 24, 2005* cryptography, pairings, elliptic curves, embedding
More informationCourse 311: Michaelmas Term 2005 Part III: Topics in Commutative Algebra
Course 311: Michaelmas Term 2005 Part III: Topics in Commutative Algebra D. R. Wilkins Contents 3 Topics in Commutative Algebra 2 3.1 Rings and Fields......................... 2 3.2 Ideals...............................
More informationELLIPTIC CURVES BJORN POONEN
ELLIPTIC CURVES BJORN POONEN 1. Introduction The theme of this lecture is to show how geometry can be used to understand the rational number solutions to a polynomial equation. We will illustrate this
More informationOn some congruence properties of elliptic curves
arxiv:0803.2809v5 [math.nt] 19 Jun 2009 On some congruence properties of elliptic curves Derong Qiu (School of Mathematical Sciences, Institute of Mathematics and Interdisciplinary Science, Capital Normal
More informationWeil pairing. Algant: Regensburg and Leiden Elliptic curves and Weil conjectures seminar, Regensburg. Wednesday 22 nd June, 2016.
Weil pairing Jana Sotáková Algant: Regensburg and Leiden Elliptic curves and Weil conjectures seminar, Regensburg Wednesday 22 nd June, 2016 Abstract In this talk we are mainly invested in constructing
More informationExplicit Complex Multiplication
Explicit Complex Multiplication Benjamin Smith INRIA Saclay Île-de-France & Laboratoire d Informatique de l École polytechnique (LIX) Eindhoven, September 2008 Smith (INRIA & LIX) Explicit CM Eindhoven,
More informationLEGENDRE S THEOREM, LEGRANGE S DESCENT
LEGENDRE S THEOREM, LEGRANGE S DESCENT SUPPLEMENT FOR MATH 370: NUMBER THEORY Abstract. Legendre gave simple necessary and sufficient conditions for the solvablility of the diophantine equation ax 2 +
More information