Formulary for elliptic divisibility sequences and elliptic nets. Let E be the elliptic curve defined over the rationals with Weierstrass equation

Similar documents
The Tate Pairing via Elliptic Nets

Elliptic Nets With Applications to Cryptography

Elliptic Nets and Points on Elliptic Curves

The Tate Pairing via Elliptic Nets

Elliptic Nets How To Catch an Elliptic Curve Katherine Stange USC Women in Math Seminar November 7,

A Note on Scalar Multiplication Using Division Polynomials

ELLIPTIC CURVES OVER FINITE FIELDS

Katherine Stange. Pairing, Tokyo, Japan, 2007

An introduction to the algorithmic of p-adic numbers

Katherine Stange. ECC 2007, Dublin, Ireland

A tour through Elliptic Divisibility Sequences

p-adic Properites of Elliptic Divisibility Sequences Joseph H. Silverman

arxiv:math/ v1 [math.nt] 25 Feb 2004

The Kummer Pairing. Alexander J. Barrios Purdue University. 12 September 2013

Pollard s Rho Algorithm for Elliptic Curves

AN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES

A FAMILY OF INTEGER SOMOS SEQUENCES

Dynamics and Canonical Heights on K3 Surfaces with Noncommuting Involutions Joseph H. Silverman

ELLIOT WELLS. n d n h(φ n (P));

Computing a Lower Bound for the Canonical Height on Elliptic Curves over Q

A note on López-Dahab coordinates

A Remark on Implementing the Weil Pairing

CONSTRUCTION OF HIGH-RANK ELLIPTIC CURVES WITH A NONTRIVIAL TORSION POINT

Background of Pairings

CONSTRUCTING SUPERSINGULAR ELLIPTIC CURVES. Reinier Bröker

Differential Addition in generalized Edwards Coordinates

Elliptic curves and modularity

ON COHERENCE OF GRAPH PRODUCTS AND COXETER GROUPS

Aspects of Pairing Inversion

The rank of certain subfamilies of the elliptic curve Y 2 = X 3 X + T 2

TAMAGAWA NUMBERS OF ELLIPTIC CURVES WITH C 13 TORSION OVER QUADRATIC FIELDS

DION 2005 TIFR December 17, The role of complex conjugation in transcendental number theory

Introduction to Elliptic Curves

Hyperelliptic Curve Cryptography

Primitive Sets of a Lattice and a Generalization of Euclidean Algorithm

arxiv:math/ v1 [math.nt] 21 Nov 2003

AN INTRODUCTION TO MODULI SPACES OF CURVES CONTENTS

FORMAL GROUPS OF CERTAIN Q-CURVES OVER QUADRATIC FIELDS

Representing Scott Sets in Algebraic Settings

MANIN-MUMFORD AND LATTÉS MAPS

HERON TRIANGLES VIA ELLIPTIC CURVES

ERIC LARSON AND LARRY ROLEN

Weak discrete logarithms in non-abelian groups

INDEFINITE QUADRATIC FORMS AND PELL EQUATIONS INVOLVING QUADRATIC IDEALS

Some new families of positive-rank elliptic curves arising from Pythagorean triples

arxiv: v1 [math.gr] 8 Nov 2008

Algebraic Number Theory Notes: Local Fields

AVERAGE RECIPROCALS OF THE ORDER OF a MODULO n

On the Distribution of the Subset Sum Pseudorandom Number Generator on Elliptic Curves

No.6 Selection of Secure HC of g = divisors D 1, D 2 defined on J(C; F q n) over F q n, to determine the integer m such that D 2 = md 1 (if such

ON THE NÉRON-SEVERI GROUP OF SURFACES WITH MANY LINES

Invariant Polynomials and Minimal Zero Sequences

Twists of elliptic curves of rank at least four

Hans Wenzl. 4f(x), 4x 3 + 4ax bx + 4c

ON A FAMILY OF ELLIPTIC CURVES

The Number of Rational Points on Elliptic Curves and Circles over Finite Fields

Homework 4 Solutions

arxiv: v1 [math.lo] 14 Jan 2008

Some Efficient Algorithms for the Final Exponentiation of η T Pairing

On some congruence properties of elliptic curves

The canonical height of an algebraic point on an elliptic curve

Fast arithmetic and pairing evaluation on genus 2 curves

THERE ARE NO ELLIPTIC CURVES DEFINED OVER Q WITH POINTS OF ORDER 11

ALBIME TRIANGLES OVER QUADRATIC FIELDS. 1. Introduction. The motivation for the present note is the following.

The diagonal property for abelian varieties

GENERATORS OF JACOBIANS OF GENUS TWO CURVES

Errata List for Rational Points on Elliptic Curves by Joseph H. Silverman and John Tate Version 1.3a July 5, 1994; revised by JEC, 1998

CONGRUENT NUMBERS AND ELLIPTIC CURVES

ON TORSION POINTS ON AN ELLIPTIC CURVES VIA DIVISION POLYNOMIALS

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM

Hyperelliptic Jacobians in differential Galois theory (preliminary report)

Representing Scott Sets in Algebraic Settings

arxiv: v1 [math.nt] 15 Mar 2012

THE NUMBER OF TWISTS WITH LARGE TORSION OF AN ELLITPIC CURVE

The upper triangular algebra loop of degree 4

VARIETIES WITHOUT EXTRA AUTOMORPHISMS II: HYPERELLIPTIC CURVES

Scalar multiplication in compressed coordinates in the trace-zero subgroup

1 Brownian Local Time

Curves, Cryptography, and Primes of the Form x 2 + y 2 D

Introduction to Arithmetic Geometry Fall 2013 Lecture #23 11/26/2013

INTRODUCTION TO GALOIS THEORY. 1. Introduction and History. one of the most interesting and dramatic tales in the history of mathematics.

Two Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map

On transitive polynomials modulo integers

ElGamal type signature schemes for n-dimensional vector spaces

:= {(x,y) K 2 y 2 = x 3 +ax+b} {O}

Abstracts of papers. Amod Agashe

Elliptic Curves Spring 2017 Lecture #5 02/22/2017

THE DUAL FORM OF THE APPROXIMATION PROPERTY FOR A BANACH SPACE AND A SUBSPACE. In memory of A. Pe lczyński

THE p-adic VALUATION OF LUCAS SEQUENCES

inv lve a journal of mathematics 2008 Vol. 1, No. 2 Invariant polynomials and minimal zero sequences mathematical sciences publishers

Fast hashing to G2 on pairing friendly curves

ALGORITHMIC INVARIANTS FOR ALEXANDER MODULES

arxiv: v1 [math.rt] 11 Sep 2009

Construction of pseudorandom binary lattices using elliptic curves

ANNIHILATING POLYNOMIALS, TRACE FORMS AND THE GALOIS NUMBER. Seán McGarraghy

Speeding up the Scalar Multiplication on Binary Huff Curves Using the Frobenius Map

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

An Introduction to Supersingular Elliptic Curves and Supersingular Primes

Simplifying Coefficients in a Family of Ordinary Differential Equations Related to the Generating Function of the Laguerre Polynomials

. Here the flats of H(2d 1, q 2 ) consist of all nonzero totally isotropic

Transcription:

Formulary for elliptic divisibility sequences and elliptic nets KATHERINE E STANGE Abstract Just the formulas No warranty is expressed or implied May cause side effects Not to be taken internally Remove label before using Not to be used as a flotation device May contain nuts Please report any errors you may find Let E be the elliptic curve defined over the rationals with eierstrass equation As usual, let y + a 1 xy + a 3 y = x 3 + a x + a 4 x + a 6 b = a 1 + 4a, b 4 = a 4 + a 1 a 3, b 6 = a 3 + 4a 6, b 8 = a 1a 6 + 4a a 6 a 1 a 3 a 4 + a a 3 a 4 1 Recurrence relation These formulas hold for elliptic divisibility sequences and elliptic nets, according to whether the indices are considered in Z or a larger free abelian group See [5] 11 Definition Definition 11 in [5] 1) p + q + s) p q) r + s) r) + q + r + s) q r) p + s) p) + r + p + s) r p) q + s) q) = 0 1 Stephens form Due to Nelson Stephens Obtained from 1) by s a, r b a, p c a, q d a a + b) a b) c + d) c d) + a + c) a c) d + b) d b) 13 Brown form Due to Dan Brown; equation 3) in [1] + a + d) a d) b + c) b c) = 0 p) q) r) s) ) ) ) ) p + q + r + s p q + r + s p + q r + s p + q + r s ) ) ) ) p + q + r + s p + q r s p q + r s p q r + s = 0 Date: May, 01, Draft #1 1

14 ard s elliptic divisibility sequences recurrence relation Not sufficient for generating a net of higher rank Equation 411) in [9] Obtained from 1) by p n, q m, s 0, r 1 n + m) n m) 1) = n + 1) n 1) m) m + 1) m 1) n) 15 Miscellaneous special cases n) ) 1) = n) n + ) n 1) n ) n + 1) ), n + 1) 1) 3 = n + ) n) 3 n 1) n + 1) 3, nm) ) 1) = nm nm) n) 1) = ) nm + ) nm 1) nm ) nm ) ) ) nm+1) 1 nm 1) nm+1) + 1 nm 1) + 1 ) 16 Special cases for rank two nets Theorem 5 in [5] nm 1) 1 ) 1, 1) 1, 1) 3 = 0, 1) 3, 1) 1, 0) 3 1, ) nm+1) + 1) ), The following formulas assume some terms near the origin are equal to one: 1, 0) = 0, 1) = 1, 1) = 1 Equations 1)-17) in [6] i 1, 0) = i + 1, 0) i 1, 0) 3 i, 0) i, 0) 3, i, 0), 0) = i, 0) i +, 0) i 1, 0) i, 0) i, 0) i + 1, 0), k 1, 1) 1, 1) = k + 1, 1) k 1, 1) k 1, 0) k, 0) k, 0) k, 1), k, 1) = k 1, 1) k + 1, 1) k, 0) k 1, 0) k + 1, 0) k, 1), k + 1, 1) 1, 1) = k 1, 1) k + 1, 1) k + 1, 0) k, 0) k +, 0) k, 1), k +, 1), 1) = k + 1, 0) k + 3, 0) k, 1) k 1, 1) k + 1, 1) k +, 0), Complex Function Formulas 1 eierstrass σ-function definition of net polynomials See Definition 31 in [5] For n = 1 sequences), see Theorem 11 in [9] 1) n = 1: ) n = : 3) general n: Ω u,v z, w; Λ) = Ω v z; Λ) = Ω v z; Λ) = σvz; Λ) σz; Λ) v σuz + vw; Λ) σz; Λ) u uv σz + w; Λ) uv σw; Λ) v uv σv 1 z 1 + + v n z n ; Λ) n σz i ; Λ) v i n j=1 v iv j σz i + z j ; Λ) v iv j i=1 1 i,j n i j )

Complex function identities See Lemmas 35 and 36 in [5] For the first equation, see also [] or any book on elliptic functions σz + w)σz w) z) w) =, σz) σw) v z) w z) = Ω v+wz)ω v w z) Ω v z) Ω w z), ζx + a) ζa) ζx + b) + ζb) = ζx + a + b) ζx + a) ζx + b) + ζx) = 3 Division and Net polynomials σx + a + b)σx)σa b) σx + a)σx + b)σa)σb), σx + a + b)σa)σb) σx + a + b)σx + a)σx + b)σx) 31 Division polynomials See [], [3, p80], [4, Exercise 37] or many other resources Ψ 1 = 1, Ψ = y + a 1 x + a 3, Ψ 3 = 3x 4 + b x 3 + 3b 4 x + 3b 6 x + b 8, Ψ 4 = y + a 1 x + a 3 )x 6 + b x 5 + 5b 4 x 4 + 10b 6 x 3 + 10b 8 x + b b 8 b 4 b 6 )x + b 4 b 8 b 6); 3 Net polynomials See Proposition 38 in [5] 1) for n = : ) for n = 3: Ψ 1, 1) = x x 1, ) ) y y 1 y y 1 Ψ,1) = x 1 + x a 1 + a, x x 1 x x 1 Ψ, 1) = y 1 + y ) x 1 + x )x 1 x ) ; Ψ 1,1,1) = y 1x x 3 ) + y x 3 x 1 ) + y 3 x 1 x ), x 1 x )x 1 x 3 )x x 3 ) Ψ 1,1,1) = y 1x x 3 ) y x 3 x 1 ) y 3 x 1 x ) + a 1 x 1 + a 3, x x 3 ) Ψ 1, 1,1) = y 1x x 3 ) + y x 3 x 1 ) y 3 x 1 x ) + a 1 x + a 3, x 3 x 1 ) Ψ 1,1, 1) = y 1x x 3 ) y x 3 x 1 ) + y 3 x 1 x ) + a 1 x 3 + a 3 x 1 x ) 4 Formulas relating curves and nets 41 Points in terms of division polynomials See any of the resources in Section 31 Define φ m = xp )Ψ m Ψ m+1 Ψ m 1, 4yω m = Ψ m+ Ψ m 1 Ψ m Ψ m+1 3

Then [m]p = φm P ) Ψ m P ), ω ) mp ), Ψ m P ) 3 x[m]p ) x[n]p ) = Ψ m+np )Ψ m n P ) Ψ mp )Ψ np ) 4 Curves from sequences and nets, rank 1 For the case n = 1, the simplest formulas are given in Theorem 453 in [8] C : y + a 1 xy + a 3 y = x 3 + a x + a 4 x + a 6, P = 0, 0), a 1 = 4) + )5 ) 3) ) 3) a = ) 3) + 4) + ) 5 ) 3) ) 3 3) a 3 = ), a 4 = 1, a 6 = 0 Morgan ard had more complicated formulas for the usual g and g 4 giving an elliptic curve equations 136) and 137) of [9]): g = g 3 = u) = 1 1 8 4 3 0 + 4 15 4 16 1 3 3 + 6 10 4 8 7 3 3 4 + 4 5 3 4 + 16 4 3 6 + 8 3 3 4 + 4 4 ) 1 30 16 1 3 6 + 6 5 4 4 3 3 + 15 0 4 60 17 3 3 4 + 0 15 4 3 + 10 14 3 6 36 1 3 3 4 + 15 10 4 4 48 9 3 6 4 + 1 7 3 3 4 3 + 64 6 3 9 + 6 5 4 5 + 48 4 3 6 4 + 1 3 3 4 4 + 4 6 ) 1 1 4 3 u) = 4 + 5 4 + 4 3 3 + 10 ) For n =, see Proposition 64 and Remark 66 in [5] 1) in rank n = : C : y + a 1 xy + a 3 y = x 3 + a x + a 4 x + a 6, P 1 = 0, 0), P =, 1) 1, ), 0), a 1 =, 0) 0, ), 1) 1, ), a =, 1) 1, ), a 3 =, 0) a 4 =, 1) 1, )), 1), a 6 = 0 4

) alternative in rank n = and characteristic : C : y + a 1 xy + a 3 y = x 3 + a x + a 4 x + a 6, P 1 = v, 0), P = v, 0),, a 1 = v =, 1) 1, ),, 0) 0, ), 1) 1, ), a =, 1) + 1, ), a 3 =, 0) + 0, ) 4a 4 =, 1) 1, )), 8a 6 =, 1) 1, )), 1) + 1, )) 5 Change of basis for elliptic nets See Proposition 43 in [5] Let T be any n m matrix Let P E m, v Z n n E,P T tr v)) = E,T P) v) E,P T tr e i )) v i v i j i v j) E,P T tr e i + e j )) v iv j i=1 6 Partial periodicity 1 i<j n 61 Periodicity formulas for non-degenerate elliptic nets The rank n = 1 case is Theorem 81 in [9] For rank n =, see Theorem 5 in [7] 1) rank n = 1 with E,P r) = 0: a = ) rank n = with E,P,Q r) = 0: a r = E,P sr + k) = E,P k)a sk b s E,P r + ) E,P r + 1) E,P ), b = E,P r + 1) E,P ) E,P r + ) E,P,Q lr + k) = E,P,Q k)a lk 1 E,P,Q r 1 +, r ) E,P,Q r 1 + 1, r ) E,P,Q, 0), b r = c r = E,P,Qr 1 + 1, r + 1) a r b r E,P,Q 1, 1) r b lk r c l r E,P,Q r 1, r + ) E,P,Q r 1, r + 1) E,P,Q 0, ), 6 Perfectly periodic elliptic divisibility sequence and elliptic net over F q See Theorem 6 in [7] ) 1 E,P q 1) ordp ) φp ) =, E,P q 1 + ordp )) n φv P) = E,P v) φp i ) v i v i j i v j) i=1 5 1 i<j n φp i + P j ) v iv j

7 Tate-Lichtenbaum and eil pairing formulas These are all from [6]; see Theorem 6 and Corollary 1 Special cases: mp + q + s)s) τ m P, Q) = mp + s)q + s), mp + q + s)p + s)mq + s) e m P, Q) = mp + s)q + s)p + mq + s) τ m P, P ) = P m + ) P 1) P m + 1) P ), τ m P, Q) = P,Qm + 1, 1) P,Q 1, 0) P,Q m + 1, 0) P,Q 1, 1) 8 Discrete log Type Equations Equations 9) and 11) in [7] Suppose [m]p = O and Q = [k]p ) k ) m E,P,Q m + 1, 0) E,P,Q, 0) E,P k 1) = ) E,P,Q1, m) E,P,Q, 0), E,P,Q m +, 0) E,P k) E,P,Q, m) E,P,Q 1, 1) m E,P m + 1) k+1 = ) mm+) E,P,Qm + 1, m + 1) E,P k + 1) E,P,Q 0, m + 1) E,P k) Acknowledgements Thank you to Dan Brown for corrections References [1] Daniel R L Brown Stange s elliptic nets and coxeter group f4 Cryptology eprint Archive, Report 010/161, 010 http://eprintiacrorg/ [] K Chandrasekharan Elliptic functions, volume 81 of Grundlehren der Mathematischen issenschaften [Fundamental Principles of Mathematical Sciences] Springer-Verlag, Berlin, 1985 [3] Gerhard Frey and Tanja Lange Background on curves and Jacobians In Handbook of elliptic and hyperelliptic curve cryptography, Discrete Math Appl Boca Raton), pages 45 85 Chapman & Hall/CRC, Boca Raton, FL, 006 [4] Joseph H Silverman The arithmetic of elliptic curves, volume 106 of Graduate Texts in Mathematics Springer, Dordrecht, second edition, 009 [5] Katherine Stange Elliptic nets and elliptic curves Algebra Number Theory, 5):197 9, 011 [6] Katherine E Stange The Tate pairing via elliptic nets In Pairing-Based Cryptography - PAIRING 007, volume 4575 of Lecture Notes in Comput Sci, pages 39 348 Springer, Berlin, 007 [7] Katherine E Stange The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences In Selected Areas in Cryptography 008, volume 5381 of Lecture Notes in Comput Sci, pages 309 37 Springer, Berlin, 009 [8] Christine Swart Elliptic curves and related sequences PhD thesis, Royal Holloway and Bedford New College, University of London, 003 [9] Morgan ard Memoir on elliptic divisibility sequences Amer J Math, 70:31 74, 1948 Department of Mathematics, Stanford University, 450 Serra Mall, Bldg 380, Stanford, CA 94305 E-mail address: stange@mathstanfordedu 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback