ON REMARKS OF LIFTING PROBLEMS FOR ELLIPTIC CURVES 1 ...

More documents

Recommendations

Info

4 HWAN JOON KIM, JUNG HEE CHEON, AND SANG GEUN HAHN Step 4 By reduction modulo n, we have ∑ αi x i ˜P + ∑ αi y i ˜Q = O. Therefore m ≡ − ∑ α i x i / ∑ α i y i mod ord ˜Q. Note that the 2-descent procedure has the polynomial running-time that will be proved in the next subsection. Therefore, the running-time of the above algorithm depends only on the lifting problem. Example Let p = 113 and Ẽ/F p : y 2 = x 3 + 30x + 30, ˜P = (2, 18), ˜Q = (10, 58). Then, the lifting (E, P, Q) of (Ẽ, ˜P , ˜Q) is as follows. E/Q : y 2 − 113y = x 3 − 309x − 1100, P = (2, 18), Q = (10, 58). Then, by descent method, we can get the dependence equation Finally, we have 2P + 3Q = O. log ˜P ˜Q = 17. 2.2. Descent method. In this subsection, we introduce the 2-descent method to compute the coefficients of the dependence equation for given linearly dependent points P i ’s of E(Q) and we show that it has the polynomial running-time. Suppose that P i ’s (i = 1, · · · , r) are given rational points of E(Q). Step 1 Rearrange the given linearly dependent points P i ’s according to their canonical heights in an increasing order. and find ɛ 1 , · · · , ɛ r ∈ {−1, 0, 1} which are not all zero and satisfy (1) ɛ 1 P 1 + · · · + ɛ r P r ∈ 2E(Q). Note that if P 1 , · · · , P r are linearly dependent with α 1 P 1 + · · · + α r P r = O, then (1) is satisfied for each ɛ i = (α i mod 2). Moreover, it is also easy to check whether a given rational point is contained in 2E(Q) or not [1][5]. Step 2 For 2 ≤ k ≤ r, determine the sign of ɛ k to satisfy k−1 ∑ k−1 ĥ( ɛ i P i + ɛ k P k ) ≤ ĥ( ∑ ɛ i P i − ɛ k P k ), i=1 where ĥ is the canonical height on E/Q [10]. It is not easy to compute the exact values of ĥ(P ) for the rational points P in general. However, we are enough to compare of the canonical heights, so we can easily determine the signs of ɛ i ’s [11][12]. Step 3 Compute a point R = R(P 1 , · · · , P r ) of E(Q) with i=1 2R = ɛ 1 P 1 + · · · + ɛ r P r . It is easy to compute the “halving” point R of P satisfying 2R = P for a given P of 2E(Q) because it is equivalent to finding the rational roots of the polynomial
ON REMARKS OF LIFTING PROBLEMS FOR ELLIPTIC CURVES 5 of degree 4 with rational coefficients. Moreover, if E has rational 2-torsion points, there are exact formulas to compute R [5][1]. Step 4 If R is a non-torsion point, then record R and ɛ i ’s, replace P j by R for the largest index j with ɛ j ̸= 0, and go to Step 1. If R is a torsion point, then we can construct the dependence equation for the original P 1 , · · · , P r from the records of R’s and ɛ i ’s. In order to see whether this procedure will stop, we need the following lemma. Lemma 2.2. Suppose that R and ɛ i ’s are defined as Step 3. Then 4ĥ(R) ≤ ĥ(ɛ 1P 1 ) + · · · + ĥ(ɛ rP r ). Proof. Since the canonical height satisfies the parallelogram law, we have 2ĥ(ɛ 1P 1 + · · · + ɛ r−1 P r−1 ) + 2ĥ(ɛ rP r ) = ĥ(ɛ 1P 1 + ɛ 2 P 2 + · · · + ɛ r P r ) + ĥ(ɛ 1P 1 + · · · + ɛ r−1 P r−1 − ɛ r P r ). By the choice of ɛ i ’s, ĥ(ɛ 1 P 1 + · · · + ɛ r−1 P r−1 + ɛ r P r ) ≤ ĥ(ɛ 1P 1 + · · · + ɛ r−1 P r−1 − ɛ r P r ). Therefore, we get ĥ(ɛ 1 P 1 + · · · + ɛ r−1 P r−1 + ɛ r P r ) ≤ ĥ(ɛ 1P 1 + · · · + ɛ r−1 P r−1 ) + ĥ(ɛ rP r ). Inductively, we can show that ĥ(ɛ 1 P 1 + · · · + ɛ r P r ) ≤ ĥ(ɛ 1P 1 ) + · · · + ĥ(ɛ rP r ). Since we have 4ĥ(R) = ĥ(2R) = ĥ(ɛ 1P 1 + · · · + ɛ r P r ), 4ĥ(R) ≤ ĥ(ɛ 1P 1 ) + · · · + ĥ(ɛ rP r ). Theorem 2.3. Suppose r = 3 and we have P (n) i ’s after repeating n-times the above procedure, then (n) (2) min(ĥ(P i i )) ≤ (3/4) ⌊n/3⌋ max (ĥ(P i)). i Therefore, if we let ĥE be the minimum of ĥ(P ) for all non-torsion points P , then this algorithm terminate within n(E, P 1 , · · · , P r )-times repeating where n(E, P 1 , · · · , P r ) = ⌈3 log maxi(ĥ(P i)) − log ĥE ⌉, log 4 − log 3 that is, it terminates in polynomial time of max i (ĥ(P i)). (n) (n) Proof. As we assume in the procedure, we suppose that ĥ(P i ) < ĥ(P j ) for all n if i < j. In particular, P (0) i = P i (i = 1, 2, 3). By the above lemma, we get that 4ĥ(R) ≤ ĥ(ɛ 1P 1 ) + ĥ(ɛ 2P 2 ) + ĥ(ɛ 3P 3 ) where R is given in Step 3. Then, it is easy to see that (1) If ɛ 3 ≠ 0, then ĥ(R) < 3ĥ(P 3)/4. (2) If ɛ 3 = 0 and ɛ 2 ≠ 0, then ĥ(R) < ĥ(P 2)/2. (3) IF ɛ 2 = ɛ 3 = 0 and ɛ 1 ≠ 0, then ĥ(R) < ĥ(P 1)/4. □
Page 1 and 2: ON REMARKS OF LIFTING PROBLEMS FOR
Page 3: ON REMARKS OF LIFTING PROBLEMS FOR
Page 15: ON REMARKS OF LIFTING PROBLEMS FOR

ON REMARKS OF LIFTING PROBLEMS FOR ELLIPTIC CURVES 1 ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?