Quartic point group operation: Difference between revisions

From Elliptic Curve Crypto
← Older editNewer edit →
VisualWikitext
m preposition
Line 1: Line 1:
[[Image:Quart.svg|frame|right|A “twisted infinity-bun” curve of degree four, which may or may not have many rational points or be suitable for cryptographic use.]]
[[Image:Quart.svg|frame|right|A “twisted infinity-bun” curve of degree four, which may or may not have many rational points or be suitable for cryptographic use.]]
The [[point group operation]] on quartic (or hyperelliptic <ref>https://hyperelliptic.org/</ref>) curves (of degree four) is defined geometrically as follows. Let
The [[point group operation]] over quartic (or hyperelliptic <ref>https://hyperelliptic.org/</ref>) curves (of degree four) is defined geometrically as follows. Let
:<math>y^2 = px^4+qx^3+rx^2+sx+t</math>
:<math>y^2 = px^4+qx^3+rx^2+sx+t</math>
be a quartic curve on the ''x''-''y'' plane of real numbers, the polynomial in ''x'' on the right having either the coefficient ''p''>0 or at least two real roots counting multiplicity.
be a quartic curve on the ''x''-''y'' plane of real numbers, the polynomial in ''x'' on the right having either the coefficient ''p''>0 or at least two real roots counting multiplicity.
Line 6: Line 6:
== A quartic square dance ==
== A quartic square dance ==


Every operation on a quartic curve will be defined geometrically by a “square dance” of the four points of intersection of the quartic curve and a parabola <ref>Borrowed perhaps from [[:Category:conic section cryptography]] but that is another matter.</ref> whose axis is parallel to the ''y''-axis, and otherwise to be determined.
Every operation over a quartic curve will be defined geometrically by a “square dance” of the four points of intersection of the quartic curve and a parabola <ref>Borrowed perhaps from [[:Category:conic section cryptography]] but that is another matter.</ref> whose axis is parallel to the ''y''-axis, and otherwise to be determined.


Namely if ''P, Q, R,'' and ''S'' are four points of the quartic curve, through which a parabola with an axis parallel to the ''y''-axis passes, then we will say that
Namely if ''P, Q, R,'' and ''S'' are four points of the quartic curve, through which a parabola with an axis parallel to the ''y''-axis passes, then we will say that

Revision as of 06:12, 8 January 2025

A “twisted infinity-bun” curve of degree four, which may or may not have many rational points or be suitable for cryptographic use.

The point group operation over quartic (or hyperelliptic [1]) curves (of degree four) is defined geometrically as follows. Let

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle y^2 = px^4+qx^3+rx^2+sx+t}

be a quartic curve on the x-y plane of real numbers, the polynomial in x on the right having either the coefficient p>0 or at least two real roots counting multiplicity.

A quartic square dance

Every operation over a quartic curve will be defined geometrically by a “square dance” of the four points of intersection of the quartic curve and a parabola [2] whose axis is parallel to the y-axis, and otherwise to be determined.

Namely if P, Q, R, and S are four points of the quartic curve, through which a parabola with an axis parallel to the y-axis passes, then we will say that

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P+Q+R+S=O}

where O is the additional “point at infinity” which serves as the additive group identity.

Additive inverses

If P is a point on the elliptic curve, then its inverse is found by solving for Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Q=-P} in this “square dance” equation

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P+P+Q+Q=O}

where the parabola is required to be tangent [3] to the curve both at the point P and at the unknown point Q. Simple algebra and calculus should yield a unique solution.

Point trebling

To treble a point P, solve the “square dance” equation

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P+P+P+Q=O}

and then take the inverse of Q to find Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle 3P=-Q} . Here the parabola is required to osculate [4] the quartic curve at the point P which appears with a multiplicity of three in the equation, and intersect simply at the point Q.

Point trisection

Trisecting a point is exactly the same as trebling, except that it is at the unknown point Q where the parabola and the quartic curve are required to osculate, and a simple intersection is permitted at the point P.

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P+Q+Q+Q=O} .

Now take the inverse of Q to find Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \frac P3=-Q} .

Point averaging

The average or “mean” of two points P and Q may be found by solving the square dance equation

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P + Q + R + R = O}

Here let the parabola pass through the points P and Q and be tangent to the quartic curve at R. Take the inverse to find the mean: Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \frac{P+Q}2=-R} .

Point doubling

Point doubling is performed by trebling and then averaging

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle 2P = \frac{P + 3P}2} .

Point group addition

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P+Q=\dfrac{\left(\dfrac{P+Q}2\right)+3\left(\dfrac{P+Q}2\right)}2}

The most essential and basic operation of “adding” two points, which should serve as the point group operation for cryptographic purposes, is now derived at the end of a long, roundabout square dance routine by calculating the mean of two points, and then doubling by means of trebling and averaging.

The algebra and calculus equations should be simplified, and made as efficient as possible. The operation has been suitably defined, and nothing has been introduced here that should violate the axioms of an Abelian group.

Fitting the curves

We fit a generic parabola

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle y=ax^2+bx+c}

to the quartic curve as indicated above. It is easiest to calculate the x-coordinates if we simply square the parabola, place it over the equation for the quartic curve, and subtract.

Now

and the same equation can be written

.

The known roots can now be factored out, divided into the previous polynomial using long division, and the remainder set equal to zero and solved.

Next steps

Once you have mastered the quartic point group operation, the proof of Mordell’s theorem by infinite descent, methods of bounding heights of rational numbers, and the theory of numerical and floating point approximations for curve fitting, you may move on to the quintic point group operation.

Appendix: R code for example curve plot

#! /usr/bin/R -f

H <- function(x){
    sqrt((5/17)*(11-2*x^2/3)*(x+2/7)^2)
}

xvals <- seq(0,sqrt(16.5),0.0001)

plot(x=c(xvals,rev(xvals),-xvals,-rev(xvals)),
    y=c(H(xvals),-H(rev(xvals)),-H(-xvals),H(-rev(xvals))),
    type="l", lwd=3, col="brown",
    xlab="x", ylab="y", asp="1",
    main=expression(17*y^2 == 5*(11-2*x^2/3)*(x+2/7)^2)
)
abline(0,0)
  1. https://hyperelliptic.org/
  2. Borrowed perhaps from Category:conic section cryptography but that is another matter.
  3. Latin for “touching.”
  4. Latin for “kiss.” The y-coördinate and the first and second derivatives must be equal for the two curves which are said to osculate at that x-coördinate.
Retrieved from "https://www.ellipticcurve.info/index.php?title=Quartic_point_group_operation&oldid=237"