Point group operation: Difference between revisions

From Elliptic Curve Crypto
unlearned and obstinate
Line 21: Line 21:
== Algebraic derivation ==
== Algebraic derivation ==

Given two points that lie on a given elliptic curve,
Let <math>y=mx+c</math> be the '''resolvent equation''' of the line passing through two given points ''P'' and ''Q'' of an elliptic curve <math>y^2=x^3+ax+b</math>. Square the resolvent on both sides, place it over the elliptic curve equation, and subtract.

:<math>P_1 = (x_1,y_1),\qquad P_2 = (x_2,y_2),</math>
y^2=&x^3&&{}+ax&+{}b \\ \hline

the objective is to find the "third point" and calculate the "group sum" of the first two points:

:<math>P_3=(x,y),\qquad P_1\oplus P_2=(x,-y).</math>
[[long division|Divide]] the factors for the two given points ''P'' and ''Q'' together with the leading coefficient

Once we have defined a suitably consistent algebraic definition for the so-called **point group operation** on an elliptic curve, we are freed from geometric considerations and able to consider the same operation on the elliptic curve over other algebraic fields, such as [[finite field]]s that have no geometric analogue.

into the resultant equation, to find the ''x''-coördinate of the third point ''R'' on the elliptic curve through which the same line passes.

\dfrac{y_2-y_1}{x_2-x_1}& \ldots\quad x_2\ne x_1; \\
&&&x&{}-{m^2-x_P\choose -x_Q}\\ \hline
\dfrac{3x_1^2}{2\surd(x_1^3-x_1)} &\ldots\quad x_2 = x_1,\,y_2 = y_1,\,y_2 \ge 0; \\
-x^2+(x_P+x_Q)x-x_Px_Q & -x^3&{}+m^2x^2&{}+(2mc+a)x&{}+c^2+b \\
\dfrac{-3x_1^2}{2\surd(x_1^3-x_1)} &\ldots\quad x_2 = x_1,\,y_2 = y_1,\,y_2 < 0; \\
&-x^3&{}+(x_P+x_Q)x^2&{}-x_Px_Qx\\ \hline
\infty &\ldots\quad x_2 = x_1,\,y_2 = -y_1
&&{m^2-x_P\choose -x_Q}x^2 &{}+{2mc+a\choose -x_Px_Qx}x&{}+c^2+b\\
&&{m^2-x_P\choose -x_Q}x^2&{}-{m^2(x_P+x_Q)\choose -(x_P+x_Q)^2}x&{}+x_Px_Q{m^2-x_P\choose -x_Q} \\ \hline

be the slope of the line, either through <math>(x_1,y_1)</math> and <math>(x_2,y_2)</math> or tangent to the curve at <math>(x_1,y_1)</math> if <math>x_2=x_1</math> and <math>y_2=y_1</math>.
The remainder may be set equal to zero term by term, (as we know it is having obtained three linear factors of a cubic equation) and then (with the variable ''x'' eliminated) a system of two quadratic equations is left to sort out and solve for ''m'' and ''c'', the coefficients of the resolvent equation for the line passing through ''P'' and ''Q''.
Substitute the equation for the line into that for the elliptic curve to find the "third point:"
y - y_1 &= m(x-x_1) \\
y &= mx + y_1 - mx_1 \\
y^2 &= m^2x^2 + 2m(y_1-mx_1)x + (y_1^2 - 2mx_1y_1 + m^2x_1^2)\\
y^2 &= x^3 + ax + b \\
{} &\phantom{=} x^3 - m^2x^2 + [a+2m(mx_1-y_1)]x + (b - y_1^2 + 2mx_1y_1 - m^2x_1^2) =0.
Factor out the first two points from this <math>(x-x_1)(x-x_2)=x^2-(x_1+x_2)x+x_1x_2</math>.

Revision as of 09:13, 10 January 2025

Caveat emptor: This article is incomplete, and more critical than others at this site. See any of various theses on the topic [1][2]. This is proof that the unlearned and obstinate men, who have so far purported to implement “elliptic curve cryptography” and put their patented cryptographic schemes to widespread use under that name, had already been served with adequate instructions and examples, when they insisted on calling the law and getting all the details wrong in their official implementations and protocols.

Euclidean plane geometry

A point group operation on an elliptic curve is derived by geometric considerations on the curve in Weierstraß normal form over the real numbers.

Because it is defined by an algebraic equation in the third degree, a straight line can intersect such a curve at at most three points in the Euclidean plane.

The basic point group operation consists in finding the reflection across the x-axis of the third point of intersection of the curve with a line through two given points on the curve.

Some or all of the points on the elliptic curve, together with the point group operation , make out an Abelian group.

An additional point at infinity is adjoined to the plane, and considered to lie on the curve, although it is not given coördinates in the real numbers. This point is the group identity. The group inverse consists in taking the reflection of a point across the x-axis.

The operation of a point with itself, called point-doubling, is defined similarly, but by considering the line tangent to the curve at that point rather than through two distinct points.

Algebraic derivation

Let be the resolvent equation of the line passing through two given points P and Q of an elliptic curve . Square the resolvent on both sides, place it over the elliptic curve equation, and subtract.

Divide the factors for the two given points P and Q together with the leading coefficient

into the resultant equation, to find the x-coördinate of the third point R on the elliptic curve through which the same line passes.

The remainder may be set equal to zero term by term, (as we know it is having obtained three linear factors of a cubic equation) and then (with the variable x eliminated) a system of two quadratic equations is left to sort out and solve for m and c, the coefficients of the resolvent equation for the line passing through P and Q.

  1. Noraldeen Alyounes. Elliptiska kurvor och kryptografi. Examensarbete i matematik, Uppsala Universitet, Februari 2020. https://uu.diva-portal.org/smash/get/diva2:1395121/FULLTEXT01.pdf
  2. Gunendra Bikram Bidari. An algorithmic approach to elliptic curve cryptography. Thesis, ME in Computer Engineering, Kathmandu University, 2014. Lambert Academic Publishing, 2015.