Quartic point group operation

The point group operation over a quartic (or, rarely, biquadratic) curve (i.e., a hyperelliptic ^[1] curve of degree four) in y² is defined geometrically as follows. Let

${\displaystyle y^{2}=q_{4}x^{4}+q_{3}x^{3}+q_{2}x^{2}+q_{1}x+q_{0}}$

be a quartic curve on the x-y plane of real numbers, the polynomial in x on the right having either the coefficient q₄>0 or at least two real roots counting multiplicity. Quartic curves of this form include various lemniscates and ovals with a negative leading coefficient as well as open curves with a positive leading coefficient and two or three disconnected components.

Preparing the equations for solution in general form

When the degree of a solvend equation is even and at least four, its resolvent is a generic polynomial exactly half of it in degree, and the resolvent is squared so that it “rises to meet” the solvend. The resultant is the difference, when the solvend is subtracted from the resolvent equation squared.

The general objective is to find rational points (x,y) on the curve which satisfy the solvend equation. Any four points on the quartic curve, counting multiplicity, which simultaneously satify the same resolvent quadratic equation, are considered to “sum” to an “additional point at infinity” O, which serves as the identity for a certain abstract Abelian group operation which we denote here by the symbol ⨁.

In any case we would start from at least one known point (x₁,y₁), and as a first step reduce the resultant equation to a cubic by factoring out x – x₁, in order to eventually solve for the unknown coefficients of the resolvent equation and the coördinates of the unknown point in terms of known points.

${\displaystyle {\begin{array}{r|rrrr}&&(a^{2}-q_{4})x^{3}&{}+{2ab-q_{3}+ \choose a^{2}x_{1}-q_{4}x_{1}}x^{2}&{}+{b^{2}+2ac-q_{2}+2abx_{1} \choose {}-q_{3}x_{1}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x&{}+{2bc-q_{1}+b^{2}x_{1}+2acx_{1}-q_{2}x_{1} \choose +2abx_{1}^{2}-q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}\\\hline x-x_{1}&(a^{2}-q_{4})x^{4}&{}+(2ab-q_{3})x^{3}&{}+(b^{2}+2ac-q_{2})x^{2}&{}+(2bc-q_{1})x&{}+c^{2}-q_{0}\\&(a^{2}-q_{4})x^{4}&{}-(a^{2}-q_{4})x_{1}x^{3}\\\hline &&{2ab-q_{3}+ \choose a^{2}x_{1}-q_{4}x_{1}}x^{3}&{}+(b^{2}+2ac-q_{2})x^{2}\\&&{2ab-q_{3}+ \choose a^{2}x_{1}-q_{4}x_{1}}x^{3}&{}-{2abx_{1}-q_{3}x_{1} \choose {}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x^{2}\\\hline &&&{b^{2}+2ac-q_{2}+2abx_{1} \choose {}-q_{3}x_{1}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x^{2}&{}+(2bc-q_{1})x\\&&&{b^{2}+2ac-q_{2}+2abx_{1} \choose {}-q_{3}x_{1}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x^{2}&{}-{b^{2}x_{1}+2acx_{1}-q_{2}x_{1}+2abx_{1}^{2} \choose -q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}x\\\hline &&&&{2bc-q_{1}+b^{2}x_{1}+2acx_{1}-q_{2}x_{1} \choose +2abx_{1}^{2}-q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}x&{}+c^{2}-q_{0}\\&&&&{2bc-q_{1}+b^{2}x_{1}+2acx_{1}-q_{2}x_{1} \choose +2abx_{1}^{2}-q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}x&{}-{2bcx_{1}-q_{1}x_{1}+b^{2}x_{1}^{2}+2acx_{1}^{2}-q_{2}x_{1}^{2} \choose +2abx_{1}^{3}-q_{3}x_{1}^{3}+a^{2}x_{1}^{4}-q_{4}x_{1}^{4}}\\\hline R=&&&&&{c^{2}-q_{0}+2bcx_{1}-q_{1}x_{1}+b^{2}x_{1}^{2}+2acx_{1}^{2} \choose -q_{2}x_{1}^{2}+2abx_{1}^{3}-q_{3}x_{1}^{3}+a^{2}x_{1}^{4}-q_{4}x_{1}^{4}}\end{array}}}$

The remainder is equal to the value of the resultant polynomial at the point x₁.

A quartic square dance

Every operation over a quartic curve will be defined geometrically by a “square dance” of the four points of intersection of the quartic curve and a parabola ^[2] whose axis is parallel to the y-axis, and otherwise to be determined.

If P, Q, R, and S are four points of the quartic curve, through which a parabola with an axis parallel to the y-axis passes, then we will say that

${\displaystyle P\oplus Q\oplus R\oplus S=O}$

where O is the additional “point at infinity” which serves as the additive group identity.

The equation of this parabola is known as the resolvent equation of the point group operation, and a resultant equation is determined whose roots are the four points of intersection of the resolvent parabolic trajectory with the quartic curve, called the solvend as it is the main equation to be solved, in y², for rational points which satisfy the point group operation.

Equations involving four distinct points are easiest, since any points of tangency require solving the gunners’ equations to fit parabolic trajectories, and these are much more difficult, as they inevitably involve derivatives, and are actually systems of differential equations, but are still essential to performing the point group operation over a quartic curve.

More general quartic curves in the plane might be met with more general conics having parallel axes to serve as resolvents, unless they are first brought into a canonical form in y² by a conformal mapping, but be warned that the “group law” introduced by Bernstein, Edwards, Hamburg et al. for government-approved “elliptic” curve cryptography schemes Ed25519 and Ed448 promulgated ^[3] in in official government standards such as RFC 7748, is essentially of the second degree only in character, and does not satisfy the proper resolvent equations for quartic curves which are not simply conics with squared coördinates.

Additive inverses

If P is a point on the quartic curve, then its inverse is found by solving for ${\displaystyle Q=-P}$ in this “square dance” equation

${\displaystyle P\oplus P\oplus Q\oplus Q=O}$

where the resolvent parabola ${\displaystyle y=ax^{2}+bx+c}$ is required to be tangent ^[4] to the original curve both at the point P = (x₁,y₁) and at the unknown point Q = (x,y).

We begin by dividing x – x₁ into the quotient resulting from the previous division of the same binomial into the resultant polynomial.

${\displaystyle {\begin{array}{r|rrrr}&&(a^{2}-q_{4})x^{2}&{}+{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x&{}+{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}\\\hline x-x_{1}&(a^{2}-q_{4})x^{3}&{}+{2ab-q_{3}+ \choose a^{2}x_{1}-q_{4}x_{1}}x^{2}&{}+{b^{2}+2ac-q_{2}+2abx_{1} \choose {}-q_{3}x_{1}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x&{}+{2bc-q_{1}+b^{2}x_{1}+2acx_{1}-q_{2}x_{1} \choose +2abx_{1}^{2}-q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}\\&(a^{2}-q_{4})x^{3}&{}-(a^{2}x_{1}-q_{4}x_{1})x^{2}\\\hline &&{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x^{2}&{}+{b^{2}+2ac-q_{2}+2abx_{1} \choose {}-q_{3}x_{1}+a^{2}x_{1}^{2}-q_{4}x_{1}^{2}}x\\&&{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x^{2}&{}-{2abx_{1}-q_{3}x_{1} \choose +2a^{2}x_{1}^{2}-2q_{4}x_{1}^{2}}x\\\hline &&&{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}x&{}+{2bc-q_{1}+b^{2}x_{1}+2acx_{1}-q_{2}x_{1} \choose +2abx_{1}^{2}-q_{3}x_{1}^{2}+a^{2}x_{1}^{3}-q_{4}x_{1}^{3}}\\&&&{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}x&{}-{b^{2}x_{1}+2acx_{1}-q_{2}x_{1}+4abx_{1}^{2} \choose -2q_{3}x_{1}^{2}+3a^{2}x_{1}^{3}-3q_{4}x_{1}^{3}}\\\hline R=&&&&{2bc-q_{1}+2b^{2}x_{1}+4acx_{1}-2q_{2}x_{1} \choose +6abx_{1}^{2}-3q_{3}x_{1}^{2}+3a^{2}x_{1}^{3}-3q_{4}x_{1}^{3}}\end{array}}}$

This remainder, on dividing x – x₁ into the resultant polynomial for the second time, is equal to the derivative of the original resultant at the point x₁, and may be set equal to zero. We are now looking for the second point of tangency x between the quartic curve and the parabola of the resolvent quadratic equation. Hence four equations to be solved simultaneously for a, b, c and x in terms of q₄, q₃, q₂, q₁, q₀, x₁, y₁ and y₁’.

${\displaystyle {\begin{array}{rcl}ax_{1}^{2}+bx_{1}+c-y_{1}&=&0\\2ax_{1}+b-y_{1}'&=&0\\(a^{2}-q_{4})x^{2}+{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x+{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}&=&0\\2(a^{2}-q_{4})x+2ab-q_{3}+2a^{2}x_{1}-2q_{4}x_{1}&=&0\\\end{array}}}$

where

${\displaystyle {\begin{array}{rcl}y_{1}&=&\pm {\sqrt {q_{4}x_{1}^{4}+q_{3}x_{1}^{3}+q_{2}x_{1}^{2}+q_{1}x_{1}+q_{0}}}\\y_{1}'&=&{\dfrac {\pm \left(4q_{4}x_{1}^{3}+3q_{3}x_{1}^{2}+2q_{2}x_{1}+q_{1}\right)}{2{\sqrt {q_{4}x_{1}^{4}+q_{3}x_{1}^{3}+q_{2}x_{1}^{2}+q_{1}x_{1}+q_{0}}}}}\end{array}}}$

These equations result from setting both a simplified resultant and its derivative equal to zero at points of tangency both at the known point x₁ and at the unknown point x we seek. The residuals from this system of four equations are shown below, as very nearly solved numerically, from the data plotted on the chart to the right with x₁ = 2, x = –2.4, and a = 0.2 as an example on the same quartic curve as pictured above.

> a * x1^2 + b*x1 + c - y1
[1] 0
> 2*a*x1 + b - y1_
[1] 0
> (a^2 - q4)*x^2 + (2*a*b - q3 + 2*a^2*x1 - 2*q4*x1)*x +
+       b^2 + 2*a*c - q2 + 4*a*b*x1 - 2*q3*x1 + 3*a^2*x1^2 - 3*q4*x1^2
[1] 0.004125696
> 2*(a^2 - q4)*x + 2*a*b - q3 + 2*a^2*x1 - 2*q4*x1
[1] 0.0003871946

The term of a²x², in the fourth degree in the unknowns, may be eliminated, reducing the degree of the system of equations to three. Multiply the 3rd equation by 2 and the 4th equation by x, and then subtract.

${\displaystyle {\begin{array}{rcl}2(a^{2}-q_{4})x^{2}+2{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x+2{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}&=&0\\2(a^{2}-q_{4})x^{2}+2abx-q_{3}x+2a^{2}x_{1}x-2q_{4}x_{1}x&=&0\\\hline {2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x+2{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}&=&0\end{array}}}$

Replace the third equation:

${\displaystyle {\begin{array}{rcl}ax_{1}^{2}+bx_{1}+c-y_{1}&=&0\\2ax_{1}+b-y_{1}'&=&0\\{2ab-q_{3}+ \choose 2a^{2}x_{1}-2q_{4}x_{1}}x+2{b^{2}+2ac-q_{2}+4abx_{1} \choose -2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}&=&0\\2(a^{2}-q_{4})x+2ab-q_{3}+2a^{2}x_{1}-2q_{4}x_{1}&=&0\\\end{array}}}$

The first two of these equations can be solved for b and c and the resulting substitutions, ${\displaystyle b=y_{1}'-2ax_{1}}$ and ${\displaystyle c=y_{1}+ax_{1}^{2}-x_{1}y_{1}'}$ made in the third and fourth equations.

${\displaystyle {\begin{array}{rcl}{2a(y_{1}'-2ax_{1})-q_{3} \choose +2a^{2}x_{1}-2q_{4}x_{1}}x+2{(y_{1}'-2ax_{1})^{2}+2a(y_{1}+ax_{1}^{2}-x_{1}y_{1}')-q_{2}+ \choose 4a(y_{1}'-2ax_{1})x_{1}-2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}&=&0\\2(a^{2}-q_{4})x+2a(y_{1}'-2ax_{1})-q_{3}+2a^{2}x_{1}-2q_{4}x_{1}&=&0\\\end{array}}}$

Now the variable x can be eliminated, with the remaining equations combined into a single equation of degree no more than four to be solved for a.

${\displaystyle {2a(y_{1}'-2ax_{1})-q_{3} \choose {}+2a^{2}x_{1}-2q_{4}x_{1}}^{2}-4(a^{2}-q_{4}){(y_{1}'-2ax_{1})^{2}+2a(y_{1}+ax_{1}^{2}-x_{1}y_{1}')-q_{2}+ \choose 4a(y_{1}'-2ax_{1})x_{1}-2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}=0}$

Begin multiplying out the terms.

${\displaystyle {2ay_{1}'-4a^{2}x_{1}-q_{3} \choose {}+2a^{2}x_{1}-2q_{4}x_{1}}^{2}-4(a^{2}-q_{4}){y_{1}'^{2}-4ax_{1}y_{1}'+4a^{2}x_{1}^{2}+2ay_{1}+2a^{2}x_{1}^{2}-2ax_{1}y_{1}' \choose -q_{2}+4ax_{1}y_{1}'-8a^{2}x_{1}^{2}-2q_{3}x_{1}+3a^{2}x_{1}^{2}-3q_{4}x_{1}^{2}}=0}$

${\displaystyle {2ay_{1}'-2a^{2}x_{1} \choose {}-q_{3}-2q_{4}x_{1}}^{2}-4(a^{2}-q_{4}){y_{1}'^{2}+a^{2}x_{1}^{2}+2ay_{1}-2ax_{1}y_{1}' \choose -q_{2}-2q_{3}x_{1}-3q_{4}x_{1}^{2}}=0}$

${\displaystyle {\begin{aligned}-8y_{1}&a^{3}\\{}+(24q_{4}x_{1}^{2}+12q_{3}x_{1}+4q_{2}-4y_{1}^{2}+4y_{1}'^{2})&a^{2}\\{}+(8q_{4}y_{1}-16q_{4}x_{1}y_{1}'-4q_{3}y_{1}')&a\\{}+q_{3}^{2}-4q_{4}q_{3}x_{1}-8q_{4}^{2}x_{1}^{2}+4q_{4}y_{1}'^{2}-4q_{4}q_{2}&\quad =0\end{aligned}}}$

This equation is solved numerically in R, and the first solution for a found by R’s polyroot() function is verified to satisfy the resolvent quadratic equations and their derivatives, collectively known as the gunners’ equations, with very small residuals both at the given point x₁ and at the point x which is derived from a when the cubic equation is solved.

There is much unwritten history on these equations dating back to the Civil War in the United States. While the white Confederate belles were square-dancing with the gentlemen of the district, at formal balls catered by their black slaves, the Union railroad engineers and military officers were hard at work solving the gunners’ equations for the trajectories of cannonballs and artillery shells. And even at times of peace, nobody had ever heard of a square dance hall where gentlemanly duels and gunfights didn’t take place on a regular basis. Later on of course, Albert Einstein continued in the long tradition of gunners solving mathematical equations, to great and devastating effect on two particular Japanese small-town red-light disticts.

A simpler symbolic solution still needs to be worked out for rational points on quartic curves.

Point averaging

The average or “mean” of two points P and Q may be found by solving the square dance equation

${\displaystyle P\oplus Q\oplus R\oplus R=O}$

Here let the parabola pass through the points P and Q and be tangent to the quartic curve at R. Take the inverse to find the mean: ${\displaystyle {\frac {P\oplus Q}{2}}=-R}$.

Point trebling

To treble a point P, solve the “square dance” equation

${\displaystyle P\oplus P\oplus P\oplus Q=O}$

and then take the inverse of Q to find ${\displaystyle 3P=-Q}$. Here the parabola is required to osculate ^[5] the quartic curve at the point P which appears with a multiplicity of three in the equation, and intersect simply at the point Q.

Point trisection

Trisecting a point is exactly the same as trebling, except that it is at the unknown point Q where the parabola and the quartic curve are required to osculate, and a simple intersection is permitted at the point P.

${\displaystyle P\oplus Q\oplus Q\oplus Q=O}$.

Now take the inverse of Q to find ${\displaystyle {\frac {P}{3}}=-Q}$.

Point doubling

Point doubling is performed by trebling and then averaging

${\displaystyle 2P={\frac {P\oplus 3P}{2}}}$.

Some of the steps of taking additive inverses may be eliminated or simplified. This might be calculated with one less step.

${\displaystyle 2P=-\left({\frac {-P\oplus (-3P)}{2}}\right).}$

Point bisection

Point bisection or “halving” is performed by doubling a point and averaging with its additive inverse.

${\displaystyle {\frac {1}{2}}P={\frac {2P\oplus (-P)}{2}}}$

Point group addition

${\displaystyle P\oplus Q={\dfrac {\left({\dfrac {P\oplus Q}{2}}\right)\oplus 3\left({\dfrac {P\oplus Q}{2}}\right)}{2}}}$

The most essential and basic operation of “adding” two points, which should serve as the point group operation for cryptographic purposes, is now derived at the end of a long, roundabout square dance routine by calculating the mean of two points, and then doubling by means of trebling and averaging.

The algebra and calculus equations should be simplified, and made as efficient as possible. The operation has been suitably defined, and nothing has been introduced here that should violate the axioms of an Abelian group.

Next steps

Once you have mastered the quartic point group operation, the proof of Mordell’s theorem by infinite descent, methods of bounding heights of rational numbers, and the theory of numerical and floating point approximations for curve fitting, you may move on to the quintic point group operation.

Appendix: R code for example curve plot

#! /usr/bin/R -f

H <- function(x){
    sqrt((5/17)*(11-2*x^2/3)*(x+2/7)^2)
}

xvals <- seq(0,sqrt(16.5),0.0001)

plot(x=c(xvals,rev(xvals),-xvals,-rev(xvals)),
    y=c(H(xvals),-H(rev(xvals)),-H(-xvals),H(-rev(xvals))),
    type="l", lwd=3, col="brown",
    xlab="x", ylab="y", asp="1",
    main=expression(17*y^2 == 5*(11-2*x^2/3)*(x+2/7)^2)
)
abline(0,0)