Quintic point group operation

Suppose we have a quintic curve in the form

${\displaystyle y^{2}=px^{5}+qx^{4}+rx^{3}+sx^{2}+tx+u}$.

Through any four points on a quintic curve in this form, an ordinary elliptic curve in the form

${\displaystyle y^{2}=ax^{3}+bx^{2}+cx+d}$

may be fitted, and this elliptic curve must intersect the quintic curve at a fifth point, uniquely determined, up to sign of the y-axis.

There are some indications of quintic curves actually being used for cryptographic applications, a book going for ${\displaystyle {\frac {1}{4}}G}$ ^[1] and a website ^[2] on the subject and some papers ^[3] without further reference, the idea seems preposterous at first glance, given the known insolubility of quintic equations in closed form. And then again, why not? We don’t want our crypto too easy to solve. Yet nevertheless, we have a sneaking suspicion none of the references on the topic are doing the sort of heavy-duty industrial curve-fitting math which civil engineers for instance would use to solve these types of equations.

The quincunx equations

If P, Q, R, S and T are the five points of intersection between the quintic curve and the fitted elliptic curve, permitting multiplicity, let

${\displaystyle P+Q+R+S+T=O}$,

where O is the additional “point at infinity” considered to lie on the curve and serve as an identity for its additive point group operation.

Curve fittings through one point

Choose a point P and solve ${\displaystyle 4P+T=O}$, ${\displaystyle 3P+2S=O}$, and ${\displaystyle 2P+3R=P+4Q=O}$ by curve-fitting. Now ${\displaystyle T=-4P}$, ${\displaystyle S=-{\frac {3}{2}}P}$, ${\displaystyle R=-{\frac {2}{3}}P}$, and ${\displaystyle Q=-{\frac {1}{4}}P}$.

${\displaystyle \{P\}\longrightarrow \left\{-4P,-{\frac {3}{2}}P,-{\frac {2}{3}}P,-{\frac {1}{4}}P\right\}}$

Curve fittings through two points

Choosing points P and Q it is possible to solve for ${\displaystyle 2P+2Q+T=O}$ and ${\displaystyle P+Q+3R=O}$ by curve-fitting: ${\displaystyle T=-2(P+Q)}$ and ${\displaystyle R=-{\frac {1}{3}}(P+Q)}$, if scalar division is permitted. Also ${\displaystyle 2P+Q+2S=O}$ and ${\displaystyle P+2Q+2U=O}$ so ${\displaystyle S=-\left(P+{\frac {1}{2}}Q\right)}$ and ${\displaystyle U=-\left({\frac {1}{2}}P+Q\right)}$, etc.

${\displaystyle \{P,Q\}\longrightarrow \left\{-2(P+Q),-{\frac {1}{3}}(P+Q),-\left(P+{\frac {1}{2}}Q\right),-\left({\frac {1}{2}}P+Q\right),-(3P+Q),-(P+3Q)\right\}}$

Goals and objectives

The goal is to reach the point ${\displaystyle -P}$ from the point P alone, and to reach the point ${\displaystyle P+Q}$ from the points P and Q if possible, and if so, by the shortest possible path of computation, i.e., using the least number of elliptic curve fittings.

Point averaging and limit

Point averaging is possible.

${\displaystyle {\frac {P+Q}{2}}=-{\frac {1}{4}}{\big (}-2(P+Q){\big )}}$.

A closed form expression also exists for

${\displaystyle {\frac {9}{8}}(P+Q)=-{\frac {3}{2}}\left(-{\frac {3}{2}}\left({\frac {P+Q}{2}}\right)\right)}$

although, apparently not for the point group “sum” ${\displaystyle P+Q}$ itself. The only remaining option then is to approximate

${\displaystyle P+Q=\lim _{n\rightarrow 1}n(P+Q)}$

using only those rational numbers n for which a closed form expression exists for the rational scalar multiple by n of the point group “sum” we are calculating.

Insolubility in closed form radical expressions

It has been known for over 500 years that unlike quartic equations, general quintic equations cannot be solved in closed form radical expressions, and that is indeed what we find here for the point group operation which we have defined by “summing” five points that intersect an elliptic curve to an additive identity “point at infinity.”

This is the difficulty of solving the “quincunx equation” which determines the “group operation” among the rational points on a quintic curve. Numbers which are not congruent to 1 modulo 5 fail to be “constructible” in the resolvent system of the quintic. Non-constructible scalar multiples of a point under the point group operation are not computable or expressible in any closed form. The scalar multiples of negative one and two, which are needed for the “inverse” of one point and the “sum” of two points, since averaging is permitted without a scalar multiple, are not constructible because

${\displaystyle -1\ncong 1\mod 5}$; and

${\displaystyle 2\ncong 1\mod 5}$.

Finding roots of equations which are soluble

${\displaystyle y^{2}=px^{5}+qx^{4}+rx^{3}+sx^{2}+tx+u}$.

${\displaystyle y^{2}=ax^{3}+bx^{2}+cx+d}$

${\displaystyle px^{5}+qx^{4}+(r-a)x^{3}+(s-b)x^{2}+(t-c)x+u-d=0}$

${\displaystyle p(x-x_{P})(x-x_{Q})(x-x_{R})(x-x_{S})(x-x_{T})=0}$

The fundamental theorem of algebra assures us that the roots (or radicals) which we seek do exist, and may be found when the equation is in this form. If a quintic equation with rational coefficients has four rational roots, then its fifth root must exist and be rational as well. Any known rational roots may be factored out by long division into the polynomial with rational coefficients, and in any case the degree of the equation reduced accordingly, and solved in closed form.

Numerical methods

Numerical or what we call “floating point” methods are often used in practice to solve equations in the fifth or higher degree. The point averaging method, which is expressible in closed form, certainly allows the solution to be approximated to any desired degree of accuracy.

Exact solutions from floating-point computations

If the point group operation as defined does indeed map pairs of rational points on the curve to rational points on the same curve not exceeding a given denominator or height, then floating point approximations of sufficient precision can potentially be proven adequate to rigorously determine the exact numerators and denominators of those rational points.

If we had anything else to offer in this regard, we would have succeeded in doing exactly what the classical Italian mathematicians already proved impossible centuries ago.

R code for example plot

#! /usr/bin/R -f

H <- function(x){
    sqrt(1/9*(x+3)*(x+1)*(x+1/2)*(x-3/2)*(x-2))
}

xvals <- seq(0,3.1,0.0001)

plot(x=c(rev(xvals),-xvals,-rev(xvals),xvals),
    y=c(H(rev(xvals)),H(-xvals),-H(-rev(xvals)),-H(xvals)),
    type="l", lwd=3, col="purple",
    xlab="x", ylab="y", asp="1",
    main=expression(9*y^2 == (x+3)*(x+1)*(x+1/2)*(x-3/2)*(x-2))
)
abline(0,0)