sign in sign up
<<
Home , Cubic plane curve

Elliptic and the Probability of Prime Torsion

Zoe Daunt

Northeastern University

Saturday, January 23rd, 2021 NCUWM: Brought to you by Elliptic Curves

Zoe Daunt

Northeastern University

Saturday, January 23rd, 2021 Projective Spaces

Let k be an algebraically closed field.

Definition: For n ∈ Z, ≥ 0, we define projective n-space as the quotient of kn+1 − {0} by the equivalence relation ∼ , where a ∼ b ⇐⇒ ∃λ ∈ kx such that b = λa n+1 n Notation: Let q : k − {0} → P be the quotient map which n+1 takes (a0, ..., an) in k − {0} to (a0 : ... : an)

Examples: 0 1 i. P = (k − {0})/ ∼= {(1)}, a 1-point set 1 2 ii. P = {(a0, a1) ∈ k :(a0, a1) 6= (0, 0)}/ ∼= {(a : 1): a ∈ 1 k} t {(1 : 0)} = A t {∞} n iii. P = {(a0 : ... : an−1 : 1): a0, ..., an−1 ∈ k} t {(a0 : ... : an−1 : n n n−1 0): 0 6= (a0, ..., an−1 ∈ k } = A t P Projective Spaces

1 1 P = {(a : 1): a ∈ k} t {(1 : 0)} = A t {∞}

1 1 P = A t {∞}

The Projective is the set of triples [a0, a1, a2] with a0, a1, a2 not all zero with the following equivalence relation ∼:

0 0 0 0 0 0 [a0, a1, a2] ∼ [a0, a1, a2] if a0 = λa0, a1 = λa1, a2 = λa2 for some λ 6= 0.

2 2 Algebraic definition of P Geometric definition of P {[a0,a1,a2]:a0,a1,a2 not all zero} 2 1 ∼ ↔ A ∪ P

 a0 a1 2 ( , ) ∈ A if a2 6= 0 [a0, a1, a2] → a2 a2 1 [a0, a1] ∈ P if a2 = 0 2 [x,y,1] ← (x,y) ∈ A 1 [A, B, 0] ← [A, B]∈ P

Joseph H. Silverman, John T. Tate, Rational Points on Elliptic Curves, Springer, 2015. Projective Spaces

2 2 1 P = A t P , which is our line at ∞ Plane Cubics and Elliptic Curves

2 A cubic plane in the P (k) is defined by the set of solutions to the following

ax3 + bx2y + cxy 2 + dy 3 + ex2 + fxy + gy 2 + hx + iy + j = 0

where a, b, c,..., i, and j ∈ k

An E has the form

E : y 2 = x3 + Ax + B with A, B ∈ k

An elliptic curve is a smooth projective curve of genus 1 with a distinguished point. Elliptic Curves

If a curve E is of the form

E : F (x, y) = 0

It’s rational points are denoted by

E(Fp) = {(x, y): x, y ∈ Fp and F (x, y) = 0} Examples

From Bezout’s theorem, every line in the projective plane intersects an elliptic curve in three points, counting multiplicity. Group Law on Elliptic Curves

I Identity: the point (0 : 1 : 0) at infinity I Inverse: the inverse of point P = (x : y : z) is the point −P = (x : −y : z) I Commutativity: A + B = B + A I Associativity: A + (B + C) = (A + B) + C Isogenies

An isogeny φ : E1 → E2 of elliptic curves defined over k is a non-constant rational map that sends the distinguished point of E1 to the distinguished point of E2. Examples

1. The negation map φ1:P → -P, where (x : y : z) 7→ (x : -y : z)

2. The multiplication-by-n map,

[n]: E → E P 7→ n · P

3. The frobenius endomorphism: Let Fp be a finite field of prime order p, the Frobenius endomorphism π : Fp → Fp is the map x 7→ xp Structure of Torsion Subgroups

Let E/k be an elliptic curve of characteristic p > 0, p prime.

E[n] is the n-torsion subgroup of E consisting of all points P in E(k) such that nP = 0, i.e. the kernel of [n].

E[n] = {P ∈ E(k): nP = 0}

E(k)[n] = {P ∈ E(k): nP = 0} Probability of `-torsion

Goal: Determine the probability that a random elliptic curve E/Fp has an Fp point of prime order `, where p is either a fixed prime much larger than `, or a prime varying over some large interval. Probability of `-torsion

Goal: Determine the probability that a random elliptic curve E/Fp has an Fp point of prime order `, where p is either a fixed prime much larger than `, or a prime varying over some large interval.

I "Random Elliptic Curve E/Fp": Random A and B for y 2 = x3 + Ax + B

I An Fp-point is a point on E/Fp with coordinates in Fp I An Fp point, say P, of order ` is an `-torsion point (` · P = 0) with coordinates in Fp. Probability of `-torsion: STEP 3

For a fixed p, we need to consider two cases: when p ≡ 1 mod` and when p 6≡ 1 mod`. From part a, we know that there are 2 `(` − 1) matrices in GL2(F`) with determinant p mod`. For p ≡ 1 mod`, There are `2 possibilities, and thus

`2 Prfixed≡1 = `(`2−1) For p 6≡ 1 mod`, There are `2 + ` possibilities, and thus

`2+l Prfixed6≡1 = `(`2−1) Probability of `-torsion: STEP 3

For varying p, we use the probabilities we just found for fixed p and incorporate the probabilities of the occurrence of each p mod`. We assumed each value of p mod` occurs equally often, so the probability that p ≡ 1 mod` is

1 Pr(p ≡ 1) = `−1 And the probability that p 6≡ 1 mod` is

`−2 Pr(p 6≡ 1) = `−1 Therefore our total probability of `-torsion for varying p is

`2 1 `2+l `−2 Pr(`-torsion) = `(`2−1) ∗ ( `−1 ) + `(`2−1) ∗ ( `−1 ) Probability of `-torsion: STEP 3

Combinatorial Formula

`2 1 `2+l `−2 `2−2 f (`) = `(`2−1) ∗ ( `−1 ) + `(`2−1) ∗ ( `−1 ) = `3−`2−`+1 7 f (3) = 16 23 f (5) = 96 47 f (7) = 288

Sage Script Public Key Cryptography Probability of `-torsion: Applications

***Public Key Cryptography***

The Discrete Logarithm Problem: Let G be a group and let g ∈ G be an element of finite order n. Given a power h of g, the discrete logarithm problem is to find an exponent x ∈ Z/(n) with g x = h. Probability of `-torsion: Applications

The Elliptic Curve Discrete Logarithm Problem: Let E be an elliptic curve defined over Fp. Given P, Q ∈ E(Fp), find an integer x such that xP = Q. Probability of `-torsion: Applications