18.783 Elliptic Curves Spring 2013 Lecture #12 03/19/2013
نویسنده
چکیده
Theorem 12.2. Let p and q be prime divisors of N , and let `p and `q be the largest prime divisors of p− 1 and q− 1, respectively. If `p ≤ B and `p < `q then Algorithm 12.1 succeeds with probability at least 1− 1 `q . Proof. If a ≡ 0 mod p then the algorithm succeeds in step 2, so we may assume a ⊥ p. When the algorithm reaches ` = `p in step 3 we have b = a m, where m = ∏ `≤`p ` e is a multiple of p − 1. By Fermat’s little theorem b = am ≡ 1 mod p and therefore p divides b − 1. But `q does not divide m, so with probability at least 1 − 1 `q we have b 6≡ 1 mod q, in which case 1 < gcd(b− 1, N) < N in step 3b and the algorithm succeeds.
منابع مشابه
18.783 Elliptic Curves Spring 2013 Lecture #20 04/25/2013 20.1 The Hilbert class polynomial
Let O be an order of discriminant D in an imaginary quadratic field K. In Lecture 19 we saw that there is a one-to-one relationship between isomorphism classes of elliptic curves with complex multiplication by O (the set EllO(C)), and equivalence classes of proper Oideals (the group cl(O)). The first main theorem of complex multiplication states that the elements of EllO(C) are algebraic intege...
متن کامل18.783 Elliptic Curves Spring 2013 Lecture #24 05/09/2013
Andrew V. Sutherland In this lecture we give a brief overview of modular forms, focusing on their relationship to elliptic curves. This connection is crucial to Wiles’ proof of Fermat’s Last Theorem [7]; the crux of his proof is that every semistable elliptic curve over Q is modular.1 In order to explain what this means, we need to delve briefly into the theory of modular forms. Our goal in doi...
متن کامل18.783 Elliptic Curves Spring 2013 Lecture #9 03/07/2013 9.1 Schoof’s Algorithm
In the early 1980’s, René Schoof [3] introduced the first polynomial-time algorithm to compute #E(Fq). Extensions of Schoof’s algorithm remain the point-counting method of choice when the characteristic of Fq is large (e.g., when q is a cryptographic size prime).1 Schoof’s basic strategy is very simple: compute the the trace of Frobenius tmodulo many small primes ` and use the Chinese remainder...
متن کامل18.783 Elliptic Curves Spring 2013 Lecture #7 02/28/2013
E[n] ' { Z/nZ⊕ Z/nZ if p = 0 or p n, Z/nZ or {0} if p > 0 and n is a power of p. Proof. Assume p n and let ` be a prime dividing n. Then the multiplication-by-` map [`] is separable of degree `2, and therefore E[`] = ker[`] has order `2. Every nonzero element of E[`] has order `, and it follows that E[`] ' Z/`Z ⊗ Z/`Z. Thus the `-rank of E[`], and hence of E[n], is 2. If `e is the largest power...
متن کامل18.783 Elliptic Curves Spring 2013 Lecture #6 02/26/2013
The polynomial v(x) allows us to determine the points in E(k̄) that lie in the kernel of α. Indeed, we have kerα = {(x0, y0) ∈ E(k̄) : v(x0) = 0} ∪ {0}. If E1 is defined by y 2 = f(x) = x3 + Ax + B, then we get one point in kerα for each root of v that is also a root of f (these are points (x0, 0) of order 2), two points for every other distinct root of v (since α(x0, y0) = 0 implies α(x0,−y0) = ...
متن کامل