This paper investigates the distribution properties of sequences generated by elliptic curve points over complex and real fields, analyzing their equidistribution and randomness characteristics.
Contribution
It introduces a detailed analysis of the distribution of sequences on elliptic curves over characteristic zero fields, extending understanding of their randomness and equidistribution behavior.
Findings
01
Sequences in complex elliptic curves can be characterized by specific measures.
02
Certain sequences are not equidistributed modulo 1 despite being equidistributed with respect to a measure.
03
The study provides conditions under which polynomial sequences on elliptic curves deviate from uniform distribution.
Abstract
Major controversy surrounds the use of Elliptic Curves in finite fields as Random Number Generators. There is little information however concerning the "randomness" of different procedures on Elliptic Curves defined over fields of characteristic 0. The aim of this paper is to investigate the behaviour of the sequence Οmβ=[m]P and then generalize to polynomial seuences of the form Οmβ=[p(m)]P. We examine the behaviour of this sequence in different domains and attempt to realize for which points it is not equidistributed in C/Ξ. We will first study the sequence in the space of Elliptic Curves E(C) defined over the complex numbers and then reconsider our approach to tackle real valued Elliptic Curves. In the process we obtain the measure with respect to which the sequence Ο is equidistributed in E(R). In Section 4 we prove that everyβ¦
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Residue Arithmetic Β· Chaos-based Image/Signal Encryption Β· Analytic Number Theory Research
Full text
11institutetext: National Technical University of Athens
Distribution of the sequence [m]P in Elliptic Curves
Major controversy surrounds the use of Elliptic Curves in finite fields as Random Number Generators. There is little information however concerning the βrandomnessβ of different procedures on Elliptic Curves defined over fields of characteristic [math]. The aim of this paper is to investigate the behaviour of the sequence Οmβ=[m]P and then generalize to polynomial seuences of the form Οmβ=[p(m)]P. We first study the sequence in the space of Elliptic Curves E(C) defined over the complex numbers and then reconsider our approach to tackle real valued Elliptic Curves. In the process we obtain the measure with respect to which the sequence Ο is equidistributed in E(R). In Section 4 we prove that every sequence of points Pnβ=(xnβ,ynβ,1) equidistributed w.r.t. that measure is not equidistributedmod(1) with the obvious map xnββ{xnβ}.
Keywords:
Elliptic Curves Equidistribution Complex Lattice
Notation
Q: The field of rational numbers
R: The field of real numbers
C: The field of complex numbers
Ξ: A complex lattice ZΟ1βΓZΟ2β
E(K): An Elliptic Curve defined over a subfield of the closed field KΛ
C(X): The algebra of continuous functions XβR
R(X): The algebra of Riemann integrable functions XβR
g(Ξ): The embedding of Ξ in the real plane
Ξ: The discriminant of an Elliptic Curve
B: The Borel Οβalgebra over a set X
ΞΌ: A Borel measure over the corresponding algebra
β: The Weierstrass Elliptic Function on a lattice
1 Introduction
An elliptic curve is defined as a projective plane curve of genus 1. It is a straightforward application of the Riemann-Roch theorem to obtain an equivalent Weierstrass equation of the curve y2=x3+Ax+B. The most important thing about Elliptic Curves that makes them interesting is the group structure we can endow them with. Thus performing the operation mP for a point of the curve P we get a new point on the curve. It is then natural to ask: How are these points distributed across the curve? Do we have an explosion towards infinity for example, with greater and greater leaps being made? To answer this question we will first examine the structure on an elliptic curve defined over C.
1.1 Elliptic Curves over C
An elliptic curve over C is actually isomorphic to a lattice over the complex numbers C/Ξ where Ξ=ZΟ1βΓZΟ2β with Ο1,2ββC. We also define the fundamental parallelogram as D={a+x1βΟ1β+x2βΟ2β,x1,2β<1Β andΒ aβΞ}. This isomorphism is provided by the Weierstrass function β(z). The exact form of the isomorphism is in fact: Ο:C/ΞβE(C),zβΆ(β(z),ββ²(z),1) and it is an isomorphism of Riemann surfaces.
In this context an isogeny between Elliptic Curves E1β,E2β has the form of a map Ο:Ξ1ββΞ2β. The isogenies are actually exactly the maps of the form Οaβ(z)=azmodΞ2β where aβC:aΞ1ββΞ2β. In this context, an endomorphism of E has the form Ο(z)=az,aΞβΞ. Since each lattice corresponds uniquely to an elliptic curve, we can associate the jβinvariant of the curve with the lattice as j(Ξ). Two Elliptic Curves are isomorphic iff j(Ξ1β)=j(Ξ2β) or iff aΞ1β=Ξ2β for some aβC.
Remark 1
Suppose that Ο1,2β is a basis for the lattice Ξ. Then nΟ1β+mΟ2β=Ο2β(Ο2βΟ1ββn+m) and thus Ξ=Ο2βΞΟβ where ΞΟβ=[Ο,1],Ο=Ο1β/Ο2β. Thus every lattice can be written in the form ΞΟβ,Im(Ο)>0
2 Distribution in E(C)
Since we will be studying functions that are periodic in a lattice it is essential to identify these functions and their behaviour.
2.1 Fourier Series in Lattices
Remark 2
Let Ξ be a real lattice Ξ=[1,Ο] and let Οxβ,Οyβ be the projections of Ο on the canonical vectors of R2. Then every function f:R2/ΞβA is double periodic in R2, or equivalently it can be identified with a function f:R2βA such that β(x,y)βR2,f(x,y)=f(x+1,y)=f(x+Οxβ,y+Οyβ).
Theorem 2.1
Every function fβC(R2/Ξ) with Ξ=[1,Ο] admits a Fourier series expansion of the form:
[TABLE]
Lemma 1
Define the transformation A=[1Οxββ0Οyββ]. Then A maps R2/[0,1]Γ[0,1] to R2/Ξ continuously. (By the same methods we can also prove the continuity of Aβ1=[1βΟyβΟxβββ0Οyβ1ββ] since they have the exact same form)
Proof
For every pair of points: β£A[x1β,y1β]βA[x2β,y2β]β£=β£[(x1ββx2β)+Οxβ(y1ββy2β),Οyβ(y1ββy2β)]β£, setting x1ββx2β=xβ²,y1ββy2β=yβ² we obtain: β£A[x1β,y1β]βA[x2β,y2β]β£=β£[xβ²+Οxβyβ²,Οyβyβ²]β£=xβ²2+2Οxβyβ²xβ²+Οyβ2yβ²2+Οyβ2yβ²2 using the Cauchy-Schwartz inequality: β£A[x1β,y1β]βA[x2β,y2β]β£β€max(xβ²2+yβ²2+yβ²2+Οxβ2xβ²2,β£Οβ£2(xβ²2+yβ²2)+yβ²2+Οxβ2xβ²2) if β£Οβ£2>1 or β£Οβ£2β€1. With the exact same logic for Οxβ2 we get that β£A[x1β,y1β]βA[x2β,y2β]β£β€β£[x1ββx2β,y1ββy2β]β£(2+β£Οβ£2). We have thus shown uniform continuity.
Suppose f(x,y)=f(x+1,y)=f(x,y+1) then fβAβ1(x+1,y)=f(Aβ1[x+1,y])=f(x+1+ΟyβΟxββy,Οyβ1βy)=f(x+ΟyβΟxββy,Οyβ1βy)=fβAβ1(x,y) and fβAβ1(x+Οxβ,y+Οyβ)=f(x+ΟxββΟyβΟxββyβΟxβ,Οyβ1βy+1)=f(x+ΟyβΟxββy,Οyβ1βy)=fβAβ1(x,y).
For the inverse it suffices to assume fβC(R2/Ξ) and then we have fβA(x+1,y)=f(A[x+1,y])=(x+Οxβy+1,Οyβy)=f(A[x,y])=fβA(x,y) and fβA(x,y+1)=f(A[x,y+1])=f(x+Οxβy+Οxβ,Οyβy+Οyβ)=f(x+Οxβy,Οyβy)=f(A[x,y])=fβA(x,y). The continuity of each of these composite functions follows from Lemma 1.
Corollary 1
For each fβC(R2/Ξ) there is exactly one coresponding fβC(R2/[0,1]Γ[0,1]).
Suppose fβC(R2/Ξ) then we define A as before according to the values of the lattice Ξ. We now get a function fβAβC(R2/[0,1]Γ[0,1]) and thus fβA admits a Fourier series expression of the form f(A[x,y])=βn1β,n2ββZβe2Οj[n1β,n2β][x,y]. The Fourier series expression of f is then f(x,y)=βn1β,n2ββZβe2Οj[n1β,n2β]A[x,y]=βn1β,n2ββZβe2Οj[n1β,n2β][xβΟyβΟxββy,Οyβ1βy]=
In this section we only worked with lattices of the form [Ο,1] but it is possible to work with any two vectors [u,v] defining a lattice (which means linearly independend). Then the general form of the Fourier transform is f(x,y)=βn1β,n2ββZβe2Οj[n1β,n2β]Aβ1[x,y] where A=[uxβvxββuyβvyββ].
This section aims to show one thing basically which is now immediate:
Theorem 2.3
The sub-algebra of trigonometric polynomials with variables of the form e2Οj(n1βx+Οyβn2ββn1βΟxββy) is dense in L(R2/Ξ).
Proof
Since C([a,b]) is dense in L2 (w.r.t. the sup metric) and trigonometric polynomials are dense in C([a,b]) as a consequence of Theorem 2.1, the result is immediate.
For a proof of the density of C([a,b]) in Lp,pβ₯1 see **[2]** page 153.
2.2 Equidistribution of [m]P in Ξ
Throughout this section we will be working with the map g:CβR2 sending zxβ+zyβiβ(zxβ,zyβ). This map sends Ξ to a real valued lattice in R2 and we can then define equidistribution in the usual way for a compact metric space.
Definition 1
A sequence snβ in a compact metric space X equiped with the Borel probibility measure ΞΌ is equidistributed if limnβββn1ββi=0nβ1βf(siβ)=β«XβfdΞΌ for every Riemann integrable f:XβC.
Remark 4
*A sequence znβ is equidistributed in C/Ξ iff for every fβR(R2/g(Ξ)),f:R2/g(Ξ)βR we have
limnβββn1ββi=0nβ1βf(g(znβ))=ΞΌRβ(g(Ξ))1ββ«g(Ξ)βf(x,y)dxdy. The use of dxdy instead of dΞΌ follows from the function being Riemann Integrable.*
Theorem 2.4
A sequence znβ is equidistributed in C/Ξ iff
[TABLE]
Proof
(βΉ) This part is immediate since we just have to substitute f(x,y)=e2Οj(n1βx+Οyβn2ββn1βΟxββy).
(βΈ) From Theorem 2.3 we can see that trigonometric polynomials are dense in R(R2/g(Ξ)). A standard limit argument similar to the R case now implies the result.
Theorem 2.5
For a point z, the sequence nzmodΞ=znxβ+znyβi is equidistributed in C/Ξ iff n1βznβxβ+Οyβn2ββn1βΟxββznβyβξ βZ for every choice of (n1β,n2β)ξ =(0,0).
Proof
*Setting k(n1β,n2β)=n1βzxβ+Οyβn2ββn1βΟxββzyβ we get limNβN1ββn=0Nβ1βe2Οjnu and thus if k(n1β,n2β)βZ for some (n1β,n2β)βZ2/(0,0) we have *
limNβββN1ββn=0Nβ1β1=1ξ =0. Otherwise we have β£N1ββn=0Nβ1βe2Οjnuβ£β€N1ββ£e2Οjuβ1β£β£e2Οju(Nβ1)β1β£ββ€N1ββ£e2Οjuβ1β£2β and thus limNβββN1ββn=0Nβ1βe2Οjnuβ£=0.
A few obvious families of points where equidistribution fails are points parallel to one of the lattice defining vectors:
β(x,y):y=0βΉn1βx=0 and thus a solution for k(n1β,n2β)=0 will always be (0,n),βnβZ.
2. 2.
β(x,y):(x,y)=(aΟxβ,aΟyβ) we have k(n1β,n2β)=an1βΟxβ+n2βaβn1βaΟxβ=0βΉn2β=0 and thus we obtain a solution for k(n1β,n2β) which is (n,0),βnβZ.
3. 3.
all elements parallel to the diagonals: β(x,y)=(Ξ»Οxβ+Ξ»,Ξ»Οyβ) we have k(n1β,n2β)=Ξ»n1βΟxβ+Ξ»(n1β+n2β)βΞ»n1βΟxβ=(n1β+n2β)Ξ» and thus an obvious solution is (n1β,n2β)=(n,βn),nβZ.
3 Real Elliptic Curves
So far we have studied the equidistribution in complex Elliptic Curves. We will now shift our focus to Elliptic Curves E(R). Naturally we first study the values zβC/Ξ for which β(z)βR. A more detailed analysis with applications can be found in [5].
3.1 The Real Part of β
Theorem 3.1
Let Ξ correspond to the Elliptic Curve y2=4x3+g2βx+g3β where g2β=g2β(Ξ),g3β=g3β(Ξ) are the invariants of the lattice. Then g2β,g3ββRβΊΞ is invariant under complex conjugation.
Proof
(βΈ)* is obvious since g2β(Ξ)=βΟβΞββΟ41β and g3β(Ξ)=βΟβΞββΟ61β and thus g2β=g2βΛβ and g3β=g3βΛβ.*
(βΉ) We know β(z)=z21β+βn=1ββ(2n+1)G2n+2β(Ξ)z2n where G2n+2β(Ξ) are the Eisenstein series of weight 2n+2 of the lattice. Setting a1β=g2β/20,a2β=g3β/28 and (2n+1)G2n+2β(Ξ)=anβ in general we get: β(z)=z21β+βn=1ββanβz2n. By differentiating the Weierstrass equation we get β"(z)=6β(z)2β2g2ββ. By comparing the coefficients of z2n we have:
an+1β=(2n+1)(2n+2)β126ββi=1kβakβanβkβ. Thus inductively we get that anββR,βnβN and thus β(z)Λβ=β(zΛ). This implies zΛ21β+βΟβΞβ(zΛ+Ο)21ββΟ21β=zΛ21β+βΟβΞβ(zΛ+ΟΛ)21ββΟΛ21β form which we finally have: ΟβΞβΊΟΛβΞ.
Corollary 2
If xβZ then the above theorem implies that for any Elliptic Curve with g2β,g3ββR we have β(x)Λβ=β(xΛ)=β(x) and β(jx)Λβ=β(βjx)=β(jx) and thus all purely real and imaginary values are in R.
Let ββ²(z)2=4(β(z)βe1β)(β(z)βe2β)(β(z)βe3β) and observe that β(z)=eiββΊββ²(z)=0 and this only happens in the half-periods of the lattice.
Now consider two cases:
β’
if Ξ=g2β3β27g3β2>0 then eiββR and setting e1β>e2β>e3β we can write β(2Οiββ)=eiβ where Ο2β=Ο1β+Ο3β and Ξ=[Ο1β,Ο3β]. Taking into account the fact that β assumes every value in R exactly twice in [0,Ο1β],[0,Ο3β],[Ο1β,Ο1β+2Ο3β],[Ο3β,Ο3β+2Ο1β] we have the full set of points where β is real. Note that we have a square lattice.
β’
if Ξ=g2β3β27g3β2<0 then we have two complex roots e1β,e3β and one real root e2β. Then we have β(2Ο2ββ)=e2β with every real value attained exactly twice both on the real and imaginary axis
[β2Ο2ββ,2Ο2ββ],[2Ο1ββΟ3ββ,2Ο3ββΟ1ββ]. Note the rhombic shape of the lattice.
Remark 5
*Since we are only looking at real Elliptic Curves we only need to consider the values xβ[e3β,e2β]βͺ[e1β,+β] for the case with three real roots case. That is the intervals: [0,Ο1β] and [2Ο3ββ,2Ο3ββ+Ο1β].
For the case of one real root we only need to consider the interval [2Ο2ββ,2Ο2ββ]. Since β is double periodic we can equivalently consider the set [0,Ο2β] so that we have the same form in both cases.*
Remark 6
Note that every single point where β is real valued is either parallel to the lattice vectors or on the diagonal. This means equidistribution fails for those points and indeed it should! The set X={zβC/Ξ:β(z)βR} has measure [math] in the probability space we defined previously. Also every sequence in X will stay in the set (which has measure [math]) and thus there is no way it will exhibit the recurrence properties expected from equidistributed sequences.
3.2 Equidistribution in E(R)
Let us begin by noting that since it is more convenient to deal with points on the real axis for β we will keep the standard coordinates defined in the above section Ξ=[Ο1β,Ο3β]. We will thus not transform the rhomboid lattice as usual by multiplying with 1/Ο1β.
As noted in the previous section we also consider two cases here:
β’
When Ξ>0 we look at the set where y2β₯0, that is: A1β=[0,Ο1β]βͺ[2Ο3ββ,Ο1β+2Ο3ββ] in which every value of β(z) appears twice as (β(z),ββ²(z),1) and (β(z),βββ²(z),1) in symmetric values of z as β(z)=β(βz)=β(Ο1ββz) and ββ²(z)=ββ(βz)=ββ(Ο1ββz).
β’
When Ξ<0 we examine the set A2β=[0,Ο2β]. The same here is true for the values of β.
Theorem 3.2
*Define the probability space (A1β,B1β,ΞΌ+β) where
The damage can be minimized by considering both of these probability spaces separately like so:
B1β=[0,Ο1β] and Ξ1β=[2Ο3ββ,Ο1β+2Ο3ββ] where both B1β and Ξ1β are measure preserving systems under the transform T(z)=z+a,aβR. The first thing we observe is that in this case we have a space isomorphic to [0,1] and thus we can use Weylβs Criterion.
βkβZβ* we have limNβββN1ββn=1Nβebβa2Οjksnββ=0*
For more details and applications on Weyls Criterion see [4].
Remark 7
If snβ is equidistributed w.r.t. ΞΌ then snβ+a is also equidistributed with respect to ΞΌ for every aβ[0,Ο]. This is immediate since limNβββN1ββn=1Nβebβa2Οjk(snβ+a)β=ebβa2ΟjkaβlimNβββN1ββn=1Nβebβa2Οjksnββ and thus it does not affect convergence to [math]. Indeed viewing [0,Ο] as a topological group R/ΟZ with addition, we get that ΞΌ is the normalized Haar measure as it is shift invariant, regular and suported on the whole [0,Ο].
Lemma 2
*For a point zβC/Ξ the sequence snβ=nz is equidistributed in (B1β,B1β,ΞΌ) (and (A2β,B2β,ΞΌ) equivalently) iff limNβββN1ββn=1Nβ1βeΟ1β2Οjksnββ=0
Given a space [0,t] the Fourier expansion of fanctions fβC([0,t]) is given by f=βn=1ββe2Οjnx/t. The density of these trigonometric polynomials now follows and from the exact same argument in the proof of Weylβs Criterion we obtain snβ is equidistributed in [0,t] if and only if limNβββN1ββn=1Nβ1βet2Οjksnββ=0. Since in both cases z,Ο1β,Ο2ββR the result immediately follows.
Theorem 3.4
For a point zβC/Ξ the sequence snβ=nz is equidistributed in (B1β,B1β,ΞΌ) (and (A2β,B2β,ΞΌ) equivalently) iff zξ βΟ1βQ (or equivalently zξ βΟ2βQ). Then if P=(β(z),ββ²(z)) and [n]P is equidistributed, we obtain that P is not an element of the torsion subgroup of the curve ETorβ={PβE:[m]P=0,forΒ someΒ mβZ}.
Proof
*By Lemma 2 we have that snβ is equidistributed in (B1β,B1β,ΞΌ) iff *
limNβββN1ββn=1Nβ1βeΟ1β2Οjknzβ=0βΊlimNβββN1βeΟ1β2Οjkzββ1(eΟ1β2Οjkzβ)Nβ1β=0,βkβZβ* where the last expression can only occur when zξ βΟ1βQ. Indeed if zξ βΟ1βQ then we can choose kZβ:Ο1βkzββZ and thus limNβββN1ββn=1Nβ1βeΟ1β2Οjksnββ=1. If zξ βΟ1βQ then eΟ1β2Οjkzββ1(eΟ1β2Οjkzβ)Nβ1ββ€eΟ1β2Οjkzββ12β and the result follows. The proof for (A2β,B2β,ΞΌ) is the same.*
Remark 8
For every interval (xaβ,xbβ) with y>0 or y<0 we have a unique interval ββ1((xaβ,xbβ))β[0,Ο] with ΞΌ(ββ1((xaβ,xbβ)))=β£β(xaβ)ββ(xbβ)β£. This shows that if snβ is equidistributed in [0,Ο] it is also dense in [0,Ο] which means that β(snβ) is dense in [e,β) and thus (β(snβ),ββ²(snβ)) is dense in E(R). In the case of [n]P this means that either [m]P=O for some mβZ or [m]P is dense in E(R).
Let us refer to both Ο1β,Ο2β as Ο for simplicity, since both cases yield the same result.
However in the case of Ο1β the real period of the associated Elliptic Curve is actually 2Ο1β since we have two connected components but we ommited the Ξ1β so we proceed similarly. Basically we consider Ο=β«eββydxβ where e is e1β or e2β in each case.
Then returning to Weylβs Criterion we obtain the following result:
Corollary 3
Let zξ βΟQ then the sequence znβ=nz is equidistributed in [0,Ο] and thus βfβR([0,1]) we have limNβββN1ββn=1Nβf(znβ)=Ο1ββ«0Οβf(z)dz.
Remark 9
In the above corollary we are only considering Riemann Integrable functions and so the use of the differential dz is equivalent to using Lebesgue integreation w.r.t. ΞΌ. Notice that the Ο1β term appears since we are using the normalized measure ΞΌΟβ=ΞΌ/Ο.
Before moving to the main theorem we clarify the following:
Definition 3
We say that a function f:(a,β)βR is improper Riemann integrable and write fβIR((a,β)) iff limΟ΅β0rβββββ«a+Ο΅rβf(x)dx=cβR.
Corollary 3 enables us to shift to points on the real curve:
Theorem 3.5
*Let zξ βΟQ, then the sequence znβ=nz is equidistributed in [0,Ο] and for every f bounded in [e,β) such that yf(x,Β±y)ββIR((e,β)),
limNβββN1ββn=1Nβf(β(znβ),ββ²(znβ))=Ο1ββ«eββ(f(x,y)+f(x,βy))ydxβ where e=e1β or e=e2β depending on the case of Ο1,2β and yβ₯0.111 In this theorem y is treated as a function of x by seperating the parts y>0 and y<0 and thus f is not a two variable function but rather a function of x only.*
Proof
*One obvious obstacle is that f(β(Ο),ββ²(Ο)) is not defined since β(Ο) is not defined in R. We can fix that however by setting f(β(Ο),ββ²(Ο)) equal to any value or even better f(β(Ο),ββ²(Ο))=limzβΟβf(β(z),ββ²(z)) if it exists. Then from Corollary 3 it immediately follows that: *
limNββββn=1Nβf(β(znβ),ββ²(znβ))=β«0Οβf(β(z),ββ²(z))Οdzβ=β«0Ο/2βf(β(z),ββ²(z))Οdzβ+β«Ο2β/2Οβf(β(z),ββ²(z))Οdzβ. Since β(Οβz)=β(βz)=β(z) and ββ²(Οβz)=ββ²(βz)=βββ²(z), by a change of variables zβΟβz we obtain limNββββn=1Nβ1βf(β(znβ),ββ²(znβ))=β«Ο/2Οβf(β(z),ββ²(z))Οdzβ+f(β(z),βββ²(z))Οdzβ. Now since x=β(z) and ββ²(z)=y we have dx=ββ²(z)dzβΉdz=ydxβ and thus noting that β(Ο/2)=e (e=e1β* or e=e2β depending on the case of Ο1,2β) and β(0)=O we get *
limNββββn=1Nβf(β(znβ),ββ²(znβ))=Ο1ββ«eββ(f(x,y)+f(x,βy))ydxβ. The condition yf(x,y)ββIR((e,β)) and f bounded is sufficient since f(β,ββ²) is bounded in [0,Ο] iff f is bounded in [e,β) and for every for closed interval [a,b]β(2Οβ,Ο) we have f(β,ββ²)βR([a,b])βΊyf(x,y)ββR([β(a),β(b)]). This leaves only the problematic bounds 0,Ο where y or x is not bounded, where improper integration is still well defined however.
Remark 10
Notice that f can naturally be a complex valued function f:[e,β)βC resulting in a complex integral over the real line.
Corollary 4
In the particular case of znβ=nz we have
[TABLE]
Setting f(x,y)=\mbox11[0,Ο]β we get 1=limNβββN1ββn=1Nβ1=Ο1ββ«eββydxββΉβ«eββydxβ=Ο (with y taking values in
the whole R) which is a result that is immediate by the Uniformization Theorem.
Remark 11
The sequence znβ is equidistributed in [0,Ο] iff aznβ is equidistributed in [0,aΟ]. For an elliptic curve E1β with lattice Ξ1β every isomorphic elliptic curve is of the form Ξ2β=aΞ1β. The isomorphism is the map zmodΞ1ββazmodΞ2β and so we get that: Pnβ is equidistributed in E1β w.r.t. the measure ΞΌ(X)=Ο1ββ«β(X)βy1βdxβ iff Ο(Pnβ) is equidistributed in E2β w.r.t. the measure ΞΌ(X)=β£aβ£Ο1ββ«β(X)βy2βdxβ.
3.3 Equidistribution in the whole space E(R)
We will now analyze the space (A1β,B1β,ΞΌ+β) as defined in Theorem 3.2.
Theorem 3.6
The sequence snβ=nz is equidistributed in A1β iff zβΞ1β and zξ βΟQ.
Proof
(βΉ) This direction is obvious from Theorem 3.2.
(βΈ) Suppose and zβΞ1β and zξ βΟQ. We observe that s2nββB1β and s2n+1ββΞ1β and s2nβ=2snβ, s2n+1β=s2nβ+z. However snβ equidistributed implies ksnβ is also equidistributed for every kβZ and thus s2nβ is equidistributed in B1β and s2n+1β is equidistributed in Ξ1β.
We then get the following theorem:
Theorem 3.7
*Let PβE(R):xPββ(e3β,e2β) and Pξ βETorβ, then
limNβββN1ββn=1Nβf(xnPβ,ynPβ)=2Ο1β(β«e3βe2ββ(f(x,y)+f(x,βy))ydxβ+β«eββ(f(x,y)+f(x,βy))ydxβ),yβ₯0 for every bounded function fβR((e3β,e2β)βͺ(e,β)).*
3.4 Equidistribution in Curves
The primary problem that arises here is that a curve may not be a probability space as it can be isomorphic to R in the topological sense with Ξ³(t)=(x1β(t),..,xnβ(t)) and limtβ1βxiβ(t)=β or limtβ0βxiβ(t)=β. We may define curves on P2 in which case we have Ξ³(0)=O or Ξ³(1)=O as to be compliant with the definition of a curve but we will study them as affine curves through the natural map (x1β(t),..,xnβ(t),1)β(x1β(t),..,xnβ(t)).
We will bypass the problem by defining equidistribution in a manner suitable for a non-compact space, like one isomorphic to R for example, in a manner similar to Gerl [6].
Definition 4
(Gerl)
Let (X,B,ΞΌ) be a measure space where X is a locally compact Hausdorff space with countable base and ΞΌ a Radon measure (possibly not finite). Then a sequence snβ is equidistributed in X w.r.t. ΞΌ iff for every pair of compact subsets A,BβX with ΞΌ(βA)=ΞΌ(βB)=0 we have
[TABLE]
Since we are only interested in topological spaces like R and only need a definition for intervals of the form [a,b] which always have trivial boundary a,b, we can use a more simple version. We can also drop the βfor every pair of subsetsβ in favour of an increasing family of open intervals that covers the space since it will eventually contain any two such intervals. Before stating this definition we will define the problematic measure in the case of a curve:
Theorem 3.8
A continuous curve Ξ³:[0,1]βR2 equipped with the Borel Οβalgebra of open sets of the curve is a measure space with respect to the Radon measure ΞΌΞ³β(X)=β«01ββ£β£Ξ³β²(t)β£β£\mbox11Xβ(t)dt. We thus obtain a measure space (Ξ³,B,ΞΌΞ³β).
Proof
Obviously ΞΌΞ³β(X)β₯0,βXβB and ΞΌΞ³β(β )=0. However for any countable collection of sets {Aiβ}1ββ we obtain that ΞΌΞ³β(βͺk=1ββAkβ)=β«01ββ£β£Ξ³β²(t)β£β£βk=1ββ\mbox11Akββ(t)dt=βk=1ββΞΌΞ³β(Akβ) where the interchange between the sum and the integral follows by Tonelliβs Theorem since for the functions fnβ(t)=β£β£Ξ³β²(t)β£β£\mbox11Anββ(t) we have fnββ₯0. The Radon property is obvious by the continuity of the curve.
Definition 5
A sequence of points unβ=Ξ³(snβ) defined on a curve Ξ³ given by a sequence snββ[0,1] is equidistributed iff
[TABLE]
for every [a,b]β[0,1] and every family of intervals Akβ=(akβ,bkβ),akβξ =0,bkβξ =1, AkββAk+1β with βͺk=1ββAkβ=(0,1).
The information Definition 5 encodes is that every interval contains a proportion of the sequence proportionate to βhow muchβ of the curve is over that interval.
Lemma 3
Definition 5 is not dependent on the set family Akβ. More formally if snβ is equidistributed w.r.t. ΞΌΞ³β and a family of intervals Akβ, then if Bkβ is another family of intervals with the same properties, snβ is also equidistributed w.r.t. ΞΌΞ³β and Bkβ.
Proof
Suppose Akβ,Bkβ are two such families, then ΞΌ(Akβ)<ΞΌ([0,1])=1 and limkβββΞΌ(Akβ)=ΞΌ(βͺk=1ββAkβ)=1 which implies that βΟ΅β(0,1),βkβN:ΞΌ(Akβ)β(1βΟ΅,1). So for every Biβ=(aiβ,biβ) setting Ο΅=min{aiββ0,1βbiβ} there exists a kβN:ΞΌ(Akβ)β₯1βΟ΅/2 and thus if Akβ=(ckβ,dkβ)) and ckββ₯aiβ or dkββ€biβ we would have 1βΟ΅/2β€ΞΌ(Akβ)β€1βΟ΅βΉe/2β€0 contradiction. Thus BiββAkβ and so supposing Equation 5 holds for every Akβ it also hold for all Biβ. The same argument for Bkβ completes the proof.
We would like to emphasize how this definition is a natural extension of the definition of equidistribution for a compact space since in that case we obtain the usual definition by setting Akβ equal to our space.
With the above lemma we can choose symmetric Akβ that will make integration easier on the real line. We will thus only consider families of intervals Akβ=(Ο/2βakβ,Ο/2+akβ) with akβ increasing and akβ<Ο/2 thus attaining limkβββakβ=Ο/2.
We now take a look at an example which showcases what happens a sequence equidistributed in R/Z when projected on a circle. The following example is what motivated the use of the ΞΌΞ³β measure in our definition:
Example 1
Let Ξ³(t)=(sin(2Οt) and cos(2Οt))g:[0,1]βS1. Then for any sequence tnβ equidistributed in R/Z and fβR([0,1]) we have limNββn=1Nβf(tnβ)=β«01βf(Ξ³(t))dt. Notice that setting sin(2Οt)=x,cos(2Οt)=yβΉdx/y=dx/cos(2Οt)=dt and thus the integral becomes (integrating along y>0 and y<0 as before) β«β11βf(x,y)+f(x,βy)ydxβ. We make the following observation: β£β£Ξ³β²(t)β£β£=1+(dxdyβ)2β=y1βx2+y2β=y1β,y>0. Indeed then we obtain the expected formula
The points of the sequence snβ=[n]P where PβE, E an Elliptic Curve are not equidistributed on E with respect to the βnaturalβ measure ΞΌΞ³β but are instead equidistributed with respect to the measure ΞΌ(X)=Ο1ββ«β(X)βydxβ.
Proof
The result follows from an immediate comparison of Equations 6, 7. Choosing f as the indicator function of some interval [a,b] and taking the limit limkβββakβ in both cases we get [math] from Equation 6 and ΟΞΌ(ββ1([a,b]))β>0 from Equation 7.
Indeed the points of [n]P are tightly concentrated around e and get thinner and thinner as we approach infinity. However the sequence remains dense in every set [a,b]β[e,β).
A new question arises now: Can we possibly equip [0,Ο] with a different measure ΞΌβ² such that
limNβββN1ββn=1ββfkβ(β(nz))=ΞΌβ²(Akβ)β«AkββfββdΞΌβ²β for every kβN?
In the case of probability measures the answer is negative since a sequence in a compact space is equidistributed w.r.t. at most one probability measure. To see this we note that ΞΌ((a,b))=ΞΌ([a,b])=ΞΌβ²((a,b)) for every open set in [0,Ο] and open sets generate the Borel Οβalgebra which is stable under finite intersection. As a consequence of the monotone class theorem the measures ΞΌ,ΞΌβ² agree on every set of B.
Observe that by the Riesz Representation Theorem, changing the measure is equivalent to sampling by a different positive function since β«0ΟβfβgdΞΌ=β«0ΟβdΞΌgβ as a positive linear functional.
Even in the case of a Radon measure we get the following:
Theorem 3.11
Let Pnβ be equidistributed in E(R) w.r.t. ΞΌ(X)=Ο1ββ«β(X)βydxβ, then there exists no function f with ΞΌ(βfβ1(A))=0 for all compact intervals Aβ[e,β) taking xnββf(xnβ), such that f(xnβ) is equidistributed w.r.t. any non finite, Radon measure ΞΌRβ.
Proof
*Suppose such a function exists. Then \mbox11fβ1(A)β/y is improper Riemann integrable in (e,β)
We first observe that for any closed intervals AβBβ[e,β) it holds that: *
A function that would contradict Theorem 3.11 would obviously satisfy ΞΌ(βfβ1(A))>0 for some closed interval A and thus since βfβ1(A)βfβ1(βA) we must have ΞΌ(fβ1(βA))>0. This implies that if A=[a1β,a2β], then the set U={x>e:f(x)=a1βΒ orΒ f(x)=a2β} has positive measure. Thus f is clearly either discontinuous in a positive measure subset of points or f changes monotonicity in a positive measure subset of points or f is nowhere monotonic. This aims to show that f is not trivial to find.
3.6 Distribution of Polynomial Maps on Elliptic Curves
All of our previous theorems are phrased for an equidistributed sequence in [0,Ο] in general. This enables our previous theorems to be restated for any polynomial sequence on an elliptic curve:
Theorem 3.12
*(Weylβs Equidistribution Theorem)
Let p(x) be a monic polynomial in Z[x], then the sequence p(n)u is equidistributed in [0,1] iff uξ βQ.*
Theorem 3.13
Let p(x) be a monic polynomial in Z[x], then the sequence p(n)z is equidistributed in [0,Ο] iff zξ βΟQ.
Proof
The proof is an immediate modification of the original proof in the case of [0,1]. For the full proof see Corollary 3 of **[3]**.
This means that every for every monic polynomial in Z we have the following corollary:
Corollary 6
Let p(x) be a monic polynomial in Z[x] then the sequence snβ=[p(n)]P is equidistributed w.r.t. ΞΌ(X)=Ο1ββ«β(X)βydxβ iff β(P)ξ βΟQ.
3.7 Equidistribution of points in E(Q)
When working with computers there is an obvious limitation to the field of rationals Q. This actually makes things easier since we can specifically state which points will give equidistributed sequences in E(Q) with respect to the measure ΞΌ(X)=Ο1ββ«Xβydxβ. Let us make clear something ambiguous first:
Definition 6
We say that a sequence snββE(Q) is equidistributed in E(Q) w.r.t. a measure ΞΌ iff snβ is equidistributed in E(R) w.r.t. the measure ΞΌ.
Thus restricted to Q we use the dynamics of itβs extension R to define equidistribution for our purposes.
By the Mordell-Weil Theorem (page 220 of [1]) we know that E(Q)=ETorββZr, and so:
Theorem 3.14
A point PβE(Q) is equidistributed w.r.t ΞΌ in E(R) iff Pξ βE(Q)Torβ. Thus βPβE(Q) with yPβξ =0:
β’
xPβ,yPβξ βZ* or*
β’
xPβ,yPββZ* but y2β€Ξ*
the sequence Οnβ=nP is equidistributed w.r.t ΞΌ.
Proof
By Theorem 3.4 we have that if P=β(z0β) then Οnβ is equidistributed in E(R) iff z0βξ βΟQ. We now observe that z0ββΟQβΊnz0β=0mod[0,Ο]βΊnP=OβΊPβE(Q)Torβ. An immediate application of Nagell-Lutz now completes the theorem.
4 Distribution in R/Z
Suppose xnβ=ββ1(snβ) where snβ is equidistributed in [0,Ο]. We will investigate if such a sequence could produce a sufficiently good PRNG mod(1). Let us first examine the most simple case of a sequence taking E(R)βR/Z: Οnβ={xnβ}.
By Weylβs Criterion for equidistribution we want to show that: limNβββN1ββn=1Nβe2Οjkxnβ=0,βkβZ. By Equation 3 we then need to show that β«eββye2Οjkxβdx=0βΊβ«0ββx(x+a)(x+b))βe2Οjkxβdx=0 by a simple change of variables xβx+e. We see that a,b<0 since [math] is now the largest root of y2=0. We observe however that this cannot happen when y>0 is increasing since integrating over a period β(β«nn+1βx(x+a)(x+b)βe2Οjkxβdx)>0,βnβZ implying β(β«0ββx(x+a)(x+b)βe2Οjkxβdx)=β(βn=1βββ«nn+1βx(x+a)(x+b)βe2Οjkxβdx)>0.
With this in mind we seperate two cases:
Lemma 4
Let y(x)=(xβe)(xβe1β)(xβe2β)β,e>e1β>e2β or e>0 and e1β,e2βξ βR and y2=x3+Ax+B. Then:
β’
y* is increasing iff Aβ₯0 or 3β£Aβ£ββ<e when A<0.*
β’
y* is increasing in [e,β3β£Aβ£ββ)βͺ[3β£Aβ£ββ,β) and decreasing in *
Suppose snβ=ββ1(Pnβ) (where Pnβ=(xnβ,ynβ,1)) is equidistributed in [0,Ο] as defined by an elliptic curve y2=x3+Ax+B with Aβ₯0 or 3β£Aβ£ββ<e, then the sequence {xnβ} is not equidistributed in R/Z w.r.t the Lebesgue measure.
Proof
*We basicaly restate what was written above in more general context. By Lemma 4 we have that y is increasing in [e,β).
*
*By Weylβs criterion xnβ is equidistributed iff limNβββN1ββn=1Nβe2Οjkxnβ=0,βkβZ. From Equation 3 however it follows that *
limNβββN1ββ£βn=1Nβe2Οjkxnββ£=Ο2ββ£β«eββye2Οjkxβdxβ£>0*. It remains to prove that β(β«nn+1βx(x+a)(x+b)βe2Οjkxβdx)>0. This is equivalent to showing that *
β«nn+1βx(x+a)(x+b)βsin(2Οkx)βdx>0. We observe that:
β«nn+1βx(x+a)(x+b))βsin(2Οkx)βdx=β«nn+21ββx(x+a)(x+b)βsin(2Οkx)βdx+β«n+21βn+1βx(x+a)(x+b)βsin(2Οkx)βdx=β«nn+21ββsin(2Οkx)(x(x+a)(x+b)β1ββ(x+21β)(x+a+21β)(x+b+21β)β1βdx)>0 since y(x)<y(x+21β).
We can now pass to the case of three distinct real roots:
Theorem 4.1
Let snβ=ββ1(Pnβ) (where Pnβ=(xnβ,ynβ,1)) be equidistributed in [0,Ο] defined by an elliptic curve E:y2=x3+Ax+B. Then if E has 3 distinct real roots, the sequence {xnβ} is not equidistributed w.r.t. the Lebesque measure.
Proof
Considering the function f(x)=x3+Ax+B the only way for it to have three real roots e1β>e2β>e3β is iff e1β>3β£Aβ£ββ,e2ββ(β3β£Aβ£ββ,3β£Aβ£ββ) and e3β<β3β£Aβ£ββ. The result is now obvious from Lemma 5.
An immediate indication of this result is the following:
Remark 12
*Since limNβββN1ββn=1Nβ\mbox11[a,b]β({xnβ})=Ο1ββn=βeββββ«n+an+bβydxβ. Defining the function Fnβ(t)=β«n+a+tn+b+tβydxβ where tβ[b,1] we have that Fnββ²(t)=y(a+n+t)1ββy(b+n+t)1β<0 since y is increasing. So Fnβ is decreasing. Then choosing a=0,b=21β and t=21β gives β«nn+21ββydxβ>β«n+21βn+1βydxβ which implies
This still leaves us to deal with the case Ξ<0. This situation is much more complicated since we canβt use the monotonicity of y. We will attenmpt a different approach.
Lemma 6
Suppose β«eββye2Οjnxβdx=0 for every nβZ. Then β«eββyf(x)βdx=2Οββ«01βf(x)dx, for every fβL1([0,1]).
Proof
*Since trigonometric polynomials are dense in L1([0,1]) we have that for every Ο΅>0, then there exists a trigonometric polynomial *
pNβ(x)=βn=βNNβdN,nβxn* such that β£pNβ(e2Οjx)βf(x)β£<Ο΅. By integrating we obtain β£β«01βf(x)dxβdN,0ββ£<Ο΅. Dividing by y>0 and integrating we get β£β«eββyf(x)βdxβ2ΟβdN,0ββ£<2ΟβΟ΅ and finally with the triangle inequality: β£β«eββyf(x)βdxβ2Οββ«01βf(x)dxβ£<β£β«eββyf(x)βdxβ2ΟβdN,0ββ£+β£2Οββ«01βf(x)dxβ2ΟβdN,0ββ£<ΟΟ΅ and since Ο΅ is arbitary, the proof is complete.*
Theorem 4.2
(General Version)
Let snβ=ββ1(Pnβ) (where Pnβ=(xnβ,ynβ,1)) be equidistributed in [0,Ο]. Then the sequence {xnβ} is not equidistributed in [0,1] w.r.t. the Lebesque measure.
Another possible question now is the following: Can we βfixβ this sequence by taking the least significant digits that should exhibit more βrandomβ behaviour?
The answer to that question is βnoβ since in that case we would essentialy require
limNβββN1ββn=1Nβe2Οjkxnβ10m=0, βkβZ which would then be equivalent to showing that 103mβ«10meββx3+102mAx+103mBe2Οjkxβdx=0 which is the same as proving that an equidistributed sequence unβ with respect to the measure
ΞΌ(X)=Οβ²1ββ«Xβx3+102mAx+103mBdxβ is equidistributed in R/Z.
5 Conclusion
After providing the conditions for equidistribution of [m]P over E(C) in terms of linear independance over Z we turned to the much more interesting case of E(R). Here we obtained the main result stated in Corollary 4 and concluded that the points of [m]P and any other sequence that is equidistributed on the borders of the complex lattice follow the distribution described by Equation 7. The generalization to polynomial sequences is immediate from Weylβs well known result. Finally Theorem 4.2 provides a further result on the distribution of the rational part of x[n]Pβ, namely that it is not equidistributed with respect to the Lebesgue measure on [0,1].
Bibliography6
The reference list from the paper itself. Each links out to its DOI / PubMed record.
1[1] J. Silverman, The Arithmetic of Elliptic Curves. 2nd edn. Springer, ISBN 978-0-387-09493-9, San Fransisco (2008)
2[2] H.L. Royden, P.M.Fitzpatrick, Real Analysis. 4th edn. Pearson Education Asia Limited and China Machine Press, ISBN 978-0-13-143747-0, Peopleβs Republic of China (2010)
3[3] Notes on Equidistribution, http://www.math.ucsd.edu/~jverstra/Weyl 2.pdf . Last accessed 22 March 2019
4[4] Equidistribution and Weylβs Criterion, http://individual.utoronto.ca/hannigandaley/equidistribution.pdf . Last accessed 20 March 2019
5[5] Four Lectures on Weierstrass Elliptic Functions and Applications in Classical and Quantum Mechanics, Georgios Pastras https://arxiv.org/pdf/1706.07371.pdf . Last accessed 22 March 2019
6[6] Gerl, P.: Relative Gleichverteilung in lokalkompakten RΓ€umen II. Monatsh. Math. 7 (5), 410β422 (1971)