A new approach in constructing isogenies of elliptic curves in characteristic three
Marius B\u{a}loi

TL;DR
This paper introduces a novel method for constructing isogenies of elliptic curves in characteristic three by analyzing formal endomorphisms within Laurent series, providing a way to identify rational solutions and endomorphisms.
Contribution
It presents a new approach to find formal endomorphisms of elliptic curves in characteristic three using Laurent series and rational points on a plane cubic, with an efficient test for rationality.
Findings
Identifies formal endomorphisms with rational points on a cubic over Laurent series.
Provides a method to find all formal separable endomorphisms in characteristic 3.
Offers an efficient test to determine if a formal solution corresponds to a curve endomorphism.
Abstract
Given an elliptic curve over a field it is a challenging problem to write down explicit elements of its endomorphism ring the problem amounts to find all possible solutions to a functional equation in the field of rational functions Instead of attempting to describe them directly, we look first for solutions in the larger field of Laurent power series , which we call them {\em formal endomorphisms}. We show that the set of separable formal endomorphisms naturally identifies with a subset of rational points of a plane cubic defined over As a by-product, we present a method for finding all formal separable endomorphisms in characteristic . %and an efficient test for determining if a given formal solution is actually rational, yielding to an endomorphism of the given curve.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAlgebraic Geometry and Number Theory · Polynomial and algebraic computation · Cryptography and Residue Arithmetic
A new approach in constructing isogenies of elliptic curves in characteristic three
Marius Băloi
Faculty of Mathematics and Informatics, University of Bucharest, Academiei st. 14, Bucharest, Romania
Abstract
Given an elliptic curve over a field it is a challenging problem to write down explicit elements of its endomorphism ring the problem amounts to find all possible solutions to a functional equation in the field of rational functions Instead of attempting to describe them directly, we look first for solutions in the larger field of Laurent power series , which we call them formal endomorphisms. We show that the set of separable formal endomorphisms naturally identifies with a subset of rational points of a plane cubic defined over As a by-product, we present a method for finding all formal separable endomorphisms in characteristic .
1 Introduction
Let be a field of characteristic three and let be an elliptic curve defined over . Its Weierstrass normal form (WNF, for short) can be (see, e.g. [Sil09]) either
[TABLE]
or
[TABLE]
Notice that a curve in WNF2 is automatically non-supersingular (cf e.g. [Sil09], Thm. 4.1, pp 148), so the real case of interest is the WNF1; throughout this paper, we will focus on this case only. Let be a separable isogeny. Then, in affine coordinates, is of the form
[TABLE]
where is a rational function and . Indeed, any isogeny must be of the form
[TABLE]
with rational functions. Since the neutral element is the point at infinity, , of homogeneous coordinates , we see that the inverse of a point is and, as isogenies are group morphisms, we see that is fact a rational function on say As in both cases, the invariant differential is , we get that , for some . From [Was08], we get that
[TABLE]
hence
The aim of the paper is to find an algorithmic way of generating all isogenies of . Generating all isogenies of amounts henceforth to find all rational functions that satisfy
[TABLE]
Instead of trying to find all solutions of the above equation in , as in [BMSS08] for characteristic 2, we enlarge the frame of the field of rational functions to the field , the fraction field of the ring of formal power series. Notice that if is a separable isogeny, it is unramified everywhere, hence in particualar it must have at most poles of order at most one. Inspired by this, we will call a formal isogeny any solution of 4 which belongs to
1.1 A splitting of
Let be a field of characteristic three. For any Laurent power series we will use the decomposition
[TABLE]
where
[TABLE]
Notice that the above decomposition is given by the splitting
[TABLE]
induced by the formal derivative (denoted by ′), where
[TABLE]
[TABLE]
[TABLE]
Sometimes, by an abuse of language, we will called the elements of the above subspaces as "homogeneous" of degrees and (or ) respectively.
Notice also that the formal power series is actually rational, if and only if and are all rational. Indeed, if one can immediately check by direct computation that one has:
[TABLE]
1.2 A variant of Hensel’s lemma
Lemma 1.1**.**
Let and be arbitrary, Then there exists (and it is unique up to a constant additive factor in ) some such that
[TABLE]
if and only if the equation
[TABLE]
has a solution in
Proof.
a) Letting we have that
[TABLE]
The initial coefficient is determined as a solution of , and for all we have the following recurrence relations:
[TABLE]
Hence the coefficients of can be determined by the simple linear recurrence from above.
Remark 1. It is straightforward that the solution of 8 is usually just a formal power series, even if the function is rational. An easy example is given by the case when , for which which is not a rational function as the series is not periodic.
Remark 2. Notice that if one weakens the condition that , allowing principal parts for it, it is possible that the equation 8 has no solution even in ; an immediate example is
∎
2 The main result
Theorem 2.1**.**
Let be a field of charateristic , and be an elliptic curve in WNF1 as in (1). Let denote the field (with decomposition as in 6) and let be the affine space over Let be arbitrary. Consider the plane cubic over defined by
[TABLE]
a) If , the set of all separable formal endomorphisms of with “ derivative at origin” equal to identifies with the set of rational points of such that \alpha\in V_{1},$$\beta\in V_{2} and and, satisfying the “compatibility condition”: there exists such that (where
b) If , then the set of all separable formal endomorphisms of with “derivative at origin” equal to identifies with the set of points of with , . In this case, the compatibility conditions are given by the relations 20, 21, 22 and 23 below.
2.1 Proof of the first equation of (11)
Lemma 2.1**.**
Let be a field of characteristic and let be an elliptic curve over given by Let be a formal endomorphism of defined over in the form (3). Write under the form as in 5. Then
[TABLE]
holds; in particular, we see that the part determines the -part and conversely.
Proof.
We have that
[TABLE]
Since , we have that
[TABLE]
Taking the derivative of (13) and using the fact that we are in we have that
[TABLE]
Since is separable (by assumption), we have that . Then, dividing (14) by , we get that
[TABLE]
Under the decomposition of we get that
[TABLE]
and keeping into account that and , we further get
[TABLE]
This relation becomes
[TABLE]
and, as and , we see that determines and conversely. ∎
2.2 Proof of the second equation of (11)
Proof.
To retrieve the part from the and parts, we go back to (13) getting that
[TABLE]
As and the above relation becomes:
[TABLE]
Proof of a). Choose arbitrary. As , then from equation 16 we see that is easily determined and, moreover, is belongs to (since is invertible in Now, to retrieve we use Lemma 1.1. In order to apply it, we must first check that
[TABLE]
is in But this is easily verified, since as and we get that also belongs to Next, we need to ceck that This follows by looking at the “homogenous” components of it and keeping in mind the relation 16. Eventually, we need to look at the “initial condition” that asks for the equation to have a solution in this amounts to the existence of a such that , as stated.
Proof of b). In this case, the equation 16 becomes . So, taking some say (with ) we get hence, where
[TABLE]
and Now, to use Lemma 1.1 we must look again at the factor from 19; first, we look at its principal part, which must vanish. Since, in our case,
[TABLE]
we get that, modulo terms in , equals to
[TABLE]
Then, we obtain that
[TABLE]
and
[TABLE]
hence and
Eventually, we look at the condition that to have a solution. After direct computations, we get that this amounts to require that
[TABLE]
to have a solution in ∎
2.3 An algorithm for finding formal endomorphisms
To summarize the ideas in the previous Theorem, we present an algorithm for finding formal endomorphisms for a given elliptic curve of equation
[TABLE]
(with given “ differential at origin” ) over a field of characteristic three.
- •
Pick any formal power series ;
- •
Determine from equation 16;
- •
Check the compatibility condition for the choice we made (according to the cases or ); if this is not satisfied, just change the initial coefficient of ;
- •
Determine the formal power series form equation 18;
- •
Eventually, the desired formal endomorphism will be given by where
3 Worked examples
Example 1. Let and the elliptic curve be of equation
[TABLE]
We want to find out an isogeny whose part is and whose "derivative at the origin" is
Relation (16)
[TABLE]
becomes
[TABLE]
which provides that To determine , we first pick any such that ; the recurrence for is given by relation (18):
[TABLE]
which becomes in this case
[TABLE]
Keeping into account the initial condition for given by (9), this immediately implies that To conclude, all formal isogenies as required are of the form where . Notice that they are also isogenies in the usual sense.
Example 2. Let and the elliptic curve be of equation
[TABLE]
(hence and ). We want to find out an isogeny whose part is and whose "derivative at the origin" is
Relation 16
[TABLE]
becomes
[TABLE]
that is
[TABLE]
which implies To determine , we first pick any such that ; the recurrence for is given by relation (18):
[TABLE]
which becomes in this case
[TABLE]
Keeping into account the initial condition for given by (9) this imediately imply To conclude, all formal isogenies as required are of the form
[TABLE]
Notice that they are also isogenies in the ususal sense.
Example 3. In the same setup as in the previous example, suppose we want to describe all the isogenies with -part and
Relation 25
[TABLE]
implies To determine , pick any such that ; the recurrence for is given by relation (18):
[TABLE]
which becomes in this case
[TABLE]
which implies We get that that is, the formal isogenies is in this case are of the form
[TABLE]
Notice that they are also rational isogenies as in the previous case.
Example 4. Let and the elliptic curve be of equation
[TABLE]
(hence and ). We want to find an isogeny whose part is and
Relation (16)
[TABLE]
provides To determine , pick any such that ; the recurrence for is given by relation 18:
[TABLE]
which produces
[TABLE]
For we get that . We can observe that
[TABLE]
Notice that this isogeny is the multiplication-by-2 map.
Acknowledgements. This work was partially supported by a grant of the Ministry of Research, Innovation and Digitalization, CNCS/CCCDI - UEFISCDI, project number ERANET-CHISTERA-IV-PATTERN, within PNCDI IV.
The author would like to thank V. Vuletescu for asking me the problem and for many valuable suggestions.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[BMSS 08] A. Bostan, F. Morain, B. Salvy and É. Schost “Fast algorithms for computing isogenies between elliptic curves” In Mathematics of Computation 77.263 American Mathematical Society (AMS), 2008, pp. 1755–1778 DOI: 10.1090/s 0025-5718-08-02066-8 · doi ↗
- 2[Sil 09] Joseph H. Silverman “The Arithmetic of Elliptic Curves” New York: Springer-Verlag, 2009
- 3[Was 08] Lawrence C. Washington “Number Theory and Cryptography” New York: Chapman Hall/CRC, 2008
