May 11, 2023

Elliptic Curves

Elliptic curves are smooth plane curves defined by cubic polynomials with no repeated roots, and have applications in cryptography, error-correcting codes, and number theory. The group law on elliptic curves allows efficient computation of points and forms the basis of cryptographic algorithms such as Elliptic Curve Cryptography (ECC). Understanding the properties and applications of elliptic curves contributes to a deeper understanding of algebraic structures and opens up avenues for practical and theoretical research.

An elliptic curve over a field $K$ is a smooth plane curve defined by the equation $y^2 = f(x)$, where $f(x)$ is a cubic polynomial with no repeated roots. No repeated roots means that the intersections of the curve with the $x$-axis form a line rather than a hyperbola or S-shaped curve.

We can express $f(x)$ in Weierstrass form:

$f(x) = x^3 + ax + b$,

where $a$ and $b$ are constants in the field $K$. In particular, elliptic curves are of great interest in various fields, such as real numbers ($\mathbb{R}$), complex numbers ($\mathbb{C}$), rational numbers ($\mathbb{Q}$), or finite fields $\mathbb{F}_p$.

It is important to note that the given definition, although simplified, is sufficient for our purposes here. There is a more general definition involving rational points and genus, but we will concentrate on the basic definition.

To really appreciate the beauty of elliptic curves, we need to delve into the concepts of the projective plane and the point at infinity.

Projective plane and point at infinity

The projective plane is an extension of the concept of a plane. It has two crucial properties: every two lines have a unique intersection point, and every two points have a unique connecting line. A helpful visualisation is to think of a photograph of railway tracks where parallel lines appear to meet at the horizon, representing infinity. In the projective plane this phenomenon becomes a reality.

Let's now consider the elliptic curve defined by the equation $y^2 = x^3 + ax + b$ in the affine plane. To work in the projective plane, we introduce new coordinates $(X, Y, Z)$, denoted $(X:Y:Z)$, which are related to the affine coordinates by $x = X/Z$ and $y = Y/Z$. Using the projective coordinates, the equation becomes

$ZY^2 = X^3 + aZ^2X + bZ^3$.

This homogeneous equation applies to the entire projective plane, which projects onto the elliptic curve in the affine plane.

The point at infinity plays a crucial role in this transformation. If $Z \neq 0$, we get a solution $(x,y)$ which corresponds to a point on the affine curve, and $(x:y:1)$ represents a point on the projective curve. However, when $Z = 0$, points on the projective curve no longer correspond to points on the affine curve because the division by zero is undefined.

For $Z = 0$ we have $X = 0$ and $Y \neq 0$. Consequently, all $(0:Y:0)$ points become solutions, forming the 'line at infinity'. In projective geometry, this set represents the point $O = (0:1:0)$, known as the point at infinity. Geometrically, we can think of it as a point infinitely high on the $y$-axis, with its 'coordinates' represented as $(\frac{0}{0}, \frac{1}{0}) \sim (0, \infty)$. Understanding the concept of the point at infinity is crucial to understanding the group law of elliptic curves.

Bezout's theorem, a fundamental result in algebraic geometry, tells us that every line in the projective plane intersects an elliptic curve in three points, counting multiplicity. It is important to note that this statement holds for the projective curve but not necessarily for the affine curve. For example, the elliptic curve $y^2 = x^3 + 1$ intersects the line $x = 0$ in two points $(0, \pm 1)$ in the affine plane. However, the line $X = 0$ intersects the projective curve in three points $(0:\pm 1:1)$ and the point at infinity $(0:1:0)$.

Group law

Now let's explore the group law, which is the key feature that makes elliptic curves so fascinating and practical. In mathematics, a group is an algebraic structure consisting of a non-empty set $G$ and a binary operation denoted $+$. This operation combines any two elements $a$ and $b$ in $G$ to produce another element in $G$, satisfying three group axioms:

  1. Associativity: For all $a$, $b$ and $c$ in $G$, $(a + b) + c = a + (b + c)$.
  2. Identity element: There exists an element $e$ in $G$ such that for all $a$ in $G$, $a + e = e + a$. The identity element $e$ is unique.
  3. Inverse element: For every $a$ in $G$, there exists an element $a'$ in $G$ such that $a + a' = e$ and $a' + a = e$. The inverse element $a'$ is unique for every $a$ in G.

An example of a group is the set of integers $\mathbb{Z}$ together with the common addition $+$, denoted $(\mathbb{Z}, +)$. For any two integers $a$ and $b$, their sum $a+b$ is also an integer. The addition operation is associative, the identity element is $0$, and the inverse of any integer $a$ is $-a$. It's worth checking these properties for yourself.

In the context of elliptic curves, the group law is what makes them special and useful. To define the group, we consider a non-empty set $E(K)$ and a binary operation $+$ on this set. $E(K)$ consists of all points $(x, y)$ in $K^2$ that satisfy the elliptic curve equation $y^2 = x^3 + ax + b$, where $a$ and $b$ are in $K$, and the point at infinity $O$. In other words, $E(K) = {(x, y) \in K^2: y^2 = x^3 + ax + b,; a, b \in K} \cup {O}$.

Now let's define the addition operation $+$. The key idea comes from Bezout's theorem, which states that any line intersects an elliptic curve at three points. We use this concept by defining the sum of three collinear points on the curve as the identity element $O$, i.e. $P + Q + R = O$.

Given two points $P$ and $Q$ on the curve, we find the third point $R$ on the line through $P$ and $Q$ that intersects the curve. We designate $R$ as $-(P + Q)$, and the point $P + Q$ is obtained by reflecting $R$ over the $x$-axis. This reflection is motivated by the fact that the vertical line between $R$ and its reflection $R'$ intersects the curve at the point at infinity, $O$, giving $R + R' + O = O$. So $R'$ is equivalent to $-R$.

Geometric representation of the definition of '+' for points on elliptic curves. Geometric representation of the definition of '+' for points on elliptic curves. Source: Wikipedia

It's important to note that this notion of 'addition' is not to be confused with coordinate-wise addition. Group law addition is a geometric concept that involves connecting points on the curve with a line.

You may want to check that the set $(E(K), +)$ is indeed a group that satisfies the group axioms of associativity, identity and inverse elements. However, the proof of associativity is non-trivial and requires classical algebraic geometry. Furthermore, the elliptic curve group is an 'abelian' group, which means that the order of the operation does not matter; $P + Q = Q + P$.

A fascinating aspect of elliptic curves is that if $P$ and $Q$ are rational points, then their sum $P + Q$ is also rational. Furthermore, any point on the elliptic curve can be used to generate another point on the curve through the group law. Given a point $P$, we can construct $2P$ by doubling the point, and we can obtain $3P$ by adding $P$ and $2P$. This process can be extended to generate any multiple of $P$, such as $4P$, $5P$, and so on.

Applications

The ability to perform these operations to efficiently generate new points on the curve is what makes elliptic curves valuable in various applications, especially in the field of cryptography. A widely used cryptographic algorithm based on elliptic curves is Elliptic Curve Cryptography (ECC). ECC provides strong security with shorter key lengths compared to other traditional cryptographic systems such as RSA.

In ECC, security is based on the difficulty of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP). Given a point $P$ on an elliptic curve and its multiple $kP$, finding the value of the scalar $k$ is computationally hard. This property forms the basis of the security of ECC, since even with significant computing power, solving the ECDLP remains infeasible.

Elliptic curves have applications beyond cryptography. They have been used in error-correcting codes, which are essential for the reliable transmission of data over noisy channels. By exploiting the algebraic structure of elliptic curves, efficient error-correcting codes can be constructed.

Elliptic curves also have connections to number theory, algebraic geometry and even physics. They appear in the study of modular forms, which are functions with fascinating properties and connections to deep mathematical concepts. They also have applications in solving certain Diophantine equations, which involve finding integer solutions to polynomial equations.

In summary, elliptic curves have remarkable mathematical properties and applications in many fields. The group law defined on elliptic curves allows efficient computation of points and forms the basis of cryptographic algorithms such as ECC.

v0 @ 789241

elliptic curvesgroup lawpoint at infinityECCECDLP