Elliptic curves have been studied for many years by pure mathematicians who have no intention of applying the results to anything outside mathematics. And yet elliptic curves have become an important part of applied cryptography.
Elliptic curves are very solid. There are some subtleties to the definition – more on that in a moment – but they are essentially the set of points satisfying a simple equation. And yet a lot of extremely abstract mathematics has been developed because of the need to study these simple things. And while objects are simple in some senses, the questions people naturally ask about them are far from simple.
initial definition
The initial definition of an elliptic curve is the set of points satisfying
this²= x³+ Axe , b,
This is a theorem, not a definition, and requires some qualifications. Value x, this, AAnd b Come from some region, and that region is an important part of the definition of an elliptic curve. If that field is the real numbers, then all elliptic curves have the form above, known as the Weierstrass form. For fields of characteristic 2 or 3, the Weierstrass form is not general enough. Also, we need
4A³ + 27b² ≠ 0.
Recently I wrote about Curve1174, a special elliptic curve used in cryptography. The points on this curve satisfy
x²+ this² = 1 – 1174 x² this²
This equation does No Specify an elliptic curve if we are working on real numbers. But curve1174 is defined on integers modulo P = 2251 – 9. There it Is An elliptical curve. This is equivalent to a curve in Weierstrass, although this is not true when working on reality. So whether an equation defines an elliptic curve depends on what region the components come from.
no ellipse, no curve
An elliptic curve is not an ellipse, and it cannot be a curve in the usual sense.
There is a relationship between elliptic curve and ellipse, but it is indirect. Elliptic curves are related to the integrals you would write to find the length of a section of an ellipse.
Working on the real numbers, an elliptic curve is a curve in the geometric sense. Operating over a finite region, an elliptic curve is a finite set of points, not a continuum. Operating on complex numbers, an elliptic curve is a two-dimensional surface. The name “curve” has been extended by analogy to elliptic curves over general areas.
final definition
In this section we will give a complete definition of an algebraic curve, although we will be deliberately vague about some details.
The definition of an elliptic curve does not refer to equations of any particular form. It says that the elliptic curve is a
- smooth,
- projectile,
- algebraic curve,
- lineage of one,
- having a specified point hey,
Working on real numbers, lubrication Can be specified in terms of derivatives. But what does it mean to be comfortable working on a limited area? You take equations derived from the real case and extend them by analogy to other areas. You can “transfer” polynomials in settings where you cannot take limits by defining the derivatives algebraically. (Condition 4A³ + 27b² ≠ 0 guarantees the above smoothness.)
off the records, projective This means we add “points at infinity” as needed to make things more consistent. Formally, we are not actually dealing with pairs of coordinates (x, this) but the equivalence classes of triples of coordinates (x, this, z). You can usually think in terms of pairs of values, but the extra value is when you need it to deal with points at infinity. More on that here.
One algebraic curve is the set of points satisfying a polynomial equation.
Caste An algebraic curve has roughly any number of holes. On the complex numbers, the genus of an algebraic curve is actually the number of holes. Like many ideas in algebra, a theorem from a familiar context is taken as a definition in a more general context.
specified point heyOften the point at infinity is the locus of the identity element for group addition. In the post on Curve1174, we add in detail, and the zero point is (0, 1).
In elliptic curve cryptography, it is necessary to specify one more point, a base pointwhich is a generator for a subgroup. This post gives an example specifying a base point on the curve, secp256k1, used in the Bitcoin implementation.
<a href