Weil pairing

Last updated March 06, 2024

In mathematics, the Weil pairing is a pairing (bilinear form, though with multiplicative notation) on the points of order dividing n of an elliptic curve E, taking values in nth roots of unity. More generally there is a similar Weil pairing between points of order n of an abelian variety and its dual. It was introduced by André Weil (1940) for Jacobians of curves, who gave an abstract algebraic definition; the corresponding results for elliptic functions were known, and can be expressed simply by use of the Weierstrass sigma function.

Formulation

Choose an elliptic curve E defined over a field K, and an integer n > 0 (we require n to be coprime to char(K) if char(K) > 0) such that K contains a primitive nth root of unity. Then the n-torsion on Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "http://localhost:6011/en.wikipedia.org/v1/":): {\displaystyle E(\overline{K})} is known to be a Cartesian product of two cyclic groups of order n. The Weil pairing produces an n-th root of unity

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "http://localhost:6011/en.wikipedia.org/v1/":): {\displaystyle w(P,Q) \in \mu_n}

by means of Kummer theory, for any two points $P,Q\in E(K)[n]$ , where $E(K)[n]=\{T\in E(K)\mid n\cdot T=O\}$ and $\mu _{n}=\{x\in K\mid x^{n}=1\}$ .

A down-to-earth construction of the Weil pairing is as follows. Choose a function F in the function field of E over the algebraic closure of K with divisor

\mathrm {div} (F)=\sum _{0\leq k<n}[P+k\cdot Q]-\sum _{0\leq k<n}[k\cdot Q].

So F has a simple zero at each point P + kQ, and a simple pole at each point kQ if these points are all distinct. Then F is well-defined up to multiplication by a constant. If G is the translation of F by Q, then by construction G has the same divisor, so the function G/F is constant.

Therefore if we define

w(P,Q):={\frac {G}{F}}

we shall have an n-th root of unity (as translating n times must give 1) other than 1. With this definition it can be shown that w is alternating and bilinear,^[1] giving rise to a non-degenerate pairing on the n-torsion.

The Weil pairing does not extend to a pairing on all the torsion points (the direct limit of n-torsion points) because the pairings for different n are not the same. However they do fit together to give a pairing T_ℓ(E) × T_ℓ(E) → T_ℓ(μ) on the Tate module T_ℓ(E) of the elliptic curve E (the inverse limit of the ℓⁿ-torsion points) to the Tate module T_ℓ(μ) of the multiplicative group (the inverse limit of ℓⁿ roots of unity).

Generalisation to abelian varieties

For abelian varieties over an algebraically closed field K, the Weil pairing is a nondegenerate pairing

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "http://localhost:6011/en.wikipedia.org/v1/":): {\displaystyle A[n] \times A^\vee[n] \longrightarrow \mu_n}

for all n prime to the characteristic of K.^[2] Here $A^{\vee }$ denotes the dual abelian variety of A. This is the so-called Weil pairing for higher dimensions. If A is equipped with a polarisation

\lambda :A\longrightarrow A^{\vee }

,

then composition gives a (possibly degenerate) pairing

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "http://localhost:6011/en.wikipedia.org/v1/":): {\displaystyle A[n] \times A[n] \longrightarrow \mu_n.}

If C is a projective, nonsingular curve of genus ≥ 0 over k, and J its Jacobian, then the theta-divisor of J induces a principal polarisation of J, which in this particular case happens to be an isomorphism (see autoduality of Jacobians). Hence, composing the Weil pairing for J with the polarisation gives a nondegenerate pairing

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "http://localhost:6011/en.wikipedia.org/v1/":): {\displaystyle J[n]\times J[n] \longrightarrow \mu_n}

for all n prime to the characteristic of k.

As in the case of elliptic curves, explicit formulae for this pairing can be given in terms of divisors of C.

Applications

The pairing is used in number theory and algebraic geometry, and has also been applied in elliptic curve cryptography and identity based encryption.

Related Research Articles

<span class="mw-page-title-main">Elliptic curve</span> Algebraic curve

In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point $O$ . An elliptic curve is defined over a field $K$ and describes points in $K 2$ , the Cartesian product of $K$ with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions $(x, y)$ for:

In mathematics, particularly in algebraic geometry, complex analysis and algebraic number theory, an abelian variety is a projective algebraic variety that is also an algebraic group, i.e., has a group law that can be defined by regular functions. Abelian varieties are at the same time among the most studied objects in algebraic geometry and indispensable tools for much research on other topics in algebraic geometry and number theory.

In mathematics, restriction of scalars is a functor which, for any finite extension of fields L/k and any algebraic variety X over L, produces another variety Res_L/kX, defined over k. It is useful for reducing questions about varieties over large fields to questions about more complicated varieties over smaller fields.

In mathematics, the arithmetic of abelian varieties is the study of the number theory of an abelian variety, or a family of abelian varieties. It goes back to the studies of Pierre de Fermat on what are now recognized as elliptic curves; and has become a very substantial area of arithmetic geometry both in terms of results and conjectures. Most of these can be posed for an abelian variety A over a number field K; or more generally.

In mathematics, the étale cohomology groups of an algebraic variety or scheme are algebraic analogues of the usual cohomology groups with finite coefficients of a topological space, introduced by Grothendieck in order to prove the Weil conjectures. Étale cohomology theory can be used to construct ℓ-adic cohomology, which is an example of a Weil cohomology theory in algebraic geometry. This has many applications, such as the proof of the Weil conjectures and the construction of representations of finite groups of Lie type.

In mathematics, the Jacobian varietyJ(C) of a non-singular algebraic curve C of genus g is the moduli space of degree 0 line bundles. It is the connected component of the identity in the Picard group of C, hence an abelian variety.

Hyperelliptic curve cryptography is similar to elliptic curve cryptography (ECC) insofar as the Jacobian of a hyperelliptic curve is an abelian group in which to do arithmetic, just as we use the group of points on an elliptic curve in ECC.

In algebraic geometry, a Kummer quartic surface, first studied by Ernst Kummer, is an irreducible nodal surface of degree 4 in with the maximal possible number of 16 double points. Any such surface is the Kummer variety of the Jacobian variety of a smooth hyperelliptic curve of genus 2; i.e. a quotient of the Jacobian by the Kummer involution x ↦ −x. The Kummer involution has 16 fixed points: the 16 2-torsion point of the Jacobian, and they are the 16 singular points of the quartic surface. Resolving the 16 double points of the quotient of a torus by the Kummer involution gives a K3 surface with 16 disjoint rational curves; these K3 surfaces are also sometimes called Kummer surfaces.

In mathematics, a Tate module of an abelian group, named for John Tate, is a module constructed from an abelian group A. Often, this construction is made in the following situation: G is a commutative group scheme over a field K, K^s is the separable closure of K, and A = G(K^s). In this case, the Tate module of A is equipped with an action of the absolute Galois group of K, and it is referred to as the Tate module of G.

This is a glossary of arithmetic and diophantine geometry in mathematics, areas growing out of the traditional study of Diophantine equations to encompass large parts of number theory and algebraic geometry. Much of the theory is in the form of proposed conjectures, which can be related at various levels of generality.

In arithmetic geometry, the Mordell–Weil group is an abelian group associated to any abelian variety $defined over a number field, it is an arithmetic invariant of the Abelian variety. It is simply the group of -points of, so is the Mordell-Weil group pg 207 . The main structure theorem about this group is the Mordell-Weil theorem which shows this group is in fact a finitely-generated abelian group. Moreover, there are many conjectures related to this group, such as the Birch and Swinnerton-Dyer conjecture which relates the rank of to the zero of the associated L-function at a special point.$

In mathematics, a dual abelian variety can be defined from an abelian variety A, defined over a field k.

In number theory, the Néron–Tate height is a quadratic form on the Mordell–Weil group of rational points of an abelian variety defined over a global field. It is named after André Néron and John Tate.

Lehmer's conjecture, also known as the Lehmer's Mahler measure problem, is a problem in number theory raised by Derrick Henry Lehmer. The conjecture asserts that there is an absolute constant $such that every polynomial with integer coefficients satisfies one of the following properties:$

In algebraic K-theory, a field of mathematics, the Steinberg group $of a ring is the universal central extension of the commutator subgroup of the stable general linear group of .$

In mathematics, the Mordell–Weil theorem states that for an abelian variety $over a number field, the group of K -rational points of is a finitely-generated abelian group, called the Mordell-Weil group . The case with an elliptic curve and the field of rational numbers is Mordell's theorem, answering a question apparently posed by Henri Poincaré around 1901; it was proved by Louis Mordell in 1922. It is a foundational theorem of Diophantine geometry and the arithmetic of abelian varieties.$

In arithmetic geometry, the Tate–Shafarevich group $Ш(A / K)$ of an abelian variety $A$ (or more generally a group scheme) defined over a number field $K$ consists of the elements of the Weil–Châtelet group $, where is the absolute Galois group of K, that become trivial in all of the completions of K (i.e., the real and complex completions as well as the p -adic fields obtained from K by completing with respect to all its Archimedean and non Archimedean valuations v). Thus, in terms of Galois cohomology, Ш(A / K) can be defined as$

Network coding has been shown to optimally use bandwidth in a network, maximizing information flow but the scheme is very inherently vulnerable to pollution attacks by malicious nodes in the network. A node injecting garbage can quickly affect many receivers. The pollution of network packets spreads quickly since the output of honest node is corrupted if at least one of the incoming packets is corrupted.

In mathematics, the conductor of an elliptic curve over the field of rational numbers is an integral ideal, which is analogous to the Artin conductor of a Galois representation. It is given as a product of prime ideals, together with associated exponents, which encode the ramification in the field extensions generated by the points of finite order in the group law of the elliptic curve. The primes involved in the conductor are precisely the primes of bad reduction of the curve: this is the Néron–Ogg–Shafarevich criterion.

In algebraic geometry, a level structure on a space X is an extra structure attached to X that shrinks or eliminates the automorphism group of X, by demanding automorphisms to preserve the level structure; attaching a level structure is often phrased as rigidifying the geometry of X.

References

↑ Silverman, Joseph (1986). The Arithmetic of Elliptic Curves. New York: Springer-Verlag. ISBN 0-387-96203-4.
↑ James Milne, Abelian Varieties, available at www.jmilne.org/math/

Weil, André (1940), "Sur les fonctions algébriques à corps de constantes fini", Les Comptes rendus de l'Académie des sciences , 210: 592–594, MR 0002863

External links

The Weil pairing on elliptic curves over C (PDF)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Silverman, Joseph (1986). The Arithmetic of Elliptic Curves. New York: Springer-Verlag. ISBN 0-387-96203-4.

[2] James Milne, Abelian Varieties, available at www.jmilne.org/math/

[1]

[2]