Weil pairing

From HandWiki
Revision as of 10:56, 9 July 2021 by imported>MainAI5 (url)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In mathematics, the Weil pairing is a pairing (bilinear form, though with multiplicative notation) on the points of order dividing n of an elliptic curve E, taking values in nth roots of unity. More generally there is a similar Weil pairing between points of order n of an abelian variety and its dual. It was introduced by André Weil (Weil|1940}}|1940) for Jacobians of curves, who gave an abstract algebraic definition; the corresponding results for elliptic functions were known, and can be expressed simply by use of the Weierstrass sigma function.

Formulation

Choose an elliptic curve E defined over a field K, and an integer n > 0 (we require n to be coprime to char(K) if char(K) > 0) such that K contains a primitive nth root of unity. Then the n-torsion on [math]\displaystyle{ E(\overline{K}) }[/math] is known to be a Cartesian product of two cyclic groups of order n. The Weil pairing produces an n-th root of unity

[math]\displaystyle{ w(P,Q) \in \mu_n }[/math]

by means of Kummer theory, for any two points [math]\displaystyle{ P,Q \in E(K)[n] }[/math], where [math]\displaystyle{ E(K)[n]=\{T \in E(K) \mid n \cdot T = O \} }[/math] and [math]\displaystyle{ \mu_n = \{x\in K \mid x^n =1 \} }[/math].

A down-to-earth construction of the Weil pairing is as follows. Choose a function F in the function field of E over the algebraic closure of K with divisor

[math]\displaystyle{ \mathrm{div}(F)= \sum_{0 \leq k \lt n}[P+k\cdot Q] - \sum_{0 \leq k \lt n} [k\cdot Q]. }[/math]

So F has a simple zero at each point P + kQ, and a simple pole at each point kQ if these points are all distinct. Then F is well-defined up to multiplication by a constant. If G is the translation of F by Q, then by construction G has the same divisor, so the function G/F is constant.

Therefore if we define

[math]\displaystyle{ w(P,Q):=\frac{G}{F} }[/math]

we shall have an n-th root of unity (as translating n times must give 1) other than 1. With this definition it can be shown that w is alternating and bilinear,[1] giving rise to a non-degenerate pairing on the n-torsion.

The Weil pairing does not extend to a pairing on all the torsion points (the direct limit of n-torsion points) because the pairings for different n are not the same. However they do fit together to give a pairing T(E) × T(E) → T(μ) on the Tate module T(E) of the elliptic curve E (the inverse limit of the ℓn-torsion points) to the Tate module T(μ) of the multiplicative group (the inverse limit of ℓn roots of unity).

Generalisation to abelian varieties

For abelian varieties over an algebraically closed field K, the Weil pairing is a nondegenerate pairing

[math]\displaystyle{ A[n] \times A^\vee[n] \longrightarrow \mu_n }[/math]

for all n prime to the characteristic of K.[2] Here [math]\displaystyle{ A^\vee }[/math] denotes the dual abelian variety of A. This is the so-called Weil pairing for higher dimensions. If A is equipped with a polarisation

[math]\displaystyle{ \lambda: A \longrightarrow A^\vee }[/math],

then composition gives a (possibly degenerate) pairing

[math]\displaystyle{ A[n] \times A[n] \longrightarrow \mu_n. }[/math]

If C is a projective, nonsingular curve of genus ≥ 0 over k, and J its Jacobian, then the theta-divisor of J induces a principal polarisation of J, which in this particular case happens to be an isomorphism (see autoduality of Jacobians). Hence, composing the Weil pairing for J with the polarisation gives a nondegenerate pairing

[math]\displaystyle{ J[n]\times J[n] \longrightarrow \mu_n }[/math]

for all n prime to the characteristic of k.

As in the case of elliptic curves, explicit formulae for this pairing can be given in terms of divisors of C.

Applications

The pairing is used in number theory and algebraic geometry, and has also been applied in elliptic curve cryptography and identity based encryption.

See also

References

  1. Silverman, Joseph (1986). The Arithmetic of Elliptic Curves. New York: Springer-Verlag. ISBN 0-387-96203-4. 
  2. James Milne, Abelian Varieties, available at www.jmilne.org/math/
  • Weil, André (1940), "Sur les fonctions algébriques à corps de constantes fini", Les Comptes rendus de l'Académie des sciences 210: 592–594 

External links