American Institute of Mathematical Sciences

Advanced
February  2019, 13(1): 41-66. doi: 10.3934/amc.2019003

Connecting Legendre with Kummer and Edwards

Sabyasachi Karati 1,, and  Palash Sarkar 2,

1. 

iCIS Lab, Department of Computer Science, University of Calgary, Canada
2. 

Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, Kolkata, India

* Corresponding author

Received  January 2018 Revised  August 2018 Published  December 2018

Scalar multiplication on suitable Legendre form elliptic curves can be speeded up in two ways. One can perform the bulk of the computation either on the associated Kummer line or on an appropriate twisted Edwards form elliptic curve. This paper provides details of moving to and from between Legendre form elliptic curves and associated Kummer line and moving to and from between Legendre form elliptic curves and related twisted Edwards form elliptic curves. Further, concrete twisted Edwards form elliptic curves are identified which correspond to known Kummer lines at the 128-bit security level which provide very fast scalar multiplication on modern architectures supporting SIMD operations.

Keywords: Elliptic curve, Legendre form, Edwards form, Kummer line.
Mathematics Subject Classification: Primary: 58F15, 58F17; Secondary: 53C35.
Citation: Sabyasachi Karati, Palash Sarkar. Connecting Legendre with Kummer and Edwards. Advances in Mathematics of Communications, 2019, 13 (1) : 41-66. doi: 10.3934/amc.2019003
References:
[1]

J. Barwise and P. Eklof, Lefschetz's principle, Journal of Algebra, 13 (1969), 554-570.  doi: 10.1016/0021-8693(69)90117-3.  Google Scholar

[2]

D. J. Bernstein, Curve25519: New Diffie-Hellman speed records, Public Key Cryptography - PKC, 3958 (2006), 207-228.  doi: 10.1007/11745853_14.  Google Scholar

[3]

D. J. Bernstein and T. Lange, Explicit-Formulas Database, 2007. Available from: http://www.hyperelliptic.org/EFD/index.html. Google Scholar

[4]

D. J. Bernstein and T. Lange, Faster Addition and Doubling on Elliptic Curves, Advances in Cryptology - ASIACRYPT, 4833 (2007), 29-50.  doi: 10.1007/978-3-540-76900-2_3.  Google Scholar

[5]

D. J. BernsteinP. BirknerM. JoyeT. Lange and C. Peters, Twisted Edwards curves, Progress in Cryptology - AFRICACRYPT, 5023 (2008), 389-405.  doi: 10.1007/978-3-540-68164-9_26.  Google Scholar

[6]

D. J. BernsteinN. DuifT. LangeP. Schwabe and B.-Y. Yang, High-speed high-security signatures, J. Cryptographic Engineering, 2 (2012), 77-89.   Google Scholar

[7]

E. Brier and M. Joye, Fast point multiplication on elliptic curves through isogenies, Applied Algebra, Algebraic Algorithms and Error-Correcting Codes - AAECC, 2643 (2003), 43-50.  doi: 10.1007/3-540-44828-4_6.  Google Scholar

[8]

M. P. L. Das and P. Sarkar, Pairing computation on twisted Edwards form elliptic curves, Pairing-Based Cryptography - Pairing, 5209 (2008), 192-210.  doi: 10.1007/978-3-540-85538-5_14.  Google Scholar

[9]

H. M. Edwards, A normal form for elliptic curves, Bulletin of the American Mathematical Society, 44 (2007), 393-422.  doi: 10.1090/S0273-0979-07-01153-6.  Google Scholar

[10]

G. Frey and H.-G. Rück, The strong Lefschetz principle in algebraic geometry, Manuscripta Mathematica, 55 (1986), 385-401.  doi: 10.1007/BF01186653.  Google Scholar

[11]

P. Gaudry, Fast genus 2 arithmetic based on Theta functions, J. Mathematical Cryptology, 1 (2007), 243-265.  doi: 10.1515/JMC.2007.012.  Google Scholar

[12]

P. Gaudry and D. Lubicz, The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines, Finite Fields and Their Applications, 15 (2009), 246-260.  doi: 10.1016/j.ffa.2008.12.006.  Google Scholar

[13]

H. Hisil and C. Costello, Jacobian coordinates on genus 2 curves, J. Cryptology, 30 (2017), 572-600.  doi: 10.1007/s00145-016-9227-7.  Google Scholar

[14]

H. HisilK. K.-H. WongG. Carter and E. Dawson, Twisted edwards curves revisited, Advances in Cryptology - ASIACRYPT, 5350 (2008), 326-343.  doi: 10.1007/978-3-540-89255-7_20.  Google Scholar

[15]

J.-I. Igusa, Theta Functions, Springer, 1972.  Google Scholar

[16]

S. Karati and P. Sarkar, 2007. Available from: https://github.com/skarati/Connecting-Legendre-with-Kummer-and-Edwards. Google Scholar

[17]

S. Karati and P. Sarkar, Kummer for Genus One over Prime Order Fields, Advances in Cryptology - ASIACRYPT, 10625 (2017), 3-32.   Google Scholar

[18]

N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48 (1987), 203-209.  doi: 10.1090/S0025-5718-1987-0866109-5.  Google Scholar

[19]

V. S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology - CRYPTO, 218 (1985), 417-426.  doi: 10.1007/3-540-39799-X_31.  Google Scholar

[20]

P. L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Mathematics of Computation, 48 (1987), 243-264.  doi: 10.1090/S0025-5718-1987-0866113-7.  Google Scholar

[21]

D. Mumford, Tata Lectures on Theta I, Progress in Mathematics 28. Birkh äuser, 1983. doi: 10.1007/978-1-4899-2843-6.  Google Scholar

[22]

K. OkeyaH. Kurumatani and K. Sakurai, Elliptic curves with the Montgomery-form and their cryptographic applications, Public Key Cryptography - PKC, 1751 (2000), 238-257.  doi: 10.1007/978-3-540-46588-1_17.  Google Scholar

[23]

K. Okeya and K. Sakurai, Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y-coordinate on a Montgomery-form elliptic curve, Cryptographic Hardware and Embedded Systems - CHES, 2162 (2001), 126-141.  doi: 10.1007/3-540-44709-1_12.  Google Scholar

[24]

J. H. Silverman, The Arithmetic of Elliptic Curves, Springer, 2009. doi: 10.1007/978-0-387-09494-6.  Google Scholar

show all references

References:
[1]

J. Barwise and P. Eklof, Lefschetz's principle, Journal of Algebra, 13 (1969), 554-570.  doi: 10.1016/0021-8693(69)90117-3.  Google Scholar

[2]

D. J. Bernstein, Curve25519: New Diffie-Hellman speed records, Public Key Cryptography - PKC, 3958 (2006), 207-228.  doi: 10.1007/11745853_14.  Google Scholar

[3]

D. J. Bernstein and T. Lange, Explicit-Formulas Database, 2007. Available from: http://www.hyperelliptic.org/EFD/index.html. Google Scholar

[4]

D. J. Bernstein and T. Lange, Faster Addition and Doubling on Elliptic Curves, Advances in Cryptology - ASIACRYPT, 4833 (2007), 29-50.  doi: 10.1007/978-3-540-76900-2_3.  Google Scholar

[5]

D. J. BernsteinP. BirknerM. JoyeT. Lange and C. Peters, Twisted Edwards curves, Progress in Cryptology - AFRICACRYPT, 5023 (2008), 389-405.  doi: 10.1007/978-3-540-68164-9_26.  Google Scholar

[6]

D. J. BernsteinN. DuifT. LangeP. Schwabe and B.-Y. Yang, High-speed high-security signatures, J. Cryptographic Engineering, 2 (2012), 77-89.   Google Scholar

[7]

E. Brier and M. Joye, Fast point multiplication on elliptic curves through isogenies, Applied Algebra, Algebraic Algorithms and Error-Correcting Codes - AAECC, 2643 (2003), 43-50.  doi: 10.1007/3-540-44828-4_6.  Google Scholar

[8]

M. P. L. Das and P. Sarkar, Pairing computation on twisted Edwards form elliptic curves, Pairing-Based Cryptography - Pairing, 5209 (2008), 192-210.  doi: 10.1007/978-3-540-85538-5_14.  Google Scholar

[9]

H. M. Edwards, A normal form for elliptic curves, Bulletin of the American Mathematical Society, 44 (2007), 393-422.  doi: 10.1090/S0273-0979-07-01153-6.  Google Scholar

[10]

G. Frey and H.-G. Rück, The strong Lefschetz principle in algebraic geometry, Manuscripta Mathematica, 55 (1986), 385-401.  doi: 10.1007/BF01186653.  Google Scholar

[11]

P. Gaudry, Fast genus 2 arithmetic based on Theta functions, J. Mathematical Cryptology, 1 (2007), 243-265.  doi: 10.1515/JMC.2007.012.  Google Scholar

[12]

P. Gaudry and D. Lubicz, The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines, Finite Fields and Their Applications, 15 (2009), 246-260.  doi: 10.1016/j.ffa.2008.12.006.  Google Scholar

[13]

H. Hisil and C. Costello, Jacobian coordinates on genus 2 curves, J. Cryptology, 30 (2017), 572-600.  doi: 10.1007/s00145-016-9227-7.  Google Scholar

[14]

H. HisilK. K.-H. WongG. Carter and E. Dawson, Twisted edwards curves revisited, Advances in Cryptology - ASIACRYPT, 5350 (2008), 326-343.  doi: 10.1007/978-3-540-89255-7_20.  Google Scholar

[15]

J.-I. Igusa, Theta Functions, Springer, 1972.  Google Scholar

[16]

S. Karati and P. Sarkar, 2007. Available from: https://github.com/skarati/Connecting-Legendre-with-Kummer-and-Edwards. Google Scholar

[17]

S. Karati and P. Sarkar, Kummer for Genus One over Prime Order Fields, Advances in Cryptology - ASIACRYPT, 10625 (2017), 3-32.   Google Scholar

[18]

N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48 (1987), 203-209.  doi: 10.1090/S0025-5718-1987-0866109-5.  Google Scholar

[19]

V. S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology - CRYPTO, 218 (1985), 417-426.  doi: 10.1007/3-540-39799-X_31.  Google Scholar

[20]

P. L. Montgomery, Speeding the Pollard and elliptic curve methods of factorization, Mathematics of Computation, 48 (1987), 243-264.  doi: 10.1090/S0025-5718-1987-0866113-7.  Google Scholar

[21]

D. Mumford, Tata Lectures on Theta I, Progress in Mathematics 28. Birkh äuser, 1983. doi: 10.1007/978-1-4899-2843-6.  Google Scholar

[22]

K. OkeyaH. Kurumatani and K. Sakurai, Elliptic curves with the Montgomery-form and their cryptographic applications, Public Key Cryptography - PKC, 1751 (2000), 238-257.  doi: 10.1007/978-3-540-46588-1_17.  Google Scholar

[23]

K. Okeya and K. Sakurai, Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y-coordinate on a Montgomery-form elliptic curve, Cryptographic Hardware and Embedded Systems - CHES, 2162 (2001), 126-141.  doi: 10.1007/3-540-44709-1_12.  Google Scholar

[24]

J. H. Silverman, The Arithmetic of Elliptic Curves, Springer, 2009. doi: 10.1007/978-0-387-09494-6.  Google Scholar

Table 1.  Double and differential addition in the square-only setting
$\mathsf{dbl}(\mathsf{x}^2,\mathsf{z}^2)$ $\mathsf{diffAdd}(\mathsf{x}_1^2,\mathsf{z}_1^2,\mathsf{x}_2^2,\mathsf{z}_2^2,\mathsf{x}^2,\mathsf{z}^2)$
    $\mathsf{s}_0 = \mathsf{B}^2(\mathsf{x}^2+\mathsf{z}^2)^2$;     $\mathsf{s}_0 = \mathsf{B}^2(\mathsf{x}_1^2+\mathsf{z}_1^2)(\mathsf{x}_2^2+\mathsf{z}_2^2)$;
    $\mathsf{t}_0 = \mathsf{A}^2(\mathsf{x}^2-\mathsf{z}^2)^2$;     $\mathsf{t}_0 = \mathsf{A}^2(\mathsf{x}_1^2-\mathsf{z}_1^2)(\mathsf{x}_2^2-\mathsf{z}_2^2)$;
    $\mathsf{x}_3^2 = \mathsf{b}^2(\mathsf{s}_0+\mathsf{t}_0)^2$;     $\mathsf{x}_3^2 = \mathsf{z}^2(\mathsf{s}_0+\mathsf{t}_0)^2$;
    $\mathsf{z}_3^2 = \mathsf{a}^2(\mathsf{s}_0-\mathsf{t}_0)^2$;     $\mathsf{z}_3^2 = \mathsf{x}^2(\mathsf{s}_0-\mathsf{t}_0)^2$;
    return $(\mathsf{x}_3^2,\mathsf{z}_3^2)$.     return $(\mathsf{x}_3^2,\mathsf{z}_3^2)$.
Table Options

Download as excel

$\mathsf{dbl}(\mathsf{x}^2,\mathsf{z}^2)$ $\mathsf{diffAdd}(\mathsf{x}_1^2,\mathsf{z}_1^2,\mathsf{x}_2^2,\mathsf{z}_2^2,\mathsf{x}^2,\mathsf{z}^2)$
    $\mathsf{s}_0 = \mathsf{B}^2(\mathsf{x}^2+\mathsf{z}^2)^2$;     $\mathsf{s}_0 = \mathsf{B}^2(\mathsf{x}_1^2+\mathsf{z}_1^2)(\mathsf{x}_2^2+\mathsf{z}_2^2)$;
    $\mathsf{t}_0 = \mathsf{A}^2(\mathsf{x}^2-\mathsf{z}^2)^2$;     $\mathsf{t}_0 = \mathsf{A}^2(\mathsf{x}_1^2-\mathsf{z}_1^2)(\mathsf{x}_2^2-\mathsf{z}_2^2)$;
    $\mathsf{x}_3^2 = \mathsf{b}^2(\mathsf{s}_0+\mathsf{t}_0)^2$;     $\mathsf{x}_3^2 = \mathsf{z}^2(\mathsf{s}_0+\mathsf{t}_0)^2$;
    $\mathsf{z}_3^2 = \mathsf{a}^2(\mathsf{s}_0-\mathsf{t}_0)^2$;     $\mathsf{z}_3^2 = \mathsf{x}^2(\mathsf{s}_0-\mathsf{t}_0)^2$;
    return $(\mathsf{x}_3^2,\mathsf{z}_3^2)$.     return $(\mathsf{x}_3^2,\mathsf{z}_3^2)$.
Table 2.  Scalar multiplication on Kummer line using a ladder
$\mathsf{scalarMult}(\mathsf{P},n)$ $\mathsf{ladder}(\mathsf{R},\mathsf{S},\mathfrak{b})$
input: $\mathsf{P}\in{\mathcal K}_{\mathsf{a}^2,\mathsf{b}^2}$;    if ($\mathfrak{b}=0$)
      $\ell$-bit scalar $n=(1,n_{\ell-2},\ldots,n_0)$;       $\mathsf{S}=\mathsf{diffAdd}(\mathsf{R},\mathsf{S},\mathsf{P})$;
output: $n\mathsf{P}$;          $\mathsf{R}=\mathsf{dbl}(\mathsf{R})$;
   set $\mathsf{R}=\mathsf{P}$ and $\mathsf{S}=\mathsf{dbl}(\mathsf{P})$;    else
   for $i=\ell-2,\ell-3,\ldots,0$ do       $\mathsf{R}=\mathsf{diffAdd}(\mathsf{R},\mathsf{S},\mathsf{P})$;
      $(\mathsf{R},\mathsf{S})=\mathsf{ladder}(\mathsf{R},\mathsf{S},n_i)$;       $\mathsf{S}=\mathsf{dbl}(\mathsf{S})$;
   return $(\mathsf{R},\mathsf{S})$.    return $(\mathsf{R},\mathsf{S})$.
Table Options

Download as excel

$\mathsf{scalarMult}(\mathsf{P},n)$ $\mathsf{ladder}(\mathsf{R},\mathsf{S},\mathfrak{b})$
input: $\mathsf{P}\in{\mathcal K}_{\mathsf{a}^2,\mathsf{b}^2}$;    if ($\mathfrak{b}=0$)
      $\ell$-bit scalar $n=(1,n_{\ell-2},\ldots,n_0)$;       $\mathsf{S}=\mathsf{diffAdd}(\mathsf{R},\mathsf{S},\mathsf{P})$;
output: $n\mathsf{P}$;          $\mathsf{R}=\mathsf{dbl}(\mathsf{R})$;
   set $\mathsf{R}=\mathsf{P}$ and $\mathsf{S}=\mathsf{dbl}(\mathsf{P})$;    else
   for $i=\ell-2,\ell-3,\ldots,0$ do       $\mathsf{R}=\mathsf{diffAdd}(\mathsf{R},\mathsf{S},\mathsf{P})$;
      $(\mathsf{R},\mathsf{S})=\mathsf{ladder}(\mathsf{R},\mathsf{S},n_i)$;       $\mathsf{S}=\mathsf{dbl}(\mathsf{S})$;
   return $(\mathsf{R},\mathsf{S})$.    return $(\mathsf{R},\mathsf{S})$.
Table 3.  Some properties of the group of $\mathbb{F}_p$-rational points of the Legendre form elliptic curves $E_{1a}$, $E_{1b}$, $E_2$ and $E_3$
$E_{1a}$ $E_{1b}$ $E_2$ $E_3$
$p$ $2^{251}-9$ $2^{251}-9$ $2^{255}-19$ $2^{266}-3$
$(\lg\ell,\lg\ell_T)$ $(248,248)$ $(248,248)$ $(251.4,252)$ $(262.4,263)$
$(h,h_T)$ $(8,8)$ $(8,8)$ $(12,8)$ $(12,8)$
$(k,k_T)$ $\left(\ell-1,\frac{\ell_T-1}{7}\right)$ $\left(\ell-1,\ell_T-1\right)$ $\left(\ell-1,\ell_T-1\right)$ $\left(\frac{\ell-1}{2},\ell_T-1\right)$
$\lg (-D)$ $246.3$ $249.8$ $255$ $266$
$\mathsf{KL}$ base pt $[64:1]$ $[19:1]$ $[31:1]$ $[2:1]$
Table Options

Download as excel

$E_{1a}$ $E_{1b}$ $E_2$ $E_3$
$p$ $2^{251}-9$ $2^{251}-9$ $2^{255}-19$ $2^{266}-3$
$(\lg\ell,\lg\ell_T)$ $(248,248)$ $(248,248)$ $(251.4,252)$ $(262.4,263)$
$(h,h_T)$ $(8,8)$ $(8,8)$ $(12,8)$ $(12,8)$
$(k,k_T)$ $\left(\ell-1,\frac{\ell_T-1}{7}\right)$ $\left(\ell-1,\ell_T-1\right)$ $\left(\ell-1,\ell_T-1\right)$ $\left(\frac{\ell-1}{2},\ell_T-1\right)$
$\lg (-D)$ $246.3$ $249.8$ $255$ $266$
$\mathsf{KL}$ base pt $[64:1]$ $[19:1]$ $[31:1]$ $[2:1]$
Table 4.  Conversions from Kummer line to Legendre form elliptic curves and vice versa. Here $\alpha_0 = \mathsf{a}^2$ and $\alpha_1 = \mathsf{b}^2$ are precomputed quantities
KL to Legendre Legendre to KL
  $\widehat{\psi}([\mathsf{x}^2:\mathsf{z}^2])$ $\widehat{\psi}^{-1}(X:\cdot:Z)$
    $X=\alpha_0\mathsf{z}^2$;     $\mathsf{x}^2=\alpha_0(X-Z)$;
    $t_1=\alpha_1\mathsf{x}^2$;     $\mathsf{z}^2=\alpha_1X$;
    $Z=X-t_1$;   return $[\mathsf{x}^2:\mathsf{z}^2]$.
  return $(X:\cdot:Z)$.
Table Options

Download as excel

KL to Legendre Legendre to KL
  $\widehat{\psi}([\mathsf{x}^2:\mathsf{z}^2])$ $\widehat{\psi}^{-1}(X:\cdot:Z)$
    $X=\alpha_0\mathsf{z}^2$;     $\mathsf{x}^2=\alpha_0(X-Z)$;
    $t_1=\alpha_1\mathsf{x}^2$;     $\mathsf{z}^2=\alpha_1X$;
    $Z=X-t_1$;   return $[\mathsf{x}^2:\mathsf{z}^2]$.
  return $(X:\cdot:Z)$.
Table 5.  Base points for $E_{1a}$, $E_{1b}$, $E_2$ and $E_3$ corresponding to $\mathsf{KL}_{1a}$, $\mathsf{KL}_{1b}$, $\mathsf{KL}_{2}$ and $\mathsf{KL}_{3}$
$p$ $\mathsf{a}^2$ $\mathsf{b}^2$ $[\mathsf{x}^2:\mathsf{z}^2]$ $(x,y)$
$2^{251}-9$ $81$ $20$ $[64:1]$ $(-81/1199,\mathfrak{y}_1)$
$2^{251}-9$ $186$ $175$ $[19:1]$ $(-186/3139,\mathfrak{y}_2)$
$2^{255}-19$ $82$ $77$ $[31:1]$ $(-82/2305,\mathfrak{y}_3)$
$2^{266}-3$ $260$ $139$ $[2:1]$ $(-260/18,\mathfrak{y}_4)$
Table Options

Download as excel

$p$ $\mathsf{a}^2$ $\mathsf{b}^2$ $[\mathsf{x}^2:\mathsf{z}^2]$ $(x,y)$
$2^{251}-9$ $81$ $20$ $[64:1]$ $(-81/1199,\mathfrak{y}_1)$
$2^{251}-9$ $186$ $175$ $[19:1]$ $(-186/3139,\mathfrak{y}_2)$
$2^{255}-19$ $82$ $77$ $[31:1]$ $(-82/2305,\mathfrak{y}_3)$
$2^{266}-3$ $260$ $139$ $[2:1]$ $(-260/18,\mathfrak{y}_4)$
Table 6.  Values of $x_1,y_1$ and $x_2$ which are solutions to (24)
$x_2=0$ $x_1 = \sqrt{\mu}$ $y_1 = \pm\sqrt{-\mu^2 + 2\mu^{3/2} - \mu}$
$x_1 = -\sqrt{\mu}$ $y_1 = \pm\sqrt{-\mu^2 - 2\mu^{3/2} - \mu}$
$x_2=1$ $x_1 = 1 + \sqrt{1-\mu}$ $y_1 = \pm (-1+\mu-\sqrt{1-\mu})$
$x_1 = 1 - \sqrt{1-\mu}$ $y_1 = \pm (-1+\mu+\sqrt{1-\mu})$
$x_2=\mu$ $x_1 = \mu + \sqrt{\mu^2-\mu}$ $y_1 = \pm \left(2\mu^3 + 2\mu^2\sqrt{\mu^2-\mu}-3\mu^2-2\mu\sqrt{\mu^2-\mu}+\mu\right)^{1/2}$
$x_1 = \mu - \sqrt{\mu^2-\mu}$ $y_1 = \pm \left(2\mu^3 - 2\mu^2\sqrt{\mu^2-\mu}-3\mu^2+2\mu\sqrt{\mu^2-\mu}+\mu\right)^{1/2}$
Table Options

Download as excel

$x_2=0$ $x_1 = \sqrt{\mu}$ $y_1 = \pm\sqrt{-\mu^2 + 2\mu^{3/2} - \mu}$
$x_1 = -\sqrt{\mu}$ $y_1 = \pm\sqrt{-\mu^2 - 2\mu^{3/2} - \mu}$
$x_2=1$ $x_1 = 1 + \sqrt{1-\mu}$ $y_1 = \pm (-1+\mu-\sqrt{1-\mu})$
$x_1 = 1 - \sqrt{1-\mu}$ $y_1 = \pm (-1+\mu+\sqrt{1-\mu})$
$x_2=\mu$ $x_1 = \mu + \sqrt{\mu^2-\mu}$ $y_1 = \pm \left(2\mu^3 + 2\mu^2\sqrt{\mu^2-\mu}-3\mu^2-2\mu\sqrt{\mu^2-\mu}+\mu\right)^{1/2}$
$x_1 = \mu - \sqrt{\mu^2-\mu}$ $y_1 = \pm \left(2\mu^3 - 2\mu^2\sqrt{\mu^2-\mu}-3\mu^2+2\mu\sqrt{\mu^2-\mu}+\mu\right)^{1/2}$
Table 7.  Summary of the different twisted Edwards form curve. Here b.r. denotes birational equivalence and 2-iso denotes 2-isogeny
Kummer Legendre twisted Edwards Legendre to twisted Edwards
$\mathsf{KL2519}(81,20)$ $E_{1a}$ $\mathsf{Ed}_{1a,1}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1a,2}$ b.r. (Thm 4.4)
$\mathsf{KL2519}(186,175)$ $E_{1b}$ $\mathsf{Ed}_{1b,1}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1b,2}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1b,3}$ 2-iso (Thm 4.5)
$\mathsf{KL25519}(82,77)$ $E_{2}$ $\mathsf{Ed}_{2}$ 2-iso (Thm 4.5)
$\mathsf{KL2663}(260,139)$ $E_{3}$ $\mathsf{Ed}_{3}$ 2-iso (Thm 4.5)
Table Options

Download as excel

Kummer Legendre twisted Edwards Legendre to twisted Edwards
$\mathsf{KL2519}(81,20)$ $E_{1a}$ $\mathsf{Ed}_{1a,1}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1a,2}$ b.r. (Thm 4.4)
$\mathsf{KL2519}(186,175)$ $E_{1b}$ $\mathsf{Ed}_{1b,1}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1b,2}$ b.r. (Thm 4.4)
$\mathsf{Ed}_{1b,3}$ 2-iso (Thm 4.5)
$\mathsf{KL25519}(82,77)$ $E_{2}$ $\mathsf{Ed}_{2}$ 2-iso (Thm 4.5)
$\mathsf{KL2663}(260,139)$ $E_{3}$ $\mathsf{Ed}_{3}$ 2-iso (Thm 4.5)
Table 8.  General $d$
$A \leftarrow (V_1 - U_1 ) \cdot (V_2 - U_2 )$,
$B \leftarrow (V_1 + U_1 ) \cdot (V_2 + U_2 )$,
$C \leftarrow (2d) T_1 \cdot T_2$,
$D \leftarrow 2W_1 \cdot W_2$,
$E \leftarrow B - A$,
$F \leftarrow D - C$,
$G \leftarrow D + C$,
$H \leftarrow B + A$,
$U_3 \leftarrow E \cdot F$,
$V_3 \leftarrow G \cdot H$,
$T_3 \leftarrow E \cdot H$,
$W_3 \leftarrow F \cdot G$.
Table Options

Download as excel

$A \leftarrow (V_1 - U_1 ) \cdot (V_2 - U_2 )$,
$B \leftarrow (V_1 + U_1 ) \cdot (V_2 + U_2 )$,
$C \leftarrow (2d) T_1 \cdot T_2$,
$D \leftarrow 2W_1 \cdot W_2$,
$E \leftarrow B - A$,
$F \leftarrow D - C$,
$G \leftarrow D + C$,
$H \leftarrow B + A$,
$U_3 \leftarrow E \cdot F$,
$V_3 \leftarrow G \cdot H$,
$T_3 \leftarrow E \cdot H$,
$W_3 \leftarrow F \cdot G$.
Table 9.  $d = d_1/d_2$ with $d_1,d_2$ small
$A \leftarrow (V_1 - U_1 ) \cdot (V_2 - U_2 )$,
$B \leftarrow (V_1 + U_1 ) \cdot (V_2 + U_2 )$,
$C \leftarrow (2d_1) T_1 \cdot T_2$,
$D \leftarrow (2d_2) W_1 \cdot W_2$,
$E \leftarrow d_2(B - A)$,
$F \leftarrow D - C$,
$G \leftarrow D + C$,
$H \leftarrow d_2(B + A)$,
$U_3 \leftarrow E \cdot F$,
$V_3 \leftarrow G \cdot H$,
$T_3 \leftarrow E \cdot H$,
$W_3 \leftarrow F \cdot G$.
Table Options

Download as excel

$A \leftarrow (V_1 - U_1 ) \cdot (V_2 - U_2 )$,
$B \leftarrow (V_1 + U_1 ) \cdot (V_2 + U_2 )$,
$C \leftarrow (2d_1) T_1 \cdot T_2$,
$D \leftarrow (2d_2) W_1 \cdot W_2$,
$E \leftarrow d_2(B - A)$,
$F \leftarrow D - C$,
$G \leftarrow D + C$,
$H \leftarrow d_2(B + A)$,
$U_3 \leftarrow E \cdot F$,
$V_3 \leftarrow G \cdot H$,
$T_3 \leftarrow E \cdot H$,
$W_3 \leftarrow F \cdot G$.
[1]

Rong Dong, Dongsheng Li, Lihe Wang. Regularity of elliptic systems in divergence form with directional homogenization. Discrete & Continuous Dynamical Systems, 2018, 38 (1) : 75-90. doi: 10.3934/dcds.2018004
[2]

Emmanuel Hebey, Jérôme Vétois. Multiple solutions for critical elliptic systems in potential form. Communications on Pure & Applied Analysis, 2008, 7 (3) : 715-741. doi: 10.3934/cpaa.2008.7.715
[3]

M. Matzeu, Raffaella Servadei. A variational approach to a class of quasilinear elliptic equations not in divergence form. Discrete & Continuous Dynamical Systems - S, 2012, 5 (4) : 819-830. doi: 10.3934/dcdss.2012.5.819
[4]

David Iglesias-Ponte, Juan Carlos Marrero, David Martín de Diego, Edith Padrón. Discrete dynamics in implicit form. Discrete & Continuous Dynamical Systems, 2013, 33 (3) : 1117-1135. doi: 10.3934/dcds.2013.33.1117
[5]

Aram L. Karakhanyan. Lipschitz continuity of free boundary in the continuous casting problem with divergence form elliptic equation. Discrete & Continuous Dynamical Systems, 2016, 36 (1) : 261-277. doi: 10.3934/dcds.2016.36.261
[6]

Andrea Bonfiglioli, Ermanno Lanconelli and Francesco Uguzzoni. Levi's parametrix for some sub-elliptic non-divergence form operators. Electronic Research Announcements, 2003, 9: 10-18.

[7]

Abbas Bahri. Recent results in contact form geometry. Discrete & Continuous Dynamical Systems, 2004, 10 (1&2) : 21-30. doi: 10.3934/dcds.2004.10.21
[8]

Junichi Minagawa. On the uniqueness of Nash equilibrium in strategic-form games. Journal of Dynamics & Games, 2020, 7 (2) : 97-104. doi: 10.3934/jdg.2020006
[9]

Vivi Rottschäfer. Multi-bump patterns by a normal form approach. Discrete & Continuous Dynamical Systems - B, 2001, 1 (3) : 363-386. doi: 10.3934/dcdsb.2001.1.363
[10]

Tony Lyons. Geophysical internal equatorial waves of extreme form. Discrete & Continuous Dynamical Systems, 2019, 39 (8) : 4471-4486. doi: 10.3934/dcds.2019183
[11]

Gary Lieberman. Nonlocal problems for quasilinear parabolic equations in divergence form. Conference Publications, 2003, 2003 (Special) : 563-570. doi: 10.3934/proc.2003.2003.563
[12]

Todor Mitev, Georgi Popov. Gevrey normal form and effective stability of Lagrangian tori. Discrete & Continuous Dynamical Systems - S, 2010, 3 (4) : 643-666. doi: 10.3934/dcdss.2010.3.643
[13]

Jędrzej Śniatycki, Oǧul Esen. De Donder form for second order gravity. Journal of Geometric Mechanics, 2020, 12 (1) : 85-106. doi: 10.3934/jgm.2020005
[14]

Dario Bambusi, A. Carati, A. Ponno. The nonlinear Schrödinger equation as a resonant normal form. Discrete & Continuous Dynamical Systems - B, 2002, 2 (1) : 109-128. doi: 10.3934/dcdsb.2002.2.109
[15]

Hyungjin Huh. A special form of solution to half-wave equations. Evolution Equations & Control Theory, 2021  doi: 10.3934/eect.2021056
[16]

Xiwang Cao, Hao Chen, Sihem Mesnager. Further results on semi-bent functions in polynomial form. Advances in Mathematics of Communications, 2016, 10 (4) : 725-741. doi: 10.3934/amc.2016037
[17]

Amal Attouchi, Eero Ruosteenoja. Gradient regularity for a singular parabolic equation in non-divergence form. Discrete & Continuous Dynamical Systems, 2020, 40 (10) : 5955-5972. doi: 10.3934/dcds.2020254
[18]

Sigve Hovda. Closed-form expression for the inverse of a class of tridiagonal matrices. Numerical Algebra, Control & Optimization, 2016, 6 (4) : 437-445. doi: 10.3934/naco.2016019
[19]

Maria Rosaria Lancia, Valerio Regis Durante, Paola Vernole. Asymptotics for Venttsel' problems for operators in non divergence form in irregular domains. Discrete & Continuous Dynamical Systems - S, 2016, 9 (5) : 1493-1520. doi: 10.3934/dcdss.2016060
[20]

David Maxwell. Kozlov-Maz'ya iteration as a form of Landweber iteration. Inverse Problems & Imaging, 2014, 8 (2) : 537-560. doi: 10.3934/ipi.2014.8.537

2020 Impact Factor: 0.935

Tools

Metrics

  • PDF downloads (352)
  • HTML views (349)
  • Cited by (0)

Other articles
by authors

[Back to Top]

Copyright © 2022 American Institute of Mathematical Sciences | Privacy Policy