Jacobian curve
Encyclopedia
In mathematics
, the Jacobi curve is a representantion of an elliptic curve
different than the usual one (Weierstrass equation
). Sometimes it is used in cryptography
instead of the Weierstrass form because it can provide a defence against simple and differential power analysis style (SPA) attacks; it is possible, indeed, to use the general addition formula also for doubling a point on an elliptic curve of this form: in this way the two operations become indistinguishable from some side-channel information. The Jacobi curve offers also faster arithmetic compared to the Weierstrass curve.
The Jacobi curve can be of two types: the Jacobi intersection, that is given by an intersection of two surfaces, and the Jacobi quartic.
be a field
.
An elliptic curve in the projective space
over 
can be represented as the intersection
of two quadric surfaces
:
It is possible to define the Jacobi form of an elliptic curve as the intersection of two quadrics, using the following map
applied to the usual Weierstrass curve
, 
:
Mathematics
Mathematics is the study of quantity, space, structure, and change. Mathematicians seek out patterns and formulate new conjectures. Mathematicians resolve the truth or falsity of conjectures by mathematical proofs, which are arguments sufficient to convince other mathematicians of their validity...
, the Jacobi curve is a representantion of an elliptic curve
Elliptic curve
In mathematics, an elliptic curve is a smooth, projective algebraic curve of genus one, on which there is a specified point O. An elliptic curve is in fact an abelian variety — that is, it has a multiplication defined algebraically with respect to which it is a group — and O serves as the identity...
different than the usual one (Weierstrass equation
Elliptic curve
In mathematics, an elliptic curve is a smooth, projective algebraic curve of genus one, on which there is a specified point O. An elliptic curve is in fact an abelian variety — that is, it has a multiplication defined algebraically with respect to which it is a group — and O serves as the identity...
). Sometimes it is used in cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
instead of the Weierstrass form because it can provide a defence against simple and differential power analysis style (SPA) attacks; it is possible, indeed, to use the general addition formula also for doubling a point on an elliptic curve of this form: in this way the two operations become indistinguishable from some side-channel information. The Jacobi curve offers also faster arithmetic compared to the Weierstrass curve.
The Jacobi curve can be of two types: the Jacobi intersection, that is given by an intersection of two surfaces, and the Jacobi quartic.
Definition: Jacobi intersection
Let be a fieldField (mathematics)
In abstract algebra, a field is a commutative ring whose nonzero elements form a group under multiplication. As such it is an algebraic structure with notions of addition, subtraction, multiplication, and division, satisfying certain axioms...
.
An elliptic curve in the projective space
Projective space
In mathematics a projective space is a set of elements similar to the set P of lines through the origin of a vector space V. The cases when V=R2 or V=R3 are the projective line and the projective plane, respectively....
over can be represented as the intersectionIntersection
Intersection has various meanings in different contexts:*In mathematics and geometry**Intersection , the set of elements common to some collection of sets.**Line-line intersection**Line-plane intersection**Line–sphere intersection...
of two quadric surfaces
Quadric
In mathematics, a quadric, or quadric surface, is any D-dimensional hypersurface in -dimensional space defined as the locus of zeros of a quadratic polynomial...
:
It is possible to define the Jacobi form of an elliptic curve as the intersection of two quadrics, using the following map
Map (mathematics)
In most of mathematics and in some related technical fields, the term mapping, usually shortened to map, is either a synonym for function, or denotes a particular kind of function which is important in that branch, or denotes something conceptually similar to a function.In graph theory, a map is a...
applied to the usual Weierstrass curve
, :-
This map sends the point
to the point 
that satisfies the following system of equationsSimultaneous equationsIn mathematics, simultaneous equations are a set of equations containing multiple variables. This set is often referred to as a system of equations. A solution to a system of equations is a particular specification of the values of all variables that simultaneously satisfies all of the equations...
:
The map
can be applied to an elliptic curve in the Weierstrass formElliptic curveIn mathematics, an elliptic curve is a smooth, projective algebraic curve of genus one, on which there is a specified point O. An elliptic curve is in fact an abelian variety — that is, it has a multiplication defined algebraically with respect to which it is a group — and O serves as the identity...
with three pointsPoint (geometry)In geometry, topology and related branches of mathematics a spatial point is a primitive notion upon which other concepts may be defined. In geometry, points are zero-dimensional; i.e., they do not have volume, area, length, or any other higher-dimensional analogue. In branches of mathematics...
of orderOrder (mathematics)Order in mathematics may refer to:-In algebra:*Order , the cardinality of a group or period of an element*Order, or degree of a polynomial*Order, or dimension of a matrix*Order , an algebraic structure*Ordered group...
two: this means that the polynomialPolynomialIn mathematics, a polynomial is an expression of finite length constructed from variables and constants, using only the operations of addition, subtraction, multiplication, and non-negative integer exponents...
has three rootsEquation solvingIn mathematics, to solve an equation is to find what values fulfill a condition stated in the form of an equation . These expressions contain one or more unknowns, which are free variables for which values are sought that cause the condition to be fulfilled...
in the field
. Suppose that the roots are 
, with 
, then the three points of order two are: (0,0), (-1,0), (-j,0) and the curve 
can, thus, be written as:
where
is the "point at infinity", that is the neutral elementIdentity elementIn mathematics, an identity element is a special type of element of a set with respect to a binary operation on that set. It leaves other elements unchanged when combined with them...
in the group law.
The curve
corresponds to the following intersection of surfaceSurfaceIn mathematics, specifically in topology, a surface is a two-dimensional topological manifold. The most familiar examples are those that arise as the boundaries of solid objects in ordinary three-dimensional Euclidean space R3 — for example, the surface of a ball...
s in
:
.
The "special case" is when j=0: the elliptic curve has a double point and thus it is singularSingular point of an algebraic varietyIn mathematics, a singular point of an algebraic variety V is a point P that is 'special' , in the geometric sense that V is not locally flat there. In the case of an algebraic curve, a plane curve that has a double point, such as the cubic curveexhibits at , cannot simply be parametrized near the...
.
S1 is obtained by applying to
the transformationMap (mathematics)In most of mathematics and in some related technical fields, the term mapping, usually shortened to map, is either a synonym for function, or denotes a particular kind of function which is important in that branch, or denotes something conceptually similar to a function.In graph theory, a map is a...
:
-
: 
-
-
Group law
(See also The group law).
Given an elliptic curve, it is possible to do some "operations" between its points: for example one can add two points P and Q obtaining the point P+Q that belongs to the curve ; given a point P on the elliptic curve, it is possible to "double" P, that means find [2]P=P+P (the square brackets are used to indicate [n]P, the point P added n times), and also find the negation of P, that means find -P.
In this way, the points of an elliptic curve forms a groupGroup (mathematics)In mathematics, a group is an algebraic structure consisting of a set together with an operation that combines any two of its elements to form a third element. To qualify as a group, the set and the operation must satisfy a few conditions called group axioms, namely closure, associativity, identity...
.
Adding and doubling formulas are useful also to compute [n]P, the nth multiple of a point P on an elliptic curve: this operation is considered the most in elliptic curve cryptographyElliptic curve cryptographyElliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...
.
For S1, the neutral elementIdentity elementIn mathematics, an identity element is a special type of element of a set with respect to a binary operation on that set. It leaves other elements unchanged when combined with them...
of the group is the point
, that is the image of 
by 
.
Addition and doubling
Given
and 
, two points on 
, the coordinatesCoordinate systemIn geometry, a coordinate system is a system which uses one or more numbers, or coordinates, to uniquely determine the position of a point or other geometric element. The order of the coordinates is significant and they are sometimes identified by their position in an ordered tuple and sometimes by...
of the point
are:
-
-
-
-
These formulas are also valid for doubling: it sufficies to have
. So adding or doubling points in 
are operations that both require 16 multiplications plus one multiplication by a constant (
).
It is also possible to use the following formulas for doubling the point
and find 
:
-
-
-
-
Using these formulas 8 multiplications are needed to double a point. However there are even more efficient “strategies” for doubling that require only 7 multiplications. In this way it is possible to triple a point with 23 multiplications; indeed
can be obtained by adding 
with 
with a cost of 7 multiplications for 
and 16 for 
Example of addition and doubling
Let the field
, or 
.
Consider the case:
Consider the points
and 
: it is easy to verify that 
and 
belong to S1 (it is sufficient to see that these points satisfy both equations of the system S1).
Using the formulas given above for adding two points, the coordinates for
, where 
are:
-
-
-
-
The resulting point is
.
With the formulas given above for doubling, it is possible to find the point
:
-
-
-
-
So, in this case
.
Negation
Given the point
in 
, its negationAdditive inverseIn mathematics, the additive inverse, or opposite, of a number a is the number that, when added to a, yields zero.The additive inverse of a is denoted −a....
is
Addition and doubling in affine coordinates
Given two affine points
and 
, their sum is a point 
with coordinates:
These formulas are valid also for doubling with the condition
.
Extended coordinates
There is another kind of coordinate system with which a point in the Jacobi intersection can be represented.
Given the following elliptic curve in the Jacobi intersection form:
the extended coordinates describe a point
with the variables 
, where:
Sometimes these coordinates are used, because they are more convenient (in terms of time-cost) in some specific situations.
To have more information about the operations based on the use of these coordinates see http://hyperelliptic.org/EFD/g1p/auto-jintersect-extended.html
Definition: Jacobi quartic
Let
be a fieldField (mathematics)In abstract algebra, a field is a commutative ring whose nonzero elements form a group under multiplication. As such it is an algebraic structure with notions of addition, subtraction, multiplication, and division, satisfying certain axioms...
.
An elliptic curve in Jacobi quartic form can be obtained from a curve
in the Weierstrass form with at least one point of order 2:
with
.
Let
be a root of 
, then P is a point of order 2 of the elliptic curve; let 
be the point at infinity.
The following transformationMap (mathematics)In most of mathematics and in some related technical fields, the term mapping, usually shortened to map, is either a synonym for function, or denotes a particular kind of function which is important in that branch, or denotes something conceptually similar to a function.In graph theory, a map is a...
sends each point of 
to a point in the Jacobi coordinates (
)
-
: 
-
-
-
Applying
to 
, one obtains a curve in 
of the following form:
where
.
C' represents an elliptic curve in the Jacobi quartic form, in Jacobi coordinates.
Jacobi quartic in affine coordinates
The general form of a Jacobi quartic curve in affine coordinates is:
,
where often
is assumed.
Group law
The neutral element of the group law of
is the projective point 
.
Addition and doubling in affine coordinates
Given two affine points
and 
, their sum is a point 
, such that:
As in the Jacobi intersections, also in this case it is possible to use this formula for doubling as well.
Addition and doubling in projective coordinates
Given two points
and 
in 
, the coordinates for the point 
, where 
, are given in terms of 
and 
by the formulae:
-
-
-
One can use this formula also for doubling, with the condition that
: in this way the point 
is obtained.
The number of multiplications required to add two points is 13 plus 3 multiplications by constants: in particular there are two multiplications by the constant
and one by the constant 
.
There are some "strategies" to reduce the operations required for adding and doubling points: the number of multiplications can be decreased to 11 plus 3 multiplications by constants (see section 3 for more details).
The number of multiplications can be reduced by working on the constants
and 
: the elliptic curve in the Jacobi form can be modified in order to have a smaller number of operations for adding and doubling. So, for example, if the constant 
in C’ is significantly small, the multiplication by 
can be cancelled; however the best option is to reduce 
: if it is small, not only one, but two multiplications are neglected.
Example of addition and doubling
Consider an elliptic curve in the Weierstrass form in affine coordinatesAffine spaceIn mathematics, an affine space is a geometric structure that generalizes the affine properties of Euclidean space. In an affine space, one can subtract points to get vectors, or add a vector to a point to get another point, but one cannot add points. In particular, there is no distinguished point...
over the field
, or 
, with 
and 
:
has a point 
of order 2: 
.
Applying the function
to 
, the following elliptic curve in projective Jacobi quartic form is obtained:
where
and 
.
Choosing two points
and 
, it is possible to find their sum 
using the formulae for adding given above:
-
-
-
.
So
.
Using the same formulae, the point
is obtained:
so,
.
Negation
The negation of a point
is:
Alternative coordinates for the Jacobi quartic
There are other systems of coordinates that can be used to represent a point in a Jacobi quartic: they are used to obtain fast computations in certain cases. For more information about the time-cost required in the operations with these coordinates see http://hyperelliptic.org/EFD/g1p/auto-jquartic.html
Given an affine Jacobi quartic
the Doubling-oriented XXYZZ coordinates introduce an additional curve parameter c
satisfying
and they represent a point (x,y) as (X, XX, Y, Z, ZZ, R), such that:
the Doubling-oriented XYZ coordinates, with the same additional assumption (
), represent a point (x,y) with (X, Y, Z) satisfying the following equations:
Using the XXYZZ coordinates there is no additional assumption, and they represent a point (x,y) as (X,XX,Y,Z,ZZ) such that:
while the XXYZZR coordinates represent (x,y) as (X,XX,Y,Z,ZZ,R) such that:
with the XYZ coordinates the point (x,y) is given by (X,Y,Z), with:
.
See also
For more information about the running-time required in a specific case, see Table of costs of operations in elliptic curvesTable of costs of operations in elliptic curvesThis table relates to the computational cost for certain operations used in elliptic curve cryptography, used in practice for strong cryptographic security of a public key system. The columns of the table are labelled by various computational steps...
.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
