Elliptic Curve y^2 = x^3 +17; show N_p = p

  • Thread starter kingwinner
  • Start date
  • Tags
    Curve
In summary: The rest is as before.In summary, to prove that N_p = p, we can use the fact that if p is a prime, then 1^k, 2^k, ..., (p-1)^k form a reduced residue system (mod p) if and only if gcd(k, p-1)=1. We can also use the fact that y^2 = x^3 + 17 has exactly (p+1)/2 solutions mod p if p is a prime and p≡2 (mod 3). Finally, we can show that if u^3+17 = v^3+17 (mod p) with u,v distinct mod p, then u^2+uv+v^
  • #1
kingwinner
1,270
0
Theorem: Suppose that p is an odd prime and p≡2 (mod 3). Let E be the elliptic curve defined by [tex]y^2 = x^3 + 17[/tex]. Then [tex]N_p[/tex], the number of solutions mod p of the elliptic curve E, is exactly equal to p.
[hint: if p is a prime, then [tex]1^k, 2^k, ..., (p-1)^k[/tex] form a reduced residue system (mod p) if and only if gcd(k, p-1)=1.]

Does anyone have any idea how to prove that [tex]N_p = p[/tex]?
Any help is greatly appreciated! :) (If possible, please explain in simpler terms. In particular, I have no background in abstract algebra.)
 
Physics news on Phys.org
  • #2
kingwinner said:
Theorem: Suppose that p is an odd prime and p≡2 (mod 3). Let E be the elliptic curve defined by [tex]y^2 = x^3 + 17[/tex]. Then [tex]N_p[/tex], the number of solutions mod p of the elliptic curve E, is exactly equal to p.
[hint: if p is a prime, then [tex]1^k, 2^k, ..., (p-1)^k[/tex] form a reduced residue system (mod p) if and only if gcd(k, p-1)=1.]
I almost funked at this at the first sight :tongue: . The problem doesn't require any algebraic number theory as I thought.
First, note that p is not 3 . Also, if (x',y') is a solution, so is (x',-y'). Thus, the solutions occur in pairs unless when y'=0 . (I)
If y*^2 = u^3 + 17 = v^3 + 17 with u,v distinct mod p, we must have
u^2+uv+v^2 =0 (mod p). Thus, (2u+v)^2 + 3v^2 = 0 mod p. Since -3 is not a quadratic residue mod p ( remember that p =2 mod 3) , we must have v=0=u.(II)

To follow the hint, gcd(p,3) =1. For k=3, {x^3 +17} (0<=x< p) is a complete residue system (mod p).Hence, it contains exactly (p+1)/2 quadratic residues.This,in view of (I) & (II) gives (p+1)-1 =p solutions.
 
  • #3
Eynstone said:
I almost funked at this at the first sight :tongue: . The problem doesn't require any algebraic number theory as I thought.
First, note that p is not 3 . Also, if (x',y') is a solution, so is (x',-y'). Thus, the solutions occur in pairs unless when y'=0 . (I)
If y*^2 = u^3 + 17 = v^3 + 17 with u,v distinct mod p, we must have
u^2+uv+v^2 =0 (mod p). Thus, (2u+v)^2 + 3v^2 = 0 mod p. Since -3 is not a quadratic residue mod p ( remember that p =2 mod 3) , we must have v=0=u.(II)

To follow the hint, gcd(p,3) =1. For k=3, {x^3 +17} (0<=x< p) is a complete residue system (mod p).Hence, it contains exactly (p+1)/2 quadratic residues.This,in view of (I) & (II) gives (p+1)-1 =p solutions.

In the last paragraph, do you mean gcd(p,3)=1 or gcd(p-1,3) =1??
Also, The hint says it's a REDUCED residue system mod p, how did you get that {x3 +17: x=0,1,2,...,p-1} a COMPLETE residue system?

Also, why does this prove that Np=p? I don't understand what you're trying to do in (II). Can you explain a little more, please?

Thanks for your help! :)
 
Last edited:
  • #4
Soryy for the slip - I meant gcd(p-1,3) =1 in the last paragraph.
The hint says that the kth powers of 1,2,...,p-1 form a reduced residue system mod p. Add 0^k =0 to get a complete residue system. Adding a constant (=17)
doesn't change the the complete nature of the system.
Therefore, we get (p+1)/2 distinct quadratic residues out of this (one of them being zero); say congruent to 0, y1^2,... ,yn^2 ( n=(p-1)/2 ) with corresponding values of x equal to x0,x1,.. ,xn.
Listing the solutions ,
(x0,0) , (x1,+-y1), (x2,+-y2)... = 1 + 2n =p.
 
  • #5
Assuming that [tex]1^3, 2^3, ..., (p-1)^3[/tex] form a reduced residue system mod p, does this always imply that [tex]0^3, 1^3, 2^3, ..., (p-1)^3[/tex] will form a complete residue system mod p? Why?


If y*^2 = u^3 + 17 = v^3 + 17 with u,v distinct mod p, we must have
u^2+uv+v^2 =0 (mod p). Thus, (2u+v)^2 + 3v^2 = 0 mod p. Since -3 is not a quadratic residue mod p ( remember that p =2 mod 3) , we must have v=0=u.(II)
Also, I don't lost in this part. Why do we need to prove this? How did you get that u^2+uv+v^2 =0 (mod p)?

Thank you!
 
  • #6
kingwinner said:
Assuming that [tex]1^3, 2^3, ..., (p-1)^3[/tex] form a reduced residue system mod p, does this always imply that [tex]0^3, 1^3, 2^3, ..., (p-1)^3[/tex] will form a complete residue system mod p? Why?
Yes, 0 is the only number missing.
kingwinner said:
Also, I don't lost in this part. Why do we need to prove this? How did you get that u^2+uv+v^2 =0 (mod p)?
I thought it safe to show that distinct values of xi can't correspond to the same quadratic residue. If they did, u^3+17 = v^3 +17 mod p . As p can't divide u-v &
u^3 -v^3 = (u-v)(u^2+uv+v^2 ) , we must have u^2+uv+v^2 =0 mod p.
 

1. What is an elliptic curve?

An elliptic curve is a type of mathematical curve that is defined by the equation y^2 = x^3 + ax + b, where a and b are constants. The points on the curve form a group, and this structure is useful in cryptography.

2. What is the significance of the equation y^2 = x^3 + 17?

This equation represents a specific elliptic curve that has been extensively studied in cryptography. It is known as the "curve with a small discriminant" and has important properties that make it useful in cryptographic protocols.

3. What is N_p?

N_p is the number of points on the elliptic curve modulo a prime number p. This value is important in cryptography because it is used in the Elliptic Curve Digital Signature Algorithm (ECDSA) to generate public and private keys.

4. How is N_p calculated?

The calculation of N_p involves finding all the points on the elliptic curve that satisfy the equation y^2 = x^3 + 17 mod p. This can be done using various mathematical algorithms, such as the Schoof-Elkies-Atkin algorithm.

5. Why is it important to show that N_p = p?

Showing that N_p = p is a crucial step in proving the security of the elliptic curve in cryptography. It ensures that the curve has a sufficiently large number of points, making it resistant to attacks such as the discrete logarithm problem. This is essential for the security of cryptographic protocols that rely on the curve's properties.

Similar threads

I ##(p^k -1) \equiv X \mbox{(mod p)}## via Wilson's theorem
    • Linear and Abstract Algebra
Replies
2
Views
857
MHB Show that the groups are abelian
    • Linear and Abstract Algebra
Replies
1
Views
784
Show that the sum of twin primes ## p ## and ## p+2 ## is divisible?
    • Precalculus Mathematics Homework Help
Replies
17
Views
2K
If ## p ## and ## p^{2}+8 ## are both prime numbers, prove that....
    • Precalculus Mathematics Homework Help
Replies
16
Views
2K
When n*(n+1)/2 - k is never a square
    • Linear and Abstract Algebra
Replies
2
Views
1K
Show that ## p ## divides ## 2^{(p-1)/2}-1 ##
    • Precalculus Mathematics Homework Help
Replies
1
Views
734
I Partial Differential Equation solved using Products
    • General Math
Replies
2
Views
246
MHB Prove the polynomial f(x)=x^2-q is irreducible in F_p[x]?
    • Linear and Abstract Algebra
Replies
1
Views
1K
Prove that ## 1^{p}+2^{p}+3^{p}+\dotsb +(p-1)^{p}\equiv 0\pmod {p} ##.
    • Calculus and Beyond Homework Help
Replies
6
Views
2K
Comp Sci RSA to encrypt English Alphabets, any restrictions?
    • Engineering and Comp Sci Homework Help
Replies
7
Views
1K

Hot Threads

Recent Insights

Back
Top