Schlieren imaging: Difference between revisions

Template:Multiple issues In mathematics, the Jacobi curve is a representation of an elliptic curve different than the usual one (Weierstrass equation). Sometimes it is used in cryptography instead of the Weierstrass form because it can provide a defence against simple and differential power analysis style (SPA) attacks; it is possible, indeed, to use the general addition formula also for doubling a point on an elliptic curve of this form: in this way the two operations become indistinguishable from some side-channel information.^[1] The Jacobi curve offers also faster arithmetic compared to the Weierstrass curve.

The Jacobi curve can be of two types: the Jacobi intersection, that is given by an intersection of two surfaces, and the Jacobi quartic.

Elliptic Curves: Basics

Given an elliptic curve, it is possible to do some "operations" between its points: for example one can add two points P and Q obtaining the point P + Q that belongs to the curve ; given a point P on the elliptic curve, it is possible to "double" P, that means find [2]P = P + P (the square brackets are used to indicate [n]P, the point P added n times), and also find the negation of P, that means find –P. In this way, the points of an elliptic curve forms a group. Note that the identity element of the group operation is not a point on the affine plane, it only appears in the projective coordinates: then O = (0: 1: 0) is the "point at infinity", that is the neutral element in the group law. Adding and doubling formulas are useful also to compute [n]P, the n-th multiple of a point P on an elliptic curve: this operation is considered the most in elliptic curve cryptography.

An elliptic curve E, over a field K can be put in the Weierstrass form y² = x³ + ax + b, with a, b in K. What will be of importance later are point of order 2, that is P on E such that [2]P = O. If P = (p, 0) is a point on E, then it has order 2; more generally the points of order 2 correspond to the roots of the polynomial f(x) = x³ + ax + b.

From now on, we will use E_a,b to denote the elliptic curve with Weierstrass form y² = x³ + ax + b.

If E_a,b is such that the cubic polynomial x³ + ax + b has three distinct roots in K we can write E_a,b in the Legendre normal form:

E_a,b: y² = x(x + 1)(x + j)

In this case we have three points of order two: (0, 0), (–1, 0), (–j, 0). In this case we use the notation E[j]. Note that j can be expressed in terms of a, b.

Definition: Jacobi intersection

An elliptic curve in P³(K) can be represented as the intersection of two quadric surfaces:

${\displaystyle Q:\{Q_{1}(X_{0},X_{1},X_{2},X_{3})=0\}\cap \{Q_{2}(X_{0},X_{1},X_{2},X_{3})=0\}}$

It is possible to define the Jacobi form of an elliptic curve as the intersection of two quadrics. Let E_a,b be an elliptic curve in the Weierstrass form, we apply the following map to it:

${\displaystyle \Phi :(x,y)\mapsto (X,Y,Z,T)=(x,y,1,x^{2})}$

We see that the following system of equations holds:

${\displaystyle \mathbf {S} :{\begin{cases}X^{2}-TZ=0\\Y^{2}-aXZ-bZ^{2}-TX=0\end{cases}}}$

The curve E[j] corresponds to the following intersection of surfaces in P³(K):

${\displaystyle \mathbf {S} 1:{\begin{cases}X^{2}+Y^{2}-T^{2}=0\\kX^{2}+Z^{2}-T^{2}=0\end{cases}}}$.

The "special case", E[0], the elliptic curve has a double point and thus it is singular.

S1 is obtained by applying to E[j] the transformation:

ψ: E[j] → S1

${\displaystyle (x,y)\mapsto (X,Y,Z,T)=(-2y,x^{2}-j,x^{2}+2jx+j,x^{2}+2x+j)}$

${\displaystyle O=(0:1:0)\mapsto (0,1,1,1)}$

Group law

For S1, the neutral element of the group is the point (0, 1, 1, 1), that is the image of O = (0: 1: 0) under ψ.

Addition and doubling

Given P₁ = (X₁, Y₁, Z₁, T₁) and P₂ = (X₂, Y₂, Z₂, T₂), two points on S1, the coordinates of the point P₃ = P₁ + P₂ are:

${\displaystyle X_{3}=T_{1}Y_{2}X_{1}Z_{2}+Z_{1}X_{2}Y_{1}T_{2}}$

${\displaystyle Y_{3}=T_{1}Y_{2}Y_{1}T_{2}-Z_{1}X_{2}X_{1}Z_{2}}$

${\displaystyle Z_{3}=T_{1}Z_{1}T_{2}Z_{2}-kX_{1}Y_{1}X_{2}Y_{2}}$

${\displaystyle T_{3}=(T_{1}Y_{2})^{2}+(Z_{1}X_{2})^{2}}$

These formulas are also valid for doubling: it sufficies to have P₁ = P₂. So adding or doubling points in S1 are operations that both require 16 multiplications plus one multiplication by a constant (k).

It is also possible to use the following formulas for doubling the point P₁ and find P₃ = [2]P₁:

${\displaystyle X_{3}=2Y_{1}T_{1}Z_{1}X_{1}}$

${\displaystyle Y_{3}=(T_{1}Y_{1})^{2}-(T_{1}Z_{1})^{2}+(Z_{1}Y_{1})^{2}}$

${\displaystyle Z_{3}=(T_{1}Z_{1})^{2}-(T_{1}Y_{1})^{2}+(Z_{1}Y_{1})^{2}}$

${\displaystyle T_{3}=(T_{1}Z_{1})^{2}+(T_{1}Y_{1})^{2}-(Z_{1}Y_{1})^{2}}$

Using these formulas 8 multiplications are needed to double a point. However there are even more efficient “strategies” for doubling that require only 7 multiplications.^[2] In this way it is possible to triple a point with 23 multiplications; indeed [3]P₁ can be obtained by adding P₁ with [2]P₁ with a cost of 7 multiplications for [2]P₁ and 16 for P₁ + [2]P₁^[2]

Example of addition and doubling

Let K = R or C and consider the case:

${\displaystyle \mathbf {S} 1:{\begin{cases}X^{2}+Y^{2}-T^{2}=0\\4X^{2}+Z^{2}-T^{2}=0\end{cases}}}$

Consider the points ${\displaystyle P_{1}=(1,{\sqrt {3}},0,2)}$ and ${\displaystyle P_{2}=(1,2,1,{\sqrt {5}})}$: it is easy to verify that P₁ and P₂ belong to S1 (it is sufficient to see that these points satisfy both equations of the system S1).

Using the formulas given above for adding two points, the coordinates for P₃, where P₃ = P₁ + P₂ are:

${\displaystyle X_{3}=T_{1}Y_{2}X_{1}Z_{2}+Z_{1}X_{2}Y_{1}T_{2}=4}$

${\displaystyle Y_{3}=T_{1}Y_{2}Y_{1}T_{2}-Z_{1}X_{2}X_{1}Z_{2}=4{\sqrt {15}}}$

${\displaystyle Z_{3}=T_{1}Z_{1}T_{2}Z_{2}-kX_{1}Y_{1}X_{2}Y_{2}=-8{\sqrt {3}}}$

${\displaystyle T_{3}=(T_{1}Y_{2})^{2}+(Z_{1}X_{2})^{2}=16}$

The resulting point is ${\displaystyle P_{3}=(4,4{\sqrt {15}},-8{\sqrt {3}},16)}$.

With the formulas given above for doubling, it is possible to find the point P₃ = [2]P₁:

${\displaystyle X_{3}=2Y_{1}T_{1}Z_{1}X_{1}=0}$

${\displaystyle Y_{3}=(T_{1}Y_{1})^{2}-(T_{1}Z_{1})^{2}+(Z_{1}Y_{1})^{2}=12}$

${\displaystyle Z_{3}=(T_{1}Z_{1})^{2}-(T_{1}Y_{1})^{2}+(Z_{1}Y_{1})^{2}=-12}$

${\displaystyle T_{3}=(T_{1}Z_{1})^{2}+(T_{1}Y_{1})^{2}-(Z_{1}Y_{1})^{2}=12}$

So, in this case P₃ = [2]P₁ = (0, 12, –12, 12).

Negation

Given the point P₁ = (X₁, Y₁, Z₁, T₁) in S1, its negation is −P₁ = (−X₁, Y₁, Z₁, T₁)

Addition and doubling in affine coordinates

Given two affine points P₁ = (x₁, y₁, z₁) and P₂ = (x₂, y₂, z₂), their sum is a point P₃ with coordinates:

${\displaystyle x_{3}={\frac {y_{2}x_{1}z_{2}+z_{1}x_{2}y_{1}}{(y_{2}^{2}+(z_{1}x_{2})^{2})}}}$

${\displaystyle y_{3}={\frac {y_{2}y_{1}-z_{1}x_{2}x_{1}z_{2}}{(y_{2}^{2}+(z_{1}x_{2})^{2})}}}$

${\displaystyle z_{3}={\frac {z_{1}z_{2}-ax_{1}y_{1}x_{2}y_{2}}{(y_{2}^{2}+(z_{1}x_{2})^{2})}}}$

These formulas are valid also for doubling with the condition P₁ = P₂.

Extended coordinates

There is another kind of coordinate system with which a point in the Jacobi intersection can be represented. Given the following elliptic curve in the Jacobi intersection form:

${\displaystyle \mathbf {S} 1:{\begin{cases}x^{2}+y^{2}=1\\kx^{2}+z^{2}=1\end{cases}}}$

the extended coordinates describe a point P = (x, y, z) with the variables X, Y, Z, T, XY, ZT, where:

${\displaystyle x=X/T}$

${\displaystyle y=Y/T}$

${\displaystyle z=Z/T}$

${\displaystyle XY=X\cdot Y}$

${\displaystyle ZT=Z\cdot T}$

Sometimes these coordinates are used, because they are more convenient (in terms of time-cost) in some specific situations. For more information about the operations based on the use of these coordinates see http://hyperelliptic.org/EFD/g1p/auto-jintersect-extended.html

Definition: Jacobi quartic

An elliptic curve in Jacobi quartic form can be obtained from the curve E_a,b in the Weierstrass form with at least one point of order 2. The following transformation f sends each point of E_a,b to a point in the Jacobi coordinates, where (X: Y: Z) = (sX: s²Y: sZ).

f: E_a,b → J

${\displaystyle (p,0)\mapsto (0:-1:1)}$

${\displaystyle (x,y)\neq (p,0)\mapsto (2(x-p):(2x+p)(x-p)^{2}-y^{2}:y)}$

${\displaystyle O\mapsto (0:1:1)}$^[3]

Applying f to E_a,b, one obtains a curve in J of the following form:

${\displaystyle C:\ Y^{2}=eX^{4}-2dX^{2}Z^{2}+Z^{4}}$^[3]

where:

${\displaystyle e={\frac {-(3p^{2}+4a)}{16}},\ \ d={\frac {3p}{4}}}$.

are elements in K. C represents an elliptic curve in the Jacobi quartic form, in Jacobi coordinates.

Jacobi quartic in affine coordinates

The general form of a Jacobi quartic curve in affine coordinates is:

${\displaystyle y^{2}=ex^{4}+2ax^{2}+1}$,

where often e = 1 is assumed.

Group law

The neutral element of the group law of C is the projective point (0: 1: 1).

Addition and doubling in affine coordinates

Given two affine points ${\displaystyle P_{1}=(x_{1},y_{1})}$ and ${\displaystyle P_{2}=(x_{2},y_{2})}$, their sum is a point ${\displaystyle P_{3}=(x_{3},y_{3})}$, such that:

${\displaystyle x_{3}={\frac {x_{1}y_{2}+y_{1}x_{2}}{1-(x_{1}x_{2})^{2}}}}$

${\displaystyle y_{3}={\frac {((1+(x_{1}x_{2})^{2})(y_{1}y_{2}+2ax_{1}x_{2})+2x_{1}x_{2}({x_{1}}^{2}+{x_{2}}^{2}))}{(1-(x_{1}x_{2})^{2})^{2}}}}$

As in the Jacobi intersections, also in this case it is possible to use this formula for doubling as well.

Addition and doubling in projective coordinates

Given two points P₁ = (X₁: Y₁: Z₁) and P₂ = (X₂: Y₂: Z₂) in C′, the coordinates for the point P₃ = (X₃: Y₃: Z₃), where P₃ = P₁ + P₂, are given in terms of P₁ and P₂ by the formulae:

${\displaystyle X_{3}=X_{1}Z_{1}Y_{2}+Y_{1}X_{2}Z_{2}}$

${\displaystyle Y_{3}=\left(Z_{1}^{2}Z_{2}^{2}+eX_{1}^{2}X_{2}^{2}\right)\left(Y_{1}Y_{2}-2dX_{1}X_{2}Z_{1}Z_{2}\right)\ +\ 2eX_{1}X_{2}Z_{1}Z_{2}\left(X_{1}^{2}Z_{2}^{2}+Z_{1}^{2}X_{2}^{2}\right)}$

${\displaystyle Z_{3}=Z_{1}^{2}Z_{2}^{2}-eX_{1}^{2}X_{2}^{2}}$

One can use this formula also for doubling, with the condition that P₂ = P₁: in this way the point P₃ = P₁ + P₁ = [2]P₁ is obtained.

The number of multiplications required to add two points is 13 plus 3 multiplications by constants: in particular there are two multiplications by the constant e and one by the constant d.

There are some "strategies" to reduce the operations required for adding and doubling points: the number of multiplications can be decreased to 11 plus 3 multiplications by constants (see ^[4] section 3 for more details).

The number of multiplications can be reduced by working on the constants e and d: the elliptic curve in the Jacobi form can be modified in order to have a smaller number of operations for adding and doubling. So, for example, if the constant d in C is significantly small, the multiplication by d can be cancelled; however the best option is to reduce e: if it is small, not only one, but two multiplications are neglected.

Example of addition and doubling

Consider the elliptic curve E_4,0, it has a point P of order 2: P = (p, 0) = (0, 0). Therefore a = 4, b = p = 0 so we have e = 1 and d = 1 and the associated Jacobi quartic form is:

${\displaystyle C:\ Y^{2}=X^{4}+Z^{4}}$

Choosing two points ${\displaystyle P_{1}=(1:{\sqrt {2}}:1)}$ and ${\displaystyle P_{2}=(2:{\sqrt {17}}:1)}$, it is possible to find their sum P₃ = P₁ + P₂ using the formulae for adding given above:

${\displaystyle X_{3}=1\cdot 1\cdot {\sqrt {17}}+{\sqrt {2}}\cdot 2\cdot 1={\sqrt {17}}+2{\sqrt {2}}}$

${\displaystyle Y_{3}=\left(1^{2}\cdot 1^{2}+1\cdot 1^{2}\cdot 2^{2}\right)\left({\sqrt {2}}\cdot {\sqrt {17}}-2\cdot 0\cdot 1\cdot 2\cdot 1\cdot 1\right)+2\cdot 1\cdot 1\cdot 2\cdot 1\cdot 1\left(1^{2}\cdot 1^{2}+1^{2}\cdot 2^{2}\right)=5{\sqrt {34}}+20}$

${\displaystyle Z_{3}=1^{2}\cdot 1^{2}-1\cdot 1^{2}\cdot 2^{2}=-3}$.

So

${\displaystyle P_{3}=({\sqrt {17}}+2{\sqrt {2}}:5{\sqrt {34}}+20:-3)}$.

Using the same formulae, the point P₄ = [2]P₁ is obtained:

${\displaystyle X_{3}=1\cdot 1\cdot {\sqrt {2}}+{\sqrt {2}}\cdot 1\cdot 1=2{\sqrt {2}}}$

${\displaystyle Y_{3}=\left(1+1\cdot 1\right)\left({\sqrt {2}}\cdot {\sqrt {2}}-2\cdot 0\cdot 1\cdot 1\cdot 1\cdot 1\right)+2\cdot 1\left(1^{2}\cdot 1^{2}+1^{2}\cdot 1^{2}\right)=8}$

${\displaystyle Z_{3}=1^{2}\cdot 1^{2}-1\cdot 1^{2}\cdot 1^{2}=0}$

So

${\displaystyle P_{4}=(2{\sqrt {2}}:8:0)}$.

Negation

The negation of a point P₁ = (X₁: Y₁: Z₁) is: −P₁ = (−X₁: Y₁: Z₁)

Alternative coordinates for the Jacobi quartic

There are other systems of coordinates that can be used to represent a point in a Jacobi quartic: they are used to obtain fast computations in certain cases. For more information about the time-cost required in the operations with these coordinates see http://hyperelliptic.org/EFD/g1p/auto-jquartic.html

Given an affine Jacobi quartic

${\displaystyle y^{2}=x^{4}+2ax^{2}+1}$

the Doubling-oriented XXYZZ coordinates introduce an additional curve parameter c satisfying a² + c² = 1 and they represent a point (x, y) as (X, XX, Y, Z, ZZ, R), such that:

${\displaystyle x=X/Z}$

${\displaystyle y=Y/ZZ}$

${\displaystyle XX=X^{2}}$

${\displaystyle ZZ=Z^{2}}$

${\displaystyle R=2\cdot X\cdot Z}$

the Doubling-oriented XYZ coordinates, with the same additional assumption (a² + c² = 1), represent a point (x, y) with (X, Y, Z) satisfying the following equations:

${\displaystyle x=X/Z}$

${\displaystyle y=Y/Z^{2}}$

Using the XXYZZ coordinates there is no additional assumption, and they represent a point (x, y) as (X, XX, Y, Z, ZZ) such that:

${\displaystyle x=X/Z}$

${\displaystyle y=Y/ZZ}$

${\displaystyle XX=X^{2}}$

${\displaystyle ZZ=Z^{2}}$

while the XXYZZR coordinates represent (x, y) as (X, XX, Y, Z, ZZ, R) such that:

${\displaystyle x=X/Z}$

${\displaystyle y=Y/ZZ}$

${\displaystyle XX=X^{2}}$

${\displaystyle ZZ=Z^{2}}$

${\displaystyle R=2\cdot X\cdot Z}$

with the XYZ coordinates the point (x, y) is given by (X, Y, Z), with:

${\displaystyle x=X/Z}$

${\displaystyle y=Y/Z^{2}}$.

See also

For more information about the running-time required in a specific case, see Table of costs of operations in elliptic curves.

External links

• http://hyperelliptic.org/EFD/g1p/index.html

Notes

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

References

• 20 year-old Real Estate Agent Rusty from Saint-Paul, has hobbies and interests which includes monopoly, property developers in singapore and poker. Will soon undertake a contiki trip that may include going to the Lower Valley of the Omo.
  
  My blog: http://www.primaboinca.com/view_profile.php?userid=5889534
• 20 year-old Real Estate Agent Rusty from Saint-Paul, has hobbies and interests which includes monopoly, property developers in singapore and poker. Will soon undertake a contiki trip that may include going to the Lower Valley of the Omo.
  
  My blog: http://www.primaboinca.com/view_profile.php?userid=5889534
• http://hyperelliptic.org/EFD/index.html