Weil pairing

From Wikipedia, the free encyclopedia

In mathematics, the Weil pairing is a construction of roots of unity by means of functions on an elliptic curve E, in such a way as to constitute a pairing (bilinear form, though with multiplicative notation) on the torsion subgroup of E. The name is for André Weil, who gave an abstract algebraic definition; the corresponding results for elliptic functions were known, and can be expressed simply by use of the Weierstrass sigma function.

Suppose E is defined over a field K. Given an integer n > 0 and suppose that K contains a primitive nth root of unity. Then the n-torsion on E has known structure, as a Cartesian product of two cyclic groups of order n. The basis of the construction is of an n-th root of unity

w(P,Q)

for given points P and Q of order n on E, by means of Kummer theory.

By a direct argument one can define a function F in the function field of E over the algebraic closure of K, by its divisor:

(F) = Σ (P + kQ) − Σ (kQ)

with sums for 0 ≤ k < n. In words F has a simple zero at each point P + kQ, and a simple pole at each point kQ. Then F is well-defined up to multiplication by a constant. If G is the translation of F by Q, then by construction G has the same divisor. One can show that

G/F ≠ 1.

In fact then G/F would yield a function on the isogenous curve E/C where C is the cyclic subgroup generated by Q, having just one simple pole. Such a function cannot exist, as follows by proving the residue at the pole is zero, a contradiction.

Therefore if we define

w(P,Q) = G/F

we shall have an n-th root of unity (translating n times must give 1) other than 1. With this definition it can be shown that w is antisymmetric and bilinear, giving rise to a non-degenerate pairing on the n-torsion.

The Weil pairing is used in number theory and algebraic geometry, and has also been applied in elliptic curve cryptography and identity based encryption.