Weil pairing

From Wikipedia, the free encyclopedia

This article does not cite any references or sources. (February 2008)
Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

In mathematics, the Weil pairing is a construction of roots of unity by means of functions on an elliptic curve E, in such a way as to constitute a pairing (bilinear form, though with multiplicative notation) on the torsion subgroup of E. The name is for André Weil, who gave an abstract algebraic definition; the corresponding results for elliptic functions were known, and can be expressed simply by use of the Weierstrass sigma function.

Suppose E is defined over a field K. Given an integer n > 0 (We require n to be prime to char(K) if char(K)> 0) and suppose that K contains a primitive nth root of unity. Then the n-torsion on E has known structure, as a Cartesian product of two cyclic groups of order n. The basis of the construction is of an n-th root of unity

$w(P,Q) \in \mu_n$

for given points $P,Q \in E[n]$ , where $E[n]=\{T \in E \mid n \cdot T = O \}$ and $\mu_n = \{x\in K \mid x^n =1 \}$ , by means of Kummer theory.

By a direct argument one can define a function F in the function field of E over the algebraic closure of K, by its divisor:

$(F)= \sum(P+k\cdot Q) - \sum (k\cdot Q)$

with sums for 0 ≤ k < n. In words F has a simple zero at each point P + kQ, and a simple pole at each point kQ. Then F is well-defined up to multiplication by a constant. If G is the translation of F by Q, then by construction G has the same divisor. One can show that

$\frac{G}{F} \ne 1$

In fact then G/F would yield a function on the isogenous curve E/C where C is the cyclic subgroup generated by Q, having just one simple pole. Such a function cannot exist, as follows by proving the residue at the pole is zero, a contradiction.

Therefore if we define

$w(P,Q):=\frac{G}{F}$

we shall have an n-th root of unity (translating n times must give 1) other than 1. With this definition it can be shown that w is antisymmetric and bilinear, giving rise to a non-degenerate pairing on the n-torsion.

The Weil pairing is used in number theory and algebraic geometry, and has also been applied in elliptic curve cryptography and identity based encryption.