Weil pairing

In mathematics, the Weil pairing is a construction of roots of unity by means of functions on an elliptic curve E, in such a way as to constitute a pairing (bilinear form, though with multiplicative notation) on the torsion subgroup of E. The name is for André Weil, who gave an abstract algebraic definition; the corresponding results for elliptic functions were known, and can be expressed simply by use of the Weierstrass sigma function.

1 Formulation
2 Generalisation to abelian varieties
3 Applications
4 See also
5 References
6 External links

Formulation

Suppose E is defined over a field K. Given an integer n > 0 (we require n to be prime to char(K) if char(K)> 0) such that K contains a primitive nth root of unity, then the n-torsion on $E(\overline{K})$ has known structure, as a Cartesian product of two cyclic groups of order n. The basis of the construction is of an n-th root of unity

$w(P,Q) \in \mu_n$

for given points $P,Q \in E(K)[n]$ , where $E(K)[n]=\{T \in E(K) \mid n \cdot T = O \}$ and $\mu_n = \{x\in K \mid x^n =1 \}$ , by means of Kummer theory.

By a direct argument one can define a function F in the function field of E over the algebraic closure of K, by its divisor:

$(F)= \sum(P%2Bk\cdot Q) - \sum (k\cdot Q)$

with sums for 0 ≤ k < n. In words F has a simple zero at each point P + kQ, and a simple pole at each point kQ. Then F is well-defined up to multiplication by a constant. If G is the translation of F by Q, then by construction G has the same divisor. One can show that

$\frac{G}{F} \ne 1,$

unless P and Q generate cyclic subgroups one of which is inside the other. In fact then G/F would yield a function on the isogenous curve E/C where C is the cyclic subgroup generated by Q, having just one simple pole. Such a function cannot exist, as follows by proving the residue at the pole is zero, a contradiction.

Therefore if we define

$w(P,Q):=\frac{G}{F}$

we shall have an n-th root of unity (translating n times must give 1) other than 1. With this definition it can be shown that w is antisymmetric and bilinear, giving rise to a non-degenerate pairing on the n-torsion.

Generalisation to abelian varieties

For abelian varieties over an algebraically closed field K, the Weil pairing is a nondegenerate pairing

$A[n] \times A^\vee[n] \longrightarrow \mu_n$

for all n prime to the characteristic of k.^[1] Here $A^\vee$ denotes the dual abelian variety of A. This is the so-called Weil pairing for higher dimensions. If A is equipped with a polarisation

$\lambda: A \longrightarrow A^\vee$ ,

then composition gives a (possibly degenerate) pairing

$A[n] \times A[n] \longrightarrow \mu_n.$

If C is a projective, nonsingular curve of genus ≥ 0 over k, and J its Jacobian, then the theta-divisor of J induces a principal polarisation of J, which in this particular case happens to be an isomorphism (see autoduality of Jacobians). Hence, composing the Weil pairing for J with the polarisation gives a nondegenerate pairing

$J[n]\times J[n] \longrightarrow \mu_n$