4.9 Let E be an elliptic curve over Fq with q = p2m . Suppose that #E(Fq ) =

√

q + 1 ’ 2 q.

(a) Let φq be the Frobenius endomorphism. Show that (φq ’pm )2 = 0.

(b) Show that φq ’ pm = 0 (Hint: Theorem 2.22).

(c) Show that φq acts as the identity on E[pm ’ 1], and therefore that

E[pm ’ 1] ⊆ E(Fq ).

Zpm ’1 • Zpm ’1 .

(d) Show that E(Fq )

4.10 Let E be an elliptic curve over Fq with q odd. Write #E(Fq ) = q +1’a.

Let d ∈ F— and let E (d) be the twist of E, as in Exercise 2.23. Show

q

that

d

#E (d) (Fq ) = q + 1 ’ a.

Fq

(Hint: Use Exercise 2.23(c) and Theorem 4.14.)

4.11 Let Fq be a ¬nite ¬eld of odd characteristic and let a, b ∈ Fq with

a = ±2b and b = 0. De¬ne the elliptic curve E by

y 2 = x3 + ax2 + b2 x.

© 2008 by Taylor & Francis Group, LLC

142 CHAPTER 4 ELLIPTIC CURVES OVER FINITE FIELDS

√ √

(a) Show that the points (b, b a + 2b) and (’b, ’b a ’ 2b) have or-

der 4.

(b) Show that at least one of a + 2b, a ’ 2b, a2 ’ 4b2 is a square in Fq .

(c) Show that if a2 ’ 4b2 is a square in Fq , then E[2] ⊆ E(Fq ).

(d) (Suyama) Show that #E(Fq ) is a multiple of 4.

2 3 2

(e) Let E be de¬ned by y = x ’ 2ax + (a2 ’ 4b2 )x . Show that

E [2] ⊆ E (Fq ). Conclude that #E (Fq ) is a multiple of 4.

The curve E is isogenous to E via

(x , y ) = (y 2 /x2 , y(b2 ’ x2 )/x2 )

(see the end of Section 8.6 and also Chapter 12). It can be shown that

this implies that #E(Fq ) = #E (Fq ). This gives another proof of the

result of part (d). The curve E has been used in certain elliptic curve

factorization implementations (see [19]).

4.12 Let p be a prime and let E be a supersingular elliptic curve over the

¬nite ¬eld Fp . Let φp be the Frobenius endomorphism. Show that some

power of φp is an integer. (Note: This is easy when p ≥ 5. The cases

p = 2, 3 can be done by a case-by-case calculation.)

4.13 Let E be an elliptic curve over Fq . Show that Hasse™s theorem can be

restated as

√

#E(Fq ) ’ q ¤ 1.

4.14 Let E be an elliptic curve over Fq . Assume that q = r2 for some integer

r. Suppose that #E(Fq ) = (r ’ 1)2 . Let φ = φq be the qth power

Frobenius endomorphism.

2

(a) Show that (φ ’ r) = 0.

(b) Show that φ ’ r = 0. (Hint: A nonzero endomorphism is surjective

on E(Fq ) by Theorem 2.22.)

(c) Show that (r ’ 1)E(Fq ) = 0.

Zr’1 • Zr’1 .

(d) Show that E(Fq )

(e) Now suppose E is an elliptic curve over Fq with #E (Fq ) = (r+1)2

(where q = r2 ). Show that E (Fq ) Zr+1 • Zr+1 .

© 2008 by Taylor & Francis Group, LLC