Dual isogenies and the Weil pairing - Elliptic Curves

Proposition 14.1. Assuming that:

$Φ \subset E (\bar{K})$ be a finite $Gal (\bar{K} ∕ K)$ -stable subgroup

Then there exists an elliptic curve

E^{'} ∕ K

and a separable isogeny

ϕ : E \to E^{'}

defined over

K

, with kernel

Φ

, such that every isogeny

ψ : E \to E^{″}

with

Φ \subset ψ

factors uniquely via

ϕ

Proof. Omitted (see Silverman, Chapter III, Proposition 4.12). □

Proof. Case $ϕ$ is separable: We have $| \ker ϕ | = n$ , hence $\ker ϕ \subset E [n]$ . Apply Proposition 14.1 with $ψ = [n]$ .

Case $ϕ$ is inseparable: omitted.

Uniqueness: Suppose $ψ_{1} ϕ = ψ_{2} ϕ = [n]$ . Then $(ψ_{1} - ψ_{2}) ϕ = 0$ , so $\deg (ψ_{1} - ψ_{2}) \deg ϕ = 0$ . Then $\deg (ψ_{1} - ψ_{2}) = 0$ , hence $ψ_{1} = ψ_{2}$ . □

Remark.

(i) Write $E_{1} \sim E_{2}$ to mean “ $E_{1}$ and $E_{2}$ are isogenous”. Then $\sim$ is an equivalence relation.
(ii) $\deg [n] = n^{2}$ gives that $\deg \hat{ϕ} = \deg ϕ$ and $\hat{[n]} = [n]$ .
(iii) Note:
$ϕ \hat{ϕ} ϕ = ϕ \circ {[n]}_{E} = {[n]}_{E^{'}} \circ ϕ$

Hence $ϕ \hat{ϕ} = {[n]}_{E^{'}}$ .

In particular, $\hat{\hat{ϕ}} = ϕ$ .
(iv) If $E \overset{ψ}{\to} E^{'} \overset{ϕ}{\to} E^{″}$ then $\hat{ϕ ψ} = \hat{ψ} \hat{ϕ}$ .

(v) If

ϕ \in End (E)

then

ϕ^{2} - (Tr ϕ) ϕ + \deg ϕ = 0 .

\underset{= \hat{ϕ}}{\underset{⏟}{([Tr ϕ] - ϕ) ϕ}} = [\deg ϕ] .

Hence $[Tr ϕ] = ϕ + \hat{ϕ}$ .

Proof.

(i) If $E = E^{'}$ , then this follows from $Tr (ϕ + ψ) = Tr (ϕ) + Tr (ψ)$ .
(ii) In general, let $α : E^{'} \to E$ be any isogeny (e.g. $\hat{ϕ}$ ). Then: $\begin{array}{l} \hat{(α ϕ + α ψ)} & = \hat{α ϕ} + \hat{α ψ} \\ \hat{(ϕ + ψ)} \hat{α} & = (\hat{ϕ} + \hat{ψ}) \hat{α} \end{array}$
Hence the result follows. □

Let

ϕ : E \to E^{'}

be an isogeny of degree

n

, with Dual isogeny

\hat{ϕ} : E^{'} \to E

. Assume

char K ∤ n

(hence

ϕ

\bar{ϕ}

separable).

Let

T \in E^{'} [ϕ]

. Then

n T = 0

, so there exists

f \in \bar{K} {(E^{'})}^{*}

such that

Rescaling

f

, we can say without loss of generality

c = 1

, i.e.

ϕ^{*} f = g^{n}

For

S \in E [ϕ]

we get

τ_{S}^{*} (div g) = (div g)

τ_{S}^{*} g = ζ g

for some

ζ \in {\bar{K}}^{*}

, i.e.

ζ = \frac{g (X + S)}{g (X)}

is independent of choice of

X \in E (\bar{K})

Proof.

(i) Linearity in first argument: $\begin{array}{l} e_{} (S_{1} + S_{2}, T) & = \frac{g (X + S_{1} + S_{2})}{g (X + S_{2})} \frac{g (X + S_{2})}{g (X)} \\ = e_{} (S, T) e_{} (S_{2}, T) \end{array}$
(ii) Linearity in second argument: Let $T_{1}, T_{2} \in E^{'} [\hat{ϕ}]$ . $\begin{array}{l} div (f_{1}) & = n (T_{1}) - n (0) & ϕ^{*} f & = g_{1}^{n} \\ div (f_{2}) & = n (T_{2}) - n (0) & ϕ^{*} f_{2} & = g_{2}^{n} \end{array}$
There exists $h \in \bar{K} (E^{'})$ such that
$div (h) = (T_{1}) + (T_{2}) - (T_{1} + T_{2}) - (0) .$

Then put $f = \frac{f_{1} f_{2}}{h^{n}}$ and $g = \frac{g_{1} g_{2}}{ϕ^{*} h}$ .

Check: $div (f) = n (T_{1} + T_{2}) - n (0)$ . Yes.
$ϕ^{*} f = \frac{ϕ^{*} f_{1} ϕ^{*} f_{2}}{{(ϕ^{*} h)}^{n}} = {(\frac{g_{1} g_{2}}{ϕ^{*} (h)})}^{n} = g^{n} .$

Therefore
$\begin{array}{l} e_{} (S, T_{1} + T_{2}) & = \frac{g (X + S)}{g (X)} \\ = \frac{g_{1} (X + S)}{g_{1} (X)} \frac{g_{2} (X + S)}{g_{2} (X)} \underset{\begin{array}{c} = 1 \\ since S \in E [ϕ] \end{array}}{\underset{⏟}{\frac{h (ϕ (X))}{h (ϕ (X + S))}}} \\ = e_{} (S, T_{1}) e_{} (S, T_{2}) \end{array}$
(iii) $e_{}$ is non-degenerate. Fix $T \in E^{'} [\hat{ϕ}]$ . Suppose $e_{} (S, T) = 1$ for all $S \in E [ϕ]$ . Then $τ_{S}^{*} g = g$ for all $S \in E [ϕ]$ .
Have $\bar{K} (E) ∕ ϕ^{*} \bar{K} (E^{'})$ is a Galois extension with Galois group $E [ϕ]$ ( $S \in E [ϕ]$ acts on $\bar{K} (E)$ via $τ_{S}^{*}$ ).

Therefore $g = ϕ^{*} h$ for some $h \in \bar{K} (E^{'})$ . So $ϕ^{*} f = g^{n} = ϕ^{*} (h^{n})$ . So $f = h^{n}$ , and hence $div (h) = (T) - (0)$ . So $T = 0$ . □

We’ve shown

E^{'} [ϕ] ↪ Hom (E [ϕ], μ_{n})

. It is an isomorphism since

# E [ϕ] = # E^{'} [\hat{ϕ}] = n

Remark.

(i) If $E, E^{'}, ϕ$ are defined over $K$ then $e_{}$ is Galois equivariant, i.e. $\forall σ \in Gal (\bar{K} ∕ K)$ , $\forall S \in E [ϕ]$ , $\forall T \in E^{'} [ϕ]$ ,
$e_{} (σ S, σ T) = σ (e_{} (S, T)) .$
(ii) Taking $ϕ = [n] : E \to E$ (so $\hat{ϕ} = [n]$ ) gives
$e_{n} : E [n] \times E [n] \to μ_{n^{2}} μ_{n} .$

Proof. Let $T \in E [n]$ have order $n$ . Non degeneracy of $e_{n}$ implies that there exists $S \in E [n]$ such that $e_{n} (S, T)$ is a primitive $n$ -th root of unity, say $ζ_{n}$ .

Then

σ (ζ_{n}) = σ (e_{n} (S, T)) = e_{n} (σ S, σ T) = ζ_{n}

for all $σ \in Gal (\bar{K} ∕ K)$ . So $ζ_{n} \in K$ . □

14 Dual isogenies and the Weil pairing