Merge pull request #103 from krehermann/consitent_example_curve_name

use E_{1,1}(\F_5) everywhere

chapters/elliptic-curves-moonmath.tex

@@ -171,7 +171,7 @@ \subsection{Affine \concept{short Weierstrass} form} Probably the least abstract
 \end{sagecommandline}
 \end{example}
 
-\begin{exercise} Consider the curve $E_1(\F)$ from \examplename{} \ref{E1F5} and compute the set of all curve points $(x,y)\in E_1(\F)$.
+\begin{exercise} Consider the curve $E_{1,1}(\F_5)$ from \examplename{} \ref{E1F5} and compute the set of all curve points $(x,y)\in E_{1,1}(\F_5)$.
 \end{exercise}
 \begin{exercise} Consider the curve $TJJ\_13$ from \examplename{} \ref{TJJ13} and compute the set of all curve points $(x,y)\in TJJ\_13$.
 \end{exercise}
@@ -201,7 +201,7 @@ \subsubsection{Isomorphic affine \concept{short Weierstrass} curves}
 \Oinf, (0,2), (0,3), (1,1), (1,4), (2,2), (2,3), (3,2), (3,3)\}
 \end{equation}
 
-As we can see, both curves are of the same order. Since $2$ is an invertible element from $\F_5$ with $1 = 2^4\cdot 1$ and $4=2^6\cdot 1$, $E_{1,4}(\F)$ and $E_{1,1}(\F)$ are isomorphic: the map $I: E_{1,1}(\F_5)\to E_{1,4}(\F_5): (x,y)\mapsto (4x,3y)$ from \ref{eq:curve_isomorphism} defines a 1:1 correspondence. For example, the point $(4,3)\in E_{1,1}(\F)$ is mapped onto the point $I(4,3)=(4\cdot 4, 3\cdot 3) = (1,4)\in E_{1,4}(\F)$.
+As we can see, both curves are of the same order. Since $2$ is an invertible element from $\F_5$ with $1 = 2^4\cdot 1$ and $4=2^6\cdot 1$, $E_{1,4}(\F_5)$ and $E_{1,1}(\F_5)$ are isomorphic: the map $I: E_{1,1}(\F_5)\to E_{1,4}(\F_5): (x,y)\mapsto (4x,3y)$ from \ref{eq:curve_isomorphism} defines a 1:1 correspondence. For example, the point $(4,3)\in E_{1,1}(\F_5)$ is mapped onto the point $I(4,3)=(4\cdot 4, 3\cdot 3) = (1,4)\in E_{1,4}(\F)$.
 \end{example}
 
 \begin{exercise}
@@ -477,7 +477,7 @@ \subsubsection{Logarithmic Ordering}
 \begin{equation}
 E_{1,1}(\F_5) = \{(0, 1)\to (4, 2)\to (2, 1)\to (3, 4)\to (3, 1)\to (2, 4)\to (4, 3)\to (0, 4)\to \Oinf \}
 \end{equation}
-This indicates that the first element is a generator, and the $n$-th element is the scalar product of $n$ and the generator. To see how logarithmic orders like this simplify the computations in small elliptic curve groups, consider \examplename{} \ref{ex:01+42} again. In that example, we use the chord-and-tangent rule to compute $(0,1)\oplus (4,2)$. Now, in the logarithmic order of $E_1(\F)$, we can compute that sum much easier, since we can directly see that $(0,1)=[1](0,1)$ and $(4,2)=[2](0,1)$. We can then deduce $(0,1)\oplus (4,2)= (2,1)$ as follows:
+This indicates that the first element is a generator, and the $n$-th element is the scalar product of $n$ and the generator. To see how logarithmic orders like this simplify the computations in small elliptic curve groups, consider \examplename{} \ref{ex:01+42} again. In that example, we use the chord-and-tangent rule to compute $(0,1)\oplus (4,2)$. Now, in the logarithmic order of $E_{1,1}(\F_5)$, we can compute that sum much easier, since we can directly see that $(0,1)=[1](0,1)$ and $(4,2)=[2](0,1)$. We can then deduce $(0,1)\oplus (4,2)= (2,1)$ as follows:
 
 \begin{equation}
 (0,1)\oplus (4,2)=[1](0,1)\oplus [2](0,1)= [3](0,1)=(2,1)
@@ -592,7 +592,7 @@ \subsection{Projective \concept{short Weierstrass} form}
 
 \begin{multline}
 \label{E1F5_projective_points_set}
-E_1(\F_5\mathrm{P}^2)=\{[0:1:0], [0:1:1], [2:1:1], [3:1:1], \\ [4:2:1], [4:3:1], [0:4:1], [2:4:1], [3:4:1]\}
+E_{1,1}(\F_5\mathrm{P}^2)=\{[0:1:0], [0:1:1], [2:1:1], [3:1:1], \\ [4:2:1], [4:3:1], [0:4:1], [2:4:1], [3:4:1]\}
 \end{multline}
 
 If we compare this with the affine representation, we see that there is a 1:1 correspondence between the points in the affine representation in \eqref{eq:E1F5-affine} and the affine points in projective geometry, and that the projective point $[0:1:0]$ represents the additional point $\Oinf$ in the affine representation.
@@ -671,14 +671,14 @@ \subsubsection{Projective Group law}
 
 %So we assume that there is some trusted third party $C$ that chooses a publicly known generator of a large prime-order subgroup of $TJJ(\F_{13})$, say  a secrete point $s\in\F_{13}$, say $s=2$. $C$ then c
 %\end{example}
-\begin{exercise} Consider \examplename{} \ref{ex:E1F5-projective} again. Compute the following expression for projective points on $E_1(\F_5\mathrm{P}^2)$ using \algname{} \ref{alg:projective_group_law}:
+\begin{exercise} Consider \examplename{} \ref{ex:E1F5-projective} again. Compute the following expression for projective points on $E_{1,1}(\F_5\mathrm{P}^2)$ using \algname{} \ref{alg:projective_group_law}:
 \begin{itemize}
 \item $[0:1:0]\oplus [4:3:1]$
 \item $[0:3:0]\oplus [3:1:2]$
 \item $-[0:4:1]\oplus [3:4:1]$
 \item $[4:3:1]\oplus [4:2:1]$
 \end{itemize}
-and then solve the equation $[X:Y:Z] \oplus [0:1:1]= [2:4:1]$ for some point $[X:Y:Z]$ from the projective \concept{short Weierstrass} curve $E_1(\F_5\mathrm{P}^2)$.
+and then solve the equation $[X:Y:Z] \oplus [0:1:1]= [2:4:1]$ for some point $[X:Y:Z]$ from the projective \concept{short Weierstrass} curve $E_{1,1}(\F_5\mathrm{P}^2)$.
 \end{exercise}
 
 \begin{exercise}
@@ -810,7 +810,7 @@ \section{Montgomery Curves}\label{sec:montgomery}
 Consider \examplename{} \ref{TJJ13-montgomery} and compute the set in \eqref{tjj_13_montgomery_points_set} by inserting every pair of field elements $(x,y)\in \F_{13}\times \F_{13}$ into the defining Montgomery equation.
 \end{exercise}
 \begin{exercise}
-Consider the elliptic curve $E_1(\F)$ from \examplename{} \ref{E1F5} and show that $E_1(\F)$ is not a Montgomery curve.
+Consider the elliptic curve $E_{1,1}(\F_5)$ from \examplename{} \ref{E1F5} and show that $E_{1,1}(\F_5)$ is not a Montgomery curve.
 \end{exercise}
 \begin{exercise}
 Consider the elliptic curve \curvename{secp256k1} from \examplename{} \ref{secp256k1} and show that \curvename{secp256k1} is not a Montgomery curve.
@@ -1183,9 +1183,9 @@ \subsubsection{Elliptic Curves over extension fields}
 
 \begin{example}\label{ex:EF52} Consider the prime field $\F_5$ from \examplename{} \ref{prime-field-F5} together with the elliptic curve $E_{1,1}(\F_5)$ and its definition from \examplename{} \ref{E1F5} and the construction the extension field $\F_{5^2}$ relative to the polynomial $t^2+2 \in \F_5[t]$ from exercise \ref{exercise:finite_fieldF5_2}. In this example we extend the definition of $E_{1,1}(\F_5)$ to an elliptic curve over $\F_{5^2}$ and compute its set of points:
 $$
-E_1(\F_{5^2}) = \{ (x,y)\in \F_{5^2}\times \F_{5^2} \;|\; y^2 = x^3 + x +1 \}
+E_{1,1}(\F_{5^2}) = \{ (x,y)\in \F_{5^2}\times \F_{5^2} \;|\; y^2 = x^3 + x +1 \}
 $$
-Since $\F_{5^2}$ contains $25$ points, in order to compute the set $E_1(\F_{5^2})$, we have to try $25\cdot 25 = 625$ pairs, which is probably a bit tedious. Instead, we use Sage to compute the curve for us. To do, we choose the representation of $\F_{5^2}$ from \ref{exercise:finite_fieldF5_2}. We get:
+Since $\F_{5^2}$ contains $25$ points, in order to compute the set $E_{1,1}(\F_{5^2})$, we have to try $25\cdot 25 = 625$ pairs, which is probably a bit tedious. Instead, we use Sage to compute the curve for us. To do, we choose the representation of $\F_{5^2}$ from \ref{exercise:finite_fieldF5_2}. We get:
 \begin{sagecommandline}
 sage: F5= GF(5)
 sage: F5t.<t> = F5[] 
@@ -1195,9 +1195,9 @@ \subsubsection{Elliptic Curves over extension fields}
 sage: E1F5_2 = EllipticCurve(F5_2,[1,1])
 sage: E1F5_2.order()
 \end{sagecommandline}
-The curve $E_1(\F_{5^2})$ consist of $27$ points, in contrast to curve $E_1(\F_{5})$, which consists of $9$ points. Writing those points down gives the following:
+The curve $E_{1,1}(\F_{5^2})$ consist of $27$ points, in contrast to curve $E_{1,1}(\F_{5})$, which consists of $9$ points. Writing those points down gives the following:
 \begin{multline*}
-E_1(\F_{5^2}) = \{\Oinf, (0, 4), (0, 1), (3, 4), (3, 1), (4, 3), (4, 2), (2, 4), (2, 1),\\ 
+E_{1,1}(\F_{5^2}) = \{\Oinf, (0, 4), (0, 1), (3, 4), (3, 1), (4, 3), (4, 2), (2, 4), (2, 1),\\ 
 (4t + 3, 3t + 4), (4t + 3, 2t + 1),  (3t + 2, t), (3t + 2, 4t),\\ 
 (2t + 2, t), (2t + 2, 4t), (2t + 1, 4t + 4), (2t + 1, t + 1),\\ 
 (2t + 3, 3), (2t + 3, 2), (t + 3, 2t + 4), (t + 3, 3t + 1),\\ 
@@ -1247,9 +1247,9 @@ \subsection{Full torsion groups}
 
 \begin{example}
 \label{example:E1_full_torsion}
- Consider curve $E_{1,1}(\F_5)$ again. We know from \ref{ex:G1G2-subgroups} that it contains a $3$-torsion group and that the embedding degree of $3$ is $k(3)=2$. From this we can deduce that we can find the full $3$-torsion group $E_1[3]$ in the curve extension $E_1(\F_{5^2})$, the latter of which we computed in \examplename{} \ref{ex:EF52}. 
+ Consider curve $E_{1,1}(\F_5)$ again. We know from \ref{ex:G1G2-subgroups} that it contains a $3$-torsion group and that the embedding degree of $3$ is $k(3)=2$. From this we can deduce that we can find the full $3$-torsion group $E_{1,1}[3]$ in the curve extension $E_{1,1}(\F_{5^2})$, the latter of which we computed in \examplename{} \ref{ex:EF52}. 
 
-Since that curve is small, in order to find the full $3$-torsion, we can loop through all elements of $E_1(\F_{5^2})$ and check the defining equation $[3]P= \Oinf$. Invoking Sage and using our implementation of $E_1(\F_{5^2})$ in sage from \ref{ex:EF52}, we compute as follows:
+Since that curve is small, in order to find the full $3$-torsion, we can loop through all elements of $E_{1,1}(\F_{5^2})$ and check the defining equation $[3]P= \Oinf$. Invoking Sage and using our implementation of $E_{1,1}(\F_{5^2})$ in sage from \ref{ex:EF52}, we compute as follows:
 \begin{sagecommandline}
 sage: INF = E1F5_2(0) # Point at infinity
 sage: L_E1_3 = []
@@ -1259,9 +1259,9 @@ \subsection{Full torsion groups}
 sage: E1_3 = Set(L_E1_3) # Full 3-torsion set
 \end{sagecommandline}
 $$
-E_1[3] = \{\Oinf,(2,1),(2,4),(1,t),(1,4t), (2t + 1,t + 1), (2t + 1, 4t + 4), (3t + 1,t + 4), (3t + 1, 4t + 1) \}
+E_{1,1}[3] = \{\Oinf,(2,1),(2,4),(1,t),(1,4t), (2t + 1,t + 1), (2t + 1, 4t + 4), (3t + 1,t + 4), (3t + 1, 4t + 1) \}
 $$
-As we can see the group $E_1[3]$ contains $9=3^3$ many elements and the $3$-torsion group $E_{1,1}(\F_5)[3]$ of the curve over the prime field is a subset of the full torsion group. 
+As we can see the group $E_{1,1}[3]$ contains $9=3^3$ many elements and the $3$-torsion group $E_{1,1}(\F_5)[3]$ of the curve over the prime field is a subset of the full torsion group. 
 \end{example}
 \begin{example}\label{ex:TJJ13-full-torsion} HHHH Consider the \curvename{Tiny-jubjub} curve from \examplename{} \ref{TJJ13}. We know from \examplename{} \ref{ex:TJJ13-embedding-degree} that it contains a $5$-torsion group and that the embedding degree of $5$ is $4$. This implies that we can find the full $5$-torsion group $\mathit{TJJ\_13}[5]$ in the curve extension $\mathit{TJJ\_13}(\F_{13^4})$. 
 
@@ -1352,11 +1352,11 @@ \subsection{Pairing groups}
 
 \begin{example} Consider the curve $E_{1,1}(\F_5)$ from \examplename{} \ref{E1F5} again. As we have seen, this curve has the embedding degree $k=2$, and a full $3$-torsion group is given as follows:
 \begin{multline}
-E_1[3] = \{\Oinf,(2,1),(2,4), (1,t), (1,4t), (2t + 1,t + 1),\\ (2t + 1, 4t + 4),
+E_{1,1}[3] = \{\Oinf,(2,1),(2,4), (1,t), (1,4t), (2t + 1,t + 1),\\ (2t + 1, 4t + 4),
 (3t + 1,t + 4), (3t + 1, 4t + 1) \}
 \end{multline}
 
-According to the general theory, $E_1[3]$ contains $4$ subgroups, and we can characterize the subgroups $\G_1$ and $\G_2$ using the Frobenius endomorphism. Unfortunately, at the time of writing, Sage does not have a predefined Frobenius endomorphism for elliptic curves, so we have to use the Frobenius endomorphism of the underlying field as a temporary workaround. Using our implementation of $E_1[3]$ in sage from \examplename{} \ref{example:E1_full_torsion}, we compute $\G_1$ as follows:
+According to the general theory, $E_{1,1}[3]$ contains $4$ subgroups, and we can characterize the subgroups $\G_1$ and $\G_2$ using the Frobenius endomorphism. Unfortunately, at the time of writing, Sage does not have a predefined Frobenius endomorphism for elliptic curves, so we have to use the Frobenius endomorphism of the underlying field as a temporary workaround. Using our implementation of $E_{1,1}[3]$ in sage from \examplename{} \ref{example:E1_full_torsion}, we compute $\G_1$ as follows:
 \begin{sagecommandline}
 sage: L_G1 = []
 sage: for P in E1_3: