Courbe d'Edwards

In mathematics, the Edwards curves are a family of elliptic curves studied by Harold Edwards in 2007. The concept of elliptic curves over finite fields is widely used in elliptic curve cryptography. Applications of Edwards curves to cryptography were developed by Daniel J. Bernstein and Tanja Lange: they pointed out several advantages of the Edwards form in comparison to the more well known Weierstrass form. The equation of an Edwards curve over a field K which does not have characteristic 2 is: for some scalar . Also the following form with parameters c and d is called an Edwards curve: where c, d ∈ K with cd(1 − c4·d) ≠ 0. Every Edwards curve is birationally equivalent to an elliptic curve in Montgomery form, and thus admits an algebraic group law once one chooses a point to serve as a neutral element. If K is finite, then a sizeable fraction of all elliptic curves over K can be written as Edwards curves. Often elliptic curves in Edwards form are defined having c=1, without loss of generality. In the following sections, it is assumed that c=1. (See also Weierstrass curve group law) Every Edwards curve over field K with characteristic not equal to 2 with is birationally equivalent to an elliptic curve over the same field: , where and the point is mapped to the infinity O. This birational mapping induces a group on any Edwards curve. On any elliptic curve the sum of two points is given by a rational expression of the coordinates of the points, although in general one may need to use several formulas to cover all possible pairs. For the Edwards curve, taking the neutral element to be the point (0, 1), the sum of the points and is given by the formula The opposite of any point is . The point has order 2, and the points have order 4. In particular, an Edwards curve always has a point of order 4 with coordinates in K. If d is not a square in K and , then there are no exceptional points: the denominators and are always nonzero. Therefore, the Edwards addition law is complete when d is not a square in K.