[Cryptography] Edwards curves are just ellipses - and why ECC works

[Peter Fairbrother]

On 03/10/15 00:15, Bill Cox wrote:
[...]
> It turns out that anyone can trivially create "addition laws" to create
> new ways to add "group elements" together, forming an "Abelian group ".
>    Here's how:
>
> 1) Pick _any_ one-to-one function, so that an inverse exists, even if it
> is hard to compute, Call this function F, and it's inverse Finv.
> 2) Write out the function G(a, b) = Finv(F(a) + F(b)).  This is the
> "group addition law" that shows how to add elements of the group.


There is a bit more to it.

Elementary group theory:  A group is a set of elements with an 
associated binary operation. For it to be a group the binary operation 
must have three required properties: closure, inverses, associativity. 
As a fourth required property, one of the elements in the set must be an 
identity element.

Looking at closure for a start. In your construction F(a) + F(b) need 
not be in the domain of F, in which case G(a, b) does not exist and the 
construct is not a group.

By the same argument, using your method can produce an operation without 
inverses.

In a group, the binary operation is by definition associative, ie for 
all a,b,c in the group set (a*b)*c = a*(b*c). The method you suggest 
does not necessarily produce associative operations.

In a group there must be an identity element - the method you suggest 
does not necessarily result in the existence of an identity element.


So, 0 out of 4 required properties - not very good. And not groups.



An example. The domain of the one-to-one function F is apple, orange, 
halfbrick, lead pipe. The codomain is orange, apple, leadpipe, 
halfbrick. The function is
o -> a
a -> o
h -> l
l -> h
and the inverse is
a -> o
o -> a
l -> h
h -> l


What does G(apple, leadpipe) equal?





-- Peter Fairbrother