[Cryptography] Existence of point of order 4 in a Montgomery curve and its quadratic twist
Ondrej Mikle
ondrej.mikle at gmail.com
Mon Feb 12 18:38:11 EST 2018
I was reading the original paper on Twisted Edwards Curves
(https://eprint.iacr.org/2008/013.pdf) and there is one thing that does not seem
right to me or I don't understand it.
Theorem 3.5 states in the proof, that exactly one of Montgomery curve or its
nontrivial quadratic twist over field k with #k=1 mod 4 contains a point of
order 4 and the other doesn't.
However in the proof, it mentions that both the curve and its twist have
subgroup that is isomorphic to Z/2Z x Z/2Z.
But a property of group isomorphism states that:
"If (G, *) is a group that is isomorphic to (H, .) [where f is the isomorphism],
then if a belongs to G and has order n, then so does f(a)"
Shouldn't it mean that either both curve and its twist contain a point of order
4, or at least one doesn't have a subgroup isomorphic to Z/2Z x Z/2Z?
Regards,
O. Mikle
More information about the cryptography
mailing list