[seqfan] Re: Crypto EllipticK & A000984

Brad Klee bradklee at gmail.com
Thu Jul 27 21:18:11 CEST 2017

Hi Andy and All,

Thanks for writing, you also have worthwhile comments.

The best general methods for discrete time evolution seem to be symplectic
integration or Euler's method along a conserved energy surface. Both
methods practically involve truncation of infinite series, so will only
conserve energy within a range given by some, hopefully small, dE.

Given a surface over a two-dimensional space, possibly the Hamiltonian,
level sets around an analytic local minimum will look sufficiently like
circles. These curves can always be expressed in polar coordinates as
trigonometric polynomials (for definition, see:
http://math.uga.edu/~pete/trotter.pdf ). What's nice, the Fourier
coefficients need not be computed by any sort of overlap integral.
Consequently, re-parametrizations such as time dependence can also be
written, easily, as trigonometric polynomials.

It's easy-enough to work out a scheme for arbitrary-precision calculation,
but difficult to decide when the series expansions will converge to
rational values, especially because of transcendental sine and cosine
functions. To me, that is what makes the Edward's Addition law such a
curious and incredible discovery.

I don't think we should throw integral calculations out the window just
because of cryptography's needs. History aside, there is still an interest
to prove that iteration of the addition rules generates a group algebra
with properties such as associative and commutative. Even renowned Thomas
Hales says that this is not, at first, an easy task for young people (cf.

As long as dphi/dt never equals zero the group structure is nothing more
than U(1). Both phi and t parametrizations are periodic, with t-period
given by the integral of dt over one complete phi period, [0,2pi].

Undergraduates should be able to do the calculus. From there it is not
difficult to realize that U(1) has both commutative and associative
properties. If there are issues going from a continuous U(1) group to some
C_n or D_n subset, then it may take extra effort to meet knowledge goals
set by Hales.

My intuition agrees with your statement that no general method exists for
finding useful Q-maps, but I will have to thoroughly defeat myself before
giving up on the dreamy idea that some other special cases exist. The
hexagonal disk is one candidate, pendulum phase space another.

Exciting times,


On Thu, Jul 27, 2017 at 8:05 AM, Andrew N W Hone <A.N.W.Hone at kent.ac.uk>

> Dear Brad,
> Your questions and comments are very worthwhile, in particular
> ***** Why should the continuous flow calculated as time evolution coincide
> with discrete flows provided by iterating the addition rule?
> In general, there is no "natural" discrete version of a Hamiltonian flow.
> Most discretization schemes (like Euler's method, Newton-Raphson etc.)
> will not give anything nice, even if the original flow is completely
> integrable. In particular, most discretizations will not preserve the
> Hamiltonian (energy).
> However, for a Hamiltonian system with one degree of freedom (one position
> x, one momentum y), the level sets of the Hamiltonian H are one-dimensional
> (curves) given by the equation H(x,y)=constant. So if you have a map of
> the (x,y) plane to itself which also preserves H, then the iterates of this
> map must lie on the same level curves,
> and so must interpolate the continuous flow. There is a slight subtlety
> here, which would invalidate what I said: the real level sets of H may have
> more than one connected component,
> and the map could jump between different components.
> Now the curves
> a=x^2+y^2 +x^2*y^2
> are genus 1, and as a complex curve (Riemann surface) they are connected
> and smooth for almost all a. A birational map in (x,y) that preserves this
> curve must be a combination of an involution
> and a translation (this is a general result on automorphisms of elliptic
> curves, as in e.g. Silverman's book "The Arithmetic of Elliptic Curves").
> If the map is orientation-preserving then it is just a translation.
> One can use the parameter t from the Hamiltonian flow as a local complex
> parameter on the curve, and then one finds that the map is just a shift t
> -> t + constant.
> Best wishes
> Andy
> ________________________________________
> From: SeqFan [seqfan-bounces at list.seqfan.eu] on behalf of Brad Klee [
> bradklee at gmail.com]
> Sent: 25 July 2017 23:05
> To: Sequence Fanatics Discussion list
> Subject: [seqfan] Re: Crypto EllipticK & A000984
> Hi Andrew and All,
> Yes, what you say is also correct. For those who don't already know,
> consider that
> Area = S(a) = -int x(a,y)*dy = int y(x,a)*dx,
> and taking the derivative with respect to "a"
> dS(a)/da = int dy/ (-da/dx) = int dx/(da/dy) .
> If we have dx/dt = da/dy = (\partial a / \partial y) and dy/dt = -da/dx =
> -(\partial a / \partial y), then dS(a)/da, up to a sign, gives an integral
> "smooth flow", also called the /time evolution/ in physics. Then the
> Hamilton equations provide a third means,
> dphi/dt = cos(phi)^2 (d tan(phi)/dt) = (x*(dy/dt) - y*(dx/dt))/(x^2+y^2)
> This can be re-written as a ratio of polynomials in variables (x,y), so
> easily transforms to polar coordinates, then to a function of phi alone.
> After some work on simplification, the expression does reduce to a simple
> form, this time:
> dphi/dt =  2*sqrt(1-4*a*Z^2).
> The factor of two is consistent. It reduces to one by choosing different
> Hamilton's equations, dy/dt = -(1/2)*(\partial a / \partial x), dx/dt =
> (1/2)*(\partial a / \partial y). Conventions determine the overall scale,
> so it's usually okay to make whatever choice sets the period function equal
> to 1 in the limit of small amplitude.
> I don't think this demonstration of consistency makes my earlier remark any
> more inane. Merely stating derivatives does not bring to the fore a
> connection between differential equations and addition rules.
> ***** Why should the continuous flow calculated as time evolution coincide
> with discrete flows provided by iterating the addition rule?
> I will continue to struggle with Edward's original paper and check the
> reference (thank you) to see if it contains any explanation I can
> understand. Until then, let's assume ( perhaps incorrectly ) that there
> exists a higher perspective where it is obvious that the continuous time
> evolution of an integrable Hamiltonian system determines a discrete map
> (Q^2,Q^2) |---> Q^2 . Consequently it would become possible to explore
> ciphers based on algebraic curves, a superset of elliptic curves.
> For example, taking the Hamiltonian form of Edward's curve as a map from
> the unit disk to the unit square, we generalize to a polynomial that maps a
> unit disk to a unit hexagon:
> A - 9*A^2 + 12*A^3 + 12*A^3*X = a / 36 = b ;
> where 18*A = r^2 and X = cos(6*phi) transform to polar coordinates (r,phi).
> Under these conventions the critical points, vertices of a regular hexagon,
> are located at a,r=1; phi = pi/2+n*pi/3. Now A can be solved as a function
> of (phi,a) or (phi,b) exactly or via series reversion. Calculating "time
> evolution", the period function can be written:
> *as coefficients of powers of b, offset 0:
> T = (1/2/pi)*int_0^{2pi} dphi (dA/db) =
> 1, 18, 450, 12420, 360450, 10797948, 330862644 . . .
> * as coefficients of powers of a, offset 0:
> T = 36*(1/2/pi)*int_0^{2pi} dphi (dA/da) =
> 1, 1/2, 25/72, 115/432, 2225/10368, 3703/20736, 1021181/6718464 . . .
> numerators: 1,1,25,115,2225,3703,1021181 . . .
> denominators: 1,2,72,432,10368,20736,6718464 . . .
> I have yet to find either of these expansions in OEIS, but who knows? At
> least it isn't EllipticK.
> Finally, is there some discrete, rational addition system on a
> hexagonal-symmetric, 2pi-periodic curve, that looks like continuous time
> evolution in the limit of a small increment? I wonder on this point, yet I
> do not know...
> Thanks,
> Brad
> Errata: in a previous email, I write "a = x^2 + y^2 + x^2*y^2" rather than
> "a
> = x^2 + y^2 - x^2*y^2". This is a typo; though, mostly inconsequential. And
> divise should rather be devise, apologies.
> --
> Seqfan Mailing list - http://list.seqfan.eu/
> --
> Seqfan Mailing list - http://list.seqfan.eu/

More information about the SeqFan mailing list