Group Structure

Learn the group structure of elliptic curves and their special properties in this lesson.

Overview

This section describes the group structure of elliptic curves. Hereinafter, Zn\mathbb{Z}_{n} denotes a cyclic group of order nn.

Hankerson et al. (2006)Darrel Hankerson, Alfred J. Menezes, and Scott Vanstone. Guide to Elliptic Curve Cryptography. Springer Professional Computing. New York, 2006. Springer. give the following theorem to describe the group structure of E(Fp)E\left(\mathbb{F}_{p}\right):

Theorem 1: group structure of an elliptic curve

Let E be an elliptic curve over a finite field Fp\mathbb{F}_{p}. Then, E(Fp)E\left(\mathbb{F}_{p}\right) is isomorphic to Zn1Zn2\mathbb{Z}_{n_{1}} \oplus \mathbb{Z}_{n_{2}}, where n1n_{1} and n2n_{2} are unique positive integers such that n2n1n_{2} \mid n_{1} and n2p1n_{2} \mid p-1. Furthermore, they give the following statement:

It holds that #E(Fp)=n1n2\# E\left(\mathbb{F}_{p}\right)=n_{1} n_{2}. If n2=1n_{2}=1, then E(Fp)E\left(\mathbb{F}_{p}\right) is a cyclic group. If n2>1n_{2}>1 is a small integer, E(Fp)E\left(\mathbb{F}_{p}\right) is said to be almost cyclic.

Example

We consider the elliptic curve E:y2=x3+1E: y^{2}=x^{3}+1 over F5\mathbb{F}_{5} of Example 1 :Addition_of_points_example_1, where we’ve shown the order of each element of E(F5)E\left(\mathbb{F}_{5}\right). According to this corollary :Element_order , it holds that P=P|P|=|\langle P\rangle|, in other words, the order of each element PE(Fp)P \in E\left(\mathbb{F}_{p}\right) is equal to the order of the cyclic subgroup generated by PP. As each point on EE (except the point O\mathcal{O} ) has an order of 2,3,orspace62, 3, or space 6, the curve EE contains cyclic groups of these orders. For example, it’ss

(0,1):(0,1)(0,4)O\langle(0,1)\rangle:(0,1) \rightarrow(0,4) \rightarrow \mathcal{O}

or

(2,2):(2,2)(0,4)(4,0)(0,1)(2,3)O.\langle(2,2)\rangle:(2,2) \rightarrow(0,4) \rightarrow(4,0) \rightarrow(0,1) \rightarrow(2,3) \rightarrow \mathcal{O}.

This example shows that the choice of the point that generates the cyclic subgroup is of great importance. For the intractability of ECC algorithms, we usually want subgroups with high order nn, so in the most favorable case, #E(Fp)\# E\left(\mathbb{F}_{p}\right) is prime itself because then the entire group is a cyclic group by this corollary :cyclicGrp_Corollary_3, and thus each point of (except O\mathcal{O} ) is a generator of order nn.

Get hands-on with 1400+ tech skills courses.