Editing Weil pairing

{{Short description|Binary function non degenerative defined between the point of twist of an abelian variety}}
In [[mathematics]], the '''Weil pairing''' is a  [[pairing]] ([[bilinear form]], though with [[multiplicative notation]]) on the points of order dividing ''n''  of an [[elliptic curve]] ''E'', taking values in ''n''th [[root of unity|roots of unity]]. More generally there is a similar Weil pairing between points of order ''n'' of an abelian variety and its dual. It was introduced by [[André Weil]] ([[#{{harvid|Weil|1940}}|1940]]) for Jacobians of curves, who gave an abstract algebraic definition; the corresponding results for [[elliptic function]]s were known, and can be expressed simply by use of the [[Weierstrass sigma function]].

==Formulation==
Choose an elliptic curve ''E'' defined over a [[field (mathematics)|field]] ''K'', and an integer ''n''&nbsp;&gt;&nbsp;0 (we require ''n'' to be coprime to char(''K'') if char(''K'')&nbsp;&gt;&nbsp;0) such that ''K'' contains a [[primitive nth root of unity]]. Then the ''n''-torsion on <math>E(\overline{K})</math> is known to be a [[Cartesian product]] of two [[cyclic group]]s of order ''n''. The Weil pairing produces an ''n''-th root of unity

:<math>w(P,Q) \in \mu_n</math>

by means of [[Kummer theory]], for any two points <math>P,Q \in E(K)[n]</math>, where <math>E(K)[n]=\{T \in E(K) \mid n \cdot T = O \} </math> and <math>\mu_n = \{x\in K \mid x^n =1 \} </math>.

A down-to-earth construction of the Weil pairing is as follows.{{Citation needed|date=December 2024}} Choose a function ''F'' in the [[function field of an algebraic variety|function field]] of ''E'' over the [[algebraic closure]] of ''K'' with [[divisor (algebraic geometry)|divisor]]

:<math> \mathrm{div}(F)= \sum_{0 \leq k < n}[P+k\cdot Q] - \sum_{0 \leq k < n} [k\cdot Q]. </math>

So ''F'' has a simple zero at each point ''P'' + ''kQ'', and a simple pole at each point ''kQ'' if these points are all distinct. Then ''F'' is well-defined up to multiplication by a constant. If ''G'' is the translation of ''F'' by ''Q'', then by construction ''G'' has the same divisor, so the function ''G/F'' is constant.

Therefore if we define

:<math> w(P,Q):=\frac{G}{F}</math>

we shall have an ''n''-th root of unity (as translating ''n'' times must give 1) other than 1. With this definition it can be shown that ''w'' is alternating and bilinear,<ref>{{cite book|last1=Silverman|first1=Joseph|title=The Arithmetic of Elliptic Curves|date=1986|publisher=Springer-Verlag|location=New York|isbn=0-387-96203-4}}</ref> giving rise to a non-degenerate pairing on the ''n''-torsion.

The Weil pairing does not extend to a pairing on all the torsion points (the direct limit of ''n''-torsion points) because the pairings for different ''n'' are not the same. However
they do fit together to give a pairing ''T''<sub>ℓ</sub>(''E'') × ''T''<sub>ℓ</sub>(''E'')  → ''T''<sub>ℓ</sub>(μ) on the [[Tate module]] ''T''<sub>ℓ</sub>(''E'') of the elliptic curve ''E'' (the inverse limit of the ℓ<sup>''n''</sup>-torsion points) to the Tate module ''T''<sub>ℓ</sub>(μ) of the multiplicative group (the inverse limit of ℓ<sup>''n''</sup> roots of unity).

==Generalisation to abelian varieties==
For [[abelian varieties]] over an algebraically closed field ''K'', the Weil pairing is a nondegenerate pairing

:<math>A[n] \times A^\vee[n] \longrightarrow \mu_n</math>

for all ''n'' prime to the characteristic of '' K''.<ref>[[James Milne (mathematician)|James Milne]], ''Abelian Varieties'', available at www.jmilne.org/math/</ref> Here <math>A^\vee</math> denotes the [[dual abelian variety]] of ''A''. This is the so-called ''Weil pairing'' for higher dimensions. If ''A'' is equipped with a [[Abelian variety#Polarisation and dual abelian variety|polarisation]]

:<math>\lambda: A \longrightarrow A^\vee</math>,
then composition gives a (possibly degenerate) pairing

:<math>A[n] \times A[n] \longrightarrow \mu_n.</math>

If ''C'' is a projective, nonsingular curve of genus ≥&nbsp;0 over ''k'', and ''J'' its [[Jacobian variety|Jacobian]], then the [[theta-divisor]] of ''J'' induces a principal polarisation of ''J'', which in this particular case happens to be an isomorphism (see [[autoduality of Jacobians]]). Hence, composing the Weil pairing for ''J'' with the polarisation gives a nondegenerate pairing

:<math> J[n]\times J[n] \longrightarrow \mu_n</math>

for all ''n'' prime to the characteristic of ''k''.

As in the case of elliptic curves, explicit formulae for this pairing can be given in terms of [[divisors]] of ''C''.

==Applications==

The  pairing is used in [[number theory]] and [[algebraic geometry]], and has also been applied in [[elliptic curve cryptography]] and [[identity based encryption]].

==See also==
*[[Tate pairing]]
*[[Pairing-based cryptography]]
*[[Boneh–Franklin scheme]]
*[[Homomorphic Signatures for Network Coding]]

==References==
{{reflist}}
*{{Citation | last1=Weil | first1=André | author1-link=André Weil | title=Sur les fonctions algébriques à corps de constantes fini |mr=0002863 | year=1940 | journal=[[Les Comptes rendus de l'Académie des sciences]] | volume=210 | pages=592–594}}

==External links==
*[http://www.isg.rhul.ac.uk/~sdg/pair-over-C.pdf ''The Weil pairing on elliptic curves over C'' (PDF)]

{{DEFAULTSORT:Weil Pairing}}
[[Category:Elliptic curves]]
[[Category:Abelian varieties]]
[[Category:Pairing-based cryptography]]