Twisted Edwards and Zcash lemma 5.4.7

notes where I was confused, i am no longer confused

We begin with a motivating walk through of Twisted Edwards curves, and the proof to Lemma 5.4.7. Italics mine.

First, recall the Twisted Edwards[^3] form for elliptic curves. If the Weierstrass curve equation is:

y^{2} = x^{3} + a x + b

Then the Twisted Edwards form is:

a u^{2} + v^{2} = 1 + d u^{2} v^{2}

The

a

parameter is the "twist" of the Edwards curve; if

a = 1

, the curve is "untwisted".

Where^[1] :

u = \frac{1 + y}{1 - y} v = \frac{x}{1 - y}

Lemma 5.4.7. Let

P = (u, v) \in J^{(r)} .

Then

(u, - v) \notin J^{(r)}

(subgroup of Jubjub of order r).

Proof
If

P

is the point at infinity then

(u, v) = (0, 1),

but

- P = (0, - 1)

which does not lie on the subgroup.

$a (0^{2}) + (- 1)^{2} = 1 + d (0^{2}) (- 1)^{2} = 1$ definitely satisfies the point equation. Is this some peculiar Twisted Edwards convention, to represent the point at infinity as
$(0, 1)$ , but to say that
$- O = - (0, 1) = (0, 1) = O$ ?

All other points

P

have odd order.

because
$P$ lies the some subgroup of order
$r$ , presumably chosen to be an odd prime.

Further,

v \neq 0

, since if

v = 0

a u^{2} + 0^{2} = 1 + d * 0 = a u^{2} = 1 ⟹ u = \pm \sqrt{1 / a}

Which implies that

[2] P = (0, - 1)

then

[2] ([2] P) = (0, 1) = O

, which obtains

P

of even order, a contradiction.

Now, anticipating contradiction, let

P = (u, v), Q = (u, - v)

be points on the subgroup.
By the doubling formula, we have that

[2] Q = - [2] P

But also,

[2] (- P) = - [2] P

Therefore either:

$Q = - P ⟹ Q . v = (- P) . v$ , a contradiction,
- I'm not certain I believe that's a contradiction
Or doubling is not injective on the subgroup, which contradict's the subgroup's having odd order.

footnotes

Don't check this by hand. The algebra won't work out nicely, or at least mine didn't. I'm not sure why, but I believe the answer has something to do with algebraic geometers mumbling curses, and at this point I'm not interested enough to dig deeper. But if you, dear reader, know what that's about, do reach out, I'd love to know. ↩︎