The title must be confusing. Imagine we have this curve:
$y^2 = x^3 + 9x + 17$ over $\mathbb F_{23}$
And we know
[4]P = (19 , 20)
[8]P = (12 , 17)
If we only have the value of $[8]P$, Is it possible to calculate $2^{-1}X$ and $2^{-1}Y$ of $[8]P$ to get $[4]P$?
Since 2 divides the group order (which is 32), there are two preimages. They can be found as roots of the multiplication-by-2 polynomial minus the target $x$ (which can be computed from division polynomials).
Example in Sage:
sage: E = EllipticCurve(GF(23), [9, 17])
sage: E.multiplication_by_m(2)
((x^4 + 5*x^2 + 2*x - 11)/(4*x^3 - 10*x - 1),
(8*x^6*y - 8*x^4*y + 6*x^3*y + 3*x^2*y + 3*x*y + 6*y)/(-5*x^6 + 2*x^4 - 9*x^3 + 9*x^2 + 11*x + 4))
These are the two rational maps for computing $x$ and $y$ of the point $[2](x,y)$. We want $x$ to be equal 19, so:
sage: (E.multiplication_by_m(2)[0] - 19)
.numerator()
.univariate_polynomial()
.roots(multiplicities=False)
[20, 10]
We can verify that $[2](20, *) = (19, *)$. Note that the sign of $y$ has to be chosen to match the output sign.
sage: P = E.lift_x(20)
sage: 2*P
(19 : 3 : 1)
sage: 2*(-P)
(19 : 20 : 1)
Can be repeated twice to get 4-roots, or use the multiplication-by-4 map directly (which is a bit less efficient).
multiplication_by_m is a pair of functions $(f(x),y\cdot g(x))$, such that this pair equals to $[n]P$ when $P=(x,y)$. On the wikipedia page about division polynomials I linked, there are formulas for constructing $f(x)$ and $g(x)$, which are rational functions.
– Fractalice
Dec 14 '21 at 06:02