Elliptic curves
description
Transcript of Elliptic curves
-
Chapter
Introduction to Elliptic
Curves
The a b c s and j
We begin with a series of denitions of elliptic curve in order of increasing
generality and sophistication These denitions involve technical terms which
will be dened at some point in what follows
The most concrete denition is that of a curve E given by a nonsingular
Weierstrass equation
y
a
xy a
y x
a
x
a
x a
The coecients a
i
are in a eld K and EK denotes the set of all solutions
x y K K together with the point O at innity to be explained in
x We will see later why the as are numbered in this way to remember the
Weierstrass equation think of the terms as being in a graded ring with
weight of x
y
a
i
i
so that each term in the equation has weight This also explains the absence
of a
A slightly more general denition is a plane nonsingular cubic with a ra
tional point rational means the coordinates are in the designated eld K and
does not refer to the rational eld Q unless of course K Q An example of
such a curve that is not a Weierstrass equation is the Fermat curve
x
y
with points x y
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
assuming the characteristic of K denoted charK is not In Corollary
we will see how to transform such an equation into Weierstrass form
More general still a nonsingular curve of genus with a rational point As
we will explain later conic sections circles ellipses parabolas and hyperbolas
have genus which implies that they are not elliptic curves An example
that is not encompassed by the previous denitions is
y
x
with points x y
assuming charK Proposition below explains how to transform such
quartic equations into Weierstrass form without using
p
or
p
Alternative terminology which emphasizes the algebraic group structure
abelian variety of dimension
More abstractly E is a scheme over a base scheme S eg spec K which
is proper at and nitely presented equipped with a section there is little
point to state all the technicalities at this time Suce it to say that the work
of Tate Mazur and many others makes it plain that it is essential to know the
language of schemes to understand the deeper arithmetic properties of elliptic
curves More easily said than done
Now let us begin to ll in some details Consider a Weierstrass equation
which we denote as E If charK we can complete the square by dening
y a
x a
x
b
x
b
x
b
where
b
a
a
b
a
a
a
b
a
a
If charK we can complete the cube by setting x b
c
c
where
c
b
b
c
b
b
b
b
One then denes
b
a
a
a
a
a
a
a
a
a
a
and
b
b
b
b
b
b
b
The subscripts on the bs and cs are their weights We refer to and
as the aform bform and cform respectively The denitions and
are made for all E regardless of the characteristic of K and the condition that
the curve be nonsingular and so dene an elliptic curve is that as we
will explain in x Then one denes j c
For example
when charK a
and a
are not both zero
-
THE ABC S AND J
Thus y a
x a
is nonzero
y
for every elliptic curve E in any characteristic When charK
we have and is determined up to sign by x Note that
x
b
x
b
x b
is valid in all characteristics
The covariants c
c
and the discriminant have weights respec
tively The quantity j dened above when is called the jinvariant or
simply the invariant of E its weight is
It is often convenient to include as a third covariant Thus we say that
y
y x
x
A
has covariants meaning that c
c
and
The label A is the standard catalog name of this elliptic curve as in AntIV
we put the letter rst rather than A so that A can be used as the name of
this curve in computer programs such as a
p
e
cs see the appendix to this chapter
In Cre which extends the catalog of AntIV the labelling has been modied
with the former notation given in parentheses this curve is denoted A
by force of habit we will use the notation of AntIV for curves contained in
that catalog and then use Cremonas notation for curves that are only in the
larger catalog
For convenience of reference we collect these various denitions in a box
b
a
a
b
a
a
a
b
a
a
b
a
a
a
a
a
a
a
a
a
a
c
b
b
c
b
b
b
b
b
b
b
b
b
b
b
y a
x a
b
b
b
b
c
c
j c
c
The last three lines in the box are identities that one can verify on the computer
y
as an element of the eld L Kx y obtained as a quadratic extension Kxy of the
transcendental extension Kx where y is dened by equation As will be discussed in
x L is called the function eld of E and P x y EL is called a generic point
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Examples
Suppose charK Then is times the polynomial discriminant
y
of the cubic on the right side of the bform
Dis
x
b
x
b
x b
Hence i! the cubic has a multiple root
If charK or an alternative to the cform is
"c
"c
Caution We have put bars on the c s because with the displayed values for
the Weierstrass coecients a
a
"c
the formulas give c
"c
c
"c
In the case of bars are not necessary the calculated cs
are the same as the cs in the equation
y
x
bx c
has covariants b c b
c
Thus provided
c
y
x
c
has c
and j
and provided b
y
x
bx
has c
and j
Generic j provided j
y
xy x
j
x
j
has jinvariant j the covariants are
c
c
j
j
and
j
j
WhenK is the real eldRwe can take the equation in cform
The cubic has either or real roots according as the discriminant is negative
or positive thus as a real manifold there are or components We will see in
x that the addition of the point O at will compactify the curve
On the following interleaving sheet there are plots of three examples the
same ones used in Silp
y
in the usual sense Disf
nn
Resultantf f
where n degf
DisX
aX b a
b
DisX
aX
bX c a
c a
b
abc b
c
in particular DisX
bX c b
c
and
DisX
bX
cX d b
d b
c
b
d
bc
d c
d
-
QUARTIC TO WEIERSTRASS
Quartic to Weierstrass
If K is a eld K
denotes the multiplicative group and K denotes an algebraic
closure
Let F be a nonzero homogeneous polynomial in the variables UW over the
eld K Recall that a root of F is a ratio U W corresponding to a
linear factor U W of F where one but not both of may be For
example the homogeneous quartic
U
W
UW
has the double root U W and the two simple roots If the
degree of F is n then over K F has precisely n roots some of which may be
coincident
Let K be a eld of characteristic and consider the curve dened by
an equation over K of the form v
a quartic in u with a rational point
u v p q Replacing u by u p we can assume that p
v
au
bu
cu
du q
When q such a curve is birationally equivalent to one given by a Weierstrass
equation
Proposition Let K be a eld with charK and u v transcendentals
over K satisfying
v
au
bu
cu
du q
where a b c d K and q K
Then
x qv q duu
y q
v q qdu cu
d
u
qu
satisfy the Weierstrass equation with
a
dq a
c d
q
a
qb a
q
a
a
a
a
ad
q
c
The discriminant of this Weierstrass equation is i the homogeneous quartic
aU
bU
W cU
W
dUW
q
W
has a repeated root in K ie i either a b or the polynomial on the right
in has a repeated root in K
The inverse transformation is given by
u qx c d
qy v q uux dq
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
In this birational correspondence the point u v q on corresponds
to the point x y a
a
a
a
on the Weierstrass curve
y
Remarks The proposition essentially covers all cases where as we
can indicate now by anticipating some denitions and results that will be given
later Consider
v
au
bu
cu
du e #
where at least one of a b is nonzero and the polynomial on the right has no
repeated roots inK Then # is birationally equivalent overK to a Weierstrass
equation i! this curve has a rational place which means that either
there is a rational point u v p q and then either
i q replace u with u p so the equation becomes that treated
directly by the proposition or
ii q replace u v with u p vu
to obtain an equation of the
type dealt with in iv below
or there is a rational place at This means that either
iii a q
K
there are two rational places at cf Proposi
tion b replacing u by u and v by vu
puts # in the form
treated by the proposition or
iv a # is essentially already in Weierstrass form take u
xb v yb When e q
K
this gives a Weierstrass equa
tion di!erent from that of the proposition but the two Weierstrass
equations can be transformed birationally one into the other
The meaning of the inverse transformation is this if x y satisfy the Weier
strass equation then u v dened as rational functions in x y in this way satisfy
Proof For all but the last statement of the proposition the verication is by
direct calculation nowadays best performed on the computer The theorem
of RiemannRoch discussed in Chapter gives the theoretical explanation see
Corollary For example to see when one calculates
when a then D where D is the discriminant of the quartic on
the right of
when a b then b
D where D is the discriminant of the
cubic on the right of
when a b then
y
John Cremona suggested adding this last statement
-
QUARTIC TO WEIERSTRASS
To obtain the image of q we cannot simply substitute u v
q into the formulas for x and y since we get the indeterminate form
LH$opitals rule a!ords the quickest way to obtain the answer we di!erentiate
the numerator and denominator of x twice with respect to u and those of y three
times using dvdu au
dv obtained by di!erentiating and
then cancel common factors such as from the numerator and denominator of
the resulting fractions Again the computer makes this relatively painless and
may tempt the reader to nd the point u v corresponding to x y a
The validity of the method for all K with charK depends on the fact that
the functions have perfectly usable Taylor expansions there is no problem with
factorials in denominators which are most easily described in the eld of formal
power series as follows
Regard u as an indeterminate so that the eld of rational functions Ku
is canonically a subeld of the eld Ku of formal power series ie series
of the form
P
N
k
n
u
n
for some N Z k
n
K Now denes a quadratic
extension L Kuv ofKu and there are two embeddings L Ku
corresponding to the two square roots of au
The one that is relevant
here is
v q
d
q
u
c
q
u
b
q
u
a
q
u
q
d
q
u
d
q
c
q
u
Induction or at worst a reference to the general binomial theorem in Con
shows that is the only prime that occurs in denominators and substitution
yields
x
d
q
c
d
q
cd
q
b
u
y
d
q
cd
q
bq
d
q
u
When u these expressions reduce to a
and a
a
a
respectively
Example The curve v
u
was mentioned in x in a di!erent
notation as an example of a curve of genus with a rational point u
v
To apply the proposition we substitute u
u obtaining the curve
v
u
u
u
u
With a b c d q we nd that
x u v u
y u
u v u
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
satisfy the Weierstrass equation
y
xy y x
x
x
We obtain a simpler Weierstrass equation by completing the square on the left
and then the cube on the right the equation becomes
y
x
x
where x
x y
y x
Using the notation
u
v u v x y x
y
the transformation formulas give
and LH$opital yields
The inverse transformations yield eg
x
y
u
v
J Fearnley raised the question starting with di!erent rational points on
the same quartic how are the Weierstrass equations given by the proposition
related% We will see in a later chapter that the RiemannRoch theorem implies
that one can pass from one equation to any other one by a transformation of
the form x
x
r y
y
s
x
t where r s t K In the
language of x the elliptic curves are isomorphic
The above proposition can be &reverse engineered given a point Q x
y
satisfying a Weierstrass equation E one can write down an equation v
au
as in the proposition and birational transformations between E and
such that Q corresponds to q The rst step is to transform the
equation of E to a new Weierstrass equation E
whose coecients satisfy a
a
a
and such that Q is transformed to a
a
a
a
as in the proposition
For reference purposes we put the details in a
-
QUARTIC TO WEIERSTRASS
Corollary Let K be a eld of characteristic let E be a Weierstrass
equation with coecients a
a
K and let Q x
y
EK
a Dene
x
x x
a
y
y y
a
x
a
Then x
y
satisfy the Weierstrass equation with coecients
a
a
a
x
a
x
a
y
a
x
a
a
y
a
a
a
a
y
a
a
x
x
a
a
a
a
a
a
a
In terms of the new x
y
coordinates
Q x
y
a
a
a
a
b Dene
u
x x
y y
a
x
a
v
x x
a
u
a
u
Then
v
au
bu
cu
du
where
a a
b a
c a
a
d a
The inverse transformations are
x v duu
x
a
y v du cu
d
u
u
y
a
x
a
In this birational correspondence Q corresponds to the point u v on
Proof The verication of a amounts to some easy calculations and b to
applying the formulas in the proposition where we have chosen q There is
no real loss of generality in the proposition if we take q this corresponds
to replacing v with qv and dividing by q
We mention two points concerning the calculation of E
If E satises a
a
a
it is still usually necessary to make the transfor
mation to E
in order to have Q a
a
a
a
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Another application of the transformation produces no change x
x
and y
y
hence a
i
a
i
Because the reciprocal quartic a bu cu
du
u
will arise on
several occasions it is worthwhile to introduce special notation It turns out
to be convenient to substitute u m a
which produces a quartic
polynomial m
Multiplying this by and using the notation
y
a
x
a
the resulting quartic is
Quar
Q
m b
b
b
x
x
m b
x
m
m
Combining the relation u m a
with those connecting u v with
x y we have
Corollary With K and E as in the previous corollary for each point
Q EK the quartic curve
v
Quar
Q
m
is birationally equivalent with E
Here is a numerical example over K Q
E y
x
x
x Q A
E
y
x
x
x
x
y
Quar
Q
m m
m
The signicance of the fact that this polynomial has rational roots m will
be revealed in x
Here are three examples of E with y
x
y
x
x
and
y
x
x
For these three E Quar
m is respectively
m
m
m
m
We quote from AdaRa p a specialized form of the previous corollary
that will be used later
Corollary Let P p q be a point on E y
x
bx c all dened
over the eld K of characteristic and dene
u
y q
x p
v x p
y q
x p
Then
v
u
pu
qu b p
The inverse transfomation is
x u
v p y u
uv pu q
-
PROJECTIVE COORDINATES
The procedure for transforming the general cubic s
u
s
u
v s
v
s
to a Weierstrass equation involves projective coordinates and projective
transformations and so will be given in x after these necessary preliminaries
Projective coordinates
When we call E a plane curve we are referring to the projective plane P
Let
us recall the denition of ndimensional projective space P
n
K over a eld K
From ane space A
n
K which consists of all ntuples X
X
n
K
n
we remove the origin and divide by the equivalence relation
given by the action of the multiplicative groupK
X
X
n
and Y
Y
n
are equivalent if K
such that Y
i
X
i
i This relation is reexive
since K
symmetric since K
K
and transitive since
K
K
Thus P
K consists of all triples XY Z where
not all of XY Z are and where we identify XY Z with X Y Z for
K
If K
is an overeld of K then there is a natural inclusion P
n
K P
n
K
for if X
X
n
Y
Y
n
represent points in P
n
K and K
is such
that Y
i
X
i
i then K
since at least one X
i
On the other hand
if P P
n
K
is represented by X
X
n
K
n
then P P
n
K i!
K
such that all X
i
K
equivalently if X
j
is any nonzero coordinate
then X
i
X
j
K for all i We then say that P is dened over K
K always denotes an algebraic closure of K and we normally abbreviate
P
n
K to P
n
Recall that a homogeneous polynomial F of degree d in the n variable
polynomial ring KU
U
n
ie a nonzero linear combination of monomials
U
d
U
d
n
n
with d
d
n
d has the property
F U
U
n
d
F U
U
n
K
In fact this can be taken as the denition when K is innite alternatively if
this relation is true for a nonzero polynomial F and a transcendental then F
is homogeneous of degree d It follows that &F P is unambiguously true
or false for a point P P
n
K The zero set of F over K is
Z
K
F fP P
n
K F P g
ZF stands for Z
K
F
A hyperplane in P
n
K is the zero set of a linear homogeneous equation
c
X
c
n
X
n
where the c
i
are not all A linear subspace of P
n
K
is an intersection of hyperplanes in other words the set of points whose coordi
nates satisfy a system of linear homogeneous equations The usual elimination
procedure of linear algebra removes redundant equations so that one has a sys
tem of r equations where r is the rank of the coecient matrix The dimension
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
of the linear subspace is dened to be n r Thus the dimension of P
n
K is n
Lines and planes are linear subspaces of dimension and respectively in
P
K hyperplanes are lines
We know from linear algebra that the rank of a matrix does not change when
we view it as being dened over a larger eld Thus the dimension of a linear
subspace determined by a set of equations dened overK does not change when
K is replaced by an overeld K
Linear coordinate changes are given by invertible n n matrices
A a
ij
X
i
a
i
X
a
in
X
n
We indicate this with the matrix notation AX X
where X is the column
vector with entries X
X
n
and similarly for X
Since A for K
gives
the same transformation one is led to the projective general linear group
PGL
n
K GL
n
KhK
Ii
the quotient of the general linear group of invertible n n matrices
by the normal subgroup of nonzero scalar matrices
Clearly the property of being a linear subspace of dimension nr is preserved
under a linear change of coordinates in particular lines remain lines Also the
set of homogeneous polynomials of degree d is mapped to itself
For later use we make the simple observation that for any given point a
coordinate system can be chosen so that the point has coordinates
for example More generally
Proposition Let P
i
a
i
a
ni
i n be points in P
n
K
not contained in any hyperplane ie the n n matrix M whose ith
column is a
i
a
ni
is invertible Then under the linear change of coordi
nates M
X X
the new coordinates of P
P
n
are
respectively
We choose the line Z as the line at innity in P
K This choice
is arbitrary unlike ane space which has the origin as a distinguished point
y
the projective plane has no distinguished point or line But having made this
choice the points are of two types
i the ane points with Z XY Z x y where x XZ
y YZ
ii the points at innity with Z XY
y
Here ane space is regarded as a vector space however when regarded as an algebraic
variety there is no distinguished point
-
PROJECTIVE COORDINATES
A compact visualization of P
R is the closed disc with antipodal dia
metrically opposite points identied
This picture can be obtained by projecting from the center of a hemisphere
to the ane plane
This sets up a bijection between the points on the ane plane and the interior
points of the disc the hemisphere attened out The points XY at are
in bijection with the lines through the origin in the ane plane the line through
and XY is the same as that through and X Y And these
lines are in bijection with pairs of antipodal points on the circle bounding the
disc
If we rewrite the Weierstrass equation
f y
a
xy a
y x
a
x
a
x a
in projective coordinates by substituting x XZ y YZ and multiplying
by Z
we get
F Y
Z a
XY Z a
Y Z
X
a
X
Z a
XZ
a
Z
which is a homogeneous polynomial of degree At innity this reduces to
X
hence X and E has the unique point at innity
Y
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
This serves as the designated rational point O of E How the general curve
of genus with a rational point O is converted into Weierstrass form will be
explained when we discuss the RiemannRoch theorem indeed that theorem
will be needed to dene the genus of a curve
A basic topic in the algebraic geometry of P
is the analysis of the points of
intersection of two curves The general discussion is quite involved and for now
we give only the simplest results
Proposition Let K be any eld
a Let F be a nonzero homogeneous polynomial of degree d in the two vari
ables U
and U
dened over K say
F
d
Y
i
i
U
i
U
for appropriate
i
i
K Then in P
ZF consists of d points
i
i
possibly some coincident
b If L and C are nonzero homogeneous polynomials of degrees and d
respectively in three variables dened over K then in P
either ZL ZC
or ZL ZC consists of d points possibly some coincident
c If C
and C
are nonconstant homogeneous polynomials in KU
U
U
then in P
the set ZC
ZC
is nonempty This set is nite i C
and C
have no common factor and in that case all points in Z
K
C
Z
K
C
for
any eld K
K are dened over K
Remarks Anticipating denitions to be made in Chapter a plane curve
over K is e!ectively a homogeneous polynomial F in the variables U
U
U
and the degree of the curve is the degree of F Thus two lines in P
if not
coincident intersect in a unique point and a line intersects a curve of degree d
either in precisely d points properly counted or else is entirely contained in
that curve in which case the line is a component of the curve
Statement c can be formulated as two curves in P
intersect in at least one
point the intersection is nite i! the curves have no component in common and
then all intersection points are algebraic over K B'ezouts theorem says that
two curves with degrees d
and d
and without common components intersect in
exactly d
d
points properly counted However the precise statement requires
a number of preliminaries including a discussion of singular points
Proof a is obvious
b Let L c
U
c
U
c
U
where say c
Substituting U
c
c
U
c
c
U
into G yields a homogeneous polynomial in U
U
which is either or nonzero of degree d The statement now follows from
part a
c Let C
i
be homogeneous in U
U
U
of degree d
i
By Proposi
tion choose a coordinate system so that is on neither C
i
Then
C
i
c
i
c
i
U
c
id
i
U
d
i
-
CUBIC TO WEIERSTRASS NAGELLS ALGORITHM
where both c
id
i
are nonzero constants and c
ij
if not is homogeneous in U
U
of degree d
i
j
As polynomials in the variable U
over the ring KU
U
their resultant R
is a polynomial in KU
U
and there exist KU
U
U
such that
C
C
R
In fact and are homogeneous of degrees d
d
and d
d
respectively
and therefore R if not is homogeneous in U
U
of degree d
d
All of this
follows from a formula that we quote from Conp
R
c
d
c
U
d
C
c
d
c
U
d
C
c
d
c
U
C
c
d
c
C
c
d
c
U
d
C
c
d
c
U
C
c
d
c
C
where entries in a row outside the subscript limits of c
ij
are Expansion of
this determinant along the right column simultaneously gives and R
R i! the C
i
have a common factor F which is a nonconstant polynomial
in U
over the eld KU
U
in fact since factors of homogeneous polynomials
are again homogeneous F is a homogeneous polynomial of positive degree in
the three variables Then the two curves share the component ZF
If R let U
U
be a factor of R as in a where say Let
f
C
denote the image of C
under the substitution U
U
and similarly
for
f
C
and
e
R Since the leading coecient of C
i
is a constant the degree of
f
C
i
in U
is still d
i
and therefore
e
R is the resultant of
f
C
f
C
as polynomials in U
over KU
The fact that
e
R means that these polynomials have a factor
U
U
in common Hence the point lies on the intersection of
the two curves
Suppose R and P a
a
a
lies on both curves Since c
id
i
therefore a
and a
are not both Under the substitutions U
i
a
i
R becomes
e
R by hence a
U
a
U
is a factor of R Multiplying the coordinates
of P by an appropriate we can assume that a
a
K and then from either
of the equations
f
C
i
we conclude that a
K also
Cubic to Weierstrass Nagells algorithm
Let K be a eld of characteristic or and consider the curve dened by an
equation over K of the form a cubic in u and v with a rational point p q
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
This time we can translate both variables Replacing u by u p and v by v q
we can assume that the rational point is
s
u
s
u
v s
uv
s
v
s
u
s
uv s
v
s
u s
v
Let f denote the polynomial on the left of
We now describe the algorithm due to Nagell Nag to transform f into
Weierstrass form or to discover that the curve is not elliptic
Step Interchange u and v if necessary to ensure s
If both s
and
s
are then is a singular point see x and the curve is not elliptic
Step Substitute u UW v VW and clear denominators to obtain
the homogenized form
F F
F
W F
W
where
F
s
U
s
U
V s
UV
s
V
F
s
U
s
UV s
V
F
s
U s
V
The rational point P with u vcoordinates has projective coordinates
U VW The tangent line at P given by F
meets the curve
in the point Q e
s
e
s
e
where e
i
F
i
s
s
i The e
i
cannot both be because that would make the tangent a component and the
curve would be reducible not elliptic e
means that P Q is a ex
the tangent has triple contact with the curve at P while e
means that
Q is at innity If e
make the coordinate change U U
s
e
e
W
V V
s
e
e
W
W W
while if e
make the change U U
s
W
V V
s
W
W U
In either case Q is now at the origin U
V
W
and the tangent at P is s
U
s
V
We can now return to ane
coordinates u
U
W
v
V
W
projective coordinates were really only
needed to deal with the case when Q was at innity
Step If the equation in terms of u
v
is f
f
f
f
where
f
i
f
i
u
v
denotes the homogeneous part of f
of degree i then
u
f
t u
f
t f
t
where t v
u
Thus
u
p
v
tu
where
i
f
i
t and
The values of t such that are the
slopes of the tangents to the curve that pass through Q and one of these values
is t
s
s
Write t t
so that
is a cubic polynomial in
-
CUBIC TO WEIERSTRASS NAGELLS ALGORITHM
Step Finally if
c
d
e k
then c since c implies that the original curve is not elliptic and the
substitutions xc y
c
give the Weierstrass equation
y
x
dx
cex c
k
The relations between the original variables u v and x y can be traced back
starting with where
t t
cx c
y
x
Example Selmer curves
By a Selmer curve we understand a homogeneous cubic equation of the form
aU
bV
cW
where abc
or an ane version such as
au
bv
c
The coecients appear symmetrically in the homogeneous case we can permute
the variables to obtain a permutation of a b c in the ane case to interchange
a and c for instance we can substitute u vu for u v
Let us apply Nagells algorithm
Proposition Let the Selmer curve
au
bv
c where abc
be dened over a eld K of characteristic or and permuting a b c if
necessary assume that
p
cb K Then the Selmer curve is birationally
equivalent to the Weierstrass curve
y
x
a
b
c
under the mutually inverse transformations
u
b
x
y abc
v
y abc
y abc
x
ab
u
v
y abc
v
v
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Remark Replacing u v with bu vu transforms the Selmer curve to u
v
ab
which is dealt with in the rst corollary below Thus the proposition
is not really more general but it is convenient to have the details displayed for
the symmetrical abcequation a similar remark applies to the second corollary
Proof Replacing v with v yields a cubic of the form of the previous
section with
s
a s
b s
b s
b
and the remaining s
i
We nd e
e
abc
Hence no transforma
tion is needed in step and
a bt
bt
b
t
b
ta bt
t
t ab
b
Hence the Weierstrass equation is
y
x
a
b
c
where x y are as stated in the proposition
We single out a particular example that will be referred to later
Corollary Let K be a eld of characteristic or and let a K
Then the twisted Fermat curve
u
v
a
is birationally equivalent to the Weierstrass curve
y
x
a
under the mutually inverse transformations
u
a y
x
v
a y
x
x
a
u v
y a
v u
v u
Proof We substitute u u
and v v
u
apply the proposition with
b c then translate the formulas back using u
u v
vu
For example if a
then
u v x y
The proposition can be restated in terms of projective coordinates as follows
where c is replaced by c
-
CUBIC TO WEIERSTRASS NAGELLS ALGORITHM
Corollary Let C denote the Selmer curve aU
bV
cW
dened
over the eld K of characteristic or assume abc and
p
cb
K let E denote the homogeneous form of the Weierstrass equation Y
Z
X
a
b
c
Z
let CK and EK denote the set of points in P
K on
C and E respectively Then mutually inverse bijections CK EK are
dened by
U VW
ab
UabcV W V W
XY Z
b
X Y abcZ Y abcZ
in which O EK corresponds to CK
Thus Fermats last theorem for exponent ie Eulers result that U
V
W
has only the three solutions in P
Q in which one of U VW is
is equivalent to jEQj where E in ane form is y
x
This will
come out as an example of &descent in Corollary
Selmer curves will serve as important examples of various topics later in
these notes For example aU
bV
cW
will be seen to be a torsor
of U
V
abcW
The latter curve has the rational point U VW
and so is an elliptic curve in the sense of the second denition of x
and in fact is the Jacobian of the former curve as will be explained later For
now we mention
z
Proposition If
au
bv
cw
then
r
s
abct
where
r bc
v
w
c
w
b
cv
w
b
v
s bc
v
w
c
w
b
cv
w
b
v
t uvw
b
v
bcv
w
c
w
If abcuvw the only case of interest and abc is not a cube then t
thus by the previous corollary the elliptic curve
y
x
a
b
c
has the nonO point
x
b
v
bcv
w
c
w
u
v
w
z
See also Proposition and its corollary in the next section which apply in particular
to Selmer curves
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
y
b
v
b
cv
w
bc
v
w
c
w
u
v
w
The statement t is a consequence of the implication au
bv
cw
and b
v
bcv
w
c
w
a
u
au
bv
cw
bcv
w
The verication of the equation r
s
abct
is a simple computer exercise
However we should indicate how the formulas for r s t were obtained here we
are guided by Cas p
x
To obtain these formulas we work in a eld of characteristic containing
the quantities a w and also a primitive cube root of unity Let
au
bv
cw
au
bv
cw
so that
au
bv
cw
Hence the points P and P
where uvw lie
on the curve R
S
abcT
By Proposition b the line joining
P and P
meets this curve in a third point Q and we expect that point to be
rational ie not involving because if denotes the automorphism sending
and leaving a w xed we can take the latter as transcendentals
subject only to the relation au
bv
cw
then P and P P
are
conjugate
Calculation shows that the third point Q r s t is given by the formu
las in the proposition Starting with other P and
corresponding P
P
does not lead to anything
essentially new only to one of Q s r t
A famous example of Selmer is that
U
V
W
has no points in P
Q in other words the equation has no solution in ra
tional numbers other than For if there were a solution then by the
proposition the elliptic curve
y
x
would have a point dened over Q distinct from O which is not the case But
the proof of the last statement must wait until Corollary
x
A more natural but more complicated way of obtaining the formulas will be explained
in x using multiplication by
-
CUBIC TO WEIERSTRASS NAGELLS ALGORITHM
Example Desboves curves
By a Desboves curve we understand a homogeneous cubic equation of the
form
aU
bV
cW
dUVW
or an ane version of such an equation We chose this name for this class of
curves because of the historical reference Des brought to our attention in
Cas p references to related work by Cauchy and others are given in
Dic vol chXXI Selmer curves are included as the particular case d
Proposition Let the Desboves curve
au
bv
c duv
be dened over the eld K of characteristic and assume permuting a b c
if necessary that
abc where abc d
and
p
cb K
Then by Nagells algorithm this curve is birationally equivalent to
y
x
d
x
dx
x
dx
Remark The transformation equations between u v and x y are somewhat
lengthy and for that reason are not included in the statement of the proposition
Proof The proof proceeds as in the case of Selmer curves except that now
s
d and s
d e
again so no transformation is needed in step and
e
c The rest is calculation
We quote Desboves formulas Once again the verication is a computer
exercise and as in the special case of Selmer curves the underlying idea is
that in P
a line meets a Desboves curve in three points provided these points
are counted with the appropriate multiplicities this includes the case of a line
tangent to the curve when two of the points are coincident
Proposition Let P x
x
x
be a point on the Desboves curve
a
X
a
X
a
X
dX
X
X
D
dened over a eld of characteristic Then the third point of intersection
t
t
t
of the tangent line at P has coordinates
t
j
x
j
a
j
x
j
a
j
x
j
subscripts taken mod
If Q y
y
y
is another point on the curve then the third point of inter
section z
z
z
of the line joining P and Q has coordinates again subscripts
are taken mod
z
j
x
j
y
j
y
j
y
j
x
j
x
j
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
The following corollary is due to Hurwitz Hur
Corollary Let S be the set of points in P
Q on the Desboves curve D
where a
a
a
d are integers and the a
j
are positive distinct and squarefree
Then S is either empty or innite In fact if P
S then all the points in the
sequence P
P
are distinct where P
n
is the third point of intersection of
the tangent at P
n
Remarks There is no real loss of generality in assuming that the a
i
are
positive since X
i
can be replaced by X
i
Equations where an a
i
are
trivially solved Hurwitz Hur p and Mordell Mor p make the
additional and apparently unnecessary assumption that the a
i
are coprime
See Corollary where the present corollary is reinterpreted
Proof The assumptions on the coecients ensure that a
a
a
d
Let P
x
x
x
where x
j
Z and gcdfx
j
g and let P
t
t
t
t
t
t
where the t
j
are given by the formulas in the propo
sition and t
j
t
j
k where k gcdft
j
g Thus gcdft
j
g The result will
follow from the strict inequality jt
t
t
j jx
x
x
j
First we note that the x
j
are coprime for if the prime p divides x
and
x
say then p
jx
and D implies p
ja
contrary to the assumption that the
a
j
are squarefree Second the x
j
are nonzero for if x
say then x
x
being prime to x
are and D implies a
a
which contradicts the
assumptions that a
a
are positive and distinct Applying this result to P
shows that no t
j
Let us write the formulas as t
j
x
j
u
j
We wish to prove that for all j
kju
j
so that t
j
x
j
u
j
where u
j
u
j
k For then since
P
u
j
therefore
P
j
u
j
hence not all u
j
can be ie at least one ju
j
j which gives
the result
Suppose then k
ju
This means that for some prime p if vn denotes the
exponent of p in the unique factorization of a nonzero integer n we have
vk vu
Since k jt
x
u
therefore vx
and vx
vx
It follows that
vt
vu
va
x
a
x
Since a
is squarefree this implies
va
hence
Similarly va
and therefore vu
va
x
a
x
Thus and
are in conict
As an exercise Silverman proposes Sil p the determination of those
a
d for which S is not empty The double asterisk on the exercise means
in this case that it is a highly unsolved problem
-
CUBIC TO WEIERSTRASS NAGELLS ALGORITHM
Example Intersection of quadric surfaces
A conic or conic section in P
is the set of points satisfying an equation
Q where Q is a homogeneous quadratic polynomial in the three coordinates
The analogous denition in three dimensions is a quadric surface in P
is
the set of points satisfying an equation Q where Q is a homogeneous
quadratic polynomial in the four coordinates In this section we assume that
the characteristic is di!erent from and the coordinates of a point in P
will
be denoted U VWX
In general the intersection of two quadric surfaces in P
K is an elliptic
curve provided the intersection has at least one rational point There are ex
ceptions of course for example the intersection of two spheres is a circle Apart
from the exceptions the intersection can be transformed into a plane cubic with
a rational point as we will explain and then Nagells algorithm can be applied
However in certain cases an ad hoc approach that avoids Nagells algorithm
can be quicker and easier Let us begin with such an example
y
Consider the intersection I of the two quadrics Q
and Q
given by the
equations
Q
U
V
kX
Q
W
V
kX
where k is a nonzero parameter Eliminating the kX
term we obtain
U
W
V
which can be interpreted as the equation of a conic C in the the plane P
coordinatized by U VW The curves C and I cannot be identied because for a
given point U VW on the conic there are generally two values ofX determined
by kX
V
U
W
V
One says that U VWX U VW denes
a covering of degree
The conic C contains the rational point U VW Now as a
general remark a conic with a rational point P can be rationally parametrized
The idea is simply this because the equation of the conic is quadratic a general
line through P will intersect the conic in exactly one other point and that point
will also be rational The other point will coincide with P in the special case
when the line is tangent to the conic As a practical matter one usually reverts
to convenient ane coordinates
In the present case it is natural to dehomogenize at V we dene
u UV and w WV so our conic is u
w
with rational point uw
The general line through is given by the equation u tw
where t is a parameter Substituting u tw into the equation of the
conic we obtain a quadratic equation for w One solution is of course w
y
I am indebted to Peter Russell for help here and in general for help with algebraic
geometry in this section and elsewhere
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
the other is
w
t
t
t
hence u
t
t
t
Thus U VW t
t t
t
t is a parametrization of the
points on the conic and I is given by the equation
kX
V
U
W
V
t
t
We can tidy this up by substituting X yk
t xk
E y
x
k
x
In terms of these new coordinates this elliptic curve is the intersection of Q
and Q
Exercise Using the transformations above set up explicit mutually inverse
bijections
IK EK
Thus IK becomes an elliptic curve by transport of structure You may nd
it more convenient to work with projective coordinates the lines in P
that
pass through are sUV tW V where s t P
is a parameter
the second point of intersection with C is
s
st t
s
t
s
st t
Then E should be written in homogeneous form y
z x
k
xz
Now let us consider the general case of the intersection of two quadrics The
ideas for this discussion are taken from Cassels Cas
By a translation we can suppose that the intersection I of the two quadrics
Q
and Q
contains the point P
Then the equations for the
quadrics can be written as
Q
AX B Q
CX D
where A C are linear and B D are quadratic in U VW Eliminating X from
the two equations produces
AD BC
which is a homogeneous cubic in U VW Let I
denote I with the point P
removed and let E denote the curve in P
dened by the above cubic Then
U VWX U VW denes a map f I
E
Let us suppose rst that A and C are linearly independent that is neither
is a constant times the other Then the two lines in the U VW plane described
by A and C intersect in a unique point P
and this point lies on E
Let E
denote E with the point P
removed For each point U VW on E
-
SINGULAR POINTS
the equation for either Q
i
uniquely determines a value for X hence a point
f
U VW U VWX on I
The map f
E
I
is inverse to f
By extending the denitions by fP
P
and f
P
P
it follows that f
and f
are coverings of degree the curves I and E are identical as abstract
algebraic varieties E is thus a plane cubic with a rational point P
and Nagell
can be applied of course it may still turn out during the algorithm that E is
not elliptic
In the case that A and C are linearly dependent say C cA by subtracting
c times the equation for Q
from that of Q
we can suppose that C Then
the equations dening I are AXB and D hence we can suppose that
A otherwise I is a union of lines The equation AD shows that E is a
reducible curve it contains the line A as a component Similarly if B and
D are linearly dependent Also X BA D displays I as a degree
cover of the genus curve dened by D hence I is a curve of genus
not an elliptic curve The algebraic geometry background needed to esh out
these statements will be given later
Example The sphere U
V
W
X
and the ellipsoid
U X
V
W
X
share the point P The transforma
tion U U
X
V V
X
W W
X
X X
gives P the coordinates
Taking the point on the cubic we are not obliged to take
P
given by A C as for the quartic equations in Propo
sition we will explain later that starting with di!erent rational points in
Nagells algorithm yields isomorphic Weierstrass equations Nagells algorithm
yields we omit the details
E y
x
x
x
The reader may also wish to verify that the points and on E cor
respond to the points and on the intersection
Singular points
Consider a homogeneous polynomial F F X
X
n
KX
X
n
of
degree d The Taylor expansion can be written as
F X
X
n
n
F
F
where F
i
F
i
n
is homogeneous of degree i in the s each coecient
of which is homogeneous of degree d i in the X s Thus F
F X
X
n
and
F
n
X
i
a
i
i
where a
i
F
X
i
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
There is no problem with &factorials in the denominators since the Taylor ex
pansion is the polynomial over K obtained by substituting X
i
i
for X
i
in F
However if charK then one can write as in the classical Taylor expansion
F
n
X
ij
a
ij
i
j
where a
ij
F
X
i
X
j
and analogously for higher F
i
Recall
Eulers Theorem For i
F
i
X
X
n
d
i
F X
X
n
Remark If we add up these equations we obtain the identity
F X
X
n
d
F X
X
n
X
i
d
i
F X
X
n
Usually the theorem is stated in the form for i
X
X
s
X
s
i
k
F
X
s
X
s
i
dd d i F
where the sum is over all ituples s
s
i
The sum on the left is
iF
i
X
X
n
the statement in the text is superior when charK i
Corollary If F c
c
n
then F
i
c
c
n
for i
Consider the variable case F F XY Z and the corresponding plane
projective curve C ZF See x We write for
The
order of a point P X
Y
Z
C is the minimal i such that F
i
is not
identically as a polynomial in If i then P is an ordinary or
nonsingular point while if i then P is a singular point or a singularity
of order i The polynomial F or the corresponding curve C is nonsingular or
smooth if it has no singular points dened over an algebraic closure of K and
therefore in fact none dened over any extension of K by Proposition c
Proposition Let F F XY Z be a nonzero homogeneous polynomial
If F is nonsingular then it is absolutely irreducible ie irreducible over K
Proof Let F GH where G andH are homogeneous of positive degree dened
over K and let P be a point of intersection on the curves corresponding to G
-
SINGULAR POINTS
and H Proposition c Then F
X
GH
X
G
X
H vanishes at P and
similarly for the other variables Thus P is a singular point of F
Let P X
Y
Z
be a point of order i on F The tangent cone
at P is
ZF
i
f P
F
i
g
By the previous corollary the tangent cone contains the point P It can be
shown that over K F
i
is a product of i linear forms aX bY cZ each
satisfying aX
bY
cZ
thus the tangent cone consists of i lines through
P possibly some coincident called the tangent lines at P
It is much easier to calculate these tangent lines in ane coordinates as
follows E!ect a linear change of coordinates so that P Then in
terms of x XZ y YZ
Z
d
F XY Z fx y f
i
f
i
where f
j
is homogeneous in x y of degree j It can be shown that i
i the
order of P that f
i
is the product of i linear factors of the form ax by and the
tangent lines are aX bY
In the case of an ordinary point P on C when i there is a unique
tangent line through P namely
a
X
X a
Y
Y a
Z
Z where a
X
F
X
X
Y
Z
etc
A point of order with distinct tangents is called a node while a point of
order with coincident tangents is a cusp The appearance of a node and a
cusp in the real case are shown on the following interleaf
Examples
The point at innity on the curve dened by the Weierstrass
equation F Y
Z a
Z
is always nonsingular since
F
Z
Y
a
XY a
Y Z a
X
a
XZ a
Z
has the value at that point The other two derivatives are there so
the tangent line is Z Thus to locate any possible singularities on the
Weierstrass form we can use the ane version
y
x
ax
has a singularity of order at x y
f
y
ax
y
p
axy
p
ax
and so the tangents there are X
p
aY Thus is a node if a
with irrational tangents if
p
a K and a cusp if a
On F Y
Z X
XZ
P is an ordinary point and the
tangent there is X If charK then is singular with F
hence is a cusp with tangent X Y Z
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Let K Q and
F X
X
Y XZ
Y
Z
Substituting X Y Z in the Taylor expansion of F we nd that
F
F
and
F
L
L
where L
p
p
Thus P is a node on F with tangent lines L
XY Z
Alternatively take the ane equation
fx y x
x
y x y
Now P has coordinates x y and
f l m f
f
where f
l
l
mm
and f
l
lm m
l
p
ml
p
m
It is comparatively easier to nd the factors of f
than F
Substituting x
XZ y YZ in the equations of the tangent lines x
p
y
a brief calculation shows that they give the same lines as L
Proposition For any eld K and any a
a
K
F Y
Z a
XY Z a
Y Z
X
a
X
Z a
XZ
a
Z
is irreducible even if
Proof Suppose F GH is a nontrivial factorization say
G aX bY cZ
Substituting Z in F GH yields X
aX bY G hence a Now
substituting X cZa yields
Y
Z dY Z
eZ
for certain d e K which is an impossible identity
-
SINGULAR POINTS
Proposition The Weierstrass equation is singular i and then
there is a unique singularity of order as follows
If c
there is a Krational node at the point with coordinates
x
b
b
b
c
y
b
b
b
c
a
x
a
if charK
a
a
a
a
if charK
where
b
a
a
a
a
b
a
a
a
a
a
The two tangents are given in terms of the parameter t by x x
t
y y
t for the two distinct roots of the separable polynomial
a
x
a
When char K these are
a
c
p
c
c
c
If c
there is a cusp at the point with coordinates
charK x
p
a
y
p
a
a
a
charK x
p
a
a
y
a
x
a
charK x
b
y
a
x
a
The cusp can be irrational only when K is an imperfect eld of charac
teristic or The unique tangent line is x x
t y y
t where
p
a
p
a
when charK and a
otherwise
In either case
f
x
a
y
x
a
x
a
f
y
y
a
x
a
A singular Weierstrass equation remains singular over every eld extension
K
K moreover the nature of the singularity node or cusp is constant
Proof Since the proof is by straightforward calculation we only give a sketch
First let charK Then as detailed above a linear change of the ane
coordinates which clearly does not a!ect the occurence of singularities
allows us to take the simple form
f
c
c
f
f
c
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
If these three quantities are then
p
c
c
p
c
hence
and the Taylor expansion reduces to
f
p
c
p
c
Thus the singularity is of order and the number of tangents is or according
as c
or c
Secondly let charK Then b
a
b
a
a
c
a
so c
i!
a
A singularity will be at a common zero of
f y
a
xy a
y x
a
x
a
x a
f
x
a
y x
a
f
y
a
x a
If a
then in order that f
y
we have a
hence and we
nd x
p
a
y
p
a
a
a
The Taylor expansion of fx
y
works out to
p
a
p
a
so the singularity is a cusp
If a
then x a
a
so that f
y
which is the value in characteris
tic stated by the proposition for x
in the node case and y a
a
a
a
so that f
x
The condition that f works out to and the Taylor
expansion is
a
a
a
a
Thus the tangent slopes are the roots of
a
a
a
a
and a
guarantees that they are distinct ie the equation is separable
The case of characteristic is just as straightforward
Example No E
Z
has or
Let E be dened over Z ie all the Weierstrass coecients a
i
Z this is
indicated notationally byE
Z
Since is a polynomial in the a
i
with coecients
in Z therefore Z When we interpret the a
i
mod p to obtain a Weierstrass
equation over the pelement eld F
p
the discriminant is mod p Thus by the
previous proposition the mod p equation gives an elliptic curve when p is not
a divisor of We now prove that this fails for at least one p
Proposition Tate cf Ogg
Let the elliptic curve E be dened over Z Then is neither nor
More generally does not have the form
where is a nonzero integer all of
whose prime divisors are mod
-
SINGULAR POINTS
Proof Suppose E
Z
has
with as described in the proposition in
particular mod Let v
p
n denote the exponent of a prime p in the
unique factorization of a nonzero integer n
If a
is even then by the formulas in x v
b
v
b
v
c
hence from
c
c
since is odd we have v
c
say c
c Then implies the impossibility
c
mod
Therefore a
is odd hence b
is odd and c
b
b
mod Substi
tuting x c
and y c
in gives
y
xx
x
xQ say
where x mod in particular x Since Q x
it
follows that x y
Q Thus
x
Y
p
p
Y
q
q
where p runs through the prime divisors of gcdx and q through any remain
ing prime divisors of x Since v
q
Q each
q
v
q
y
is even and by
assumption each p mod Hence x
or mod which contradicts
x mod
The following examples show the need for the assumption on the divisors
of
y
y x
x
x
B
y
y x
A
y
x
x
A
y
y x
x
x
C
y
xy x
x
x
A
y
y x
x
x
A
For a given number eld K a natural question is whether there exist E
dened over the ring of integers of K with a unit Stroeker Str has proved
that this does not occur when K is imaginary quadratic but we must postpone
the proof Unit do occur over real quadratic elds Tate gave the example
cf Ser p
y
xy
y x
p
is in fact the fundamental unit of Q
p
and several others occur in the
table in x
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
It is a triviality to nd E dened over the ring of integers of a number eld
with For example y
a
xya
x
has a
a
a
choosing
a
and a
p
yields However I do not know of an example of
or over a quadratic eld Here is an example over the biquadratic
eld Q
p
p
which contains
p
p
p
p
y
p
p
xy x
x
p
x j
Ane coord ring function eld generic
points
We use the abbreviation UFD for unique factorization domain Recall BAC
p that if A is a UFD then so is the polynomial ring Ax It follows that
Zfx
i
g and Kfx
i
g K any eld are UFDs for an arbitrary set of indetermi
nates ie independent transcendentals
Let S and T be independent transcendentals over the eldK let a
a
K and let
fS T T
a
ST a
T S
a
S
a
S a
Lemma The principal ideal fS T in the polynomial ring KS T is
prime
Proof We must prove that f is irreducible If f gh then by substituting
S XZ T YZ and multiplying by Z
we get a factorization F GH of
homogeneous polynomials The result follows by Proposition
Thus
A KS T fS T
is an integral domain even if Writing x and y for the residue classes
of S and T mod fS T we have
A Kx y
The equation fS T denes a curve E in the S T plane but it is cus
tomary to replace S and T by x and y and say that E is given by fx y in
the x yplane That is x and y stand for a pair of independent transcendentals
and also for a pair of variables related by the equation fx y This mild
ambiguity causes no problems in practice
The integral domain A is the ane coordinate ring of E and its quotient
eld L Kx y is the function eld of E The eld L can also be described
as the quadratic extension Kxy of the rational function eld Kx dened
by the polynomial fx y which is quadratic in y alternatively L Kyx
is the cubic extension of the simple transcendental extension Ky of K When
-
THE GROUP LAW NONSINGULAR CASE
both the quadratic and cubic extensions are separable though in general
the cubic extension is not Galois For if L is an inseparable extension of Kx
then char K and f
y
y a
x a
ie a
x a
which implies
a
and a
and then one calculates b
leading to similarly
for the cubic extension
The subeld K of L is called either the ground eld which emphasizes
that K is the eld containing a
a
that we started with or the constant
eld or eld of constants which emphasizes the fact that K is algebraically
closed in L
Let EK denote the set of points a b onE dened overK that is a b K
and fa b together with the one point O at innity As explained in
Proposition if there is exactly one singular point which is never
O while if then E is nonsingular and is by denition an elliptic curve
If K
is any extension eld of K then we can regard E as being dened over
K
and so EK
is dened In particular x y EL since the point x y
satises fx y by denition
Now for each nonzero point a b EK we have a Kalgebra homo
morphism A K dened by x a and y b Thus every nonzero point of
EK is obtained by specializing the values of x and y and for this reason x y
is called a generic point We could include O by taking a projective generic
point XY Z satisfying the projectivized Weierstrass equation F XY Z
should the need arise
When several generic points x
y
x
y
are needed take the eld
Kx
y
x
y
where x
x
are independent transcendentals and each
y
i
denes a quadratic extension by the equation fx
i
y
i
The group law nonsingular case
The set of points EK on an elliptic curve has a natural structure of an abelian
group This has a simple geometric description when E is a nonsingular plane
cubic with a rational point O for example when E is given by a Weierstrass
equation with and O is the point at innity a nonWeierstrass example
is the Fermat curve X
Y
Z
with O The description
depends on the fact that a line in P
meets a cubic in points when the points of
intersection are properly counted as described in x In this section the details
will become clear for the Weierstrass equation by direct algebraic calculation
But rst we describe the geometric construction of the group operations for the
general nonsingular cubic
Let O be the chosen point in EK and let the tangent at O meet E in
the third point O
Note that O
O i! O is a ex this is the case for
the Weierstrass equation since the line at meets E only at O Now let
PQ EK and let the line joining P and Q meet the cubic in the third point
R or even of these points may coincide The third point of intersection
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
of the line joining R and O is dened to be P Q the third point on the line
joining P and O
not O unless O is a ex is P and O is the zero of the
group These constructions are illustrated in a real example on the following
interleaf
As an exercise the reader may note that when O is a ex every ex F satises
F F F It is a fact that a nonsingular cubic over an algebraically closed
eld of characteristic has exactly exes
Proposition Let C be a nonsingular cubic dened over the eld K and
let O CK
a With and as described above CK is an abelian group with neutral
element O
b If O
O
CK and for i CK
i
denotes the group determined
by choosing O
i
as neutral element then a group isomorphism CK
CK
is dened by
P P O
where denotes addition in CK
The associative law and statement b are not obvious from the geometric
denitions Since they will become transparent after we discuss divisors in
Chapter for now we leave the proof to the reader as an arduous computer
exercise For a direct proof see Knap
As an example we reconsider the curves of Corollary
Corollary Let C denote the plane cubic curve
a
X
a
X
a
X
dX
X
X
where a
a
a
d are integers and the a
j
are positive distinct and squarefree
Then C is nonsingular hence absolutely irreducible
Suppose the set CQ of rational points on C in P
Q is nonempty say
O CQ With O as neutral element the group CQ contains at least one
point O
of innite order namely the third point of intersection with C of the
tangent at O In particular O
O and it follows that none of the exes is
rational over Q
y
Proof Suppose P X
X
X
is a singular point dened over Q Then
dX
X
X
a
i
X
i
i
It follows that X
X
X
hence within a common factor X
i
p
a
i
from
which one obtains a
a
a
d
But the last equation is not allowed by
the assumptions
y
This is also obvious by direct calculation if H denotes the Hessian determinant of
F a
X
dX
X
X
then the exes are the points of intersection of the curves F
and H They are
p
a
p
a
etc points in all
-
THE GROUP LAW NONSINGULAR CASE
Now let P
be any point in CQ and let P
be the sequence described
in Corollary The geometric construction of addition shows that
P
P
O
or P
O
P
hence P
O
P
O
P
etc
Solving the recurrence we nd
P
n
n
O
n
P
In particular by Proposition the sequence
O
n
n
O
consists of distinct points and therefore O
has innite order
With O CQ as in the corollary one might jump to the false conclusion
that the group CQ is torsionfree as did Selmer at the beginning of Sel
and Cassels Casp but none of their subsequent statements are in
validated An example is the curve u
v
uv with O
and point of order alternatively with O and of order
This example is plotted on an interleaving sheet
y
Some similar examples are
u
v
uv with points and u
v
uv
with u
v
uv with In Chapter
we will see that for elliptic curves as in the corollary and with a rational point
the order of the torsion subgroup is one of and is in the Selmer
case d However I have been able to nd examples only of orders and
We now describe algebraically the group operations for a Weierstrass equa
tion Since O is going to be the group and since it is the only point at
we can conne our description of P
and P
P
to ane coordinates let
P
i
x
i
y
i
The line x x
contains the point P
and considering its pro
jective version X x
Z it also contains O Thus P
is the third point of
intersection which therefore has xcoordinate x
and it remains to calculate
the ycoordinate When we substitute x
for x in the Weierstrass equation we
obtain a quadratic equation for y
y
a
x
a
y x
a
x
a
x
a
The sum of the roots is a
x
a
and one root is y
hence the other root
which is the ycoordinate of P
is a
x
a
y
y
We note that the locus of a real projective cubic curve is never contained in an ane
part of P
R ie the graph is never nite as is the case for example with ellipses since a
cubic polynomial with real coecients has a real root and therefore the line at innity always
intersects the cubic in a real point
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Next let us calculate P
P
P
x
y
If x
x
ie P
P
then
the line joining P
and P
is y y
x x
where y
y
x
x
Substituting this expression for y into the Weierstrass equation gives a cubic
equation for x whose three roots are x
x
x
Identifying the sum of the roots
with the negative of the coecient of x
yields x
x
x
a
a
and putting this into the equation of the line gives the ycoordinate of P
from
which we nd y
y
x
x
a
x
a
There remains the case P
P
which is treated similarly where now y
y
x x
is the tangent line We leave to the reader the calculation of
as well as a few other details in the following proposition
Notation For any abelian group A and m Z m denotes the endomorphism
multiplication by m and Am denotes kerm if m
is a divisor of m then Am
is a subgroup of Am When m the elements of Am not in Am
for
any proper divisor m
of m are called mdivision points For example for
P EK we have P P and the division points dened over K are
those P O satisfying P P P O As will be explained in detail in
x there are only nitely many mdivision points dened over any extension
eld of K and adjoining the x and y coordinates of all these points gives a
nite extension of K called the mdivision eld of E The usual Weierstrass
coordinates of a point P EK are denoted xP and yP This notation
is extended to any function f of x and y fP simply means the value of f
when the coordinates of P are substituted for x and y Thus maintaining the
notation introduced in x when charK
P yP a
xP a
Proposition For points on an elliptic curve in Weierstrass form we have
x
y
x
y
a
x
a
Hence the points of order in the group are as follows
charK if a
equivalently j there are no points of order
if a
there is a unique point of order possibly quadratic over
K
a
a
a
q
b
a
a
a
O
charK there are exactly points of order possibly some
irrational over K x x
i
where x
i
runs through the three
roots of
x
b
x
b
x
b
For x
y
x
y
we have the addition law
x
y
x
y
x
y
-
THE GROUP LAW NONSINGULAR CASE
where
x
x
x
a
a
y
y
x
x
a
x
a
and
y
y
x
x
if x
x
x
a
x
a
a
y
y
a
x
a
if x
x
Hence
x x y
x
b
x
b
x b
x
b
x
b
x b
When charK
y x y c
y c
a
x a
where
c
a
x
a
b
a
b
c
x
a
x
b
a
b
x
b
a
b
x
b
b
a
b
b
x b
b
b
a
b
When charK
x fx
where fx
x
b
x
b
x
b
x
b
x
b
b
b
b
x b
b
b
There is a special case of the duplication formula that we record in a corollary
for future reference
Corollary If charK and
y
xx
ax b
then
x y
x
b
y
x
bx
ax
bx
abx b
y
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
Many numerical examples of adding points are given in the standard texts
We content ourselves with the following four
Example Let K Qt be a simple transcendental extension of the
rational eld Then on
y
x
tx
tx
one calculates
y
t
t j
t
t
t t
O
t
t
t
t
a
d
abd
where a t
t b t
t
t
t and d t t
Example For the twisted Fermat curve u
v
a y
x
a
x au v etc introduced in Corollary we nd
u v v u
by transforming to x y coordinates doing the calculation then transforming
the result back to u v coordinates Similarly one can give rather complicated
formulas for u v and the addition of two points Alternatively one can work
directly in u v coordinates using the geometric constructions The plot on the
following interleaf shows
O
on the &taxicab curve the case a
Example The generic Rexample is depicted in the diagram The
equation of the horizontal line is y a
x a
and the line joining
a point P with O is the vertical line through P Let us denote the connected
component of O by C
it is the part on the right passing through P
The second
real component C
the dotted oval part is present when then C
is a
subgroup of index in ER and C
is a coset Thus P C
P C
The
real points of order are P
and if P
and P
The points of order as
indicated in the diagram are Q and Q the real exes are OQ As we will
see in Proposition the point P x y satises P O i! x is a root of
a certain th degree polynomial
x An easy Sturms theorem calculation
cf Con p shows that
always has exactly real roots One of
y
Actually a
p
e
cs made these calculations see the appendix to this chapter
-
THE GROUP LAW NONSINGULAR CASE
these roots gives two corresponding real values of y hence the points Q but
the values of y corresponding to the other real root x are always nonreal
Example On the next interleaf a particular real case is plotted actually
one dened over Q which we have deliberately chosen with a
to illustrate
the fact that the change from x y to x coordinates given by y
a
x a
is not orthogonal Therefore the xaxis symmetry illustrated in
the previous gure is now skewed But notice that a point P and its negative
are still joined by a vertical line and in particular the tangents at points of
order are vertical
When charK the xcoordinates of the division points are the roots of
fx x
b
x
b
x
b
Since charK this polynomial is always separable over K for it could be
inseparable only if charK and b
b
but then
Let e
i
i denote the roots and let K
denote the division eld
Ke
e
e
Since is times the polynomial discriminant of fx and
by standard eld theory the possibilities are as follows
all three e
i
K K
K
just one e
i
K K
is quadratic over K
no e
i
K and is a square in K K
is Galois cyclic order over K
no e
i
K and K
K
is Galois over K with group S
the symmetric
group of order
The possibilities are illustrated by the following three examples over Q
y
xy y x
x
x
E
y
xy y x
x
x
F
-
CHAPTER INTRODUCTION TO ELLIPTIC CURVES
y
x
x
x
A
The number of division points dened over Q is respectively In fact
one can determine by methods to be described later that the group of rational
points in these cases is as follows C
n
denotes the cyclic group of order n and
the coordinates are x y
EQ C
C
fO g
FQ C
fP P P
P P P
P P Og
AQ C
h i
The group orders jEQj and jFQj namely and are interchanged in
table of AntIV remarkably this is the only misprint that has come to light
in this manually typed catalog
Halving points
Division by is naturally a tad more complicated than multiplication by
Proposition Let E be an elliptic curve dened over the eld K let
charK and let the xcoordinates of the division points be e
i
i
in a separable algebraic closure K
s
of K
a Let Q EK Q O Then there exists P EK such that P Q
i i xQe
i
is a square in Ke
i
When these three conditions are satised
let xQ e
i
i
where the
i
are chosen so that
i they are algebraically compatible ie GalK
s
K e
i
e
j
i
j
and
ii so that Q
z
Then all the solutions P are given by
xP xQ
P mxP xQ Q
where m
Thus the equation of the line in the x plane that
is tangent to E at P and passes through Q xQQ is
mx xQ Q T
z
If all e
i
K then condition i imposes no condition while if Q itself is a point of order
then one of the is and condition ii imposes no condition
-
THE GROUP LAW NONSINGULAR CASE
a
Was Prop An alternative rational criterion the solutions of
P Q as in a are in correspondence with the roots in K of the polyno
mial Quar
Q
m dened in x For each root m the corresponding point P
has coordinates
xP m
b
xQ P mxP xQ Q
and T is the equation of the tangent line at P
b In the quadratic case that is when one e
i
K and the other two are
conjugate quadratic over K there are simpler rational criteria for the existence
of P as follows
y
Replacing x by x e
i
the equation takes the form
y
xx
ax b where d a
b K
so e
e
a
p
d e
e
a
p
d
Then P exists i
when Q
i b K
say b r
and
ii one of a r K
choosing the sign of r so that a r p
the two solutions are
rrp
when Q s t s
i s K
say s r
and
ii one of q
s a tr K
choosing the sign of r so that q
p
the two so