Algebraic Curves and Codes Ivan Soprunov · 2014-11-07 · Algebraic Curves and Codes Ivan Soprunov...

Algebraic Curves and Codes

Ivan Soprunov

Department of Mathematics, Cleveland State University, 2121 Eu-clid Ave, Cleveland OH, USA

E-mail address: [email protected]

2010 Mathematics Subject Classification. Primary

Abstract.

Contents

Preface vii

Chapter 1. Introduction to Coding Theory 11.1. Basic Definitions and First Examples 11.2. Dual Codes 71.3. Reed–Solomon Codes: Two constructions 91.4. Cyclic Codes 121.5. Asymptotic of Codes 14Exercises 19

Chapter 2. Algebraic Curves 232.1. Fields and Polynomial Rings 232.2. Affine and Projective Curves 332.3. Tangent Lines and Singular Points 402.4. Bezout’s Theorem and Applications 452.5. The Genus of a Curve 55Exercises 63

Chapter 3. The Riemann–Roch Theorem 673.1. Functions and Local Rings 673.2. Divisors 743.3. Differential Forms 793.4. The Riemann–Roch Formula 833.5. Elliptic Curves 89Exercises 95

Chapter 4. Curves over Finite Fields 974.1. Curves over non-algebraically closed fields 974.2. The Zeta Function 994.3. The Hasse–Weil Bound 994.4. Hermitian Curves 99

Chapter 5. Algebraic Geometry Codes 1015.1. The L-construction 1015.2. The Ω-construction 1015.3. Duality 1015.4. (Quasi-)Self-Dual AG codes 1015.5. Asymptotics of AG codes 101

v

Preface

vii

CHAPTER 1

Introduction to Coding Theory

The theory of error-correcting codes is a rapidly growing branch of Informationtheory. It employs various methods in modern mathematics ranging from proba-bility and analysis to combinatorics and algebra. We will be studying methods ofalgebraic geometry (algebraic curves) in the theory of error-correcting codes. Thisis motivated by a recent discovery of algebraic geometry codes whose asymptoticbehavior turned out to be better than of any previously known codes. What thisreally means we are going to find out in Section 1.5 and Section 5.5.

1.1. Basic Definitions and First Examples

The main problem in information theory is that data gets corrupted whentransmitted. Digital data is a (very long) sequence of 0’s and 1’s, called bits. Whena bit gets flipped (from 0 to 1 or vice versa) we say there is an error in this bit.Our goal is to (a) detect and (b) correct possible errors in data transmission. Thebasic idea in achieving this goal is adding redundancy to the data.

The following is a basic scheme of error correction:

message −→ encoded message −→ corrupted message −→ message

In the first step we add redundancy, in the second step the transmitted messagegets errors, in the third step we detect and correct errors and remove redundancyto (hopefuly) recover the original message. Here is an example of an error in the3rd place:

0110 −→ 0100

Here is a very simple way to add redundancy.

Example 1.1. Repetition code.

(a) Let us repeat every digit in the message twice:

0110 −→ 00 11 11 00 −→ 00 11 01 00.

Note that after the second step the digits in the third block are not thesame. Hence we can say that there was an error either in the 5th and the6th bit. However, we cannot say for sure whether it was 00 or 11 wentransmitted. Therefore, this code can detect errors, but cannot correctthem.

(b) Now we repeat every digit in the message three times:

0110 −→ 000 111 111 000 −→ 001 111 111 000.

Now we can see that the error occurred in the first block of three. More-over, most likely the 001 came from 000, rather than 111. Therefore, wecan say that this code can detect and correct up to one error per threebits.

1

2 1. INTRODUCTION TO CODING THEORY

In the previous examples we were applying the following maps:

(a)0 → 001 → 11

(b)0 → 0001 → 111

We will call 00, 11 and 000, 111 the sets of codewords for the code in (a) andin (b), respectively.

Question. How many times do we need to repeat each digit to be able tocorrect two errors per codeword?

Answer. Five times. The codewords are 00000, 11111.

More generally, we need to repeat 2m+1 times to correctm errors per codeword.

1.1.1. The 4-7 Hamming Code. The disadvantage of using a repetitioncode is that it is not very efficient. For example, the encoded message in the triplerepetition code takes up 3 times as much space as the original message. We thenwill say that the efficiency of this code is 1/3. The following code will be able tocorrect up to 1 error per codeword, yet will have efficiency 4/7!

Example 1.2. 4-7 Hamming Code. The idea is to encode each block of 4 digitsinto a block of 7 digits in the following way:

a1a2a3a4 → a1a2a3a4a5a6a7,

where

a5 = a1 + a2 + a3 mod 2, a6 = a1 + a3 + a4 mod 2, a7 = a2 + a3 + a4 mod 2.

For example, 0110 → 0110010.

Question. How many codewords does this code have?

Answer. Same as the number of blocks of length 4, i.e. 24.

The correction can go as follows: for every received word look at the closestcodeword, i.e. the one that differs from the word in at most one place (we’ll say“one flip away”).

Proposition 1.3. The 4-7 Hamming code has the following properties.

(1) It can correct up to 1 error per codeword,(2) It has efficiency 4/7,(3) Every received word can be corrected.

Proof. We will prove (1) later. The idea is that you need at least 3 flips toget from one codeword to another. Part (2) is true since we need 7 bits for every4 bits of the message. For part (3) note that for every codeword there are 7 wordsthat are one flip away from it. Also no word can be one flip away from two distinctcodewords, by part (1). Hence the total number of words that can be corrected is24 + 7 · 24 = 27, which is the total number of all possible words of length 7.

1.1. BASIC DEFINITIONS AND FIRST EXAMPLES 3

1.1.2. Using Linear Algebra. We will now use linear algebra over the field oftwo elements F2 = 0, 1. We will look at finite fields more closely in Section 2.1.1.Right now all we need to remember is that all operations (addition, multiplication,division) are modulo 2. Let us rewrite the definition of the 4-7 Hamming code inmatrix notation. Its codewords (a1, . . . , a7) ∈ F7

2 are computed by the followingformula:

(a1, a2, a3, a4, a5, a6, a7) = (a1, a2, a3, a4)

1 0 0 0 1 1 00 1 0 0 1 0 10 0 1 0 1 1 10 0 0 1 0 1 1

.

Note that we use left multiplication, so our messages are composed of rows of length4 and our codewords are rows of length 7. Let G denote the above matrix. Thenit defines the following sequence of linear maps:

0 −→ F42

G F72

H F32 −→ 0.

This diagram is called a short exact sequence. What this simply means is thatthe map given by G is injective, the map given by H is surjective, and Im(G) =Ker(H). Such H is not unique (we will see later how to find such a matrix), and iscalled a parity check matrix. You should check that the following matrix is a validchoice of H:

H =

1 1 01 0 11 1 10 1 11 0 00 1 00 0 1

.

We will use H for detecting and correcting errors. By construction, the code-words are the elements of Im(G) = Ker(H). Hence c is a codeword iff cH = 0. Nowsuppose x is the word obtained from c by flipping its ith digit. Then x = c + ei,where ei is the ith standard basis vector (remember that this is vector additionmodulo 2). Hence xH = (c + ei)H = eiH, which is the ith row of H. We obtainthe following decoding algorithm:

Input: x ∈ F72

If xH = 0 then Output: c = x

If xH = ith row of H then Output: c = x− ei.

Example 1.4. (a) Let x = (1101000). Then

xH = (1, 1, 0, 1, 0, 0, 0)

1 1 01 0 11 1 10 1 11 0 00 1 00 0 1

= (0, 0, 0).

Thus x is a codeword, and no error occurred. The original message was(1101).


(b) Let x = (1111110). Then

xH = (1, 1, 1, 1, 1, 1, 0)

1 1 01 0 11 1 10 1 11 0 00 1 00 0 1

= (0, 0, 1),

which is the 7th row of H. Hence there was a flip in the 7th place, and thetransmitted codeword was (1111111). The original message was (1111).

(c) Let x = (1000011). Then

xH = (1, 1, 1, 1, 1, 1, 0)

1 1 01 0 11 1 10 1 11 0 00 1 00 0 1

= (1, 0, 1),

which is the 2nd row of H. Hence there was a flip in the 2nd place, and thetransmitted codeword was (1100011). The original message was (1100).

1.1.3. General Definitions. In general, we don’t want to restrict ourselvesto sequences of 0’s and 1’s, we can consider words involving other “letters”. So letus fix a finite set A, called an alphabet. By a word of length n we will mean anysequence of elements of A of length n, i.e. an element of An = A× · · ·×A. In allour later examples, though, A will be a finite field, such as integers mod a primenumber. (More about about finite fields will be in Section 2.1.1).

Definition 1.5. A code C is a subset of An. Its elements c = (c1, . . . , cn) arecalled codewords.

We can define the notion of the distance on the set An. This is a convenientway of measuring how different two words are.

Definition 1.6. The Hamming distance between a and b in An is defined by

dist(a,b) = # of places a differs from b = #i | ai = bi.

Now we will define the main parameters of a code. We set q = |A|, the size ofthe alphabet.

Definition 1.7. Let C ⊂ An be a code. Define

• n to be the length of the code C;• k = log

q(|C|) to be the dimension of the code C;

• d = mindist(a,b) | a,b ∈ C,a = b to be the minimum distance of C.

A code over an alphabet A of size q with parameters n, k, and d will be referredto as an [n, k, d]q-code.

Example 1.8. (a) The triple code: C = (0, 0, 0), (1, 1, 1) ⊂ F32. The

parameters are n = 3, k = log2(2) = 1, and d = 3.

1.1. BASIC DEFINITIONS AND FIRST EXAMPLES 5

(b) The 4-7 Hamming code:

C = (a1, . . . , a7) ∈ F72 | a5 = a1 + a2 + a3, a6 = a1 + a3 + a4, a7 = a2 + a3 + a4.

The parameters are n = 7, k = log2(24) = 4, and d = 3 (as we will see

later).

When studying families of codes with increasing length the following relativeparameters are useful.

Definition 1.9. Let C ⊂ An be a code. Define

• R = k/n to be the information rate of the code C;• δ = d/n to be the relative minimum distance of C.

Note that the information rate measures the efficiency of the code and therelative minimum distance measures the reliability of the code.

Almost all our future results will concern a special class of codes, called linearcodes. In this case we need to set A = Fq, a finite field. Here is the definition.

Definition 1.10. A code C ⊂ Fn

qis called linear if C is a vector space over Fn

q,

i.e.

(1) 0 ∈ C;(2) C is closed under vector addition over Fq;(3) C is closed under scalar multiplication by elements of Fq.

Example 1.11. (a) The triple code:

C = (0, 0, 0), (1, 1, 1) = spanF2(1, 1, 1).

Geometrically, this is a line in the direction of (1, 1, 1) in the 3-dimensionalspace over F2.

(b) The 4-7 Hamming code:

C = (a1, . . . , a7) ∈ F72 | a1+a2+a3+a5 = a1+a3+a4+a6 = a2+a3+a4+a7 = 0.

This is the solution set of a linear system, hence a vector space. Geomet-rically, this is a 4-dimensional subspace, which is the intersection of threehyperplanes in F7

2.

There is no risk of confusing the dimension of a code and its dimension as avector space, as they turn out to be equal.

Proposition 1.12. If C is a linear code then its dimension as a code equals itsdimension as a vector space over Fq.

Proof. Let k = dimFqC. Then we can choose a basis B = v1, . . . ,vk for C.

Every c has a unique representation as a linear combination c = λ1v1+ · · ·+λkvk,for λi ∈ Fq. Thus the number of elements in C equals qk (there are q choices forevery coefficient λi). Therefore, logq(|C|) = log

q(qk) = k, as stated.

Notice that the rows of G from Section 1.1.2 form a basis for the 4-7 Hammingcode.

Definition 1.13. A matrix G whose rows form a basis for a linear code C iscalled a generator matrix of C.

For every codeword in C we can measure its distance to 0. This is called theweight of the codeword. Here is an equivalent definition.


Definition 1.14. Let C be a linear code and c ∈ C a codeword. Define theweight of c as

w(c) = # of non-zero entries in c.

The minimum weight of C is the smallest weight of all non-zero codewords in C.

Proposition 1.15. Let C be a linear code. Then its minimum distance equalsits minimum weight.

Proof. Indeed, we have

d = mindist(a,b) | a,b ∈ C,a = b = mindist(a− b, 0) | a,b ∈ C,a− b = 0

= mindist(c, 0) | c ∈ C, c = 0 = minw(c) | c ∈ C, c = 0.

Here are a few simple examples of linear codes.

Example 1.16. “Trivial” codes:

(a) Let C = Fn

q. Clearly, k = n and d = 1 as (1, 0, . . . , 0) is a vector of smallest

possible weight. Thus, this is an [n, n, 1]q-code. For a generator matrixwe can take G = In, the n× n identity matrix.

(b) Let C = (a, . . . , a) ∈ Fn

q| a ∈ Fq. This is an [n, 1, n]q-code with a

generator matrix G =1 1 · · · 1

.

(c) Let C = (a1, . . . , an) ∈ Fn

q|

n

i=1 ai = 0. Note that no non-zerocodeword can have weight 1, and (1, 0, . . . , 0,−1) is a codeword of weight 2.Therefore, d = 2. We get an [n, n − 1, 2]q-code. For a generator matrixwe can take

G =

1 · · · 0 −1...

. . ....

...0 · · · 1 −1

1.1.4. Spheres and Balls. Let us return to the general situation. Let A bean alphabet and An the set of words of length n. As you can check (see Exercise 1.2)the Hamming distance defines a metric on An. What do spheres and balls in thismetric space look like?

Definition 1.17. A sphere in An with center c and radius r is the set

S(c, r) = a ∈ An| dist(a, c) = r.

Similarly, a ball in An with center c and radius r is the set

B(c, r) = a ∈ An| dist(a, c) ≤ r.

Proposition 1.18. The number of elements in a sphere and in a ball are givenby

(1)

|S(c, r)| =

n

r

(q − 1)r;

(2)

|B(c, r)| =r

i=0

n

i

(q − 1)i.

1.2. DUAL CODES 7

Proof. (1) Since dist(a, c) = r there are exactly r entries where a differsfrom c. To count all such a, first note that there are

n

r

ways to choose r entries

where a would differ from c. Second, at each of these r entries we can place any ofthe q − 1 values for ai that are not equal to ci.

(2) This follows from the observation that B(c, r) is the disjoint union of spheresof radii i = 0, 1, . . . , r.

The following theorem relates the minimum distance of a code to the numberof errors per codeword it can correct.

Theorem 1.19. Let C be a code with minimum distance d. Then C can correctup to

d−12 errors per codeword.

Proof. Consider the ball B(c, r) of radius r around each codeword c ∈ C. Ifr =

d−12 then the balls are disjoint. If there were less than or equal to

d−12

errors in a codeword then the resulting word a belongs to exactly one of the balls.Hence we can recover the codeword by looking at the center of the ball containing a.

1.2. Dual Codes

Recall that for any subspace of a vectors space (equipped with a dot product)we can consider its orthogonal complement. This brings us to the notion of thedual to a linear code.

Let a,b be two vectors in Fn

q. Their dot product is defined by a ·b =

n

i=1 aibi.Note that this is an element of Fq. When a · b = 0 we say that a and b areorthogonal.

Definition 1.20. Let C ⊆ Fn

qbe a linear code. The dual code C⊥ is defined by

C⊥ = a ∈ Fn

q| a · b = 0 for any b ∈ C.

The next properties of dual codes follow from standard facts in Linear Algebra.

Proposition 1.21. Let C ⊆ Fn

qbe a linear code. Then

(1) (C⊥)⊥ = C;(2) dim(C⊥) = n− dim(C).

Example 1.22. The “trivial” codes (b) and (c) from Example 1.16 are dualto each other. Let C1 denote the code in (b) and C2 denotes the code in (c). Itis easy to check that every codeword in C1 is orthogonal to every codeword in C2.Hence C1 ⊆ C⊥

2 . On the other hand, dim(C1) = 1 and dim(C⊥2 ) = n − (n − 1) = 1

by part (2) of Proposition 1.21. Therefore, C1 = C⊥2 .

The situation over a finite field is a little different than what you are usedto when looking at orthogonal vectors in Rn. For example, there exist non-zeroself-orthogonal vectors in Fn

q.

Example 1.23. Let F3 = 0, 1, 2 be the field of integers mod 3. The vector(1, 1, 1) ∈ F3

3 is orthogonal to itself. Consider

C = spanF3(1, 1, 1) = (0, 0, 0), (1, 1, 1), (2, 2, 2).

Then C ⊂ C⊥. What is C⊥? By Proposition 1.21, C⊥ is 2-dimensional. Also(1, 2, 0) ∈ C⊥. Therefore,

C⊥ = spanF3

(1, 1, 1), (1, 2, 0).


Note that C⊥ consists of 9 vectors. Can you list them all?

Next we will see how to find a generator matrix for C⊥, given a generator matrixfor C. Let C be a linear [n, k, d]q-code with generator matrix G. Consider a shortexact sequence

0 −→ Fk

q

G Fn

q

H Fn−k

q−→ 0,

where H is a parity check matrix for C (see Section 1.1.2).We have the following proposition.

Proposition 1.24. Let H be a parity check matrix for C. Then Ht is a gen-erator matrix for C⊥.

Proof. By taking the transpose of G and H we obtain a dual sequence (notethat the maps are now reversed).

0 −→Fn−k

q

Ht

Fn

q

Gt

Fk

q−→ 0,

which is also exact (check that). Hence

Im(Ht) = Ker(Gt) = a ∈ Fn

q| aGt = 0 = a ∈ Fn

q| a·b = 0 for each column b of Gt

.

But the columns of Gt are the rows of G and they span C. Hence, the latter equals

a ∈ Fn

q| a · b = 0 for every b ∈ C = C

⊥.

Therefore, Im(Ht) = C⊥ and so the rows of Ht span C⊥. Also the rows of Ht arelinearly independent since the map Ht is injective. In other words, the rows of Ht

is a basis for C⊥.

This proof also tells us how one can compute H. Consider the homogeneouslinear system Gx = 0. From linear algebra we know how to write down a basisb1, . . . ,bn−k for its solution space (i.e. a basis for the null space of G). They arethe columns of H = [b1, . . . ,bn−k].

Example 1.25. Consider a linear code C with a generator matrixG =

1 0 −10 1 −1

.

The null space of G is spanned by (1, 1, 1), so H =

111

is a parity check matrix.

By Proposition 1.24, Ht =1 1 1

is a generator matrix for the dual code C⊥.

Note that this is a particular case of Example 1.22. The following are the two shortexact sequences for C and C⊥:

0 −→ F2q

1 0 −10 1 −1

F3q

111

F1q

−→ 0,

0 −→ F1q

1 1 1

F3

q

1 00 1

−1 −1

F2q

−→ 0,

1.3. REED–SOLOMON CODES: TWO CONSTRUCTIONS 9

1.3. Reed–Solomon Codes: Two constructions

We now turn to a very important example of a linear code constructed usingspaces of polynomial functions. This is our first step towards studying algebraicgeometry codes.

As usual, F [x] will denote the ring of polynomials over a field F in one vari-able x. For the rest of the section we fix a subset P = α1, . . . ,αn of n ≥ 1elements of Fq, and fix an integer m < n.

1.3.1. The L-construction. Define

L(m) = f ∈ Fq[x] | deg f ≤ m.

Note that L(m) is a vector space over Fq of dimension m + 1. It has a basis ofmonomials 1, x, x2, . . . , xm.

Next we define the evaluation map

evP : L(m) → Fn

q, f → (f(α1), . . . , f(αn)).

It satisfies the following properties.

Proposition 1.26. The evaluation map evP is a linear map which is injectiveif m < n.

Proof. We leave it to you to check that evP is a linear map. Let us show thatif m < n then Ker(evP) = 0. We have

Ker(evP) = f ∈ L(m) | f(α1) = · · · = f(αn) = 0,

hence, if f ∈ Ker(evP) then f has n distinct root. But any non-zero polynomial inL(m) has at most m < n roots. Thus Ker(evP) = 0, and so evP is injective.

Definition 1.27. The image of the evaluation map Im(evP) is called the Reed–Solomon code. We denote it by Cm,P .

In the next theorem we compute the parameters of the Reed–Solomon code.

Theorem 1.28. The Reed–Solomon code Cm,P is an [n,m+ 1, n−m]q-code.

Proof. The length is n by definition. By Proposition 1.26,

dim Cm,P = dim Im(evP) = dimL(m) = m+ 1.

To show that d = n − m note again that every f ∈ L(m) has at most m roots,so every codeword (f(α1), . . . , f(αn)) has at least n − m non-zero entries. Alsof(x) = (x−α1) · · · (x−αm) lies in L(m) and produces a codeword of weight exactlyn−m. Thus n−m is the minimum weight (minimum distance) of Cm,P .

Let us now write down a generator matrix for Cm,P . Since evP is injective, theimage of the monomial basis 1, x, . . . , xm under evP forms a basis for Im(evP),i.e. evP(1), evP(x), . . . , evP(xm) are the rows of a generator matrix G. We obtain

(1.1) G =

1 1 . . . 1α1 α2 . . . αn

α21 α2

2 . . . α2n

......

...αm

1 αm

2 . . . αm

n

.


Remark 1.29. When m = n − 1 we obtain a square Vandermonde matrix,familiar to you from linear algebra. Its determinant equals

1≤i<j≤n

(αi − αj),which is non-zero since the αi are disjoint.

Example 1.30. Consider a Reed–Solomon code over F5 = 0, 1, 2, 3, 4 (inte-gers mod 5) with n = 5, m = 2, and P = F5. The space L(2) has a basis 1, x, x2.Therefore, the code C2,F5 has a generator matrix

G =

1 1 1 1 10 1 2 3 40 1 4 4 1

.

By Theorem 1.28 this is a [5, 3, 3]5-code.

1.3.2. The Ω-construction. As before, let P = α1, . . . ,αn be a subset ofFq. Denote f0(x) = (x− α1) · · · (x− αn). Consider the set

Ω(m) =

g(x)

f0(x)| g ∈ Fq[x], deg g ≤ n−m− 2

.

Note that Ω(m) is a vector space over Fq whose elements are rational functionswith poles in P. The dimension of Ω(m) equals the dimension of polynomials ofdegree up to n−m− 2, so dimΩ(m) = n−m− 1.

Definition 1.31. Let h ∈ Fq[x]. Define the residue of h

f0at αi by

resαi

h

f0

=

(x− αi)h(x)

f0(x)

x=αi

=h(α)

n

j=1,j =i(αi − αj)

Example 1.32. Let us compute the residue of x2+1

x2−1 at x = 1:

res1x2 + 1

x2 − 1=

x2 + 1

x+ 1

x=1

= 1.

Theorem 1.33. (The Residue Formula) If deg h ≤ n− 2 then

αi∈Presαi

h

f0

= 0.

Before we prove this formula, let us remark that over the complex numbers itfollows from the Cauchy residue formula. Indeed, by the Cauchy residue formula thesum of the residues over the αi equals negative of the residue at infinity. However,when deg h ≤ n− 2 the form h(x)

f0(x)dx has no pole at infinity, so the residue there is

zero.

Proof. Let h(x) = a0 + a1x + · · · + an−2xn−2. The following determinant iszero:

1 1 . . . 1α1 α2 . . . αn

......

...αn−21 αn−2

2 . . . αn−2n

h(α1) h(α2) . . . h(αn)

= 0.

1.3. REED–SOLOMON CODES: TWO CONSTRUCTIONS 11

Indeed, the last row of the above matrix is a linear combination of the first n − 1rows with coefficients a0, . . . , an−2. On the other hand, expanding the determinantalong the last row and using Remark 1.29 we obtain

0 =n

i=1

(−1)n+ih(αi)

j,k =i,j<k

(αk − αj) =n

i=1

(−1)nh(αi)

j<k

(αk − αj)j =i

(αi − αj).

Since the product in the numerator is independent of i, we can factor it out:

0 = (−1)n

j<k

(αk − αj)n

i=1

h(αi)j =i

(αi − αj).

It remains to notice that the sum on the right is precisely the sum of the residuesin the residue formula.

Let us know return to the Ω-construction of a Reed–Solomon code. Define theresidue map

resP : Ω(m) → Fn

q,

g

f0→

resα1

g

f0

, . . . , resαn

g

f0

.

Proposition 1.34. The residue map resP is a linear map which is injectiveif m ≥ 0.

Proof. It is easy to check that resP is a linear map, so it is left it you. As inthe proof of Proposition 1.26 we just need to show that Ker(resP) = 0. Indeed,if 0 = g/f0 ∈ Ker(resP) then resαi

(g/f0) = 0, for every 1 ≤ i ≤ n. This impliesthat g(αi) = 0, for every 1 ≤ i ≤ n (see Definition 1.31) . But then g would haven distinct roots, which is imposible since deg g ≤ n−m− 2 < n. Therefore g = 0and Ker(resP) = 0.

Definition 1.35. The image of the residue map resP is called a dual Reed–Solomon code and denoted by C∗

m,P .

The following theorem justifies the above definition.

Theorem 1.36. The code C∗m,P is a [n, n − m − 1,m + 2]q-code, dual to the

code Cm,P .

Proof. First, by Proposition 1.34, dim C∗m,P = dimΩ(m) = n−m−1. To com-

pute the minimum distance, consider a codeword corresponding to g/f0 ∈ Ω(m).As we saw in the proof of Proposition 1.34, the number of zero entries in the code-word equals the number of roots of g, which cannot exceed n−m− 2. Therefore,the weight of the codeword is no less than n− (n−m− 2) = m+ 2. On the otherhand, it is easy to check that the polynomial g(x) = (x − α1) · · · (x − αn−m−2)produces a codeword with weight exactly m+ 2.

For the second part of the statement, let f ∈ L(m) and g/f0 ∈ Ω(m). Wewill show that they define orthogonal codewords. Indeed, the dot product of

(f(α1), . . . , f(αn)) andresα1

g

f0

, . . . , resαn

g

f0

equals

n

i=1

f(αi) resαi

g

f0

=

n

i=1

resαi

fgf0

.

But the latter sum equals zero by the Residue Formula, since deg(fg) = deg f +deg g ≤ m + n −m − 2 = n − 2. This shows that C∗

m,P ⊆ C⊥m,P . To see that they


are in fact the same, compare the dimensions: dim C⊥m,P = n− (m+1) = n−m− 1

by Proposition 1.21 and Theorem 1.28. Also dim C∗m,P = n−m− 1 by above.

Example 1.37. Consider a dual Reed–Solomon code over F5 = 0, 1, 2, 3, 4with n = 5, m = 2, and P = F5. The space Ω(2) consists of rational functions g/f0,where f0(x) = x(x − 1)(x − 2)(x − 3)(x − 4) and deg g ≤ n − m − 2 = 1. HenceΩ(2) has a basis 1/f0, x/f0. We leave it as an exercise (see Exercise 1.3) to checkthat the residue of 1/f0 at every point of F5 equals 4. This produces a generatormatrix for C∗

2,F5:

G∗ =

4 4 4 4 40 4 3 2 1

.

By Theorem 1.28 this is a [5, 2, 4]5-code. You can check that the transpose of G∗ isa parity check matrix for the code in Example 1.30, hence the two codes are dualof each other.

1.4. Cyclic Codes

In this section we will look at a class of linear codes called cyclic. They areclosely related to ideals of certain quotient rings. It turns out that some of theReed–Solomon codes are examples of cyclic codes, as we will prove at the end ofthe section. The definition is simple.

Definition 1.38. A linear code C ⊂ Fn

qis called cyclic if (c0, . . . , cn−2, cn−1) ∈

C implies that (cn−1, c0, . . . , cn−2) ∈ C.

In other words, a cyclic code is a linear code which is closed under a cyclicpermutation of the entries in its codewords.

Example 1.39. Let C be a binary code (i.e. a code over F2) with generatormatrix

G =

1 1 1 11 0 1 0

.

This is a cyclic code. Indeed, we can list the elements of C:

C = (0, 0, 0, 0), (1, 1, 1, 1), (1, 0, 1, 0), (0, 1, 0, 1).

Now it is easy to see that this set is closed under a cyclic permutation.

Next we will see how cyclic codes are related to ideals in quotients of polynomialrings. We are going to associate to every codeword c = (c0, c1, . . . , cn−1) in C apolynomial c(t) = c0+c1t+· · ·+cn−1tn−1 in Fq[t]. This way the code C correspondsto a set of polynomials

IC = c(t) ∈ Fq[t] | c ∈ C.

Note that

tc(t) = c0t+ c1t2 + · · ·+ cn−1t

n≡ cn−1 + c0t+ · · ·+ cn−2t

n−1 mod (tn − 1).

Hence, the polynomial corresponding to the cyclic permutation of c is obtained byreducing tc(t) modulo tn − 1. This suggests that we need to consider the image ofIC in the quotient ring Fq[t]/tn − 1. We will keep the same notation:

IC = c(t) ∈ Fq[t]/tn− 1 | c ∈ C.

1.4. CYCLIC CODES 13

Example 1.40. Let us look at the quotient ring R = F2[t]/t4 − 1. Theremainders mod t4 − 1 have degree up to three, so we can write

R = a0 + a1t+ a2t2 + a3t

3| ai ∈ F2 = 0, 1, t, 1 + t, t2, 1 + t2, . . . ,

where we should keep in mind that these are classes of polynomials mod t4−1. Forexample, (1 + t2)t2 = t2 + t4 = 1 + t2 in R.

Consider the ideal I in R generated by 1+ t2, i.e. I = 1+ t2 = h(t)(1+ t2).Since when writing elements of R we don’t need to consider polynomials of degreegreater than 3, it is enough to take all h(t) of degree up to 1, so we can write

I = h(t)(1+t2) = 0, 1+t2, t(1+t2), (1+t)(1+t2) = 0, 1+t2, t+t3, 1+t+t2+t3.

Note that the coefficients of these polynomials are the vectors

(0, 0, 0, 0), (1, 0, 1, 0), (0, 1, 0, 1), (1, 1, 1, 1),

which is precisely the cyclic code C in Example 1.39. Hence I = IC .

This correspondence between ideals in Fq[t]/tn − 1 and cyclic codes over Fq

persists in general.

Theorem 1.41. C ⊂ Fn

qis a cyclic code of length n if and only if IC is an ideal

in Fq[t]/tn − 1.

Proof. (⇐) If IC is an ideal in R = Fq[t]/tn − 1 then it is closed underaddition and multiplication by elements in R. In particular, tIC ⊂ IC . This meansthat whenever c(t) ∈ IC then also tc(t) ∈ IC . But we saw that this is equivalent to(cn−1, c0 . . . , cn−2) ∈ C whenever (c0, . . . , cn−2, cn−1) ∈ C, i.e. C is cyclic.

(⇒) Since C is linear, the set IC forms a subgroup of R under addition and isclosed under multiplication by elements of Fq. If C is cyclic then it is closed underthe cyclic permutation of the entries in its codewords. This implies that IC is closedunder multiplication by t ∈ R, i.e. tIC ⊂ IC . But then tiIC ⊂ IC for any i ≥ 1.This implies that fIC ⊂ IC for any f ∈ R, i.e. IC is an ideal.

It is a standard fact in abstract algebra that the ring of polynomials F [t] overa field F is a PID (principal ideal domain). This means that every ideal I in F [t]is generated by a single element, I = g, for some g ∈ F [t]. The same is trueabout quotient rings R = F [t]/J where J is an ideal in F [t]. In fact, any ideal Iin R corresponds to a unique ideal I ⊃ J in F [t]. Now if I is generated by someg ∈ F [t], then I is generated by the image of g in R. Therefore R is also a PID.In our situation, this implies that for any cyclic code C there exists a polynomialgC whose image in Fq[t]/tn − 1 generates IC .

Definition 1.42. Let C be a cyclic code. The monic polynomial gC whoseimage in Fq[t]/tn − 1 generates IC is called the generator polynomial for C.

Example 1.43. The generator polynomial for the cyclic code in Example 1.39is 1 + t2.

We have the following properties of the generator polynomial.

Proposition 1.44. Let gC be the generator polynomial for a cyclic code C.Then

(1) gC divides tn − 1 in Fq[t];(2) dim C = n− deg gC.


Proof. (1) Divide tn−1 by gC with remainder: tn−1 = hgC+r for some h, r ∈

Fq[t], where either r = 0 or deg r < deg gC . This implies that in R = Fq[t]/tn − 1we have 0 = hgC + r, and so r = −hgC ∈ IC . But gC , being a generator for IC , is apolynomial of smallest positive degree in IC . Thus, r = 0 in R, and also in Fq[t].Therefore, tn − 1 = hgC in Fq[t], i.e. gC divides tn − 1 in Fq[t].

(2) Let l = deg gC . According to our correspondence c → c(t), the code C andthe ideal IC are isomorphic as vector spaces over Fq. We have c(t) ∈ IC = gC, soc(t) = h(t)gC(t) for some h with deg h ≤ n−1− l. This implies that IC , as a vectorspace over Fq, has a basis gC , tgC , . . . , tn−1−lgC. Therefore, dim C = dim IC =n− l.

Example 1.45. Let Cm,F∗qbe the Reed–Solomon code with P = F∗

q= Fq \ 0.

In Exercise 1.4 you will show a code is cyclic if and only of the cyclic permutationof every row of a generator matrix of C lies in C. We computed a generator matrixG for the Reed–Solomon code in (1.1). In our case P = F∗

q, which is known to be

a cyclic group under multiplication. Hence, we can write all the elements of F∗qas

powers of a single element: F∗q= 1,α, . . . ,αq−2. The generator matrix G then

becomes:

G =

1 1 . . . 11 α . . . αq−2

1 α2 . . . α2(q−2)

......

...1 αm . . . αm(q−2)

.

Check that the cyclic permutation of each row of G is a constant multiple of thisrow, and hence lies in Cm,F∗

q. This shows that Cm,F∗

qis a cyclic code.

It is an interesting exercise to compute the generator polynomial for the codeCm,F∗

q. We outline the steps in Exercise 1.7.

1.5. Asymptotic of Codes

In this section we will look at the asymptotic behavior of parameters of codeswith increasing length. Recall that for an [n, k, d]q-code, the quantities R = k/nand δ = d/n are called the information rate and the relative minimum distance,respectively. It is immediate that 0 ≤ δ ≤ 1 and 0 ≤ R ≤ 1. Therefore we mayconsider points in the unit square with coordinates (δ, R) which correspond to therelative parameters of codes. Here is the main problem, somewhat loosely stated.

Problem. Give a description of the set

Vq = (δ, R) ∈ [0, 1]2 | there exists an [n, k, d]q-code with δ = d/n,R = k/n.

The following theorem by Shannon claims the existence of codes with very goodparameters if we allow the length of the code to be large. We will state the theoremwithout giving much detail, hoping that the result can still be appreciated.

First, let p denote the probability with which an error occurs in a codeword.There is an explicit function of p, called the capacity of the channel of transmission,given by

capacity(p) = 1 + p logqp+ (1− p) log

q(1− p).

1.5. ASYMPTOTIC OF CODES 15

Theorem 1.46. (Shannon’s Theorem) For any > 0, any 0 < p < 1, and anyR < capacity(p) there exists a code with information rate at least R, probability oferror per codeword p, and probability of incorrect decoding less than .

In fact, n → ∞, as → 0, so to achieve high reliability we need to considerlong codes.

Next consider the set of limit points of Vq:

Uq = (δ, R) ∈ [0, 1]2 | there exists a sequence of distinct [ni, ki, di]q-codes

with δ = limi→∞

di/ni, R = limi→∞

ki/ni.

We remark that ni → ∞, as i → ∞, since there are only finitely many distinctcodes of bounded length.

Definition 1.47. We say an infinite family of distinct [ni, ki, di]q-codes isasymptotically good if the corresponding δ = limi→∞ di/ni and R = limi→∞ ki/ni

are both positive.

Towards a solution to the main problem, Yu. Manin gave the following descrip-tion of the set Uq.

Theorem 1.48. There exists a continuous function αq(δ) such that

Uq = (δ, R) ∈ [0, 1]2 | 0 ≤ δ ≤ 1 and 0 ≤ R ≤ αq(δ).

Moreover, αq decreases on the segment [0, q−1q

] and vanishes on [ q−1q

, 1].

Many questions about this function remain open, e.g. it is unknown whetherit is differentiable or concave up.

If we restrict ourselves to only linear codes we can similarly define the setsV lin

qand U lin

q. In fact, Manin’s theorem guarantees existence of the corresponding

function αlin

q, as well. Clearly, αq(δ)lin ≤ αq(δ) for any 0 ≤ δ ≤ 1, but it is not

know whether they are indeed the same function.The functions αq and αlin

qhave been intensively studied by many mathemati-

cians. The main goal was to write down non-trivial (and hopefully tight) upperand lower bounds for these functions. In the next subsections we will only presentsome of the non-trivial bounds.

1.5.1. Upper Bounds. Our first theorem, called the Singleton bound, is ageneral result relating the three parameters of a code.

Theorem 1.49. (The Singleton bound) Let C be an [n, k, d]q-code. Then

d ≤ n− k + 1.

Proof. Let M be the number of elements of C. The key observation is thatafter erasing the last d − 1 entries in every codeword in C we obtain M distinctwords of length n − d + 1. Indeed, if two of the them were the same that wouldmean that the original codewords had at least n− d+1 common entries, and theirHamming distance would be less than d, which is impossible since d is the minimumdistance of C. This implies that M ≤ qn−d+1, which is the total number of wordsof length n − d + 1. Taking the logarithm we obtain k = log

q(M) ≤ n − d + 1, as

stated.


Codes that meet the Singleton bound are called maximum distance separableor, simply, MDS codes. For example, any Reed–Solomon code Cm,P is an MDScode. Indeed, by Theorem 1.28, Cm,P is an [n,m+1, n−m]q-code and we see thatd = n−m = n− (m+ 1) + 1 = n− k + 1.

Corollary 1.50. (Asymptotic Singleton bound)

αq(δ) ≤ 1− δ.

Proof. By Theorem 1.48, we need to show that for any (δ, R) ∈ Uq wehave R ≤ 1 − δ. Indeed, given a sequence of distinct [ni, ki, di]q-codes withδ = limi→∞ di/ni and R = limi→∞ ki/ni, apply the Singleton bound for everycode in the sequence: ki ≤ ni − di + 1. Now dividing by ni and taking the limit asi → ∞ we obtain the required inequality R ≤ 1− δ.

Next we will prove a different upper bound for αq, called the Asymptotic Ham-ming bound. We will start with the Hamming bound for a single code.

Theorem 1.51. (The Hamming bound) For any [n, k, d]q-code we have

d−12

i=0

n

i

(q − 1)i ≤ qn−k.

Proof. Recall the formula for the number of elements in a ball in Section 1.1.4.Here we take a ball of radius

d−12 around each codeword. Since the balls are

disjoint, their union contains

|C|

d−12

i=0

n

i

(q − 1)i

words of length n. This cannot exceed the total number of words of length n, whichis qn. Therefore,

|C|

d−12

i=0

n

i

(q − 1)i ≤ qn.

It remains to note that |C| = qk, and the required inequality follows.

Definition 1.52. The following is the Hamming entropy function

Hq(t) =

t log

q(q − 1)− t log

q(t)− (1− t) log

q(1− t), if 0 < t ≤ q−1

q

0, if t = 0.

Lemma 1.53.

Hq

t

n

∼

1

nlog

q

t

i=0

n

i

(q − 1)i

, as n → ∞.

Proof. The proof uses Stirling’s formula and is left as an exercise.

Corollary 1.54. (Asymptotic Hamming bound)

αq(δ) ≤ 1−Hq

δ

2

.

1.5. ASYMPTOTIC OF CODES 17

Proof. As in the proof of Corollary 1.50, it is enough to show that for any(δ, R) ∈ Uq we have R ≤ 1 − Hq (δ/2). Again, consider a sequence of distinct[ni, ki, di]q-codes with δ = limi→∞ di/ni and R = limi→∞ ki/ni, and apply theHamming bound (Theorem 1.51) to each of the code in the sequence. Taking thelog of both sides of and dividing by n we obtain

1

nlog

di−1

2

i=0

ni

i

(q − 1)i

≤ 1−kini

.

It remains to take the limit as i → ∞ and apply Lemma 1.53. Below we depict both the asymptotic Singleton (in red) and the asymptotic

Hamming (in green) bounds for q = 8. Note that the latter intersects the horizontalaxis at δ = 2(q − 1)/q.

Figure 1.1. The asymptotic Singleton and Hamming boundsfor q = 8.

1.5.2. Lower Bounds. The question of finding a lower bound for the functionαq(δ) amounts to finding points (δ, R) in Uq with largest possible value of R. This,in turn, concerns the existence of codes of size qk, given the values of n and d. Ofcourse, if one such code exists then by discarding some of its codewords with canobtain a smaller code with the same n and d. So it make sense to consider codesof largest possible size with given n and d. This motivates the following definition.

Definition 1.55. Define Aq(n, k) to be the size of the largest code of lengthn and minimum distance d, i.e.

Aq(n, d) = max qk | there exists an [n, k, d]q-code.

The following result is due to Gilbert.


Theorem 1.56. (The Gilbert Bound)

Aq(n, d) ≥qn

d−1i=0

n

i

(q − 1)i

.

Proof. Let C be a [n, k, d]q-code of size |C| = Aq(n, d). This means we cannotfind a word in An \ C whose distance from every codeword in C is greater than orequal to d (otherwise we would have included it in C). Therefore the union of theballs of radius d − 1 centered at the codewords of C must contain all the words oflength n. This implies

|C|

d−1

i=0

n

i

(q − 1)i

≥ qn,

and the bound follows.

A corollary from this is the asymptotic Gilbert bound.

Corollary 1.57. (Asymptotic Gilbert bound)

αq(δ) ≥ 1−Hq(δ).

Proof. Consider a sequence of [ni, ki, di]q-codes with δ = limi→∞ di/ni andR = limi→∞ ki/ni, and such that ki = Aq(ni, di) for every i ≥ 1. By Theorem 1.48R ≤ αq(δ). On the other hand, by the Gilbert bound

ki = logq(Aq(ni, di)) ≥ ni − log

q

d−1

i=0

ni

i

(q − 1)i

.

Dividing both sides by ni and taking the limit as i → ∞, with the help ofLemma 1.53 we obtain

R ≥ 1−Hq(δ).

Remarkably, the same lower bound holds for αlin

qas well. This is not trivial,

since it requires existence of linear codes with the above properties. This result,which we will not prove, is called the Gilbert–Varshamov bound.

Theorem 1.58. (Gilbert–Varshamov bound)

αlin

q(δ) ≥ 1−Hq(δ).

Much more is known about this bound, for example, that almost all linearcodes (i.e. points of V lin

q) lie on the graph of RGV = 1−Hq(δ). It was believed for

a while that the Gilbert–Varshamov bound cannot be improved until Tsfasman,Vladut, and Zink found a bound which beats the Gilbert–Varshamov bound ona certain segment for large enough q. To achieve that they studied codes arisingfrom algebraic curves over finite fields, which now are commonly called algebraicgeometry codes (AG codes). We will study them in Chapter 5. Right now we statethe Tsfasman–Vladut–Zink bound.

Theorem 1.59. Let q be an even power of a prime. Then

αlin

q(δ) ≥ 1− δ −

1√q − 1

.

EXERCISES 19

One can check that for q ≥ 49 the graph of RTV Z = 1− δ− 1√q−1 intersects the

graph of RGV = 1−Hq(δ) on the segment [δ1, δ2], where δ1 and δ2 are the roots ofthe equation Hq(δ)− δ = 1√

q−1 (see Exercise 1.12).

We finish this chapter with a graph of the upper and lower bounds we discussedin this section. For q = 81 we plotted the Singleton bound (red), the Hammingbound (green), the Gilbert–Varshamov bound (yellow), and the Tsfasman–Vladut–Zink bound (blue).

Figure 1.2. Upper bounds: the Singleton and Hamming bounds;lower bounds: the Gilbert–Varshamov, and the Tsfasman–Vladut–Zink bounds for q = 81.

Exercises

Exercise 1.1. Prove that d = 3 for the 4-7 Hamming Code. (Hint: show thatthe weight of each codeword is at least 3.)

Exercise 1.2. Show that the Hamming distance d defines a metric on the setof all words of length n in the alphabet A, i.e for any a, b, and c in An we have

(1) d(a,b) ≥ 0,(2) d(a,b) = 0 if and only if a = b,


(3) d(a,b) = d(b,a),(4) d(a, c) ≤ d(a,b) + d(b, c).

Exercise 1.3. Write the generator matrix for the dual to the Reed-Solomoncode in Example 1.30 using the residue map. Find the parameters of this code.

Exercise 1.4. Let G be a generator matrix for a linear code C. Show that Cis cyclic if and only if the cyclic permutation of every row of G lies in C.

Exercise 1.5. Let G be the (standard) generating matrix for Cm,F∗q. Show

that the cyclic permutation of every row of G is a multiple of this row. Deducethat the Reed–Solomon code Cm,F∗

qis cyclic. (Hint: Use the fact that F∗

qis a cyclic

group under multiplication; apply Exercise 1.4.)

Exercise 1.6. Let β be an element of Fq, β = 1. Show that

q−2j=0 β

j = 0.(Hint: Use the fact that F∗

qis a cyclic group under multiplication, and hence the

elements of Fq are the roots of tq − t.)

Exercise 1.7. In this exercise you will find the generator polynomial gC(t)for the Reed-Solomon code C = Cm,F∗

q. We have F∗

q= α for some α ∈ F∗

q. By

Proposition 1.44, gC divides tq−1 − 1, hence, gC(t) =

β∈S(t− β) for some subset

S ⊂ F∗q(see the hint in Exercise 1.6). Also from Proposition 1.44 we see that

|S| = q −m− 2.

(a) Show that S is contained in the set of common roots of all polynomialsc(t) ∈ IC .

(b) Let c = (f(1), f(α), . . . , f(αq−2)) be a codeword in C, corresponding toa polynomial f ∈ L(m). White down c(t). Show that c(t) vanishes att = αk for 1 ≤ k ≤ q −m− 2. (Hint: Use Exercise 1.6.)

(c) Use parts (a) and (b) to find gC(t).

Exercise 1.8. Let C be an [n, k, d]q-code. Show that the minimum distance ofthe dual code C⊥ cannot be greater than k + 1.

Exercise 1.9. Recall the construction of the field of four elements: F4 =0, 1,α, 1+α, where addition is mod 2 and α is an element satisfying α2 = 1+α.Show that the linear code with generator matrix

1 0 1 10 1 α α2

is an MDS-code.

Exercise 1.10. Compute a generator matrix for the dual to the code in Exer-cise 1.9 and show it is also an MDS-code.

Exercise 1.11. Let C be an MDS-code with parity-check matrix H. Provethat any n − k of the rows of H are linearly independent. (Hint: Assuming theopposite show that C contains a codeword with weight less than or equal to n− k.)

EXERCISES 21

Exercise 1.12. Let Hq be the Hamming entropy function. Show that forq ≥ 49 the line R = 1−δ− 1√

q−1 intersects the graph of the function R = 1−Hq(δ)

on the segment [δ1, δ2], where δ1 and δ2 are the roots of the equation

Hq(δ)− δ =1

√q − 1

.

(Hint: Find the maximum of F (δ) = Hq(δ) − δ on [0, (q − 1)/q]. Check that themaximum is attained at δ = q−1

2q−1 and equals logq(2q− 1)− 1. Then show that this

maximum is greater than 1√q−1 for q ≥ 49 by plotting both as functions of q. You

can use Maple or any other computer system.)

Exercise 1.13. Prove that if C is an MDS-code then so is its dual C⊥. (Hint:Use Exercise 1.8 and Exercise 1.11).

CHAPTER 2

Algebraic Curves

2.1. Fields and Polynomial Rings

2.1.1. Finite Fields. You are already familiar with a field of prime order,Fp = 0, 1, . . . , p − 1. It consists of classes of integers modulo a prime p. Thereare other examples of fields, e.g. we have already seen the field of four elementsF4 = 0, 1,α, 1 + α in Exercise 1.9. Recall that we use the identities α2 = 1 + αand 1 + 1 = 0. Here are the addition and the multiplication tables for F4.

+ 0 1 α 1 + α0 0 1 α 1 + α1 1 0 1 + α αα α 1 + α 0 1

1 + α 1 + α α 1 0

· 0 1 α 1 + α0 0 0 0 01 0 1 α 1 + αα 0 α 1 + α 1

1 + α 0 1 + α 1 α

In fact, we can define it as the quotient ring F4 = F2[x]/x2 + x + 1. Leth = x2 + x + 1 ∈ F2[x]. Since h has degree 2, the possible remainders mod h areeither constants in F2 or linear functions over F2. Thus, we can write

F4 = a0 + a1x | ai ∈ F2 = 0, 1, x, 1 + x,

assuming that these are classes mod h. Note that x2 ≡ x + 1 mod h, so in ournotation before α denotes the class of x mod h. You can check that the additionand multiplication on classes mod h is exactly the one described in the above tables.For example, (1 + x)x = x+ x2 ≡ 1 mod h, hence (1 + α)α = 1.

Let F be a field. Recall that a polynomial h ∈ F[x] is called irreducible over Fif h cannot be written as a product of two polynomials in F[x] of positive degree.Here is a standard fact from abstract algebra.

Proposition 2.1. Let F be a field and h ∈ F[x]. The quotient ring F[x]/h isa field if and only if h is irreducible over F.

You should check that x2 + x + 1 is irreducible over F2, and so our quotientring F2[x]/x2 + x+ 1 is indeed a field.

This construction can be generalized to produce fields of size pn for any primep and any integer n ≥ 1. Let h be an irreducible polynomial over Fp. ThenFpn = Fp[x]/h is a field of pn elements. We have

Fpn = a0 + a1α+ · · ·+ an−1αn−1

| ai ∈ Fp,

where again α is the classes of x mod h. Since there are exactly p choices for everycoefficient ai we obtain pn such distinct classes. By Proposition 2.1 this is a fieldsince we assumed h to be irreducible. The question now, of course, is “Do thereexist irreducible polynomials over Fp for any prime p of any given degree n?” The

23

24 2. ALGEBRAIC CURVES

answer is “yes”, and it can be shown by just counting the number of reduciblepolynomials of degree n (i.e. products of polynomials of smaller positive degrees)and checking that it is less than the total number of polynomials of degree n over Fp.We will not be doing this here, but if you are interested you can find it in [?].

Recall that if F and K are two fields with the same operation, the same 0, 1elements, and such that F ⊂ K, we say that F ⊂ K is a field extension. For exampleF2 ⊂ F4 is a field extension. Note that in this case K is a vector space over F. Anfield extension F ⊂ K is called finite if K is a finite dimensional space over F. Inparticular, if K is a finite field then F ⊂ K is a finite field extension. In this case Kmust have a basis v1, . . . , vk ⊂ K over F, i.e.

K = c1v1 + · · ·+ ckvk | ci ∈ F,k = dimF K. For example, F4 is a 2-dimensional vector space over F2 with a basis1,α. More generally, Fpn is an n-dimensional vector space over Fp with a basis1,α, . . . ,αn−1.

Proposition 2.2. Let F ⊂ K ⊂ L be a “tower” of field extensions and L isfinite dimensional over F. Then

dimF L = dimF K dimK L.

Proof. Start with a basis w1, . . . , wl for L over K and a basis v1, . . . , vkfor K over F and show that the set of pairwise products viwj | 1 ≤ i ≤ k, 1 ≤ j ≤ lforms a basis for K over F. You are invited to fill the details yourself.

Here is the first main result in the theory of finite fields.

Theorem 2.3. Let F be a finite field. Then

(1) F has pn elements for some p and n ≥ 1.(2) F is isomorphic to Fp[x]/h for some monic irreducible degree n polyno-

mial h in Fp[x].

Proof. Since F is finite, the elements 1, 1+1, 1+1+1, . . . cannot all be distinct.Therefore, there exists the smallest integer p ≥ 2 such that 1 + · · ·+ 1

p times

= 0. Note

that p must be prime, otherwise if p = rs then

0 = 1 + · · ·+ 1 p times

= (1 + · · ·+ 1 r times

)(1 + · · ·+ 1 s times

),

which means that F has zero divisors, which is impossible since F is a field. (Theelements 1 + · · ·+ 1

r times

and 1 + · · ·+ 1 s times

are non-zero by the minimality of p.) Such p

is called the characteristic of the field F, p = charF. This follows that F containsFp as a subfield.

(1) We have a field extension Fp ⊂ F, so by above F is a finite dimensionalvector space over Fp, i.e.

F = c1v1 + · · ·+ cnvn | ci ∈ Fp,

for a basis v1, . . . , vn of F over Fp. Therefore F has pn elements.(2) Let q = pn. We have already mentioned that F∗ = F \ 0 is a cyclic group

under multiplication (for a proof see, for example [?]), i.e. F∗ = 1,α, . . . ,αq−2

for some α ∈ F∗.Therefore α satisfies αq−1 = 1 by the Lagrange theorem. In other

2.1. FIELDS AND POLYNOMIAL RINGS 25

words, α is a root of the polynomial xq−1−1 in Fp[x]. Let h be the monic irreduciblefactor of xq−1 − 1, for which α is a root. Then F is isomorphic to Fp[x]/h.

Definition 2.4. An element α in Fq is called primitive if it generates themultiplicative group F∗

q.

As it follows from group theory, a cyclic group of order k has ϕ(k) generators,where ϕ is the Euler function. Therefore, in every field of order q there are ϕ(q−1)primitive elements.

Example 2.5. There are ϕ(3) = 2 primitive elements in F4, namely α and1 + α.

Now we will state the complete classification of finite fields.

Theorem 2.6. (1) For any prime p and any n ≥ 1 there exists a finitefield of order pn.

(2) Any two fields of the same size are isomorphic.

Proof. Part (1) follows from our discussion after Proposition 2.1. For part(2) we need something stronger than what we used in the proof of Theorem 2.3. Wesaw that α is a root of xp−1 − 1. This implies that every element αi of F∗ is a rootof xp−1 − 1, and hence, F consists of the roots of xp − x. In this case we say thatF is the splitting field of xp − x. Now we need a theorem from field theory whichsays that the splitting field of a polynomial is unique up to an isomorphism.

Here is another example of a finite field.

Example 2.7. To construct a field of order 9 as a quotient ring F9 = F3[x]/hwe need a degree 2 irreducible polynomial h over F3. For example, one can takeh(x) = 1 + x2. Let α be the class of x mod h. Then α satisfies 1 + α2 = 0. Weobtain

F9 = a0 + a1α | ai ∈ F3 = 0, 1, 2,α, 2α, 1 + α, 2 + α, 1 + 2α, 2 + 2α.

Let us compute some products and sums in F9.

• (1+α)(2+α) = 2+3α+α2 = 2+0+ (−1) = 1; hence (1+α)−1 = 2+α• (1 + 2α)2 = 1 + 4α+ 4α2 = 1 + α+ (−1) = α• α+ (2 + 2α) = 2 + 3α = 2

Let Fq be a finite field of order q = pn, where p is the characteristic of the field.We will define a very important map from Fq to itself.

Definition 2.8. Let Fq be a finite field of characteristic p. The map

σ : Fq → Fq, α → αp

is called the Frobenius automorphism.

Here some of its properties.

Proposition 2.9. Let Fq be a finite field of q = pn elements. Then

(1) for any α,β ∈ Fq we have (α+ β)p = αp + βp;(2) the map α → αp is an automorphism of Fq which fixes Fp;(3) the Galois group of all automorphisms of Fq which fix Fp,

Gal(Fq) = φ : Fq → Fq | φ(a) = a, ∀a ∈ Fp,

is cyclic of order n, generated by σ.


Proof. (1) By the binomial formula

(α+ β)p =p

i=0

p

i

αp−iβi = αp + . . .

=0

+βp = αp + βp,

where the middle terms are all zero since p dividesp

i

for 1 ≤ i ≤ p − 1 and p is

the characteristic of the field.(2) By part (1), σ(α + β) = σ(α) + σ(β). Also σ(αβ) = (αβ)p = σ(α)σ(β),

hence, σ is a ring homomorphism. Next, Ker(σ) = α ∈ Fq | αp = 0 = 0, i.e.σ is injective. But Fq is finite, so any injective map is also surjective. Therefore σis an automorphism of Fq. The fact that σ fixes any a ∈ Fp is the Fermat LittleTheorem: σ(a) = ap = a for any a ∈ Fp.

(3) From Galois theory we know that Fp ⊂ Fq is a Galois extension, so|Gal(Fq)| = dimFp

Fq = n. Let us show that the subgroup generated by σ hasn distinct elements:

σ = id,σ,σ2, . . . ,σn−1.

Here σi is the composition of σ with itself i times: σi = σ · · · σ i times

, so σi(α) = αpi

.

Indeed, if σi = σj then αpi

= αpj

for any α ∈ Fq, in particular, when α is a

primitive element. Then αpi−p

j

= 1, which implies that ord(α) = pn − 1 dividespi − pj . Since both i, j are less than n this is only possible when i = j.

The next result describes all possible subfields of Fq.

Theorem 2.10. Let K be a subfield of Fq, where q = pn. Then K is isomorphicto Fpk for some divisor k of n. Moreover,

K = β ∈ Fq | σk(β) = β.

Proof. Clearly, K has the same characteristic p, so |K| = pk for some k. Tosee that k must be a divisor of n consider a tower Fp ⊂ K ⊂ Fq. By Proposition 2.2

n = dimFpFq = dimFp

K dimK Fq = k dimK Fq,

hence k|n. The second statement follows from the Fundamental Theorem of theGalois theory and will not be proved here.

Example 2.11. Let us describe all subfields of F26 . There are four divisors of6 including 1 and 6. They correspond to the four subfields:

F22

F2

⊂

F26

⊂

F23⊂

⊂


Example 2.12. We can construct an infinite sequence of subfields of charac-teristic 2:

F2 ⊂ F22 ⊂ F26 ⊂ · · · ⊂ F2(n−1)! ⊂ F2n! ⊂ . . .

Note that (n− 1)! divides n! for any n ≥ 1, so these are indeed subfields.

2.1.2. Algebraic Closure. Remember the Fundamental Theorem of Algebrawhich says that any polynomial of degree n over complex numbers has exactly ncomplex roots, counting with multiplicities. This is the property of the complexnumbers begin algebraically closed. What are algebraically closed fields of positivecharacteristic?

We will start with the definition.

Definition 2.13. A field F is called algebraically closed if every polynomialf ∈ F[x] has a root in F.

For example, R is not algebraically closed, since 1 + x2 ∈ R[x], but has no realroots; C is algebraically closed as we mentioned before. Notice that this impliesthat f has all of its roots in F, and so f splits into a product of linear factors inF[x].

Definition 2.14. Let F be a field. The algebraic closure of F is the smallestalgebraically closed field F containing F as a subfield.

For example, R = C. In fact, C = a+ bi | a, b ∈ R, i.e. it is a degree 2 fieldextension of R obtained by adjoining i, which is a root of 1+x2. This constructionis very similar to the one we discussed in the previous section. We can write C as aquotient ring C = R[x]/1 + x2. We remark that Q is contained in C, but in factis smaller.

Next theorem describes the algebraic closure of Fp, and also of any finite fieldof characteristic p. Similarly to Example 2.12, we have a chain of subfields ofcharacteristic p:

Fp ⊂ Fp2 ⊂ Fp6 ⊂ · · · ⊂ Fp(n−1)! ⊂ Fpn! ⊂ . . .

Theorem 2.15.

Fp =∞

n=1

Fpn! .

Proof. Let K =∞

n=1 Fpn! . Clearly Fp ⊂ K. It is easy to see that K is a field.Indeed, for any α,β in K there exists k ≥ 1 such that α,β lie in Fpk! . Since thefield axioms are satisfied for α,β in Fpk! , they are also satisfied in K.

To show K is algebraically closed consider any polynomial f ∈ K[x]. Again,each of the coefficients of f lies in some finite field in the above union, so we canchoose k ≥ 1 such that all coefficients of f lie in Fpk! , i.e. f ∈ Fpk! [x]. Now let αbe a root of f . Then we obtain a finite extension Fpk! ⊂ Fpk!(α) of some degree d.There exists n such that k!d divides n!. Therefore Fpk!(α) ⊂ Fpn! ⊂ K. This showsthat α ∈ K.

Finally, to show that K is the smallest algebraically closed field containing Fp,note that Fp must contain Fpn! for any n since Fp must contain roots of irreduciblepolynomials over Fp of degree n!. Therefore, Fp must contain and, hence, equalto K.


2.1.3. Polynomial Rings. Now we will review what we know about polyno-mials in one variable and see what remains true for polynomials in several variables.

Let R be a commutative ring with 1, and R[x] the ring of univariate polynomialswith coefficients in R. When R = F is a field the following facts about F[x] hold:

(1) F[x] is a PID (principal ideal domain).(2) F[x] is a Euclidean domain, there is a Euclidean Algorithm in F[x].(3) F[x] is a UFD (unique factorization domain).(4) (Euclid’s lemma) If p ∈ F[x] is irreducible and p|fg then either p|f or p|g.

Moreover when R = Z we have

(5) (Gauss’ lemma) If p ∈ Z[x] factors in Q[x] then it factors in Z[x].How do we define F[x, y], the ring of polynomials in two variables? One way

would be to say that F[x, y] consists of finite linear combinations of monomials xiyj

with coefficients in F and i ≥ 0, j ≥ 0:

f(x, y) =

i,j≥0

ai,jxiyj , aij ∈ F, all but finitely many aij are zero.

Another way is to set R = F[x], which is a commutative ring with 1, and defineF[x, y] = R[y] = F[x][y]. In other words, F[x, y] consists of polynomials in y withcoefficients being polynomials in x. You should show that the two definitions areequivalent.

Although we will mostly be dealing with bivariate polynomials we will give thegeneral definition of the multivariate polynomial ring.

Definition 2.16. Let R be a commutative ring with 1. Define a n-variate poly-nomial f(x1, . . . , xn) over R as a finite linear combinations of monomials xi1

1 · · ·xinn

with coefficients in R:

f(x1, . . . , xn) =

i1,...,in≥0

ai1,...,inxi11 · · ·xin

n, ai1,...,in ∈ R,

where all but finitely many ai1,...,in are zero. The set of all polynomials f(x1, . . . , xn)forms the ring of polynomials R[x1, . . . , xn] under usual operations of addition andmultiplication. The (total) degree of a monomial xi1

1 · · ·xinn

is i1 + · · · + in. The(total) degree deg f of a polynomial f ∈ R[x1, . . . , xn] is the largest degree of mono-mials appearing in f .

Equivalently, we can define R[x1, . . . , xn] by induction on the number of vari-ables: first define R[x], then define R[x1, . . . , xn] as R[x1][x2, . . . , xn].

Here are some simple properties of degree, which you are invited to checkyouself.

Proposition 2.17. For any f, g in R[x1, . . . , xn] we have

(1) deg(fg) = deg f + deg g,(2) deg(f + g) ≤ maxdeg f, deg g.

The notion of irreducibility is the same as for F[x].Definition 2.18. A non-constant polynomial f ∈ F[x1, . . . , xn] is called re-

ducible over F if f = gh for some non-constant polynomials g, h ∈ F[x1, . . . , xn]. Inthis case we will also say that f factors in F[x1, . . . , xn]. If f is not reducible overF it is called irreducible over F.

Example 2.19.


(a) The polynomial x2 − y2 ∈ Q[x, y] is reducible over Q (and hence over R,and C), since x2 − y2 = (x− y)(x+ y), where x− y, x+ y ∈ Q[x, y].

(b) The polynomial x2+y2 is reducible over C, since x2+y2 = (x−iy)(x+iy).However, it is irreducible over R (and hence over Q). Indeed, supposex2 + y2 = g(x, y)h(x, y) for non-constant g, h ∈ R[x, y]. Then by theproperty of degree both g and h are linear. Without loss of generality wemay assume that the coefficient of y in each of them equals 1, so we have:

x2 + y2 = (a0 + a1x+ y)(b0 + b1x+ y).

Comparing the coefficients of x2 and xy on both sides we get a system:1 = a1b1 and 0 = a1 + b1 which implies b21 = −1. This is impossible forb1 ∈ R so no such non-constant g, h ∈ R[x, y] exist.

(c) The polynomial x2 + y2 − 1 is irreducible over C (and hence over R andQ) and we will show this later.

Let us return to the facts (1)–(5) that hold for univariate polynomials. Thistime the situation is a bit different.

(1) F[x, y] is not a PID.(2) F[x, y] is not a Euclidean domain.(3) F[x, y] is a UFD.(4) (Euclid’s lemma) If p ∈ F[x, y] is irreducible and p|fg then either p|f

or p|g in F[x, y].(5) (Gauss’ lemma) A polynomial f is irreducible in F[x, y] if and only if it is

irreducible in F(x)[y]In the last statement F(x) denotes the field of rational functions (quotients ofpolynomials) over F.

For example, the ideal I = x, y generated by x and y in F[x, y] is not principal.By definition, x, y = xh + yg | h, g ∈ F[x, y]. Suppose there exists f ∈ F[x, y]such that I = f. Since I is proper f cannot be a constant. Then x = h1f andy = h2f for some hi ∈ F[x, y]. Comparing the degrees we see that deg f = 1 andhi are constants. But that means h−1

1 x = h−12 y, a contradiction.

A general fact from abstract algebra says that Euclidean domains are PIDs,so F[x, y] is not a Euclidean domain. Below we will prove the unique factorizationproperty of F[x, y] assuming Euclid’s lemma. The proof will be complete after weprove Gauss’s lemma and Euclid’s lemma in the next subsection.

Theorem 2.20. (Unique Factorization) F[x, y] is a UFD, i.e. every non-constant polynomial f ∈ F[x, y] can be written as a product f = f1 · · · fs whereeach fi is irreducible over F. This product is unique up to ordering the factors andmultiplying by constants.

For example, f = f1f2 = f2f1 = (cf1)(1cf2) is considered to be the same

factorization up to ordering the factors and multiplying by constants.

Proof. The existence of the factorization is easy to see by induction on thedegree of f . Indeed, if f is irreducible, we are done. Otherwise f factors f = ghfor some non-constant g, h ∈ F[x, y] of smaller degree than deg f . By the inductivehypothesis both g and h factor into irreducible factors and, hence, so does f .

For uniqueness, suppose

f = f1 · · · fs = g1 · · · gt,


for irreducible fi and gi in F[x, y]. By Euclid’s lemma f1 must divide one of the gi,up to reordering we may assume that f1|g1. Since g1 is also irreducible we obtainf1 = c1g1 for some constant c1. Now since F[x, y] has no zero divisors we can cancelf1 and obtain

f2 · · · fs = c−11 g2 · · · gt.

Continuing in this way we see that t = s and fi = gi up to ordering and multiplyingby constants.

2.1.4. Gauss’s Lemma and Euclid’s Lemma. We will start with a defini-tion.

Definition 2.21. A polynomial f in F[x][y] is called primitive if its coefficients

ai(x) are relatively prime as elements of F[x], i.e. if f(x, y) =

k

i=1 ai(x)yi then

gcd(ai(x) | 1 ≤ i ≤ k) = 1.

Lemma 2.22. If f, g in F[x][y] are primitive then so is fg.

Proof. Assume it is not, i.e. fg = c(x)h for some non-constant c(x) ∈ F[x]and h ∈ F[x][y]. Let p(x) be an irreducible factor of c(x). The identity fg = c(x)hin (F[x]/p(x)) [y] becomes f g = 0. This implies that either f = 0 or g = 0 in(F[x]/p(x)) [y] (remember that this is a polynomial ring over a field, hence it hasno zero divisors). But this means that p(x) divides every coefficient of either f org, i.e. either f or g is not primitive.

Recall that F(x) denotes the field of rational functions in x over F, i.e.

F(x) =f(x)

g(x)| f, g ∈ F[x], g = 0

.

Theorem 2.23. (Gauss’s Lemma) A polynomial f is irreducible in F[x, y] ifand only if it is irreducible in F(x)[y].

Proof. (⇐) If f has a non-trivial factorization in F[x, y] then this factorizationmakes sense in F(x)[y] as well.

(⇒) Suppose f is irreducible in F[x, y], but has a non-trivial factorization

(2.1) f(x, y) = g(x, y)h(x, y), for some g, h ∈ F(x)[y]First, note that f is primitive as an element of F[x][y], since f is irreducible inF[x, y]. We can clear the denominators in g and h, i.e. find a, b ∈ F[x] suchthat a(x)g(x, y) and b(x)h(x, y) lie in F[x][y]. Let us factor out the gcd’s of theircoefficients to make them primitive:

a(x)g(x, y) = c(x)g1(x, y), b(x)h(x, y) = d(x)h1(x, y),

where g1 and h1 lie in F[x][y] and are primitive. From (2.1) we obtain

a(x)b(x)f(x, y) = c(x)d(x)g1(x, y)h1(x, y).

Now f(x, y) is primitive and by Lemma 2.22 the product g1(x, y)h1(x, y) is alsoprimitive, hence, a(x)b(x) = c(x)d(x) in F[x]. Therefore f(x, y) = g1(x, y)h1(x, y)is a non-trivial factorization in F[x][y], which contradicts the irreducibility of f .

Now we can prove Euclid’s lemma.

Theorem 2.24. (Euclid’s lemma) Let f ∈ F[x, y] be irreducible. Then f |ghimplies f |g or f |h in F[x, y].


Proof. Consider f, g, h as elements of F(x)[y]. By Gauss’s lemma f is irre-ducible in F(x)[y]. Now F(x)[y] is the ring of univariate polynomials over a field,so by the usual Euclid’s lemma f |gh implies f |g or f |h in F(x)[y]. We will assumethe former, so

(2.2) g(x, y) = f(x, y)q(x, y) for some q ∈ F(x)[y].Let’s clear the denominators: there exists c(x) ∈ F[x] such that c(x)q(x, y) ∈ F[x, y].As before, factor out the gcd of its coefficients to make it primitive: c(x)q(x, y) =d(x)q1(x, y) for a primitive q1 ∈ F[x][y]. From (2.2) we get

c(x)g(x, y) = f(x, y)d(x)q1(x, y).

Both f(x, y) and q1(x, y) are primitive, and so is their product, by Lemma 2.22.Therefore, d(x) is the gcd of the coefficients on the right hand side, which impliesthat c(x)|d(x) in F[x]. Now

g(x, y) = f(x, y)

d(x)

c(x)q1(x, y)

is a factorization in F[x][y] which shows that f |g in F[x, y]. Remark 2.25. What we said about bivariate polynomials in (1)–(5) above is

also true for polynomials in any number of variables. In fact, one can adapt all ourproofs to the general case (e.g. use induction on the number of variables).

2.1.5. Eisenstein Criterion. You may have seen the Eisenstein criterion forirreducibility of polynomials in Z[x]:

Theorem 2.26. Let f = a0 + a1x+ · · ·+ anxn ∈ Z[x]. If there exists a primep such that

(i) p|ai for 0 ≤ i ≤ n− 1,(ii) p | an,(iii) p2 | a0

then f is irreducible over Q.

We will prove a similar criterion for polynomials in F[x, y]. First, a definition.

Definition 2.27. A polynomial f ∈ F[x, y] is called absolutely irreducible if fis irreducible in K[x, y] for any finite extension F ⊂ K.

Example 2.28.

(a) x2 + y2 ∈ R[x, y] is not absolutely irreducible, since it is reducible over C,which is a finite extension of R.

(b) Any linear polynomial in F[x, y] is absolutely irreducible.(c) x2 + y2 − 1 ∈ R[x, y] is absolutely irreducible, which we will see in a

moment.

Proposition 2.29. Let f ∈ F[x, y] be non-constant. Then there exists a fi-nite extension F ⊂ K such that f factors into a product of absolutely irreduciblepolynomials in K[x, y].

Proof. Induction on n = deg f . The base case is when f is linear, and henceis already absolutely irreducible. Suppose n > 1. If f is absolutely irreducible weare done. Otherwise, there exists a finite extension F ⊂ L such that f = f1f2for some non-constant f1, f2 in L[x, y] of degree smaller than n. By the inductive


hypothesis there exist finite extensions L ⊂ K1 and L ⊂ K2 such that fi is aproduct of absolutely irreducible factors in Ki[x, y]. Let K = K1 + K2, which is afinite extension of L, and hence of F. Then f factors into a product of absolutelyirreducible polynomials in K[x, y].

We are ready for the Eisenstein Criterion.

Theorem 2.30. (The Eisenstein Criterion) Let f = a0(x) + a1(x)y + · · · +an(x)yn be a primitive non-constant polynomial in F[x, y]. Suppose there exists αin some finite extension K of F such that

(i) α is a root of ai(x) for 0 ≤ i ≤ n− 1,(ii) α is not a root of an(x),(iii) α is not a multiple root a0(x).

Then f is absolutely irreducible.

Proof. Suppose not. Then there exists a finite extension F ⊂ L such thatf = gh for some non-constant g, h in L[x, y]. We may assume that a lies in L(otherwise replace L with L+K). We have

g(x, y) =k

i=0

bi(x)yi, h(x, y) =

l

i=0

ci(x)yi, where k + l = n.

Thenf(x, y) = g(x, y)h(x, y) = b0(x)c0(x) + · · ·+ bk(x)cl(x)y

n.

This implies that a0(x) = b0(x)c0(x), and so either b0(α) = 0 or c0(α) = 0 by(i). Without loss of generality we may assume that b0(α) = 0. Then c0(α) = 0,otherwise α would be a multiple root of a0(x), which we assumed is not by (iii).

Also an(x) = bk(x)cl(x), and so bk(α) = 0 and cl(α) = 0 by (ii). Let s be thesmallest s ≤ k such that bs(α) = 0. If s < n then

as(x) =

i+j=s

bi(x)cj(x) = b0(x)cs(x) + b1(x)cs−1(x) + · · ·+ bs(x)c0(x).

Plugging in x = α we obtain 0 = bs(α)c0(α), which is a contradiction since neitherbs(α) nor c0(α) is zero. Therefore s = n = k, which means that l = 0 and soh(x, y) = c0(x) and f(x, y) = c0(x)g(x, y). But we assumed that f was primitive,hence h(x, y) = c0(x) = c0, a constant. This shows that f must be absolutelyirreducible.

Example 2.31.

(a) f(x, y) = x2 + y2 − 1 ∈ R[x, y] is absolutely irreducible. Indeed, f(x, y) =(x2−1)+y2, i.e. a0(x) = x2−1, a1(x) = 0, and a2(x) = 1. Choose a = 1,then (i) a0(1) = 0 and a1(1) = 0, (ii) a2(1) = 0, and (iii) a0(1) = 2 = 0.By the Eisenstein criterion x2 + y2 − 1 is absolutely irreducible.

(b) Consider yn−f(x) ∈ F[x, y] where f(x) is a polynomial which has a simple(i.e. non-multiple) root in some finite extension of F. Then yn − f(x) isabsolutely irreducible. For example, yn−x is absolutely irreducible. Notea striking distinction between univariate and multivariate case. When Fis algebraically closed, the only irreducible univariate polynomials are lin-ear, whereas there are absolutely irreducible multivariate polynomials ofarbitrarily large degree.

2.2. AFFINE AND PROJECTIVE CURVES 33

2.2. Affine and Projective Curves

2.2.1. Affine Curves. Let F be a field. We call the Cartesian power

Fn = (x1, . . . , xn) | xi ∈ F

the affine space over F and denote by An

F or, simply, by An. In particular, A2 iscalled the affine plane and A1 is the affine line. This may look redundant, but itwill be handy later when we talk about the affine and the projective plane.

Definition 2.32. A plane affine curve C is the set

C = (x, y) ∈ A2| f(x, y) = 0

for some non-constant polynomial f ∈ F[x, y]. The degree of C is the degree of thepolynomial f . It is custom to call curves of degree two conics and curves of degreethree cubics.

Let us write f as a product of distinct (absolutely) irreducible factors

f = fk11 · · · fks

s, where fi = cfj for any i = j, c ∈ F.

Then C is a union of curves

Ci = (x, y) ∈ A2| fi(x, y) = 0,

which are called the (absolutely) irreducible components of C. A curve with onlyone (absolutely) irreducible component is called (absolutely) irreducible cure.

Example 2.33. Let F = R, the real numbers.

(a) f(x, y) = x2 − y2 = (x− y)(x+ y). The curve C is the union of two linesy = x and y = −x, which are the absolutely irreducible components of C.

(b) f(x, y) = x2 + y2 − 1. The curve C is the unit circle. It has only oneabsolutely irreducible component according to part (a) of Example 2.31.

(c) f(x, y) = a0(x). The irreducible components of C are vertical lines x = α,for every real root α of a0(x). The absolutely irreducible components arethe vertical lines x = α for every complex root α of a0(x).

We would like to have a one-to-one correspondence between irreducible curvesC and their defining polynomials f ∈ F[x, y], up to a constant multiple. Here is aproblem, though: the “curve” in A2

R defined by f(x, y) = x2+y2 consists of just theorigin C = (0, 0). The same curve can be defined by many other polynomials,e.g. (2x+y)2+(x−2y)2 or (y−x2)4+x6, etc. This difficulty can be resolved if weconsider curves over algebraically closed fields. From now on we will assume thatK denotes and algebraically closed field, whereas F will denote an arbitrary field.Note that for curves over K the absolute irreducibility is equivalent to irreducibility.

We have the following two statements which we will prove a little later.

Proposition 2.34. If K is algebraically closed then any curve C defined byf ∈ K[x, y] has infinitely many points.

Proposition 2.35. If f, g ∈ F[x, y] such that f is irreducible over F and f doesnot divide g. Then the set of common their zeroes

(x, y) ∈ A2| f(x, y) = 0, g(x, y) = 0

is finite.


The following theorem establishes the one-to-one correspondence we discussedabove.

Theorem 2.36. Let C ⊂ A2K be an irreducible curve defined by an irreducible

polynomial f ∈ K[x, y]. Then C determines f uniquely up to a constant multiple.

Proof. According to Proposition 2.34, C has infinite number of points. Sup-pose g ∈ K[x, y] is another irreducible polynomial defining C. Then C is the set ofcommon zeroes of f and g and by Proposition 2.35 f must divide g. Since bothf, g are irreducible we must have g = cf for some c ∈ K.

The proof of Proposition 2.34 relies on the fact that an algebraically closed fieldK must be infinite. This is not hard to see: if K was finite, K = 0, 1,α3, . . . ,αn,we could write down a polynomial, say, f(x) = x(x − 1)(x − α1) · · · (x − αn) + 1which has no roots in K.

Proof of Proposition 2.34. Suppose C is defined by

f(x, y) = a0(x) + · · ·+ an(x)yn∈ K[x, y], for n ≥ 1.

For any α ∈ K the polynomial f(α, y) lies in K[y] and hence must have n roots,counting multiplicities. Since K is infinite we obtain infinitely many points (α,β)on C, where α is arbitrary and β is root of f(α, y). The case n = 0 is left for you.

Proof of Proposition 2.35. By Gauss’s lemma f is irreducible in F(x)[y].Also f does not divide g in F(x)[y] (we saw in the proof of Euclid’s lemma thatif f |g in F(x)[y] then f |g in F[x][y]). Therefore, gcd(f, g) = 1, i.e. there existu, v ∈ F(x)[y] such that uf +vg = 1. After clearing the denominators in u, v we getu1f + v1g = c(x) for some c(x) ∈ F[x] and u1, v1 ∈ F[x, y]. If (α,β) is a commonzero of f, g then c(α) = 0. Therefore there could be only finitely many such α.Furthermore, β must be a root of f(α, y), so there are only finitely many such β aswell.

It is an interesting question how many common zeroes f and g can have. Wewill answer this question in the case of an algebraically closed field. We will seethat the number of common zeroes is at most the product of the degrees of f, g. Infact, Bezout’s theorem (see Theorem 2.65) says that it is always the product of thedegrees if we count the common zeroes not in the affine plane, but in a compactspace, called the projective plane. This is the subject of the next subsection.

2.2.2. Projective Plane. We will start with the following question: Howmany times does a line L intersect a plane affine curve C of degree n? We will seethat the answer is at most n unless L is an irreducible component of C.

Theorem 2.37. Let C be a plane affine curve of degree n. Then any line Lintersects C in at most n points, unless L ⊂ C.

Proof. Let f, l ∈ F[x, y] be a degree n polynomial and a linear polynomialdefining C and L, respectively. If l divides f then L is an irreducible componentof C, otherwise C ∩ L is finite. Let l(x, y) = ay + bx+ c and assume a = 0. Thenthe x-coordinates of the points of C ∩ L are the roots of f

x,− b

ax −

c

a

. This is

a polynomial of degree at most n, and hence, has at most n roots. Indeed, everymonomial xkym in f of degree k +m ≤ n produces a polynomial xk

−

b

ax−

c

a

m

of degree at most n. If α1, . . . ,αs, s ≤ n, are the roots of fx,− b

ax −

c

a

, then


C ∩ L = αi,−

b

aαi −

c

a

| 1 ≤ i ≤ s. The case a = 0 is left for you as an

excercise. Question. Why can |C ∩ L| be strictly smaller than degC?

Answer. In the above proof we saw two reasons for this. First, a polynomialof degree n may have fewer than n roots if the field is not algebraically closed.Second, it may happen that the degree of f

x,− b

ax −

c

a

is strictly smaller than

deg f as there could be cancelation of highest degree terms.

We will illustrate both reasons using the following example.

Example 2.38. Let C be the parabola defined by f(x, y) = x2 − y ∈ R[x, y].Consider any line L with equation ay + bx + c = 0 and assume a = 0. The x-coordinates of the intersection points are given by ax2+bx+c = 0. This polynomialhas two real roots if b2 − 4ac > 0, one multiple real root if b2 − 4ac = 0, and twocomplex roots if b2 − 4ac < 0. Thus, if we consider C over complex numbers thenthe number of intersections with non-vertical line is always 2, which is the degreeof C. Note that this includes the case when L is tangent to C. In this case theintersection point, is a double intersection point (intersection with multiplicity 2).

(c)

C

L

C

(a)

C

∞

LL

(b)

Figure 2.1. Intersection with a line: (a) two real points, (b) twocomplex points, (c) one real, one infinite points

If a = 0 the line L is vertical and has equation bx + c = 0. It intersects Conly once: the intersection point is

−

c

b, c

2

b2

. Imagine now a is very small, then

the line L is almost vertical, in fact one of the intersection points is very close to−

c

b, c

2

b2

and the other one is “very far” on the parabola, i.e. its y-coordinate is

very large. So if we equip C with one extra point “at infinity” then any verticalline with intersect C at two points, one of which is this extra point. Notice thatthis way we obtain a compact curve, the limit of a sequence of points on C withthe y-coordinate approaching infinity is the infinite point we added to C.

A similar situation occurs when we consider the intersection of two lines. Thenumber of intersection points is always one, except when they are parallel. If wechange one of the lines slightly the intersection point will appear “very far” inthe direction of these almost parallel lines. If we add a “point at infinity” in thedirection of two parallel lies then we can still say that the two lines intersect at thisextra point.


To make the above arguments more precise and formal we will define the pro-jective plane and will be considering curves in the projective plane. First, let usdefine the projective line. In the xy-plane consider the set of all lines through (0, 0).They intersect the line y = 1 at a point (u, 1). This defines a one-to-one correspon-dence between points on the line y = 1 and all non-horizontal lines passing through(0, 0).

(0, 0)

A2

y

(u, 1)u

x

A1

Figure 2.2. Constructing the projective line

Definition 2.39. The projective line P1F over F is the set of all lines in A2

Fpassing through the origin (0, 0). We will also write P1 without specifying the field.

Using the correspondence described above we can identify points of P1 withpoints of A1 ∪ ∞, where the non-horizontal lines correspond to the points of A1

and the horizontal line y = 0 corresponds to one extra point which we denote by ∞.Note that A1 is naturally embedded into P1; the embedding is given by the map

A1 → P1, u → line connecting (0, 0) and (u, 1).

It is convenient to have a coordinate system on P1, just like we have on A1. Theidea is that every point (x, y) ∈ A2 \ (0, 0) defines a unique point in P1, namelythe line connecting (0, 0) and (x, y). However two points (x1, y1) and (x2, y2) inA2 \ (0, 0) will define the same point in P1 if and only if (x2, y2) = λ(x1, y1) forsome non-zero constant λ ∈ F. We obtain an equivalence relation on A2 \ (0, 0):

(x1, y1) ∼ (x2, y2) if and only if (x2, y2) = λ(x1, y1) for some λ ∈ F∗.

This gives us an equivalent definition of the projective line:

P1 =A2 \ (0, 0)

∼=

classes of pairs (x, y) ∈ A2

\ (0, 0) under ∼.

We denote by (x : y) the equivalence class of (x, y) and call it the homogeneouscoordinate of the corresponding point in P1. For example, (1 : 2) = (1/2 : 1) =(10 : 20) correspond to the same point in P1.

Now we can generalize our definition.

Definition 2.40. The projective n-space Pn

F over F is the set of all lines in An+1F

passing through the origin 0. We will also write Pn without specifying the field.


As before we have the embedding

An → Pn, (u1, . . . , un) → line connecting 0 and (u1, . . . , un, 1).

Similarly, we define the homogeneous coordinates on Pn. First,

(x0, . . . , xn) ∼ (x0, . . . , xn) if and only if (x0, . . . , xn) = λ(x0, . . . , xn) for some λ ∈ F∗

is an equivalence relation on An+1 \ 0. We obtain

Pn =An+1 \ 0

∼=

classes of (x0, . . . , xn) ∈ An+1

\ 0 under ∼.

We denote by (x0 : · · · : xn) the equivalence class of (x0, . . . , xn) and call it thehomogeneous coordinate of the corresponding point in Pn.

In particular, we have the projective line:

P2 = lines in A3 passing through (0, 0, 0).

Two points (x1, y1, z1) ∼ (x2, y2, z2) if and only if (x2, y2, z2) = λ(x1, y1, z1) forsome λ ∈ F∗, in which case they define the same line in A3 through (0, 0, 0). Theexpression (x : y : z) denotes the equivalence class of (x, y, z) under the equivalencerelation ∼.

0 y

x

A2 (u, v, 1)

A3

z

Figure 2.3. Constructing the projective plane.

Note that if z = 0 then (x : y : z) =x

z: y

z, 1. Thus the embedding

A2 → P2, (u, v) → (u : v : 1)

has the inverse on the subset Uz = (x : y : z) ∈ P2 | z = 0

A2← Uz,

xz:y

z

← (x : y : z).

Now if we look at the complement of Uz in P2:

Lz = (x : y : 0) ∈ P2 ∼= (x : y) ∈ P1


we see that this is a projective line. Therefore

(2.3) P2 = Uz ∪ Lz∼= A2

∪ P1.

This shows that P2 is a way to compactify A2 by adding a projective line Lz “atinfinity”. We can also see it from our geometric construction in Figure 2.3. Thereis a one-to-one correspondence between the non-horizontal lines in A3 though theorigin and the points of the plane z = 1 (which we identify with A2). Everyhorizontal line through the origin in the z = 0 plane is a point in Lz which weidentify with P1.

Here is another way to interpret (2.3). The points of P2 are the points in A2

(the points with coordinates (x : y : 1)) together with an “infinite point” for everydirection determined by a pair (x, y) defined up to a non-zero scalar multiple (thepoints with coordinates (x : y : 0)).

We can identify two more coordinate lines in P2: the line Lx is given by x = 0and the line Ly is given by y = 0. Note that the three coordinate lines intersect atthree special points with coordinates (0 : 0 : 1), (1 : 0 : 0), and (0 : 1 : 0). We drawthis schematically in Figure 2.4.

(1 : 0 : 0)Ly

P2

Lz

(0 : 0 : 1)

Lx

(0 : 1 : 0)

Figure 2.4. Three coordinate lines in the projective plane.

Now we will look at our Example 2.38 from the viewpoint of the new definition.

Example 2.41. First, consider two parallel lines in A2:

L1 = (u, v) ∈ A2| v − 2u = 0, L2 = (u, v) ∈ A2

| v − 2u− 2 = 0.

Where (u, v) are the affine coordinates. Recall that in Uz we have u = x

z, v = y

z,

so the two equations become y

z− 2x

z= 0 and y

z− 2x

z− 2 = 0. If we clear the

denominators we obtain y − 2x = 0 and y − 2x − 2z = 0. Notice that now theymake sense for z = 0 as well. Thus they define two lines in the projective space:

L1 = (x : y : z) ∈ P2| y − 2x = 0, L2 = (x : y : z) ∈ P2

| y − 2x− 2z = 0,

which coincide with L1 and L2 on Uz. However each of them has one extra point(1 : 2 : 0) outside of Uz. Therefore L1 and L2 intersect in P2 at one point (1 : 2 : 0).


Example 2.42. Let us see how a parabola C given by v−u2 = 0 and a verticalline L given by u = α intersect when we view them in the projective plane. Asbefore, put u = x

z, v = y

zand rewrite the equations in the homogeneous coordinates.

C = (x : y : z) ∈ P2| y − x2 = 0, L = (x : y : z) ∈ P2

| x− αz = 0.

To see the intersection points substitute x = αz into the equation of the parabola.Factoring out z we obtain a system

x = αz

z(y − α2z) = 0

If z = 0 (i.e. in the affine part Uz) we get one solution (αz : α2z : z) = (α : α2 : 1).If z = 0 (i.e. on the infinite line Lz) we get one more solution (0 : y : 0) = (0 : 1 : 0).Note that y = 0 since (0, 0, 0) does not represent any point in P2. Summarizing,the parabola C and the line L intersect in P2 at two points (α : α2 : 1), (0 : 1 : 0).

2.2.3. Projective Curves. We are ready to define curves in the projectiveplane, which we call projective curves. The following definitions formalize the waywe were passing from the (u, v)-coordinates to the homogeneous coordinates inExample 2.41 and Example 2.42.

Definition 2.43. A polynomial F (x, y, z) in F[x, y, z] is called homogeneousof degree n if every monomial appearing in F has (total) degree n:

F (x, y, z) =

i+j≤n

aijxiyjzn−i−j .

Definition 2.44. A plane projective curve C is the set

C = (x : y : z) ∈ P2| F (x, y, z) = 0

for some non-constant homogeneous polynomial F ∈ F[x, y, z]. The degree of C isthe degree of the polynomial F . A curve C is called irreducible if F is irreduciblein F[x, y, z] (see Definition 2.18).

Just as for affine curve, every projective curve C is a union of finitely manyirreducible curves, called the irreducible components of C.

Let f ∈ F[u, v] be a polynomial of degree n. The following transformation

f(u, v) F (x, y, z) = znfxz,y

z

is called the homogenization of f . Conversely, the transformation

F (x, y, z) F (x, y, 1) = f(x, y)

is called the dehomogenization of F . These transformations allow us to

• Start with an affine curve and construct the corresponding projectivecurve.

• See the affine part of the projective curve defined by F (x, y, z) = 0.

Definition 2.45. Let C ⊂ P2 be a projective curve. The set CA = C ∩ Uz iscalled the affine part of C. It is defined by the polynomial f(x, y) = F (x, y, 1).


2.3. Tangent Lines and Singular Points

We begin with an example of a projective curve in P2C intersecting three different

lines.

Example 2.46. We will find the intersection points of a conic C with equationx2 + 4y2 − z2 = 0 and

(a) L1 given by x− y = 0,(b) L2 given by x− 2z = 0,(c) L3 given by x− z = 0

For C ∩ L1 substituting x = y into the equation of C we get x2 + 4x2 − z2 = 0which factors as (

√5x− z)(

√5+ z) = 0. This produces two points (1 : 1 :

√5) and

(1 : 1 : −√5) in P2

C.Similarly, for C ∩ L2 we have 4z2 + 4y2 − z2 = 0 which factors over complex

numbers as (2y − i√3z)(2y + i

√3z) = 0. We obtain two points (4 :

√3i : 2) and

(4 : −√3i : 2) in P2

C.Finally, for for C∩L3 we have z2+4y2−z2 = 0 which simplifies to y2 = 0. This

time we have a multiple solution (1 : 0 : 1) with multiplicity two. Geometricallythis means that L3 is tangent to C at (1 : 0 : 1).

In Figure 2.5 we depicted the affine real part of C and the lines Li, i.e. theirintersection with Uz where the points have real coordinates. This can be easilyobtained by dehomogenizing the equations of the curve and the lines.

C

L1 L3 L2

u

v

−1√5

1√5

1

P2

2

Figure 2.5. Intersection of a conic and three lines.

2.3.1. Tangent Lines. By definition a line L is tangent to a curve C at apoint p0 if L intersects C at p0 with multiplicity greater than one. We will writethis in coordinates and derive an equation of the tangent line to C at p0.

Let C be a projective curve in P2 given by a homogeneous polynomial F (x, y, z).Let p0 have coordinates (x0 : y0 : z0). First, we will write the equation of a line Lpassing through p0 and some other point p = (x : y : z) in parametric form:

L = p0 + pt | t ∈ F = (x0 + xt, y0 + yt, z0 + zt) | t ∈ F.

Then the solutions to the equation F (p0 + pt) = 0 produce the intersection pointsof C and L.

2.3. TANGENT LINES AND SINGULAR POINTS 41

Lemma 2.47. We have

F (p0 + pt) = F (p0) + (∇p0F · p)t+ higher order terms in t,

where ∇p0F =

∂F

∂x(p0),

∂F

∂y(p0),

∂F

∂z(p0)

is the gradient of F at p0.

Proof. By linearity it is enough to prove the statement for any monomialF = xiyjzk. Write the expansions in t

(x0 + xt)i = xi

0 + ixi−10 xt+ . . . , (y0 + yt)j = yj0 + jyj−1

0 yt+ . . . ,

(z0 + zt)k = zk0 + kzk−10 zt+ . . . .

Taking the product of the three expansions we obtain

xi

0yj

0zk

0 +ixi−1

0 yj0zk

0 (x) + xi

0jyj−10 zk0 (y) + xi

0yj

0kzk−10 (z)

t+ . . .

It remains to notice that the first term is F (p0) and the expression in the squarebrackets is the dot product of ∇p0F and p = (x, y, z).

Now suppose p0 lies on C. Then F (p0) = 0 and so t = 0 is a solution toF (p0 + pt) = 0, i.e. L intersects C at p0. Furthermore, from Lemma 2.47 we seethat if ∇p0F · p = 0 then t = 0 is a multiple solution of F (p0 + pt) = 0, i.e. L istangent to C at p0. We conclude

Proposition 2.48. Suppose a line L = p0+ pt | t ∈ F is tangent to C at p0.Then F (p0) = 0 and ∇p0F · p = 0. Consequently, ∇p0F · p = 0 is an equation ofthe tangent line to C at p0.

Let us write the equation of the tangent line in coordinates:

x∂F

∂x(p0) + y

∂F

∂y(p0) + z

∂F

∂z(p0) = 0.

Remark 2.49. You may have seen the following equation of the tangent lineto F = 0 at p0:

∂F

∂x(p0)(x− x0) +

∂F

∂y(p0)(y − y0) +

∂F

∂z(p0)(z − z0) = 0.

This is, in fact, equivalent to the previous equation because of the Euler formula(see Exercise 2.8): For any homogeneous polynomial F of degree n

x∂F

∂x+ y

∂F

∂y+ z

∂F

∂z= nF.

In our situation

x0∂F

∂x(p0) + y0

∂F

∂y(p0) + z0

∂F

∂z(p0) = nF (p0) = 0.

Example 2.50. Let C be a conic with equation F (x, y, z) = yz − x2 = 0. Letus find the tangent to p0 = (1 : 1 : 1). We have ∇p0F = (−2x, z, y)|p0 = (−2, 1, 1).Hence −2x+ y + z = 0 is the tangent line to C at (1 : 1 : 1).


2.3.2. Singular Points. Let C be a projective curve, C ⊂ P2.

Definition 2.51. A point p0 ∈ C is called singular if ∇p0F = 0. A pointp0 ∈ C which is not singular is called smooth (or nonsingular, or regular).

Note that the tangent line is not defined at a singular point. In fact, any linepassing through a singular point of C satisfies the equation of the tangent line (seeProposition 2.48).

Definition 2.52. A curve C without singular points is called smooth (or non-singular).

Example 2.53. We find the singular points of a projective curve C with equa-tion F (x, y, z) = 0.

(a) Let F (x, y, z) = y2z−x3−x2z. We have ∇F = (−3x2−2xz, 2yz, y2−x2).Now if ∇F = 0 then from the second component of ∇F we get 2yz = 0,so either y = 0 or z = 0. In the first case x2 = 0 from the third componentof ∇F , and z is any non-zero, i.e. we obtain a singular point (0 : 0 : 1).In the second case x2 = 0 from the first component of ∇F and hencey2 = 0 from the third component. This produces (0, 0, 0) which does notcorrespond to a point in P2. Therefore, the only singular point of C is(0 : 0 : 1). The affine part of C is the affine curve y2 − x3 − x2 = 0 whichis called the nodal cubic. It is depicted in Figure 2.6.

Figure 2.6. The nodal cubic y2 = x3 + x2.

2.3. TANGENT LINES AND SINGULAR POINTS 43

(b) Let F (x, y, z) = y2z − x3. We have ∇F = (−3x2, 2yz, y2). Again it iseasy to see that ∇F = 0 is satisfied only for x = 0, y = 0 and any z. Thisdefines the only singular point (0 : 0 : 1). The affine curve CA is given byy2 − x3 = 0 and is called the cuspidal cubic, see Figure 2.7.

Figure 2.7. The cuspidal cubic y2 = x3.

Let CA be the affine part of C defined by f(x, y) = F (x, y, 1). Similarly tothe projective case we can show that the tangent line to CA at p0 = (x0, y0) hasequation

∂f

∂x(p0)(x− x0) +

∂f

∂y(p0)(y − y0) = 0.

Furthermore, p0 is a singular point of CA if and only if f(p0) = 0 and ∇f(p0) = 0.

2.3.3. Local description of singular points. Let p0 = (x0 : y0 : z0) be asingular point of a curve C ⊂ P2. By changing the coordinate system we can ensurep0 = (0 : 0 : 1). We are interested in the geometry of C near p0, so we are going toconsider the affine part of C.

Let f(x, y) be the polynomial defining the affine part CA. We can write

f(x, y) = a00+(a10x+a01y)+(a20x2+a11xy+a02y

2)+· · · = f0+f1(x, y)+f2(x, y)+. . .

We call fi(x, y) the homogeneous part of f of degree i. Now since (0, 0) lies on CAwe have f0 = a00 = 0. Furthermore, since (0, 0) is a singular point of CA we have∂f

∂x(0, 0) = ∂f

∂y(0, 0) = 0, i.e. a10 = a01 = 0. In other words, (0, 0) is a singular point

of CA if and only if the homogeneous parts of f of degree 0 and 1 are identicallyzero.


Definition 2.54. We say that p0 = (0, 0) is a multiple point of CA of order kif k is the smallest positive integer for which f has a non-zero homogeneous partof degree k. A point of order 2 is called a double point, and a point of order 3 iscalled a triple point.

We remark that if (0, 0) is a point of order 1 then it is a smooth point of thecurve. In this case f1(x, y) = 0 is the equation of the tangent line to the curve at(0, 0).

Example 2.55.

(a) The nodal cubic has equation f(x, y) = x2 − y2 + x3 = 0. We see thatf0 = f1 = 0, f2 = x2−y2, and f3 = x3. Therefore (0, 0) is a double point.

(b) The cuspidal cubic has equation f(x, y) = y2−x3 = 0, hence f0 = f1 = 0,f2 = y2, and f3 = −x3. Again (0, 0) is a double point.

(c) Consider the affine curve with equation y2 = x3 − x. This time f(x, y) =x+ y2 − x3, hence, f0 = 0 and f1 = x. Therefore, (0, 0) is a smooth pointof the curve. Also x = 0 is the equation of the tangent line to the curveat (0, 0) (see Figure 2.8).

Figure 2.8. The smooth cubic y2 = x3 − x.

Over an algebraically closed field K the curve with a multiple point of order kat (0, 0) has k branches passing through this point. In fact, fk(x, y) = 0 gives theequation of the k tangent lines to the branches of the curve at (0, 0). Indeed, fk isa homogeneous polynomial in x, y of degree k, so it factors into linear terms

fk(x, y) = ak0xk + ak−1,1x

k−1y + · · ·+ a0kyk = ak0(x− α1y) · · · (x− αky),

2.4. BEZOUT’S THEOREM AND APPLICATIONS 45

where α1, . . . ,αk are the roots of ak0tk + ak−1,1tk−1 + · · ·+ a0k. The lines x = αiy,for 1 ≤ i ≤ k are the tangents in question.

Example 2.56.

(a) The nodal cubic has two branches with tangents given by f2 = x2 − y2 =(x− y)(x+ y) = 0, i.e. x = y and x = −y as Figure 2.6 confirms.

(b) For the cuspidal cubic f2 = y2, hence it has two branches with the sametangent y = 0, see Figure 2.7.

A singular curve with a triple point at (0, 0) is given in Exercise 2.12.

2.4. Bezout’s Theorem and Applications

We already mentioned Bezout’s theorem (see the discussion at the end of Sec-tion 2.2.1) which counts the number of intersections of two projective curves overan algebraically closed field. In this section we will prove Bezout’s theorem andlook at some applications such as the number of singular points, the number ofdouble tangents, and rational curves. We will also prove three classical theorems:Pappus (around 400 AD), Pascal (1639), and Chasles (1885).

2.4.1. Bezout’s Theorem. The proof of Bezout’s theorem employs an im-portant algebraic object, called the resultant. We will define it a little later, firstwe will need a lemma about univariate polynomials. As before, K denotes an alge-braically closed field.

Lemma 2.57. f, g ∈ K[x] have a common root in K if and only if there existnon-zero f1, g1 ∈ K[x] such that fg1 = gf1 and deg f1 < deg f , deg g1 < deg g.

Proof. (⇒) Suppose f, g have a common root α ∈ K. Then f = (x − α)f1and g = (x − α)g1 for some f1, g1 ∈ K with deg f1 < deg f , deg g1 < deg g. Alsofg1 = gf1 from above.

(⇐) Suppose h = fg1 = gf1 with deg f1 < deg f , deg g1 < deg g. Then theroots of f and the roots of g are also the roots of h. But deg h = deg f + deg g1 <deg f + deg g, hence the sets of the roots of f and g cannot be disjoint.

Definition 2.58. Let f = a0+a1x+ · · ·+anxn and g = b0+ b1x+ · · ·+ bmxm

be two polynomials in K[x, y]. Then their resultant R(f, g) the determinant of thefollowing (m+ n)× (m+ n) matrix (assume the empty spaces are filled with 0’s)

a0 a1 . . . ana0 a1 . . . an

. . .. . .

a0 a1 . . . anb0 . . . bm

b0 . . . bm. . .

. . .b0 . . . bm

b0 . . . bm

.


Example 2.59. Let f = a0 + a1x+ a2x2 + a3x3 and g = b0 + b1x+ b2x2.

R(f, g) =

a0 a1 a2 a3 00 a0 a1 a2 a3b0 b1 b2 0 00 b0 b1 b2 00 0 b0 b1 b2

= a20b32 + 3a0a3b0b2b1 − 2a0a2b0b

22 − a2a3b1b

20 + a0a1b1b

22 + a1a3b0b

21−

a22b20b2 − a1a2b0b1b2 + a0a2b

21b2 − a0a3b

31 + a21b0b

22 − 2a1a3b

20b2 + a23b

30.

Lemma 2.60. f, g ∈ K[x] have a common root in K if and only if R(f, g) = 0.

Proof. By Lemma 2.57, f, g ∈ K[x] have a common root if and only if one canfind non-zero f1 and g1 of degrees smaller than deg f and deg g, respectively suchthat fg1 = gf1. Expanding both sides and comparing the coefficients we obtain ahomogeneous linear system with the coefficients of g1 and f1 being the unknownsand the matrix being equivalent to the resultant matrix. The linear system has anon-trivial solution if and only if the determinant of the matrix, which is ±R(f, g),is non-zero.

Example 2.61. Let f = a0 + a1x+ a2x2 + a3x3 and g = b0 + b1x+ b2x2, as inExample 2.59. Put g1 = c0 + c1x and f1 = d0 + d1x+ d2x2. We want

(a0 + a1x+ a2x2 + a3x

3)(c0 + c1x) = (b0 + b1x+ b2x2)(d0 + d1x+ d2x

2).

Comparing the coefficients we get a system1 : a0c0 = b0d0x : a1c0 + a0c1 = b1d0 + b0d1x2 : a2c0 + a1c1 = b2d0 + b1d1 + b0d2x3 : a3c0 + a2c1 = b2d1 + b1d2x4 : a3c1 = b2d2which in the matrix form looks like

a0 0 −b0 0 0a1 a0 −b1 −b0 0a2 a1 −b2 −b1 −b0a3 a2 0 −b2 −b10 a3 0 0 −b2

c0c1d0d1d2

=

00000

.

The determinant of the matrix equals −R(f, g). It is zero if and only if non-trivialsuch f1 and g1 exist.

Next, assume F (x, y, z) andG(x, y, z), treated as polynomials in x, have degreesn and m. (We can always make a change of coordinates so that F has a term anxn

and G has a term bmxm, see Exercise 2.14.) In this case we can write

F (x, y, z) = anxn + an−1(y, z)x

n−1 + · · ·+ a0(y, z),

G(x, y, z) = bmxm + bm−1(y, z)xm−1 + · · ·+ b0(y, z),

where ai(y, z) and bi(y, z) are homogeneous polynomials of degree n− i and m− i,respectively. We have the following statement.

Lemma 2.62. The resultant R(F (x, y, z), G(x, y, z)) = R(y, z) is a homogeneouspolynomial of degree mn.


Proof. By Exercise 2.7, it is enough to show that R(λy,λz) = λmnR(y, z).First, let us look at the case n = 3, m = 2 as in Example 2.59. As we notices aboveai(λy,λz) = λn−iai(y, z) and bi(λy,λz) = λm−ibi(y, z), hence we have

R(λy,λz) =

λ3a0 λ2a1 λa2 a3 00 λ3a0 λ2a1 λa2 a3

λ2b0 λb1 b2 0 00 λ2b0 λb1 b2 00 0 λ2b0 λb1 b2

Now we are going to multiply the first two rows by λ and 1, and the last three rowsby λ2, λ, and 1, so the columns become rescaled by consecutive powers of λ. Weobtain

λ1+0λ2+1+0R(λy,λz) =

λ4a0 λ3a1 λ2a2 λa3 00 λ3a0 λ2a1 λa2 a3

λ4b0 λ3b1 λ2b2 0 00 λ3b0 λ2b1 λb2 00 0 λ2b0 λb1 b2

= λ4+3+2+1+0R(y, z).

Comparing the powers of λ on both sides we see that R(λy,λz) = λ6R(y, z).The general case goes along the same lines. The only thing we will check is

that the powers of λ on both sides will give as the desired answer λnm:

λ(m−1)+···+1+0λ(n−1)+···+1+0R(λy,λz) = λ(n+m−1)+···+1+0R(y, z),

so the power of λ on the right hand side is (n+m)(n+m−1)2 and the one on the left

hand side is m(m−1)2 + n(n−1)

2 . You can check that their difference is nm.

We want to define the intersection number (C ·E)p0 of two curves C and E ata point p0 ∈ P2. We assume that C and E have no common components and so thenumber of their intersection points is finite. Let F,G ∈ K[x, y, z] be homogeneouspolynomials which define C and E of degree n and m, respectively. As before weassume that the coordinates are chosen such that the degree of F and G in x arealso n and m. Also we require that no two intersection points of C and E have thesame x-coordinate, that is if (x : y : 1) and (x : y : 1) lie in C ∩E then y = y; andsimilarly, if (x : y : 0) and (x : y : 0) lie in C ∩ E then y = y.

Definition 2.63. Let C, E be projective curves with equations F = 0 andG = 0 as above. Define the (local) intersection number (C ·E)p0 at p0 = (x0 : y0 : z0)to be the multiplicity of (y0 : z0) as a root of the resultant R(F,G) ∈ K[y, z]. Inother words, (C ·E)p0 is the largest integer k such that (z0y−y0z)k divides R(F,G).

Note that if p0 is not a common point of C and E then (C · E)p0 = 0. If p0lies on a common component of C and E then (C · E)p0 is undefined as then theresultant R(F,G) is identically zero.

Remark 2.64. In the case of E being a straight line, we can give an alternativedefinition based on our discussion of tangent lines in Section 2.3.1. Recall that if Eis given parametrically E = p0 + pt | t ∈ K = (x0 + xt, y0 + yt, z0 + zt) | t ∈ K

and C has equation F (x, y, z) = 0 then E is tangent to C at p0 if t = 0 is a multiplesolution to F (p0+ pt) = 0. Define (C ·E)p0 to be the multiplicity of t = 0 as a rootof F (p0 + pt). In Exercise 2.13 you will check the equivalence of these definitions.


Theorem 2.65. (Bezout’s theorem) Let C and E be two plane projective curves.Then either they have a common irreducible component or they intersect in exactlydegC · degE number of points, counting with multiplicities. In other words,

p∈P2

(C · E)p = degC · degE.

Proof. Let F and G be the homogeneous polynomials of degree n = degC andm = degE and the coordinates are chosen as above. Then a point p0 = (x0 : y0 : z0)lies in C ∩ E if and only if p0 is a common zero of F (x, y, z) and G(x, y, z) which,in turn, happens if and only if (y0 : z0) is a root of the resultant R(F,G). Also, bydefinition, the intersection multiplicity (C ·E)p0 equals the multiplicity of this root.By Lemma 2.62, and since K is algebraically closed, the homogeneous polynomialR(F,G) ∈ K[y, z] has exactly nm roots, counting with multiplicities. If C and Ehave a common irreducible component then R(F,G) is identically zero.

2.4.2. The Veronese map. Let us start with a standard fact in linear al-gebra: For any two points in R2 there is a line containing them. More generally,for any d points in Rd there is a hyperplane containing them. The same is trueabout points in the projective space. For any d points in Pd there is a hyperplaneH = a0x0 + a1x1 + · · · + adxd = 0 containing them. Here (x0 : · · · : xd) are thehomogeneous coordinates in Pd. Indeed, if p1, . . . , pd is a collection of d points,pi = (pi0 : · · · : pid) ∈ Pd then such H containing them exists if and only if thesystem

(2.4)

a0p10 + a1p11 + · · ·+ adp1d = 0

a0p20 + a1p21 + · · ·+ adp2d = 0...

a0pd0 + a1p11 + · · ·+ adpdd = 0

has a non-trivial solution (a0, . . . , ad), which is always true since the number ofvariables is greater then the number of equations. Note that if the rank of theabove matrix equals d then there is a unique hyperplane H containing the pointsp1, . . . , pd. Similarly, if d−1 points p1, . . . , pd−1 in Pd, considered as vectors inAd+1, are linearly independent then there is a 1-parameter family of hyperplanesin Pd containing these points.

Now the question we are interested in is: How many points in P2 determine adegree n plane projective curve that contains them?

Example 2.66. (Conics). Let C be a conic given by a degree 2 homogeneouspolynomial

F (x, y, z) = a00z2 + a10xz + a01yz + a20x

2 + a11xy + a02y2.

Now let p1, . . . , p5 be five points in P2, then C contains them if and only ifF (pi) = 0 for 1 ≤ i ≤ 5. This is equivalent to a linear homogeneous systemof 5 equations and 6 unknowns (a00, a10, . . . , a02), which always has a non-trivialsolution. Therefore, any 5 points in P2 lie on a conic.

We can look at this example from a little bit more general point of view. Definethe following map

ν2 : P2→ P5, (x : y : z) → (z2 : xz : yz : x2 : xy : y2).


Then five points p1, . . . , p5 in P2 will be mapped to five points in P5, namelyν2(p1), . . . , ν2(p5). Furthermore, p1, . . . , p5 lie on a conic with equation

F (x, y, z) = a00z2 + a10xz + a01yz + a20x

2 + a11xy + a02y2 = 0

if and only if the points ν2(p1), . . . , ν2(p5) lie on a hyperplane H defined by

a00x0 + a10x1 + a01x2 + a20x3 + a11x4 + a02x5 = 0,

where (x0 : · · · : x5) are the homogeneous coordinates in P5.

Definition 2.67. Let d =n+22

− 1. The map νn : P2 → Pd defined by

νn : (x : y : z) → (zn : xzn−1 : · · · : xyn−1 : yn)

is called the n-th Veronese map. Here on the right hand side are all possiblehomogeneous monomials of degree n in x, y, z.

We have the following property of the Veronese map.

Proposition 2.68. The map νn : P2 → Pd is a well-defined one-to-one map.

Proof. To see that νn is well-defined we need to check that if not all x, y, zare zero then not all (zn : xzn−1 : · · · : xyn−1 : yn) are zero (should be clear), andthat (x : y : z) and (λx,λy,λz) are mapped to the same point in Pd. The latter isalso clear since the components of the map all have the same homogeneous degreen in x, y, z.

Now to show that νn is one-to-one assume that νn(x, y, z) = νn(u, v, w). Thenthere exists µ ∈ K∗ such that zn = µwn, xzn−1 = µuwn−1, and so on up toyn = µvn. In particular, xn = µun, yn = µvn, and zn = µwn imply that x = λ1u,y = λ2v, and z = λ3w where λi are some n-th roots of µ. From here it is not hardto see that the other equations ensure that λ1 = λ2 = λ3.

In the following theorem we generalize the result of Example 2.66.

Theorem 2.69. Let d =n+22

− 1.

(1) For any d points in P2 there is a degree n curve containing them.(2) For any d−1 points in P2 there is a 1-parameter family of degree n curves

containing them.(3) There exist d+ 1 points in P2 which do not lie on any curve of degree n.

Proof. (1) Let p1, . . . , pd be d points in P2 and let νn(p1), . . . , νn(pd)be the corresponding images under the Veronese map. Then p1, . . . , pd lie on adegree n curve C if and only if νn(p1), . . . , νn(pd) lie on a hyperplane in Pd. Nowthe statement follows from the linear algebra discussion at the beginning of thesubsection.

(2) This is similar to (1). All we need is to notice that there is a 1-parameterfamily of hyperplanes containing d− 1 points νn(p1), . . . , νn(pd−1) in Pd.

(3) Let X = νn(P2) be the image of the projective plane under the Veronesemap. Clearly X does not lie in a hyperplane (otherwise there would be a degree ncurve in P2 which contains all points of P2). Therefore, one can choose d+1 pointsq1, . . . , qd+1 in X, which do not lie on a hyperplane. But then their preimagesp1, . . . , pd+1, where pi = ν−1

n(qi), do not lie on any curve of degree n in P2.


Remark 2.70. We remark without proof that for almost every collection of dpoints in P2 there is a unique curve of degree n that contains them. What wemean here is that if we were to pick a collection of d points at random then withprobability one they lie on a unique curve of degree n. A more precise definitionrequires the notion of the dimension of an algebraic set, which we don’t includehere. This is similar to the fact that almost any collection of d vectors in Kd arelinearly independent.

Similarly, for almost every collection of d − 1 points in P2 there is a unique1-parameter family of degree n curves that contain them.

2.4.3. Number of double points. As the first application of Bezout’s theo-rem we will see how many singular double points a plane projective curve of degreen may have.

We begin with a question from elementary plane geometry: Given n lines inthe plane, what is the largest number of intersection points they may have? It iseasy to see that for n = 1, 2, 3 and 4 the answer is 0, 1, 3 and 6, respectively. Sinceadding a line to a collection of n− 1 intersecting lines produces at most n− 1 moreintersection points, the answer is the triangular number

n

2

. Translating this to

the language of curves, we can say that a reducible curve of degree n may have upto

n

2

singular double points. For irreducible curves the answer is smaller.

Theorem 2.71. Let C be an irreducible plane projective curve of degree n.Then it may have at most

n−12

double points.

Proof. Let C be an irreducible cubic. We have seen examples of irreduciblecubics with one double point (Example 2.53). Suppose C has two double pointsp1, p2. Then the line E containing them intersects C at two points with multiplicitytwo each, i.e. (C ·E)p1 = (C ·E)p2 = 2. But, by Bezout’s theorem, this is impossibleas degC · degE = 3 and E cannot be a component of C since we assumed C to beirreducible.

The same idea works in general. Let N =n−12

and assume C has N+1 double

points which we denote by p1, . . . , pN+1. Choose n−3 more points on C, call themq1, . . . , qn−3. Now we have N+1+n−3 =

n

2

−1, hence, by Theorem 2.69 there is a

curve E of degree n−2 containing them. Let us now count the intersection numberof C and E. Each pi comes with intersection number 2 and each qi comes withintersection number at least 1, which gives the total of at least 2(N + 1) + n− 3 =n(n− 2) + 1. This contradicts Bezout’s theorem as degC = n and degE = n− 2.Also E cannot be a component of C because C is irreducible and has larger degreethan E.

We mention without proof that there do exist irreducible curves with exactlyn−12

double points, so the bound proved in the above theorem is sharp.

2.4.4. Rational Curves. Let us come back to the nodal cubic C with affineequation y2 = x3 + x2 from Example 2.53. Can we parametrize the points of Cjust like we parametrize all the points of a line? In other words, can we write thecoordinates (x, y) ∈ C as rational functions of a parameter t? The answer turnsout to be yes, and Bezout’s theorem will help us here.

The idea is to consider the intersection of C with the lines through the origin.Since the origin is a double point of C, every line L must intersect C exactly once


more with multiplicity one, by Bezout’s theorem. We can express the coordinatesof this intersection point as polynomial functions of t, the slope of L.

Indeed, if L is given by y = tx then the intersections of C and L correspond tothe solutions of t2x2 = x3 + x2, i.e. of x2(x− (t2 − 1)) = 0. Notice that x = 0 is adouble root, that’s the multiplicity two intersection at the origin (0, 0). The simpleroot x = t2 − 1 produces the point (t2 − 1, t3 − t) on C. We thus obtain a rational(in this case polynomial) parametrization

C = (t2 − 1, t3 − t) | t ∈ K.

Note that the values t = 1,−1 give us the same point on C, the origin. Thecorresponding lines y = x, y = −x are the tangents to the two branches at theorigin (see Figure 2.6). The intersection number of each of these lines with C atthe origin is three. Summarizing, every t ∈ K defines a unique point (t2 − 1, t3 − t)on C. Conversely, every point (x, y) on C, except the origin, corresponds to aunique value of t. The origin corresponds to t = 1 and t = −1.

Example 2.72. Here is an example of a rational parametrization of a smoothconic (a unit circle), which you may have seen before. Let the conic C be given by(x − 1)2 + y2 − 1 = 0. As before take all lines y = tx through the origin. Theyintersect C at one more point: (x − 1)2 + t2x2 − 1 = 0, i.e. x((1 + t2)x − 2) = 0.This gives us a rational parametrization

C =

2

1 + t2,

2t

1 + t2

| t ∈ K

.

Note that each t ∈ K defines a unique point on C and every point (x, y) ∈ C, exceptthe origin, corresponds to a unique value of t.

Definition 2.73. A rational parametrization of an affine curve C ⊂ A2 is a pairof rational functions (x(t), y(t)) such that all but finitely many points (x, y) ∈ Chave the form (x(t), y(t)) for some t ∈ K.

Definition 2.74. A affine curve is called rational if it admits a rational parame-trization. A projective curve is called rational if its affine part admits a rationalparametrization.

The next theorem says that irreducible curves with the largest possible numberof double points are, in fact, rational.

Theorem 2.75. Let C be an irreducible curve withn−12

double points. Then

C is rational.

Proof. Let p1, . . . , pN be the double points, N =n−12

. As in the proof of

Theorem 2.71 we fix other q1, . . . , qn−3 on C. Since N + n− 3 =n

2

− 2, by The-

orem 2.69 there is a 1-parameter family of curves Et of degree n − 2 containingp1, . . . , pN , q1, . . . , qn−3. In other words, the coefficients of the polynomial defin-ing Et are linear functions in t. By Bezout’s theorem, for every value of t (exceptfor finitely many exceptions) the curve Et intersects C at exactly one more point q.The (y, z)-coordinates of q can then be found from solving R(F,G) = 0 where F andG are the polynomials defining C and E, respectively. They are rational functionsin the coefficients of G, and hence, rational functions of the parameter t.

In Exercise 2.22 you will find a rational parametrization for the curve given by(x2 + y2)2 = (x2 − y2)z2.


2.4.5. Pappus, Pascal, and Chasles. In this section we will prove threeclassical theorems due to Pappus of Alexandria (around 400 AD), Pascal (1640)and Chasles (1885). In fact, the former two follow from the latter, so first, we aregoing to state Chasles’ theorem and use it to prove the other two, and then proveChasles’ theorem after a bit of preparation.

Theorem 2.76. (Chasles) Let C1, C2 be plane projective cubics which intersectin 9 points. Then any cubic that contains any 8 of these points must contain all ofthem.

Theorem 2.77. (Pappus) Let p1, p2, p3 and q1, q2, q3 be two ordered triplesof collinear points. Define aij to be the intersection of lines piqj and pjqi for every1 ≤ i < j ≤ 3. Then the three points r12, r13, and r23 are collinear.

Figure 2.9. Pappus’ theorem.

Proof. Let C1 be the union of three lines p1q2, p2q3 and p3q1. Similarly, letC2 be the union of p1q3, p3q2 and p2q1. Then C1 and C2 are two (reduced) cubiccurves intersecting in 9 points:

p1, p2, p3, q1, q2, q3, r12, r13, r23 .

Now let N be the line containing r12, r13 and let C be the union of three lines L,M and N (see Figure 2.9). Then C contains the first 8 points in the above list,and hence, must contain all of them, by Chasles’ theorem. Therefore r23 also lieson N , which proves that r12, r13, and r23 are collinear.

Theorem 2.78. (Pascal) Consider a hexagon inscribed into an irreducible conicE in P2. Let ai, for 1 ≤ i ≤ 6, be the lines containing the sides of the hexagon.Then the intersection points of the lines containing opposite sides p14 = a1 ∩ a4,p25 = a2 ∩ a5, and p36 = a3 ∩ a6 are collinear.

Proof. This time we let C1 = a1∪a3∪a5 and C2 = a2∪a4∪a6. These cubicsintersect at the six vertices of the hexagon and at p14, p25, p36 (see Figure 2.10).


Figure 2.10. Pascal’ theorem.

Let C be the union of the conic E and the line N containing p14 and p25. SinceC contains 8 of the intersection points of C1 and C2 it must also contain p36, byChasles’ theorem. Therefore, p14, p25, p36 all lie on N , i.e. are collinear.

Before we give a proof of Chasles theorem we need to look closer at the Veronesemap discussed in Section 2.4.2. Recall its definition:

νn : P2→ Pd, νn : (x : y : z) → (zn : xzn−1 : · · · : xyn−1 : yn),

where d =n+22

− 1.

Definition 2.79. A set of points p1, . . . , pk ⊂ P2 is said to impose inde-pendent conditions on curves of degree n if its image νn(p1), . . . , ν(pk) is linearlyindependent (as a set of vectors in Ad+1). Otherwise we say it fails to imposeindependent conditions on degree n curves.

In Section 2.4.2 we saw that if S = p1, . . . , pd imposes independent conditionson degree n curves then there is a unique degree n curve C containing S.

Here is an equivalent definition.

Proposition 2.80. S = p1, . . . , pk imposes independent conditions on degreen curves if and only if for every subset S of size |S| = k − 1 there exists a degreen curve C containing S, but not S.

Proof. By definition S imposes independent conditions on degree n curves ifand only if the matrix M = [νn(p1), . . . , ν(pk)]

t has rank k if and only if its columnsspan Ak if and only if for every 1 ≤ i ≤ k the equation M(a00, . . . , a0n)t = ei hasa solution (here ei is the i-th standard basis vector for Ak). This is equivalent theexistence of a hyperplane in Pd containing all of νn(p1), . . . , ν(pk), but ν(pi), i.e.the existence of a degree n curve containing p1, . . . , pk, but pi.


Example 2.81.

(a) Any two points in P2 impose independent conditions on lines (degree 1curves), since there is a line containing one point, but not the other.

(b) Any three points in P2 impose independent conditions on lines, unless theyare collinear, since then there is a line containing any two of the points,but not the third.

(c) Any six points impose independent conditions on conics, unless they lieon a conic (note that a conic may be reduced, i.e. the union of twolines). Indeed, suppose they do not all lie on a conic. Then, as we saw inExample 2.66, any five of them will lie on a conic, but not the sixth.

More generally, we can say when a set does or does not impose independentconditions in some special cases.

Proposition 2.82. Any k ≤ n+1 points in P2 impose independent conditionson degree n curves.

Proof. Let S = p1, . . . , pk. For each 1 ≤ i ≤ k − 1 choose a line Li

containing pi, but not pk. Let E be any curve of degree n − k + 1 not containingpk. Then the union C = L1 ∪ · · · ∪ Lk−1 ∪ E is a curve of degree n containing allof S, but pk. By Proposition 2.80, S imposes independent conditions on degree ncurves.

Proposition 2.83. Any n+2 collinear points in P2 fail to impose independentconditions on degree n curves.

Proof. Let S be a set of n+2 points contained in a line L and choose S ⊂ Sof size n + 1. By Bezout’s theorem any curve C of degree n containing S mustcontain L as an irreducible component. Therefore, C must contain S as well. ByProposition 2.80, S fails to impose independent conditions on degree n curves.

Proposition 2.84. Any 2n + 2 points in P2 lying on a conic fail to imposeindependent conditions on degree n curves.

Proof. The proof is the same as for Proposition 2.83, except the line L mustbe replaced by a conic E.

Now we can strengthen the statement of Proposition 2.82.

Theorem 2.85. Any k ≤ 2n + 2 points in P2 impose independent conditionson degree n curves unless there are n+ 2 that are collinear or k = 2n+ 2 and theyall lie on a conic.

Proof. Notice that the cases k ≤ n + 1 and n = 1, 2 have been alreadyconsidered in Proposition 2.82 and Example 2.81. Thus we may assume that k >n+ 1 and n ≥ 3. Suppose S = p1, . . . , pk fails to impose independent conditionson degree n curves. Then we will show that S falls into one of the two situationsdescribed in the statement of the theorem. In fact, it is enough to consider minimalsuch S, i.e. whose proper subsets do impose independent conditions on degree ncurves. Equivalently, any degree n curve containing all but one point of S mustcontain all of S. We use induction on n and then k. We have three cases.

Case 1. Suppose S contains n + 1 collinear points, S ⊂ L. Let S = S \ S

and so |S| ≤ n + 1. First, S must fail to impose independent conditions ondegree n− 1 curves. Indeed, assuming the contrary there exists E of degree n− 1

2.5. THE GENUS OF A CURVE 55

containing S \ pj, but not pj , and hence L ∪ E is a degree n curve containingS \ pj, but not pj . This is a contradiction.

Now by the inductive hypothesis S must contain n+1 collinear points, S ⊂ N .This implies that |S| = 2n+ 2 and S is contained in the union of two lines L ∪N .

Case 2. Suppose S contains l ≥ 3 collinear points S ⊂ L. Then, as before,S = S \S must fail to impose independent conditions on degree n− 1 curves. Byinduction, since |S| ≤ 2(n− 1) + 2, it must contain n+ 1 collinear points and weare back in Case 1.

Case 3. Suppose no three points of S are collinear. Let p1, p2, p3 be anythree points of S. We let S = S \ p1, p2, p3 and Si = S ∪ pi. Once again,each set Si must fail to impose independent conditions on degree n − 1 curves,and hence, by the inductive hypothesis, |Si| = 2n and Si ⊂ Ci for some conic Ci.Then |S| = 2n − 1, and so S contains at least 5 points (remember that n ≥ 3).By our assumption these 5 points impose independent conditions on conics, hence,are contained in a unique conic C. Therefore, all Ci must coincide with C, whichimplies that S ⊂ C.

We are now ready to prove Chasles’ theorem. Let C1 = F1 = 0 and C2 =F2 = 0 be plane cubics intersecting in 9 points. Let S be any subset of 8of these points. By Theorem 2.85, S imposes independent conditions on cubics,hence, there is a unique 1-parameter family of cubics containing S (see the proofof Theorem 2.69). Since C1 and C2 are two distinct cubics from this 1-parameterfamily, they span the entire family, i.e. any cubic C containing S has equationλ1F1 + λ2F2 = 0 for some λ1,λ2 ∈ K. Clearly, the ninth intersection point of C1

and C2 also satisfies this equation, i.e. all the nine points are contained in C.

2.5. The Genus of a Curve

Recall from complex analysis how we compactify the complex plane C by in-troducing one point at infinity z = ∞. Topologically, C ∪ ∞ is a compact spacehomeomorphic to a sphere, and is called the Riemann sphere S2 = C ∪ ∞. Thisis, in fact, the same as the complex projective line P1

C we defined in Section 2.2.2

P1C = (x : y) | x, y ∈ C = (x : 1) | x ∈ C ∪ (1 : 0) = C ∪ ∞ = S2.

Thus, we see that a complex projective line is topologically a real 2-dimensionalsphere.

It turns out that every smooth complex projective curve is topologically a realorientable surface. This will allow us to define the genus of a projective curve(at least for curves over C) as the genus of a real orientable surface. Geometryteaches us that every real orientable 2-dimensional manifold is homeomorphic toa sphere with g handles. The number of handles g is called the genus of a realorientable surface. For example, a sphere with one handle is a torus (the surfaceof a doughnut) and a sphere with two handles is the surface of a pretzel (seeFigure 2.11). An ordinary sphere has no handles, hence it has genus zero.

We will start with an example.

Example 2.86. Let λ ∈ C be a constant and λ = 0, 1. Let C be a cubic withequation y2z = x(x− z)(x− λz) in P2

C. It has complex dimension 1, which meansthat a neighborhood of every point in C “looks like” a neighborhood of a point


Figure 2.11. Two surfaces of genus 1 and 2.

in C. Thus, C has real dimension 2, i.e. is a real surface. In fact, it is a compactorientable surface embedded into P2

C. We consider the projection

π : P2C → P1

C, (x : y : z) → (x : z).

Note that it is undefined at (0 : 1 : 0), so we set (0 : 1 : 0) → (1 : 0) ∈ P1C. In

Figure 2.12 we show the real part of C and how it is projected on the x-axis. Note

Figure 2.12. The projection of a cubic onto P1C.

that every point p ∈ P1C has exactly two preimages on C unless p lies in the set of

four exceptional points Σ = (λ : 1), (0 : 1), (1 : 1), (1 : 0). (The only preimageof (1 : 0) is the point (0 : 1 : 0) ∈ C.) We will denote the four points by λ, 0, 1,and ∞. In other words, π is a double covering of P1

C \ Σ by two parts of C, eachlooks like P1

C with four points removed. Analytically, they are the two sheets of the2-valued function y =

x(x− 1)(x− λ). We sketch the process of gluing the two

sheets in Figures 2.13–2.15.


Figure 2.13. Step 1: Two spheres with cuts.

Figure 2.14. Step 2: Glue the spheres along the cuts.

Each sheet is a sphere without the four points in Σ. The spheres are gluedalong the four cuts to form a surface homeomorphic to a torus. Therefore the cubic

Figure 2.15. The resulting surface is a torus.

C has genus 1.


The following theorem describes the basic idea for constructing Riemann sur-faces from a smooth complex projective curve.

Theorem 2.87. Let C ⊂ P2C be a smooth plane projective curve and

π : P2C → P1

C, (x : y : z) → (x : z)

be the vertical projection. Then every point p ∈ P1C has n = degC preimages under

π, unless p ∈ Σ, the projection of points in C with a vertical tangent. Moreover,P1C \ Σ is covered by n sheets homeomorphic to a sphere with a finite number of

points excluded. These sheets are glued to form a compact real orientable surface,the Riemann surface of C.

The points in Σ have a special name.

Definition 2.88. Points p ∈ P1C with |π−1(p) ∩ C| < degC are called the

ramification points of the map π|C . The map π|C : C → P1C is called a ramified

n-covering.

2.5.1. The Euler Characteristic. We have already mentioned that everyreal compact orientable surface is topologically a sphere with g handles, where g iscalled the genus of the surface. Now we will define a related notion of the Eulercharacteristic. It can be defined combinatorially via triangulations.

Let S be a real compact orientable surface. A triangulation of S is a subdivisionof S into finitely many triangles S = T1 ∪ · · · ∪ Tk in such a way that every pair oftriangles either is disjoint or intersects in a common side or a common vertex. Thetriangles are called the faces and the sides are called the edges of the triangulation.

Definition 2.89. Let V , E, and F denote the number of vertices, edges, andfaces in a triangulation of S. The Euler characteristic χ(S) is the number V −E+F .

It turns out that χ(S) is independent of the choice of a triangulation and is atopological invariant of the surface.

Example 2.90. (a) Let S2 be a sphere. We can construct a triangulationof S2 by starting with a triangular pyramid (a 3-simplex) and blowing inup like a balloon. We obtain a sphere with a triangulation correspondingto the boundary of the simplex. We have V = 4, E = 6, and F = 4, soχ(S2) = 4− 6 + 4 = 2.

Figure 2.16. 3-simplex blown up to a triangulated sphere.

(b) Let D2 be a disc. The simplest triangulation we can choose is the oneconsisting of one triangle and three edges on the boundary of D. Its Eulercharacteristic is χ(D) = 3 − 3 + 1 = 1. Also the boundary ∂D of D hasthe Euler characteristic χ(∂D) = 3− 3 + 0 = 0.


You should check that the Euler characteristic has the following property.

Proposition 2.91. The Euler characteristic is additive, i.e.

χ(S1 ∪ S2) = χ(S1) + χ(S2)− χ(S1 ∩ S2).

The following theorem establishes a relation between the genus and the Eulercharacteristic.

Theorem 2.92. Let S be a compact orientable surface of genus g. Then

χ(S) = 2− 2g.

Proof. The proof is by induction on g. If g = 0 then S ∼= S2 and χ(S2) = 2 asabove. Let Sg−1 be a surface of genus g−1, and so χ(Sg−1) = 2−2(g−1) = 4−2g,by the inductive hypothesis. We can construct a surface of genus g by attachinga handle to Sg−1. Namely, let U be Sg−1 with two disjoint discs removed. Takea “handle” V , i.e. a sphere with two disjoint discs removed, and glue the handleV to U along the boundaries of the two pairs of removed discs, as in Figure 2.17.The resulting surface Sg = U ∪V has genus g. To compute the Euler characteristic

Figure 2.17. Attaching a handle to Sg−1.

we will use the additivity property. First, χ(V ) = 2 − 1 − 1 = 0, as the Eulercharacteristic of the sphere is 2 and the Euler characteristic of each disc is 1. Notethat the discs intersect the sphere in circles which have zero Euler characteristic.Similarly,

χ(U) = χ(Sg−1)− 1− 1 = 4− 2g − 1− 1 = 2− 2g.

Therefore

χ(Sg) = χ(U) + χ(V )− χ(U ∩ V ) = 2− 2g + 0− 0 = 2− 2g,

where again we used the fact that U ∩ V is a disjoint union of two circles, hencehas zero Euler characteristic. The formula is proved.

2.5.2. The Riemann–Hurwitz Formula. Our goal now is two see how theEuler characteristic behaves when one has a ramified covering π : S2 → S1. First,we consider n-coverings.

Definition 2.93. Let S1, S2 be two surfaces. A map π : S2 → S1 is called ann-covering if every point p ∈ S1 has a neighborhood U ⊂ S1 such that π−1(U) ishomeomorphic to a disjoint union of n copies of U .


Theorem 2.94. Let π : S2 → S1 be an n-covering. Then χ(S2) = nχ(S1).

Proof. Choose a fine enough triangulations of S1 and S2 such that for anytriangle ∆ in the triangulation of S1 the preimage π−1(∆) is a union of disjointtriangles in the triangulation of S2. Then if χ(S1) = V − E + F then χ(S2) =nV − nE + nF = χ(S1).

As an immediate consequence of Theorem 2.92 and Theorem 2.94 we obtain:

Corollary 2.95. Let S1 and S2 be compact orientable surfaces of genera g1and g2. If π : S2 → S1 is a covering then g1 − 1 divides g2 − 1.

The following theorem, which we refer to as the Riemann–Hurwitz formularelates the Euler characteristics for a ramified covering of two surfaces.

Theorem 2.96. (The Riemann–Hurwitz formula) Consider a ramified n-coveringπ : S2 → S1 with ramification points p1, . . . , pk ⊂ S1. Let ni be the number ofpreimages of pi under π. Then

χ(S2) = n (χ(S1)− k) +k

i=1

ni = nχ(S1)−k

i=1

(n− ni).

Proof. Choose a triangulation of S1 which contains small enough triangles∆1, . . . ,∆k such that they are disjoint and pi ∈ ∆i for 1 ≤ i ≤ k. Put Σ1 =∆1 ∪ · · · ∪∆k and S1 = T1 ∪ Σ1, where T1 is the union of the remaining trianglesin the triangulation of S1. Then

(2.5) χ(S1) = χ(T1) + χ(Σ1)− χ(T1 ∩ Σ1) = χ(T1) + k,

since Σ1 consists of k disjoint discs, each of Euler characteristic one, and T1 ∩ Σ1

is a union of disjoint circles, each of Euler characteristic zero.Now consider the triangulation of S2 obtained by taking the preimages: S2 =

T2 ∪ Σ2, for T2 = π−1(T1) and Σ2 = π−1(Σ1). Then

(2.6) χ(S2) = χ(T2) + χ(Σ2)− χ(T2 ∩ Σ2) = χ(T2) + n1 + · · ·+ nk,

since there are precisely ni triangles in the preimage of ∆i and T2 ∩ Σ2 is still aunion of disjoint circles. It remains to notice that π : T2 → T1 is an n-covering,so by Theorem 2.94, χ(T2) = nχ(T1), and the statement follows from (2.5) and(2.6).

2.5.3. The Plucker Formula. As an application of the Riemann–Hurwitzformula we will prove the Plucker formula which computes the genus of a smoothplane projective curve. We will start with an example.

Example 2.97. Let C be defined by xn + yn + zn = 0. You should checkthat this is a smooth curve. The projection π : C → P1

C, (x : y : z) → (x : z) iswell-defined as (0 : 1 : 0) does not lie on C. Now take any point p = (x0 : z0) ∈ P1

C.What is π−1(p)? We have

π−1(p) = (x0 : y : z0) | xn

0 + yn + zn0 = 0.

In other words, π−1(p) consists of points whose y-coordinate is a solution to yn =−(xn

0 +zn0 ). This equation has n distinct solutions in C unless xn

0 +zn0 = 0 in whichcase there is only one solution. Thus the points p = (x0 : z0) with xn

0 + zn0 = 0are the ramification points with exactly 1 preimage. We can write them explicitly.Indeed, let ξ1, . . . , ξn be the n-th roots of −1. Then the ramification points are


(ξ1 : 1), . . . , (ξn : 1). (We should point out that x0 = y0 = 0, although satisfies theabove equation, does not define a point in P1

C.)Now we can apply the Riemann–Hurwitz formula with S2 = C, S1 = P1

C, k = n,and ni = 1 for 1 ≤ i ≤ n:

χ(C) = nχ(P1C)−

n

i=1

(n− 1) = 2n− n(n− 1) = 3n− n2.

On the other hand, χ(C) = 2− 2g, where g is the genus of C. Therefore,

g =2− χ(C)

2=

n2 − 3n+ 2

2=

(n− 1)(n− 2)

2.

It turns out that the same formula holds for any smooth plane projective curve.

Theorem 2.98. (The Plucker Formula) Let C be a smooth plane projective

curve of degree n. Then the genus of C equals (n−1)(n−2)2 .

Proof. Let C be defined by F (x, y, z) = 0. We can choose coordinates suchthat F has degree n in y and such that (0 : 1 : 0) does not lie on C and sothe projection π : C → P1

C, (x : y : z) → (x : z) is well-defined. Now for everyp = (x0 : z0) ∈ P1

C the preimage π−1(p) consists of points (x0 : y : z0) on C whose y-coordinates are the roots of F (x0, y, z0) = 0. Since F has degree n in y, the numberof preimages |π−1(p)| is n unless y is a multiple root of F (x0, y, z0). The lattermeans that the vertical line Lp through p is tangent to C. Points on C with a vertical

Figure 2.18. p1 is a ramification point of π : C → P1C.

tangent satisfy ∂F

∂y= 0, i.e. are the intersection points of C and E =

∂F

∂y= 0.

By Bezout’s theorem their number is degC · degE = n(n− 1). Again, by changingcoordinates if needed, we may assume that the points with a vertical tangent havedifferent y-coordinates, i.e. they project to exactly k = n(n−1) points p1, . . . , pkin P1

C. These are precisely the ramification points of π. Also ni = |π−1(pi)| = n−1.Therefore, by the Riemann–Hurwitz formula

χ(C) = 2n−

k

i=1

(n− ni) = 2n− n(n− 1) = 3n− n2,


which implies that

g =2− χ(C)

2=

n2 − 3n+ 2

2=

(n− 1)(n− 2)

2.

2.5.4. Hyperelliptic curves. Now we will look at a special class of plane

curves called hyperelliptic. They have a singular point, so we need first to definethe genus of a singular curve.

Definition 2.99. Let Σ be the set of singular points of C. Then C \Σ is a realorientable surface homeomorphic to a sphere with g handles with a finite numberof points removed. The number g is called the genus of C.

Let f ∈ K[x] be a polynomial of degree n ≥ 3 with distinct roots. It defines aprojective curve C of degree n whose affine part has equation y2 = f(x). If n = 3or n = 4 the curve C is called elliptic; for n > 4 it is called hyperelliptic.

First, let us look at the case of an elliptic curve with n = 3. The homegeneousequation of C is y2z = x3 + a2x2z + a1xz2 + a0z3. You should check that C issmooth as long as f(x) = x3+a2x2+a1x+a0 has no multiple roots. By the Plucker

formula the genus of C equals (3−1)(3−2)2 = 1. A particular case of this (which is,

in fact, equivalent to the general situation) was considered in Example 2.86.Now let f(x) = xn + · · · + a1x + a0, n ≥ 4, and let C be defined by the

homogeneous polynomial

F (x, y, z) = y2zn−2− (xn + · · ·+ a1xz

n−1 + a0zn).

The gradient of F equals−(nxn−1 + · · ·+ a1z

n−1), 2yzn−2, (n− 2)y2zn−3− (an−1x

n−1 + · · ·+ na0zn−1)

.

In the affine part z = 1 the singular points on C are defined by y = 0 and f (x) = 0.In other words, they are the common roots of f and f , which there are none, sincewe assumed that f has no multiple roots. However, when z = 0, the gradientbecomes (−nxn−1, 0,−an−1xn−1) which equals zero at (0 : 1 : 0). Thus (0 : 1 : 0)is the only singularity on C. Notice also that this is the only point of C on theinfinite line z = 0.

To compute the genus of C we turn back to the Riemann–Hurwitz formula.Consider the vertical projection π : C → P1

C defined by (x : y : z) → (x : z) and(0 : 1 : 0) → (1 : 0). For every point p = (x0 : 1) ∈ P1

C the preimages in C are points(x0 : y : 1) satisfying the quadratic equation y2 = f(x0). Hence |π−1(p)| = 2, unlessx0 is a root of f , in which case |π−1(p)| = 1.

Therefore π is a double covering with n ramification points corresponding tothe roots of f , and possibly the point (1 : 0). So let us see how the two sheets areglued in a neighborhood of (0 : 1 : 0). If (1 : 0) is not a ramification point thenwhen we go around a small circle centered at (1 : 0) the preimages stay on one sheetand go around a small circle centered at (0 : 1 : 0). If (1 : 0) is a ramification pointthen the preimages will start on one sheet and end up on the other. Let (1 : z) with|z| = ρ be the points on the circle of radius ρ, centered at (1 : 0). The preimagesof (1 : z) satisfy

y2zn−2 = 1 + · · ·+ a1zn−1 + a0z

n,

or equivalentlyy2 = z2−n + · · ·+ a1z + a0z

2,

EXERCISES 63

Since |z| is small, the main term in the right hand side is z2−n and we can approx-imate C near (0 : 1 : 0) by the curve with equation

y2 = z2−n.

We can parametrize the circle as z = ρeiθ for 0 ≤ θ ≤ 2π. Then the above equationbecomes

y2 = ρ2−neiθ(2−n).

If n = 2m then we have two sheets

y = ±ρ1−meiθ(1−m)

and the preimage of the circle |z| = ρ stays on one sheet. If n = 2m− 1 then

y = ±ρ3/2−meiθ(1−m)eiθ/2

and the preimage of the circle |z| = ρ switches from one sheet to the other.Finally we can apply the Riemann–Hurwitz formula. If n = 2m then the

projection π : C \ (0 : 1 : 0) → P1C is a double covering with k = n ramification

points and each ni = 1. Thus

2− 2g = χ(C) = 2χ(P1C)− n = 4− 2m

and so g = m − 1 = n−22 . If n = 2m − 1 then there are k = n + 1 ramification

points with ni = 1. Hence

2− 2g = χ(C) = 2χ(P1C)− (n+ 1) = 4− 2m

and so g = m− 1 = n−12 . We have proved the following result.

Proposition 2.100. The genus of a hyperelliptic curve of degree n equalsn−12 .

Exercises

Exercise 2.1. Construct a field of 8 elements by choosing an irreducible poly-nomial over Z2. Find its primitive elements.

Exercise 2.2. List all monic irreducible polynomials of degrees 1, 2, and 4over Z2. Show that their product equals x16 − x.

Exercise 2.3. Show that if F is algebraically closed then F is infinite. (Hint:Assuming F is finite construct a polynomial over F which is not equal to zero atany of the elements of F .)

Exercise 2.4. Consider ideals I = x, y and J = ax+ by, cx+ dy in Q[x, y],where a, b, c, and d are some constants. Find a necessary condition on theseconstants that guarantees I = J . (Hint: First show that I ⊆ J if the generators ofI lie in J .)

Exercise 2.5. Factor x3 − y3 into a product of irreducible polynomials inQ[x, y] and in C[x, y]. Don’t forget to show the irreducibility of the factors.

Exercise 2.6. Prove that xpn

− x equals the product of all monic irreduciblepolynomials over Fp whose degree divides n. (Hint: ??????)


Exercise 2.7. Show that a polynomial F ∈ K[x, y, z] is homogeneous of degreen if and only if it satisfies F (λx,λy,λz) = λnF (x, y, z) for any λ ∈ K.

Exercise 2.8. Let F ∈ K[x, y, z] be homogeneous of degree n. Prove

x∂F

∂x+ y

∂F

∂y+ z

∂F

∂z= nF.

Exercise 2.9. Let M ∈ GL(3,K) be an invertible 3 × 3 matrix over a fieldK. It defines an invertible linear transformation on the set of lines in A3 passingthrough the origin, i.e on P2. Show that two matrices M,M in GL(3,K) definethe same transformation on P2 if and only if M = (λI)M , where λI is a scalarmatrix. Deduce from this that the group of invertible linear transformations of P2,denoted by PGL(3,K), is isomorphic to GL(3,K)/Z, where Z is the subgroup ofscalar matrices (the center).

Exercise 2.10. Find the intersection of the projective curve given by y2z =x3 − xz2 and the lines (a) x = y; (b) x = z; (c) y = z (you don’t have to writedown the coordinates in part (c), but give a description in terms of the number ofreal/complex points in the affine part and at infinity). Are there multiple intersec-tion points? Sketch the affine part of the curve and the lines in R2.

Exercise 2.11. Find the singular points of the projective curve y2z2 = x(x2−

z2)(x− 2z). Find all the (smooth) points of the curve where the tangent is vertical(note that the tangent is vertical if and only if Fy = 0).

Exercise 2.12. Show that (0, 0) is a triple point of the affine curve (x2+y2)2+3x2y − y3 = 0. What are the three tangents to the curve at the origin?

Exercise 2.13. Let C be a curve with equation F (x, y, z) = 0 and consider aline E given parametrically by

E = p0 + pt | t ∈ K = (x0 + xt, y0 + yt, z0 + zt) | t ∈ K.

Define (C · E)p0 to be the multiplicity of t = 0 as a root of F (p0 + pt). Show that(C ·E)p0 coincides with the local intersection number as defined in Definition 2.63.(Hint: ??????)

Exercise 2.14. Let F (x, y, z) be a homogeneous polynomial of degree n. Showthat one can make a linear change of variables y → x + λ1y, z → x + λ2x, so theresulting polynomial has degree n in x.

Exercise 2.15. Prove that for any four points in P2, no three of which arecollinear, there exists a linear transformation of P2 which sends them to (1 : 0 : 0),(0 : 1 : 0), (0 : 0 : 1), and (1 : 1 : 1).

Exercise 2.16. Find a rational parametrization of the curve x2 − y2 = 1.(Hint: Consider lines through (−1, 0).)

EXERCISES 65

Exercise 2.17. Find a rational parametrization of the curve (x2 − y2)2 = y3.(Hint: It has a singular point which is a triple point.)

Exercise 2.18. Find all conics containing the five points (0 : 0 : 1), (1 : 0 : 1),(0 : 1 : 1), (1 : 1 : 0), and (−1 : 1 : 1). Do these points impose independentconditions on conics?

Exercise 2.19. Find all conics containing the four points (0 : 0 : 1), (0 : 1 : 1),and (±1 : 0 : 1). Do these points impose independent conditions on conics?

Exercise 2.20. Find all conics containing the three points (0 : 0 : 1), and(±i : 1 : 0) and which are tangent to the line x+ y = 0 at (0 : 0 : 1).

Exercise 2.21. Let S consist of the integer points of the square [0, 2] × [0, 2]in R2. Does S impose independent conditions on the cubics? Explain.

Exercise 2.22. Find a rational parametrization of the degree 4 curve C givenby equation (x2 + y2)2 = (x2 − y2)z2. (Hint: Show that (0 : 0 : 1) and (±i : 1 : 0)are singular points of C. Can it have more singularities? Consider the 1-parameterfamily of conics from Exercise 2.20.)

Exercise 2.23. Find the genus of the curve y2z = x3 + x2z. (Hint: You mayapply the same method we used for hyperelliptic curves or you may use a rationalparametrization of the curve.)

Exercise 2.24. Find the number of tangents to a smooth degree n curve Cfrom a generic point O in P2. (Hint: Choose O so it does not lie on lines that aretangent to C more than once. Then choose a general enough line L and consider theprojection π of C onto L along all the lines through O. Apply the Riemann–Hurwitzformula.)

Exercise 2.25. Find the number of tangents to a smooth degree n curve Cfrom a generic point O on C. (Hint: Use Exercise 2.24. What happens to thetangents when O approaches C?)

CHAPTER 3

The Riemann–Roch Theorem

3.1. Functions and Local Rings

In this section we will look at some algebraic properties of curves. In particularwe will define the ring of functions on a curve and the local ring of a point. Thiswill help us to define discrete valuation, an algebraic analog of the notion of theorder of a zero/pole of a function of one complex variable.

3.1.1. Regular and Rational Functions. Let C be a plane affine irreduciblecurve over F (not necessarily algebraically closed) with equation f(x, y) = 0. Wewould like to define (polynomial) functions on C. The idea is that if g(x, y) =h(x, y) + q(x, y)f(x, y) then g and h take the same values at every point of C. Inother words, we need to consider polynomial function modulo the defining polyno-mial f .

Definition 3.1. The quotient ring F[C] = F[x, y]/f is called the coordinatering of C. Its elements are called regular functions on C.

Example 3.2.

(a) Let C be the affine line y = 0. Then

F[C] = F[x, y]/y ∼= F[x],where the last map is g(x, y) → g(x, 0). This shows that the regularfunction on C can be identified with the polynomials in x.

(b) Let C be the conic with equation y − x2 = 0. Then

F[C] = F[x, y]/y − x2 ∼= F[x].

Again, the regular functions on C are polynomials in x, but the identifi-cation is different: g(x, y) → g(x, x2).

(c) Let C be a smooth cubic with equation y2 − x3 + x = 0. Then in thecoordinate ring F[C] we have y2 = x3 − x, and so we can identify F[C]with the set

a0y + a(x) | a0 ∈ F, a(x) ∈ F[x]If f is irreducible then the ideal f is prime. Therefore, if C is irreducible

then F[C] is an integral domain. Recall the definition of the field of fractions of anintegral domain R:

Frac(R) =a

b| a, b ∈ R

, where

a

b=

c

diff ad = bc in R.

For example, Frac(Z) = Q and Frac(F[x]) = F(x), the field of rational functionsin x. You should check that the operations a

b+ c

d= ad+bc

bdand a

b·

c

d= ab

cdare

well-defined and Frac(R) is indeed a field (the zero and the unit elements are 0 = 01

and 1 = 11 ).

67

68 3. THE RIEMANN–ROCH THEOREM

Definition 3.3. The function field (a.k.a. the field of rational functions) of Cis F(C) = Frac(F[C]).

Example 3.4.

(a) Let C be the line y = 0. Then F(C) = Frac(F[x]) = F(x).(b) Let C be the conic y − x2 = 0 and consider the function y/x ∈ F(C).

What is its value at (0, 0)? Recall that y = x2 in F[C], so

y

x=

x2

x= x in F(C).

Hence we see that this function takes value 0 at (0, 0).(c) Let C be the cubic y2−x3+x = 0. Again, to see the value of y/x ∈ F(C)

we use that y2 = x3 − x in F[C]:

y

x=

y2

xy=

x3 − x

xy=

x2 − 1

y.

This time we found a representation of y/x where the denominator takesvalue zero, but the numerator is non-zero at (0, 0). In this case we saythat the function y/x has a pole at (0, 0). Similarly, x/y = y/(x2 − 1)takes value 0 at (0, 0).

In Exercise 3.1 you will show that for any g ∈ F(C) its value g(p) = a(p)/b(p)is independent of how you represent g = a/b for a, b ∈ F[C] with b(p) = 0. Inother words, if g = c/d for some other c, d ∈ F[C] with d(p) = 0 then a(p)/b(p) =c(p)/d(p) and so the value g(p) is well-defined.

Definition 3.5. A rational function g ∈ F(C) is called regular at p ∈ C ifthere exists a representation g = a/b with a, b ∈ F[C] and b(p) = 0.

This brings us to an important notion of a local ring of a point.

3.1.2. The Local Ring of a point.

Definition 3.6. The set

Op = g ∈ F(C) | g is regular at p

is called the local ring of p on C.

It turns out that algebraic properties of Op reflect geometric properties of C“near” the point p. The following lemma, which you should prove yourself, justifiesthe word “ring” in the definition of Op.

Lemma 3.7. Op is a subring of F(C), containing F[C].

Now consider the subset mp ⊂ Op consisting of those g that take value 0 at p:

mp = g ∈ Op | g(p) = 0.

It is easy to check that mp is an ideal of Op. Moreover, we will see that mp is amaximal ideal and it is the only maximal ideal of Op. In ring theory rings with thisproperty are called local rings.

Definition 3.8. A ring O is called local if O has a unique maximal ideal m.

Here is an equivalent definition.

3.1. FUNCTIONS AND LOCAL RINGS 69

Proposition 3.9. O is a local ring if and only if O \ O∗ is an ideal (and som = O \ O∗). Here O∗ is the set of units of O.

Proof. (⇒) Assume O is a local ring with maximal ideal m. First, m ⊆ O\O∗

since if an ideal contains a unit then it must contain all elements of the ring, i.e. itis the improper ideal. Second, any a ∈ O \ O∗ defines a proper ideal a. Since mis the only maximal ideal of O, we have a ⊂ m. But this means that a ∈ m, andwe see that O \ O∗ ⊆ m. Therefore, m = O \ O∗.

(⇐) Suppose O \ O∗ is an ideal. The same argument as before shows that itmust be maximal. Also we saw that any proper ideal must lie in O\O∗. Therefore,any maximal ideal must coincide with O\O∗, i.e. it is a unique maximal ideal.

Example 3.10.

(a) Z is not a local ring. Indeed, Z \ ±1 is not an ideal (it is not closedunder addition). Also every prime defines a maximal ideal in Z, so thereare infinitely many maximal ideals in Z.

(b) F is a local ring. Its only maximal ideal is the zero ideal (in fact, the onlyproper ideal). Also 0 = F \ F∗.

(c) The ring of formal power series

F[[x]] =g(x) =

n≥0

aixi| ai ∈ F

is a local ring. Indeed, let m consist of power series g(x) with g(0) = 0,i.e. a0 = 0. Its complement in F[[x]] is the set of power series with a0 = 0.Such power series are invertible by the following analog of the geometricseries formula. Let g(x) = a0(1 − h(x)), where h ∈ F[[x]] with h(0) = 0.Then

1

g(x)=

1

a0(1− h(x))=

1

a0

1 + h(x) + h(x)2 + h(x)3 + . . .

.

Note that every xk appears only in the finite number of terms in theinfinite sum (all monomials of h(x)m for m > k have degree at least k+1since h(0) = 0), so the infinite sum of powers of h(x) defines a formalpower series in x.

Now we are ready to prove that Op is a local ring with mp being the onlymaximal ideal.

Proposition 3.11. Op is a local ring with the maximal ideal mp.

Proof. By definition Op \mp consists of g = a/b with a(p) = 0 and b(p) = 0.Clearly, every such g has the inverse 1/g = b/a in Op. Therefore, mp = Op \O

∗p. It

remains to apply Proposition 3.9.

Remember that the quotient of a ring by a maximal ideal is a field. In the caseof the local ring Op, this field is isomorphic to the base field F.

Proposition 3.12. Let Op be the local ring of a point p ∈ C. Then Op/mp∼= F.

Proof. This follows from the 1st Isomorphism Theorem. Indeed, the mapφ : Op → F, g → g(p) is a ring homomorphism with kernel mp. Also φ is clearlyonto since Op contains the constants F.


Later we will prove that if p is a non-singular point of C then the maximal idealmp is, in fact, principal. At the same time we will show that when p is non-singular,every rational function g ∈ F(C) either lies in Op or its inverse 1/g lies in Op. Rightnow we will see that this may not be true when p is a singular point (in fact, nevertrue!).

Example 3.13. Let C be the cuspidal cubic y2 = x3 and let p = (0, 0) be itssingular point. Then the function y/x is not regular at p and neither is x/y. Indeed,suppose there exists a representation y/x = a/b with a, b ∈ F[C] and b(p) = 0. Thenyb = xa in F[C], which in F[x, y] means that

yb = xa+ q(y2 − x3)

for some polynomials a, b, q ∈ F[x, y]. Now the fact that b(p) = 0 implies that ybhas a non-zero y-term (why?) and, hence, so does xa+ q(y2 − x3). But every termin xa+ q(y2 − x3) is divisible by x or is divisible by y2, a contradiction. Similarly,you can show that x/y is not regular at p (see Exercise 3.2).

In preparation for the proof of the above statements we will prove the followingtwo lemmas.

Lemma 3.14. Let C be a curve defined by f(x, y) = 0 and p = (p1, p2) ∈ C.Then ∂f

∂y(p) = 0 if and only if y−p2

x−p1∈ Op.

Proof. We may assume that p = (0, 0). The general case is obtained bytranslating the origin of the coordinate system to p = (p1, p2).

(⇒) We will show that y/x ∈ Op. We have

f(x, y) = a10x+ a01y + a20x2 + a11xy + a02y

2 + . . .

= a10x+ a01y + x2f1(x) + xyf2(x, y) + y2f3(y).

By assumption ∂f/∂y|(0,0) = a01 = 0. Therefore, in F[C] we can write:

y (−a01 − xf2(x, y)− yf3(y)) = x(a10 + xf1(x)),

which is equivalent to

y

x=

a10 + xf1(x)

−a01 − xf2(x, y)− yf3(y).

Note that the fraction in the right hand side is defined at (0, 0) since a01 = 0. Inother words, y/x is regular at p = (0, 0).

(⇐) Suppose y/x is regular at p = (0, 0). Then yb = xa for some a, b in F[C]and b(p) = 0. In other words, there exist polynomials a, b, q in F[x, y] such that

yb = xa+ qf, b(0, 0) = 0.

But the latter means that b has a non-zero constant term and, hence, yb has anon-zero y-term. This implies that xa+qf has a non-zero y-term, which, of course,can only appear in qf . Therefore,

0 =∂(qf)

∂y(0, 0) =

∂q

∂y(0, 0) · f(0, 0) +

∂f

∂y(0, 0) · q(0, 0).

Since f(0, 0) = 0 (the point p = (0, 0) lies in C), we see that ∂f

∂y(0, 0) = 0, as

required.


Corollary 3.15. If p = (p1, p2) ∈ C is singular then neither x−p1

y−p2nor y−p2

x−p1

is regular at p.

Lemma 3.16. Let p = (p1, p2) ∈ C and mp be the maximal ideal of Op. Thenmp = x− p1, y − p2.

Proof. As before we may assume that p = (0, 0). We need to show thatmp = x, y. Let g ∈ mp. Then g = a/b for some a, b ∈ F[C] and a(p) = 0, b(p) = 0.Let a(x, y) ∈ F[x, y] be a representative of a ∈ F[C]. Then a(0, 0) = 0, and so wecan write a(x, y) = xa1(x, y) + ya2(x, y) for some ai ∈ F[x, y]. This implies thata = xa1 + ya2 in F[C]. Now we have

g =xa1 + ya2

b= x

a1b

+ ya2b,

where both a1/b and a2/b lie in Op as b(p) = 0. In other words, g ∈ x, y.It remains to recall that mp is a maximal ideal and x, y is a proper ideal, so

mp ⊆ x, y implies mp = x, y. We are ready to prove the first statement we made before Example 3.13.

Proposition 3.17. Let C be an affine curve over F. If p ∈ C is a non-singularpoint then mp is a principal ideal.

Proof. If p is non-singular then either ∂f

∂x(p) = 0 or ∂f

∂y(p) = 0. Without loss

of generality we will assume the latter. Then by Lemma 3.14 g = y−p2

x−p1∈ Op.

Therefore, by Lemma 3.16,

mp = x− p1, y − p2 = x− p1, (x− p1)g = x− p1,

i.e. mp is principal.

Remark 3.18. As it follows from the above proof, if ∂f

∂y(p) = 0 then t = x− p1

generates mp and if ∂f

∂x(p) = 0 then t = y − p2 generates mp. Of course, we should

keep in mind that x−p1 and y−p2 denote elements of Op, not simply polynomials.

3.1.3. Local Parameters.

Definition 3.19. We say that t ∈ Op is a local parameter if for any g ∈ Op wecan write g = utm for some unit u ∈ O∗

pand some non-negative integer m.

Note that if t is a local parameter of Op then t generates the maximal ideal mp.Indeed, every g ∈ mp = O \ O∗ can be written as utm for some m ≥ 1, i.e. g ∈ t.

In the next theorem we show that local parameters exist in the local ring of anon-sigular point.

Theorem 3.20. Let C be an affine curve and let p ∈ C be non-singular. Thenthere exists a local parameter t ∈ Op.

Proof. First, we may assume that p = (0, 0) and ∂f

∂y(p) = 0. By Remark 3.18

mp = x. Now consider a chain of ideals:

Op mp = x x2 x3

. . .

Krull’s intersection theorem says that the intersection ∩i≥1xi is zero. Therefore,for any non-zero g ∈ Op there exists m such that g ∈ xm, but g ∈ xm+1. Theng = uxm for some u ∈ Op. Since u ∈ x = mp (otherwise g ∈ xm+1) we see thatu ∈ Op \mp = O∗

p, i.e. u is a unit.


Remark 3.21. We see from the proof and Remark 3.18 that if ∂f

∂y(p) = 0 then

we can choose t = x − p1 to be a local parameter. Similarly, if ∂f

∂x(p) = 0 then

t = y − p2 is a local parameter. Also, we see that any two local parameters t, t

differ by a unit multiple: t = ut for some u ∈ O∗p, since each of them generates mp.

Theorem 3.22. Let C be an affine irreducible curve and let p ∈ C. Then p isnon-singular if and only if for any g ∈ F(C) either g ∈ Op or 1/g ∈ Op.

Proof. (⇐) Follows from Corollary 3.15.(⇒) Assume p ∈ C is non-singular. By Theorem 3.20 there exists a local

parameter t ∈ Op. Now for any g ∈ F(C) we have g = a/b for some a, b ∈ Op, soa = u1tm1 , and b = u2tm2 , where ui ∈ O∗

pand mi ∈ Z≥0. Then g = u1u

−12 tm1−m2 .

If m1 ≥ m2 then g ∈ Op, if m1 < m2 then 1/g ∈ Op.

3.1.4. Discrete Valuation.

Definition 3.23. Let L be a filed. A surjective map v : L∗ → Z is called adiscrete valuation if

(a) v(fg) = v(f) + v(g),(b) v(f + g) ≥ min(v(f), v(g)).

We will use a convention v(0) = ∞.

It turns out that with every non-singular point p ∈ C we get a discrete valuationon the field of rational functions F(C).

Theorem 3.24. Let C be an affine irreducible curve and let p ∈ C be non-singular. Then the map

vp : F(C)∗ → Z, g → m,

where g = utm for u ∈ O∗p, m ∈ Z, is a discrete valuation.

Proof. By Theorem 3.20 and Theorem 3.22, there exists t ∈ Op such thatevery g ∈ F(C) can be written as g = utm for some u ∈ O∗

pand m ∈ Z. You

should check that the map vp does not depend on the choice of t (use the fact thatany two local parameters differ by a unit multiple). Now suppose g1 = u1tm1 andg2 = u2tm2 and assume m1 ≤ m2. Then

g1g2 = u1u2tm1+m2 , so vp(g1g2) = vp(g1) + vp(g2).

Also we have g1 + g2 = (u1 + u2tm2−m1)tm1 . Note that u1 + u2tm2−m1 lies in Op,so vp(u1 + u2tm2−m1) ≥ 0. Therefore,

vp(g1 + g2) = vp(u1 + u2tm2−m1) + vp(t

m1) ≥ m1 = min(vp(g1), vp(g2)).

Finally, vp is surjective as vp(tm) = m for any m ∈ Z and tm ∈ F(C).

Now we will consider the case when C is an irreducible projective curve. Wecan translate all the above definition as follows. Let C be defined by a homogeneouspolynomial F (x, y, z).

Definition 3.25. The quotient ring F[C] = F[x, y, z]/F is called the homo-geneous coordinate ring of C. The field of rational functions F(C) is

F(C) =

G

H| G,H ∈ F[x, y, z]d, d ∈ Z≥0

,


where G/H = G/H if and only if GH = HG in F[C], i.e. GH − HG ∈ F .Here F[x, y, z]d is the subspace of homogeneous polynomials of degree d.

The reason we need the degree of G and H be the same is so the value ofg = G/H at a point (x : y : z) ∈ P2 is well-defined. Indeed, if p = (x : y : z) =(λx : λy : λz) then

g(p) =G(λx,λy,λz)

H(λx,λy,λz)=

λdG(x, y, z)

λdH(x, y, z)=

G(x, y, z)

H(x, y, z).

Just as in the affine case you should check that the value g(p) does not depend onthe representation g = G/H.

Definition 3.26. Let p ∈ C. We say that g ∈ F(C) is regular at p if we canwrite g = G/H such that H(p) = 0. They form the local ring Op ⊂ F(C) at thepoint p.

As before Op has a unique maximal ideal mp. If p is a non-singular point of Cand it lies in the affine part z = 1 then we can choose either t = x−p1z

zor t = y−p2z

z

to be a local parameter (a generator for mp). Therefore we can define the discretevaluation vp : F(C) → Z in the same way we did it in Theorem 3.24.

Example 3.27. Let C be the conic F (x, y, z) = yz−x2 = 0 in P2 and considerthe rational function g = y/x in F(C).

(a) Let p = (0 : 0 : 1). What is vp(g)? We have

g =y

x=

xy

x2=

xy

yz=

x

z,

which shows that g is regular at p. Now p lies in the affine part z = 1,where C is defined by f(x, y) = F (x, y, 1) = y−x2. Note that ∂f

∂y= 1 = 0,

so x/z ∈ F(C) is a local parameter at p. Therefore vp(g) = 1.(b) Now let us consider the infinite point p = (0 : 1 : 0) on C. It lies in the

affine part y = 1 where C is defined by f(x, z) = z − x2. Similarly tothe previous case ∂f

∂z= 1 = 0, so x/y is a local parameter at p. Since

g = (x/y)−1 we have vp(g) = −1. In this case we will say that g has apole of order 1 at p.

Example 3.28. Let C be the conic F (x, y, z) = yz − x2 = 0 in P2 as before,and consider the rational function g = x−z

x+zin F(C).

(a) Let p1 = (1 : 0 : 1) and p2 = (−1 : 0 : 1). We can choose x−z

zto be a local

parameter at p1. Then

g =x− z

x+ z=

z

x+ z

x− z

z

.

Note that the first factor in the right hand side is a unit in Op2 (it takesa non-zero value at p1), hence, by definition vp1(g) = 1.

Similarly, x+z

zis a local parameter at p2 and we have

g =x− z

x+ z=

x− z

z

x+ z

z

−1

,

so vp2(g) = −1.(c) Let p = (0 : 1 : 0). Since g is regular and non-zero at p it lies in Op \mp,

i.e. is a unit. Therefore vp(g) = 0.


Definition 3.29. Let C be an irreducible curve and p a non-singular pointon C. For g ∈ F(C) we call vp(g) the order of g at p. If vp(g) = k > 0 we say thatg has a zero of order k at p. If vp(g) = −k < 0 we say that g has a pole of order kat p.

The following theorem shows the difference between the affine and the projec-tive case.

Theorem 3.30. Let K be an algebraically closed field.

(1) If C is an affine curve over K then the set of rational functions regular atevery point of C coincides with K[C].

(2) If C is a projective curve over K then the set of rational functions regularat every point of C consists of constants only, i.e. equals K.

Although we will not prove this important theorem it should remind you ofLiouville’s theorem from complex analysis which says that the only bounded entirefunctions (which are the regular functions on P1

C) are constants.

3.2. Divisors

3.2.1. The divisor group. Let C be a smooth irreducible projective curveover K, an algebraically closed field.

Definition 3.31. A divisor D on C is a formal sum

D =

p∈C

ap p,

where ai ∈ Z and ap = 0 for all but finitely many p ∈ C.

You can think of this as an abstract generalization of the notion of the intersec-tion of two curves that we studied in Section 2.4. Indeed, C ∩E consists of finitelymay points p ∈ C with some multiplicities (intersection numbers) ap = (C ·E)p ∈ Z.Here are a few related definitions.

Definition 3.32. The support of a divisor D =

p∈Cap p is the set

SuppD = p ∈ C | ap = 0.

The degree of D is the integer

degD =

p∈C

ap.

Proposition 3.33. The set of all divisors on C forms an Abelian group Div(C).The degree map

deg : Div(C) → Z, D → degD

is a surjective group homomorphism.

Proof. First, naturally we can define the addition operation on Div(C): IfD1 =

p∈C

ap p and D2 =

p∈Cbp p. Then

D1 +D2 =

p∈C

(ap + bp) p ∈ Div(C).

3.2. DIVISORS 75

The identity element is O =

p∈Cap p with ap = 0 for all p ∈ C (i.e. the divisor

with empty support) and the additive inverse of D =

p∈Cap p is

−D =

p∈C

(−ap) p.

You should check all the group axioms yourself.Second, the degree map is a group homomorphism:

deg(D1 +D2) =

p∈C

(ap + bp) =

p∈C

ap +

p∈C

bp = degD1 + degD2.

Also it is surjective, since for any m ∈ Z the divisor mp (where p is some fixedpoint of C) has degree m.

Definition 3.34. A divisor D =

p∈Cap p is effective if ap ≥ 0 for every

p ∈ C. We will write D ≥ 0 to indicate that D is effective.

Example 3.35. Let g ∈ K(C) be a rational function not identically zero. Definethe divisor of g

(g) =

p∈C

vp(g) p,

where vp(g) is the order of g at p ∈ C. We also define the divisor of zeroes of g andthe divisor of poles of g

(g)0 =

vp(g)>0

vp(g) p, (g)∞ =

vp(g)<0

(−vp(g)) p.

Note that both (g)0 and (g)∞ are effective divisors and (g) = (g)0 − (g)∞.

Definition 3.36. A divisor D ∈ Div(C) is called principal if D = (g) for somerational function g ∈ K(C)∗.

Proposition 3.37. The degree of a principal divisor equals zero.

Proof. Let D = (g) where g = G/H for some homogeneous polynomialsG,H ∈ K[x, y, z] of the same degree m. Let CG and CH be the projective curvesdefined by G and H, respectively. Then

(g)0 =

p∈CG∩C

(CG · C)p p, (g)∞ =

p∈CH∩C

(CH · C)p p.

By Bezout’s theorem deg(g)0 =

(CG · C)p = mn and deg(g)∞ =

(CH · C)p =mn, where n = degC. Therefore deg(g) = nm− nm = 0.

Now we are going to define an equivalence relation on the group of divisors.

Definition 3.38. Two divisors D1, D2 ∈ Div(C) are called equivalent if D1 −

D2 is principal. We will write D1 ∼ D2 in this case.

In fact, the set of principal divisors forms a subgroup P(C) of Div(C) and theequivalence classes of divisors are the elements of the quotient group Div(C)/P(C).

Proposition 3.39. The set of principal divisors P(C) forms a subgroup ofDiv(C).


Proof. First, P(C) is non-empty since K(C)∗ is non-empty. For example,every non-zero constant c defines the zero divisor (c) = O in Div(C). Now for anyD1, D2 ∈ P(C) we have

D1 −D2 = (g1)− (g2) = (g1/g2).

Indeed, vp(g1/g2) = vp(g1) + vp(1/g2) = vp(g1) − vp(g2) for any p ∈ C, by theproperties of the valuation. Therefore, D1−D2 ∈ P(C), so P(C) is a subgroup.

Definition 3.40. The quotient group Div(C)/P(C) is called the class groupof C and is denoted by Cl(C). We will also write [D] to denote the class in Cl(C)containing D.

Putting all these definitions together we see that D1 ∼ D2 if and only if D1 =D2 + (g) for some g ∈ K(C)∗ if and only if [D1] = [D2] in Cl(C).

We also remark that the degree homomorphism deg : Div(C) → Z inducesthe degree homomorphism deg : Cl(C) → Z defined by deg([D]) = degD. It iswell-defined since deg(D + (g)) = degD + deg (g) = degD, by Proposition 3.37.

3.2.2. The Riemann–Roch Space of a divisor.

Definition 3.41. Let D ∈ Div(C). The Riemann–Roch space of D is the set

L(D) = f ∈ K(C)∗ | (f) +D ≥ 0 ∪ 0.

In other words L(D) consists of rational functions f which make the divisor(f) +D effective. More explicitly, if we write D =

p∈C

ap p as a difference of twoeffective divisors

D =

ap>0

ap p−

ap<0

(−ap) p = D+ −D−, D+ ≥ 0, D− ≥ 0,

then f ∈ K(C)∗ if and only if it has a zero at every p ∈ SuppD− of order at leastap and a pole at every p ∈ SuppD+ of order at most ap.

Example 3.42. Let C be the projective line y = 0 in P2.

(a) Consider the divisor D = 3 ·∞− 2 · 1, where 1 = (1 : 0 : 1) and ∞ = (1 :0 : 0). Then D = D+ −D− where D+ = 3 ·∞ and D− = 2 · 1. A rationalfunction f lies in L(D) if and only if it has a zero at 1 of order at least2 and a pole at ∞ of order at most 3. Note that f may have zeroes atother points, but no more poles. We can write such f explicitly:

f(x, z) =G(x, z)(x− z)k1

zk2, k1 ≥ 2, k2 ≤ 3,

for some homogeneous G ∈ K[x, z] of degree k2 − k1. The above inequali-ties imply that 0 ≤ degG ≤ 1 and, hence, we can write

f(x, y) =(a0z + a1x)(x− z)2

z3, a0, a1 ∈ K.

In particular, we see that L(D) is a 2-dimensional vector space over K

L(D) = spanK

(x− z)2

z2,x(x− z)2

z3

.

3.2. DIVISORS 77

Note that we can also use rational functions in a local parameter to de-scribe L(D). If we put t = x/z, a local parameter at the origin, then wecan write

L(D) = spanK(t− 1)2, t(t− 1)2

.

(b) Now let D = m ·∞, m ∈ Z. Then f ∈ L(D) if and only if it has the onlypole at ∞ of order at most m. Thus we can write

L(D) =

F (x, z)

zk| degF = k, k ≤ m

.

Alternatively, using t = x/z to dehomogenize the above polynomials, wecan write

L(D) = f(t) ∈ K[t] | deg f ≤ m ,

so L(D) is a vector space over K of dimension m+ 1.

In general, finding the dimension of L(D) is tricky. Later we will introduce theRiemmann–Roch theorem that can help to compute dimL(D). Right now we willprove that dimL(D) is always finite by estimating it from above.

Theorem 3.43. Let D be a divisor on C. Then L(D) is a finite dimensionalvector space over K of dimension at most degD + 1.

Proof. First, let us check that L(D) is indeed a vector space. By definition0 ∈ L(D). Next, for any f ∈ L(D) and any c ∈ K∗ we have (cf) = (f), socf ∈ L(D). Now let f1, f2 ∈ L(D) and so (f1) + D ≥ 0, (f2) + D ≥ 0. Moreexplicitly, let D =

p∈C

ap p, then vp(fi) ≥ −ap for i = 1, 2 and for every p ∈ C.On the other hand, by the properties of a discrete valuation

vp(f1 + f2) ≥ min (vp(f1), vp(f2)) ≥ −ap, ∀p ∈ C,

and so (f1 + f2) +D ≥ 0. Therefore, f1 + f2 ∈ L(D).To prove the estimate on dimL(D) we first show that it is enough to assume

that D is effective and then use induction on degD ≥ 0. Indeed, if we writeD = D+ − D− with effective D+, D− then it is easy to see that L(D) ⊆ L(D+)(check that!) and, hence, an upper bound for dimL(D+) serves as an upper boundfor dimL(D) as well.

Now assume D is effective. The base of induction is simple: If D ≥ 0 anddegD = 0 then D = 0. In this case

L(0) = f ∈ K(C)∗ | (f) ≥ 0 ∪ 0 = f ∈ K(C)∗ | vp(f) ≥ 0, ∀p ∈ C ∪ 0,

i.e. L(0) consists of rational functions which are regular everywhere on C. ByTheorem 3.30, they are only constants, so L(0) = K. Therefore, dimL(0) = 1 =degD + 1.

Suppose D ≥ 0 and degD > 0. Let p ∈ Supp(D), so ap > 0, and let tp bea local parameter at p ∈ C. For any f ∈ L(D) we have vp(f) + ap ≥ 0, hence,vp(tapf) ≥ 0. In other words, tapf is regular at p and so its value at p is defined.Consider the map

φ : L(D) → K, f → (tapf)(p).

This is clearly a linear map with the kernel

Kerφ = f ∈ L(D) | vp(tapf) > 0 = f ∈ L(D) | vp(f)+(ap−1) ≥ 0 ⊆ L(D−p).


Since deg(D − p) < degD we may apply the inductive hypothesis:

dimL(D − p) ≤ deg(D − p) + 1 = degD.

Now from linear algebra

dimL(D) = dimKerφ+ dim Imφ ≤ dimL(D − p) + dimK ≤ degD + 1.

From now on we will be denoting the dimension of L(D) by (D). Next we will

show that (D) is invariant of the class of D in Cl(C).

Proposition 3.44. (D) is independent of the choice of D in [D] ∈ Cl(C) =Div(C)/P(C).

Proof. Suppose D1 ∼ D2 in Cl(C), i.e. D1 = (f0) +D2 for some f0 ∈ K(C).Consider the map

φ : L(D1) → L(D2), f → f0f.

This is well-defined since f ∈ L(D1) implies (f)+D1 ≥ 0, i.e. (f) + (f0) +D2 ≥ 0,and so (f0f) +D2 ≥ 0, which means f0f ∈ L(D2). Also the map is linear. On theother hand

φ−1 : L(D2) → L(D1), g → f−10 g

is the inverse of φ, hence, φ is an isomorphism of vector spaces, φ : L(D1) ∼= L(D2).Therefore, (D1) = (D2).

Example 3.45. Once again, let C be the projective line P1. This time we willuse a local parameter t (e.g. if C is given by y = 0 then we can take t = x/z to bea local parameter at the origin). Since P1 = A1 ∪ ∞, any divisor on P1 can bewritten as

D = a1 · p1 + · · ·+ ak · pk + a0 ·∞

for some pi ∈ A1 and ai ∈ Z. Now consider

f(t) = (t− p1)a1 · · · (t− pk)

ak ∈ K(t).

Then

(f) = (f)0 − (f)∞ = a1 · p1 + · · ·+ ak · pk −

k

i=1

ai·∞.

This implies that

D − (f) = k

i=0

ai·∞ = (degD) ·∞.

Therefore, any divisor D on P1 is equivalent to (degD) ·∞.

This observation produces the following formula for (D) for any effective di-visor on P1. This is, in fact, an instance of the Riemann–Roch formula which wewill discuss in Section 3.4.

Proposition 3.46. Let D be an effective divisor on P1. Then (D) = degD+1.

Proof. We have seen in Proposition 3.44 that (D) is independent of thechoice of D in [D]. On the other hand, D is equivalent to (degD) · ∞. Also, byExample 3.42, ((degD) ·∞) = degD + 1.

In particular, we see that the bound on (D) from Theorem 3.43 is attainedon P1.

3.3. DIFFERENTIAL FORMS 79

3.3. Differential Forms

In this section we will define differential forms on algebraic curves, which is ageneralization of the usual differential dx from calculus or complex analysis. Theidea is that a differential form may look different in different part of the curve.We will start with an example of a differential form on P1. You may find thisconstruction familiar if you have studied the residue theory in complex analysis.

Example 3.47. Consider the projective line P1 = A1∪∞ with homogeneouscoordinates (x : z). We can choose t = x/z for a local parameter at the origin (0 : 1)Then u = 1/t = z/x is a local parameter at infinity (1 : 0). Now the differential dtis defined in the affine part U1 = z = 0 and the differential − 1

u2 du is defined inthe affine part U2 = x = 0. Moreover, in the intersection U1 ∩ U2 they coincide:

dt = d 1

u

= −

1

u2du.

In this situation we can say that they define a differential form ω on P1.

Let us see how this can be generalized.

3.3.1. Differential Forms. First, we would like to define what df is whenf is a regular function on a curve C. Our definition is motivated by the familiarnotion of the Taylor series. Let f be a rational function in a variable t. If it isregular at p ∈ P1 then it has a Taylor series expansion

f = f(p) + f (p)t+f (p)

2t2 + . . .

The second term dpf = f (p)t is a linear function in t which is the value of thedifferential df at p. We can extract it by considering f − f(p) modulo higher orderterms, i.e. terms divisible by t2.

Now let C be a smooth curve over K and p ∈ C. Then there exists a localparameter t ∈ K(C) such that t = mp ⊂ Op. Now for any f ∈ Op we have

f − f(p) ∈ mp = t.

Note that mp ⊃ m2p= t2 and we can consider the quotient space mp/m2

p= t/t2,

called the cotangent space at p.

Definition 3.48. The differential dpf at p is the class of f − f(p) in mp/m2p,

i.e.dpf = f − f(p) mod m2

p.

This defines a mapdp : Op → mp/m

2p, f → dpf.

Proposition 3.49. The map dp is a linear map of K-vector spaces which sat-isfies the Leibniz rule

dp(f · g) = dpf · g + f · dpg.

Proof. First, for any f, g ∈ Op and c ∈ K we have

dp(f+g) = f+g−(f(p)+g(p)) mod m2p= (f−f(p))+(g−g(p)) mod m2

p= dpf+dpg,

dp(cf) = cf − cf(p) mod m2p= c(f − f(p)) mod m2

p= c dpf,

so dp is a linear map. Now

(3.1) dp(f · g) = f · g − (f(p) · g(p)) mod m2p.


On the other hand,

dpf · g + f · dpg = (f − f(p))g + f(g − g(p)) mod m2p

= 2f · g − f(p) · g − f · g(p) mod m2p.(3.2)

Subtracting (3.1) from (3.2) and factoring the right hand side we obtain

dp(f · g)− (dpf · g + f · dpg) = (f − f(p))(g − g(p)) mod m2p.

Since both f − f(p) and g − g(p) lie in mp, their product lies in m2p. Therefore,

dp(f · g)− (dpf · g + f · dpg) = 0 mod m2p,

as required. Example 3.50. Let t be a local parameter at a non-singular point p ∈ C. By

definition, dpt = t − t(p) = t mod m2p. So we see that dpt spans the 1-dimensional

cotangent space mp/m2p= t/t2.

Now we are ready to define differential forms in general.

Definition 3.51. Let C be a smooth projective curve and let C = U1∪· · ·∪Uk,where each Ui = C \ finite set of pts is an open subset. Suppose on every Ui weassign fidti, where fi ∈ K(C) and for every p ∈ Ui the function ti − ti(p) is a localparameter at p ∈ Ui. Suppose furthermore that fidti = fjtj on every intersectionUi ∩Uj . Then the collection of open sets Ui together with fidti is called a rationaldifferential form ω on C. We will write ω = fidti on Ui.

If for every i the function fi is regular on Ui then the form ω is called a regulardifferential form on C.

We set the following notation:

Ω(C) is the K-vector space of all rational differential forms on C,

Ω[C] is the K-vector space of all regular differential forms on C.

Example 3.52. Let C be a projective cubic given by X3 + Y 3 + Z3 = 0. (Weuse (X : Y : Z) to denote the homogeneous coordinates in P2.) Consider the opensets

U1 = (X : Y : Z) ∈ C | Y = 0, Z = 0,

U2 = (X : Y : Z) ∈ C | X = 0, Z = 0,

U1 = (X : Y : Z) ∈ C | X = 0, Y = 0.

The union U1 ∪ U2 is the affine part of C with affine coordinates x = X/Z andy = Y/Z and the affine equation x3 + y3 + 1 = 0. Furthermore, dx/y2 is regularon U1 and −dy/x2 is regular on U2. Moreover, they coincide on the intersectionU1∩U2. Indeed, on U1∩U2 the curve is given by x3+y3+1 = 0, so d(x3+y3+1) = 0.By the properties of the differential we obtain

3x2dx+ 3y2dy = 0, i.e.dx

y2= −

dy

x2on U1 ∩ U2.

So far we have defined a differential form on U1 ∪ U2. Now on U3, Z may takevalue zero so we choose affine coordinates u = X/Y , v = Z/Y and so the equationof the curve becomes u3 + 1 + v3 = 0. The (x, y)- and the (u, v)-coordinates arerelated as follows:

x =X

Z=

X

Y

Y

Z=

u

v, y =

Y

Z=

1

v.

3.3. DIFFERENTIAL FORMS 81

Thus dx/y2 on U1 ∩ U3 can be written

dx

y2= v2d

uv

= v2

vdu−−dv

v2= vdu− udv,

which is regular in U3. Similarly, on U2 ∩ U3 we have

−dy

x2= −

v2

u2d1v

=

1

u2dv.

Again it is regular in U3. In fact, the two expressions coincide:

d(u3 + 1 + v3) = 0 ⇒ du = −v2

u2dv ⇒ vdu− udv =

−

v3

u2− u

dv =

1

u2dv,

where we used that −u3 − v3 = 1 on C.Summarizing, we have constructed a regular differential form ω ∈ Ω[C] such

that ω = dx/y2 on U1, ω = −dy/x2 on U2, and ω = dv/u2 on U3.

3.3.2. The Canonical Class. Similar to the divisor of a rational function wecan define the divisor of a differential form (ω) for ω ∈ Ω(C).

Definition 3.53. Let ω ∈ Ω(C) be a rational differential form on C. LetC = U1 ∪ · · · ∪ Uk be an open cover and ω = fidti on Ui. Define the divisor of ω

(ω) =

p∈C

vp(fi) p,

where for every p ∈ C we choose i such that Ui contains p.

Note that there is a bit of freedom in this definition: there could be several Ui

containing p. Let’s see that the definition does not depend on which Ui p wechoose. If p ∈ Ui∩Uj then fidti = fjdtj in Ui∩Uj . This implies that fi/fjdti = dtjand fj/fidtj = dti, hence, fi/fj is regular and non-zero in Ui ∩ Uj . But then(fi/fj) = 0 on Ui ∩ Uj , and so (fi) = (fj) on Ui ∩ Uj . Therefore, vp(fi) = vp(fj).

Now what does the class of (ω) in Cl(C) = Div(C)/P(C) look like? By defini-tion, (ω) and (gω), for g ∈ K(C), belong to the same class in Cl(C). We will showthat the divisors of any two forms belong to the same class in Cl(C). Let ω, ω betwo rational differential forms on C and (Ui, fi) | 1 ≤ i ≤ k, (U

i, f

i) | 1 ≤ i ≤ k

the corresponding open sets and rational functions. We can, in fact, assume thatk = k and Ui = U

i; if not we can consider a common refinement of the two open

coverings, i.e. the collection Ui| 1 ≤ i ≤ k ∪ U i| 1 ≤ i ≤ k. Second, we can

assume that ω = fidti and ω = f idti on Ui since we can change the local parameter

from tito ti and that will result in replacing the rational function f

iwith another

rational function. Finally, we have a collection of rational functions fi/f ion Ui,

for 1 ≤ i ≤ k such that fi/f i= fj/f

jon Ui ∩ Uj . But if two rational functions

coincide on an open set Ui ∩ Uj they must come from a unique rational functionon Ui ∪ Uj . This shows that there exists a rational function g ∈ K(C) such thatg = fi/f

ion Ui for every 1 ≤ i ≤ k. In other words, any two rational forms ω, ω

on C are proportional:

ω = gω, for some g ∈ K(C),

i.e. (ω) and (ω) lie in the same equivalence class in Cl(C). This shows that allrational forms define a unique class in Cl(C). This class is called the canonical classon C and is denoted by KC (or simply K if it is clear what curve we are workingwith).


Example 3.54.

(a) Let C = P1 = A1 ∪ ∞ be the affine line with homogeneous coordinates(x : z) and a local parameter t at the origin and u = 1/t at infinity.Consider the form ω0 = dt in the open set z = 0 and ω0 = −du/u2 inthe open set x = 0. Note that ω0 has a pole at ∞ = (1 : 0) of order two.Hence, (ω0) = −2 · ∞ and the canonical class KP1 = [−2 · ∞] ∈ Cl(P1).Any rational form on P1 looks like ω = f(t)dt = f(t)ω0 in z = 0. We have(ω) = (f)− 2 ·∞, i.e. (ω) ∼ (ω0), so again we see that all rational formsdefine the same class in Cl(P1). In particular, notice that degKP1 = −2.

(b) Let C be the curve from Example 3.52, i.e. C = X3+Y 3+Z3 = 0 ⊂ P2.We have seen that there is a differential form ω0 on C which is regulareverywhere on C. Moreover, we saw that it does not take value zero in anyof the open sets where it is defined. Therefore, (ω0) = 0 ∈ Div(C). Thisimplies that KC = [0] ∈ Cl(C) and degKC = 0. We can also describe allregular forms on C:

Ω[C] = fω0 | f is regular on C = cω0 | c ∈ K = spanKω0.

In particular, dimK Ω[C] = 1.

In turns out that dimK Ω[C] = g, the genus of the curve C.

Theorem 3.55. Let C ⊂ P2 be a smooth projective curve with homogeneousequation F (X,Y, Z) = 0. Let f(x, y) = 0 be the affine equation of C. Then

Ω[C] =

hdx

∂f/∂y| h ∈ K[x, y], deg h ≤ degC − 3

.

Here hdx

∂f/∂yis the representation of a rational form in the open set ∂f/∂y = 0.

Proof. Let x = X/Z, y = Y/Z be the affine coordinates in Z = 0 and letu = X/Y , v = Z/Y be the affine coordinates in Y = 0. These coordinates arerelated by

x =u

v, y =

1

v.

In these open sets the curve is given by f(x, y) = 0 in Z = 0 and by g(u, v) =vnf(u/v, 1/v) = 0, where n = degC. We consider the following open cover of C:

U1 = (x : y : 1) | ∂f/∂y = 0, U2 = (x : y : 1) | ∂f/∂x = 0,

U3 = (u : 1 : v) | ∂g/∂v = 0, U4 = (u : 1 : v) | ∂g/∂u = 0.

The form dx

∂f/∂yis regular on U1 and the form −

dy

∂f/∂xis regular on U2. Moreover,

they coincide on the intersection U1 ∩ U2. Indeed, since f = 0 on C we have

0 = df =∂f

∂xdx+

∂f

∂ydy ⇒

dx

∂f/∂y= −

dy

∂f/∂xin U1 ∩ U2.

Similarly, the form −vn−3

du

∂g/∂vis regular on U3 and the form v

n−3dv

∂g/∂uis regular on

U4 and they coincide on U3 ∩U4. In fact, these four forms define a regular form onC. We need to check that they agree on U1 ∩ U3, U1 ∩ U4, U2 ∩ U3, and U2 ∩ U4.From g(u, v) = vnf(u/v, 1/v) we have

∂g

∂u= vn

∂f

∂x

∂x

∂u= vn−1 ∂f

∂xand dy = d

1

v

= −

dv

v2.

3.4. THE RIEMANN–ROCH FORMULA 83

Therefore, on U2 ∩ U4 we have

−dy

∂f/∂x=

vn−3dv

∂g/∂u.

The rest is similar.Now for any polynomial h(x, y) the form hω0 is clearly regular in U1 ∪U2. On

U3∪U4 we have h(x, y) = h(u/v, 1/v), so if deg h ≤ n−3 then vn−3h(u/v, 1/v) is apolynomial in u, v. Therefore, the form hω0 is also regular in U3 ∪ U4. This showsthat

hω0 | h ∈ K[x, y], deg h ≤ n− 3 ⊆ Ω[C].

On the other hand, any rational form looks like hω0 for some rational functionh ∈ K(C). If h is not a polynomial then hω0 is not regular in U1 ∪ U2 and ifdeg h > n − 3 then hω0 is not regular at the infinite points of C (where v = 0).Therefore,

hω0 | h ∈ K[x, y], deg h ≤ n− 3 = Ω[C].

This theorem has an important corollary which provides an alternative way to

define the genus of a curve.

Theorem 3.56. Let C be a smooth projective curve in P2. Then

dimK Ω[C] = g,

where g is the genus of the curve C.

Proof. Let n = degC. By the previous theorem the following differentialforms are regular and span Ω[C]

B =

xiyjdx

∂f/∂y| i+ j ≤ n− 3, i ≥ 0, i ≥ 0

.

In fact, it is a basis for Ω[C]. Indeed, if there exist cij ∈ K such that

cijxiyjdx

∂f/∂y

defines the zero form on C then the rational function h(x, y) =

cijxiyj

∂f/∂yis zero on

the open set ∂f/∂y = 0 and, hence, zero everywhere on C. But then f(x, y)|h(x, y)and deg h ≤ n − 3 so h(x, y) is the zero polynomial. This implies that cij = 0 forany i, j, i.e. the set B is linearly independent.

It remains to notice that B hasn−3+2

2

= (n−1)(n−2)

2 elements and g =(n−1)(n−2)

2 by the Plucker formula (see Theorem 2.98).

3.4. The Riemann–Roch Formula

Let C be a smooth projective curve over K and D a divisor on C. In Sec-tion 3.2.2 we defined the Riemann–Roch space L(D). The Riemann–Roch formularelates all the notions we introduced before: the dimension (D) of L(D), the de-gree of D, the genus, and the dimension of the space L(KC −D), where KC is thecanonical class of C. Here is the statement.

Theorem 3.57. (The Riemann–Roch formula) Let C be a smooth projectivecurve over K and D ∈ Div(C). Then

(D)− (KC −D) = degD − g + 1,

where KC is the canonical class and g is the genus of the curve.


We will prove this theorem in some special cases, the proof of the general caseis beyond the scope of our course.

In fact, when C = P1 and D is effective we have already proved the Riemann–Roch formula in Proposition 3.46. Indeed, P1 has genus zero and (KP1 − D) =(−2∞−D). Note that the degree of −2∞−D is negative and in Exercise 3.4 youwill show that (D) = 0 if degD < 0. Hence, (KP1 −D) = 0. The Riemann–Rochformula becomes

(D) = degD + 1,

as in Proposition 3.46. For arbitrary D on P1 you will prove the Riemann–Rochtheorem in Exercise 3.5. The idea is the same, any D is equivalent to m∞ for somem ∈ Z. Consider the three cases m > 0, m = 0, and m < 0 separately.

Now we will deduce several important facts from the Riemann–Roch formula.

Corollary 3.58. Let C be a smooth projective curve over K. Then

degKC = 2g − 2 = −χ(C).

(Recall that χ(C) is the Euler characteristic of C.)

Proof. Put D = KC in the Riemann–Roch formula. Then

(KC)− (0) = degKC − g + 1.

As we saw in the proof of Theorem 3.43, (0) = 1. Also

L(KC) = f ∈ K(C)∗ | (f) +KC ≥ 0 ∪ 0 = f ∈ K(C)∗ | (fω0) ≥ 0 ∪ 0,

where ω0 is some rational form on C. Remember that any rational form on C lookslike fω0 for some f ∈ K(C). Also, the condition (fω0) ≥ 0 means that fω0 is aregular form on C. Thus, L(KC) is isomorphic (as a vector space) to the space of allregular forms Ω[C]. Therefore, (KC) = dimK Ω[C] = g, by Theorem 3.56. Puttingeverything together we obtain degKC = 2g − 2 = −χ(C) (see Theorem 2.92).

The following corollary allows us to compute the dimension of L(D) when thedegree of D is sufficiently large.

Corollary 3.59. Let C be a smooth projective curve over K and D ∈ Div(C).If degD ≥ 2g − 1 then

(D) = degD − g + 1.

Proof. If degD ≥ 2g − 1 then

deg(KC −D) = 2g − 2− degD ≤ 2g − 2− (2g − 1) = −1 < 0.

Hence, by Exercise 3.4, (KC −D) = 0, and by the Riemann–Roch formula

(D) = degD − g + 1.

Corollary 3.60. Any smooth curve of g = 0 is isomorphic to P1, i.e. there

exists a rational function f : C → P1 which is onto and one-to-one.

Proof. Choose any p ∈ C and apply the Riemann–Roch formula for D = p.We get

(p)− (KC − p) = 1− 0 + 1 = 2 ⇒ (p) ≥ 2.

This implies that the Riemann–Roch space L(p) contains a non-constant rationalfunction f . Since (f) + p ≥ 0 the function f has only one pole at p and this is


a simple pole. (If f has no poles then f is regular and, hence, a constant.) Wethus have f(p) = ∞ and f−1(∞) = p. To show f is a bijection let q ∈ P1 \ ∞

and consider the function f − q ∈ K(C). Remember that the degree of a principaldivisor (f − q) is zero and

(f − q) = (f − q)0 − (f − q)∞ = (f − q)0 − p,

so there is a unique point p ∈ C such that (f − q)0 = p, i.e. f(p) = q. Therefore,f is a bijection.

3.4.1. The case of cubics. Recall that any divisor on P1 is equivalent tom∞ where m = degD. The situation with cubics is similar, although slightlymore complicated.

Let C be a smooth cubic over K and fix any point p0 ∈ C. We have thefollowing.

Proposition 3.61. Any divisor D on C is equivalent to p + mp0 for somep ∈ C and m = degD − 1.

Proof. First assume that D is effective. We use induction on m = degD− 1.If m = 0 then D = p and we are done. For m > 0 we can write D = D + q forsome q ∈ C and effective D. By the inductive hypothesis D ∼ p + (m− 1) p0 forsome p ∈ C and, hence,

D = D + q ∼ p + q + (m− 1) p0.

Once we show that p + q ∼ p+ p0 for some p ∈ C we are done. Consider the lineL1 containing p and q. It intersects C at one more point (by Bezout’s theorem),call it q. Now let L2 be the line containing q and p0. It intersects C at one morepoint which we call p. Now let li = 0 be an equation of Li and consider the rationalfunction f = l1/l2 ∈ K(C). We have

(f) = (f)0 − (f)∞ = (p + q + q)− (q + p0 + p) = (p + q)− (p+ p0),

which shows that p + q ∼ p + p0. Note that if p = q then we need L1 to be thetangent line to C at p. Similarly, in the other cases when some of the above pointscoincide.

Now, in general, D = D+ − D− for some effective divisors D+ and D−. Bythe previous case D+ ∼ p+ + m+ p0 and D− ∼ p− + m− p0 for some p+, p− ∈ Cand m+ = degD+ − 1, m− = degD− − 1. Then D ∼ p+ − p− + (m+ − m−) p0.It remains to show that p+ − p− ∼ p − p0 for some p ∈ C which is similar to theprevious argument.

Let us now see what the Riemann–Roch formula for a smooth cubic C lookslike. We know that C has genus one and since dimK Ω[C] = g = 1 there exists aregular form ω0 on C which spans (over K) the space of all regular forms. Then(ω0) ≥ 0 and deg(ω0) = 2g − 2 = 0 imply that (ω0) = 0. Therefore, KC = 0. TheRiemann–Roch formula becomes

(D)− (−D) = degD.

Note that if degD > 0 then (−D) = 0 by Exercise 3.4 and the Riemann–Rochsimplifies to

(D) = degD.


Similarly, if degD < 0 then (D) = 0 and the Riemann–Roch says (−D) =deg(−D), which is the same statement as above.

If degD = 0 then D ∼ p − p0 for some p ∈ C by Proposition 3.61 (rememberp0 represents a fixed point in C). Hence

L(D) ∼= L(p− p0) = f ∈ K(C)∗ | (f) + p− p0 ≥ 0 ∪ 0.

The condition (f) + p − p0 ≥ 0 means that f must have a zero at p0. Also theonly point f may have a pole at is p and, in fact, f must have a (simple) pole atp, otherwise it would be a constant (the zero constant). Thus, (f) = p0 − p. Butthis means that f : C → P1 is an isomorphism (see the proof of Corollary 3.60),which is impossible as C has genus one and P1 has genus zero. Therefore no suchf ∈ K(C)∗ exists and L(D) = 0. Similarly, L(−D) ∼= L(p0 − p) = 0 and theRiemann–Roch theorem is trivial.

We have shown that in the case of cubics the Riemann–Roch formula is equiv-alent to the following statement.

Theorem 3.62. Let C be a smooth cubic over K and D ∈ Div(C) such thatdegD > 0. Then (D) = degD.

Proof. First we show that (D) ≤ degD. Recall that (D) ≤ degD + 1 (seeTheorem 3.43). Assume (D) = degD+1. Then using the same argument as in theproof of Theorem 3.43 (induction on degD) we see that (p) = 2. We already sawin the proof of Corollary 3.60 that this implies that C is isomorphic to P1, whichis not the case for a smooth cubic. Therefore, (D) ≤ degD.

Now, let’s show that (D) ≥ degD. The idea is to construct sufficiently manylinearly independent elements of L(D). Recall that D ∼ p +mp0 for some p ∈ Cand m = degD − 1 ≥ 0. Therefore, all we need to show is (p+mp0) ≥ m+ 1 forany m ≥ 0.

We use induction on m. If m = 0 then (p) ≥ 1 since L(p) contains constants.Suppose m > 0. First, we will look at three cases: m = 1, 2, 3.

Case m = 1. Let L2 be the line containing p, p0 and let q be the third inter-section point of L2 with C. Let L1 be any line containing q and let p1, p2 be theother intersection points of L1 with C. Consider f = l1/l2 ∈ K(C), where l1, l2 arelinear polynomials defining the lines L1, L2. Then (f) + p + p0 = p1 + p2 ≥ 0, soL(p+ p0) contains a non-constant function f , hence, (p+ p0) ≥ 2.

Case m = 2. First, note that L(p + p0) ⊂ L(p + 2 p0), so if we show thatthere exists f2 ∈ L(p + 2 p0) such that f2 ∈ L(p + p0) this will guarantee that(p+2 p0) > (p+ p0) ≥ 2 and so (p+2 p0) ≥ 3, as required. In fact, we will showthat there exists f2 ∈ L(p + 2 p0) with (f2)∞ = 2 p0. Let L2 be the tangent lineto C at p0 and let q be the third intersection point of L2 with C. As before, let L1

be any line containing q and let p1, p2 be the other intersection points of L1 withC. Then f2 = l1/l2 ∈ K(C), where l1, l2 are linear polynomials defining the linesL1, L2, satisfies

(f2) + p+ 2 p0 = p+ p1 + p2 ≥ 0, and (f2)∞ = 2 p0.

Case m = 3. The idea is the same as in Case m = 2: We want to constructa function f3 ∈ L(p + 3 p0) with (f3)∞ = 3 p0. We put f3 = f2l3/l4, where l4 isa linear polynomial defining the line containing p0, p2 and one more point q ∈ Cand l3 is a linear polynomial defining a line containing q and two more points


q1, q2 ∈ C. Then

(f3) + p+ 3 p0 = p+ p1 + q1 + q2 ≥ 0, and (f3)∞ = 3 p0.

Finally, for any m > 0 there exists fm ∈ L(p + mp0) with (fm)∞ = mp0.Indeed, if m = 2r take fm = fr

2 and if m = 2r + 3 take fm = fr

2 f3. Therefore,(p+mp0) > (p+(m− 1) p0). By the inductive hypothesis (p+(m− 1) p0) ≥ m,so (p+mp0) ≥ m+ 1, as required.

3.4.2. Special divisors and Weierstrass points. We are back to the gen-eral case when C is a smooth projective curve over K.

Definition 3.63. A divisor D ∈ Div(C) is called special if (KC −D) > 0.

In Exercise 3.7 you will show that if degD ≤ g − 2 then D is special and ifdegD ≥ 2g − 1 then D is not special.

We will be dealing with divisors supported on just one point, D = a p, for somep ∈ C and positive integer a. Our goal is to understand the function (a p) as afunction of a ∈ Z, a ≥ 1.

First, note that this is an increasing function as L(D) ⊆ L(D + p) for anydivisor D. Also, it may increase by at most one at every step. Indeed, we have

L(KC − a p) ⊆ L(K − a p+ p), hence (KC − a p) ≤ (KC − (a− 1) p).

Therefore, applying the Riemann–Roch formula twice we obtain

(a p) = (KC − a p) + a− g + 1 ≤ (KC − (a− 1) p) + a− g + 1

=((a− 1) p)− (a− 1) + g − 1

+ a− g + 1 = ((a− 1) p) + 1.

This shows that

either (a p) = ((a− 1) p) or (a p) = ((a− 1) p) + 1.

Definition 3.64. We say that a ≥ 1 is a gap at p ∈ C if (a p) = ((a− 1) p),and a non-gap otherwise.

In other words, a is a non-gap if and only if there exists f ∈ K(C) with pole oforder a at p and no other poles on C, as this would imply that L((a−1) p) L(a p).

Note that if C is a smooth cubic then all a ≥ 1 are non-gaps, since (a p) = aby Theorem 3.62. Thus, we are going to assume that C has genus g ≥ 2.

The gaps at p ∈ C satisfy the following properties.

Proposition 3.65. Let C be a smooth curve of genus g ≥ 2 and p ∈ C.

(1) If a, b are non-gaps at p then so is a+ b.(2) 1 is a gap at p.(3) If a ≥ 2g then a is a non-gap at p.(4) The number of gaps at p equals g.

Proof. (1) If there exists f, g ∈ K(C) with (f)∞ = a p and (g)∞ = b p thenfg satisfies (fg)∞ = (a+ b) p.

(2) We have (p) = (0) = 1. Indeed, if (p) ≥ 2 then there exists a non-constantf ∈ K(C) with (f)∞ = p, which implies that f : C → P1 is an isomorphism (seethe proof of Corollary 3.60). This is impossible since g ≥ 2.

(3) If a ≥ 2g then the divisors (a− 1) p and a p are not special, by Exercise 3.7.Then the Riemann–Roch formula produces ((a− 1) p) = a− 1− g+1 and (a p) =a− g + 1, i.e. a is a non-gap at p. In particular, (2g p) = g + 1.


(4) Think about the graph of (a p) on the segment 0 ≤ a ≤ 2g. It takes value1 at a = 0 and value g + 1 at a = 2g. Hence the graph of (a p) goes up by g stepsand to the right by 2g steps. There must be exactly 2g−g = g places where it doesnot go up.

We will call the sequence of gaps a1 < a2 < · · · < ag at p ∈ C, the gap sequence.

Definition 3.66. A point p ∈ C is called a Weierstrass point if the gap se-quence a1 < a2 < · · · < ag at p does not coincide with 1 < 2 < · · · < g.

When p is not Weierstrass, the graph of (a p) looks particularly simple.

Figure 3.1. The graph of (a p) when p is not a Weierstrass point.

Proposition 3.67. The following are equivalent.

(1) p is a Weierstrass point.(2) D = g p is a special divisor.(3) D = a p is a special divisor for some a ≥ g.

Proof. (1) ⇒ (2) Assume g p is not a special divisor. Then (KC−g p) = 0, soby the Riemann–Roch formula (g p) = g − g + 1 = 1. This implies that (a p) = 1for all 0 ≤ a ≤ g (as (a p) is increasing and (0) = 1). By definition, p is notWeierstass.

(2) ⇒ (3) This is trivial, just take a = g.(3) ⇒ (1) Suppose a p is special for some a ≥ g. Then (KC − a p) > 0 and so

(a p) > a− g + 1, by the Riemann–Roch formula. But if p is not Weierstrass then(a p) = a− g + 1 on a ≥ g (see Figure 3.1). Thus p is Weierstrass.

With every point p ∈ C we can associate its weight, which by definition equals

w(p) =g

i=1

(ai − i),

where a1 < a2 < · · · < ag is the gap sequence at p. Note that p is Weierstrass ifand only if w(p) > 0. In Exercise 3.8 you will use the properties of the gaps toshow that if 2 is a non-gap at p then w(p) =

g

2

.

3.5. ELLIPTIC CURVES 89

3.5. Elliptic Curves

Let C be a smooth cubic in P2 and fix a point p0 ∈ C. Recall that everydivisor D on C satisfies D ∼ p + mp0 for some p ∈ C and m = degD − 1 (seeProposition 3.61). This allows us to define a bijection between points p of C andthe subgroup Cl0(C) ⊂ Cl(C) of divisor classes of degree zero.

Theorem 3.68. Let Cl0(C) ⊂ Cl(C) be the subgroup of divisor classes of degreezero. The map

φ : C → Cl0(C), p → [p− p0]

is a bijection.

Proof. The fact that φ is onto follows from Proposition 3.61: any divisor Dof degree zero is equivalent to p− p0 for some p ∈ C (since m = degD − 1 = −1).

To show that φ is one-to-one suppose p − p0 ∼ q − p0 for some p, q ∈ C. Weclaim that p = q. Indeed, p− p0 ∼ q − p0 implies that there exists f ∈ K∗(C) suchthat p−q = (f). But if p = q then f defines an isomorphism f : C → P1 (rememberthe proof of Corollary 3.60). This is a contradiction as C has genus 1.

3.5.1. The Group Law. Now since Cl0(C) is an Abelian group we shouldbe able to translate the group structure from Cl0(C) to C itself. The idea is that ifφ(p) = [p− p0] and φ(q) = [q− p0] then there exists a unique point in C, which wedenote by p ⊕ q, such that φ(p ⊕ q) = [p + q − 2 p0]. Indeed, by Proposition 3.61,p+ q− 2 p0 ∼ p − p0 for some p ∈ C. This p is the point p⊕ q we are looking for.

Next we will see how to describe p = p ⊕ q geometrically. The conditionp+ q− 2 p0 ∼ p − p0 is equivalent to p+ q ∼ p + p0. Let L1 be the line containingp, q and let q be the third intersection point of L1 and C. Let L2 be the linecontaining q, p0 and let p be the third intersection point of L2 and C. Then the

Figure 3.2. The construction of p⊕ q. The fixed point p0 is the origin.

function f = l1/l2, where li is the linear polynomial defining Li, satisfies

(f) = p+ q + q − q − p0 − p, i.e. p+ q = (f) + p + p0,

which means that p+ q ∼ p + p0.


3.5.2. Weierstrass normal form. It turns out that after a suitable (projec-tive) change of coordinates a smooth cubic can be written as y2 = x3 + ax+ b forsome a, b ∈ K. This is so called the Weierstrass normal form.

Recall that a projective change of coordinates in P2 is given by a 3× 3 matrixA ∈ GL(3,K):

XYZ

=

a11 a12 a13a21 a22 a23a31 a32 a33

UVW

,

where (X : Y : Z) and (U : V : W ) are the homogeneous coordinates on P2. In theaffine coordinates x = X/Z, y = Y/Z, and u = U/W , v = V/W this correspondsto the following rational transformation:

x =a11u+ a12v + a13a31u+ a32v + a33

, y =a21u+ a22v + a23a31u+ a32v + a33

.

Theorem 3.69. (Weierstrass normal form) Let F (X,Y, Z) = 0 be an equationof a smooth cubic. If charK = 2, 3 then there is a projective change of coordinatesin which F (X,Y, Z) = 0 becomes V 2W = U3 + aUW 2 + bW 3 for some a, b ∈ K.In affine coordinates v2 = u3 + au+ b.

The proof of this is, although elementary, rather technical, so we do not includeit here. You can find it in []. You will compute the Weierstrass normal form of theFermat curve x3+y3 = 1 in Exercise 3.9, where all the necessary steps are outlined.

Note that all the smooth cubics we depicted previously were in the Weierstrassnormal form.

From now on we will assume that a smooth cubic C is given by the affineequation y2 = x3 + ax+ b. The infinite point p0 = (0 : 1 : 0) lies on C. Moreover,the tangent line to C at p0 has local intersection number three with C at p0, i.e.p0 is an inflection point of C. Indeed, the cubic is defined by the homogeneouspolynomial F (X,Y, Z) = X3 + aXZ2 + bZ3 − Y 2Z and the tangent line E hasparametric equation X = t, Y = 1, Z = 0. The polynomial F (t, 1, 0) = t3 has t = 0as a root of multiplicity three, which equals the intersection number (C · E)p0 , byExercise 2.13.

Now let us get back to the group law on C. We choose p0 = (0 : 1 : 0) ∈ C.Then given p, q ∈ C, here is how we construct the point p⊕ q geometrically. First,find q ∈ C which lies on the line joining p and q. Since lines through p0 arethe vertical lines, we let p ⊕ q be the point on the vertical line containing q (seeFigure 3.3 for the group law on the real part of C).

Example 3.70.

(a) What is the zero element of the group, i.e. the point 0 ∈ C such thatp⊕ 0 = p for any p ∈ C? By construction p = p means that L1 coincideswith L2, hence L1 is vertical and q = p0. Therefore, 0 = p0 = (0 : 1 : 0).

(b) What is 2p = p ⊕ p? In this case p = q, so L1 is the tangent line to Cat p. See Figure 3.4 illustrating this.

(c) What is the inverse −p of p? By definition −p is the point such thatp⊕ (−p) = 0. In other words, p = p0 which means that L2 is tangent toC at p0. We have already seen that p0 is an inflection point of C, so q

must also equal p0. This shows that L1 is vertical and −p is the reflectionof p about the x-axis (see Figure 3.5).


Figure 3.3. The construction of p⊕ q. The fixed point p0 is (0 : 1 : 0).

Figure 3.4. The construction of 2p = p⊕ p.

(d) Let L1 be any line and C∩L1 = p, q, q. Then p⊕q⊕q = 0. Indeed, byconstruction p⊕ q is the reflection of q about the x-axis. By the previousexample this means that p⊕ q = −q, i.e. p⊕ q ⊕ q = 0.

So far we have shown that all of the group axioms hold on C, except forassociativity. We will prove it geometrically below. Note that the group law on Cis clearly commutative.

Proposition 3.71. The operation p⊕ q on C is associative.

Proof. We need to show that for any p, q, r ∈ C we have (p⊕q)⊕r = p⊕(q⊕r).Let L1, L2 be the lines appearing in the construction of p⊕q and, similarly, M1,M2

be the lines appearing in the construction of q⊕ r. Furthermore, let L3 be the line


Figure 3.5. The construction of −p.

containing p and q ⊕ r and M3 be the line containing r and p ⊕ q. Let a be theintersection point of L3 and M3. If we show that a lies on C then we are done,since on one hand a = −(p⊕ (q ⊕ r)) (as L3 ∩ C = p, q ⊕ r, a) and on the otherhand a = −((p⊕ q)⊕ r) (as M3 ∩ C = p⊕ q, r, a).

Figure 3.6. The associativity of the group law.

To show a ∈ C we apply Chasles’ theorem. The two cubics L1 ∪M2 ∪M3 andM1 ∪ L2 ∪ L3 intersect in nine points 0, p, q, r,±(p ⊕ q),±(q ⊕ r), a. The cubicC contains the first eight of them, hence, by Chasles’ theorem must contain a aswell.


3.5.3. Elliptic curves over Q. We close this chapter with discussion of ellip-tic curves given by polynomials with rational coefficients. We will call them rationalelliptic curves (not to be confused with rational curves as in Definition 2.74, in thatsense they are not rational as they have genus one). They play an important rolein various applications such as in number theory and cryptography. Despite thesimpleness of the definition, rational elliptic curves hide many open questions. Wewill discuss only a few.

Definition 3.72. A smooth cubic C which is the zero set of a homogeneouspolynomial F ∈ Q[X,Y, Z] is called a rational elliptic curve.

If C has a rational point (i.e. a point with rational coordinates) then after arational projective transformation (i.e. whose matrix lies in GL(3,Q)) we can bringC to the Weierstrass normal form Y 2Z = X3 + aXZ2 + bZ3 with a, b ∈ Q.

Proposition 3.73. Let p, q ∈ C be rational points on C. Then p ⊕ q is alsorational.

Proof. If p or q is 0 = (0 : 1 : 0) or if p⊕q = 0, the statement is trivial. Hencewe may assume that p, q, and p⊕q lie in the affine part of C. Let p = (xp : yp : 1) andq = (xq : yq : 1) and consider q = (xq : yq : 1) which is the third intersection pointof C with the line containing p, q (see Figure 3.3). Note that p⊕ q = (xq : −yq : 1)so we need to show that xq , yq ∈ Q.

To find xq and yq we need to solve the system of two (affine) equations:

y2 = x3 + ax+ b, (x− xp)(yq − yp) = (y − yp)(xq − xp).

Since xp = xq (otherwise p ⊕ q = 0, see Figure 3.5) we can express y from thesecond equation

y = yp + λ(x− xp), where λ =yq − ypxq − xp

is the slope.

Clearly λ ∈ Q since p, q have rational coordinates. Now, plugging this expressioninto the first equation, we obtain a cubic equation in x

(yp + λ(x− xp))2 = x3 + ax+ b,

whose roots are xp, xq, and xq . Since the sum of the roots is the negative of thecoefficient of x2 we obtain

xp + xq + xq = λ2,

hence,

xq = λ2− xp − xq, yq = yp + λ(λ2

− 2xp − xq).

This shows that xq , yq ∈ Q.

Corollary 3.74. The set C(Q) of all rational points on C is a group withrespect to the operation ⊕.

Rational elliptic curves C attracted a lot of attention in the 20th century math-ematics, in particular because of their connection with Fermat’s Last Theorem.Below we state two famous theorems about the structure of the group C(Q). Ideasappearing in the proofs of these theorems were among the key ingredients of AndrewWiles’s proof of Fermat’s Last Theorem (1993). We will not need these theoremsin the remaining of our exposition.


Definition 3.75. A point p ∈ C is called a torsion point if there exists m ≥ 1such that

mp := p⊕ p⊕ · · ·⊕ p m times

= 0.

The smallest such m is called the order of p in C. If p is not a torsion point, wesay it has infinite order.

The following proposition you should check yourself.

Proposition 3.76. Let C be a rational elliptic curve.

(1) If p, q ∈ C are torsion points then so is p⊕ q.(2) The size of the cyclic subgroup p := mp | m ∈ Z equals the order of p

in C.

Note, for m < 0 the expression mp denotes (−m)(−p).

Corollary 3.77. The set

Ctor(Q) = torsion points in C

forms a subgroup of C(Q) with respect to the operation ⊕.

Since Ctor(Q) is a finite abelian group it is isomorphic to the direct product offinite cyclic groups (see, for example, Sec. ?? in [?]). In the theorem below BarryMazur described all possible groups Ctor(Q) up to isomorphism.

Theorem 3.78. (Mazur, 1977) Let C be a rational elliptic curve. The groupCtor(Q) is isomporphic to one of the following:

Zn, for n = 2, 3, . . . , 10, 12, and Z2 × Zn, for n = 2, 4, 6, 8.

The following result by Louis Joel Mordell asserts the existence of a finite“basis” for the group C(Q). Let us first give a definition.

Definition 3.79. Let p1, . . . , pr be points of C. We say that they are linearlyindependent if the points m1p1 ⊕ . . .mrpr for mi ∈ Z are all distinct.

Theorem 3.80. (Mordell, 1922) Let C be a rational elliptic curve. There existlinearly independent p1, . . . , pr ∈ C(Q) such that every point p ∈ C(Q) has a form

p = a1p1 ⊕ . . . arpr ⊕ q

for unique ai ∈ Z and q ∈ Ctor(Q).

Definition 3.81. The smallest r satisfying Mordell’s theorem is called the rankof C.

The famous Rank Problem asks: Can the rank can be arbitrarily large? Thisis an open question, so far elliptic curves of rank up to 24 have been found.

EXERCISES 95

Exercises

Exercise 3.1. Let C be an affine irreducible curve over F. Suppose g ∈ F(C)is regular at p ∈ C. Define the value of g at p as g(p) = a(p)/b(p), where g = a/bis a representation of g such that a, b ∈ F[x, y] and b(p) = 0. Show that g(p) isindependent of the representation of g in F(C).

Exercise 3.2. Let C be a cubic defined by y2 = x3. Show that neither y/xnor x/y defines a regular function at (0, 0).

Exercise 3.3. Let C be the smooth cubic y2z = x3 − xz2. Show that dx/yextends to a regular differential form on C.

Exercise 3.4. Let D be a divisor on C with deg(D) < 0. Describe L(D) andcompute (D). (Hint: What is the degree of the divisor (f) +D if (f) +D ≥ 0?)

Exercise 3.5. Prove the Riemann–Roch theorem on P1: For any divisor D onP1 we have

(D)− (−2∞−D) = deg(D) + 1.

(Note: This statement was proved in Proposition 3.46 for effective divisors.)

Exercise 3.6. Recall that a divisor D is called special if (K −D) > 0. Provethat D is special if and only if D ∼ K −D for some effective divisor D.

Exercise 3.7. Let D be any divisor on C. Prove the following:

(a) If deg(D) ≥ 2g − 1 then D is not special.(b) If deg(D) ≤ g − 2 then D is special. (Hint: Use the Riemann–Roch

theorem.)

Here g denotes the genus of C.

Exercise 3.8. Let C be a smooth projective curve of genus g and p ∈ C.Assume 2 is a non-gap at p. Show that the Weierstrass weight of p satisfies w(p) =g

2

. (Hint: Can you identify the gap sequence in this case?)

Exercise 3.9. Compute the Weierstrass normal form for the Fermat curvex3 + y3 = 1 using the following steps:

(a) Homogenize the above equation.(b) Apply the projective transformation

XYZ

=

0 −6 10 6 16 0 0

UVW

(c) Dehomogenize the equation to get v2 = u3 + au+ b for some rational a, b.

Exercise 3.10. Let p = (xp, yp) be a point on an elliptic curve y2 = x3+ax+b.Compute the coordinates of p⊕ p. They should depend rationally on xp and yp.


Exercise 3.11. Consider an elliptic curve C given by y2 = x3 + 1 and let0 = (0 : 1 : 0).

(a) Let p ∈ C and L a line such that L∩C = p, p, q (i.e. L is tangent to Cat p). Explain how to construct p+ q.

(b) Let p ∈ C has zero y-coordinate. What is p⊕ p?(c) Let p = (0 : 1 : 1) ∈ C. Show that p is an inflection point of C. Explain

how to construct p⊕ p.

Exercise 3.12. Consider an elliptic curve y2 = x3 + ax + b. Explain how tocompute the coordinates of the points of order two on the curve y2 = x3 + ax+ b.(Recall that a point p has order two if p⊕ p = 0.)

Exercise 3.13. The points p of order 3 on y2 = x3 + ax+ b are the inflectionpoints, where y = 0. Find the x-coordinates of the points of order 3 on y2 = x3−x.How many real and how many complex points of order 3 are there?

CHAPTER 4

Curves over Finite Fields

Up to the end of the previous chapter we have been working with curves overalgebraically closed fields. For the purpose of coding theory however we need toconsider curves over finite fields, which are not algebraically closed. (Can you showthat algebraically closed fields are infinite?) The central result of this chapter isthe Hasse–Weil theorem which provides a bound for the number of solutions topolynomial equations over finite fields. Although we don’t have enough tools toprove the theorem (this alone could be the topic of a course) we will connect thistheorem to a version of the Riemann Hypothesis for curves over finite fields.

4.1. Curves over non-algebraically closed fields

We begin by defining curves over arbitrary fields and seeing how we shouldadjust our definitions and theorem in the case of non-algebraically closed field.

Let K be any field and K be its algebraic closure.

Definition 4.1. We say that C ⊂ P2K is a curve over K if its defining equations

has coefficients in K, i.e.

C = (x : y : z) ∈ P2K | F (x, y, z) = 0

for some homogeneous polynomial F ∈ K[x, y, z].

We will be interested in points of C whose coordinates also lie in K (or ina finite extension of K). Such points will be called K-rational points (or simplyK-points of C and denoted by C(K). In other words,

C(K) = (x : y : z) ∈ P2K | F (x, y, z) = 0.

Example 4.2. (a) Rational elliptic curves from Section 3.5.3 are curvesover Q and C(Q) is the set of rational points of C.

(b) The unit circle C = (x : y : z) ∈ PC | x2+y2 = z2 can be considered as acurve over Q or over any extension of Q. We thus have (3 : 4 : 5) ∈ C(Q),(√3 : 1 : 2) ∈ C(Q(

√3)), and (i :

√2 : 1) ∈ C(C) (or we can say

(i :√2 : 1) ∈ C(Q(i,

√2))). Note that “conjugates” points (−

√3 : 1 : 2)

and (−i :√2 : 1) also lie on the circle C. We state this in general in the

following proposition.

Proposition 4.3. Let K ⊂ K be a finite extension and C a curve over K.Then for any φ ∈ Gal(K/K) and any p ∈ C we have p ∈ C(K) if and only ifφ(p) ∈ C(K).

Proof. Suppose C is given by F (x, y, z) = 0 for a homogeneous polynomialF ∈ K[x, y, z] and let p = (xp : yp : zp) be in C(K). Then F (xp, yp, zp) = 0 so

φ (F (xp, yp, zp)) = φ(0) = 0.

97

98 4. CURVES OVER FINITE FIELDS

On the other hand,

φ (F (xp, yp, zp)) = F (φ(xp),φ(yp),φ(zp))

since the coefficients of F are fixed by φ. Therefore F (φ(xp),φ(yp),φ(zp)) = 0, i.e.,φ(p) = (φ(xp) : φ(yp) : φ(zp)) lies in C(K). The converse is the same by replacingφ with its inverse φ−1.

It is convenient to consider the set of points φ(p) for all φ ∈ Gal(K/K) as one“point” of C. More explicitly we have the following definition.

Definition 4.4. Let C be a curve over K and K ⊂ K a finite field extension.A set

φ(p) | φ ∈ Gal(K/K)

for some p ∈ C(K) is called a point of C of degree |Gal(K/K)|.

In some literature a point in C is called a place in C.Coming back to our previous example, the set (

√3 : 1 : 2), (−

√3 : 1 : 2) is

a point of x2 + y2 = z2 of degree two. Here K = Q and K = Q(√3). Of course,

rational points of x2 + y2 = z2 are points of degree one.Now let us take a look at curves over finite fields.

Example 4.5. Let C be a parabola over F2 given by the equation yz = x2.

(a) First, it is easy to find all F2-points of C:

C(F2) = (0 : 0 : 1), (1 : 1 : 1), (0 : 1 : 0).

(b) Now consider the extension F2 ⊂ F4 = a + bα | a, b ∈ F2, where α is aroot of t2 + t+ 1 ∈ F2[t], and so α3 = 1. We have

C(F4) = (0 : 0 : 1), (1 : 1 : 1), (0 : 1 : 0), (α : α2 : 1), (α2 : α : 1).

Note that the first three elements of C(F4) are degree one points of Cwhereas the last two form a degree two point of C. Indeed, it is easy tosee that α and α2 are the two roots of t2+ t+1. Hence the “conjugation”

σ : F4 → F4, σ(a+ bα) = a+ bα2

together with the identity map id : F4 → F4 forms the Galois groupGal(F4/F2). If fact, σ is the Frobenius automorphism and, as we have al-ready seen in Proposition 2.9 of Chapter 2, Gal(F4/F2) is cyclic generatedby σ.

(c) Enlarging the field even more, consider

F2 ⊂ F8 = a+ bβ + cβ2| a, b, c ∈ F2,

where β is a root of t3 + t + 1 ∈ F2[t]. Recall that F∗8 is cyclic generated

by β, so β7 = 1 and

F8 = 0, 1,β, . . . ,β6.

As before the Frobenius automorphism σ which maps β to β2 generatesthe Galois group Gal(F8/F2):

Gal(F8/F2) = id,σ,σ2.

Clearly, σ2 maps β to β4. We can list the elements of C(F8) according tothe degree of the corresponding points of C:

4.4. HERMITIAN CURVES 99

• three points of degree one:

(0 : 0 : 1), (1 : 1 : 1), (0 : 1 : 0)

• two points of degree three:

(β : β2 : 1), (β2 : β4 : 1), (β4 : β : 1),

(β3 : β6 : 1), (β6 : β5 : 1), (β5 : β3 : 1).

Example 4.6. Let C be the cubic given by y2z = x3 − xz2 − z3 over F3.

(a) The affine part of C is given by y2 = x3 − x − 1. Since y2 does not takevalue −1 and x3 = x for x, y ∈ F3 the affine curve has no F3-points. Wehave

C(F3) = (0 : 1 : 0).

(b) Consider the degree two extension F3 ⊂ F9 = a+ bi | a, b ∈ F3, where iis the root of t2 = −1. Here 1 + i is a generator of F∗

9 and we can write

F9 = 0,±1,±i,±(1 + i),±(1− i).

It is easy to see that y2 takes only values 0,±1,±i in F9. Checking possiblevalues of x in F9 we see that C has the following F9-points:

• one point of degree one:

(0 : 1 : 0)

• three points of degree two:

(0 : i : 1), (0 : −i : 1),

(1 : i : 1), (1 : −i : 1),

(−1 : i : 1), (−1 : −i : 1).

In [?] you can find the description of F27-points of C.

4.1.1. K-divisors and the Riemann–Roch formula.

4.2. The Zeta Function

4.3. The Hasse–Weil Bound

4.4. Hermitian Curves

CHAPTER 5

Algebraic Geometry Codes

5.1. The L-construction

5.2. The Ω-construction

5.3. Duality

5.4. (Quasi-)Self-Dual AG codes

5.5. Asymptotics of AG codes

101

Algebraic Curves and Codes Ivan Soprunov · 2014-11-07 · Algebraic Curves and Codes Ivan Soprunov...

Documents

Transcript of Algebraic Curves and Codes Ivan Soprunov · 2014-11-07 · Algebraic Curves and Codes Ivan Soprunov...