Elliptic curves

Chapter

Introduction to Elliptic

Curves

The a b c s and j

We begin with a series of denitions of elliptic curve in order of increasing

generality and sophistication These denitions involve technical terms which

will be dened at some point in what follows

The most concrete denition is that of a curve E given by a nonsingular

Weierstrass equation

y

a

xy a

y x

a

x

a

x a

The coecients a

i

are in a eld K and EK denotes the set of all solutions

x y K K together with the point O at innity to be explained in

x We will see later why the as are numbered in this way to remember the

Weierstrass equation think of the terms as being in a graded ring with

weight of x

y

a

i

i

so that each term in the equation has weight This also explains the absence

of a

A slightly more general denition is a plane nonsingular cubic with a ra

tional point rational means the coordinates are in the designated eld K and

does not refer to the rational eld Q unless of course K Q An example of

such a curve that is not a Weierstrass equation is the Fermat curve

x

y

with points x y

CHAPTER INTRODUCTION TO ELLIPTIC CURVES

assuming the characteristic of K denoted charK is not In Corollary

we will see how to transform such an equation into Weierstrass form

More general still a nonsingular curve of genus with a rational point As

we will explain later conic sections circles ellipses parabolas and hyperbolas

have genus which implies that they are not elliptic curves An example

that is not encompassed by the previous denitions is

y

x

with points x y

assuming charK Proposition below explains how to transform such

quartic equations into Weierstrass form without using

p

or

p

Alternative terminology which emphasizes the algebraic group structure

abelian variety of dimension

More abstractly E is a scheme over a base scheme S eg spec K which

is proper at and nitely presented equipped with a section there is little

point to state all the technicalities at this time Suce it to say that the work

of Tate Mazur and many others makes it plain that it is essential to know the

language of schemes to understand the deeper arithmetic properties of elliptic

curves More easily said than done

Now let us begin to ll in some details Consider a Weierstrass equation

which we denote as E If charK we can complete the square by dening

y a

x a

x

b

x

b

x

b

where

b

a

a

b

a

a

a

b

a

a

If charK we can complete the cube by setting x b

c

c

where

c

b

b

c

b

b

b

b

One then denes

b

a

a

a

a

a

a

a

a

a

a

and

b

b

b

b

b

b

b

The subscripts on the bs and cs are their weights We refer to and

as the aform bform and cform respectively The denitions and

are made for all E regardless of the characteristic of K and the condition that

the curve be nonsingular and so dene an elliptic curve is that as we

will explain in x Then one denes j c

For example

when charK a

and a

are not both zero

THE ABC S AND J

Thus y a

x a

is nonzero

y

for every elliptic curve E in any characteristic When charK

we have and is determined up to sign by x Note that

x

b

x

b

x b

is valid in all characteristics

The covariants c

c

and the discriminant have weights respec

tively The quantity j dened above when is called the jinvariant or

simply the invariant of E its weight is

It is often convenient to include as a third covariant Thus we say that

y

y x

x

A

has covariants meaning that c

c

and

The label A is the standard catalog name of this elliptic curve as in AntIV

we put the letter rst rather than A so that A can be used as the name of

this curve in computer programs such as a

p

e

cs see the appendix to this chapter

In Cre which extends the catalog of AntIV the labelling has been modied

with the former notation given in parentheses this curve is denoted A

by force of habit we will use the notation of AntIV for curves contained in

that catalog and then use Cremonas notation for curves that are only in the

larger catalog

For convenience of reference we collect these various denitions in a box

b

a

a

b

a

a

a

b

a

a

b

a

a

a

a

a

a

a

a

a

a

c

b

b

c

b

b

b

b

b

b

b

b

b

b

b

y a

x a

b

b

b

b

c

c

j c

c

The last three lines in the box are identities that one can verify on the computer

y

as an element of the eld L Kx y obtained as a quadratic extension Kxy of the

transcendental extension Kx where y is dened by equation As will be discussed in

x L is called the function eld of E and P x y EL is called a generic point


Examples

Suppose charK Then is times the polynomial discriminant

y

of the cubic on the right side of the bform

Dis

x

b

x

b

x b

Hence i! the cubic has a multiple root

If charK or an alternative to the cform is

"c

"c

Caution We have put bars on the c s because with the displayed values for

the Weierstrass coecients a

a

"c

the formulas give c

"c

c

"c

In the case of bars are not necessary the calculated cs

are the same as the cs in the equation

y

x

bx c

has covariants b c b

c

Thus provided

c

y

x

c

has c

and j

and provided b

y

x

bx

has c

and j

Generic j provided j

y

xy x

j

x

j

has jinvariant j the covariants are

c

c

j

j

and

j

j

WhenK is the real eldRwe can take the equation in cform

The cubic has either or real roots according as the discriminant is negative

or positive thus as a real manifold there are or components We will see in

x that the addition of the point O at will compactify the curve

On the following interleaving sheet there are plots of three examples the

same ones used in Silp

y

in the usual sense Disf

nn

Resultantf f

where n degf

DisX

aX b a

b

DisX

aX

bX c a

c a

b

abc b

c

in particular DisX

bX c b

c

and

DisX

bX

cX d b

d b

c

b

d

bc

d c

d

QUARTIC TO WEIERSTRASS

Quartic to Weierstrass

If K is a eld K

denotes the multiplicative group and K denotes an algebraic

closure

Let F be a nonzero homogeneous polynomial in the variables UW over the

eld K Recall that a root of F is a ratio U W corresponding to a

linear factor U W of F where one but not both of may be For

example the homogeneous quartic

U

W

UW

has the double root U W and the two simple roots If the

degree of F is n then over K F has precisely n roots some of which may be

coincident

Let K be a eld of characteristic and consider the curve dened by

an equation over K of the form v

a quartic in u with a rational point

u v p q Replacing u by u p we can assume that p

v

au

bu

cu

du q

When q such a curve is birationally equivalent to one given by a Weierstrass

equation

Proposition Let K be a eld with charK and u v transcendentals

over K satisfying

v

au

bu

cu

du q

where a b c d K and q K

Then

x qv q duu

y q

v q qdu cu

d

u

qu

satisfy the Weierstrass equation with

a

dq a

c d

q

a

qb a

q

a

a

a

a

ad

q

c

The discriminant of this Weierstrass equation is i the homogeneous quartic

aU

bU

W cU

W

dUW

q

W

has a repeated root in K ie i either a b or the polynomial on the right

in has a repeated root in K

The inverse transformation is given by

u qx c d

qy v q uux dq


In this birational correspondence the point u v q on corresponds

to the point x y a

a

a

a

on the Weierstrass curve

y

Remarks The proposition essentially covers all cases where as we

can indicate now by anticipating some denitions and results that will be given

later Consider

v

au

bu

cu

du e #

where at least one of a b is nonzero and the polynomial on the right has no

repeated roots inK Then # is birationally equivalent overK to a Weierstrass

equation i! this curve has a rational place which means that either

there is a rational point u v p q and then either

i q replace u with u p so the equation becomes that treated

directly by the proposition or

ii q replace u v with u p vu

to obtain an equation of the

type dealt with in iv below

or there is a rational place at This means that either

iii a q

K

there are two rational places at cf Proposi

tion b replacing u by u and v by vu

puts # in the form

treated by the proposition or

iv a # is essentially already in Weierstrass form take u

xb v yb When e q

K

this gives a Weierstrass equa

tion di!erent from that of the proposition but the two Weierstrass

equations can be transformed birationally one into the other

The meaning of the inverse transformation is this if x y satisfy the Weier

strass equation then u v dened as rational functions in x y in this way satisfy

Proof For all but the last statement of the proposition the verication is by

direct calculation nowadays best performed on the computer The theorem

of RiemannRoch discussed in Chapter gives the theoretical explanation see

Corollary For example to see when one calculates

when a then D where D is the discriminant of the quartic on

the right of

when a b then b

D where D is the discriminant of the

cubic on the right of

when a b then

y

John Cremona suggested adding this last statement


To obtain the image of q we cannot simply substitute u v

q into the formulas for x and y since we get the indeterminate form

LH$opitals rule a!ords the quickest way to obtain the answer we di!erentiate

the numerator and denominator of x twice with respect to u and those of y three

times using dvdu au

dv obtained by di!erentiating and

then cancel common factors such as from the numerator and denominator of

the resulting fractions Again the computer makes this relatively painless and

may tempt the reader to nd the point u v corresponding to x y a

The validity of the method for all K with charK depends on the fact that

the functions have perfectly usable Taylor expansions there is no problem with

factorials in denominators which are most easily described in the eld of formal

power series as follows

Regard u as an indeterminate so that the eld of rational functions Ku

is canonically a subeld of the eld Ku of formal power series ie series

of the form

P

N

k

n

u

n

for some N Z k

n

K Now denes a quadratic

extension L Kuv ofKu and there are two embeddings L Ku

corresponding to the two square roots of au

The one that is relevant

here is

v q

d

q

u

c

q

u

b

q

u

a

q

u

q

d

q

u

d

q

c

q

u

Induction or at worst a reference to the general binomial theorem in Con

shows that is the only prime that occurs in denominators and substitution

yields

x

d

q

c

d

q

cd

q

b

u

y

d

q

cd

q

bq

d

q

u

When u these expressions reduce to a

and a

a

a

respectively

Example The curve v

u

was mentioned in x in a di!erent

notation as an example of a curve of genus with a rational point u

v

To apply the proposition we substitute u

u obtaining the curve

v

u

u

u

u

With a b c d q we nd that

x u v u

y u

u v u


satisfy the Weierstrass equation

y

xy y x

x

x

We obtain a simpler Weierstrass equation by completing the square on the left

and then the cube on the right the equation becomes

y

x

x

where x

x y

y x

Using the notation

u

v u v x y x

y

the transformation formulas give

and LH$opital yields

The inverse transformations yield eg

x

y

u

v

J Fearnley raised the question starting with di!erent rational points on

the same quartic how are the Weierstrass equations given by the proposition

related% We will see in a later chapter that the RiemannRoch theorem implies

that one can pass from one equation to any other one by a transformation of

the form x

x

r y

y

s

x

t where r s t K In the

language of x the elliptic curves are isomorphic

The above proposition can be &reverse engineered given a point Q x

y

satisfying a Weierstrass equation E one can write down an equation v

au

as in the proposition and birational transformations between E and

such that Q corresponds to q The rst step is to transform the

equation of E to a new Weierstrass equation E

whose coecients satisfy a

a

a

and such that Q is transformed to a

a

a

a

as in the proposition

For reference purposes we put the details in a


Corollary Let K be a eld of characteristic let E be a Weierstrass

equation with coecients a

a

K and let Q x

y

EK

a Dene

x

x x

a

y

y y

a

x

a

Then x

y

satisfy the Weierstrass equation with coecients

a

a

a

x

a

x

a

y

a

x

a

a

y

a

a

a

a

y

a

a

x

x

a

a

a

a

a

a

a

In terms of the new x

y

coordinates

Q x

y

a

a

a

a

b Dene

u

x x

y y

a

x

a

v

x x

a

u

a

u

Then

v

au

bu

cu

du

where

a a

b a

c a

a

d a

The inverse transformations are

x v duu

x

a

y v du cu

d

u

u

y

a

x

a

In this birational correspondence Q corresponds to the point u v on

Proof The verication of a amounts to some easy calculations and b to

applying the formulas in the proposition where we have chosen q There is

no real loss of generality in the proposition if we take q this corresponds

to replacing v with qv and dividing by q

We mention two points concerning the calculation of E

If E satises a

a

a

it is still usually necessary to make the transfor

mation to E

in order to have Q a

a

a

a


Another application of the transformation produces no change x

x

and y

y

hence a

i

a

i

Because the reciprocal quartic a bu cu

du

u

will arise on

several occasions it is worthwhile to introduce special notation It turns out

to be convenient to substitute u m a

which produces a quartic

polynomial m

Multiplying this by and using the notation

y

a

x

a

the resulting quartic is

Quar

Q

m b

b

b

x

x

m b

x

m

m

Combining the relation u m a

with those connecting u v with

x y we have

Corollary With K and E as in the previous corollary for each point

Q EK the quartic curve

v

Quar

Q

m

is birationally equivalent with E

Here is a numerical example over K Q

E y

x

x

x Q A

E

y

x

x

x

x

y

Quar

Q

m m

m

The signicance of the fact that this polynomial has rational roots m will

be revealed in x

Here are three examples of E with y

x

y

x

x

and

y

x

x

For these three E Quar

m is respectively

m

m

m

m

We quote from AdaRa p a specialized form of the previous corollary

that will be used later

Corollary Let P p q be a point on E y

x

bx c all dened

over the eld K of characteristic and dene

u

y q

x p

v x p

y q

x p

Then

v

u

pu

qu b p

The inverse transfomation is

x u

v p y u

uv pu q

PROJECTIVE COORDINATES

The procedure for transforming the general cubic s

u

s

u

v s

v

s

to a Weierstrass equation involves projective coordinates and projective

transformations and so will be given in x after these necessary preliminaries

Projective coordinates

When we call E a plane curve we are referring to the projective plane P

Let

us recall the denition of ndimensional projective space P

n

K over a eld K

From ane space A

n

K which consists of all ntuples X

X

n

K

n

we remove the origin and divide by the equivalence relation

given by the action of the multiplicative groupK

X

X

n

and Y

Y

n

are equivalent if K

such that Y

i

X

i

i This relation is reexive

since K

symmetric since K

K

and transitive since

K

K

Thus P

K consists of all triples XY Z where

not all of XY Z are and where we identify XY Z with X Y Z for

K

If K

is an overeld of K then there is a natural inclusion P

n

K P

n

K

for if X

X

n

Y

Y

n

represent points in P

n

K and K

is such

that Y

i

X

i

i then K

since at least one X

i

On the other hand

if P P

n

K

is represented by X

X

n

K

n

then P P

n

K i!

K

such that all X

i

K

equivalently if X

j

is any nonzero coordinate

then X

i

X

j

K for all i We then say that P is dened over K

K always denotes an algebraic closure of K and we normally abbreviate

P

n

K to P

n

Recall that a homogeneous polynomial F of degree d in the n variable

polynomial ring KU

U

n

ie a nonzero linear combination of monomials

U

d

U

d

n

n

with d

d

n

d has the property

F U

U

n

d

F U

U

n

K

In fact this can be taken as the denition when K is innite alternatively if

this relation is true for a nonzero polynomial F and a transcendental then F

is homogeneous of degree d It follows that &F P is unambiguously true

or false for a point P P

n

K The zero set of F over K is

Z

K

F fP P

n

K F P g

ZF stands for Z

K

F

A hyperplane in P

n

K is the zero set of a linear homogeneous equation

c

X

c

n

X

n

where the c

i

are not all A linear subspace of P

n

K

is an intersection of hyperplanes in other words the set of points whose coordi

nates satisfy a system of linear homogeneous equations The usual elimination

procedure of linear algebra removes redundant equations so that one has a sys

tem of r equations where r is the rank of the coecient matrix The dimension


of the linear subspace is dened to be n r Thus the dimension of P

n

K is n

Lines and planes are linear subspaces of dimension and respectively in

P

K hyperplanes are lines

We know from linear algebra that the rank of a matrix does not change when

we view it as being dened over a larger eld Thus the dimension of a linear

subspace determined by a set of equations dened overK does not change when

K is replaced by an overeld K

Linear coordinate changes are given by invertible n n matrices

A a

ij

X

i

a

i

X

a

in

X

n

We indicate this with the matrix notation AX X

where X is the column

vector with entries X

X

n

and similarly for X

Since A for K

gives

the same transformation one is led to the projective general linear group

PGL

n

K GL

n

KhK

Ii

the quotient of the general linear group of invertible n n matrices

by the normal subgroup of nonzero scalar matrices

Clearly the property of being a linear subspace of dimension nr is preserved

under a linear change of coordinates in particular lines remain lines Also the

set of homogeneous polynomials of degree d is mapped to itself

For later use we make the simple observation that for any given point a

coordinate system can be chosen so that the point has coordinates

for example More generally

Proposition Let P

i

a

i

a

ni

i n be points in P

n

K

not contained in any hyperplane ie the n n matrix M whose ith

column is a

i

a

ni

is invertible Then under the linear change of coordi

nates M

X X

the new coordinates of P

P

n

are

respectively

We choose the line Z as the line at innity in P

K This choice

is arbitrary unlike ane space which has the origin as a distinguished point

y

the projective plane has no distinguished point or line But having made this

choice the points are of two types

i the ane points with Z XY Z x y where x XZ

y YZ

ii the points at innity with Z XY

y

Here ane space is regarded as a vector space however when regarded as an algebraic

variety there is no distinguished point

PROJECTIVE COORDINATES

A compact visualization of P

R is the closed disc with antipodal dia

metrically opposite points identied

This picture can be obtained by projecting from the center of a hemisphere

to the ane plane

This sets up a bijection between the points on the ane plane and the interior

points of the disc the hemisphere attened out The points XY at are

in bijection with the lines through the origin in the ane plane the line through

and XY is the same as that through and X Y And these

lines are in bijection with pairs of antipodal points on the circle bounding the

disc

If we rewrite the Weierstrass equation

f y

a

xy a

y x

a

x

a

x a

in projective coordinates by substituting x XZ y YZ and multiplying

by Z

we get

F Y

Z a

XY Z a

Y Z

X

a

X

Z a

XZ

a

Z

which is a homogeneous polynomial of degree At innity this reduces to

X

hence X and E has the unique point at innity

Y


This serves as the designated rational point O of E How the general curve

of genus with a rational point O is converted into Weierstrass form will be

explained when we discuss the RiemannRoch theorem indeed that theorem

will be needed to dene the genus of a curve

A basic topic in the algebraic geometry of P

is the analysis of the points of

intersection of two curves The general discussion is quite involved and for now

we give only the simplest results

Proposition Let K be any eld

a Let F be a nonzero homogeneous polynomial of degree d in the two vari

ables U

and U

dened over K say

F

d

Y

i

i

U

i

U

for appropriate

i

i

K Then in P

ZF consists of d points

i

i

possibly some coincident

b If L and C are nonzero homogeneous polynomials of degrees and d

respectively in three variables dened over K then in P

either ZL ZC

or ZL ZC consists of d points possibly some coincident

c If C

and C

are nonconstant homogeneous polynomials in KU

U

U

then in P

the set ZC

ZC

is nonempty This set is nite i C

and C

have no common factor and in that case all points in Z

K

C

Z

K

C

for

any eld K

K are dened over K

Remarks Anticipating denitions to be made in Chapter a plane curve

over K is e!ectively a homogeneous polynomial F in the variables U

U

U

and the degree of the curve is the degree of F Thus two lines in P

if not

coincident intersect in a unique point and a line intersects a curve of degree d

either in precisely d points properly counted or else is entirely contained in

that curve in which case the line is a component of the curve

Statement c can be formulated as two curves in P

intersect in at least one

point the intersection is nite i! the curves have no component in common and

then all intersection points are algebraic over K B'ezouts theorem says that

two curves with degrees d

and d

and without common components intersect in

exactly d

d

points properly counted However the precise statement requires

a number of preliminaries including a discussion of singular points

Proof a is obvious

b Let L c

U

c

U

c

U

where say c

Substituting U

c

c

U

c

c

U

into G yields a homogeneous polynomial in U

U

which is either or nonzero of degree d The statement now follows from

part a

c Let C

i

be homogeneous in U

U

U

of degree d

i

By Proposi

tion choose a coordinate system so that is on neither C

i

Then

C

i

c

i

c

i

U

c

id

i

U

d

i

CUBIC TO WEIERSTRASS NAGELLS ALGORITHM

where both c

id

i

are nonzero constants and c

ij

if not is homogeneous in U

U

of degree d

i

j

As polynomials in the variable U

over the ring KU

U

their resultant R

is a polynomial in KU

U

and there exist KU

U

U

such that

C

C

R

In fact and are homogeneous of degrees d

d

and d

d

respectively

and therefore R if not is homogeneous in U

U

of degree d

d

All of this

follows from a formula that we quote from Conp

R

c

d

c

U

d

C

c

d

c

U

d

C

c

d

c

U

C

c

d

c

C

c

d

c

U

d

C

c

d

c

U

C

c

d

c

C

where entries in a row outside the subscript limits of c

ij

are Expansion of

this determinant along the right column simultaneously gives and R

R i! the C

i

have a common factor F which is a nonconstant polynomial

in U

over the eld KU

U

in fact since factors of homogeneous polynomials

are again homogeneous F is a homogeneous polynomial of positive degree in

the three variables Then the two curves share the component ZF

If R let U

U

be a factor of R as in a where say Let

f

C

denote the image of C

under the substitution U

U

and similarly

for

f

C

and

e

R Since the leading coecient of C

i

is a constant the degree of

f

C

i

in U

is still d

i

and therefore

e

R is the resultant of

f

C

f

C

as polynomials in U

over KU

The fact that

e

R means that these polynomials have a factor

U

U

in common Hence the point lies on the intersection of

the two curves

Suppose R and P a

a

a

lies on both curves Since c

id

i

therefore a

and a

are not both Under the substitutions U

i

a

i

R becomes

e

R by hence a

U

a

U

is a factor of R Multiplying the coordinates

of P by an appropriate we can assume that a

a

K and then from either

of the equations

f

C

i

we conclude that a

K also

Cubic to Weierstrass Nagells algorithm

Let K be a eld of characteristic or and consider the curve dened by an

equation over K of the form a cubic in u and v with a rational point p q


This time we can translate both variables Replacing u by u p and v by v q

we can assume that the rational point is

s

u

s

u

v s

uv

s

v

s

u

s

uv s

v

s

u s

v

Let f denote the polynomial on the left of

We now describe the algorithm due to Nagell Nag to transform f into

Weierstrass form or to discover that the curve is not elliptic

Step Interchange u and v if necessary to ensure s

If both s

and

s

are then is a singular point see x and the curve is not elliptic

Step Substitute u UW v VW and clear denominators to obtain

the homogenized form

F F

F

W F

W

where

F

s

U

s

U

V s

UV

s

V

F

s

U

s

UV s

V

F

s

U s

V

The rational point P with u vcoordinates has projective coordinates

U VW The tangent line at P given by F

meets the curve

in the point Q e

s

e

s

e

where e

i

F

i

s

s

i The e

i

cannot both be because that would make the tangent a component and the

curve would be reducible not elliptic e

means that P Q is a ex

the tangent has triple contact with the curve at P while e

means that

Q is at innity If e

make the coordinate change U U

s

e

e

W

V V

s

e

e

W

W W

while if e

make the change U U

s

W

V V

s

W

W U

In either case Q is now at the origin U

V

W

and the tangent at P is s

U

s

V

We can now return to ane

coordinates u

U

W

v

V

W

projective coordinates were really only

needed to deal with the case when Q was at innity

Step If the equation in terms of u

v

is f

f

f

f

where

f

i

f

i

u

v

denotes the homogeneous part of f

of degree i then

u

f

t u

f

t f

t

where t v

u

Thus

u

p

v

tu

where

i

f

i

t and

The values of t such that are the

slopes of the tangents to the curve that pass through Q and one of these values

is t

s

s

Write t t

so that

is a cubic polynomial in


Step Finally if

c

d

e k

then c since c implies that the original curve is not elliptic and the

substitutions xc y

c

give the Weierstrass equation

y

x

dx

cex c

k

The relations between the original variables u v and x y can be traced back

starting with where

t t

cx c

y

x

Example Selmer curves

By a Selmer curve we understand a homogeneous cubic equation of the form

aU

bV

cW

where abc

or an ane version such as

au

bv

c

The coecients appear symmetrically in the homogeneous case we can permute

the variables to obtain a permutation of a b c in the ane case to interchange

a and c for instance we can substitute u vu for u v

Let us apply Nagells algorithm

Proposition Let the Selmer curve

au

bv

c where abc

be dened over a eld K of characteristic or and permuting a b c if

necessary assume that

p

cb K Then the Selmer curve is birationally

equivalent to the Weierstrass curve

y

x

a

b

c

under the mutually inverse transformations

u

b

x

y abc

v

y abc

y abc

x

ab

u

v

y abc

v

v


Remark Replacing u v with bu vu transforms the Selmer curve to u

v

ab

which is dealt with in the rst corollary below Thus the proposition

is not really more general but it is convenient to have the details displayed for

the symmetrical abcequation a similar remark applies to the second corollary

Proof Replacing v with v yields a cubic of the form of the previous

section with

s

a s

b s

b s

b

and the remaining s

i

We nd e

e

abc

Hence no transforma

tion is needed in step and

a bt

bt

b

t

b

ta bt

t

t ab

b

Hence the Weierstrass equation is

y

x

a

b

c

where x y are as stated in the proposition

We single out a particular example that will be referred to later

Corollary Let K be a eld of characteristic or and let a K

Then the twisted Fermat curve

u

v

a

is birationally equivalent to the Weierstrass curve

y

x

a

under the mutually inverse transformations

u

a y

x

v

a y

x

x

a

u v

y a

v u

v u

Proof We substitute u u

and v v

u

apply the proposition with

b c then translate the formulas back using u

u v

vu

For example if a

then

u v x y

The proposition can be restated in terms of projective coordinates as follows

where c is replaced by c


Corollary Let C denote the Selmer curve aU

bV

cW

dened

over the eld K of characteristic or assume abc and

p

cb

K let E denote the homogeneous form of the Weierstrass equation Y

Z

X

a

b

c

Z

let CK and EK denote the set of points in P

K on

C and E respectively Then mutually inverse bijections CK EK are

dened by

U VW

ab

UabcV W V W

XY Z

b

X Y abcZ Y abcZ

in which O EK corresponds to CK

Thus Fermats last theorem for exponent ie Eulers result that U

V

W

has only the three solutions in P

Q in which one of U VW is

is equivalent to jEQj where E in ane form is y

x

This will

come out as an example of &descent in Corollary

Selmer curves will serve as important examples of various topics later in

these notes For example aU

bV

cW

will be seen to be a torsor

of U

V

abcW

The latter curve has the rational point U VW

and so is an elliptic curve in the sense of the second denition of x

and in fact is the Jacobian of the former curve as will be explained later For

now we mention

z

Proposition If

au

bv

cw

then

r

s

abct

where

r bc

v

w

c

w

b

cv

w

b

v

s bc

v

w

c

w

b

cv

w

b

v

t uvw

b

v

bcv

w

c

w

If abcuvw the only case of interest and abc is not a cube then t

thus by the previous corollary the elliptic curve

y

x

a

b

c

has the nonO point

x

b

v

bcv

w

c

w

u

v

w

z

See also Proposition and its corollary in the next section which apply in particular

to Selmer curves


y

b

v

b

cv

w

bc

v

w

c

w

u

v

w

The statement t is a consequence of the implication au

bv

cw

and b

v

bcv

w

c

w

a

u

au

bv

cw

bcv

w

The verication of the equation r

s

abct

is a simple computer exercise

However we should indicate how the formulas for r s t were obtained here we

are guided by Cas p

x

To obtain these formulas we work in a eld of characteristic containing

the quantities a w and also a primitive cube root of unity Let

au

bv

cw

au

bv

cw

so that

au

bv

cw

Hence the points P and P

where uvw lie

on the curve R

S

abcT

By Proposition b the line joining

P and P

meets this curve in a third point Q and we expect that point to be

rational ie not involving because if denotes the automorphism sending

and leaving a w xed we can take the latter as transcendentals

subject only to the relation au

bv

cw

then P and P P

are

conjugate

Calculation shows that the third point Q r s t is given by the formu

las in the proposition Starting with other P and

corresponding P

P

does not lead to anything

essentially new only to one of Q s r t

A famous example of Selmer is that

U

V

W

has no points in P

Q in other words the equation has no solution in ra

tional numbers other than For if there were a solution then by the

proposition the elliptic curve

y

x

would have a point dened over Q distinct from O which is not the case But

the proof of the last statement must wait until Corollary

x

A more natural but more complicated way of obtaining the formulas will be explained

in x using multiplication by


Example Desboves curves

By a Desboves curve we understand a homogeneous cubic equation of the

form

aU

bV

cW

dUVW

or an ane version of such an equation We chose this name for this class of

curves because of the historical reference Des brought to our attention in

Cas p references to related work by Cauchy and others are given in

Dic vol chXXI Selmer curves are included as the particular case d

Proposition Let the Desboves curve

au

bv

c duv

be dened over the eld K of characteristic and assume permuting a b c

if necessary that

abc where abc d

and

p

cb K

Then by Nagells algorithm this curve is birationally equivalent to

y

x

d

x

dx

x

dx

Remark The transformation equations between u v and x y are somewhat

lengthy and for that reason are not included in the statement of the proposition

Proof The proof proceeds as in the case of Selmer curves except that now

s

d and s

d e

again so no transformation is needed in step and

e

c The rest is calculation

We quote Desboves formulas Once again the verication is a computer

exercise and as in the special case of Selmer curves the underlying idea is

that in P

a line meets a Desboves curve in three points provided these points

are counted with the appropriate multiplicities this includes the case of a line

tangent to the curve when two of the points are coincident

Proposition Let P x

x

x

be a point on the Desboves curve

a

X

a

X

a

X

dX

X

X

D

dened over a eld of characteristic Then the third point of intersection

t

t

t

of the tangent line at P has coordinates

t

j

x

j

a

j

x

j

a

j

x

j

subscripts taken mod

If Q y

y

y

is another point on the curve then the third point of inter

section z

z

z

of the line joining P and Q has coordinates again subscripts

are taken mod

z

j

x

j

y

j

y

j

y

j

x

j

x

j


The following corollary is due to Hurwitz Hur

Corollary Let S be the set of points in P

Q on the Desboves curve D

where a

a

a

d are integers and the a

j

are positive distinct and squarefree

Then S is either empty or innite In fact if P

S then all the points in the

sequence P

P

are distinct where P

n

is the third point of intersection of

the tangent at P

n

Remarks There is no real loss of generality in assuming that the a

i

are

positive since X

i

can be replaced by X

i

Equations where an a

i

are

trivially solved Hurwitz Hur p and Mordell Mor p make the

additional and apparently unnecessary assumption that the a

i

are coprime

See Corollary where the present corollary is reinterpreted

Proof The assumptions on the coecients ensure that a

a

a

d

Let P

x

x

x

where x

j

Z and gcdfx

j

g and let P

t

t

t

t

t

t

where the t

j

are given by the formulas in the propo

sition and t

j

t

j

k where k gcdft

j

g Thus gcdft

j

g The result will

follow from the strict inequality jt

t

t

j jx

x

x

j

First we note that the x

j

are coprime for if the prime p divides x

and

x

say then p

jx

and D implies p

ja

contrary to the assumption that the

a

j

are squarefree Second the x

j

are nonzero for if x

say then x

x

being prime to x

are and D implies a

a

which contradicts the

assumptions that a

a

are positive and distinct Applying this result to P

shows that no t

j

Let us write the formulas as t

j

x

j

u

j

We wish to prove that for all j

kju

j

so that t

j

x

j

u

j

where u

j

u

j

k For then since

P

u

j

therefore

P

j

u

j

hence not all u

j

can be ie at least one ju

j

j which gives

the result

Suppose then k

ju

This means that for some prime p if vn denotes the

exponent of p in the unique factorization of a nonzero integer n we have

vk vu

Since k jt

x

u

therefore vx

and vx

vx

It follows that

vt

vu

va

x

a

x

Since a

is squarefree this implies

va

hence

Similarly va

and therefore vu

va

x

a

x

Thus and

are in conict

As an exercise Silverman proposes Sil p the determination of those

a

d for which S is not empty The double asterisk on the exercise means

in this case that it is a highly unsolved problem


Example Intersection of quadric surfaces

A conic or conic section in P

is the set of points satisfying an equation

Q where Q is a homogeneous quadratic polynomial in the three coordinates

The analogous denition in three dimensions is a quadric surface in P

is

the set of points satisfying an equation Q where Q is a homogeneous

quadratic polynomial in the four coordinates In this section we assume that

the characteristic is di!erent from and the coordinates of a point in P

will

be denoted U VWX

In general the intersection of two quadric surfaces in P

K is an elliptic

curve provided the intersection has at least one rational point There are ex

ceptions of course for example the intersection of two spheres is a circle Apart

from the exceptions the intersection can be transformed into a plane cubic with

a rational point as we will explain and then Nagells algorithm can be applied

However in certain cases an ad hoc approach that avoids Nagells algorithm

can be quicker and easier Let us begin with such an example

y

Consider the intersection I of the two quadrics Q

and Q

given by the

equations

Q

U

V

kX

Q

W

V

kX

where k is a nonzero parameter Eliminating the kX

term we obtain

U

W

V

which can be interpreted as the equation of a conic C in the the plane P

coordinatized by U VW The curves C and I cannot be identied because for a

given point U VW on the conic there are generally two values ofX determined

by kX

V

U

W

V

One says that U VWX U VW denes

a covering of degree

The conic C contains the rational point U VW Now as a

general remark a conic with a rational point P can be rationally parametrized

The idea is simply this because the equation of the conic is quadratic a general

line through P will intersect the conic in exactly one other point and that point

will also be rational The other point will coincide with P in the special case

when the line is tangent to the conic As a practical matter one usually reverts

to convenient ane coordinates

In the present case it is natural to dehomogenize at V we dene

u UV and w WV so our conic is u

w

with rational point uw

The general line through is given by the equation u tw

where t is a parameter Substituting u tw into the equation of the

conic we obtain a quadratic equation for w One solution is of course w

y

I am indebted to Peter Russell for help here and in general for help with algebraic

geometry in this section and elsewhere


the other is

w

t

t

t

hence u

t

t

t

Thus U VW t

t t

t

t is a parametrization of the

points on the conic and I is given by the equation

kX

V

U

W

V

t

t

We can tidy this up by substituting X yk

t xk

E y

x

k

x

In terms of these new coordinates this elliptic curve is the intersection of Q

and Q

Exercise Using the transformations above set up explicit mutually inverse

bijections

IK EK

Thus IK becomes an elliptic curve by transport of structure You may nd

it more convenient to work with projective coordinates the lines in P

that

pass through are sUV tW V where s t P

is a parameter

the second point of intersection with C is

s

st t

s

t

s

st t

Then E should be written in homogeneous form y

z x

k

xz

Now let us consider the general case of the intersection of two quadrics The

ideas for this discussion are taken from Cassels Cas

By a translation we can suppose that the intersection I of the two quadrics

Q

and Q

contains the point P

Then the equations for the

quadrics can be written as

Q

AX B Q

CX D

where A C are linear and B D are quadratic in U VW Eliminating X from

the two equations produces

AD BC

which is a homogeneous cubic in U VW Let I

denote I with the point P

removed and let E denote the curve in P

dened by the above cubic Then

U VWX U VW denes a map f I

E

Let us suppose rst that A and C are linearly independent that is neither

is a constant times the other Then the two lines in the U VW plane described

by A and C intersect in a unique point P

and this point lies on E

Let E

denote E with the point P

removed For each point U VW on E

SINGULAR POINTS

the equation for either Q

i

uniquely determines a value for X hence a point

f

U VW U VWX on I

The map f

E

I

is inverse to f

By extending the denitions by fP

P

and f

P

P

it follows that f

and f

are coverings of degree the curves I and E are identical as abstract

algebraic varieties E is thus a plane cubic with a rational point P

and Nagell

can be applied of course it may still turn out during the algorithm that E is

not elliptic

In the case that A and C are linearly dependent say C cA by subtracting

c times the equation for Q

from that of Q

we can suppose that C Then

the equations dening I are AXB and D hence we can suppose that

A otherwise I is a union of lines The equation AD shows that E is a

reducible curve it contains the line A as a component Similarly if B and

D are linearly dependent Also X BA D displays I as a degree

cover of the genus curve dened by D hence I is a curve of genus

not an elliptic curve The algebraic geometry background needed to esh out

these statements will be given later

Example The sphere U

V

W

X

and the ellipsoid

U X

V

W

X

share the point P The transforma

tion U U

X

V V

X

W W

X

X X

gives P the coordinates

Taking the point on the cubic we are not obliged to take

P

given by A C as for the quartic equations in Propo

sition we will explain later that starting with di!erent rational points in

Nagells algorithm yields isomorphic Weierstrass equations Nagells algorithm

yields we omit the details

E y

x

x

x

The reader may also wish to verify that the points and on E cor

respond to the points and on the intersection

Singular points

Consider a homogeneous polynomial F F X

X

n

KX

X

n

of

degree d The Taylor expansion can be written as

F X

X

n

n

F

F

where F

i

F

i

n

is homogeneous of degree i in the s each coecient

of which is homogeneous of degree d i in the X s Thus F

F X

X

n

and

F

n

X

i

a

i

i

where a

i

F

X

i


There is no problem with &factorials in the denominators since the Taylor ex

pansion is the polynomial over K obtained by substituting X

i

i

for X

i

in F

However if charK then one can write as in the classical Taylor expansion

F

n

X

ij

a

ij

i

j

where a

ij

F

X

i

X

j

and analogously for higher F

i

Recall

Eulers Theorem For i

F

i

X

X

n

d

i

F X

X

n

Remark If we add up these equations we obtain the identity

F X

X

n

d

F X

X

n

X

i

d

i

F X

X

n

Usually the theorem is stated in the form for i

X

X

s

X

s

i

k

F

X

s

X

s

i

dd d i F

where the sum is over all ituples s

s

i

The sum on the left is

iF

i

X

X

n

the statement in the text is superior when charK i

Corollary If F c

c

n

then F

i

c

c

n

for i

Consider the variable case F F XY Z and the corresponding plane

projective curve C ZF See x We write for

The

order of a point P X

Y

Z

C is the minimal i such that F

i

is not

identically as a polynomial in If i then P is an ordinary or

nonsingular point while if i then P is a singular point or a singularity

of order i The polynomial F or the corresponding curve C is nonsingular or

smooth if it has no singular points dened over an algebraic closure of K and

therefore in fact none dened over any extension of K by Proposition c

Proposition Let F F XY Z be a nonzero homogeneous polynomial

If F is nonsingular then it is absolutely irreducible ie irreducible over K

Proof Let F GH where G andH are homogeneous of positive degree dened

over K and let P be a point of intersection on the curves corresponding to G

SINGULAR POINTS

and H Proposition c Then F

X

GH

X

G

X

H vanishes at P and

similarly for the other variables Thus P is a singular point of F

Let P X

Y

Z

be a point of order i on F The tangent cone

at P is

ZF

i

f P

F

i

g

By the previous corollary the tangent cone contains the point P It can be

shown that over K F

i

is a product of i linear forms aX bY cZ each

satisfying aX

bY

cZ

thus the tangent cone consists of i lines through

P possibly some coincident called the tangent lines at P

It is much easier to calculate these tangent lines in ane coordinates as

follows E!ect a linear change of coordinates so that P Then in

terms of x XZ y YZ

Z

d

F XY Z fx y f

i

f

i

where f

j

is homogeneous in x y of degree j It can be shown that i

i the

order of P that f

i

is the product of i linear factors of the form ax by and the

tangent lines are aX bY

In the case of an ordinary point P on C when i there is a unique

tangent line through P namely

a

X

X a

Y

Y a

Z

Z where a

X

F

X

X

Y

Z

etc

A point of order with distinct tangents is called a node while a point of

order with coincident tangents is a cusp The appearance of a node and a

cusp in the real case are shown on the following interleaf

Examples

The point at innity on the curve dened by the Weierstrass

equation F Y

Z a

Z

is always nonsingular since

F

Z

Y

a

XY a

Y Z a

X

a

XZ a

Z

has the value at that point The other two derivatives are there so

the tangent line is Z Thus to locate any possible singularities on the

Weierstrass form we can use the ane version

y

x

ax

has a singularity of order at x y

f

y

ax

y

p

axy

p

ax

and so the tangents there are X

p

aY Thus is a node if a

with irrational tangents if

p

a K and a cusp if a

On F Y

Z X

XZ

P is an ordinary point and the

tangent there is X If charK then is singular with F

hence is a cusp with tangent X Y Z


Let K Q and

F X

X

Y XZ

Y

Z

Substituting X Y Z in the Taylor expansion of F we nd that

F

F

and

F

L

L

where L

p

p

Thus P is a node on F with tangent lines L

XY Z

Alternatively take the ane equation

fx y x

x

y x y

Now P has coordinates x y and

f l m f

f

where f

l

l

mm

and f

l

lm m

l

p

ml

p

m

It is comparatively easier to nd the factors of f

than F

Substituting x

XZ y YZ in the equations of the tangent lines x

p

y

a brief calculation shows that they give the same lines as L

Proposition For any eld K and any a

a

K

F Y

Z a

XY Z a

Y Z

X

a

X

Z a

XZ

a

Z

is irreducible even if

Proof Suppose F GH is a nontrivial factorization say

G aX bY cZ

Substituting Z in F GH yields X

aX bY G hence a Now

substituting X cZa yields

Y

Z dY Z

eZ

for certain d e K which is an impossible identity

SINGULAR POINTS

Proposition The Weierstrass equation is singular i and then

there is a unique singularity of order as follows

If c

there is a Krational node at the point with coordinates

x

b

b

b

c

y

b

b

b

c

a

x

a

if charK

a

a

a

a

if charK

where

b

a

a

a

a

b

a

a

a

a

a

The two tangents are given in terms of the parameter t by x x

t

y y

t for the two distinct roots of the separable polynomial

a

x

a

When char K these are

a

c

p

c

c

c

If c

there is a cusp at the point with coordinates

charK x

p

a

y

p

a

a

a

charK x

p

a

a

y

a

x

a

charK x

b

y

a

x

a

The cusp can be irrational only when K is an imperfect eld of charac

teristic or The unique tangent line is x x

t y y

t where

p

a

p

a

when charK and a

otherwise

In either case

f

x

a

y

x

a

x

a

f

y

y

a

x

a

A singular Weierstrass equation remains singular over every eld extension

K

K moreover the nature of the singularity node or cusp is constant

Proof Since the proof is by straightforward calculation we only give a sketch

First let charK Then as detailed above a linear change of the ane

coordinates which clearly does not a!ect the occurence of singularities

allows us to take the simple form

f

c

c

f

f

c


If these three quantities are then

p

c

c

p

c

hence

and the Taylor expansion reduces to

f

p

c

p

c

Thus the singularity is of order and the number of tangents is or according

as c

or c

Secondly let charK Then b

a

b

a

a

c

a

so c

i!

a

A singularity will be at a common zero of

f y

a

xy a

y x

a

x

a

x a

f

x

a

y x

a

f

y

a

x a

If a

then in order that f

y

we have a

hence and we

nd x

p

a

y

p

a

a

a

The Taylor expansion of fx

y

works out to

p

a

p

a

so the singularity is a cusp

If a

then x a

a

so that f

y

which is the value in characteris

tic stated by the proposition for x

in the node case and y a

a

a

a

so that f

x

The condition that f works out to and the Taylor

expansion is

a

a

a

a

Thus the tangent slopes are the roots of

a

a

a

a

and a

guarantees that they are distinct ie the equation is separable

The case of characteristic is just as straightforward

Example No E

Z

has or

Let E be dened over Z ie all the Weierstrass coecients a

i

Z this is

indicated notationally byE

Z

Since is a polynomial in the a

i

with coecients

in Z therefore Z When we interpret the a

i

mod p to obtain a Weierstrass

equation over the pelement eld F

p

the discriminant is mod p Thus by the

previous proposition the mod p equation gives an elliptic curve when p is not

a divisor of We now prove that this fails for at least one p

Proposition Tate cf Ogg

Let the elliptic curve E be dened over Z Then is neither nor

More generally does not have the form

where is a nonzero integer all of

whose prime divisors are mod

SINGULAR POINTS

Proof Suppose E

Z

has

with as described in the proposition in

particular mod Let v

p

n denote the exponent of a prime p in the

unique factorization of a nonzero integer n

If a

is even then by the formulas in x v

b

v

b

v

c

hence from

c

c

since is odd we have v

c

say c

c Then implies the impossibility

c

mod

Therefore a

is odd hence b

is odd and c

b

b

mod Substi

tuting x c

and y c

in gives

y

xx

x

xQ say

where x mod in particular x Since Q x

it

follows that x y

Q Thus

x

Y

p

p

Y

q

q

where p runs through the prime divisors of gcdx and q through any remain

ing prime divisors of x Since v

q

Q each

q

v

q

y

is even and by

assumption each p mod Hence x

or mod which contradicts

x mod

The following examples show the need for the assumption on the divisors

of

y

y x

x

x

B

y

y x

A

y

x

x

A

y

y x

x

x

C

y

xy x

x

x

A

y

y x

x

x

A

For a given number eld K a natural question is whether there exist E

dened over the ring of integers of K with a unit Stroeker Str has proved

that this does not occur when K is imaginary quadratic but we must postpone

the proof Unit do occur over real quadratic elds Tate gave the example

cf Ser p

y

xy

y x

p

is in fact the fundamental unit of Q

p

and several others occur in the

table in x


It is a triviality to nd E dened over the ring of integers of a number eld

with For example y

a

xya

x

has a

a

a

choosing

a

and a

p

yields However I do not know of an example of

or over a quadratic eld Here is an example over the biquadratic

eld Q

p

p

which contains

p

p

p

p

y

p

p

xy x

x

p

x j

Ane coord ring function eld generic

points

We use the abbreviation UFD for unique factorization domain Recall BAC

p that if A is a UFD then so is the polynomial ring Ax It follows that

Zfx

i

g and Kfx

i

g K any eld are UFDs for an arbitrary set of indetermi

nates ie independent transcendentals

Let S and T be independent transcendentals over the eldK let a

a

K and let

fS T T

a

ST a

T S

a

S

a

S a

Lemma The principal ideal fS T in the polynomial ring KS T is

prime

Proof We must prove that f is irreducible If f gh then by substituting

S XZ T YZ and multiplying by Z

we get a factorization F GH of

homogeneous polynomials The result follows by Proposition

Thus

A KS T fS T

is an integral domain even if Writing x and y for the residue classes

of S and T mod fS T we have

A Kx y

The equation fS T denes a curve E in the S T plane but it is cus

tomary to replace S and T by x and y and say that E is given by fx y in

the x yplane That is x and y stand for a pair of independent transcendentals

and also for a pair of variables related by the equation fx y This mild

ambiguity causes no problems in practice

The integral domain A is the ane coordinate ring of E and its quotient

eld L Kx y is the function eld of E The eld L can also be described

as the quadratic extension Kxy of the rational function eld Kx dened

by the polynomial fx y which is quadratic in y alternatively L Kyx

is the cubic extension of the simple transcendental extension Ky of K When

THE GROUP LAW NONSINGULAR CASE

both the quadratic and cubic extensions are separable though in general

the cubic extension is not Galois For if L is an inseparable extension of Kx

then char K and f

y

y a

x a

ie a

x a

which implies

a

and a

and then one calculates b

leading to similarly

for the cubic extension

The subeld K of L is called either the ground eld which emphasizes

that K is the eld containing a

a

that we started with or the constant

eld or eld of constants which emphasizes the fact that K is algebraically

closed in L

Let EK denote the set of points a b onE dened overK that is a b K

and fa b together with the one point O at innity As explained in

Proposition if there is exactly one singular point which is never

O while if then E is nonsingular and is by denition an elliptic curve

If K

is any extension eld of K then we can regard E as being dened over

K

and so EK

is dened In particular x y EL since the point x y

satises fx y by denition

Now for each nonzero point a b EK we have a Kalgebra homo

morphism A K dened by x a and y b Thus every nonzero point of

EK is obtained by specializing the values of x and y and for this reason x y

is called a generic point We could include O by taking a projective generic

point XY Z satisfying the projectivized Weierstrass equation F XY Z

should the need arise

When several generic points x

y

x

y

are needed take the eld

Kx

y

x

y

where x

x

are independent transcendentals and each

y

i

denes a quadratic extension by the equation fx

i

y

i

The group law nonsingular case

The set of points EK on an elliptic curve has a natural structure of an abelian

group This has a simple geometric description when E is a nonsingular plane

cubic with a rational point O for example when E is given by a Weierstrass

equation with and O is the point at innity a nonWeierstrass example

is the Fermat curve X

Y

Z

with O The description

depends on the fact that a line in P

meets a cubic in points when the points of

intersection are properly counted as described in x In this section the details

will become clear for the Weierstrass equation by direct algebraic calculation

But rst we describe the geometric construction of the group operations for the

general nonsingular cubic

Let O be the chosen point in EK and let the tangent at O meet E in

the third point O

Note that O

O i! O is a ex this is the case for

the Weierstrass equation since the line at meets E only at O Now let

PQ EK and let the line joining P and Q meet the cubic in the third point

R or even of these points may coincide The third point of intersection


of the line joining R and O is dened to be P Q the third point on the line

joining P and O

not O unless O is a ex is P and O is the zero of the

group These constructions are illustrated in a real example on the following

interleaf

As an exercise the reader may note that when O is a ex every ex F satises

F F F It is a fact that a nonsingular cubic over an algebraically closed

eld of characteristic has exactly exes

Proposition Let C be a nonsingular cubic dened over the eld K and

let O CK

a With and as described above CK is an abelian group with neutral

element O

b If O

O

CK and for i CK

i

denotes the group determined

by choosing O

i

as neutral element then a group isomorphism CK

CK

is dened by

P P O

where denotes addition in CK

The associative law and statement b are not obvious from the geometric

denitions Since they will become transparent after we discuss divisors in

Chapter for now we leave the proof to the reader as an arduous computer

exercise For a direct proof see Knap

As an example we reconsider the curves of Corollary

Corollary Let C denote the plane cubic curve

a

X

a

X

a

X

dX

X

X

where a

a

a

d are integers and the a

j

are positive distinct and squarefree

Then C is nonsingular hence absolutely irreducible

Suppose the set CQ of rational points on C in P

Q is nonempty say

O CQ With O as neutral element the group CQ contains at least one

point O

of innite order namely the third point of intersection with C of the

tangent at O In particular O

O and it follows that none of the exes is

rational over Q

y

Proof Suppose P X

X

X

is a singular point dened over Q Then

dX

X

X

a

i

X

i

i

It follows that X

X

X

hence within a common factor X

i

p

a

i

from

which one obtains a

a

a

d

But the last equation is not allowed by

the assumptions

y

This is also obvious by direct calculation if H denotes the Hessian determinant of

F a

X

dX

X

X

then the exes are the points of intersection of the curves F

and H They are

p

a

p

a

etc points in all


Now let P

be any point in CQ and let P

be the sequence described

in Corollary The geometric construction of addition shows that

P

P

O

or P

O

P

hence P

O

P

O

P

etc

Solving the recurrence we nd

P

n

n

O

n

P

In particular by Proposition the sequence

O

n

n

O

consists of distinct points and therefore O

has innite order

With O CQ as in the corollary one might jump to the false conclusion

that the group CQ is torsionfree as did Selmer at the beginning of Sel

and Cassels Casp but none of their subsequent statements are in

validated An example is the curve u

v

uv with O

and point of order alternatively with O and of order

This example is plotted on an interleaving sheet

y

Some similar examples are

u

v

uv with points and u

v

uv

with u

v

uv with In Chapter

we will see that for elliptic curves as in the corollary and with a rational point

the order of the torsion subgroup is one of and is in the Selmer

case d However I have been able to nd examples only of orders and

We now describe algebraically the group operations for a Weierstrass equa

tion Since O is going to be the group and since it is the only point at

we can conne our description of P

and P

P

to ane coordinates let

P

i

x

i

y

i

The line x x

contains the point P

and considering its pro

jective version X x

Z it also contains O Thus P

is the third point of

intersection which therefore has xcoordinate x

and it remains to calculate

the ycoordinate When we substitute x

for x in the Weierstrass equation we

obtain a quadratic equation for y

y

a

x

a

y x

a

x

a

x

a

The sum of the roots is a

x

a

and one root is y

hence the other root

which is the ycoordinate of P

is a

x

a

y

y

We note that the locus of a real projective cubic curve is never contained in an ane

part of P

R ie the graph is never nite as is the case for example with ellipses since a

cubic polynomial with real coecients has a real root and therefore the line at innity always

intersects the cubic in a real point


Next let us calculate P

P

P

x

y

If x

x

ie P

P

then

the line joining P

and P

is y y

x x

where y

y

x

x

Substituting this expression for y into the Weierstrass equation gives a cubic

equation for x whose three roots are x

x

x

Identifying the sum of the roots

with the negative of the coecient of x

yields x

x

x

a

a

and putting this into the equation of the line gives the ycoordinate of P

from

which we nd y

y

x

x

a

x

a

There remains the case P

P

which is treated similarly where now y

y

x x

is the tangent line We leave to the reader the calculation of

as well as a few other details in the following proposition

Notation For any abelian group A and m Z m denotes the endomorphism

multiplication by m and Am denotes kerm if m

is a divisor of m then Am

is a subgroup of Am When m the elements of Am not in Am

for

any proper divisor m

of m are called mdivision points For example for

P EK we have P P and the division points dened over K are

those P O satisfying P P P O As will be explained in detail in

x there are only nitely many mdivision points dened over any extension

eld of K and adjoining the x and y coordinates of all these points gives a

nite extension of K called the mdivision eld of E The usual Weierstrass

coordinates of a point P EK are denoted xP and yP This notation

is extended to any function f of x and y fP simply means the value of f

when the coordinates of P are substituted for x and y Thus maintaining the

notation introduced in x when charK

P yP a

xP a

Proposition For points on an elliptic curve in Weierstrass form we have

x

y

x

y

a

x

a

Hence the points of order in the group are as follows

charK if a

equivalently j there are no points of order

if a

there is a unique point of order possibly quadratic over

K

a

a

a

q

b

a

a

a

O

charK there are exactly points of order possibly some

irrational over K x x

i

where x

i

runs through the three

roots of

x

b

x

b

x

b

For x

y

x

y

we have the addition law

x

y

x

y

x

y


where

x

x

x

a

a

y

y

x

x

a

x

a

and

y

y

x

x

if x

x

x

a

x

a

a

y

y

a

x

a

if x

x

Hence

x x y

x

b

x

b

x b

x

b

x

b

x b

When charK

y x y c

y c

a

x a

where

c

a

x

a

b

a

b

c

x

a

x

b

a

b

x

b

a

b

x

b

b

a

b

b

x b

b

b

a

b

When charK

x fx

where fx

x

b

x

b

x

b

x

b

x

b

b

b

b

x b

b

b

There is a special case of the duplication formula that we record in a corollary

for future reference

Corollary If charK and

y

xx

ax b

then

x y

x

b

y

x

bx

ax

bx

abx b

y


Many numerical examples of adding points are given in the standard texts

We content ourselves with the following four

Example Let K Qt be a simple transcendental extension of the

rational eld Then on

y

x

tx

tx

one calculates

y

t

t j

t

t

t t

O

t

t

t

t

a

d

abd

where a t

t b t

t

t

t and d t t

Example For the twisted Fermat curve u

v

a y

x

a

x au v etc introduced in Corollary we nd

u v v u

by transforming to x y coordinates doing the calculation then transforming

the result back to u v coordinates Similarly one can give rather complicated

formulas for u v and the addition of two points Alternatively one can work

directly in u v coordinates using the geometric constructions The plot on the

following interleaf shows

O

on the &taxicab curve the case a

Example The generic Rexample is depicted in the diagram The

equation of the horizontal line is y a

x a

and the line joining

a point P with O is the vertical line through P Let us denote the connected

component of O by C

it is the part on the right passing through P

The second

real component C

the dotted oval part is present when then C

is a

subgroup of index in ER and C

is a coset Thus P C

P C

The

real points of order are P

and if P

and P

The points of order as

indicated in the diagram are Q and Q the real exes are OQ As we will

see in Proposition the point P x y satises P O i! x is a root of

a certain th degree polynomial

x An easy Sturms theorem calculation

cf Con p shows that

always has exactly real roots One of

y

Actually a

p

e

cs made these calculations see the appendix to this chapter


these roots gives two corresponding real values of y hence the points Q but

the values of y corresponding to the other real root x are always nonreal

Example On the next interleaf a particular real case is plotted actually

one dened over Q which we have deliberately chosen with a

to illustrate

the fact that the change from x y to x coordinates given by y

a

x a

is not orthogonal Therefore the xaxis symmetry illustrated in

the previous gure is now skewed But notice that a point P and its negative

are still joined by a vertical line and in particular the tangents at points of

order are vertical

When charK the xcoordinates of the division points are the roots of

fx x

b

x

b

x

b

Since charK this polynomial is always separable over K for it could be

inseparable only if charK and b

b

but then

Let e

i

i denote the roots and let K

denote the division eld

Ke

e

e

Since is times the polynomial discriminant of fx and

by standard eld theory the possibilities are as follows

all three e

i

K K

K

just one e

i

K K

is quadratic over K

no e

i

K and is a square in K K

is Galois cyclic order over K

no e

i

K and K

K

is Galois over K with group S

the symmetric

group of order

The possibilities are illustrated by the following three examples over Q

y

xy y x

x

x

E

y

xy y x

x

x

F


y

x

x

x

A

The number of division points dened over Q is respectively In fact

one can determine by methods to be described later that the group of rational

points in these cases is as follows C

n

denotes the cyclic group of order n and

the coordinates are x y

EQ C

C

fO g

FQ C

fP P P

P P P

P P Og

AQ C

h i

The group orders jEQj and jFQj namely and are interchanged in

table of AntIV remarkably this is the only misprint that has come to light

in this manually typed catalog

Halving points

Division by is naturally a tad more complicated than multiplication by

Proposition Let E be an elliptic curve dened over the eld K let

charK and let the xcoordinates of the division points be e

i

i

in a separable algebraic closure K

s

of K

a Let Q EK Q O Then there exists P EK such that P Q

i i xQe

i

is a square in Ke

i

When these three conditions are satised

let xQ e

i

i

where the

i

are chosen so that

i they are algebraically compatible ie GalK

s

K e

i

e

j

i

j

and

ii so that Q

z

Then all the solutions P are given by

xP xQ

P mxP xQ Q

where m

Thus the equation of the line in the x plane that

is tangent to E at P and passes through Q xQQ is

mx xQ Q T

z

If all e

i

K then condition i imposes no condition while if Q itself is a point of order

then one of the is and condition ii imposes no condition


a

Was Prop An alternative rational criterion the solutions of

P Q as in a are in correspondence with the roots in K of the polyno

mial Quar

Q

m dened in x For each root m the corresponding point P

has coordinates

xP m

b

xQ P mxP xQ Q

and T is the equation of the tangent line at P

b In the quadratic case that is when one e

i

K and the other two are

conjugate quadratic over K there are simpler rational criteria for the existence

of P as follows

y

Replacing x by x e

i

the equation takes the form

y

xx

ax b where d a

b K

so e

e

a

p

d e

e

a

p

d

Then P exists i

when Q

i b K

say b r

and

ii one of a r K

choosing the sign of r so that a r p

the two solutions are

rrp

when Q s t s

i s K

say s r

and

ii one of q

s a tr K

choosing the sign of r so that q

p

the two so

Elliptic curves

Documents

Transcript of Elliptic curves