LECTURE 7, WEDNESDAY

Similar documents
LECTURE 5, FRIDAY

Elliptic Curves and Public Key Cryptography

IRREDUCIBILITY OF ELLIPTIC CURVES AND INTERSECTION WITH LINES.

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

Theorem 6.1 The addition defined above makes the points of E into an abelian group with O as the identity element. Proof. Let s assume that K is

Elliptic Curves Spring 2017 Lecture #5 02/22/2017

LECTURE 18, MONDAY

ALGEBRAIC GEOMETRY HOMEWORK 3

Introduction to Arithmetic Geometry Fall 2013 Lecture #23 11/26/2013

LECTURE 15, WEDNESDAY

CS 259C/Math 250: Elliptic Curves in Cryptography Homework 1 Solutions. 3. (a)

LECTURE 10, MONDAY MARCH 15, 2004

Elliptic curves and modularity

Resultants. Chapter Elimination Theory. Resultants

Public-key Cryptography: Theory and Practice

Group Law for elliptic Curves

SOLUTIONS FOR PROBLEMS 1-30

Introduction to Arithmetic Geometry

ELLIPTIC CURVES BJORN POONEN

LECTURE 2 FRANZ LEMMERMEYER

Projective Spaces. Chapter The Projective Line

Projective space. There are some situations when this approach seems to break down; for example with an equation like f(x; y) =y 2 (x 3 5x +3) the lin

Chapter 6: Rational Expr., Eq., and Functions Lecture notes Math 1010

A2 HW Imaginary Numbers

Elliptic Curves, Factorization, and Cryptography

Elliptic Curves. Dr. Carmen Bruni. November 4th, University of Waterloo

Outline of the Seminar Topics on elliptic curves Saarbrücken,

Elliptic curve cryptography. Matthew England MSc Applied Mathematical Sciences Heriot-Watt University

x = x y and y = x + y.

CORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS

12. Hilbert Polynomials and Bézout s Theorem

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

GALOIS GROUPS OF CUBICS AND QUARTICS (NOT IN CHARACTERISTIC 2)

Equations in Quadratic Form

COMPLEX MULTIPLICATION: LECTURE 13

where m is the maximal ideal of O X,p. Note that m/m 2 is a vector space. Suppose that we are given a morphism

COMPLEX MULTIPLICATION: LECTURE 14

Section 8.3 Partial Fraction Decomposition

Algebraic Geometry: Elliptic Curves and 2 Theorems

THERE ARE NO ELLIPTIC CURVES DEFINED OVER Q WITH POINTS OF ORDER 11

10/22/16. 1 Math HL - Santowski SKILLS REVIEW. Lesson 15 Graphs of Rational Functions. Lesson Objectives. (A) Rational Functions

Integration of Rational Functions by Partial Fractions

A normal form for elliptic curves in characteristic 2

Partial Fractions. Combining fractions over a common denominator is a familiar operation from algebra: 2 x 3 + 3

Integration of Rational Functions by Partial Fractions

On the Torsion Subgroup of an Elliptic Curve

Grade 11/12 Math Circles Elliptic Curves Dr. Carmen Bruni November 4, 2015

Torsion Points of Elliptic Curves Over Number Fields

Formal groups. Peter Bruin 2 March 2006

Polynomials. Math 4800/6080 Project Course

Exercises for algebraic curves

Elliptic Curves and Mordell s Theorem

Algebraic Varieties. Chapter Algebraic Varieties

Complex Algebraic Geometry: Smooth Curves Aaron Bertram, First Steps Towards Classifying Curves. The Riemann-Roch Theorem is a powerful tool

Chapter 1: Precalculus Review

Congruent number elliptic curves of high rank

2.1 Affine and Projective Coordinates

2. Intersection Multiplicities

Elliptic Curves and Elliptic Functions

10. Smooth Varieties. 82 Andreas Gathmann

Examples 2: Composite Functions, Piecewise Functions, Partial Fractions

disc f R 3 (X) in K[X] G f in K irreducible S 4 = in K irreducible A 4 in K reducible D 4 or Z/4Z = in K reducible V Table 1

Elliptic Curves and Public Key Cryptography (3rd VDS Summer School) Discussion/Problem Session I

a factors The exponential 0 is a special case. If b is any nonzero real number, then

14 Ordinary and supersingular elliptic curves

Abelian Varieties and Complex Tori: A Tale of Correspondence

LECTURE 22, WEDNESDAY in lowest terms by H(x) = max{ p, q } and proved. Last time, we defined the height of a rational number x = p q

be any ring homomorphism and let s S be any element of S. Then there is a unique ring homomorphism

Plane quartics and. Dedicated to Professor S. Koizumi for his 70th birthday. by Tetsuji Shioda

SKILL BUILDER TEN. Graphs of Linear Equations with Two Variables. If x = 2 then y = = = 7 and (2, 7) is a solution.

Algebraic Geometry. Question: What regular polygons can be inscribed in an ellipse?

ELLIPTIC CURVES OVER FINITE FIELDS

Mappings of elliptic curves

Introduction to Arithmetic Geometry Fall 2013 Lecture #17 11/05/2013

Elliptic Curves: An Introduction

INTRODUCTION TO ELLIPTIC CURVES

A course in. Elliptic Curves. Taught by T.A. Fisher. Lent 2013

AN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES

Introduction to Arithmetic Geometry Fall 2013 Lecture #2 09/10/2013

Unit 2 Rational Functionals Exercises MHF 4UI Page 1

( 3) ( ) ( ) ( ) ( ) ( )

Each is equal to CP 1 minus one point, which is the origin of the other: (C =) U 1 = CP 1 the line λ (1, 0) U 0

Math 115 Spring 11 Written Homework 10 Solutions

Institutionen för matematik, KTH.

Projective Varieties. Chapter Projective Space and Algebraic Sets

Section September 6, If n = 3, 4, 5,..., the polynomial is called a cubic, quartic, quintic, etc.

MATHEMATICS Lecture. 4 Chapter.8 TECHNIQUES OF INTEGRATION By Dr. Mohammed Ramidh

Integration of Rational Functions by Partial Fractions

div(f ) = D and deg(d) = deg(f ) = d i deg(f i ) (compare this with the definitions for smooth curves). Let:

Edwards Curves and the ECM Factorisation Method

Math123 Lecture 1. Dr. Robert C. Busby. Lecturer: Office: Korman 266 Phone :

A Field Extension as a Vector Space

3.1. Derivations. Let A be a commutative k-algebra. Let M be a left A-module. A derivation of A in M is a linear map D : A M such that

ARCS IN FINITE PROJECTIVE SPACES. Basic objects and definitions

Invariants and hyperelliptic curves: geometric, arithmetic and algorithmic aspects

Higher Portfolio Quadratics and Polynomials

Elliptic curves over function fields 1

Points of Finite Order

The Group Structure of Elliptic Curves Defined over Finite Fields

CHAPTER 2 POLYNOMIALS KEY POINTS

Transcription:

LECTURE 7, WEDNESDAY 25.02.04 FRANZ LEMMERMEYER 1. Singular Weierstrass Curves Consider cubic curves in Weierstraß form (1) E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6, the coefficients a i lie in some field K; we say that E is defined over K and occasionally denote this by E/K. Note that (1) is irreducible; this is clear if a 1 = a 3 = 0, since Y 2 = f(x) can only be reducible if deg f is even, and can be proved with a little bit more effort in the general case. We next observe that the point O = [0 : 1 : 0] at infinity is always smooth since F Z (O) = 1. It thus remains to study affine points. Before we do that, we will show how to transform long into short Weierstrass forms over fields of characteristic 2, 3. If K is a field of characteristic 2, we can put η = y + (a 1 x + a 3 )/2 (we are completing the square) and find (2) η 2 = x 3 + b 2 4 x2 + b 4 2 x + b 6 4 with b 2 = a 2 1 + 4a 2, b 4 = a 1 a 3 + 2a 4, and b 6 = a 2 3 + 4a 6. If, moreover, char K 3, then we can put ξ = x + b 2 /12 and find the short Weierstraß normal form (3) η 2 = ξ 3 c 4 48 ξ c 6 864, c 4 = b 2 2 24b 4, c 6 = b 3 2 + 36b 2 b 4 216b 6. We also introduce and define the discriminant of E by b 8 = a 2 1a 6 a 1 a 3 a 4 + 4a 2 a 6 + a 2 a 2 3 a 2 4 = b 2 2b 8 8b 3 4 27b 2 6 + 9b 2 b 4 b 6. We will see below that 0 for elliptic (i.e., nonsingular) cubics, hence we can define the j-invariant of E by j = c 3 4/. We have collected all these definitions in table 1. Recall that the discriminant of a cubic polynomial f(x) = x 3 + ax 2 + bx + c = (x α)(x α )(x α ) is defined to be disc f = [(α α )(α α )(α α)] 2. 1

2 FRANZ LEMMERMEYER Table 1 b 2 = a 2 1 + 4a 2, b 4 = a 1 a 3 + 2a 4, b 6 = a 2 3 + 4a 6, b 8 = a 2 1a 6 a 1 a 3 a 4 + 4a 2 a 6 + a 2 a 2 3 a 2 4, c 4 = b 2 2 24b 4, c 6 = b 3 2 + 36b 2 b 4 216b 6, = b 2 2b 8 8b 3 4 27b 2 6 + 9b 2 b 4 b 6, 4b 8 = b 2 b 6 b 2 4, 1728 = c 3 4 c 2 6, j = c 3 4/ = 1728 + c 2 6/. Thus disc f = 0 if and only if f has multiple roots. Moreover, for the polynomial f(x) = x 3 + 1 4 b 2x 2 + 1 2 b 4x+ 1 4 b 6 on the right hand side of (2) we have 16 disc f =. When should we consider two elliptic curves to be essentially the same? Consider the transformation (4) x x + r, y y + sx + t for coefficients r, s, t, u K. Substituting these equations into (1) gives a new equation E : y 2 + a 1x y + a 3y = x 3 + a 2x 2 + a 4x + a 6, (with a little help from pari) a 1 = a 1 + 2s, a 2 = a 2 a 1 s + 3r s 2, a 3 = a 3 + a 1 r + 2t, a 4 = a 4 a 3 s + 2ra 2 a 1 (rs + t) 2st + 3r 2, a 6 = a 6 + a 4 r a 3 t + a 2 r 2 a 1 rt t 2 + r 3, b 2 = b 2 + 12r, b 4 = b 4 + rb 2 + 6r 2, b 6 = b 6 + 2rb 4 + r 2 b 2 + 4r 3, c 4 = c 4, c 6 = c 6, =. hence Thus changing the coordinate system via (4) does not change c 4, c 6, and the discriminant. These transformations allow us to move any affine point P into the origin. Note that the point at infinity as well as the line at infinity are fixed by (4). In addition to these translations we can also rescale the equation by substituting (5) x = u 2 x, y = u 3 y for some u K. After getting rid of denominators we find E : y 2 + a1 ux y + a 3 u 3 y = x 3 + a2 u 2 x 2 + a4 u 4 x + a 6 u 6.

LECTURE 7, WEDNESDAY 25.02.04 3 Thus each a i gets multiplied by u i, and the same thing happens to the b s and the c s. In particular c 4 = u 4 c 4 and = u 12, hence j = c 43 / = j remains the same: the j-invariant is invariant under both types of transformations (whence the name). Weierstrass curves that can be transformed into each other using (4) or (5) are called isomorphic. Isomorphic elliptic curves have the same j-invariant. It can be proved (quite easily) that elliptic curves with the same j-invariant are isomorphic over the algebraic closure of K (that is, the transformations (4) and (5) might involve coefficients from some extension of K). Now we are ready for Theorem 1. The cubic E in (1) defined over some field K is singular if and only if = 0 in K. In this case there exists a unique singular point P which is determined as follows: If char K = 2 and E in given by (1), then ( a 4, a 2 a 4 + a 6 ) if c 4 = 0 ( a 1 = 0) (a 3 /a 1, (a 2 3 + a 2 1a 4 )/a 3 1) if c 4 0 ( a 1 0) If char K = 3 and E is given by (2), then ( 3 b 6, 0) if c 4 = 0 ( b 2 = 0) ( b 4 /b 2, 0) if c 4 0 ( b 2 0) Finally, if char K 2, 3 and E is given by (3), then (0, 0) if c 4 = 0 ( c 6 /12c 4, 0) if c 4 0. In particular, the unique singularity of E/K is always K-rational if K has characteristic 0 or is a finite field. Proof. Let us first consider the case char K 2, 3. Then we may assume that E is given in short Weierstrass form. Here we use the fact that invertible affine transformations x = ax + by + c, y = dx + ey + f map singular points to singular points, since the derivatives of g(x, y ) = f(x, y) with respect to x and y are linear combinations of f 1 and f 2 and therefore vanish; we also use that translations x = x + c, y = y + c do not change the discriminant. The derivatives we have to look at are f x = 3x 2 + c 4 /48 and f y = 2y. The first equation gives x = ± c 4 /12, the second y = 0; plugging this into (3) we get c 6 = c 4 3 (in particular we have c 4 K). This implies that = 0. If c 4 = 0, then x = 0 and y = 0; if c 4 0, then x = ± c 4 /12 = c 6 /12c 4. Thus we have seen: if there is a singular point, then it is the one given above, and we have = 0. Conversely, if = 0, then the derivatives f x and f y vanish in the given point, and the equation = 0 guarantees that the point lies on E. Now assume that char K = 2. Then b 2 = a 2 1, b 4 = a 1 a 3, c 4 = a 4 1, hence c 4 = 0 a 1 = 0. The coordinates of a singular point in the affine plane satisfy the three equations f = y 2 + a 1 xy + a 3 y + x 3 + a 2 x 2 + a 4 x + a 6, f x = a 1 y + x 2 + a 4, f y = a 1 x + a 3.

4 FRANZ LEMMERMEYER Note that signs are irrelevant in light of 1 = +1. If a 1 = 0, then f y = 0 is equivalent to a 3 = 0, and in this case we have = 0 as well as x 0 = a 4 and y 0 = a 2 a 4 + a 6. If a 1 0, then x = a 3 /a 1 (since f y = 0) and y = (a 2 3 + a 2 1a 4 )/a 3 1 (since f x = 0). The condition f = 0 now yields = 0: on the one hand we have (observe that 2 = 0 and 1 = 1) = b 2 2b 8 + b 2 6 + b 2 b 4 b 6 = a 6 1a 6 + a 5 1a 3 a 4 + a 4 1a 2 a 2 3 + a 4 1a 2 4 + a 4 3 + a 3 1a 3 3, on the other hand we find a 6 1f(x, y) = a 6 1(y 2 + a 1 xy + a 3 y + x 3 + a 2 x 2 + a 4 x + a 6 ) = a 4 3 + a 4 1a 2 4 + a 3 1a 3 3 + a 3 1a 3 3 + a 5 1a 3 a 4 + a 3 1a 3 3 + a 4 1a 2 a 2 3 + a 6 a 6 1, and since 3a 3 1a 3 3 = a 3 1a 3 3, we see that = 0 is in fact equivalent to f(x, y) = 0. The case char K = 3 is left as an exercise. Finally some remarks on the question whether the singular point is defined over K (i.e. has coordinates from K): if K is a finite field of characteristic 2, then x x 2 is an automorphism, hence every element of K is a square. Corollary 2. Cubic curves in Weierstrass form are irreducible. Proof. Reducible cubic curves consist of three lines or a conic and a line; every point of intersection of components is singular, hence reducible cubics have at least two singular points. If a Weierstrass curve E defined over a field K has a singular point P, then E ns = E(K) \ P } is called the nonsingular part of E. 2. Addition Formulas Let E be an elliptic curve in long Weierstrass form (1) defined over some field K. For P E(K) we define P as the third point of intersection of the line through P and O = [0 : 1 : 0] with E. If [x 1 : y 1 : 1], the line P O is given by x = x 1 ; intersection gives y 2 + (a 1 x 1 + a 3 )y (x 3 1 + a 2 x 2 1 + a 4 x 1 + a 6 ) = 0, that is, the sum of the two roots of this quadratic equation is (a 1 x 1 + a 3 ); note that this equation describes the affine points only. Since one root is given by y = y 1, the other one must be (a 1 x 1 + a 3 ) y 1. Given two points P 1 = (x 1, y 1 ) and P 1 = (x 2, y 2 ) in E(K) with x 1 x 2, let P 1 P 2 = P 3 = (x 3, y 3 ) be the third point of intersection of the line P 1 P 2 with E. The line P 1 P 2 has the equation y = y 1 + m(x x 1 ) with m = (y 2 y 1 )/(x 2 x 1 ); plugging this into (1) yields a cubic equation in x with the roots x 1, x 2 and x 3. The sum of these roots is the coefficient of x 2 (observe that the coefficient of x 3 is 1), hence x 3 = x 1 x 2 a 2 + m(a 1 + m). Plugging this into the line equation we find the y-coordinate of P 3, hence x 3 = x 1 x 2 + m(a 1 + m), y 3 = [y 1 + m(x 3 x 1 ) + a 1 x 3 + a 3 ]. If x 1 = x 2, then y 1 = ±y 2. If y 1 = y 2, then we put P 1 + P 2 = O; if y 1 = y 2, that is, P 1 = P 2, then we let 2P 1 be the third point of intersection of the tangent to E in P 1 with E; a simple calculation then gives

LECTURE 7, WEDNESDAY 25.02.04 5 Theorem 3. Let E/K be an elliptic curve given in long Weierstrass form (1). The chord-tangent method defines an addition on the set E(K) of K-rational points on E; the addition formulas are given by and (x 1, y 1 ) + (x 2, y 2 ) = (x 3, y 3 ), x 3 = x 1 x 2 a 2 + a 1 m + m 2 y 3 = y 1 (x 3 x 1 )m a 1 x 3 a 3 y 2 y 1 if x 1 x 2 x m = 2 x 1 3x 1 + 2a 2 x 1 + a 4 a 1 y 1 if x 1 = x 2 2y 1 + a 1 x 1 + a 3 In particular, for (x, y) the x-coordinate of 2P is given by (6) x 2 x4 b 4 x 2 2b 6 x b 8 4x 3 + b 2 x 2 + 2b 4 x + b 6. Specializing this to curves in short Weierstrass form, we get x 3 = x 1 x 2 + m 2, y 3 = y 1 m(x 3 x 1 ), y2 y 1 x m = 2 x 1 if x 2 x 1, 3x 2 +a 2y if x 2 = x 1, y 0. The cases not covered by these formulas are a) x 1 = x 2 and y 1 = y 2 : here P 1 = P 2, hence P 1 + P 2 = O; b) 2(x, y) with y = 0: here (x, 0) is a point of order 2, that is, 2(x, y) = O. In order to see these formulas in action take the curve E : y 2 +xy = x 3 18x+27. Here a 1 = 1, a 2 = a 3 = 0, a 4 = 18 and a 6 = 27. We find b 2 = 1, b 4 = 36, b 6 = 108, b 8 = 324, hence c 4 = 865, c 6 = 24625 and = 23625 = 3 3 5 3 7. Thus E is an elliptic curve over F p for all p 3, 5, 7. The point (1, 1) is in E(F 2 ) : y 2 + xy = x 3 + 1; let us compute a few multiples of P. Bu the addition law we have m = 3x2 1 + 2a 2 x 1 + a 4 a 1 y 1 2y 1 + a 1 x 1 + a 3 = x2 1 y 1 x 1 = 0, hence x 2 2x P + m + m 2 = 0 and y 2 y P (x 2P x P )m x 2 1, i.e., 2 (0, 1). We get 3P by adding P and 2P ; here m = (y 2 y 1 )/(x 2 x 1 ) = 0, hence x 3 x P x 2 1, as well as y 3 y P x 3 0, hence 3 (1, 0). Finally 4 P + 3P, but here m is not defined because x x 3P. This implies (since P 3P ) that 4 O. In fact we have seen that (x, y) = (x, a 1 x a 3 y), so in our case we have (x, y) = (x, x y), in particular (1, 1) = (1, 0). Thus P generates a group of order 4. Listing all points in E(F 2 ) we find that these are all, and we have proved that E(F 2 ) Z/4Z.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback