ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM EVAN WARNER 1. Siegel s Theorem over Q 1.1. Statement of theorems. Siegel s theorem, in its simplest form, is the fact that a nonsingular elliptic curve contains only finitely many integer-valued points. All versions of this result rely on theorems (of varying strength) in diophantine approximation; thus, in section 1.3, we will sketch a proof of Roth s Theorem, which is the strongest such result that will be needed. We will then prove two Siegel-type theorems, the first of which is an easy theorem of Thue: Theorem of Thue. Let a, b, c be nonzero integers. Then the equation ax 3 + by 3 = c has only finitely many solutions in integers. The main result in the first part of this paper is a proof of the following: Siegel s Theorem over Q. Let C be a nonsingular cubic curve given by an equation F (x, y) = 0 with integer coefficients. Then C has only finitely many points with integer coefficients. Furthermore, if the nonzero rational points of C are labeled P 1,P 2,... in order of non-decreasing height, and we write as a fraction in lowest terms, then x(p i )= a i b i log a i i log b i =1. As usual, we define the height function H : Q N of a rational number x = a/b expressed in lowest terms by H(x) max{ a, b }. Note that the second statement in Siegel s Theorem over Q implies the first, for if there existed an infinite set of rational points whose x-values were integers, then there would be an infinite subsequence i j of the a i and the b i such that a ij and b ij = 1 identically, so log a ij j log b ij =, contradicting the second statement. The second statement is, in fact, much stronger than the first; it implies that the numerators and denominators of x-coordinates of points on an elliptic curve tend to have about the same number of digits. Sources: Silverman and Tate, Rational Points on Elliptic Curves; Silverman, The Arithmetic of Elliptic Curves 1

2 EVAN WARNER 1.2. Preinary remarks; the curve x 3 + y 3 = m. By Mordell s theorem, elliptic curves of rank 0 trivially satisfy Siegel s Theorem. Heuristically, we can guess that the number of integer points is small, because the group law does not respect integrality: if P 1 =(x 1,y 1 ) and P 2 =(x 2,y 2 ) both have integer coordinates, there is no reason to expect that the x-coordinate of their sum, given by ( ) 2 y2 y 1 a x 2 x 1, x 2 x 1 is an integer. We can contrast the situation with that of linear and quadratic curves. A linear equation ax + by = c with integer coefficients either has no solutions (if the greatest common denominator of a and b does not divide c), or it has infinitely many solutions (because if (x, y) is a solution, so is (x + bn, y an) for any integer n). A quadratic equation can have either finitely many integer solutions (e.g. x 2 +y 2 = 1) or infinitely many solutions (e.g. Pell s equation x 2 Dy 2 = 1 where D is not a perfect square). Consider the simple case of x 3 + y 3 = m. Here, we can factor the equation into two polynomials with integer coefficients, (x + y)(x 2 xy + y 2 )=m. Consider all possible factorizations of m into integers A and B. factorization, we must have For some such x + y = A, x 2 xy + y 2 = B, so by simple substitution (y = A x) we have 3x 2 3Ax + A 2 = B. This has two solutions, given by the quadratic equation, which can be checked for integrality. There are clearly only finitely many integer solutions. The same procedure applies equally well for any cubic that can be factored into a linear term and an irreducible quadratic term with integer coefficients, and that is set equal to another integer. Furthermore, we have a fairly obvious effective bound on integer solutions: for any integer solution (x, y), there exist A and B that satisfy the above equations, so yielding m B = x 2 xy + y 2 = 3 ( ) 2 1 4 x2 + 2 x y 3 4 x2 = 3 ( ) 2 1 4 y2 + 2 y x 3 4 y2, m max{ x, y } 2 3. Bounds in the general case are much larger and much more difficult to prove, and will not be discussed in this paper.

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 3 1.3. Sketch of proof of Roth s theorem. The main result we will need in diophantine analysis is the following: Roth s Theorem. Let β be an algebraic number. For any constant C, there exist only finitely many rational numbers x satisfying the inequality for every ɛ> 0. x β < CH(x) 2 ɛ Because H(x) q, this immediately implies that if x = p/q is given in lowest terms, there exist only finitely many rational numbers satisfying x β < C q 2+ɛ. In the second part of this paper, we will use (without proof) a generalization of this theorem to arbitrary absolute values on arbitrary number fields. A complete proof of this theorem would take us too far afield, but the following is a brief sketch. First, given an integer m and given d 1,..., d m, we wish to construct a polynomial P in the polynomial ring of m variables Q[X 1,..., X m ] and degree d i in X i, vanishing to high order at the point (β,..., β). We also wish the coefficients of P to have small heights with bounds given in terms of β, m, and the d i. Now given elements x 1,..., x m Q such that x i β CH(x) 2 ɛ for each i, we use the Taylor series expansion of P around (β,..., β) to show that P (x 1,..., x m ) is small. The most difficult part of the proof is a nonvanishing result: we want to show that P (x 1,..., x m ), despite being small, does not vanish to too high an order. Suppose that the degrees d 1,..., d m to be rapidly decreasing, and x 1,..., x m are rapidly increasing in height. Then it is possible to show that if P has degree d i in X i and coefficients whose heights are bounded in terms of h(x 1 ) and d 1, it does not vanish to too high an order. The proof proceeds by induction on m; one would like the polynomial to factor as P (X 1,..., X m )=F (X 1 )G(X 2,..., X m ), but this is unlikely. The inductive step instead follows by constructing differential operators D ij so that the Wronskian det(d ij P ) is a nonzero polynomial that does factor in the above manner, and making sure the degrees and heights of the polynomial det(d ij P ) do not grow too large. The proof is then concluded by contradiction as follows. Assume that x β CH(x) 2 ɛ has infinitely many solutions x Q. Choose a value for m depending on ɛ, C, and [Q(β) :Q], and choose rational x 1,..., x m sequentially to satisfy x i β CH(x) 2 ɛ where H(x 1 ) is large compared to m and H(x i+1 ) >H(x i ) κ for some constant κ depending on m. Then choose a large d 1, depending on m and the heights, and choose the rest of the d i in terms of d 1 and the heights. Using the first step of the proof, construct a polynomial P of degree d i in X i which vanishes to some high order at (β,..., β), where the order of vanishing depends on m and the d i.

4 EVAN WARNER Because P does not vanish to too high an order at (x 1,..., x m ), there is a low-order nonvanishing partial derivative which evaluates to some nonzero z at (x 1,..., x m ) which is bounded in height. From the Taylor series expansion as mentioned earlier, one can show that z quite small. The combination of these three facts provides a contradiction, if our estimates are good enough, because if z is small but nonzero, this provides a lower bound on its height, so if the height has an sufficiently stringent upper bound, we arrive at the desired contradiction. 1.4. Proof of the theorem of Thue. Assuming Roth s theorem, the theorem of Thue is straightforward. First note that it suffices to assume that a = 1, because (x, y) is a solution to ax 3 +by 3 = c if and only if (ax, y) is a solution to x 3 +a 2 by 3 = a 2 c. Next note that by replacing y by y and/or b with b, we can bring the equation into the form x 3 by 3 = c, with b>0 and c>0. Let β be the real root of x 3 = b. Then we can factor the above equation to get (x βy)(x 2 + βxy + β 2 y 2 )=c. Let (x, y) be a solution of the above equation. The key point is that x βy must be quite small, because we have ( c = x βy x 2 +βxy+β 2 y 2 = x βy x + 1 ) 2 2 βy + 3 4 β2 y 2 x βy 3 4 β2 y 2. Rearranging, we have x y β 4c 1 3β 2 y 3. By Roth s theorem with ɛ = 1, this inequality has only finitely many solutions in integers x and y, which implies the desired result. It should be noted that this result only requires an approximation exponent of 3, rather than 2 + ɛ, and the full power of Roth s theorem is therefore unnecessary. 1.5. Proof of Siegel s Theorem over Q. Throughout, let C be an elliptic curve. Given a rational function f Q(C) (a rational function on the elliptic curve with coefficients in Q), define H f (P ) H(f(P )). If f(p ) is infinite, let H f (P ) = 1. The choice f(x, y) =x corresponds to the usual definition of H(P ). We now want to define a collection of distance functions on points of C. Let t Q be in R(C) with a zero at some fixed point Q C(R), of order e 1. Then define d(p, t Q ) min{ t Q (P ) 1/e, 1}. Lemma 1.1. If t Q and t Q in R(C) vanish at Q C(R) to respective orders e and e, log d(p, t Q ) P C(R) log d(p, t Q ) =1. Here, P Q means that d(p, t Q ) 0 for some choice of t Q (and therefore for all choices).

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 5 Proof. Let the function φ R(C) be given by φ(p )= t Q (P )e. t Q (P ) e Clearly, φ has neither a zero or a pole at Q. Calculating, Close to Q, we have so log φ(p ) = e log t Q(P ) e log t Q (P ) = log t Q(P ) = 1 e log d(p, t Q) = log t Q(P ) 1/e log d(p, t Q ) P C(R) log d(p, t Q ) = 1 + log φ(p ) + e e log t Q(P ). = 1 ee log φ(p ) + 1 e log t Q(P ) = 1 ee log φ(p ) + log d(p, t Q), P C(R) log φ(p ) 1/ee log d(p, t Q ). Note that φ is bounded away from 0 and near Q, and log d(p, t Q ) as d(p, t Q ) 0, so the second term drops out and the proposition is verified. From now on, we let d(p, Q) =d(p, t Q ) for some (fixed) t Q, suppressing the precise dependence on t Q. As long as we deal with log d(p, Q) in the it as P Q, the above lemma demonstrates that this notation is justified. A map is termed finite if the preimage of every point in the image is a finite set. An unramified finite map has the property that all preimages of points have the same cardinality. It will turn out that we only need to use Lemma 1.2 in the case of the map P mp + R, where R and P are points on an elliptic curve C. The fact that this map is unramified follows from viewing the elliptic curve from the complex-analytic perspective: the function that adds R corresponds to a translation, which is one-to-one and therefore obviously unramified, while the preimages of each point under the multiplication-by-m function have cardinality precisely m 2, distributed evenly over the fundamental parallelogram. An unramified map has no branch points; that is, given an unramified map f : C 1 C 2, for every point R C 2 and point Q f 1 (R), we can find a neighborhood U containing Q such that f restricted to U is one-to-one. In the case of elliptic curves, we can view them as complex manifolds, so U and f(u) are analytically equivalent each other and to simply connected open sets in some appropriate (i.e. one-dimensional) affine space. Two functions t Q and t R that vanish to degree 1 at Q and R, respectively, will also be analytically equivalent, so we can find an invertible analytic function φ defined near Q such that t R f = t Q φ. In fact, we can take φ R(C), because t R, t Q are rational maps and f is assumed to be a morphism. These considerations will be useful in the proof of the following lemma:

6 EVAN WARNER Lemma 1.2. Let C 1 and C 2 be curves over Q, f : C 1 C 2 an unramified finite map defined over Q, and Q C 1 (R). Then log d(f(p ),f(q)) =1. P C 1(R) log d(p, Q) Proof. Let t Q R(C 1 ) vanish to order 1 at Q and t f(q) R(C 2 ) vanish to order 1 at f(q) (it is easy to see that such functions must exist; in particular, the function x(p Q)/y(P Q) vanishes to order 1 at Q for any elliptic curve in Weierstrass form). By the argument preceding the statement of the lemma, there exists an invertible φ R(C) such that t f(q) f = t Q φ. Because φ is invertible, it is bounded away from 0 and as P Q, and when P is sufficiently close to Q we have log d(f(p ),f(q)) log d(p, Q) = log t f(q)(f(p )) log t Q (P ) = log t Q(P ) φ(p ) log t Q (P ) log φ(p ) = 1 + log t Q (P ). As P Q, log φ(p ) stays bounded while log t Q (P ) goes to. Therefore the ratio on the right goes to zero, and the proposition holds. The following is a corollary to Roth s theorem, reinterpreting the result in terms of distance functions. Lemma 1.3. Let f be a nonconstant function in Q(C), and let Q C(Q). Then, so long as Q is an accumulation point of C(Q), log d(p, Q) inf P C(Q) log H f (P ) 2. Proof. Because H(f(P )) = H(1/f(P )), we can assume that f(q) < simply by replacing f with 1/f. Pick the distance function d(p, Q) = min{ f(p ) f(q) 1/e, 1}, where e 1 is the order of the vanishing of the function f f(q) at Q. Then inf log d(p, Q) log H f (P ) = 1 log f(p ) f(q) inf e log H f (P ) = 1 e = 1 e inf inf log(h f (P ) τ f(p ) f(q) ) log H f (P ) τ log H f (P ) [ log(hf (P ) τ ] f(p ) f(q) τ, log H f (P ) where τ is arbitrary. If we choose τ = 2 + ɛ, then by Roth s theorem H f (P ) τ f(p ) f(q) 1

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 7 for all but finitely many P. Its logarithm is therefore positive. The infimum is unaffected by the finite number of exceptions, and log H f (P ) 0, so the first term is positive and we have inf log d(p, Q) log H f (P ) 2+ɛ 2 ɛ, e because e 1. Because ɛ> 0 is arbitrary, the lemma follows. We now state the height estimates used in the (generalized) Mordell-Weil theorem, since they will be needed in the proof of Siegel s Theorem over Q. Let f be any even function in Q(C), and define h f (P ) log H f (P ). Then i) For a fixed Q C(Q), there is a constant κ 0 depending on Q, C, and f such that h f (P + Q) 2h f (P )+κ 0 for all P C(Q), and ii) There is a constant κ depending on C and f such that h f (2P ) 4h f (P ) κ for all P C(Q). Note that these estimates are generalized by replacing h by h f for any even rational function f; that is, replacing the function f(x, y) =x with an arbitrary rational function. In the end, to prove that there exist only finitely many integer points on an elliptic curve, we will specialize again to f = x. As an extension of estimate ii), we have the following: Lemma 1.4. Let f be any even function in Q(C). Then there is a constant λ(n) depending on C, f, and n such that h f (2 n P ) 2 2n h f (P ) λ(n). Proof. We take the same κ as in proposition ii) above and take n 1 λ(n) = 2 2j κ. j=0 Proposition ii) then corresponds to the base case n = 1. For arbitrary n>1, we have by induction h f (2 n P ) 4h f (2 n 1 P ) κ n 2 4 2 2(n 1) h f (P ) 2 2(j 1) κ κ n 1 =2 2n h f (P ) 2 2j κ j=0 j=0 =2 2n h f (P ) λ(n). The following is the main result, of which Siegel s Theorem over Q is a corollary:

8 EVAN WARNER Theorem 1.5. Let f Q(C) be a non-constant even function and Q a point on C(Q). Then log d(p, Q) =0. P C(Q) h f (P ) h f (P ) Proof. We know that d(p, Q) 1, which implies log d(p, Q) 0, and h f (P ) 0, so log d(p, Q) sup 0. P C(Q) h f (P ) h f (P ) Let L = inf P C(Q) h f (P ) log d(p, Q) ; h f (P ) it suffices to show that L 0. Let P i be a distinct sequence of points approaching the infimum; that is, log d(p i,q) = L. i h f (P i ) Choose some large integer n, and let m =2 n. Because C(Q) is finitely generated (by the Mordell-Weil theorem), the group C(Q)/mC(Q) is finite for every m. Hence some coset contains infinitely many of the P i. Take this subsequence, again denoted by P i. Then we can write P i = mp i + R for some P i,r C(Q), where R is fixed. Using the height estimates stated above, we have m 2 h f (P i )=2 2n h f (P i ) h f (2 n P i )+λ(n)κ = h f (P i R)+λ(n)κ 2h f (P i )+λ(n)+κ 0 =2h f (P i )+D(m), where D(m) is a constant depending only on C, f, and m (in particular, it is independent of i). Note that if P i is bounded in distance away from Q, then log d(p i,q) is bounded (away from ), so as h f (P ) the key it goes to zero. We therefore have to deal only with the case where P i is not bounded away from Q. In this case, we can choose another subsequence (again denoted by P i ) such that P i Q. Then mp i Q R. For a fixed T, there are m2 possible points S such that ms = T. Therefore the sequence P i must have an accumulation point at one of these mth roots of Q R, which we will call Q. By taking yet another subsequence of the P i, again denoted by P i, we have P i Q and Q = mq + R. Because the map P mp + R is everywhere unramified, by Lemma 1.2 and the fact that P i Q we have that i log d(p i,q) log d(p i,q ) =1.

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 9 Putting this together with the estimate h f (P i ) 1 2 m2 h f (P i ) 1 2D(m) from above, log d(p i,q) log d(p i L =,Q ) i h f (P i ) i 1 2 m2 h f (P i ) 1 2 D(m) (the inequality is reversed because the logarithms of distances are always negative). By Lemma 1.3 applied to the sequence P i Q, inf i log d(p i,q ) h f (P i ) 2. Therefore 4h f (P i L ) i m 2 h f (P i )+D(m) = 4 4 ( ) = i m 2 + D(m) m 2, h f (P i ) because h f (P i ) certainly goes to as i. The integer m is arbitrary, so taking m we see that L 0, completing the proof. We can now specialize to f(x, y) =x, so h f (P ) reduces to the usual h(p )= log max{ a i, b i }, and assume that the elliptic curve C is in Weierstrass form. Label the nonzero rational points P 1,P 2,... in nondecreasing order of height, writing x(p i )=a i /b i in lowest terms. Choosing the point Q = O (the point at infinity) and noting that 1/x has a zero of order 2 at O, we can pick the distance function so d(p i, O) = min{ b i /a i 1/2, 1}, log d(p i, O) = log min{ b i /a i 1/2, 1} = 1 2 min{log b i log a i, 0} By Siegel s theorem, i min{log b i /a i, 0} 1 2 max{log a i, log b i } min{log b i log a i, 0} = 0 = =0. i max{log a i, log b i } Now choose Q to be a point with x(q) = 0 (such a point will clearly always exist and belong to C(Q)); then we can choose the distance function so and by Siegel s theorem, d(p i,q) = min{ a i /b i, 1}, log d(p i,q) = min{log a i log b i, 0} min{log a i log b i, 0} =0. i max{log a i, log b i } We can put these two estimates together as follows: partition the positive integers into disjoint sets labeled by i 1 and i 2, where the i 1 are defined by the condition a i1 b i1 and the i 2 are defined by the condition b i2 < a i2. Both of the sets are infinite (there are certainly an infinite number of rational numbers less than 1, and an infinite number of rational numbers greater than 1). The its of the subsequences are therefore the same as the its of the sequences: from the first identity, we have log b i1 log a i1 log b i1 = 0 = i log a i1 i log a i1 = 1 = log a i1 i log b i1 = 1;

10 EVAN WARNER from the second identity, we have log a i2 log b i2 log a i2 = 0 = i log b i2 i log b i2 =1. Since the union of the sets is the whole set of positive integers, we can glue these its together to get log a i i log b i =1, which is the desired result. 2. Two theorems on S-integer solutions 2.1. Absolute values and heights. In this section, we will define some of the concepts used in the proofs of the theorems on S-integers. We will be content to merely quote several purely algebraic results. An absolute value v on a field K (here always taken to be a number field; that is, a finite extension of Q) is a function from K to R 0 satisfying i) x v = 0 iff x = 0, ii) xy v = x v y v, iii) x + y v x v + y v. Absolute values come in two types: non-archimedean absolute values, which satisfy the inequality x + y max{ x, y }, and archimedean absolute values, which do not. The trivial absolute value, given by x = 1 for x 0, will be ignored in what follows. Since an absolute value gives a topological metric, we can construct the completion of K with respect to v, denoted K v, for every absolute value v on a field K. We can set up an equivalence relation on absolute values: let two absolute values v 1,v 2 equivalent if x v1 < 1 x v2 < 1. In this case, it can be shown that there exists an exponent e such that x e v 1 = x v2 for all x. An absolute value up to equivalence is called a place. The set of places on a number field K will be denoted M K. To make this more concrete, we can describe M Q precisely. For each place, we will pick a standard absolute value to represent that place. There is one archimedean absolute value, given by the usual formula, x max{x, x}. For each prime p Z, there is one non-archimedean absolute value, the p-adic absolute value. It is given by the formula p n a p n b p where a, b Z and gcd(p, ab) = 1. The completion Q p is the field of p-adic numbers. We can use these standard absolute values on Q to define standard absolute values on any number field K: from each place in M K, simply select the absolute value that restricts to one of the standard absolute values on Q. From now on, all absolute values will be assumed to be standard. For a general number field K, there is also a more concrete description of the absolute values: the archimedean ones correspond exactly with embeddings of K into R or C, while the non-archimedean ones correspond exactly to prime ideals.

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 11 To be more precise, take a prime ideal p. For every x K, there will be a unique integer r such that x p r but x/ p r+1. There is then an absolute value given by { 1/N (p) r if x 0, x p 0 if x =0, where N(p) is the absolute norm of the ideal p (the exact definition of N is unimportant for our purposes). It turns out that every non-archimedean absolute value is equivalent to an absolute value arising in this manner. We can now define S-integers and S-units, denoted by R S and R S respectively, for an arbitrary number field K. Let S be a subset of M K ; that is, a set of places on K. Then and R S {x K : x v 1, v / S} R S {x K : x v =1, v / S}; that is, the units of R S. We can apply this to the case K = Q. Let S be the set of places defined by a finite list of primes p 1,..., p s together with the archimedean absolute value, denoted by (we will always take places S to include all archimedean absolute values). By the definition of the p-adic absolute value, the elements of RS are rational numbers with numerator and denominator equal to products of primes in the set {p i }, and R S consists of rational numbers with denominator equal to the product of primes in {p i }. Now it is possible to again generalize the height function to an arbitrary absolute value v. For an elliptic curve C and point P C(K), we define the height of P relative to K as H K (P ) max{1, x(p ) v } nv, v M K where n v =[K v : Q v ] (we can also apply this height function to elements x K in the obvious way, replacing x(p ) with x). If K = Q, the height function defined above reduces to the ordinary one. If L/K is a finite extension, then H L (P )=H K (P ) [L:K]. In light of this property, the height of a point depends on the field we are discussing. Therefore it is convenient to introduce the absolute height H(P ): Let K be any number field containing x(p ); then H(P ) H K (P ) 1/[K:Q]. This is clearly independent of the choice of K. As before, we let h(p ) log H(P ). Finally, the v-adic distance function d v is defined in exactly the same way as the distance functions corresponding to the ordinary metric: d v (P, Q) min{ t Q (P ) 1/e v, 1}, where e is the order of the vanishing of t Q at P. All of the properties of distance functions from section 1.5 continue to hold in this general setting, and can be proven in the same manner. In fact, Theorem 1.5 continues to hold in the following generalization:

12 EVAN WARNER Theorem 2.1. Let C be an elliptic curve over a number field K with C(K) =, v an absolute value on K, and Q E(K). Then log d v (P, Q) =0. P E(K) h(p ) h(p ) The proof of this theorem is in exact analogy to the proof of Theorem 1.5. In practice, we will not concern ourselves with the condition that C(K) =, because if this is not the case, finiteness of S-integers is trivial. 2.2. The first S-integer theorem. From Theorem 2.1, we can prove directly the following, which states that the set of S-integer points on an elliptic curve is finite: First S-integer theorem. Let C be an elliptic curve over K in Weierstrass form, let S M K be a finite set of places containing all archimedean places, and let R S be the ring of S-integers of K. Then is a finite set. {P C(K) :x(p ) R S } Proof. Assuming the contrary, let P 1,P 2,... be an infinite sequence of distinct points such that x(p i ) R S for all i. We have [ ] h(p ) = log max{1, x(p i ) v } nv/[k:q] 1 = log max{1, x(p i ) v } nv [K : Q] v S because for v / S, x(p i ) v 1 by the definition of R S and therefore does not contribute to the product. Because S is a finite set, there is some v such that x(p i ) nv is largest among all such terms for infinitely many i. Take a subsequence of the P i, again denoted P i, obeying this property. We also have that n v [K : Q] for each v: let K = Q[x] and let F (T ) be the minimal polynomial of x. Then the minimal polynomial of Q v [x] over Q v certainly must divide F (T ), so if we can show that Q v [x] =Q[x] v = K v, then the inequality follows immediately. That completion and finite field extensions commute can be shown by appealing to a basis for Q v [x] as a vector space over Q v and noting that convergence in any norm of an element of Q v [x] is equivalent to convergence of each of the coefficients of that element with respect to the chosen basis. Putting this all together, h(p i ) v S S [K : Q] log max{1, x(p i) v } nv S log x(p i ) v (where we have used the fact that h(p i ) > 0, so log x(p i ) v must be greater than zero). As i, certainly h(p i ), so the above implies that x(p i ) v as well. In other words, d v (P i, O) 0, where O is the point at infinity. Taking d v (P i, O) = min{ x(p i ) 1/2 v, 1}, because x has a pole of order 2 at O, we have for sufficiently large i log d v (P i, O) = 1 2 log x(p i) v. Rearranging (and using the fact that both the above and h(p i ) are positive), for sufficiently large i we get log d v(p i, O) 1 h(p i ) 2 S,

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 13 contradicting Siegel s theorem. 2.3. Solutions of the S-unit equation. In the proof of the second S-integer theorem, there is a reduction to an equation of the form ax + by =1, where x and y are S-units. In this section, we will prove that equations of this form have only finitely many such solutions. Since we will need a somewhat more generalized Roth s theorem than used earlier, we quote the following, which is a generalization both to arbitrary number fields K and arbitrary absolute values v on K: Roth s Theorem. Let K be a number field, β K, and v some absolute value on K extended in some manner to K(β). Then for any constant C there exist only finitely many solutions to the inequality x β v < CH K (x) 2 ɛ. With this in hand, we both can state and sketch a proof of the main theorem of this section: Theorem 2.2. Let S be a finite set of places, and let a, b K. Then the equation ax + by =1has only finitely many solutions in S-units. Proof. We will assume Dirichlet s S-unit theorem, which states (in analogy with the Dirichlet unit theorem) that the multiplicative group of S-units is finitely generated. Therefore, if m is some integer (which we will eventually take to be large), the group R S /(R S )m is finite. Let c 1,..., c r be coset representatives. Then any solution (x, y) to the unit equation may be written as x = c i X m, y = c j Y m for some X, Y RS and some choice of i and j. Therefore (X, Y ) is a solution to ac i X m + bc j Y m =1. Since there are only finitely many possible choices for c i and c j, it suffices to prove that the equation αx m + βy m = 1 has only finitely many solutions, for α, β K. Supposing the opposite, note that H K (Y )= v S max{1, Y v } nv, because Y v = 1 for each v / S. Since S is finite, there is some v such that v maximizes Y v for infinitely many of the Y. With the fact that n v [K : Q], we have (1) Y v H K (Y ) 1/[K:Q] S for infinitely many Y. Now let γ m = β/α, where the precise root will be determined later. We will show that if m is large enough, X/Y provides too close an approximation in a diophantine sense to γ. Factor the S-unit equation as m i=1 ( X Y ζm γ ) = 1 αy m, where ζ is a primitive mth root of unity. Since there are infinitely many Y, H K (Y ) can be made as large as desired, so by the above inequality Y v can be made as

14 EVAN WARNER large as desired as well. Taking the absolute value v of both sides, m X Y ζi γ 1 = v α v Y m v i=1 By choosing γ appropriately, we see that X/Y γ v is very small. Precisely, we have by the triangle inequality when ζ i 1, X/Y ζ i γ v γ(1 ζ) v X/Y γ v, so we can find a constant C 1 independent of X/Y such that (2) X/Y γ v C 1 Y m v. For the last estimate, since α(x/y ) m = (1/Y ) m β, it is clear that we can write (3) H K (X/Y ) C 2 H K (Y ), where C 2 depends only on α, β, and m. Combining (1), (2), and (3), we have the inequality X/Y γ v CH K (X/Y ) m/([k:q] S ), where C depends only on α, β, and m. Therefore if we choose m large enough, then by Roth s theorem there are only finitely many possible X/Y. Since Y m =(α(x/y ) m + β) 1 and X =(X/Y )Y, there are at most m solutions (X, Y ) for every X/Y satisfying the above inequality. Therefore we have a contradiction. 2.4. The second S-integer theorem. The goal of this section will be the following theorem of Siegel: Theorem 2.3. Let f(x) K[x] be a polynomial of degree d 3 with distinct roots in K. Then the equation y 2 = f(x) has only finitely many solutions in S-integers, where S is a finite set of places. Proof. We will feel free to enlarge K and expand S, since a proof under such circumstances will clearly imply the proof for the original K and S. It is therefore permissible to assume that f splits over K: f(x) =a(x α 1 )(x α 2 )... (x α d ), where α i K. We would like to expand S so that S is still finite and the following two conditions hold: i) a RS and α j α i RS for all i j; ii) R S is a principal ideal domain. First, we show that i) is possible. Since R S = {x K : x v =1, v / S}, by adding enough v to S it certainly possible to put any element of K in R S ; however, we want S to remain finite. That this is possible follows from the fact that for all a K, a v = 1 for all but finitely many v, which we prove as follows: write a = b/c, where b, c O K, the ring of integers of K. Consider the ideal (b), and factor as (b) =p 1 p 2... p r, where the p i are prime ideals in O K. The factorization is unique because O K is a Dedekind domain. Every prime ideal p not equal to one of the above factors obeys (b) / p, which implies that b p = 1 (we have r = 0 in the definition of p ). Doing

ELLIPTIC CURVES SEMINAR: SIEGEL S THEOREM 15 the same for c, we have c p = 1 for all but finitely many p, so clearly a p = 1 for all but finitely many p. Because all non-archimedean absolute values arise in this manner, and there are only finitely many archimedean absolute values, we conclude that a v = 1 for all but finitely many v, for any given a K. To show that ii) is possible, note that the class group of R S is finitely generated (actually, it is finite), so pick a finite set of generators and factor all of them into primes, which will still be a finite set. By adjoining the inverses of all these primes to K, they all become invertible, so the class group becomes trivial. We now wish to show that the ideal (x α i ) is the square of an ideal in R S. Given any prime ideal p in R S, p can divide at most one of the ideals (x α i ), for otherwise, it would divide the ideal (x α i (x α j )) = (α i α j ). However, we have ensured that (α i α j ) is a unit, so this is a contradiction. For the same reason, p does not divide (a). Therefore if p is one of the factors of (x α i ), it must also be a factor of y 2, and therefore it must occur with an even power. Thus (x α i ) is the square of an ideal. Because R S has been made into a principal ideal domain, we can write x α i = b i zi 2 for some b i RS and z i R S. Now extend K to a field L by adjoining the square root of every element of RS. By the Dirichlet S-unit theorem, the group RS of S-units is finitely generated, so RS /(R S )2 is finite and L/K must be a finite extension. Let T be the set of places of L that lie over elements of S. Because L/K is finite, T is finite. In L, each b i is a square, so let βi 2 = b i. Then x α i =(β i z i ) 2, which implies that α j α i =(β i z i ) 2 (β j z j ) 2 =(β i z i β j z j )(β i z i + β j z j ). Because the left hand side is in RT and the two factors on the left hand side are in R T, we in fact have that β i z i ± β j z j RT whenever i j. Consider the following identity, which is easily verified: β 1 z 1 + β 2 z 2 +( 1) β2z 2 β 3 z 3 =1. β 1 z 1 β 3 z 3 β 1 z 1 β 3 z 3 (Note that we are now using the assumption that d 3.) Both terms are in R T, so this is in fact the T -unit equation, and we can appeal to Theorem 2.2 to state that there are only finitely many possibilities for the terms β 1 z 1 + β 2 z 2 β 1 z 1 β 3 z 3 and therefore also for their product and α 2 α 1 (β 1 z 1 β 3 z 3 ) 2, β 2 z 2 β 3 z 3 β 1 z 1 β 3 z 3, and therefore also for β 1 z 1 β 3 z 3, and therefore also for β 1 z 1 = 1 [ (β 1 z 1 β 3 z 3 )+ α ] 3 α 1, 2 β 1 z 1 β 3 z 3 and therefore also for x = α 1 +(β 1 z 1 ) 2. Since for each x there are only two possible values of y, we have established that y 2 = f(x) has only finitely many solutions in S-integers.