Effective geometry and arithmetic of curves and their moduli spaces: an introduction

Effective geometry and arithmetic of curves and their moduli spaces: an introduction Master 2 of Rennes Christophe Ritzenthaler

Copyright c 2017 Christophe Ritzenthaler RENNES UNIVERSITY

Contents 1 Presentation of the course..................................... 5 1.1 Content of the course 5 1.2 References 5 1.3 Notation 5 Effective geometry of curves I 2 Affine and projective varieties: a quick review.................. 9 2.1 Affine varieties 2.2 Projective varieties 13 2.3 Maps between projective varieties 17 3 Elementary properties of curves............................... 19 3.1 Uniformizers 3.1.1 Construction of functions with specific Laurent tails..................... 20 3.2 Maps between curves 3.2.1 Dictionary curves/function fields.................................... 22 3.3 Divisors 25 3.4 Differentials 28 3.4.1 Generalities.................................................... 28 3.4.2 Residue....................................................... 29 9 19 22

4 Riemann-Roch and Riemann-Hurwitz.......................... 33 4.1 Proof of Riemann-Roch theorem 33 4.1.1 Répartitions and H 1 (D)........................................... 33 4.1.2 Dual of the space of répartitions.................................... 35 4.1.3 The residue map and Serre duality.................................. 36 4.2 Corollaries 37 4.3 Riemann-Hurwitz theorem 38 5 Description of the curves up to genus 5........................ 41 5.1 Genus 0 case 41 5.2 Genus 1 case 42 5.3 Genus 2 case 43 5.4 Interlude: canonical map and hyperelliptic curves 44 5.5 Genus 3 case 46 5.6 Genus 4 case 46 5.7 Genus 5 and beyond 47 II Arithmetic of curves and its Jacobian over finite fields 6 Number of points of curves over finite fields.................... 51 6.1 Weil conjectures for curves 53 6.1.1 Rewriting of Z(C/k,T )............................................. 54 6.1.2 δ 0 = 1......................................................... 55 6.1.3 Functional equation............................................. 56 6.1.4 Riemann hypothesis.............................................. 56 6.2 Maximal number of points 58 6.2.1 General arguments.............................................. 58 6.2.2 Asymptotics.................................................... 61 6.2.3 The cases g = 1 and 2............................................. 61 6.3 Codes 62 6.3.1 Definitions...................................................... 62 6.3.2 AG-codes..................................................... 64 6.3.3 Modular codes................................................. 66 7 Jacobian of curves........................................... 69 7.1 Abelian varieties: algebraic and complex point of view 70 7.2 Jacobians 74 7.3 Application to cryptography 76 7.4 Construction of curves with many points 78 7.4.1 Weil polynomial vs Frobenius characteristic polynomial.................. 78 7.4.2 A construction of maximal curve of genus 3 over F 2 n.................... 81

III Appendices 8 Using MAGMA and some (open) problems..................... 87 8.1 Some basic tools: exercises 87 8.1.1 Wording....................................................... 87 8.1.2 Solutions....................................................... 89 8.2 Some (more) open exercises 91 8.2.1 Isomorphisms between hyperelliptic curves........................... 91 8.2.2 Number of points on plane curves.................................. 91 8.2.3 Good correspondences between curves............................. 91 8.2.4 Constraints on the Weil polynomial for curves.......................... 92 8.2.5 Codes from modular curves....................................... 92 8.2.6 Distribution of curves over finite fields................................ 92 8.2.7 Number of points on a genus 4 curve................................ 92 8.2.8 Number of points on a genus 5 curve................................ 93 8.2.9 Non-special divisors on a curve over a finite field....................... 93 8.3 Good models of curves of genus 5 93 8.3.1 Wordings...................................................... 93 8.4 Isomorphisms-Automorphisms 96 8.5 Exploring the number of points of curves over finite fields 97 8.5.1 Wordings...................................................... 97 8.5.2 Solutions....................................................... 98 9 Exercise sheet............................................... 101 10 Solutions of the exercises.................................... 107 Bibliography................................................ 115 Articles 115 Books 116 Index....................................................... 118

1. Presentation of the course 1.1 Content of the course 1.2 References The references for Chapter 2 will be [0, Chap.I] for a fast overview and [0, chap.i, chap.ii], [0, Chap.II] or [0, chap.1,2,3] for a more exhaustive understanding. Although we are interested in effective aspects, the algorithms behind the systematic computations would bring us too far. We refer to [0] for an introduction to the topic. Chapter 3 follows [0, Chap.II] and partly [0] for the properties of the residue. Chapter 4 is a mix of [0] and [0]. For the models of curves in Chapter 5, there are information in [0], [0], [0] and [0] and part of the underlying theory is also contained in [0, Chap.IV]. The proof of Weil conjecture in Chapter 6 and the consequences for maximal curves are inspired by [0] and [0]. The application to codes is in [0]. Chapter 7 is an overview and the interested reader will be able to learn much more from various sources. For the complex theory [0, chap.iv], [0] and [0] give a deeper and deeper path into the theory. For the general point of view, [0, chap.v] provides a first overview at the general theory whereas [0, chap.vii] focuses on Jacobians. The application to cryptography can be found in various sources, for instance in [0]. The final application to construction of curves takes some arguments from [0, chap.v] and then from [0]. 1.3 Notation In the rest of the course (and unless specified) we will use the following notation k a perfect field (i.e. all its finite extensions are separable) of characteristic p equal to 0 or a prime. for varieties V /k, we will write P V instead of P V ( k).

IEffective geometry of curves 2 Affine and projective varieties: a quick review................................. 9 2.1 Affine varieties 2.2 Projective varieties 2.3 Maps between projective varieties 3 Elementary properties of curves...... 19 3.1 Uniformizers 3.2 Maps between curves 3.3 Divisors 3.4 Differentials 4 Riemann-Roch and Riemann-Hurwitz. 33 4.1 Proof of Riemann-Roch theorem 4.2 Corollaries 4.3 Riemann-Hurwitz theorem 5 Description of the curves up to genus 5 41 5.1 Genus 0 case 5.2 Genus 1 case 5.3 Genus 2 case 5.4 Interlude: canonical map and hyperelliptic curves 5.5 Genus 3 case 5.6 Genus 4 case 5.7 Genus 5 and beyond

2. Affine and projective varieties: a quick review 2.1 Affine varieties Definition 2.1.1 For every n > 0, we define the affine space of dimension n as A n = {(x 1,...,x n ) k n } and its k-rational points as A n (k) = {(x 1,...,x n ) k n }. If P = (a 1,...,a n ) A n = A n (k), for every σ Gal(k/k), we define P σ = (a σ 1,...,aσ n ). We see that A n (k) = {P A n,s.t. P = P σ σ Gal(k/k)}. This point of view is often useful because it allows to see an arithmetic problem (i.e. over k) as a geometric problem (i.e. over k) plus a Galois action. Let now R n = k[x 1,...,X n ] and I R n be an ideal. Definition 2.1.2 The affine algebraic set associated to I is the set of points V (I) = {P A n s.t. f (P) = 0 f I}. If I is defined over k (i.e. I can be generated by polynomials with coefficients in k) then the set of k-rational points of V (I) is the set V (I)(k) = V (I) A n (k) = {P V (I) s.t. P = P σ σ Gal(k/k)}. The noetherian property of R n shows that we can assume that I is finitely generated by a set of polynomials f 1,..., f m. Hence V (I) = {P A n s.t. f i (P) = 0 1 i m}. We will also denote V = V (( f 1,..., f m )) as the set defined by V : f 1 = 0,..., f m = 0. Example 2.1 V ((1)) = /0 and V ((0)) = A n. Let k = R and let us draw some pictures of algebraic sets in A 2 and A 3. By the way, the picture behind the title of this chapter is also (the real points of an) algebraic set given by a quartic equation in A 3 and called a Kümmer surface.

12 Chapter 2. Affine and projective varieties: a quick review Figure 2.1: V : Y X 2 = 0 Figure 2.2: V : X 2 Y + XY 4 X 4 Y 4 = 0 Figure 2.3: V : X 2 +Y 2 Z 2 = 0 Figure 2.4: V : Y X 2 = 0,Y = 2 The last picture defines two points (± 2,2). Note that although V is defined over Q, it has no Q- rational points. More generally, a point (a 1,...,a n ) A n is defined by I = (X 1 a 1,...,X n a n ). Let us fix n 1 and look at the Q-rational points of V n : x n + y n 1 = 0 in A 2. Proving that V n (Q) = {(1,0),(0,1)} when n > 1 is odd and V n (Q) = {(±1,0),(0,±1)} when n > 2 is even is equivalent to prove Fermat last theorem. One can therefore guess that statements over nonalgebraically closed fields are often deep. Note that the underlying idea is that there is also a strong control of the geometry on the arithmetic. It can for instance be proved computing only a geometric invariant of V n (its genus, see Definition 3.4.5) that its set of Q-rational points must be finite for all n > 4 (consequence of Mordell conjecture proved by Faltings). On the contrary the (genus 1) curve V : y 2 x 3 17 = 0 has infinitely many Q-rational points. Not all subsets of A n are algebraic. For example, one can see that as inverse image of {0} by continuous functions, these sets must be closed for the usual topology. But this is not sufficient: we will see in Exercise 2.4 that the graph of sinx is not algebraic. R It can easily be seen that V : {ideals} {algebraic sets} is decreasing. Moreover for any set of ideals we have that i V (I i ) = V ( i I i ) and V (I) V (J) = V (IJ) (see Exercise 2.1). This proves that using algebraic sets as closed subsets we can define a topology, called the Zariski topology. This topology is very different from the usual one as for instance it is not separated (the open sets are somehow too large).

2.1 Affine varieties 13 Definition 2.1.3 If V A n is an algebraic set, one defines the ideal of V as I(V ) = { f R n s.t. f (P) = 0 P V }. With this definition we get a map I which goes now from the set of algebraic sets to the set of ideals. If V = V (I), one can check that V (I(V )) = V (i.e. I is injective, see Exercise 2.2). Conversely I I(V (I)) but in general there is no equality. For instance if I = (X 3 1 ) R 1 then I(V (I)) = (X 1 ). This is somehow the only issue as the following central result shows (for a proof, see for instance [0, Chap.I]). Theorem 2.1.1 Nullstellensatz. Let I be an ideal of R n. Then I(V (I)) = rac(i) where In particular it implies that V (I) = /0 iff I = (1). rac(i) = {P R n, r N, P r I}. R The bridge realized by I and V between geometry and algebra is a fantastic source of ideas to address problems by using tools coming from both worlds. It might be interesting to keep track of the multiplicities as well, which is not possible here. This idea is at the origin of a refinement of classical algebraic geometry into the theory of schemes. Definition 2.1.4 An affine algebraic set in A n is an affine variety if I = I(V ) is a prime ideal. One can then defined the coordinate ring associated to V as k[v ] = R n /I and the function field associated to V as k(v ) = Frac(k[V ]). If I is defined over k, the subset of functions f which admit a representative in k[x 1,...,X n ] is denoted k(v ). Note that prime ideals satisfy I = rac(i) and hence varieties are completely described by their ideals. Moreover, in topological terms they correspond to (absolutely) irreducible algebraic sets V, i.e. V V 1 V 2 with V i a proper algebraic set in V. This is equivalent to the fact that all open non empty algebraic set in V are dense. We chose here to consider the geometric situation (i.e. over C) which is not the case in all books. For us, the variety V (Y 2 + X 2 (X 1) 2 ) over R is not irreducible (even if the ideal Y 2 + X 2 (X 1) 2 R[X,Y ] is). R We will show in Exercise 2.3 that an algebraic set V can always be written (in a unique way up to permutation) as a finite union of varieties V i such that V i V j for i j. The V i are called the irreducible components of V. For instance in the following picture, the algebraic set V can be written as the union of a line and a sphere. Definition 2.1.5 If V is a variety, we called its dimension the integer dimv equal to the transcendence degree of k(v ). Since R n is finitely generated, it is also the case of k(v ). This implies that if t 1,...,t d k(v ) form a transcendence basis then k(v )/k(t 1,...,t d ) is a finite algebraic extension. R In the language of Zariski topology, we have the following equivalent definition. The dimension of V is the supremum of all lengths of chains V 1 V 2... V t of non-trivial subvarieties of V. Example 2.2 Since k(a n ) = k(x 1,...,X n ), we see that dima n = n. If f R n is non constant then V = V (( f )) has dimension n 1. We say that V is a hypersurface. In the case n = 1 (resp. 2,3), we say that V is a curve (resp. a surface, a threefold 1 ). 1 In French: solide

14 Chapter 2. Affine and projective varieties: a quick review If k = C the dimension coincides with the dimension of V seen as an analytic variety. For a computational perspective see [0, Chap.9]. Definition 2.1.6 Let V = V (I) be a variety with I = ( f 1,..., f m ). Then V is non-singular (or smooth) at P V if ( ) fi J = X j 1 i m,1 j n evaluated at P has rank n dimv. If P is non-singular its tangent space is the linear subspace of A n defined by the left kernel of the matrix J. R When the variety is not irreducible, this notion can be extended by asking that the previous criterion is satisfied taking for dimv the maximum of the dimensions of the irreducible components containing P. But actually in the case that there is more than one component, P is always singular. The singularity of a point P V is a local condition (i.e. it can be looked in an open set around the point we consider). Considering the coordinate ring k[v ] and the maximal ideal M P = { f k[v ] s.t. f (P) = 0}, we can look at the local ring at P, which is the localization of k[v ] at M P, denoted k[v ] P. In other words, k[v ] P = { f k(v ) s.t. f = f 1 / f 2, f 1, f 2 k[v ] with f 2 (P) 0}. R As a local ring, k[v ] P has a unique maximal ideal, M P, which consists of all non-units in k[v ] P. It was first proved by Zariski that the extrinsic definition of singular point (i.e. as variety inside a projective space) can actually be seen intrinsically. The point P is smooth if and only if the dimension of the k-vector space M P /MP 2 is equal to dimv. For instance, consider the curve Y 2 = X 3 at P = (0,0). Then M P = (X,Y ) and M P /MP 2 X + M P 2,Y + M P 2.

2.2 Projective varieties 15 Exercise 2.1 Show that for any set of ideals we have that i V (I i ) = V ( i I i ) and V (I) V (J) = V (IJ). Exercise 2.2 Let V = V (I) be an affine algebraic set. Prove that V (I(V )) = V and that I I(V (I)). Exercise 2.3 Let V be a non-empty affine algebraic set over an algebraically closed field k. Show that one can write V uniquely (up to permutation) in the form V = V 1 V r where the V i are varieties and V i V j for i j (hint: for the existence, assume that there is a undecomposable V = V (I) for which I is maximal for this property). In particular, if we have F R n such that F = F a 1 1 Fa r r with the F i irreducible, coprime and a i > 0. Then I(V ((F))) = (F 1 F r ). The decomposition of V (F) into irreducible components is given by V ((F)) = V ((F 1 )) V ((F r )). Exercise 2.4 Show that V = {(x,y) C 2 s.t. y = sinx} is not an algebraic set. Exercise 2.5 If V is a algebraic set and P / V a point, show that there exists a polynomial F such that F(x) = 0 for all x V and F(P) = 1. 2.2 Projective varieties Let k be a field and n > 0. We say that two n + 1-uplets of elements of k (x 0,x 1,...x n ) and (x 0,x 1,...,x n) are equivalent if there exists λ k such that x i = λx i for all 0 i n. We denote (x 0,x 1,...x n ) (x 0,x 1,...x n). Definition 2.2.1 The projective space of dimension n over k, denoted P n is the set (k n+1 \ {0})/. Its elements are the equivalence classes of n + 1-uplets (x 0,...,x n ), denoted (x 0 : x 1... : x n ). The k-rational points of P n, denoted P n (k) is the subset of points with a representative which coefficients are all in k. Be careful here than, for instance the point of P 2 (C) defined by (π : π : π) is equivalent to (1 : 1 : 1) and therefore is in P 2 (Q). Example 2.3 This is a way of representing the real points of the projective line P 1. Indeed each non zero vector in R 2 except the horizontal one is up to a scalar a vector which cuts the line y = 1 giving a bijection between points x on the line y = 0 and components (x,1) of the vector. The horizontal vector (with components (1,0) up to scalar) is an extra point which will call the point at infinity. ( 3, 1) (0,1) (2,1) 3 0 2 (1,0) = More generally, the projective space P n contains in a natural way the affine space A n : to (x 0 :... : x n ) with x n 0 one associate (x 0 /x n,x 1 /x n,...,x n 1 /x n ) A n. Conversely, to the point (x 0,...,x n 1 ) A n one associates the point (x 0 : x 1 :... : x n 1 : 1) P n. Hence the points such that x n = 0 can be

16 Chapter 2. Affine and projective varieties: a quick review seen as the points at infinity and form a P n 1. Hence for instance P 2 = A 2 P 1. R Projective geometry has been used for a long time as it enables to gather in a similar picture, cases which look different in the affine case. This is the case of the classification of conics for instance as illustrated in Figure 2.2. It was also used to prove results like Pappus or Desargues theorem. Definition 2.2.2 A homogeneous polynomial in R n+1 = k[x 0,...,X n ] (pay attention to the indices of the variables) is a polynomial such that every monomial has the same degree. This is equivalent to the fact that there exists d N such that for all λ k, one has f (λx 0,...,λX n ) = λ d f (X 0,...,X n ). A homogeneous ideal in R n+1 is an ideal generated by homogeneous polynomials. Let f be a homogeneous polynomial and P = (x 0 :... : x n ) P n. If f (x 0,...,x n ) = 0 this is the case for any representative of P. Hence it makes sense to write f (P) = 0. Definition 2.2.3 Let I be a homogeneous ideal of R n+1. The projective algebraic set associated to I is the subset of P n defined by V p (I) = {P P n s.t. f (P) = 0 f I}. If I can be generated by polynomials with coefficients in k, we define the k-rational points of V p as V p (I)(k) = V p P n (k). Example 2.4 Let us for instance consider I = (X 2 +Y 2 3Z 2 ) Q[X,Y,Z]. Let us look at its Q-rational points. We can first look at the affine points letting Z = 1. We then get the equation of the conic V : X 2 +Y 2 = 3. Then we can let Z = 0. We then get X 2 +Y 2 = 0 which set of solutions in P 1 is {(±i : 1)}. Hence V p (I) is the union of V and two points at infinity (±i : 1 : 0). Let us prove now that V p (Q) = /0. Indeed if (x : y : z) P 2 (Q) is a solution, we can clear up the denominators and common factors to assume that there exists a solution (x,y,z) Z 3 with gcd(x,y,z) = 1. Now x 2 + y 2 0 (mod 3) so x y 0 (mod 3). This implies that x 2 and y 2 are divisible by 9 but then 3 divides z: excluded. There is a projective version of the Nullstellsatz (see for a proof [0, Chap.2]). Theorem 2.2.1 Projective Nullstellensatz. Let I be a homogeneous ideal of R n+1. 1. V p (I) = /0 (X 0,...,X n ) rac(i); 2. If V p (I) /0 then I p (V p (I)) = rac(i).

2.2 Projective varieties 17 Definition 2.2.4 A projective set V p (I) is a projective variety if I is prime. We resume here the link between affine and projective varieties. We define for i = 1,...,n φ i : A n P n (x 0 :... : x n 1 ) (x 0 :... : x i 1 : 1 : x i :...x n 1 ). This map is invertible over U i = {(x 0 :... : x n ), x i 0} with inverse morphism (x 0,...,x n ) (x 0 /x i,...,x i 1 /x i,x i+1 /x i,...,x n /x i ). The U i cover P n (as open sets for the Zariski topology on P n and as affine varieties which can be identify with A n ). Under this identification, if V p = V p (( f 1,..., f m )), one can see that V = V p A n = V (( f 1 (X 0,...,1,...,X n 1 ),..., f m (X 0,...,1,...,X n 1 ))). Note that V can be empty but that there is at least one i for which it is not. Definition 2.2.5 If f k[x 1,...,X n ] is a non-zero polynomial of degree d we define the homogeneous polynomial ( f (X 0,...,X n ) = X0 d X1 f,..., X ) n. X 0 X 0 Now if V = V (I) A n, we denote V = V p (I ) where I = { f,for f I \ {0}} the projective closure of V in P n. In the langage of Zariski topology, this is really the closure of V. Example 2.5 Let us consider V = V ((Y X 2 )) A 2. We see that V = V p ((ZY X 2 )). In the same spirit as drawing the projective line in Example 2.3, we can see the affine plane as the plane defined by Z = 1 in A 3 and the parabola V inside it (see the figure below). The line Z = 0,X = 0 in A 3 defines the missing point (0 : 1 : 0) V. With this extra line the surface is a closed subset of A 3. On the other hand, consider V =V((F,G)) where F =Y Z 2 and G = X Z 3 in k[x,y,z]. Then V = V p ((F,G )) is not equal to V. Indeed, V contains for instance the projective line at infinity Z = 0,T = 0. However I = (F,(FT G),(F(Y +Z 2 ) GZ) ) = (Y T Z 2,Y Z XT,Y 2 XZ) and now there is only one point at infinity. See [0, p.78] for a nice exercise to prove this.

18 Chapter 2. Affine and projective varieties: a quick review There is tight links between an affine variety V and its projective closure V. For instance V = V A n (for the compatible choice of A n P n ). Moreover if V p is projective then V p A n is affine and if it is not empty then V p A n = V p. Thanks to this, one can transport some definitions to the projective world. Definition 2.2.6 Let V p be a projective variety and A n P n such that V = V p A n is not empty. The dimension of V p, dimv p, is the dimension of V and the function field of V p is k(v p ) = k(v ). A point P V V p is non singular (or smooth) if it is non-singular in V. The variety V p is non-singular if all its points are non-singular. The local ring at P is the local ring at P of V. One can show (see Exercise 2.9) that these do not depend on the choice of A n. At a non-singular point P, one can define its tangent space as the projective closure of the affine tangent space. R One can also define the function field of a projective variety V = V p (I) directly as { } f k(v ) = s.t. f,g homogeneous of the same degree and g / I / g where f /g f /g iff f g f g I. Exercise 2.6 Let V be a projective set over an algebraically closed field k and P,Q V two distinct points. Show that there exists a function f k(v ) such that f (P) f (Q). Exercise 2.7 1. Let F(x,y,z) be a homogeneous polynomial of degree d over a field k. Show (Euler relation) x F x + y F y + z F z = d F(x,y,z) (hint: take partial derivative of F(λx,λy,λz) = λ d F(x,y,z) with respect to λ and then λ = 1). 2. If d is coprime to the characteristic of k, show that the projective set C : F = 0 is singular at P 0 = (x 0 : y 0 : z 0 ) if and only if ( F x (P 0), F y (P 0), F ) z (P 0) = (0,0,0). 3. If P 0 is not singular, an equation of the tangent at P is F x (P 0)x + F y (P 0)y + F z (P 0)z = 0. 4. Study the singularities of C 1 /C : y 2 z = x 3 over C.. Exercise 2.8 Study the singularities of (you can use MAGMA to check your computations) 1. C : (x 2 + y 2 1) 3 + 27x 2 y 2 = 0 ; 2. C : (x 2 + y 2 )(x 1) 2 = 4x 2 (one can use this curve to do the trissection of an angle, cf. [0, p.25]). 3. The projective surfaces S 1 : xt yz = 0 and S 2 : x 3 + y 3 + z 3 +t 3 = 0 and then the curve C : {xt yz = 0, x 3 + y 3 + z 3 +t 3 = 0} = S 1 S 2 P 3.

2.3 Maps between projective varieties 19 4. Same with S 1 : t2 yz = 0 et C = S 1 S 2. Exercise 2.9 If V p is a projective variety in P n and if V i = V p φ i (A n ) /0 for i j Show that k(v i ) k(v j ). 2.3 Maps between projective varieties Definition 2.3.1 Let V 1 and V 2 P n be two projective varieties. A map φ : V 1 V 2 is a rational map if φ = ( f 0 :... : f n ) with each f i k(v 1 ) such that for all P V 1 at which f 0,..., f n are defined (which is assumed to be non-empty) φ(p) V 2. Equivalently, one can ask the f i to be homogeneous polynomials of the same degree, not all in I(V 1 ) and that for all F I(V 2 ), one has F( f 1,..., f n ) I(V 1 ). If V 1 and V 2 are defined over k then we say that a rational map φ : V 1 V 2 is defined over k if there exists a representative of ( f 0 :... : f n ) which is defined over k. Definition 2.3.2 A rational map φ = ( f 0 :... : f n ) is regular (or defined) at P V 1 if there exist g 0,...,g n k[x 0,...,X n ] homogeneous polynomials of the same degree such that f i g j f j g i (mod I(V 1 )) and there is a i 0 for which g i0 (P) 0. In that case we let φ(p) = (g 0 (P) :... : g n (P)). If φ is regular everywhere, we say that φ is a morphism. If there exists a rational map ψ : V 2 V 1 such that ψ φ = φ ψ = id, we say that φ (and ψ) is a birational map (or that V 1 and V 2 are birationnally equivalent). If φ and ψ are morphism, then they are isomorphisms and we write V 1 V 2. If V 1,V 2 and φ are defined over k then we write V 1 k V 2. As we see from the definition, the notion of birational map induces an isomorphism between the function fields of the two varieties (and hence at least the dimensions are the same). However, as we can see in Example 2.6, one variety can be singular and the other not. Isomorphisms on the contrary carry all the geometric properties of the variety. However as one can also see in the examples below, it does not necessarily preserve arithmetic properties unless it is defined over the field we are interesting in. Example 2.6 Let us assume that chark 2, V : X 2 + Y 2 = Z 2 and φ : V P 1 defined by (X : Y : Z) (X + Z : Y ). Clearly φ is regular everywhere, except maybe at y = 0,x = 1,z = 1. But (X +Z)(X Z) Y 2 (mod I(V 1 )). So φ = (X +Z : Y ) = (X 2 Z 2 : Y (X Z) = (Y 2 : Y (X Z)) = (Y : X Z) and so φ(1 : 0 : 1) = (0 : 2) = (0 : 1) is regular and φ is a morphism. Moreover ψ : P 1 V defined by (S : T ) (S 2 T 2 : 2ST : S 2 + T 2 ) is a morphism and φ ψ = ψ φ = id. So V P 1. The map φ : P 2 P 2 defined by (X : Y : Z) (X 2 : XY : Z 2 ) is regular everywhere except at (0 : 1 : 0) (as the ideal defining V 1 is 0, no non-trivial rewriting is possible). Let us now consider V : Y 2 Z = X 3, φ : V P 1 defined by (X : Y : Z) (Y : X) and ψ : P 1 V defined by (S : T ) (S 2 T : S 3 : T 3 ). The map ψ is a morphism and φ ψ = ψ φ = id so V is birationally equivalent to P 1. But φ is not defined at P = (0 : 0 : 1). If it were, then R = k[x,y ]/(Y 2 X 3 ) k[s] where S = Y /X. But ψ (X) = S 2 and ψ (Y ) = S 3. Moreover ψ is injective so R k[s 2,S 3 ] k[s]. Note that whereas P 1 is smooth, V is singular at P. Last example: let V 1 : X 2 +Y 2 = Z 2 and V 2 : X 2 +Y 2 = 3Z 2. These two curves are not isomorphic over Q since V 2 (Q) = /0 (see Example 2.4) whereas V 1 (Q) is infinite. But V 1 V 2 over Q( 3) by φ : V 2 V 1 defined as (X : Y : Z) (X : Y : 3Z). Two varieties not isomorphic over a field k but isomorphic over k are called twists.

20 Chapter 2. Affine and projective varieties: a quick review Exercise 2.10 Let V be the projective variety defined by Y 2 Z (X 3 + Z 3 ) = 0. Show that the map φ : V P 2 given by (X : Y : Z) (X 2 : XY : Z 2 ) is a morphism. Exercise 2.11 It can be proved that the automorphisms of P n are linear although the proof is not elementary (see [0, Ex.7.1.1]). Hence this group is isomorphic to PGL n+1 = GL n+1 (k)/k. Prove that given n + 2 points of P n in general position (i.e. if n = 1 the points are distinct, if n = 2 three are not on a line, if n = 3 four are not in a plane,... ), there exists an automorphism of P n which transforms this set into the set {(1 :... : 0),...,(0 :...0 : 1 : 0...0),...(0 :... : 1)} {(1 :... : 1)}. Prove that this automorphism is defined over a field k if and only if each original point is as well. Remark: there is a MAGMA function to do this transformation : TranslationOfSimplex(P,Q). R The automorphism groups of affine spaces are much more complicated and the exact results are only known for the line and the plane (this is also a good reason to prefer projective spaces!). Note that some of them are not linear (for instance, one could take for the plane x = ax + b and y = cy + f (x) where f is any polynomial. Note that in the case of P 1, an automorphism acts as (x : 1) ( ax+b cx+d : 1) when cx+d 0. This morphism is a homography which is also called a Möbius transform.

3. Elementary properties of curves In the sequel, we will consider smooth dimension 1 projective algebraic varieties over a field k, which we simply call curves. In scheme language, it is a scheme over k of dimension 1, integral and proper over k with regular local rings. 3.1 Uniformizers Let C P n be a curve over k and P C. Considering P A n P n we can look at the affine open subset C A n which contains P, which is an affine curve C aff. As we saw in Definition 2.2.6, the local ring at P on C is by definition the local ring k[c aff ] P. For any f k[c] P, one can define ord P ( f ) = max{d N, f M d P } and call it the order of f at P (with ord P(0) = ). Using ord P ( f /g) = ord P ( f ) ord P (g), we can extend ord P to k(c). As C is a curve and P is smooth, [0, Prop.9.2] (see Exercise 3.2 for a plane curve) implies that its local rings are discrete valuation rings. This means that M P is principal, i.e. there exists t P k[c] P (which we can identify with a function in k(c)) which generates M P and called a uniformizer 1 at P. If f k[c] P, one can write f = u t n P where n = ord P( f ) and since ord P (u) = 0, we see that u is a unit. In particular all the uniformizers at P differ only by a unit in k[c] P. Example 3.1 Good examples of discrete valuation rings are k[[x]] (with maximal ideal (X) and ord( i 0 a i X ( i ) = min(i ) s.t. a i 0} or the localization of Z at a prime ideal p 0 (with maximal idea (p 0 ) and ord = e 0 ). p e i i pi p 0 p f i i Definition 3.1.1 Let f k(c) and P C. If ord P ( f ) > 0, one says that f has a zero at P and if ord P ( f ) < 0, we say that f has a pole at P. Note that if ord P ( f ) 0, then f k[c] P and so f is regular at P. Example 3.2 Let us consider the case of C = P 1 at P = (0 : 1). Considering P A 1 = {Z 0}, 1 In French: uniformisante

22 Chapter 3. Elementary properties of curves we see that k(p 1 ) = { f = f 1 / f 2 k(x,z) s.t. f 1, f 2 homogeneous of the same degree} k(x) by letting Z = 1 in the expressions. Therefore we see that k[c] P = { f k(x) s.t. f = f 1 / f 2, f 1, f 2 k[x] with f 2 (0) 0}. Its maximal ideal M p = { f k[x] s.t. f (0) = 0} = (X). Hence if f = f 1 / f 2 k(x) we can write f i = X a i g i avec g i (0) 0 for i = 1,2. Then ord P f = a 1 a 2. Let us consider now the case of C : Y 2 Z = X 3 + XZ 2 at the point P = (0 : 0 : 1). Then M P = (Y ) since X = Y 2 /(X 2 + 1) k[c] P. In particular ord P Y = 1 and ord P X = 2. It is a consequence of noetherian property of the coordinate rings [0, Chap.II.6.1] that a function f has only a finite number of poles and zeros and of the projectivity of C [0, Chap.I.3.4a] that if it has no poles then f is constant. Lemma 3.1.1 Let C be a smooth curve and let t be a uniformizer at a point P C. Then k(c) is a finite separable extension of k(t). Proof. The field k(c) is clearly a finite extension of k(t) since t / k, k(c) has transcendence degree 1 and is finitely generated over k. Now let x k(c). We will show that x is separable over k(t). We only need to consider the case where characteristic p of k is > 0. Let Φ(T,X) = a i j T i X j a minimal polynomial for x. If Φ contains a non-zero term a i j T i X j with j 0 (mod p) then Φ(X,t)/ X is not identically zero so x is separable over k(t). Suppose now that Φ(T,X) = Ψ(T,X p ) and we will derive a contradiction. The main point is to note that if F(T,X) is any polynomial then F(T p,x p ) is a p-th power. This is true since k is perfect and so every element of k is a p-th power. We now regroup the terms in Ψ(T,X p ) according to powers of T Ψ(T,X p ) = p 1 k=0 ( bi, j,k T ip X jp) T k p 1 = i, j k=0 φ k (T,X) p T k. Now by assumption Φ(t,x) = 0. On the other hand, since t is uniformizer at P we have ord P (φ k (t,x) p t k ) = pord P (φ k (t,x)) + k ord P (t) k (mod p). Thus each terms of the sum p 1 k=0 φ k(t,x) p t k has a distinc order at P and all of them must vanish. But on of the φ k (T,X) must involve X and for that k the relation φ k (t,x) = 0 contradicts the fact that Φ had minimal degree in X. A consequence of the primitive element theorem is that k(c) = k(t)[y ]/F(t,Y ), i.e. V = V (F) A 2 is birationally equivalent to C. We call it a plane model of C. Note that it can be singular. Exercise 3.1 Let f k(c) be a non-constant function. Prove that f cannot be algebraic over k. 3.1.1 Construction of functions with specific Laurent tails Let C/k be a curve and P C.

3.1 Uniformizers 23 Definition 3.1.2 A Laurent polynomial r = m i=n c i z i, for < n m < + and c m 0, is called a Laurent tail a of a function f k(c) at P if ord P ( f r(t P )) > m. a In French: reste de Laurent R One can prove that the completion of the local ring at P with respect to the maximal ideal is isomorphic to k[[x]]. Locally at P, one can think about a function as a Laurent series in t P. But, even without this result, given f k(c) and P C, one can define for any n ord P ( f ) a Laurent polynomial r in t = t P such that ord P ( f r(t)) n. This can be done by recursion noticing that f ( f /t ord P( f ) )(P)t ord P( f ) has order less than ord P ( f ). This implies in particular that if ord P ( f ) = ord P (g), there exists α k such that ord P ( f αg) > ord P ( f ). We are going to show that we can construct functions with given Laurent tails at a finite number of points. Lemma 3.1.2 For any distinct points P,Q C there exists a function f with a zero at P and a pole at Q. Proof. Since P Q, there exists a function f such that f (P) f (Q) (see Exercise 2.6). By replacing f by 1/ f if necessary we may assume that P is not a pole of f. If Q is a pole of f then f f (P) is a solution. Otherwise ( f f (P))/( f f (Q)) is solution. This can be extended by a simple induction. Lemma 3.1.3 For any finite number of points P,Q 1,...,Q n C, there is a function f with a zero at P and a pole at each Q i. Proof. The case n = 1 has been done, so let s assume that we have constructed g with the property up to Q n 1. Let h be a function with a zero at P and a pole at Q n. Then for large m, the function f = g+h m has the required zeroes and poles. Indeed, f has certainly a zero at P. Now at Q i, if h has not a pole, nothing changes. If it has a pole, it is enough to take m such that mord Qi (h) < ord Qi (g) to ensure that f has a pole there too. Indeed, note that for any two functions f 1, f 2 one has that ord P ( f 1 + f 2 ) min(ord P ( f 1 ),ord P ( f 2 )) with equality if ord P ( f 1 ) ord P ( f 2 ). Lemma 3.1.4 For any finite number of points P,Q 1,...,Q n C and any N 1, there is a function f such that ord P ( f 1) N and ord Qi ( f ) N for all i. Proof. Consider the function g with a zero at P and pole at each Q i. Then f = 1/(1 + g N ) is a solution. Proposition 3.1.5 Laurent series approximation. Fix a finite number of points P 1,...,P n and choose r i Laurent polynomials at each P i. There is a function f such that at each P i, f as r i as a Laurent tail at each P i. Proof. Let N be bigger than the degree of all r i. For f to have r i as a Laurent tail at P i, we need that ord Pi ( f r i (t Pi )) N. Let M be the minimum of the ord Pi r i (t Pi ) (M can be negative). By Lemma 3.1.4, there are functions h i such that ord Pi (h i 1) N M and ord Pj (h i ) N M for all j i. Consider then f = h i r i (t Pi ). We have f r i (t Pi ) = h j r j (t Pj ) + (h i 1)r i (t Pi ). j i Since ord Pi h j N M for all j i we see that ord Pi h j r j (t Pj ) N and similarly for the last term. The sum as therefore this property as well so ord Pi r i (t Pi )) N.

24 Chapter 3. Elementary properties of curves Corollary 3.1.6 Fix a finite number of points P 1,...,P n C and integers m i. Then there exists a function f with order m i at P i for all i. Exercise 3.2 Let C = V (F) P 2 be a dimension 1 affine variety over k. Let P C be a smooth point. We are going to show that k[c] P is a discrete valuation ring and that if L = V (ax +by +c) is any line through P which is not tangent to C at P, then its image in k[c] P is a uniformizer at P 1. Show that by a change of variables we can assume that P = (0,0) that Y = 0 is the tangent at P and that L = V (X). 2. Show that M P = (X,Y ) 3. Show that F = Y G X 2 H where G = a + higher terms with a 0 and H k[x]. 4. Conclude that M P = (X). 3.2 Maps between curves Rational maps on (smooth) curves have a very nice property. Proposition 3.2.1 Let C be a curve and V P n a variety. A rational map φ : C V is a morphism. Proof. Let us write φ = ( f 0 :... : f n ) for f i k(c). Let P C and t be a uniformizer at C. Let d = min{ord P f i }. Then ord P (t d f i ) 0 for all i and ord P (t d f j ) = 0 for some j. So each t d f i is regular at P and (t d f j )(P) 0. Therefore φ is regular at P. Example 3.3 Let C/k be a curve and f k(c) be a function. Then f defines a rational map which we also denote f : C P 1 given by ( f : 1). From Proposition 3.2.1, this map is actually a morphism. It is given explicitly by f (P) = ( f (P) : 1) when f is regular at P and (1 : 0) when f has a pole at P. Conversely if φ = ( f : g) : C P 1 is a rational map then either g I(C) and φ is the constant map (1 : 0) or φ corresponds to the function f /g k(c). Since C is projective, its image by a morphism φ : C V is a closed algebraic subset of V. Since C is (absolutely) irreducible, this image is a variety (if not write the image as the union of two proper algebraic sets and C is the union of their pre-images). It is either of dimension 0 and therefore a point, or a 1-dimensional variety. In particular Proposition 3.2.2 Let φ : C 1 C 2 a morphism between a curve and a dimension 1 projective variety. Then either φ is constant or surjective. Let C 1,C 2 be two 1-dimensional projective varieties defined over k and φ : C 1 C 2 a nonconstant rational map defined over k. The composition with φ induces an injection of function fields fixing k φ : k(c 2 ) k(c 1 ) f = f φ. Notice that the injectivity follows from the fact that if f φ is the zero map then for all Q C 2 one has f (Q) = 0. Indeed since φ is surjective, there exists P C 1 such that φ(p) = Q so f (Q) = f φ(p) = 0. 3.2.1 Dictionary curves/function fields The following theorem (see [0, Chap.II.6.8,Chap.I.6.12] allows to connect the theory of curves to the theory of function fields.

3.2 Maps between curves 25 Theorem 3.2.3 Let C 1,C 2 be two 1-dimensional projective varieties defined over k. Let φ : C 1 C 2 be a non-constant map defined over k. Then k(c 1 ) is a finite extension of φ (k(c 2 )). Let ι : k(c 2 ) k(c 1 ) be an injection of function fields fixing k. Then there exists a unique non-constant map φ : C 1 C 2 defined over k such that φ = ι. Let F k(c 1 ) be a subfield of finite index containing k. Then there exists a (smooth) curve C /k, unique up to k-isomorphism, and a non-constant map φ : C 1 C defined over k so that φ (k(c )) = F. If F/k is a field extension of transcendence degree 1 such that F k = k, we have seen that we can write F = k(x,y )/ f (X,Y ) where f k[x,y ]. Hence F is the (k-rational elements in the) field of functions of the projective 1-dimensional variety C 1 = V (( f (X,Y ))). Using item 3 with F = k(c 1 ), we see that to any such field one can associate a unique curve. There is therefore an equivalence of categories between these fields and curves and we could develop the study of curves purely in terms of function fields theory. This is the point of view taken for instance in [0]. Notice that this theorem contains (and actually can be proved, see [0]) a theory of desingularization of plane curves. Locally, the (smooth) curve is given by the integral closure of k[x,y ]/ f (X,Y ) in F. This procedure, called normalization, works only for dimension 1 varieties (in general a normal variety can still be singular). R Extension of function fields over finite fields can be put in parallel to extension of number fields (the two topics are unified under the name of global fields). One can translate questions from one topic to the other, for instance the Riemann hypothesis. It is often the case that the function field version is easier. Example 3.4 In the case where f k(c) is a non-constant function, then since f is not algebraic over k, we see that k( f ) k(c) is a subfield of finite index. The corresponding curve is obviously P 1 with the morphism induced by f. Definition 3.2.1 Let φ : C 1 C 2 be a map between two 1-dimensional projective varieties. If φ is constant, we define the degree of φ to be 0 otherwise deg(φ) = [k(c 1 ) : φ (k(c 2 ))]. We say that φ is separable if the extension of fields k(c 1 )/φ (k(c 2 ) is so. Note that if the extension is separable then the primitive element theorem shows that k(c 1 ) = k(c 2 )[Y ]/ f (t,y ). If not A direct consequence of Theorem 3.2.3 is (see [0, Cor.2.4.1]) Corollary 3.2.4 If φ : C 1 C 2 is a degree 1 map between two (smooth) curves then φ is an isomorphism. Example 3.5 Let us look at low degree maps φ : C P 1. If degφ = 1, then C is isomorphic to P 1. Consider the degree 2 maps and assume that chark 2 (C will be an example of hyperelliptic curves see Section 5.4 for more). The injection φ : k(p 1 ) = k(x) k(c) show that k(c) = k(x)[y ]/(Y 2 f (X)) where f = a/b k(x) with a,b k[x]. We can simplify this a bit more. Quotient out by Y 2 a/b is the same as (by ) 2 ab. If we write ab = c 2 g with g square free then we get ( ) by 2 c g. Let us denote C the affine algebraic set defined by Y 2 g(x) = 0. By construction k(c ) k(c) so C (the projective closure of C ) and C are birationally equivalent. Let us see if they are isomorphic. The affine part C is smooth: indeed a point P = (X,Y ) C would be singular if ( g/ X)(P) = ( g/ Y )(P) = 0. As characteristic is not 2, this implies that Y = 0 and that X is therefore a double root of g, which is excluded. Since C : Y 2 Z deg(g) 2 = g (X,Z), the only point at infinity is (0 : 1 : 0). It is easy to see that this is a singular point as soon as degg > 3, so C is not

26 Chapter 3. Elementary properties of curves smooth (if degg = 1,2 then C is a conic). Let us show how to construct C in the case n = 6 (for notational reasons). Let us consider the map ψ : P 2 P 4 defined by (X : Y : Z) (Z 3 : XZ 2 : X 2 Z : X 3 : Y Z 2 ). If we call X 0 : X 1,X 2 : X 3 : Y ) the coordinates on P 4, its image is a sub-variety S of P 4 defined by many equations such as X 2 X 0 = X 2 1,X 3X 2 0 = X 3 1. Look now at the projective closure of the image of C A 2 P 2 under the map ψ. It is contained into the intersection of S with Y 2 X 4 0 = a 6 X 6 1 + a 5 X 5 1 X 0 +... + a 0 X 6 0 = a 6 (X 3 X 2 0 ) 2 + a 5 (X 3 X 2 0 )(X 2 X 0 )X 0 +... + a 0 X 6 0 since X 2 X 0 = X1 2,X 3X0 2 = X 1 3 and so on. As we can factor out in the previous equation X 0 4, we will consider the irreducible component V defined by S intersected with When X 0 0, the map Y 2 = a 6 X 2 3 + a 5 X 3 X 2 + a 4 X 2 2 + a 3 X 2 X 1 + a 2 X 2 X 0 + a 1 X 1 X 0 + a 0 X 2 0. (X 0 : X 1 : X 2 : X 3 : Y ) (1 : X : X 2 : X 3 : Y ) has for image C, therefore V is birationally equivalent to C. When X 0 = 0, then X 1 = 0 since X 2 X 0 = X 2 1 and X 2 = 0 since X 3 X 1 = X 2 2 hence we get two points with Y = ± a 6,X 3 = 1. In the open subset with X 3 = 1, we have X 1 = X 2 2 and X 0 = X 3 2 hence we see that V {X 3 = 1} is isomorphic to Y 2 = a 6 + a 5 X 2 + a 4 X 2 2 + a 3 X 3 2 + a 2 X 4 2 + a 1 X 5 2 + a 0 X 6 2 = X 6 2 g(1/x 2 ) using X 3 = 1, X 0 X 2 3 = X 3 2 and X 1X 3 = X 2 2. Hence the points (0,± a 6 ) are smooth since the roots of X 6 2 g(1/x 2) are the inverse of the roots of g. We conclude that V is smooth and therefore is isomorphic to C (by unicity of the smooth model in the birational equivalence class of a curve). R The smooth model of C is not a complete intersection. Actually it can be proven that this is never the case for hyperelliptic curves (see [0, IV.ex.5.1]). A more fancy way to find a model for C is to look at C inside the weighted projective space 1, degg P 2,1 when degg is even (which over a field with order large enough can always be assumed). Doing, so Y 2 = f (X,Z) is directly the equation we are looking for. As for the case of number fields extension and their Dedekind rings, it is essential to look at ramification behavior of the primes (here points). This motivates the following definition. Definition 3.2.2 Let φ : C 1 C 2 be a non-constant morphism of smooth curves and P C 1. The ramification index of φ at P, denoted e φ (P) is given by e φ (P) = ord P (φ t φ(p) ) where t φ(p) k(c 2 ) is a uniformizer at φ(p). We say that φ is unramified at P if e φ (P) = 1 and φ is unramified if it is unramified everywhere. A point P with e φ (P) > 1 is called a ramification point for φ.

3.3 Divisors 27 Example 3.6 Let φ : P 1 P 1 over Q defined by (X : Y ) (X 3 (X Y ) 2 : Y 5 ). The point P = (1 : 0) is mapped onto (1 : 0) which has uniformizer Y at that point. Hence ord P φ Y = ord P Y 5 = 5. Let us consider now an affine point P = (a : 1) with image (a 3 (a 1) 2 : 1) with uniformizer t = X a 3 (a 1) 2. We therefore get φ t = X 3 (X 1) 2 a 3 (a 1) 2 and we are interested at the multiplicity of the root a of P = X 3 (X 1) 2 a 3 (a 1) 2. Computing the discriminant of P, we see that P has a multiple root if and only if X = 0 (with multiplicity 3), X = 1 (with multiplicity 2) an X = 3/5 (with multiplicity 2). Graphically, one can think of the situation like this (0 : 1) (1 : 1) (3/5 : 1) 3 2 2 5 P 1 (0 : 1) (108 : 3125) P (0 : 1) P 1 where the number on the line indicates its ramification index (if none it is 1). Example 3.7 Let us see how to to compute an example with MAGMA. P<x,y,z>:=PolynomialRing(Rationals(),3); PP:=ProjectiveSpace(P); C:=Curve(PP,x^3*y+y^3*z+z^3*x); P1<u,v>:=PolynomialRing(Rationals(),2); PP1:=ProjectiveSpace(P1); D:=Curve(PP1); phiamb:=map<pp->pp1 [x,y]>; phi:=restriction(phiamb,c,d); R:=RamificationDivisor(phi); S:=Support(R); Degree(R); 10 R; Divisor 1*Place at (0 : 0 : 1) + 2*Place at (1 : 0 : 0) + 1*Place at (-1/3*$.1^3 : $.1 : 1) Degree(phi); 3 // this is an example of Riemann-Hurwitz formula 2*Genus(C)-2 eq Degree(phi)*(2*Genus(D)-2)+Degree(RamificationDivisor(phi)); It does not seem that the degree of R is equal to 1 + 2 + 1. The problem comes from the fact that MAGMA denotes by a place the Galois orbit of a point. If we look at the field of definition of the last place, we get that pt:=representativepoint(s[3]); Parent(pt); Set of points of C with coordinates in Number Field with defining polynomial $.1^7-18 over the Rational Field Hence the last element in R is a divisor of degree 7. 3.3 Divisors We will start with the following definition of divisors which exists for any smooth variety (see [0, page II.6]).

28 Chapter 3. Elementary properties of curves Definition 3.3.1 A divisor on a curve C is a formal sum D = P C n P P where n P 0 for a finite number of P. We will also write n P = D(P). We call degd = n P the degree of D and we say that D is k-rational if for all σ Gal(k/k), one has D σ = n P P σ = D. If f k(c), we define the divisor of f as div f = ord P ( f )P (if f = 0, we let div f = /0). We also write div 0 f = ordp ( f )>0 ord P ( f )P and div f = ordp ( f )<0 ord P ( f )P. Hence div f = div 0 f div f. Finally we say that two divisors are linearly equivalent, D D, if there exists f k(c) such that D = D + div f. R A k-rational divisor has not necessarily all its points defined over k. For instance the divisor ( 2 : 0 : 1) + ( 2 : 0 : 1) on the curve C : x 2 + y 2 = 2z 2 is Q-rational. Notice however that if a function f k(c) then div f is rational. Indeed, consider if at P one has f = utp n then at P σ, f = u σ tp n σ. Since f σ = f one gets that the exponent at P σ of f is n as well. Let φ :C 1 C 2 a morphism. To a point Q C 2, we associate the divisor φ (Q) = P φ 1 (Q) e φ (P)P. By linearity we can extend this map to any divisor of C 2. We have the following properties Proposition 3.3.1 Let φ : C 1 C 2 be a non-constant morphism of smooth curves. Then for every Q C 2 e φ (P) = degφ. P φ 1 (Q) If f is a function on C 1 then deg(div f ) = 0. Proof. The proof of the first item comes directly from [0, page II.6.9] where it is proved that degφ D = degφ degd. For the second, look at the morphism φ : C 1 P 1 associated to f by Example 3.3. Clearly φ ((0) ( )) = div f and we can apply the same result. Definition 3.3.2 Let C/k be a smooth curve. We define div(c)(k) the group of divisors on C which are k-rational. We define the Picard group of C over k and denote it Pic(C)(k) the group div(c)(k)/. Since deg(div f ) = 0, for any n Z, one can consider Pic n (C)(k) the subset of Pic(C)(k) of divisors of degree n. Note that only Pic 0 (C)(k) is stil a group. R We will see in Chapter 7 that Pic 0 (C)(k) are the k-rational points of a projective variety, called the Jacobian, at least when C(k) /0. Definition 3.3.3 Let D be a divisor on C. We define the Riemann-Roch space associated to D as the k-vector space L (D) = { f k(c) s.t. div f + D 0} {0}, where a divisor D = n P P is 0 (one says effective) if n P 0 for all P. R Notice that if f L (D 1 ) and g L (D 2 ) then f g L (D 1 + D 2 ) by definition of the order at a point as belonging to the ideal M n P P. Notice also that for any D and g k(c), one has that L (D) L (D + divg). Lemma 3.3.2 L (D) is a finite dimensional k-vector space. One denotes l(d) its dimension. Proof. We can write D = np >0 n P P + np <0 n P P. Clearly L (D) L ( np >0 n P P) hence we can restrict to D 0. Clearly if D is empty, then L (D) = k since a function without pole is

3.3 Divisors 29 constant (Proposition 3.2.2). It is then enough to prove that l(d + P) l(d) + 1. Let assume there exists f L (D + P) \ L (D). Then for any other g L (D + P) \ L (D), we have that ord P (g) = ord P ( f ) = (n P +1) (if bigger, then f,g would be in L (D)). Therefore, using Remark 3.1.1, there exists α k such that ord P (g + α f ) = n P and so g + α f L (D). The dimension increases then by at most 1. A consequence of Hilbert 90 theorem is that if D is k-rational then there exists a basis of L (D) with elements in k(c). Lemma 3.3.3 Let V be a k-vector space and assume that Gal( k/k) acts continuously on V in a manner compatible with its action on k. Let Then V = k k V k. V k = V Gal( k/k) = {v V s.t. v σ = v for all σ Gal( k/k)}. Proof. It suffices to show that every v V is a k-linear combination of vectors in V k. Choose a v V, and let L/k be a finite Galois extension such that v is fixed by Gal( k/l) (the fact that Gal( k/k) acts continuously on V means precisely that the subgroup {σ s.t. v σ = v} has finite index in Gal( k/k). We take L to be the Galois closure of its fixed field.) Let {α 1,...,α n } be a basis for L/k and let {σ 1,...,σ n } = Gal(L/k). For each 1 i n, consider the vector w i = n j=1 (α iv) σ j = Tr L/k (α i v). It is clearly Gal( k/k)-invariant so w i V k. Now a basic result in field theory says that the matrix (α σ j i ) i, j is invertible (see [0, p.39]) so each v σ j (and in particular v) is an L-linear combination of the w i. We can also derive the following lemma which will be useful in the proof of Riemann-Roch theorem. Lemma 3.3.4 Let f be a non-constant function on C and D = div ( f ). There exists a constant m 0 such that for all m m 0 one has l(md) (m m 0 + 1)deg(D). Proof. Consider f as a morphism from C P 1 we see that k(c) is an extension of degree d = degd of f k(p 1 ) f k(x) k( f ). Let g 1,...,g d be a basis of this extension. By the following lemma, there exist polynomials r i such that h i = r i ( f )g i have poles only at the poles of f. These functions are linearly independent over k( f ) and there is an integer m 0 such that h i L (m 0 D). Now for any m m 0, the functions ( f i h j ) 1 j d are in L (md) as long as i m m 0 since f L (D). These are all linearly independent over k, so we get the conclusion. The lemma we need is the following in the case A = divg i for each i. Lemma 3.3.5 Let A be a divisor and D = div ( f ) with f non-constant. There is an integer m > 0 and g 0 such that A divg md. Moreover g can be taken to be a polynomial in f. Proof. Let P 1,...,P k the points in the support of A of positive multiplicities and which are not poles of f. Then f f (P i ) has a zero at P i, hence ( f f (P i )) A(Pi) has a zero at P i to at least order A(P i ) and no other poles than the poles of f. Taking the product over all these P i gives a function g 0, polynomial in f which is the solution (notice that if there is no P i, then g = 1). Exercise 3.3 Let φ : C 1 C 2 be a non-constant morphism of curves and f k(c 2 ),P C 1. Prove that ord P (φ f ) = e φ (P)ord φ(p) ( f ).

30 Chapter 3. Elementary properties of curves Exercise 3.4 Let φ : C 1 C 2 and ψ : C 2 C 3 two morphisms between curves and P C 1. Prove that e ψ φ (P) = e ψ (φ(p)) e φ (P). Exercise 3.5 Check directly for φ : P 1 P 1 that P φ 1 (Q) e φ(p) = degφ for all Q and that in characteristic 0, #φ 1 (Q) = deg(φ) for all but finitely many Q. 3.4 Differentials 3.4.1 Generalities Let C be a curve over k. Definition 3.4.1 The space of differential forms on C, denoted Ω C, is the k(c)-vector space generated by symbols of the form dx where x k(c) subject to the usual relations: 1. d(x + y) = dx + dy; 2. d(xy) = xdy + ydx; 3. da = 0 for all a k. Let φ : C 1 C 2 a non-constant map of curves. Then the natural map φ induces a map on differentials φ ( f i dx i ) = (φ f i )d(φ x i )). Proposition 3.4.1 1. Ω C is a k(c)-vector space of dimension 1. If ω ΩC and ω Ω C, one denotes ω /ω = g the unique function such that ω = gω. 2. Let x k(c). Then dx is a basis for Ω C if and only if k(c)/ k(x) is a finite separable extension. 3. Let φ : C 1 C 2 be a non-constant map of curves. Then φ is separable if and only if the map φ : Ω C2 Ω C1 is injective. Proof. see [0] for some proofs in the plane case. Let us show the last item. Choose y k(c 2 ) so that Ω C2 = k(c 2 )dy and k(c 2 )/ k(y) is a separable extension. Note φ k(c 2 ) is then separable over φ k(y) = k(φ y). Now φ : Ω C2 Ω C1 is injective d(φ y) 0 d(φ y) is a basis for Ω C1 k(c 1 )/ k(φ y) is separable k(c 1 )/φ k(c 2 ) is separable, where the last equivalence follows because we already know that φ k(c 2 )/ k(φ y) is separable. Proposition 3.4.2 Let P C and t k(c) be a uniformizer at P. 1. For every ω Ω C, there exists a unique g k(c) depending on ω and t such that ω = gdt. We denote g = ω/dt. 2. Let f k(c) regular at P. Then d f /dt is also regular at P. 3. The quantity ord P (ω/dt) depends only on ω and P. This is called the order of ω at P and denoted ord P (ω). 4. Let x k(c) such that k(c)/ k(x) is separable and x(p) = 0. Then for all f k(c), one has ord P ( f dx) = ord P ( f ) + ord P (x) 1 if p = 0 or p ord P (x) and ord P ( f dx) ord P ( f ) + ord P (x) if p > 0 and p ord P (x). 5. For all but finitely many P C, one has ord P (ω) = 0. Proof. 1. This is a consequence of Lemma 3.1.1 and of the first two items of Proposition 3.4.1. 2. See [0, page IV.2.1]. 3. Let t be another uniformizer. Since dt/dt and dt /dt are both regular at P according to the second item, we have that ord P (dt /dt) = 0 Since ω = gdt = g(dt/dt )dt the result follows. 4. Write x = ut n with ord P (u) = 0. Then dx = (nut n 1 + (du/dt)t n )dt.

3.4 Differentials 31 Now from the second item du/dt is regular at P. Hence if n 0 in k, the first term dominates. We obtain ord P ( f dx) = ord P ( f nut n 1 dt) = ord P ( f ) + n 1. If p > 0 and p n then the first term vanishes which yields the result. 5. Let x k(c) so that k(c)/ k(x) is separable and write ω = f dx. The map x : C P 1 ramifies only at finitely many points of C. Discarding finitely many points, we can therefore assume that f (P) 0,, that x(p) and that the map x is unramified at P. But the latter two conditions implies that x x(p) is a uniformizer at P so ord P (ω) = ord P ( f d(x x(p))) = 0. Definition 3.4.2 Let ω Ω C. The divisor associated to ω is divω = P ord P (ω) P. The form ω is regular at P if ord P (ω) 0 at P. If ω 1,ω 2 are non-zero differentials, there exists f k(c) such that ω 1 = f ω 2. Hence divω 1 = div f + divω 2. Definition 3.4.3 The canonical divisor class on C is the image in Pic(C) of div(ω) for any non-zero differential ω. Any divisor in this class is called a canonical divisor. Example 3.8 Let us show hat there are no regular differentials on P 1. Let t = X/Z be a uniformizer at P 0 = (0 : 1). Note that t α is a uniformizer at P = (α : 1) for all α k so ord P dt = ord P d(t α) = 0. However at = (1 : 0), 1/t is a uniformizer so ord dt = ord t 2 d(1/t) = ord ( ) 1 2 t d(1/t) = 2. Hence divdt = 2 and for any ω ΩP 1 one has degdivω = 2 so ω cannot be regular. In analogy to the Riemann-Roch spaces, we will introduce the following notation. Definition 3.4.4 Let D be a divisor. We denote Ω(D) = {ω ΩC s.t. divω D} {0}. Proposition 3.4.3 For any divisor D, one has that L (κ D) Ω(D). Proof. Let ω be a non-zero differential on C such that divω = κ. The application f f ω is a morphism from L (κ D) to Ω(D) since div f + κ D 0 so div( f ω) D. Its inverse is the defined by ω ω /ω. In particular the k-vector space of regular differentials is finite. This dimension is an important invariant. Definition 3.4.5 We call the genus of C the dimension of L (κ) and denote it g C. R If k = C, we can identify C with a compact Riemann surface and the genus defined here is the genus of the Riemann surface. It is therefore a topological invariant of C. In [0, p.216], one shows that both definitions agree using the Gauß-Bonnet formula. Over any field, two isomorphic curves have the same genus. 3.4.2 Residue Let ω = gdt Ω C for a uniformizer t at P. Writing g = a i t i, one denotes Res t (ω) = a 1. Lemma 3.4.4 This notion depends only on P, and denote it therefore Res P (ω). Proof. Let us first note the following properties 1. Res t (ω) is k-linear in ω; 2. Res t (ω) = 0 if ord P (ω) 0; 3. Res t (dg) = 0 for every g k(c);

32 Chapter 3. Elementary properties of curves 4. Res t (dg/g) = ord P (g) for every g k(c). Only the two last ones are not obvious. To prove the third, notice that if you derivate a i t i then there is no t 1 term. For the fourth, write dg = t n u with ord P (u) = 0. Then we find dg/g = ndt/t + du/u whence Res t (dg/g) = n + Res t (du/u) = n since u is regular at P. Let s be another uniformizer at P and write ω = n 0 a n ds/s n + ω 0 with ord P (ω 0 ) 0. Then Res s (ω) = a 1 and Res t (ω) = a n Res t (ds/s n ). As Res t (ds/s) = 1 according to the last item, it comes down to proving that Res t (ds/s n ) = 0 for n 2. (3.1) When the field k has characteristic 0, one has that ds/s n = dg with g = 1/(n 1)s n 1 and then the result follows from the third item. We are going to reduce the characteristic p case to this case. First, we can suppose after multiplying s by a scalar factor that s = t + b 2 t 2 + b 3 t 3 +... We deduce that 1 s n = 1 t n (1 nb 2t +... + c i t i +...) where the c i are polynomials in b 2,...,b i+1 with integer coefficients and independent of the characteristic. By multiplying with ds = dt + 2b 2 tdt +... + ib i t i 1 dt +..., we deduce that ds s n = dt t n where the d i are as before polynomials in the b 2,...,b i+1 with integer coefficients and independent of the characteristic. In particular d n 1 = Res t (ds/s n ). Since (3.1) is valid in characteristic 0, the polynomial d n 1 (b 2,...,b n ) vanishes for any b i taken in a field of characteristic 0. This polynomial is therefore identically zero and the result holds also in characteristic p. We conclude this section with an important tool called the residue theorem (see [0, p.121] for an analytic proof, [0, p.253] for an algebraic proof in characteristic 0, [0, pages II.11,12] for a proof in any characteristic). Theorem 3.4.5 For any differential ω Ω C i=0 d i t i Res P (ω) = 0. P C Example 3.9 Let us see how to to compute an example with MAGMA. P<x,y,z>:=PolynomialRing(Rationals(),3); PP:=ProjectiveSpace(P); C:=Curve(PP,x^3*y+y^3*z+z^3*x); kappa:=canonicaldivisor(c); L:=RiemannRochSpace(kappa); Dimension(L); Exercise 3.6 We give a proof of Theorem 3.4.5 in the case of C = P 1 over an algebraically closed field k. 1. Consider a rational fraction P(X)/Q(X). Show that one can write P/Q as a sum of terms of the form c(x a) n with c k,a k and n Z. By linearity, one can restrict to one of these cases.

3.4 Differentials 33 2. Show for each cases that the formula holds. Exercise 3.7 Let us find out a basis of regular differentials on hyperelliptic curves.

4. Riemann-Roch and Riemann-Hurwitz 4.1 Proof of Riemann-Roch theorem A fundamental tool (although it looks very anecdotical!) is the following result. Theorem 4.1.1 Let C/k be a smooth curve of genus g and κ a canonical divisor. Then for all divisor D, one has that l(d) = degd g + 1 + l(κ D). In particular since l(κ) = g, one has that degκ = 2g 2. There are various proofs of this result: the quickest ones use cohomological theorems [0, page IV.1] ; old-fashioned ones use plane curves with singularities [fultoncurves] or [0, Appendix A] ; in the langage of function fields (and adèles, one can follow [0]). We will reproduce here the proof of [0] where some of the cohomological arguments are worked out using [0]. Example 4.1 Let us check Riemann-Roch theorem with MAGMA. P<x,y,z>:=PolynomialRing(Rationals(),3); PP:=ProjectiveSpace(P); C:=Curve(PP,x^3*y+y^3*z+z^3*x); P1:=C![1,0,0]; P2:=C![0,1,0]; P3:=C![0,0,1]; kappa:=canonicaldivisor(c); D:=3*Divisor(P1)+Divisor(P2)+Divisor(P3); Dimension(D) eq Degree(D)-Genus(C)+1+Dimension(kappa-D); 4.1.1 Répartitions and H 1 (D) Definition 4.1.1 A répartition on C is a formal sum P r P P with r P k(c) such that ord P (r P ) < 0 for a finite number of P.

36 Chapter 4. Riemann-Roch and Riemann-Hurwitz One denotes T the k-vector space of répartitions. Ordinary divisors are of course contained in the previous definition. We can use them to filter the k-vector space of répartitions in the following way. We denote D = D(P) P and T [D] = { r P P s.t. ord P (r P ) + D(P) 0 for all P}. Moreover one can see k(c) as a subgroup of T by associating to f the repartition f P. One defines as well α D : k(c) T /T [D]. Let us remark that L (D) = ker(α D ). Conversely, one can ask what the image of α D is. Note that if Z T /T [D] is such that r P = 0 and D(P) = 0, a preimage of Z under α D must be regular at P. Therefore constructing preimages is not a simple application of Proposition 3.1.5. The problem of constructing functions with specified répartitions is called the Mittag-Leffler problem for C. Algebraically, the problem is measured by H 1 (D) := cokerα D = T /(T [D] + k(c)). The notation reflects the general theory of cohomology but we will not develop any general background here. We first need to show that H 1 (D) has finite dimension. Notice that with more background from algebraic geometry, this follows from the fact that we are dealing with coherent sheaves. From the exact sequence one deduces the short exact sequence 0 L (D) k(c) T /T [D] H 1 (D) 0, 0 k(c)/l (D) T /T [D] H 1 (D) 0. Now suppose that D 1 D 2. Since T [D 1 ] T [D 2 ] we have a surjective map t : T /T [D 1 ] T /T [D 2 ] and we can build the following commutative exact diagram 0 k(c)/l (D 1 ) α D 1 T /T [D 1 ] H 1 (D 1 ) 0 0 k(c)/l (D 2 ) α D 2 T /T [D 2 ] H 1 (D 2 ) 0. As the vertical maps are all surjective, the snake lemma gives a short exact sequences between their kernels. The one from the left is simply L (D 2 )/L (D 1 ) hence dimker( k(c)/l (D 1 ) k(c)/l (D 2 )) = diml (D 2 ) diml (D 1 ). It is not difficult to see that dimker(t) = deg(d 2 ) deg(d 1 ) since at each point P, the t n P with D 2 (P) < n D 1 (P) form a basis of such functions. If we denote H 1 (D 2 /D 1 ) the kernel of the right map we see that the short exact sequence 0 L (D 2 )/L (D 1 ) ker(t) H 1 (D 1 /D 2 ) 0 implies that H 1 (D 1 /D 2 ) is also finite-dimensional, more precisely Lemma 4.1.2 dimh 1 (D 1 /D 2 ) = (deg(d 2 ) diml (D 2 )) (deg(d 1 ) diml (D 1 )). Proposition 4.1.3 There is an integer M such that for any divisor A on C one has deg(a) l(a) M. Proof. Fix a function f and D = div f. Let M such that deg(md) l(md) M for all m 0 by Lemma 3.3.4. Now, using Lemma 3.3.5, there exists g and an integer m such that B = A divg t

4.1 Proof of Riemann-Roch theorem 37 md. Note that degb = dega and L (B) L (A). Therefore dega l(a) = degb l(b) = deg(md) l(md) dimh 1 (B/mD) M. deg(md) l(md) Let A 0 be such that deg(a 0 ) l(a 0 ) is maximal. Lemma 4.1.4 For this divisor A 0, we have H 1 (A 0 ) = 0. Proof. Suppose that H 1 (A 0 ) 0. Then there is a répartition Z T /T [A 0 ] which is not α A0 ( f ). By increasing A 0 to a divisor B we may take t(z) = 0 in T /T [B]. Therefore the class of t(z) in H 1 (B) is zero. Hence the class of Z in H 1 (A 0 ) is in fact in the kernel H 1 (A 0 /B), thus this kernel is nonzero. But by Lemma 4.1.2, 1 dimh 1 (A 0 /B) = (deg(b) diml (B)) (deg(a 0 ) l(a 0 )) which is non-positive by the maximality of deg(a 0 ) la 0. Proposition 4.1.5 For any D, H 1 (D) is a finite dimensional vector space over k. Proof. Let A 0 be as before and write D A 0 = P N where P and N are non-negative divisors. Then H 1 (A 0 ) surjects onto H 1 (A 0 + P), so that H 1 (A 0 + P) = 0 also. Therefore H 1 (A 0 + P N) H 1 ((A 0 + P N)/(A 0 + P)) which is finite dimensional. Since D = A 0 + P N we are done. Applying again Lemma 4.1.2, this gives a first form of Riemann-(Roch) theorem: diml (D) dimh 1 (D) = deg(d) + 1 dimh 1 (/0). The problem is now to understand the dimension of the H 1 in terms of Riemann-Roch spaces only. 4.1.2 Dual of the space of répartitions Let us denote J[D] the dual of the vector space H 1 (D). Let f k(c) and α J = J[D], the latter being a k-vector space since we can always see J[D 1 ], J[D 2 ] inside a J[D 3 ]. The map r α, f r is a linear form on T vanishing on k(c). We denote it by f α. We have f α J. Indeed if α J[D] and f L ( ) then f α vanishes on T [D ], thus belongs to J[D ]. The operation ( f,α) f α endows J with the structure of a k(c)-vector space. Proposition 4.1.6 The dimension of J over k(c) is at most 1. Proof. We argue by contradiction. Let α,α J linearly independent over k(c). Since J is the union of the J[D] one can find D such that α,α J[D]. Let d = deg(d). For every n 0 let n be a divisor of degree n. If f,g L ( n ), then f α,gα J[D n ]. Furthermore as they are linearly independent over k(c), we see that the map L ( n ) L ( n ) J[D n ] f, g f α + gα is injective. Now dimj[d n ] = diml (D n ) deg(d n ) 1+dimH 1 (/0) diml (D) d 1+dimH 1 (/0)+n

38 Chapter 4. Riemann-Roch and Riemann-Hurwitz which grows like a + n for a constantn. On the other hand diml ( n ) n + 1 dimh 1 (/0) so 2dimL ( n ) grows at least like b + 2n for a constant n. The growth rate are therefore incompatible. 4.1.3 The residue map and Serre duality The space H 1 (D) measures whether a répartition Z = r P P can come from an f. This can also be measured by the residue theorem. For illustration, if Z T /T [/0], we are asking if there exists f such that ord P f r P 0 for all poles P of f. Let ω be a regular differential. Then f ω has poles only at the poles of f and the negative terms of the Laurent series of f ω are determined by the negative terms of the Laurent series of f. Now since P Res P ( f ω) = 0, we get that P Res P (r P ω) = 0 if α 0 ( f ) = r P P as desired. This is therefore a necessary condition. Serre duality says that this condition is actually also sufficient. Let ω Ω C and r T. We define the bilinear form ω,r = Res P (r P ω). P This definition is legitimate since r P ω is regular for almost all P. One has the following properties 1. ω,r = 0 if r k(c) because of the residue theorem; 2. ω,r = 0 if r T [D] and ω Ω(D) since then r P ω is regular at all P; 3. If f k(c) then f ω,r = ω, f r. For every differential ω, let θ(ω) be the linear form on T which sends r to ω,r. The previous properties shows that if ω Ω(D) then θ(ω) J[D] since J[D] is by definition the dual of T /(T [D] + k(c)). Lemma 4.1.7 If ω is a differential such that θ(ω) J[D] then ω Ω(D). Proof. Otherwise, there would be P C such that ord P (ω) < ord P (D). Put n = ord P (ω) + 1 and let r be the répartition whose components are { r Q = 0 if Q P, r P = 1/t n P. We have ord P (r P ω) = 1 whence Res P (r P ω) 0 and ω,r 0; but since n ord P (D), r T [D], hence we arrive at a contradiction since θ(ω) is assumed to vanish on T [D]. Theorem 4.1.8 Serre Duality. For every divisor D, the map θ is an isomorphism from Ω(D) to J[D]. Proof. Let us show that θ is injective. Indeed, if θ(ω) = 0, the previous lemma shows that ω Ω( ) for all, hence ω = 0. Next θ is surjective. Indeed according to item (3), θ is a k(c)-linear map from Ω C to J. As Ω C has dimension 1 and J has dimension at most 1, θ maps Ω C onto J. If we fix a canonical divisor κ = div(ω) then using the isomorphism of Proposition 3.4.3, we see that dimω(d) = diml (κ D) and combined with Serre duality gives Riemann-Roch theorem.

4.2 Corollaries 39 Exercise 4.1 Prove that a curve C has genus 0 iff there exists two distinct points P,Q C such that (P) (Q). 4.2 Corollaries In order to understand better the constraint on l(d) in terms of the degree of D, we let r(d) = l(d) 1. If D is effective then k L (D) and therefore r(d) 0. Reciprocally, if r(d) 0, then there exists a function f such that div f + D 0 and we can therefore assume that D is effective. In that case PL (D) {effective divisors D} is a projective space of dimension r(d), called the linear system associated to D. Indeed D + div f = D + divg iff div f = divg i.e. div( f /g) = /0, which means that f /g is constant or f = αg with α k. Finally we denote i(d) = l(κ D) the index of speciality of D. A divisor D with i(d) > 0 is said special. Since deg(κ) = 2g 2, we see that special divisors have degree less or equal to 2g 2. Notice that the canonical divisor κ is the unique divisor (up to linear equivalence) of degree 2g 2 such that l(κ) = g. Indeed if κ is another degree 2g 2 divisor with l(κ ) = g then g = l(κ ) = 2g 2 g + 1l(κ κ ) = g 1 + l(κ κ ). The divisor κ κ is of degree 0 hence κ κ +div( f ) 0 is also of degree 0 and can be effective iff κ κ = div( f ) = div(1/ f ). Moreover from the proof of Lemma 3.3.2, we see that r(d) deg(d). We get the first picture where the blue zone represents the special divisors. This picture can be refined using Clifford theorem (see Exercise 4.2) and even more using Brill-Noether theorem [0, p.159] as it is visible on the second picture. r r Brill Noether curve g (r + 1)(g d + r) = 0 g 1 κ r = d g g 1 Clifford line r = d/2 κ r = d g Special Divisors g 2g 2 d g 2g 2 d Let us point out that as for topology, the genus is somehow a good indicator of the complexity of the curve: indeed when it grows, one needs increasing the degree of an effective divisor D to find a non-constant function in L (D). Exercise 4.2 We are going to prove the following version of Clifford s theorem : let D be an effective special divisor on the curve C over k = k. Then r(d) 1 2 degd. Prove this result admitting the following lemma Lemma 4.2.1 Let D, E be effective divisors on C. Then r(d) + r(e) r(d + E). For the proof of the lemma, let us consider the map φ : D E D + E

40 Chapter 4. Riemann-Roch and Riemann-Hurwitz It is the projective map induces by the affine map L (D) L (E) L (D + E) ( f,g) ( f g) Show that for any R D + E, φ 1 (R) is finite (may be empty). Deduce from [0, III.ex.11.2] that φ is a finite morphism and that the dimension of φ( D E ) = r(d) + r(e). Conclude. R There is a more precise version which says that equality occurs iff D = 0 or D = κ or C is hyperelliptic and D is linearly equivalent to a multiple of the divisor P + ι(p) for P C and ι : C C the canonical involution (see loc. cit.). 4.3 Riemann-Hurwitz theorem Finally, we state another important result to compute the genus of a curve (see [0, page II.5.9]). Theorem 4.3.1 Riemann-Hurwitz theorem. Let φ : C 1 C 2 be a non-constant separable morphism then 2g C1 2 degφ (2g C2 2) + P C 1 (e φ (P) 1) with equality if chark = 0 or if chark e φ (P) for all P. Proof. Let ω 0 Ω C2 and P C 1 and let Q = φ(p). Since φ is separable, φ ω 0. We wish to relate ord P (φ ω) and ord Q ω. Write ω = f dt where t is a uniformizer at Q. Then letting e = e φ (P), we have φ t = us e where s is a uniformizer at P and u(p) 0,. Hence φ ω = (φ f )d(φ t) = φ f d(us e ) = φ f (eu e 1 + (du/ds)s e )ds. Now ord P (du/ds) 0 so we see that with equality if and only if e 0 in k. Further Hence adding over P C 1 yields ord P (φ ω) ord P (φ f ) + e 1 ord P φ f = e φ (P)ord Q ( f ) = e φ (P)ord Q ω. degdivφ ω e φ (P)ord φ(p) ω + e φ (P) 1 P = e φ (P)ord Q ω + e φ (P) 1 P C 1 Q C 2 P φ 1 (Q) = (degφ)(degdivω) + e φ (P) 1 P Now Hurwitz s theorem is a consequence of Theorem 4.1.1 which says that on a curve of genus g degdivω = 2g 2. R One can remove the constraints on chark by involving higher ramification groups when the cover k(c 1 )/φ (k(c 2 ) is Galois see [0, Th.III.4.12, Th.III.8.8].

4.3 Riemann-Hurwitz theorem 41 Example 4.2 Let us compute the genus of C : F = 0 with F = X 4 +Y 4 + Z 4 in characteristic different ( from ) 2. We first check that the variety is smooth. Indeed a point of C is singular iif F X, F Y, F Z = (0,0,0) (see Exercise 2.7) then (X,Y,Z) = (0,0,0). We know consider the morphism φ : (X : Y : Z) (X : Y ) P 1. The genus of P 1 is 0 since we have seen that on P 1 there is no regular differential. We need to know the ramification points P = (x : y : z) of φ. If y = 0 then x = 1 and z 4 = 1 has four distinct solutions. Since by Proposition 3.3.1, the sum of the ramification index over (1 : 0) is equal to the degree (which is 4 since k(c) = k(x,y )[Z]/(Z 4 (X 4 +Y 4 ))) we see that all these points are unramified. We can now assume y = 1 and then z 4 = (x 4 + 1) which for the same reason is unramified except if x 4 = 1. For each of the four solutions x i of this equation we have a unique point P = (x i : 1 : 0) which maps to (x i : 1), hence the ramification index is 4.We can now apply Riemann-Hurwitz 2g C 2 = 4 ( 2) + 4 (4 1) implies that g C = 3. One can check that this is the case over Q for instance using the following MAGMA commands P<X,Y,Z>:=PolynomialRing(Rationals(),3); PP:=ProjectiveSpace(P); C:=Curve(PP,X^4+Y^4+Z^4); Genus(C); R There are other ways to compute the genus of plane curves C (or embedded in a smooth surface) which are consequences of the adjunction formula 2g 2 = C.(C + K) where K is the canonical divisor on the surface. For plane curves of degree d, C dh and K 3H then 2g 2 = d(d 3) Here for d = 4 we find g = 3. Note that this proves that not all curves can be written as plane (smooth) curves. For dimension 1 variety V of P 2 of degree d, one has that the smooth curve in the birational equivalence class of V has genus equal to (d 1)(d 2) 2 P V δ P where δ P is zero if P is not singular and 1 if P is a node [0, IV.ex.1.8]. This is crucial as any curve over k is birational to a plane curve with only nodes as singularities [0, page IV.3.11]. In the same line of thoughts, all curves can be embedded in P 3 but not necessarily over k! For instance there exists a genus 14 curve over F 2 with 16 > #P 3 (F 2 ), so this curve cannot be embedded in P 3. This curve cannot neither come from a plane variety with only nodes since the number of F 2 -rational points of (the desingularization of) this variety is at most 7 2 (when all the nodes are rational). It has been showed in [0] that the existence of an i > 0 such that #C(F q i) > #P 3 (F q i) is the only type of obstruction for the embedding in P 3 over a finite field. Exercise 4.3 Let φ : C 1 C 2 a non-constant morphism between curves. 1. Show that g C1 g C2. 2. Prove that if there is equality then g = 0 or (g = 1 and φ is unramified) or (g 2 and φ is an isomorphism). Exercise 4.4 Let k be an algebraically closed field. Let C be a curve of genus g C > 1 and G be the group of automorphisms of C. It is known that this is always a finite group. In the first part of this exercise, we are going to prove this result when C is hyperelliptic and the characteristic of k is different from 2. We write C : Y 2 = f (X) where f is of degree 2g C + 2 (a singular model for C). Recall that

42 Chapter 4. Riemann-Roch and Riemann-Hurwitz isomorphisms of hyperelliptic curves are of the form ( ) ax + b g : (X,Y ) cx + d, ey (cx + d) g+1 [ ] a b with M = GL c d 2 (k) and e k. We denote g the induces automorphism of P 1 given by (X : Z) (ax + bz : cx + dz) and we therefore have a surjective morphism from G to G = { g, g G}. 1. Show that the kernel of this morphism is generated by the hyperelliptic involution ι. Hence in order to prove that G is finite, it is enough to prove that G is. Let g G. 2. Show that the 2g + 2 points (x i,0) C where x i are the roots of f are the fixed points of ι. 3. Show that g permutes the points Q i = (x i : 1). 4. Show that an automorphism of P 1 which fixes 3 distinct points is the identity. 5. Conclude that there exists an injective morphism from G into Sym 2g+2 and that #G 2(2g + 2)!. 6. Describe briefly how to compute the elements of G given a factorization of f. We now come back to the case where C is not necessarily hyperelliptic and we assume that G is finite. We assume also that the characteristic of k does not divide #G = n. We know that there exists a curve D/k and a morphism φ : C D separable of degree n such that for all Q D, φ 1 (Q) = {g(p), g G}, where P C is any point such that φ(p) = Q (the curve D is the quotient of C by G and in particular φ g = φ for all g G). Let P C be a point with ramification index e φ (P) = r. 7. Show that φ 1 (φ(p)) consists of exactly n/r points, each of ramification index r. Let P 1,...,P s be a maximal set of ramification points of C lying over distinct points of D and let e φ (P i ) = r i. 8. Show that Riemann-Hurwitz formula implies 2g C 2 n = 2g D 2 + s i=1 1 1 r i. 9. As g C 2, then the left side is > 0. Show that if g D 0, s 0, r i 0 are integers such that 2g D 2 + s i=1 then the minimal value of this expression is 1/42. 10. Conclude that n 84(g C 1). 1 1 r i > 0

5. Description of the curves up to genus 5 We want to give equations which describe curves up to genus 5. In the sequel C will be a curve of genus g defined over k. 5.1 Genus 0 case We know from Riemann-Roch theorem that κ is a divisor of degree 2, hence l( κ) = 2 0 + 1 + l(2κ) = 3. Let x,y,z be a basis of L ( κ). Since l( κ) > 0, we can assume that κ is effective and equal to n P P with n P positive. If P is a pole of x, say, one has that ord P x n P hence ord P x 2 = 2ord P x 2n P. From this, we conclude that x 2 L ( 2κ) and similarly for xy,xz,y 2,yz and z 2. But l( 2κ) = 4 0 + 1 = 5. So there is a linear relation between these functions, i.e. there exists a homogenous quadratic polynomial Q k[x,y,z] such that Q(x,y,z) = 0. The polynomial Q is absolutely irreducible: otherwise there would be a linear relation between x,y,z. Hence Q is absolutely irreducible and defines a smooth conic. To conclude, let us show that φ : C V p (Q) defined by φ(p) = (x(p) : y(p) : z(p)) is an isomorphism. By Corollary 3.2.4, it is enough to show that φ is of degree 1 over k. Since κ is of degree 2 then any linear combinaison ax + by + cz has at most two zeros. Now, there is a line in P 2 (any which is not tangent to the conic) which intersects the conic in two distinct points Q 1,Q 2. After a change of variables we can assume that this line is X = 0 and φ 1 (Q 1 ),φ 1 (Q 2 ) are distinct zeros of x, therefore φ 1 (Q i ) = {P i } (since φ is surjective) and ord Pi x = 1 (because P 1 + P 2 is already of degree 2 and x has no more zeros). Let us consider the composition ψ : C V p (Q) P 1 which maps P to x(p). One has that e ψ (P 1 ) = ord P x = 1. But e φ (P 1 ) e ψ (P 1 ) (see Exercise 3.4) and so e φ(p1 ) = 1. Now we conclude using Proposition 3.3.1 that. degφ = P φ 1 (Q 1 ) e P (φ) = e P1 (φ) = 1

44 Chapter 5. Description of the curves up to genus 5 Proposition 5.1.1 Every genus 0 curve over k is k-isomorphic to a plane smooth conic. Conversely, this is true as well, since over k, one can parametrize a smooth conic and it is therefore k-isomorphic to P 1, hence of genus 0. 5.2 Genus 1 case We will assume that C has a k-rational point O (always true over k or over a finite field, see Exercise 8.2). Since degκ = 0, we see that l(o) = 1 1 + 1 + 0 = 1, L (O) = 1 l(2o) = 2 1 + 1 + 0 = 2, L (2O) = 1,x l(3o) = 1 1 + 1 + 0 = 3, L (O) = 1,x,y l(6o) = 1 1 + 1 + 0 = 6, L (O) = 1,x,x 2,x 3,y,y 2,y 3,xy. We conclude as before that there is a relation ay 2 + bxy + cy = dx 3 + ex 2 + f x + g and that ad 0 (otherwise all functions have a pole of different order at O and the expression cannot vanish). We can therefore replace y by d 2 ay and x by adx to get Let us call y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6. E : Y 2 Z + a 1 XY Z + a 3 Y Z 2 = X 3 + a 2 X 2 Z + a 4 XZ 2 + a 6 Z 3 P 2 and consider the morphism φ : C E defined by φ(p) = (x(p) : y(p) : 1). This is well defined at O as well since if t is a uniformizer at O then φ(o) = (t 3 x(o) : t 3 y(o) : t 3 (O)) = (0 : 1 : 0) since x (resp. y) has a pole of order 2 (resp. 3) at O. We need to show that φ is an isomorphism, i.e. we will show that k(x,y) = k(c). The morphism φ x : C P 1 (resp. φ y : C P 1 ) defined by φ x (P) = (x(p) : 1) (resp. φ y (P) = (y(p) : 1)) is of degree 2 (resp. 3) since x (resp. y) has a unique pole of order 2 (resp. 3). We therefore get that k(c) 2 k(x, y) 3 k(x) k(y) which forces [k(c) : k(x,y)] to divide 2 and 3 so to be equal to 1. To conclude, we still need to prove that E is smooth. Let us think that it is not. Since the point (0 : 1 : 0) is smooth, we can assume that it is a affine point which is singular and after translation we can let it be (0 : 0 : 1). The affine equation of E is then of the form Y 2 + a 1 XY = X 3 + a 2 X 2. Let t = Y /X. We get t 2 + a 1 t = x + a 2. Hence the rational map ψ : E P 1 defined by ψ(x : Y : 1) = (X : Y ) is of degree 1 with inverse ψ 1 (1 : t) = (t 2 + a 1 t a 2 : t 3 + a 1 t 2 a 2 t : 1). By composition ψ φ is a morphism of degree 1 between smooth curves, hence an isomorphism. But the genus of P 1 is 0, so this is absurd and E is smooth.

5.3 Genus 2 case 45 R We could also use the fact that a plane 1-dimensional variety of degree 3 is smooth if and only if its genus is 1 since for a plane curve of degree d, one has g (d 1)(d 2)/2 with equality if smooth. Proposition 5.2.1 Let C be a genus 1 curve over k with a k-rational point O. Then C is k-isomorphic to a plane curve E : Y 2 Z + a 1 XY Z + a 3 Y Z 2 (X 3 + a 2 X 2 Z + a 4 XZ 2 + a 6 Z 3 ) = 0 called a Weierstrass model of C. R What happens if there is no k-rational point? The situation does not admit a fixed answer and depends on the smallest degree n of a k-rational division D (which is unbounded for curves over Q [0]). One gets [0] if n = 2, a model y 2 = F(x) with F of degree 4; if n = 3, a plane smooth cubic; if n = 4, the intersection of two quadrics in P 3 ; if n > 4, a non-complete intersection. 5.3 Genus 2 case In that case degκ = 2 and l(κ) = 2. Hence there exists a non-constant function x L (κ). Since divx +κ 0, we see that x has at most a pole of order 2 at a unique point P or a pole at two distinct points P 1 and P 2 (x cannot have a single pole of order 1 since it would induce an isomorphism with P 1 ). Let φ : C P 1 the morphism defined by x. It is then of degree 2 and we are in the situation studied in Example 3.5 if chark 2. We know that C is bitationally equivalent to H : Y 2 = f (X) where f k[x] is a separable polynomial. Using Riemann-Hurwitz formula (see Theorem 4.3.1, we get that (2g 2) = 2 = 2( 2) + e φ (P) 1 hence we see that φ is ramified at 6 points. Each affine point (x 0,0) H is ramified so deg f 6 (see the picture below). If deg f = 6, then we have seen that the smooth model of H is indeed not ramified at infinity (there are two points) and we are done. The same analysis would show that if deg f = 5 then φ is ramified at the unique point at infinity. Hence Proposition 5.3.1 Every genus 2 curve over a field k of characteristic different from 2 is k- birationally equivalent to an affine curve H : Y 2 = f (X) with f k[x] of degree 5 or 6. Note that if moreover #k > 5 and deg f = 5 then we can assume that f (0) 0 by a translation defined over k. Then ( ) Y 2 ( ) 1 X 3 = f X implies that Y 2 = X 6 f (1/X) = g(x) where g is a polynomial of degree 6. Hence with the exception of k = F 3 or F 5, we can always assume deg f = 6.

46 Chapter 5. Description of the curves up to genus 5 Figure 5.1: Ramification points (in blue) of the map φ R The characteristic 2 case can be found in [0] for instance. 5.4 Interlude: canonical map and hyperelliptic curves Before we proceed further, we will need some extra information about a particular morphism, called the canonical map. In general, if D is a divisor on C such that l(d) > 1 one can definie φ D : C P r with r = r(d) = l(d) 1 by choosing a basis (s 0,...s r ) of L (D) and mapping φ D (P) = (s 0 (P) :... : s r (P)) (as we did in genus 0 for instance). One can study when this map is an embedding in general but we will restrict to the case of D = κ (and g 2) (for the general theory, see [0, IV.Prop.3.1]). First note that for any P C, there exists an i such that s i (P) 0. Indeed if not, there would exist P such that s i (P) = 0 for all 0 i r, then all the s i L (κ P) which would be of dimension g. Then l(p) = 1 g + 1 + l(κ P) = 2 which is excluded since g > 0. Let us see when this morphism is injective. This will be the case iff for P Q, one can find s L (κ) such that s(p) = 0 but s(q) 0. This will not be the case iff l(κ P) = l(κ) 1 = g 1 = l(κ P Q) which is equivalent to l(p + Q) = 2. This is the case iff there is a non-constant degree 2 map over k to P 1. If this is the case, by taking the limit P = Q, one can also prove that this map is an immersion (i.e. send a smooth point onto a smooth point). Indeed since l(κ 2P) < l(κ P) there exists s L (κ) such that ord P (s) = 1. Therefore the map φ D is of degree 1 and hence an isomorphism on its image. Definition 5.4.1 We say that C is a hyperelliptic curve (resp. non-hyperelliptic curve) when φ K is not an embedding (resp. is an embedding). The image φ K (C) of a non-hyperelliptic curve is called the canonical embedding of C. Note that V = φ κ (C) P r is a non-degenerate 1-dimensional variety, i.e. it is not contained in any hyperplane. Indeed, an hyperplane is given by a non-zero linear combinaison s of the s i and this function s would be zero on all of C, hence would be zero. Note that the intersections of V with a hyperplane H : s = 0 are the zeros of s. Now, we can assume that κ is effective then

5.4 Interlude: canonical map and hyperelliptic curves 47 divs + κ 0 so s has at most 2g 2 poles counted with their orders. If it would have less then s L (κ P) but we have seen that this is not possible. Hence s has exactly 2g 2 poles and therefore zeros with multiplicities. We will say therefore that the canonical image of the curve is a curve of degree 2g 2. By Bézout theorem [0, page I.7.7], it can be shown that a complete intersection of hypersurfaces of degre d 1,...,d t is of degree d 1 d t (see [0, Sec.5.5] for more intuitive way of seeing the degree). R This is a characterization of this embedding. Indeed if φ : C P g 1 is a non-degenerate embedding then one can consider the divisor D = φ(c) H where H : s = 0 is any hyperplane. Moreover, by hypothesis, D has degree 2g 2. The Riemann-Roch space L (D) contains all the hyperplane sections s (since the quotient of two sections is a function on the curve, they are all linearly equivalent) which is a vector-space of dimension g. We have seen in Section 4.2 that these properties characterize κ. The canonical embedding allows a geometric interpretation of the index of speciality. Indeed if D = P i, the P i all distinct, we see that L (κ D) is the space of linear forms which passes by the points P i. Hence i(d) = g 1 d where d is the dimension (as subvariety of P g 1 ) of the intersection of the hyperplanes containing all the points P i. This is still the case if some of the P i are the same asking for hyperplanes with higher tangency conditions. Let us analyze hyperelliptic curves further. We have seen that C is hyperelliptic iff there exist two points P,Q C(k) distinct for which l(p + Q) = 2. This implies that there exists a degree 2 morphism ρ : C P 1 and over k of characteristic different from 2 we are back to the case studied in Example 3.5. Lemma 5.4.1 [0, VII.Prop.4.29]. The morphism ρ is unique (up to a choice of coordinates of P 1 ) and therefore defined over k. One can find another proof based on Riemann inequality in [0, page VI.2.4]. Since the extension k(c)/k(p 1 ) is uniquely determined and Galois, it induces by Theorem 3.2.3 a unique involution ι : C C defined over k and called the hyperelliptic involution. From the existence of φ, we see that there is always a k-morphism of degree 2 from C to a conic in P 2. If this conic has a point then we are back to the familiar situation and we can write C : Y 2 = f (X). We say that C admits a hyperelliptic equation. R To go further, one has to look more closely at the canonical map. One can show that over k one has φ κ C P g 1 (X,Y ) ρ P 1 ( dx Y : XdX Y Segré embedding ψ... : Xg 1 dx Y ) = (1 : X :... : X g 1 ) X By definition of the canonical map, for a hyperplane H P g 1, one has φ (H φ K (C)) κ. }{{} =D The image of ψ (D) is a divisor of degree g 1 on P 1, hence it is linearly equivalent to (g 1)P for any P P 1. We therefore get that κ (g 1)ρ P. This also implies that ρ κ = (ρ ρ )(ψ D) = 2(ψ D). Starting with H defined over k we then get a divisor ψ D which }{{} =2 is defined over k (since κ and ρ are defined over k). If g is even then D = ψ D + g 2 2 κ P 1 is a k-rational divisor of degree 1. By Riemann-Roch theorem, we see l(d ) = 1 so D is linearly equivalent to a k-rational effective divisor of degree 1, i.e. a k-rational point. This proves that ρ(c) is a conic with a k-rational point and therefore k-isomorphic to P 1. Hence, we have proved that if C/k is a hyperelliptic curve of even genus then C admits a hyperelliptic equation. Note that there are counterexamples in odd genus.

48 Chapter 5. Description of the curves up to genus 5 In the sequel, we will restrict ourselves to non-hyperelliptic curves but note that in MAGMA, hyperelliptic curves have much more functionalities developed (in particular for genus 2 and 3). R MAGMA can compute canonical embeddings in the following way: P<X,Y,Z>:=PolynomialRing(Rationals(),3); PP:=ProjectiveSpace(P); C:=Curve(PP,X^5+Y^5+Y^2*Z^3); Genus(C); 4 phi:=canonicalmap(c); C2:=CanonicalImage(C,phi); PP<X1,X2,X3,X4>:=AmbientSpace(C2); C2; Curve over Rational Field defined by -X2^2 + X1*X3, X1^2*X2 + X3^3 + X4^3 5.5 Genus 3 case Let us identify C with its image by the canonical embedding in P 2. It is therefore a plane curve defined by F(X,Y,Z) = 0. Since the intersection of a line with C is of degree 4, we conclude that C is a plane smooth quartic. Conversely, any plane smooth quartic is a genus 3 non hyperelliptic curve by the first part of Remark 5.4. Proposition 5.5.1 Any non hyperelliptic genus 3 curve over a field k is k-isomorphic to a plane smooth quartic. Conversely any plane smooth quartic is a non hyperelliptic genus 3 curve. R The picture at the beginning of the chapter is a genus 3 non hyperelliptic curves with its 28 bitangents (lines which are tangent to the quartic at 2 (not necessarily distinct) points). One can prove that over a field of characteristic different from 2, a plane smooth quartic has always exactly 28 such lines. 5.6 Genus 4 case Let P(r,d) be the space of homogeneous polynomials of degree d in r + 1 variables. Lemma 5.6.1 One has that dimp(r,d) = ( ) r+d d. Proof. Fixing a monomial is giving r bars among d points. For instance is the representation of the monomial x0 3x 1x 2. Hence representing all the monomials is the same as choosing r elements (which will become bars) among r + d. We then get dimp(r,d) = ( ) ( r+d r = r+d ) d. Let us identify the image of C with its canonical embedding. Let H : h = 0 be a hyperplane in P 3, then d(h C) dκ and we get a morphism P(3,d) L (dκ) F F h d. When d = 1, we know that this is an isomorphism. When d = 2, one has that dimp(3,2) = 10 whereas l(2κ) = 9. Therefore there is a quadric Q = V p (q) P 3 which vanishes identically on C. The quadric Q is absolutely irreducible because no hyperplane vanishes identically on C. There cannot be 2 independent quadrics since it would defined a curve of degree 4 when degc = degκ = 6.

5.7 Genus 5 and beyond 49 Hence Q is unique. When d = 3, we see that dimp(3,3) = 20 whereas l(3κ) = 15. The kernel is of dimension at least 5 and contains qx,qy,qz,qt but also a new absolutely irreducible cubic surface E. The intersection of Q and E defines a curve of degree 6 which is therefore equal to C. Proposition 5.6.2 A non hyperelliptic genus 4 curve is the intersection in P 3 of a unique quadric and a cubic surface in P 3. 5.7 Genus 5 and beyond To go further, one needs more knowledge on divisors and good references are [0] and then [0]. One needs first to prove Castelnuevo s bounds (see [0, III. 2]) which use the uniform/general position theorem which is subtle in positive characteristic (for instance it becomes wrong for singular 1-dimensional varieties). One can find a proof for curves in [0]. One also needs Max Noether s theorem see [0]: Theorem 5.7.1 If C is a non hyperelliptic curve of genus g then P(g 1,d) L (dκ) is surjective for all d 1. This shows in particular that C is projectively normal. Enrique-Babbage theorem [0] shows that if C is a non-hyperelliptic curve of genus g over k canonical embedded in P g 1 then it is either an intersection of quadrics or trigonal (i.e. there is a degree 3 map to P 1 ) or it is isomorphic to a smooth plane quintic (of genus 6). Petri s analysis completes this description by giving the coordinate rings in terms of generators and first sizygies. In his [0, Lecture I], Mumford says that this work enables to say I have seen every curve once. But Frank Olaf Schreyer does not agree with this point of view in his second lectures in 2002: this is non-sense. We have no idea how to solve the many equations among the a j ik which garanties that we have a Gröbner basis (the coefficients which defines the curves). His work is to make this description manageable and thanks to him one can now (with MAGMA for instance) draw at random a curve up to genus 15. R When g > 5, Petri s result implies that one cannot take g 2 random quadrics in P g 1 and hope for a genus g curve as the following example shows, whereas Schreyer s functionalities allow this. g:=6;ff:=gf(11);p:=polynomialring(ff,g); PP:=ProjectiveSpace(P); L:=LinearSystem(PP,2); Leq:=[Random(L) : i in [1..g-2]]; C:=Curve(PP,Leq); Genus(C); 17 C:=RandomCurveByGenus(6,FF); Genus(C); 6 Let us point out that we could also look for more compact representation of our objects. This is the purpose of Section 8.3. To come back to genus 5 non hyperelliptic case, C is contained into the intersection of three quadrics in P 4. If C is also not trigonal then this intersection is complete, otherwise one needs to add some equations of higher degree. Indeed, C is trigonal iff there exists an effective divisor D of degree 3 such that l(d) 2, i.e. i(d) 3 but this implies that the support of D is on a line by the geometric version of Riemann-Roch theorem. Such a curve can be easily represent by a singular model with a node as illustrated by the following picture: the degree 3 map is the one defines by parametrizing the line ax + by = 0 through the node (0 : 0 : 1) by {(a : b) P 1 } and the image of a point on C \ {(0 : 0 : 1)} is the (a : b) which correspond to the line through this point.

50 Chapter 5. Description of the curves up to genus 5

II Arithmetic of curves and its Jacobian over finite fields 6 Number of points of curves over finite fields............................... 51 6.1 Weil conjectures for curves 6.2 Maximal number of points 6.3 Codes 7 Jacobian of curves.................. 69 7.1 Abelian varieties: algebraic and complex point of view 7.2 Jacobians 7.3 Application to cryptography 7.4 Construction of curves with many points

6. Number of points of curves over finite fields Let C be a curve of genus g over a finite field k = F q with q = p e for p a prime. As this curve is contained in a P n we see that its number of k-rational points is smaller than #P n (k) = q n + q n 1 +... + 1. Can we make this bound more precise? In particular, could it be intrinsically associated to some invariant of the curve? We can distinguish two cases: If the curve is non-hyperelliptic then we can embed it in P g 1 and therefore the bound depends only on the genus (but exponentially); If the curve C is hyperelliptic, we know that it is a degree 2 cover of a conic, which over a finite field has always a point, so the latter is actually a P 1. Since #P 1 (k) = q + 1, one gets that #C(k) 2q + 2 which does not depend on the genus. To get a more precise idea, one can do some numeric simulations for g = 1 (resp. g = 2) and 5 p 100 (resp. 3 p 30) where we are going to plot the maximal number of points of a curve of genus g over F p (see Section 8.5 for the implementation in MAGMA ). We compare this number N p (g) with the function x x + 1 and then N p (g) (p + 1) with x 2g x which seems to fit well with the data. For genus 1, the results are quite amazing: the value N p (1) seems to be exactly equal to 1 + p + 2 p. For g = 2, the comparison with 1 + p + 2 2 p is less convincing 1. We could expect that for small values of p 7 since in that case the bound 2p + 2 is smaller! But this still happens for p = 13, 17. Can this be explained? Another experiment which was made in Section 8.5 was to see the influence of the number of points over F p of a curve on the number of points over its extensions. It seems that the number of F q e-rational points of a curve of genus g defined over F q is controlled by the number of F q i-rational points of the curve for 1 i g. All these features will be gathered and explained in the study of Weil conjectures for curves. 1 At first sight, one should compare with 1 + p + 4 p but we will see that the previous one is a sharper bound.

54 Chapter 6. Number of points of curves over finite fields Figure 6.1: Growth of N p (1) Figure 6.2: Growth of N p (1) (p + 1) Figure 6.3: Growth of N p (2) Figure 6.4: Growth of N p (2) (p + 1)

6.1 Weil conjectures for curves 55 6.1 Weil conjectures for curves In 1949, André Weil made a series of very general conjectures concerning the number of points on varieties defined over finite fields. We restrict to the case of curves. Let k = F q and for all n 1, let k n be the extension of degree n of k. Let C/k be a (projective smooth) curve of genus g over k. Definition 6.1.1 The Zeta function of C over k is the power series ) Z(C/k;T ) = exp ( #C(k n ) T n n=1 n Example 6.1 Let us look at P 1 (or equivalently any genus 0 curve by Exercise 8.1): indeed #P 1 (k n ) = q n + 1 so Z(P 1 1 /k;t ) = exp( log(1 T ) log(1 qt )) = (1 T )(1 qt ).. Theorem 6.1.1 Weil conjectures. With the above notations, we have the following properties. 1. Rationality : Z(C/k;T ) Q(T ). 2. Functional equation : Z(C/k;1/(qT )) = (qt 2 ) 1 g Z(C/k;T ). 3. Riemann hypothesis : there exists a polynomial f Z[T ] of degree 2g, called the Weil polynomial of C such that with α i = q for all i and such that f (T ) = Z(C/k;T ) = 2g i=1 (1 T α i ) f (T ) (1 T )(1 qt ). R If we let ζ C (s) = Z(C/k,q s ), we see that the zeros of ζ C (s) have a real part equal to 1/2 which is the analogue of the classical Riemann hypothesis for ζ (s) = n 1 n s. Corollary 6.1.2 We have #C(F q n) = 1 + q n 2g i=1 αn i. Proof. We have log(z(c/k;t ) = #C(k n )T n /n = log( f (T )) log(1 T ) log(1 qt ) = log(1 α i T ) + T n /n + q n T n /n ( = ( αi n ) + 1 + q )T n n /n. n i

56 Chapter 6. Number of points of curves over finite fields Example 6.2 Consider the elliptic curve : E/F 7 : y 2 = x 3 + 2. It has 9 rational points, namely (0 : 1 : 0),(0 : 3 : 1),(0 : 4 : 1),(3 : 1 : 1),(3 : 6 : 1),(5 : 1 : 1),(5 : 6 : 1),(6 : 1 : 1),(6 : 6 : 1). So we must have Z(E/F 7 ;T ) = 7T 2 + T + 1 (1 T )(1 7T ). In particular the number of points of E/F 49 is 1 + 49 (1 2 2 7) = 63 which can be checked with MAGMA in the following way E:=EllipticCurve([0,0,0,0,GF(7)!2]); #Points(ChangeRing(E,GF(49))); These conjectures were solved by Weil in the case of curves and abelian varieties using intersection theory on C C, see for instance [0] or [0] for a modern use of the techniques. The general case was solved by Deligne in 1973 using cohomological techniques. We will present here the main ideas of an elementary proof due to Stepanov and Bombieri. Example 6.3 MAGMA can compute Weil polynomials as long as there are specific algorithms to do so (see Section 7.3) or the genus and the field are not too large. P<X,Y,Z>:=PolynomialRing(GF(11),3); PP:=ProjectiveSpace(P); Q<T>:=PolynomialRing(Rationals()); C:=Curve(PP,X^5+Y^5+Y^2*Z^3); Q!LPolynomial(C); 14641*T^8-2299*T^6 + 231*T^4-19*T^2 + 1 Note that once the Weil polynomial is computed, it is almost for free to get the one for the same curve over any extension. For instance Q!LPolynomial(C,2); 214358881*T^8-67319318*T^7 + 12049543*T^6-1618496*T^5 + 170005*T^4-13376*T^3 + 823*T^2-38*T + 1 gives the Weil polynomial of C over F 11 2. 6.1.1 Rewriting of Z(C/k, T ) In the finite field case, the structure of Gal( k/k) is simple: it is generated by a single element σ : x x q. A place of degree n is a divisor D = P + P σ +... + P σ n 1 for P C(k n ) which is not in C(k m ) for m n. Let us denote Pic n (C)(k) the set of linear equivalence classes of k-rational divisor of degree n (See Definition 3.3.2). If φ n is the number of places of degree n then #C(k n ) = m n mφ m. One then gets ( ) log (1 T degd ) 1 = log (1 T m ) φ m D place m=1 = = m m=1φ n=1 m=1 N m T m m T mn n = m=1 ( = m=1 ) nφ n n m = logz(c/k,t ). φ m log(1 T m ) T m m

6.1 Weil conjectures for curves 57 Hence we get Z(C/k,T ) = (1 T degd ) 1 = D place D place i=0 T ideg(d) = n=0 A n T n where A n is the cardinal of A n which is the k-rational effective divisor of degree n (with A 0 = 1). Indeed, every k-rational effective divisor is uniquely a sum of places with a given multiplicity. Let δ 0 = min{degd > 0 s.t. D is defined over k}. This number is reached by the degree of a divisor D 0 (we will see that δ 0 = 1). If δ 0 n, then A n = 0 since otherwise writing n = aδ 0 + r with 0 < r < δ 0, one sees that for D A n, one gets a k-rational divisor D ad 0 of degree r < δ 0. If δ 0 n, the map D D n/δd 0 shows that there is a bijection between Pic n (C)(k) and Pic 0 (C)(k). Note that this is a set of finite order h. Indeed for m g and divisible by δ, we see using Riemann- Roch theorem that each class contains an effective divisor. The points in the support of such a divisors can be gathered by orbit under σ of length less or equal to m, hence are defined over a degree at most m of k. The number of such points is finite and so is #Pic m (C)(k) = #Pic 0 (C)(k). We get that A n = D Pic n (C)(k) # D = D Pic n (C)(k) q l(d) 1 1 q 1 the last equality being true as soon as n > 2g 2. This means that 2g 2 Z(C/k,T ) = n=0 A n T n }{{} polynomial + A n T n = n>2g 2,δ 0 n = h qn g 1 q 1 f (T ) (1 T δ 0 )(1 (qt ) δ 0) Q(T ). (6.1) 6.1.2 δ 0 = 1 Lemma 6.1.3 For all d 1 Proof. ε s.t. ε d =1 Z(C/k,εT ) = Z(C/k d,t d ) = ε s.t. ε d =1 = exp exp ε s.t. ε d =1 ( #C(k m ) m=1 ( #C(k m ) T m m=1 m Z(C/k,εT ). ) (εt )m m ) ε m ε s.t. ε d =1 Now ε s.t. ε d =1 ε m = 0 if d m and d if d m. We hence get Z(C/k,εT ) = exp ε s.t. ε d =1 ( #C(k md ) m=1 (εt )md m ) = Z(C/k d,t d ). From (6.1), we see that Z(C/k d,t d ) is of the form f 1 (T )/((1 T dδ 1)(1 (qt ) dδ 1)) with δ 1 δ 0 whereas Z(C/k,εT ) is of the form f (εt )/((1 (εt ) δ 0)(1 (εqt ) δ 0)). When d = δ 0, the denominator of the product is (1 T δ 0) δ 0(1 (qt ) δ 0) δ 0. Note that the expression (6.1) (as a sum of a polynomial and the fraction) shows that the order of the pole of Z(C kd,t d ) at 1 is exactly 1 whereas it is δ 0 for the product. By comparing the orders, we see that δ 0 = 1. This implies that there is a k-rational divisor of degree 1 and we have seen that this is not necessarily the case over number fields, even for elliptic curves (see Remark 5.2).

58 Chapter 6. Number of points of curves over finite fields 6.1.3 Functional equation Using the fact that δ 0 = 1, we can rewrite Z(C/k,T ) = 1 (A(T ) + hb(t )) q 1 where A(T ) = D deg(d) 2g 2 q l(d) T deg(d) and B(T ) = qg T 2g 1 1 qt 1 1 T. Since D κ D is a bijection between divisor classes of degree 0 n 2g 2, we get that A(T ) = q g 1 T 2g 2 A(1/(qT )) and on the other hand B(T ) = q g 1 T 2g 2 B(1/(qT )) and then the functional equation. Using the latter one also sees that deg f = 2g. 6.1.4 Riemann hypothesis One starts with a reduction lemma. Lemma 6.1.4 The following properties are equivalent 1. α i = q for all i; 2. α i q for all i; 3. There exists an A > 0 such that for infinitely many m #C(k m ) (1 + q m ) Aq m/2. Proof. Let us prove that 2 implies 1. The functional equation shows that the application α q/α is a bijection on the set {α i }. Hence if α i q for all i, then q/α i q for all i but then α i q for all i. Let us prove that 3 implies 2. The series S(z) = m=0 (αm 1 +... + αm 2g )zm is equal to 2g i=1 1 1 α i z and its convergence radius is R = (max α i ) 1. The inequality of 3 shows that R q 1/2 hence α i q for all i. We therefore have to prove an upper bound and a lower bound on C(k m ) for infinitely many m. Let us start with the upper bound. We can assume that q = q 2 0 and that there exists a point Q C(k). One then construct very carefully a function f L ((q 0 (2g + q 0 ) + q 0 + 1)Q) such that f (P) = 0 for all P C(k) \ {Q} (see Exercise 6.1). One then gets that #C(k) 1 degree of the zero divisor of f degree of the pole divisor of f q+1+(2g+1) q. For the lower bound, the argument is more involved. As we can assume that C(k) has a point, we can construct a function defined over k which induces a morphism C P 1. Looking at the function field extension k(p 1 ) k(c), we can consider its Galois closure K (with Galois group G) and this field corresponds to a curve C defined over a finite extension of k and a morphism φ : C C P 1. Extending once more the field k, we can assume that the curve and the morphism are defined over k. Note that since any k-rational point on C maps to a k-rational point on C, to get a lower bound on #C(k) it is enough to get one on #C (k) = #{P C (k) s.t. P σ = P}. Now for all but finitely many Q P 1 (k) (there are only a finite number of ramified points), we have that φ 1 (Q) = {P 1,...,P #G }. One denotes N(C,h) = #{P C (k) s.t. P σ = h(p)}. In particular #C (k) N(C,1). The construction of f above can be adapted to prove that N(C,h) q + (2g C + 1) q + 1. Now N(C,h) = #G #P 1 (k) + O(1). h G

6.1 Weil conjectures for curves 59 Indeed for Q P 1 (k), if P i φ 1 (Q) then Pi σ φ 1 (Q) so Pi σ = h(p i ) for h G. Moreover except when Q is a point over which φ is ramified we have exactly #G elements in the fibre. Here O(1) takes into account the fixed contribution of the ramification points which does not change when taking extensions of k (when k is large enough). From this and the upper bound one deduces that N(C,h) = q + O(q 1/2 ) and in particular N(C,1) q 1 A q. R These techniques to prove arithmetic results with well designed functions have received a lot of attention lately (see [0]). For instance it can be used to prove a finite version of Kakeya set: let K k n a set containing an affine line in each direction. Then #K ( q+n 1) n. Another result that can be proved is: let A,B be two non empty subsets of Z/pZ with p a prime then #{u + v s.t. u A,v B} min(p,#a + #B 1). Exercise 6.1 Let C/F q be a curve of genus g 1 with q = q 2 0 and assume that there exists a point Q C(F q ). Let us define for m 1, L = L (mq) q 0 L (nq) = { i I,I finite x q 0 i z i : x i L (mq), z i L (nq)}. 1. Using the fact that l(mq) l((m + 1)Q) l(mq) + 1, show that there exists a basis f 1,..., f r of L (mq) such that ord Q ( f i ) < ord Q ( f i+1 ). 2. Show that if n < q 0 then every y L can be written in a unique way as f q 0 i z i (proceed by comparing the orders at Q of f q 0 i 0 z i0 and r i=i 0 +1 f q 0 i z i for i 0 = min{i s.t. z i 0}. 3. Conclude that diml = diml (nq) diml (mq). This enables to define the following application ψ :L L ((m + q 0 n)q) r i=1 f q 0 i z i f i z q 0 i i 4. Prove that ψ(x + y) = ψ(x) + ψ(y) and that ψ(λ q 0x) = λψ(x) for λ F q. 5. Prove that if ker(ψ) 0 and f = f q 0 i z i kerψ then for each P C(F q ) \ {Q}, one has f (P) = 0 (one can compute f (P) q 0). We let m = 2g + q 0 and we assume that q 0 is big enough so that there exists 2g 1 n < q 0. 6. Prove that diml (m + 1 g) (n + 1 g). 7. Prove that l((m + q 0 n)q) = m + q 0 n + 1 g. 8. Show that kerψ 0. Exercise 6.2 Let C/F q be a curve of genus g and h(f q ) = #Pic 0 (C)(F q ). We denote f the Weil polynomial of C/F q Show that h(f q ) = f (1); Show that if d is a prime dividing h(f q ) and if n 1 is such that d n(q n 1)/(q 1) then d h(f q n)/h(f q ). Exercise 6.3 Let C/F q be a curve with Weil polynomial f = (1 a i T ). Prove that the Weil polynomial of C/F q n is (1 a n i T ) for all n > 0.

60 Chapter 6. Number of points of curves over finite fields 6.2 Maximal number of points Among the many questions which can be asked about curves over finite fields, the one which has attracted the most attention is the one about their maximal number of points 2 mainly because of its application to coding theory (see Section 6.3). We have seen that Corollary 6.1.2 says also that #C(k) = 1 + q α i which implies that #C(k) 1 q α i α i 2g q. This has two easy consequences : 1. if q is large enough compared to g, C has always at least one k-rational point; In particular when g = 0 or 1, C has always a k-rational point. 2. #C(k) 1 + q + 2g q. This bound is know as Hasse-Weil bound. This leads us to introduce the following definition. Definition 6.2.1 Let g 0 be an integer and q a prime power. We denote by N q (g) the maximal number of points of a curve of genus g over F q. A curve which number of rational points reaches this value is called a maximal curve. For several decades, number theorists assumed that the Hasse-Weil bound was optimal (at least when q is large enough) until 1973 when Stark improved the bound by two in a particular case. Since then, there has been a (mathematical) world-wide game consisting at finding the exact value of N q (g). Indeed, except for g = 1,2 (see Section 6.2.3) this value is not known in general and so things are handle case by case. In order to keep track of the progress made on the question a web site has been created. There are two directions to tackle this problem : 1. Decrease the bound: we are going to give some of the arguments used in this direction. 2. Constructing/proving existence of curves: we are not going to deal theoretically with this question (but let have a look at the challenges contained in Exercises 8.6 and 8.7). Let us just say that roughly speaking on can distinguish the following approaches : Methods from general class field theory (powerful but not explicit); Methods from class field theory based on Drinfeld modules of rank 1 (explicit); Fiber products of Artin-Shreier curves; Towers of curves with many points; Miscellaneous methods as : formulas for N q (1),N q (2), explicit curves, e.g. Hermitian curves, Klein s quartic, modular curves, quotient of curves with many points and curves obtained by computer search. R This domain is quite new: after Weil s proof, it was re-lauched by Serre s lectures at Harvard in 1985. Plenty of mysteries remain: note that the intuitive fact that lim q N q (g) = has been proved only in 2002 [0] and that despite many efforts the values of N q (3) are not known for all q. 6.2.1 General arguments We are going to give general arguments (i.e which are good for g q) which follow Serre s idea of formules explicites. Let us start with Serre s original improvement. 2 Note that for a few years, the question of the repartition of the number of points has gained a lot of attention and has created a new field called arithmetic statistic.

6.2 Maximal number of points 61 Theorem 6.2.1 Hasse-Weil-Serre bound. For every curve C/F q of genus g, on has that #C(F q ) q + 1 + g 2 q. Proof. The functional equation is equivalent to the fact that the Weil polynomial satisfies T 2g f (1/(qT )) = f (T ). Hence if α i is a root of f then α i = q/α i is also (this was clear when α i C\R by Galois and the fact that α i = q but if α i = ± q then this is not imply by the Riemann hypothesis). Hence we have that #C(F q ) = q + 1 g i=1 (α i + α i ). Let x i = 2 q + 1 + α i + α i. By the Riemann hypothesis, x i are totally positive algebraic integers. Therefore their product is at least 1. It follows from the arithmetic-geometric mean inequality that 1 g g i=1 ( ) g 1/g x i x i 1. i=1 So we have x i g which is easily seen to imply the result. A second improvement is due to Ihara. Consider C also over F q 2. We have #C(F q ) #C(F q 2) = q 2 + 1 g i=1 = q 2 + 1 + 2gq (α 2 i + α i 2 ) q 2 + 1 + 2gq 1 g g (α i + α i ) 2 i=1 ( g ) 2 i + α i i=1α The last inequality is Cauchy-Schwartz (with the vectors (α 1,...,α g ) and (1,...,1)). We conclude that #C(F q ) q 2 + 1 + 2qg 1 g (#C(F q) q 1) 2. Theorem 6.2.2 #C(F q ) q + 1 + ( (8q + 1)g 2 + 4(q 2 q)g g)/2 which is better than Hasse-Weil bound if g (q q)/2. Now we come to the best known estimate due to Drinfeld and Vlădut. The proof is an extension of Ihara s argument. It involves a consideration of all finite extensions of F q. Recall that φ d is the number of places of C of degree d. So we have #C(F q m) = d m dφ d. Let Ψ(T ) = n=1 c nt n be a polynomial (i.e c n = 0 for n large enough) with non negative coefficients for which Ψ(t) + Ψ(t) + 1 0 for all t C with t = 1. (6.2) By Ψ d (T ) we denote the polynomial n 0 (mod d) c n T n. Theorem 6.2.3 Let C be a curve over F q of genus g and Ψ(T ) be a polynomial as above. We

62 Chapter 6. Number of points of curves over finite fields have dφ d Ψ d (q 1/2 ) g + Ψ(q 1/2 ) + Ψ(q 1/2 ). d 1 Proof. As usual, let α j denote the zeros of χ. By the Riemann hypothesis, we have α j = qe iθ j with θ j R. Moreover suppose we have ordered the α j such that θ g+ j = θ j. We have that So 0 g j=1 #C(F q n) = q n + 1 q n/2 (Ψ(e iθ j ) + Ψ(e iθ j ) + 1) = g + j,n g (e inθ j + e inθ j ). j=1 c n (e inθ j + e inθ j ) = g + q n/2 c n (q n + 1 #C(F q n)) n 1 = g + Ψ(q 1/2 ) + Ψ(q 1/2 ) d 1 n 0 (mod d) q n/2 dφ d c n and the inequality follows. Since d dφ d Ψ d (q 1/2 ) φ 1 Ψ 1 (q 1/2 ) = #C(F q )Ψ(q 1/2 ), the theorem clearly implies that (Oesterlé s bound) : #C(F q ) 1 g + Ψ(q1/2 ) Ψ(q 1/2 ). If one takes Ψ(T ) = T /2 one finds Hasse-Weil bound. One can try also Ψ = (4T + 3T 2 + 2T 3 + T 4 )/5. R For q and g fixed there is an explicit optimal Ψ (see [0]). Example 6.4 Let fix g = 3 and q = 2. The Hasse-Weil bound is approximately 11.48. Hasse- Weil-Serre s bound is 9, Ihara s bound is 8. With our polynomial we can find 7. We can find this bound in another way : we know that a genus 3 non hyperelliptic curve C can be embedded as a plane quartic, so C(k) max( P 2 (k), 2 P 1 (k) ) max(4 + 2 + 1,2 (2 + 1)) 7. }{{}}{{} non hyperelliptic hyperelliptic Moreover we have N 2 (3) = 7 since the curve y 2 z 2 + yz 3 + xy 3 + x 2 y 2 + x 3 z + xz 3 = 0 reaches this bound. R A lot of special arguments have been developed and implemented (look at the information when you click on an upper bound of the tables). Nevertheless, as the tables show, plenty of cases are still open.

6.2 Maximal number of points 63 6.2.2 Asymptotics One fixes a finite field F q and wants to study the behavior of N q (g) when g is large. It is classical to study the quotient N q (g)/g, and more precisely the number A(q) := lim sup N q(g). g g From the work done in Section 6.2.1, one has the following upper bounds for A(q). Theorem 6.2.4 1. Hasse-Weil s bound : A(q) 2 q. 2. Hasse-Weil-Serre s bound : A(q) 2 q. 3. Ihara s bound : A(q) 2q 1 2. 4. Drinfeld and Vlădut s bound : A(q) q 1. Proof. Only the last point requires some explanations. From Theorem 6.2.3 we see that A(q) 1 Ψ(q 1/2 ). We must choose our polynomial Ψ(T ) in order to get an estimate for A(q). The larger we can take the c n, the better the estimate will be. However we have that 0 1 π 2π 0 (1 + Ψ(e iθ ) + Ψ(e iθ ))(1 cos(nθ))dθ = 1 c n. So c n 1 and we cannot choose all c n = 1 since they should be zero for large n. We will instead choose a sequence of polynomials whose coefficients approach 1. For instance, let us take One verifies that Ψ(T ) = N i=1 (1 i N + 1 )T i. 1 + Ψ(T ) + Ψ(T 1 ) = 1 N + 1 (1 + T +... + T N )(1 + T 1 +... + T N ) which proves the condition (6.2). It is easy to see that this gives a decreasing sequence of bounds on A(q), the limit of which is q 1. 6.2.3 The cases g = 1 and 2 For completeness, we give here without proof (based on complex multiplication theory for genus 1 and 2 and theory of hermitian modules for genus 2) the general result. Theorem 6.2.5 [0]. { q + 2 q if p (q + 1 + 2 q ) and if q = p e with e odd; N q (1) = q + 1 + 2 q otherwise. We give here for reference the case of genus 2 which is due to Serre. Theorem 6.2.6 [0]. If q is a square different from 4 and 9 then Moreover N 4 (2) = 10 and N 9 (2) = 20. N q (2) = q + 1 + 4 q.

64 Chapter 6. Number of points of curves over finite fields If q is not a square, we denote q = p e and m = 2 q. We say that q is special if one of the following properties is satisfied p m. it exists an integer x such that q = x 2 + 1. it exists an integer x such that q = x 2 + x + 1. it exists an integer x such that q = x 2 + x + 2. If q is non special then N q (2) = q + 1 + 2m. If q is special then N q (2) = { q + 2m if {2 q} 5 1 2 ; q + 2m 1 otherwise where {} denotes the fractional part of the number. Exercise 6.4 The maximal number of k-rational points of singular algebraic variety can also be interesting to look at. Let C/F q be a plane 1-dimension algebraic set of degree n which irreducible components are n rational lines. Prove that nq n(n 3)/2 #C(F q ) nq + 1. Show that the lower limit is achieved if and only if no three of the n lines are concurrent while the upper limit is achieved if and only if the n lines are concurrent. Note that if n = q + 1, the latter passes through all F q -rational points of P 2. 6.3 Codes This is part of [0]. For a more basic (and different) introduction to codes, see the following video. Linear codes are a nice domain of applications of the theory we have developed so far. 6.3.1 Definitions Let A be a finite set of order q, which we call an alphabet. The set A n is equipped with the Hamming metric : the distance d(a,b) is the number of coordinates in which a and b differ: d((a 1,...,a n ),(b 1,...,b n )) = {i a i b i }. Any non-empty subset C A n is called a q ary code of length n. The log-cardinality is k = log q (#C). The minimum distance is defined as d = min{d(a,b) a,b C,a b}. A code with these parameters is called an [n,k,d] q -code. The following relative parameters are also useful : the rate R = k/n and the relative minimum distance δ = d/n. Let us briefly explain why codes are called error-correcting. Start with a given message which is long enough and written in the alphabet A. When this message is transmitted over a channel it is distorted by random fluctuations (noise). Here is a way out. Take an [n,k,d] q -code C. Let for simplicity k be an integer. Cut the message into pieces of length k each. Map every word of length k to an element of C, i.e fix an embedding E : A k C A n, and instead of the piece a A k of the message let us transmit the corresponding word E(a) of length n (we encode the message). The transmission is now 1/R times slower, which justifies the term rate for R. On the other end of the channel, we obtain a distorted word E(a) A n and we transform it into the nearest word

6.3 Codes 65 E(a) C (i.e we decode the message). If the number of distortions is at most (d 1)/2, then E(a) = E(a), i.e the decoding is correct. Therefore, a good code is a code with large n and R, δ as close as possible to 1. Both for the construction of good codes and for the design of algorithm of coding and decoding, the notion of a code over an arbitrary alphabet is too poor in structure. Definition 6.3.1 Let A = F q with q = p m. A linear code C of length n is a linear subspace C F n q. For linear code k = dimc, d = min{ a,a C,a 0} where a = {i a i 0} being the weight of a. Example 6.5 C = F n q is an [n,n,1] q -code. C = {(v 1,...,v n ) F n q/ v i = 0} is a [n,n 1,2] q code. Let P = {P 1,...,P n } F q. Consider the linear space L(a) of all polynomials in one variable of degree at most a with coefficients in F q. We have dim(l(a)) = a + 1. For n > a a non-zero polynomial f (x) L(a) cannot vanish at all points of P. Moreover it has at least (n a) non-zero values at points of P. The evaluation map Ev : L(a) F n q f ( f (P 1 ),..., f (P n )) is then injective and its image is an [n,a + 1,n a] q -code called a Reed-Solomon code of degree a. As we will see all these codes are a particular case of genus 0 code. Consider the couples (δ(c),r(c)) for all linear codes C. They form a subset V q of [0,1] 2. We denote U q the set of limit points of V q, i.e. (δ,r) U q iff there exists an infinite sequence of different (linear) codes C i such that lim(δ(c i ),R(C i )) = (δ,r). Since there is only a finite number of codes of each length, for each sequence n(c i ). If δ > 0 and R > 0 such a sequence of codes C i is called asymptotically good. Theorem 6.3.1 There exists a continuous function α q (δ), δ [0,1] such that U q = {(δ,r) s.t. 0 R α q (δ)}. Moreover α q (0) = 1 and α q (δ) = 0 for (q 1)/q δ 1, and α q decreases on the segment [0,(q 1)/q]. R The same result exists for non-linear code. Almost nothing is now about this function (is it convex, differentiable?) except some upper and lower bounds which are called asymptotic bounds. Proposition 6.3.2 The Singleton bound. α q (δ) 1 δ. Proof. Let C F n q a subspace of dimension k. If d is its minimum distance it means that for all v C at most n d components of v are 0. Suppose that k > n d + 1 then there exists a non zero vector in C with n d + 1 zero components (by solving the corresponding system). So we get a contradiction and k n d + 1. This gives us R 1 δ + 1/n so by passing to the limit, we get α q (δ) 1 δ. We report also the following lower bound for comparison with the AG-bound.

66 Chapter 6. Number of points of curves over finite fields Proposition 6.3.3 Gilbert-Varshamov bound. Let H q (x) = xlog q (q 1) xlog q x (1 x)log q (1 x). One has α q (δ) 1 H q (δ). R One also has the Hamming upper bound α q (δ) 1 H q (δ/2). We can summarize the different bound in the following picture when q = 2 where the red line is Singleton bound, the blue line Gilbert-Varshamov bound and the green one the Hamming upper bound. 6.3.2 AG-codes Algebraic-geometric codes (AG-codes) were discovered by V.D. Goppa and came as a result of many years of thinking over the possible generalization of Reed-Solomon codes. Their success comes from the improvements they give on the asymptotic problem. Let X/F q be a curve such that X(F q ) /0. Let P = (P 1,...,P n ) X(F q ) be n F q -rational points and X and D be a F q -rational divisor with l(d) > 0. We assume that Supp(D) P = /0. Consider the map Ev :L (D) F n q f ( f (P 1 ),..., f (P n )). We get a code C = Ev(L (D)). We use the notation C = (X,P,D). Suppose that D is chosen in such a way that any function f L (D) has at most b zeros at F q - rational points on X. If n > b then Ev is an embedding, k = l(d) and d n b. The Riemman-Roch theorem makes it possible to estimate the parameters of C. Theorem 6.3.4 Let X be a curve of genus g and let 0 deg(d) = a < n = #P. Then C = (X,P,D) is a [n,k,d] q -code with k a g + 1 and d n a.

6.3 Codes 67 Proof. Let D = D 1 D 2, D 1 0,D 2 0. A non-zero function f L (D) has at most a 1 = deg(d 1 ) poles and at least a 2 = deg(d 2 ) zeroes in Supp(D) since D + ( f ) 0 ( f ) 0. Hence the number of its zeros out of the SupportD is at most a 1 a 2 = a. We have suppose that a < n so Ev is an embedding. Moreover Ev( f ) has at least n a non-zero coordinates, thus d n a. On the other hand C L (D), i.e k = l(d) a g + 1 according to the Riemann-Roch theorem. Corollary 6.3.5 Let X be a curve of genus g over F q and let N = #X(F q ) > g 1. Then for any n = g+1,...,n and for any k = 1,...,n g there exists a linear [n,k,d] q -code whose parameters satisfy k + d n g + 1. Example 6.6 It is clear that the Reed-Salomon codes are examples of AG-code with X = P 1. Consider the cubic X/F 2 : y 2 + y = x 3 + x. It has 5 points over F 2 : (0,0),(0,1),(1,0),(1,1) and O. We take D = 2(O); then we have L (D) = {0,1,x,x + 1} and evaluating at the remaining 4 points we obtain the following code : (0, 0) 0 1 0 1 (0, 1) 0 1 0 1 (1, 0) 0 1 1 0 (1, 1) 0 1 1 0 a hardly impressing [4,2,2]-code (a good one can be constructed with the Klein s quartic and some additional tricks of coding theory). Let us show now why the AG-codes are so important in the asymptotic theory and why we are interesting in curves with many points. Theorem 6.3.6 If there exists a family of curves X i over F q of genus g i such that γ = liminf g i N i < 1 where N i = #X i (F q ), then α q (δ) 1 γ δ. Proof. According to the last corollary, the codes constructed from X i have parameters [n i,k i,d i ] q, where n i = 1,2,...,N i and k i = 0,1,...,n i g i and k i + d i n i g i + 1, i.e. taking n i = N i, R i = 1 g i 1 N i δ i. Passing at the limit one obtains the result. Recall that A(q) = limsup N q(g) g and so we can construct a family with γ = 1/A(q). So finding curves with many points, gives large A(q) so small γ and then good lower bound for α q. In fact if q is an even power of a prime then A(q) = q 1 (in Section 6.3.3 we will prove that this is the case for q = p 2 ) and so we get Corollary 6.3.7 If q is an even power of a prime then α q (δ) 1 ( q 1) 1 δ.

68 Chapter 6. Number of points of curves over finite fields R This AG-bound was a big revolution in the theory of codes because it improves for many cases the classical Gilbert-Varshamov bound which was so far believed optimal. For instance, here with q = 11 2, where as before the red line is Singleton bound, the blue line Gilbert-Varshamov bound, the green one the Hamming upper bound and now the black line is the AG-bound. Example 6.7 We construct a [25,9,16] 16 code over F 16 using the genus 1 curve X 3 + X 2 Z +Y 3 +Y 2 Z + Z 3 = 0. F<w> := GF(16); P2<x,y,z> := ProjectiveSpace(F, 2); f := x^3+x^2*z+y^3+y^2*z+z^3; X := Curve(P2, f); g := Genus(X); found, place_k := HasPlace(X, 9+g-1); D := DivisorGroup(X)! place_k; C := AlgebraicGeometricCode(places1, D); 6.3.3 Modular codes We want to construct a family of curves of genus g i over F p 2 with N i rational points such that limsupn i /g i = p 1. We are going to do that by using the modular curves X 0 (N) (the general case requires Drinfeld modular curves). Let N 3 and let M N be the moduli problem for the elliptic curves with a cyclic subgroup of order N. M N is representable and is an affine curve over Spec(Z[1/N]). One can compactify it in a smooth projective scheme MN over Spec(Z[1/N]) and M N C is isomorphic to the classical modular curve X 0 (N) which is given in terms of a certain quotient of the upper half plane. If p does not divide N then X 0 (N) has good reduction and defines a curve X 0 (N) over F p. Note that the case N = 1 is simply the moduli problem of classifying elliptic curves and we have seen that in this case X 0 (N) = P 1 We want to give a lower bound on the number # X 0 (N)(F p 2). Lemma 6.3.8 Let E be a supersingular elliptic curve over F p. Then j(e) F p 2 i.e there exists a model of E over F p 2. Moreover the Frobenius endomorphism acts as ε[p] where ε is an automorphism of E. Proof. Let q = p 2. As Ker([p])( F q ) = {O} we see that [q] is purely inseparable. Let σ Gal( F p /F p ) be the generator and Frob p the isogeny from E E σ given by (x,y) (x p,y p ).

6.3 Codes 69 Denoting by Frob p the dual isogeny, since Frob p Frob p = [p], we see that Frob p is purely inseparable. It follows that we have the following factorization E σ Frob p E Frob p where ψ has degree 1 i.e. is an isomorphism. So E σ 2 ψ j(e) = j(e σ 2 ) = j(e) σ 2 hence j(e) F p 2. Let F = Frob q be the Frobenius endomorphism of E. Since [p] is purely inseparable and of degree p 2, the same argument as above implies that F = ε[p] where ε is an automorphism of E. Let E/F p 2 be a supersingular elliptic curve whose j-invariant is different from 0 and 1728. The Frobenius endomorphism acts like ±[p]. For all l prime to p, the cyclic subgroups of E of order l are then all defined over F p 2. Indeed if P E[l] \ {O} then for σ Gal( F p 2/F p 2) the Frobenius automorphism we get P σ = ±[p]p so < P >=< P σ >. Consider the modular curves X 0 (l) such that l satisfies also l 11 (mod 12). Using the complex model of X 0 (l), one can compute the genus and it is equal to (l + 1)/12. Moreover the forgetful morphism X 0 (l) X 0 (1) is of degree l + 1 since their are l + 1 possible subgrougs of order l in E[l] (Z/lZ) 2. Moreover by the above argument, all the points lying over the supersingular j-invariants (different from 0 and 1728) are rational over F p 2. Since there are roughly (p 1)/12 supersingular j-invariants, there are, up to a slight error due to the cusps and the j-values 0 and 1728, at least (l + 1)(p 1)/12 rational points on X 0 (l). So the ratio # X 0 (l)(f 2 p) p 1. g X 0 (l) As we have seen that A(F p 2) p 1 we conclude that A(F p 2) = p 1. R In 1996, Garcia and Stichtenoth constructed an explicit tower X l over F q 2 reaching the bound : start with X 1 the projective line with coordinates x 1 and define Artin-Schreier covers X l by y q l+1 + y l+1 = x q+1 l with x l = y l /x l 1. Elkies proved that this tower is in fact modular. R When q is not a square, much less is know : one know that there is a constant c > 0 such that A(q) clog 2 (q) One has also A(q 3 ) 2(q 2 1)/(q + 2). More recently good bounds have been found for all values of non-square q which are not prime (see [0]). When q = p, the best lower bounds are obtained using class field theory (for instance one has that A(q) (logq)/96).

7. Jacobian of curves Let C/k be a curve of genus g > 0. We have already seen in Definition 3.3.2 a definition of Pic n (C)(k). The notation used for Pic 0 (C)(k ) suggests that the elements coud be seen as k - rational points over a variety. The purpose of this chapter is to make sense to the following definition/proposition and to be able to compute with such an object. Definition 7.0.1 Let C/k be a curve of genus g > 0 and k /k an extension. There exists a principally polarized abelian variety a, called the Jacobian b of C and denoted JacC of dimension g such that (JacC)(k) = Pic 0 (C)(k) Gal(k/k) and such that (JacC)(k ) = Pic 0 (C)(k ) as soon as C(k ) /0 (or more generally if there exists a k -rational divisor of degree 1). a In French: variété abélienne principalement polarisée b In French: jacobienne R Note that it may happen that (JacC)(k) is strictly larger than Pic 0 (C)(k). Consider for instance a genus 1 curve E/Q without rational point given by E :Y 2 = X 4 1 for instance. Let x 0 Q be a root of X 4 = 1 and P 1 = (x 0,0),P 2 = ( x 0,0), P 3 = (ix 0,0) and P 4 = ( ix 0,0) be 4 points on E. Let us consider the divisor D = P 1 + P 2 (P 3 + P 4 ). It is not Q-rational because σ : x ix does not let D invariant. However Gal(Q/Q) factors through Gal(Q(x 0 )/Q) which is a cyclic extension of degree 4 generated by σ. We have that D σ i = ( 1) i D. In all cases D D σ because in the case D σ = D one has D D σ = 2D = div X2 x0 2. Hence Jac(C)(Q) X 2 +x0 2 is strictly larger than Pic 0 (Q). Exercise 7.1 Let C be a curve over k and D be a k-rational divisor class of degree 0 (i.e. an element of (JacC)(k)). 1. Show that if l(d) = 1 then D is k-rational. 2. Let us assume from now on that C has a k-rational point P 0. Using the inequality l(d ) l(d + P 0 ) l(d ) + 1 for any divisor D (proved in the proof of Lemma 3.3.2), show that there exists an integer n such that l(d + np 0 ) = 1.

72 Chapter 7. Jacobian of curves 3. Conclude that D is k-rational. 7.1 Abelian varieties: algebraic and complex point of view Let us start with a crash course on abelian varieties. Definition 7.1.1 An abelian variety over a field k is a dimension g > 0 projective and smooth variety A such that there exists a morphism defined over k: + : A A A (addition), a morphism defined over k: : A A (inverse), a k-rational point O A(k), for which A(k) is a commutative group with identity element O. R Actually, one needs much less than this. In [0, Chap.5], one sees that any projective group variety is automatically commutative and smooth. Example 7.1 The first example of an abelian variety is an elliptic curve (i.e. a genus 1 curve with a rational point O). We have seen in Proposition 5.2.1 how to write all these curves by a Weierstrass model. The group law on E can be defined geometrically (see [0, Chap.III] and Picture 7.1 in the case of an equation y 2 = f (x)). But also using Riemann-Roch theorem. Indeed, if P 1,P 2 E(k), by Riemann-Roch there exists a unique point P such that P O P 1 O + P 2 O and we define P = P 1 + P 2. One can prove that the two definitions coincide Figure 7.1: Group law on an elliptic curve From these elementary pieces, we can then build abelian varieties of higher dimensions: given elliptic curves E 1,...,E g over a field k, the variety E 1 E g is an abelian variety of dimension g over k. This is of course implemented in MAGMA E:=EllipticCurve([GF(23)!0,0,0,1,2]); P1:=E![0,5,1]; P2:=E![1,2,1]; P1+P2; (8 : 19 : 1)

7.1 Abelian varieties: algebraic and complex point of view 73 A word about morphisms. Let A,B be two abelian varieties. Every morphism f : A B is the composition of a homomorphism (i.e. preserving the group structures) with a translation (i.e. a morphism P P + P 0 for P 0 B). Among the homomorphisms the following ones are the most important. Definition 7.1.2 Let f : A B be a homomorphism such that one of the following equivalent properties holds : 1. dima = dimb and f is surjective; 2. dima = dimb and ker( f ) is a finite group (scheme); 3. f is finite, flat and surjective. f is called an isogeny. R For any isogeny φ : A B, there exists an isogeny ψ : B A such that ψ φ = [deg(φ)]. We can therefore define an equivalence relation on the set of abelian varieties of the same dimension over a field k and get isogeny classes of abelian varieties. This is a weaker notion than k-isomorphisms but over finite fields it conserves most of the arithmetic information: two abelian varieties are isogenous over F q if and only if they have the same number of points over F q n for all n > 0 [0]. In particular, the Jacobians of two curves over a finite field are isogenous if and only if their Zeta functions are the same. We will show one direction in Section 7.4.1. It is in general difficult to work with the equations of a genera abelian variety. Mumford in [0] proved that an abelian variety of dimension g over k can be given (in characteristic different from 2) by quadratic equations in P 4g 1. The dimension of this space is quickly very large and the intersection far from being complete. Nevertheless, abelian varieties have a well understood structure which is mostly analogous to the structure of the complex torus over C. Indeed over C, it can be shown that A(C) is isomorphic (as a group) to a complex torus, i.e. there exists a discrete subgroup Λ C g R 2g generated by 2g R-linearly independent vectors (a lattice) such that A(C) C g /Λ. In particular it shows that the subgroup of n-torsion points of A, A[n](C) = {P A(C) s.t. np = O} is isomorphic to (Z/nZ) 2g (see Picture 7.2). Such a result is still true over any field k as long as n is prime to the characteristic of k. Figure 7.2: The 4-torsion on a dimension 1 complex torus Proposition 7.1.1 [0, V.Th.8.2, Rem.8,5]. Let A/k be an abelian variety of dimension g and let n > 0 be an integer. Then [n] : A A defined by P np is an isogeny of degree n 2g ; Moreover

74 Chapter 7. Jacobian of curves ker[n](k) (Z/nZ) 2g iff the characteristic p of k does not divide n. Otherwise, ker[p i ](k) (Z/p i Z) γ with 0 γ g and γ is called the p-rank of A. R An elementary proof for finite fields can be found in [0, Th.9.72]. Let us denote by End(A) the ring of homomorphisms of A over k. For a generic abelian variety over a number field, End(A) = [1] Z]. However, certain abelian varieties over Q have larger endomorphism ring (note that in all cases the endomorphism ring is a free Z-module of finite rank). Their structure is well known [0] and among them the so called CM-abelian varieties (CM stands for Complex Multiplication) have received the most interests. They are the ones for which End(A) is an order 1 in a number field K/Q of degree 2g which is a quadratic imaginary extension of a totally real subfield (such a field is called a CM-field). The arithmetic theory of CM-elliptic curves is very rich and can be found in [0, Chap.II]. Example 7.2 In [0, page II.2.3.1], it is proved that there are only 3 isomorphism classes of elliptic curves over C which possess an endomorphism of order 2 (and they are therefore CM because an elliptic curve E over C for which End(E) Z is necessarily CM). They are E : y 2 = x 3 + x with CM by Z[i] with j = 1728 generated by (here α = 1 + 1) ( (x,y) (α 2 x + 1 ),α 3 y (1 1x )) x 2 E : y 2 = x 3 + 4x 2 + 2x with CM by Z[ 2] with j = 8000 generated by (here α = 2) ( (x,y) (α 2 x + 4 + 2 ),α 3 y (1 2x )) x 2 E : y 2 = x 3 35x+98 with CM by Z[ 1+ 7 2 ] with j = 3375 generated by (here α = 1+ 7 ) (x,y) (α (x 2 7(1 α)4 x + α 2,α 3 y 2 (1 + )) 7(1 α)4 (x + α 2 2) 2 Note that all j-invariants are integers (this is an important properties of CM elliptic curves). When g > 1, not every complex torus is an abelian variety. In order to be so, one must add the data of a Riemann form. First recall that a hermitian form H : V 2 C on a finite-dimension complex vector space V is a map such that u H(u,v) is linear, the map v H(u,v) is antilinear and H(u,v) = H(v,u) fo all u,v. We can always write H = S+iE where E : V 2 R is an antisymmetric bilinear map which we call the imaginary part of H. Definition 7.1.3 Let T = C g /Λ be a complex torus. A Riemann form on T is an hermitian form H on C g such that its imaginary part E is integer valued on Λ, i.e. E(x,y) Z for all x,y Λ. If H(u,u) > 0 for all u C g, we say that H is positive definite. Theorem 7.1.2 [0, IV. Th.A]. A complex torus is the complex point of an abelian variety if and only if it admits a positive definite Riemann form. Example 7.3 Let us look at the dimension 1 case. A torus can be written C/Λ with Λ = Zλ 1 + Zλ 2 which can be chosen such that im(λ 1 /λ 2 ) > 0. A Riemann form on T is given by the 2 2-matrix H = 1 id. We will show in Exercise 7.2 how to link the torus to an elliptic curve. imλ 1 λ 2 The construction of CM-abelian varieties starts with a CM-field K of degree 2g. We consider g 1 i.e. a Z-lattice which spans K over Q. 2 )

7.1 Abelian varieties: algebraic and complex point of view 75 embeddings φ 1,...,φ g of K in C which are not complex conjugated and O an order in K. We can form the complex torus A = C g /Λ where Λ = {(φ 1 (a),...,φ g (a)), a O}. For any t K which is such that t = t and im(φ i (t)) > 0 for i = 1,...,g, this defines an abelian variety for the Riemann form H defined by H(x,y) = tr K/Q (txȳ). An orthogonal case is the one of E g, where E is an elliptic curve. It can be proved (see [0, p.209]) that the principal polarizations on E g are in bijection with the set of g g hermitian matrices M with coefficients in End(E) C which are positive definite with determinant 1. In the algebraic setting, this notion is an avatar of the notion of polarization which can be developed over any field. We will not try to define it here, but we just say that A/C is principally polarized if the Pfaffian of E on the Z-module Λ is equal to 1. Recall that given a free Z-module A of rank 2g and a non-degenerate alternating form E on A, there [ exists] a basis (called a symplectic 0 basis) λ 1,...,λ 2g of Λ such that the matrix of E in this basis is where = diag(δ 0 1,...,δ g ) where the δ i are positive integers with δ 1 δ 2 δ g. The Pfaffian is defined by δ 1 δ g. R This is the gate to the theory of moduli spaces of principally polarized abelian varieties of dimension g: one can show that there exists a quasi-projective variety of dimension g(g + 1)/2 which classifies principally polarized abelian varieties up to isomorphisms (be careful that here the isomorphism respect also the polarization). Over C, this space is isomorphic to H g /Sp 2g (Z) where H g is the space of g g-symmetric complex matrices with positive definite imaginary part and Sp 2g (Z) is a certain subgroup of GL 2g (Z) which [ ] A B elements acts on τ H C D g by (Aτ + B)(Cτ + D) 1. The link between the analytic and algebraic representations can be made through analytic functions called theta functions and their relations. Exercise 7.2 Let Λ = Zλ 1 + Zλ 2 be a lattice in C with im(λ 1 /λ 2 ) > 0. One calls a theta function on Λ an entire function θ on C such that for all λ Λ there exist a λ,b λ (called the type of θ) such that for all z C θ(z + λ) = e 2iπ(a λ z+b λ ) θ(z). 1. Using the analytic map z z/λ 2, show that the complex torus C/Λ is isomorphic to T = C/(Zτ + Z) where τ = λ 1 /λ 2. In the sequel we will assume that we are in the case Λ = Zτ + Z. 2. Define for a,b R the function (called Riemann theta functions) θ [ a b] = e iπ(τ(m+a)2 +2(m+a)(z+b)). m Z Show that they are theta functions for Λ. To an entire function f, we can associate its zero-divisor div( f ) = z Γ ord z ( f )[z] where Γ = {xτ + y, x,y [0,1[} is a fundamental domain for Λ. Although a theta function is not a function on T since it is not periodic, its zero-divisor is invariant by translation by Λ and therefore defines a divisor on T a 3. Show that the divisor of θ [ a b] is te translate of θ [ 0 0 ] by aτ + b. 4. Show that (1,τ) is a direct basis of Λ and that if θ is a theta function then a 1 τ a τ 1 = deg(div(θ))

76 Chapter 7. Jacobian of curves (hint: integrate θ /θ along the edges of a parallelogram translated from the fundamental domain and not containing a zero of θ.) 5. Conclude that the divisor of a Riemann theta function is of degree 1. 6. Show that θ Let us denote [ 1/2 1/2 ] is odd and so that divθ [ a b] = [τ(a + 1/2) + (b + 1/2)]. θ 00 = θ [ 0 0 ], θ 10 = θ [ ] 1/2 0, θ01 = θ [ ] 0 1/2, θ11 = θ [ ] 1/2 1/2. 7. Show that the three function X = θ 00 θ11 2,Y = θ 10θ 01 θ 11 and Z = θ00 3 are theta functions with the same type and that they do not have a commun zero. One therefore gets a well defined map φ : z (X(z) : Y (z) : Z(z)) P 2 (C). We want to show that φ(t ) = E where E is the elliptic curve defined by Y 2 = X(αX β)(βx + α) where α = θ 10(0) 2 and β = θ 01(0) 2. θ 00 (0) 2 θ 00 (0) 2 8. Show that θ jk (z) = e 2iπ j(τ/8+z/2+k/4) θ 00 (z + (k + jτ)/2). 9. Show the relation θ01 2 (z) = βθ2 00 (z) + αθ 11 2 (z) (hint: show that both members are even theta functions of the same type which are zero at 0 and have the same value at (1+τ)/2). 10. Show the relation θ10 2 (z) = αθ 00 2 (z) βθ2 11 (z) and θ 00 2 (z) = βθ2 01 (z)+αθ 10 2 (z) (hint: apply the previous relation at z + (1 + τ)/2 and at z + 1/2). 11. Deduce from these equalities that E is smooth and that φ(t ) is included in E. It remains to prove that φ is bijective. 12. Show that φ(τ/2 + 1/2) = (0 : 1 : 0). 13. Let (x : y : 1) E. Show that the function R : z (X/Z)(z) x admits a root z 0 (hint: consider by absurd 1/R and use the fact that a holomorphic function on the torus is constant). 14. Show that Y /Z(z) = ±y. Conclude that φ is surjective. 15. Show that R admits exactly z 0, z 0 as roots on T and conclude that φ is injective. Actually φ is an isomorphism of complex varieties. This can be proved by showing that its tangent map is everywhere injective. a Since T will be ultimately an algebraic variety, we know that there is no non-constant function without poles. So there is no non-constant entire functions on the T. What we are constructing here are sections of line bundles (or sheafs). 7.2 Jacobians We restrict to the case where C(k) /0 and let P 0 C(k). Weil s construction of the Jacobian relies on constructing a birational group law on an open part of Pic 0 (C) and then gluing translates of this (see [0, Chap.VII]). The construction of the birational group law uses Riemann-Roch theorem as follows. Let Sym g C be the (smooth!) variety given by the quotient of C g by the action of the group of permutations. Clearly Sym g C(k) is in bijection with the degree g effective divisors on C. Lemma 7.2.1 The map φ : Sym g C(k) Pic 0 (C)(k) defined by φ(d) = D gp 0 is surjective and there exists an open subset of Sym g (C) on which it is bijective. Proof. From Riemann-Roch theorem, we see that for any D Pic 0 (C)(k), we have that l(d + gp 0 ) > 0. Hence there exists an effective degree g divisor D 0 such that φ(d 0 ) = D. The fiber of this map can be identified with D and therefore φ is injective at the point for which i(d 0 ) = l(κ D 0 ) = 0. Let us show that this is an open condition. Claim: let D be a divisor on C for which i(d) > 0. Then there exists a non-empty open subset U of C such that i(d + Q) = i(d) 1 for any Q U. Indeed since i(d) = l(κ D) > 0, there exists an effective divisor D such that D κ D. Then i(d + Q) = l(d Q). Hence if we choose Q

7.2 Jacobians 77 outside the support of D and the possible common zeroes of any basis of l(d ) we are imposing an extra linear condition and therefore i(d + Q) = i(d) 1. Now start with D = /0, then i(d) = g > 0. Applying the previous lemma g times, we find that there exists an open subset U in Sym g C such that i(d) = 0 for all D U. One can define a birational group law on Sym g C (see Example 7.4 for an intuitive geometric construction in the case of plane quartics) which induces the group law on an open part of JacC. Actually one can characterize JacC as the unique abelian variety which is birationally equivalent to Sym g C. Example 7.4 Let C/k be a plane smooth quartic and D = P1 + P 2 + P 3 an effective k-rational divisor of degree 3. Let D be a rational degree 0 divisor of C. Then there exists a rational effective divisor D + of degree 3 such that D + D D. We have seen that generically the divisor D + is unique. By abuse of language we say that a curve C goes through np if i(c,c ;P) = n, where i(c,c ;P) denotes the intersection multiplicity of C and C at P. Let D 1,D 2 Jac(C)(k). Then D 1 + D 2 is equivalent to a divisor D = D + D, where the points in the support of D + are given by the following algorithm: 1. Take a cubic E defined over k which goes (with multiplicity) through the support of D + 1,D+ 2 and P1,P 2,P 4. This cubic also crosses C in the residual effective divisor D 3. 2. Take a conic Q defined over k which goes through the support of D 3 and P1,P 2. This conic also crosses C in the residual effective divisor D +. Figure 7.3: Description of the algorithm The proof goes as follows. C being canonically embedded, (E C) 3κ where κ = κ C is the canonical divisor of C. Therefore we have D + 1 + D+ 2 + P 1 + P 2 + P 4 + D 3 3κ. Similarly, (Q C) 2κ so D 3 + P 1 + P 2 + D e 2κ and (l C) = P 1 + P 2 + P 3 + P 4 κ. Combining these three relations, we obtain D + 1 + D+ 2 + P 1 + P 2 + P 4 + D 3 D 3 + P 1 + P 2 + D e + P 1 + P 2 + P 3 + P 4

78 Chapter 7. Jacobian of curves so Now we subtract 2D on both sides: D + 1 + D+ 2 D e + D. D 1 + D 2 D e D D So D e = D +. The cubic E and conic Q are both defined over the field k because of the k-rationality of Pi, D + 1 and D + 2. Historically, the first construction of Jacobian is through the complex theory of Riemann surfaces. The existence of a symplectic basis λ 1,...,λ 2g of the homology for the intersection pairing on the surface (see Picture 7.4) enables to define a 2g g matrix λ 1 ω 1 Ω =.. λ 1 ω g λ 2 g ω 1 λ 2 g ω g by integrating a basis of holomorphic 1-forms on C ω 1,...,ω g. The complex torus C g /ΩZ 2g is an abelian variety for the Riemann form H defines by [ ] 0 1 t H(x,y) = ixω Ω t ȳ. 1 0 Figure 7.4: Periods on Riemann surfaces R One can wonder where the principal polarization appears in the algebraic setting. Another way to describe polarization is by a certain divisor on the abelian variety. Here the divisor is simply the image of Sym g 1 C by the map D D (g 1)P 0. A classical and important problem (Schottky problem) is to characterize the locus of Jacobian inside abelian varieties. More specifically, if we denote M g the moduli space of genus g curves and A g the moduli space of principally polarized abelian varieties of dimension g, the map C JacC is an injective map thanks to the so-called Torelli theorem. Since for g > 1, the dimension of M g is 3g 3 and the dimension of A g is g(g + 1)/2, this map has not a dense image as soon as g > 3. Finding the equations of this locus is still an active research area. 7.3 Application to cryptography Cryptography is playing a more and more important role in our society : smart-card, INTERNET payment, online banking.... All these applications needs to protect information. There exists two

7.3 Application to cryptography 79 main strategies. The first one, historically, is called symmetric key cryptography which requires both parts to share a secret key before starting the protocole. In 1976, Diffie and Hellman introduced the new concept of public key cryptography. This protocol solves in particular the important problem (for INTERNET) of a creation of secret key over a non-secure channel. Here is the principle : 1. Goal : Alice and Bob wants to share a secret key (to cipher and decipher after with a traditional symmetric protocol for instance). 2. let G be a group that we can assume to be isomorphic to Z/nZ. Let g G be a generator. 3. Alice chooses a Z and sends g a to Bob. 4. Bob chooses b Z and sends g b to Alice. 5. Secret shared : g ab. One sees that the difficulty to break the code is based on the difficulty to compute a = log g (g a ) (in fact to compute g ab knowing g a,g b but these two problems are believed equivalent). This type of problem is called discrete logarithm problem. Do there exist groups for which this problem is difficult (whereas the computation of g a remains easy of course)? A problem is said difficult if one cannot solve it in a reasonable time with a good computer. More specifically that means that the number of operations would be greater than 2 80. 2 For a general group G, there is always an attack in G (called rho-pollard and based on the birthday paradox), so G must have at least 160 bits. One is of course interested in groups for which the order is as small as possible (for speed and memory requirements), so groups for which the previous attack is the best possible. This is not the case of G = (F q, ) for instance. Based on the so-called index calculus algorithm, there exists sub-exponential and even when the characteristic is small quasi-exponential attacks which are effective (in 2014 a DLP in F 2 1279 was broken). In 1985, Koblitz and Miller introduced the idea to look at the group forms by the F q -rational points of an elliptic curve. This idea was then generalized to the F q -rational points of the Jacobian of a curve of genus g. However, when g > 2, there exist attacks which are slightly better than the generic one and therefore most of the work is concentrated on curves of genus 1 and 2 for which no better attacks is known in general when q is prime (the recent progress on the DLP on F q for small characteristics has translated via the Weil pairing into attacks on elliptic curves over these fields). Nobody knows how to prove that a better attack does not exist and this is of course a big fear of all banks and governments as cryptosystems based on Jacobian (at least elliptic curves) are widely used nowadays. Moreover the possible rise of quantum computers would lead to polynomial attacks on the DLP problem asking for a switch of paradigm towards code, isogeny or lattice based cryptography. How to choose the curve with a good G = (JacC)(F q )? The first requirement is that #(JacC)(F q ) 2 160. Lemma 7.3.1 Let C/F q be a curve of genus g Then #(JacC)(F q ) = q g + O(q g 1/2 ). Proof. In Exercise 6.2, it is proved that #(JacC)(F q ) = f (1) where f is the Weil-polynomial of the curve. The coefficients of f are symmetric functions in the roots α i which are all of absolute value q. The leading coefficient is q g whereas the others are bounded by O( q 2g 1 ) which gives the result. This means for g = 1,2 that we are computed with a curve over F q where q has more than 80 bits. The Pohlig-Hellmann algorithm enables for any cyclic group to reduce the complexity of the DLP to the largest subgroups of G with prime order. We therefore need that G has a large prime. Two ways exist to obtain this curve : 2 See in this note how this number seems like a good bound on feasible computations.

80 Chapter 7. Jacobian of curves One takes random curves of genus g over F q and one has a fast way to compute the Weil polynomial. This cannot be naive counting of points on the curve as the order of the field is so large. These algorithms belong to two categories : 1. l-adics methods : for g = 1 (Schoof s algorithm which was improved into the so-called SEA method): work in large characterisitics. For genus 2 curves, the best current records are over fields of size 128 bits. 2. Cohomological methods, p-adic methods and deformation theory which work really fast and for more general curves but which are restricted to small characteristics. In MAGMA, fast algorithms are available for hyperelliptic curves and general curves of genus less than or equal to 5. One constructs a curve over a number field whose Jacobian has complex multiplication. Then one reduces the curve modulo suitable large prime for which it is easy to compute the order from the CM-structure. These CM methods have been developed for g = 1,2 (and certain g = 3) curves. Once the curve constructed, one also wants to have fast operations on its Jacobian. For elliptic curves, this is achieved in a plethoric number of ways depending on the curve, the protocole, the field, etc. See this web page to get a rough idea. For genus 2, the fastest algorithms do not work directly with the curve or the Jacobian J but with its Kümmer surface J/±1 which has a nice representation as a singular quartic surface in P 3 (this is the picture at the beginning of Chapter 2). Exercise 7.3 Using the description of the group law for quartic in Example 7.4, implement a Diffie-Hellman protocol for genus 3 non hyperelliptic curve. How fast can you make it? Note that there is not much hope that this may be useful for cryptography, the need of fast arithmetic on higher genus curves over finite fields exists in arithmetic statistics (see Sutherland s webpage for pictures). 7.4 Construction of curves with many points 7.4.1 Weil polynomial vs Frobenius characteristic polynomial Let A be an abelian variety of dimension g defined over a field k of characteristic p. Let l p be a prime. We have seen in Proposition 7.1.1 that for all n 1, A[l n ](k) (Z/l n Z) 2g. Definition 7.4.1 We call T l (A) = lim A[l n ](k) the l-tate module of A. In down-to-earth terms, an element of T l (A) is an infinite sequence (a n ) where each a i A[l i ](k) and such that la i = a i 1 (with la 1 = 0). Since A[l n ](k) (Z/l n Z) 2g, we see that T l (A) is isomorphic to the group Z 2g l where Z l is the l-adic numbers. The fraction field of Z l is denoted Q l and is a field of characteristic 0 which is a completion of Q. There is a valuation on Z l, called the l-adic valuation defined by a = l n where n is the largest integer such that a/l n Z l. This extend multiplicatively to Q l and then to any finite extension K of Q l with ring of integer O and uniformizer π such that π = #(O/π) 1. Since u commutes with the multiplication by l (look at the action on divisors), we see that u acts on T l (A) and therefore on the Q l -vector space T l (A) Q (Q l ) 2g. We denote u l the induced morphism and by χ u Q l [T ] its characteristic polynomial. We will need the following geometric result. Proposition 7.4.1 [0, Prop.12.4,p.125]. The function End(A) Q Q, u deg(u) is a polynomial function of degree 2g on the finite Q-algebra End(A) Q (note that deg(uv) = deg(u v) = deg(u) deg(v) and we use that deg(nu) = n 2g deg(u) to extend the degree over Q ). In particular if u End(A) then there exists a unique monic polynomial P u Z[T ] of degree 2g such that

7.4 Construction of curves with many points 81 P u (r) = deg(u r) fro all integers r. We will need the following lemmas. Lemma 7.4.2 Let P(X) = (X a i ) and Q = (X b i ) be monic polynomials of the same degree with coefficients in Q l. If G(a i ) = G(b i ) for all G Z[X] then P = Q. Proof. By continuity P and Q will satisfy the same condition for all G with coefficients in Q l. Let d and e be the multiplicities of a 1 as a root of P and Q respectively. We shall prove that d = e. Let α Q l be close to a 1 but not equal to a 1 in the sense of the extension of the valuation to Q l. Then P(α) = α a 1 d α a i, Q(α) = α a 1 e α b i. a i a 1 b i a 1 Let G be the minimal polynomial of α over Q l and m = degg. Let Σ be a subset of Gal( Q l /Q l ) such that {α σ, σ Σ} is the set of distinct conjugates of α.then i Because σ permutes the a i, this is also i Σ (a i α σ ) = G(a i ). (a i α σ ) = (a σ i α σ ) and because the elements of Gal( Q l /Q l ) preserves the valuations a σ i α σ = a i α. Hence So the hypothesis implies that G(a i ) = (a i α) m, G(b i ) = (b i α) m. α a 1 d a i a 1 α a i = α a 1 e b i a 1 α b i. As α approaches a 1 the factors not involving a 1 will remain constant from which it follows that d = e. Lemma 7.4.3 Let E be an algebra over a field K and let δ : E K be a polynomial function on E such that δ(uv) = δ(u)δ(v) for all u,v E. Let u E and let P = (X a i ) be a polynomial such that P(x) = δ(u x). Then δ(g(u)) = ± G(a i ) for all G K[X]. Proof. After extending K, we may assume that the roots t i of G and of P lie in K. Then by continuity δ(g(u)) = δ( (u t j )) = P(t j ) = j i, j i i (t j a i ) = ± i G(a i ). Lemma 7.4.4 Let u l : T l (A) T l (A) be a morphism of Z l -modules. Then #keru l = v(detu l ). Proof. Since Z l is principal with non-trivial ideals of the forms (l i ), the Smith normal form, there exists two invertible matrices S,T such that we can write u l as u l = S diag(l e 1,...,l e 2g) T. We therefore see that the cardinal of the kernel of u l has valuation e i (we include the case e = to get the 0 ideal) and also detu l = ε l n i = ε l n i where ε is the determinant of ST hence a unit since S and T are invertible. Proposition 7.4.5 For every l p, one has that χ u = P u.

82 Chapter 7. Jacobian of curves Proof. Let a i be the roots of χ u and b i be the roots of P u and let G = (X t j ) Z[X]. Using Lemma 7.4.3, with first δ = deg on E = End(A) Q, we get that degg(u) = ± G(b i ) and similarly with δ = det on E = End(T l (A) Q) we get detg(u l ) = ± G(a i ). For an abelian variety and any f End(A), one has that deg f = #ker f (this is clear if f is separable) and v(deg f ) = v(#ker f ) = #ker f l = v(det f l ) by Lemma 7.4.4. Applying this to f = G(u), we therefore get that G(a i ) = G(b i ) and we can conclude using Lemma 7.4.2. R Can we overpass the assumption on separability? We use it for G(u) and the latter will be separable if for instance G has a constant coefficient prime to p. But we can impose that in the proof of Lemma 7.4.2 since we need that G is the minimal polynomial of an element closed to a given root of P. By shifting P(X + r), we can always assume that the root a 1 we are interested is a unit and therefore α as well and we are fine. Definition 7.4.2 The previous result shows that to an abelian variety A/F q of dimension g, the characteristic polynomial of F acting on V l (A) is of degree 2g with coefficients in Z, independent of l. We call it the characteristic polynomial of the Frobenius of A. We denote it by χ A. Let us assume from now on that A = JacC where C is a curve defined over F q with Weil polynomial f = (1 a i X). A is an abelian variety defined over F q and A(F q ) Pic 0 (C)(F q ). In particular #A(F q n) = (1 a n i ). On the other hand, let F = Frob q be the Frobenius endomorphism of A. We denote by χ = χ F = (T b i ) Q l [T ] its characteristic polynomial. Theorem 7.4.6 One has that χ = X 2g f (1/X). In particular χ and f have the same roots. Proof. From Proposition 7.4.5, we know that χ = P F = (X b i ) and since χ is the characteristic polynomial of F, we see that P F n = (X b n i ) for all n > 0. We need to prove that P F = (X a i ). Since #ker(f n id) = deg(f n id) = (1 b n i ) = (1 a n i ), the proof is over once we get that the last equality for all n implies that a i = b i (up to a permutation). Let us consider the formal series R a = (1 an i ) n T n, R b = (1 bn i ) T n. n Expanding the products and using that log(1 T ) = T n /n, the equality of R a = R b gives (1 a i T ) (1 a i a j a k T ) (1 T ) (1 a i a j T ) = (1 b it ) (1 b i b j b k T ). (1 T ) (1 b i b j T ) We therefore get that b i = j Ii a i and conversely that a j = i Ji b i. Hence a i is a product of a j s but since the absolute values of the a i is q this is impossible if this product if not of a single term. Hence #I j = 1 and #J i = 1 and {b i } = {a i }. Let now A,B be two abelian varieties over F q. Proposition 7.4.7 One has χ A B = χ A χ B. If φ : A B is a homomorphism with finite kernel defined over F q then χ A χ B. In particular if A is isogenous to B over F q, then χ A = χ B.

7.4 Construction of curves with many points 83 Proof. The first property is a simple consequence of the fact that V l (A B) = V l (A) V l (B) and F A B (D,D ) = (F A (D),F B (D ). For the second property, let N = #ker(φ) and let l be coprime to N p. Then φ : A φ(a) B is an isogeny and we have seen that there exists φ : φ(a) A such that φ φ = [N]. Since N is prime to l, we see that φ is therefore an isomorphism between V l (A) and V l (φ(a)) V l (B). Moreover one has that on V l (A), φ 1 F B φ = F A φ 1 φ = F A since φ is defined over F q. Hence the characteristic polynomial of F A divides the one of F B. R Actually Tate [0] proved that A is isogenous to B if and only if χ A = χ B. 7.4.2 A construction of maximal curve of genus 3 over F 2 n This is part of [0]. Let k = F 2 n and consider the family C a,c,d /k : (ax 2 +Y 2 ) + cz(x +Y + Z) + d(xy )) 2 = XY Z(X +Y + Z) with a,c,d k such that a 0,cd 0,c + d 1. It is easy to prove that C is smooth and that i 1 (X,Y,Z) = (Y,X,Z), i 2 (X,Y,Z) = (X,Y,X +Y + Z), i 3 (X,Y,Z) = (Y,X,X +Y + Z) define involution on C. From [0, p.48, Sec.12], the set-quotient of a curve by a finite subgroup of its automorphism group is again an algebraic curve. In this case it is easy to find explicit equations for the quotients by the subgroups generated by i 1,i 2 or i 3. Proposition 7.4.8 The quotients of C by i 1, i 2 and i 3 are respectively E 1 : Y 2 + XY = X 3 + c 2 d 2 X 2 + d 4 a 4 E 2 : Y 2 + XY = X 3 + c 2 d 2 X 2 + c 4 a 4 E 3 : Y 2 + XY = X 3 + c 2 d 2 X 2 + (c + d + 1) 4 a 4. Proof. We start with the quotient by the involution i 1. We work with the affine model of C obtained by letting Z = 1. The functions X 1 = X +Y, Y 1 = XY are stable by i 1, and they lead to the following equation for the quotient curve d 2 Y 2 1 + X 1 Y 1 +Y 1 = a 2 X 4 1 + c 2 X 2 1 + c 2. To find a Weiertrass model for this curve, we invoque MAGMA (note that we need to specify a point on the curve ; fortunately it is easy to see that (0 : 1 : 0) is so). F<a,c,d>:=FunctionField(GF(2),3); P<x,y,z>:=PolynomialRing(F,3); PP:=ProjectiveSpace(P); C:=Curve(PP,d^2*y^2*z^2+x*y*z^2+y*z^3+a^2*x^4+c^2*x^2*z^2+c^2*z^4); E:=EllipticCurve(C,C![0,1,0]); SimplifiedModel(E); Elliptic Curve defined by y^2 + x*y = x^3 + c^2*d^2*x^2 + a^4*d^4 over Multivariate rational function field of rank 3 over GF(2) For the involution i 2 we work with the affine model obtained by letting Y = 1. The functions X 1 = X, Z 1 = Z(X + Z + 1) are invariant and they yield the following model for the quotient curve: F : c 2 Z 2 1 + X 1 Z 1 = a 2 X 4 + d 2 X 2 + a 2.

84 Chapter 7. Jacobian of curves The change of variables X 1 = X 2 /ac, Z 1 = (Y 2 +X 2 2 )/ac3 gives a birationnal map to E 2 defined over k. To deal with the third quotient we make the change of variables X Y 1 + Z 1, Y X 1 + Z 1. The curve C = C a,c,d,r becomes the curve C = C a,c+d+1,d,r and the involution i 3 becomes i 2. Therefore, the quotient curve is isomorphic to the elliptic curve Y 2 + XY = x 3 + ((c + d + 1) 2 d 2 x 2 + (c + d + 1) 4 a 4. obtained from E 2 by changing c c+d +1. This curve is isomorphic to E 3 via Y Y +d 2 X. We are going to see that the E i are pieces of JacC. Lemma 7.4.9 Let π : C 1 C 2 be a morphism of degree d between two curves and assume that g C2 > 0. Then π : JacC 2 JacC 1 defines a homomorphism such that JacC 2 π (JacC 2 ). Proof. To prove the proposition, let us define π : JacC 1 JacC 2 defined by n i P i n i π(p i ). From Proposition 3.3.1, it appears that π π = [degπ]. Hence kerπ ker[degπ] which is finite. Example 7.5 Let X1 2 = X0 2 + Z2, C/F 17 : X2 2 = X0 2 + 2Z2, = X0 2 + 3Z2 X 2 3 be a genus 5 curves into P 4. The involutions which fixes all variables except X i X i define quotient curves C i for instance X = X0 2 + Z2, C 1 /F 17 : X2 2 = X0 2 + 2Z2, X3 2 = X0 2 + 3Z2 { X 2 2 = X 2 0 + 2Z2, X 2 3 = X 2 0 + 3Z2 P 3. The C i are genus 1 curves and for instance f C1 = 17T 2 + 6T + 1 which divides f C = (17T 2 2T + 1) 3 (17T 2 + 6T + 1) 2. Let π i : C E i be the quotient maps. From the previous lemma, we have morphisms with finite kernels πi : JacE i = E i JacC and Proposition 7.4.7 shows that f Ei f C. A more precise computation would show that (π1 π 2 π 3 ) : E 1 E 2 E 3 JacC is actually an isogeny. This could be proved directly by studying (π i ) π j, or by the action on the differentials or using a result of [0]. Hence from the same proposition we actually get that f C = f E1 f E2 f E3. Consider the case where c = d = 1 and n > 2 odd. We then have that E 1 = E 2 = E 3 is the elliptic curve E : Y 2 + XY = X 3 + X 2 + a 4. As n is odd, Theorem 6.2.5 shows that there exists an elliptic curve E 0 /k such that #E 0 = 1 + 2 n + m where m = 2 2 n. Assume that m 1 (mod 4) (one can show that this happens infinitely many often). Then E 0 is an ordinary elliptic curve (i.e. its 2-rank is equal to 1) and has therefore a non-zero j-invariant j 0. Such an ordinary elliptic curve E where r 0 {0,1} and r 0 = 0 if and only if E has a rational 4-torsion point. Since m 1 (mod 4) and n > 2, we see that this is not the case, hence we can write E = E 0. This shows that f C = fe 3 0 and in particular #C(k) = q + 1 + 3m, so the curve is maximal. can be written E : Y 2 + XY = X 3 + r 0 X 2 + 1 j E R The same kind of arguments enables to solve many other cases in characteristic 2. The only open case is when m 3 (mod 4). It could be solved if one can prove that there exist elliptic curves E i /k with trace m and j-invariants j i such that tr k/f2 j 1 j 2 ( j 1 + j 2 + j 3 ) 2 = 0.

7.4 Construction of curves with many points 85 R Another nice open problem that I learnt from Omran Ahmadi: show that the Weil polynomial of D 1 /F 2 : y 2 +y = x 3 +x 1 always divides the Weil polynomial of D k : y 2 +y = x 2k +1 +x 1.

III Appendices 8 Using MAGMA and some (open) problems 87 8.1 Some basic tools: exercises 8.2 Some (more) open exercises 8.3 Good models of curves of genus 5 8.4 Isomorphisms-Automorphisms 8.5 Exploring the number of points of curves over finite fields 9 Exercise sheet...................... 101 10 Solutions of the exercises........... 107 Bibliography....................... 115 Articles Books Index.............................. 118

8. Using MAGMA and some (open) problems 8.1 Some basic tools: exercises 8.1.1 Wording The most important thing is the help. There exist two sorts : the html files are the most convenient. They contain, besides the description of each command, examples and even mathematical background. You can access commands by topic (finite groups, commutative algebra, algebraic geometry) or through the index. The second help is online : when you want information about a command, let s say RandomPrime, you type RandomPrime;. A last tip before we start : there is a automatic completion with tab. This is useful when you do not remember exactly the name : MAGMA follows very closely the exact definition. We will start with some examples that look really similar to Maple. To Evaluate an expression you need to end it with ;. To define an object you write f:=.... As you may see it does not display the result. To see it you have to write f;. 1. Compute 123 10 + 33 127. 2. Compute 2 + 3. 3. Compute 200! and factorize this number. 4. Is 2 1233 + 321 prime (IsPrime)? Some examples how to handle sets, sequences, lists : 5. Define the sets I = {1,4,10}, J = {2,4,8}. Do the following operations : I J and I J. 6. Create a random list of 10 integers. Extract the 8th. Unlike Maple, MAGMA require to define properly where you are working. You cannot open a MAGMA section and write : f = x 3 + 3;. MAGMA does not know yet what is x. It is sometimes a bit tedious when you want to work with polynomials in a lot of variables but the counterpart is that it allows much more objects than the two others softwares : polynomials over extensions of finite fields or p-adic fields, matrices with coefficients in function fields.... And it is much more accurate, mathematically speaking!

90 Chapter 8. Using MAGMA and some (open) problems Very important fields for us are the field of rationals and finite fields : 7. Create the field of rationals. 8. Create the field F = F 23 (GF). 9. Add 20 and 5 in this field. This leads to the notion of coercion (for instance F!20). 10. Create the field K = F 23 4. What is a defining polynomial for this field? Compute the square root of 10 in this field. One would like also to create extensions by choosing a defining polynomial. 11. Create the polynomial ring R with variable x over F 5. 12. Create the polynomial f = x 6 +3x+3. Evaluate f at 2. Is f irreducible? What is its splitting field? Call it F < w >. 13. Create an extension of F of degree 3 by a polynomial of your choice. Once we have the basic fields, we can construct polynomial rings in several variables on them 14. Construct the polynomial ring P = Q[x, y, z]. 15. Consider f = x 4 + y 4 + z 4 P. 16. Prove that f is irreducible. 17. Compute the resultant R in x of f and f / x. 18. Create the ring P 2 = Q[u,v] and the morphism (x,y,z) (1,u,v) with hom< P-> P2 1,u,v>. 19. Map R into P 2 with this morphism. We can now define varieties, in particular curves. There are multiple ways to define them, depending if they are general curves, elliptic curves, hyperelliptic curves,.... Depending on the type of curves and fields, you have also access to a larger panel of functionalities and of efficiency. Let us consider here only some basics ones. 20. Define the projective space S = P 2 Q (ProjectiveSpace(P)). 21. Define the curve C : f = 0 in S. 22. Is it singular? What is its genus? 23. Consider the curve C over F = F 73 (ChangeRing). Let s call it D. Is D smooth? 24. Compute its number of points. 25. Find the flexes of D. Another example in space: 26. Define the polynomial ring R with variables x,y,z,u,v over the rationals. 27. Define the 3 homogeneous polynomials f 1, f 2, f 3 : 28. Define the projective space associated to R 29. Define the Scheme C : f 1 = f 2 = f 3 = 0. 30. What is its dimension? 31. Is it singular? f 1 = x 2 + y 2 + z 2 uv f 2 = xu yv f 3 = 2x 2 + 3y 2 zy + u 2 + v 2 We will need only basic programming properties, like loops (for...do, while...do) and branchement (if...then...else) which you end with (end for, end while, end if). 32. Create a loop that runs through the primes less than 100 (NextPrime). 33. For each prime 11 p 100, reduce the curve C from (21) over F p and stop when its number of rational points reaches the maximal value 1 + p + 3 2 p.

8.1 Some basic tools: exercises 91 Automorphisms. Let G,H,M be the following matrices G = ζ 4 0 0 0 ζ 2 0 0 0 ζ, H = 0 1 0 0 0 1 1 0 0, M = 1 7 ζ ζ 6 ζ 2 ζ 5 ζ 4 ζ 3 ζ 2 ζ 5 ζ 4 ζ 3 ζ ζ 6 ζ 4 ζ 3 ζ ζ 6 ζ 2 ζ 5 where ζ is a 7th root of unity. Show that the automorphisms of P 2 given by these matrices are automorphisms of the Klein s quartic x 3 y + y 3 z + z 3 x = 0. What is the order of the group generated by these matrices?, R In characteristic 0, One can show (using Hurwitz bound) that automorphism group of the curve is generated by these elements. This is not true in characteristic 3 (this is the only case). 8.1.2 Solutions 123/10+33/127; 2+Sqrt(3); Factorial(200); Factorization($1); IsPrime(2^1233+321); I:={1,4,10}; J:={2,4,8}; I join J; I meet J; L:=[Random(10,2000) : i in [1..10]]; L[8]; F:=GF(23); F!(20+5); K:=GF(23^4); DefiningPolynomial(K); Sqrt(K!10); R<x>:=PolynomialRing(GF(5)); f:=x^6+3*x+3; Evaluate(f,2); IsIrreducible(f); F<w>:=SplittingField(f); R2<y>:=PolynomialRing(F); g:=y^3+w*y+4; F2<w2>:=ext<F g>; P<x,y,z>:=PolynomialRing(Rationals(),3); f:=x^4+y^4+z^4; IsIrreducible(f); R:=Resultant(f,Derivative(f,x),x); P2<u,v>:=PolynomialRing(Rationals(),2); phi:=hom<p-> P2 1,u,v>;

92 Chapter 8. Using MAGMA and some (open) problems phi(r); PP:=ProjectiveSpace(P); C:=Curve(PP,f); IsSingular(C); D:=ChangeRing(C,GF(73)); PP2<X,Y,Z>:=AmbientSpace(D); IsSingular(D); // here it checks the singularity of the curve directly over \bar{k} #Points(D); H:=Curve(PP2,Determinant(HessianMatrix(D))); pts:=points(h meet D); // this was by hand or there is a function which does it pts:=points(flexes(d)); R<x,y,z,u,v>:=PolynomialRing(Rationals(),5); RR:=ProjectiveSpace(R); f1:=x^2+y^2+z^2-u*v; f2:=x*u-y*v; f3:=2*x^2+3*y^2-z*y+u^2+v^2; C:=Scheme(RR,[f1,f2,f3]); Dimension(C); IsSingular(C); p:=2; while p le 100 do print p; p:=nextprime(p); end while; P<x,y,z>:=PolynomialRing(Rationals(),3); f:=x^4+y^4+z^4; PP:=ProjectiveSpace(P); C:=Curve(PP,f); p:=11; while p le 100 do Cp:=ChangeRing(C,GF(p)); B:=1+p+3*Floor(2*Sqrt(p)); if #Points(Cp) eq B then print p; break; end if; p:=nextprime(p); end while; F<a>:=CyclotomicField(7); G:=Matrix([[a^4,0,0],[0,a^2,0],[0,0,a]]); H:=Matrix([[0,1,0],[0,0,1],[1,0,0]]); M:=-1/Sqrt(F!(-7))*Matrix([[a-a^6,a^2-a^5,a^4-a^3],[a^2-a^5,a^4-a^3,a-a^6], [a^4-a^3,a-a^6,a^2-a^5]]);

8.2 Some (more) open exercises 93 GG:=MatrixGroup<3,F G,H,M>; // here we are lucky that the group is indeed finite in GL (whereas we should look in PGL). #GG; P<x,y,z>:=PolynomialRing(F,3); PP:=ProjectiveSpace(P); C:=Curve(PP,x^3*y+y^3*z+z^3*x); g:=automorphism(pp,g); h:=automorphism(pp,h); m:=automorphism(pp,m); m(c) eq C;h(C) eq C; g(c) eq C; 8.2 Some (more) open exercises 8.2.1 Isomorphisms between hyperelliptic curves From Exercise 8.9, one sees that an isomorphism between two hyperelliptic curves Y 2 = f i (X) with deg( f 1 [ ) = deg( ] f 2 ) = 2n over an algebraically closed field k of characteristic p 2 is mainly a b defined by GL c d 2 (k) such that (cx + d) 2n f 1 ( ax+b cx+d ) = α f 2(X) for α k (we say that f 1 and f 2 are equivalent). How would you test such an equivalence in practice? In particular are f 1 = X 10 + 1 and over F 31 equivalent? f 2 = 26X 10 + 30X 9 + 8X 8 + 6X 7 + X 6 + 16X 4 + 14X 3 + X 2 + 2X + 26 8.2.2 Number of points on plane curves Instead of considering smooth curves of genus g, one could consider projective algebraic set of degree d in P 2 (F q ). What can be said about the maximal number of points when 1. there is no additional condition? 2. we assume the algebraic set to be smooth? 3. we assume the algebraic set to be irreducible? 8.2.3 Good correspondences between curves In order to construct curves with many points, a strategy uses correspondences between curves over a finite field k = F q with good properties. Here, we will focus on finding two morphisms f,g : C 1 C 2 such that g = φ f ψ where φ and ψ are two automorphisms with some stability properties. More precisely, denote by R a subset of C 1 (k) containing the ramification points of f ; denote S C 1 (k) the inverse image under f of a set of points on C 2 such that all P S are k-rational and unramified. We ask that ψ preserves R and S ; φ preserves their image by f ; there exists a point Q R such that f (Q) = g(q) but Q is not a ramified point for g. Can you find such examples? You can of course start with C 1 = C 2 = P 1.

94 Chapter 8. Using MAGMA and some (open) problems 8.2.4 Constraints on the Weil polynomial for curves Let C be a curve of genus g over a finite field F q. We say that the curve has defect e 0 if #C(F q ) = q+1+gm e with m = 2 q. Having small defects e = 0,1,... give big constraints on the Weil polynomials f of C. For instance, using the same arguments as the proof of Theorem 6.2.1, one can show that if e = 0 then f = (1 + mx + qx 2 ) g. What can you say about other small defects? 8.2.5 Codes from modular curves We have seen that over F p 2, the codes constructed from the modular curves X 0 (l) are asymptotically optimal. How are the parameters of these codes at finite distance (for small values of p and small values of l)? You can compare to these tables. 8.2.6 Distribution of curves over finite fields Instead of considering each curve individually, one could look at the following question: given a finite field F q and a genus g > 0, how many curves are there with a given number of points N? Looking at the bounds of Hasse-Weil-Serre, it may be better to look at the quantity t = (#C(F q ) q 1)/(gm) where m = 2 q which is in the interval [ 1,1]. You can then try: 1. to consider all elliptic curves of the form Y 2 = X 3 + AX + B (in characteristic greater than 3); 2. all elliptic curves up to F q -isomorphisms; 3. all elliptic curves in the family Y 2 = X(X 1)(X λ) for λ 0,1; 4. (families of) higher genus curves; 5. all genus g curves up to F q -isomorphisms (how to get them?) 8.2.7 Number of points on a genus 4 curve We will now deal with genus 4 non hyperelliptic curves over a field of characteristic different from 2. The canonical embedding shows that C = Q E P 3 where Q is an absolutely irreducible quadric and E a cubic surface. 1. Prove that the rank of Q is greater than 2. 2. We will restrict to the case where rank of Q is equal to 4. Show that if k is algebraically closed then Q xt yz = 0 P 1 P 1. Show that if k is a finite field then Q P 1 P 1 if detq is a square. 3. We now assume that Q = xt yz. Now let φ : P 1 P 1 Q the isomorphism given by ((X : Y ),(Z,T )) (XZ : XT : Y Z : Y T ). Show that under this isomorphism, C becomes C P 1 P 1 with X 3 P 0 (Z,T ) + X 2 Y P 1 (Z,T ) + XY 2 P 2 (Z,T ) +Y 3 P 3 (Z,T ) = 0 where the P i are homogeneous of degree 3. 4. Consider now C {(0 : 1) P 1 }. Show that if all the points of C are defined over k then we can transform P 3 by an automorphism of P 1 into a given polynomial (depending on the number of distincts roots of P 3 ). 5. Consider C {(0 : 1) P 1 } and assume that this is three distinct points over k. By a change of variables proves that you can choose these points to be (1 : 1),( 1 : 1) and (1 : 0). 6. Conclude on the number of parameters left. The genus 4 case is the first case for which there are open entries in this web site. The smallest case is: is there a curve over F 19 with 49 or 50 points? With the present model one has to span 19 9. Do you think that this is manageable?

8.3 Good models of curves of genus 5 95 8.2.8 Number of points on a genus 5 curve Let us end up with genus 5 curves. We will deal with the case where it is the complete intersection of three quadrics in P 4 over an algebraically closed field k of characteristic different from 2. 1. Let Q 1,Q 2 be two non-degenerate quadratic forms over k. Show that we can diagonalize Q 1,Q 2 in the same basis if det(q 1 xq 2 ) has simple roots. 2. Use this result over k in the generic case to reduce the number of parameters to 15. I do not know how to do less (=12). Here we have also an open entry in this web site: is there a genus 5 curve over F 7 with 27 or 28 points? 8.2.9 Non-special divisors on a curve over a finite field We have seen that if C is a curve of genus g over a field k, the classes of non-special divisors of degree g 1 are dense among the classes of divisors of degree g 1. But this is a statement over k and one can wonder what happens if we insist on the existence of such divisors over k = F q a finite field. If q > 4, one can show that there is always such a divisor but counterexamples are known over F 2,F 3 and F 4 with g 3. Can one find an counterexample in genus 4? 8.3 Good models of curves of genus 5 8.3.1 Wordings We are interested in reducing the number of coefficients defining curves of small genus over algebraically closed fields or finite fields. Let s warm up with the genus 0 and 1 examples. Exercise 8.1 Let Q(x,y,z) = 0 be a plane smooth conic over k of characteristic different from 2. 1. Show that up to a change of variables over k you can always write Q = ax 2 + by 2 + cz 2 with abc 0. 2. Let k be a finite field. Consider the morphisms φ(x) = ax 2 and ψ(y) = c by 2. Prove that there exists (x,y) k 2 such that φ(x) = ψ(y). 3. Conclude. Remark: this is also a consequence of Chevalley-Warning. Exercise 8.2 We will look at genus 1 curve over a field k which have a k-rational point (this is always the case of algebraically closed fields and also over finite fields, thanks to Hasse-Weil bound). We are therefore in the situation presented in the course and we can assume that C : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6. 1. Show that if characteristic k 2,3 then we can assume that C = E A,B : y 2 = x 3 + Ax + B. 2. Show that there exists an isomorphism φe A,B E A,B such that φ(o) = O if and only if there exists u k such that A = u 4 A and B = u 6 B (using the R.R. spaces L (2O) and L (3O) show that an isomorphism between two Weierstrass models is of the form (x,y) (u 2 x + r,u 3 y + su 2 x +t)) a.

96 Chapter 8. Using MAGMA and some (open) problems 3. Conclude that over k, E A,B y 2 + xy = x 3 36x j 1728 1 j 1728, if j := 1728 4A 3 0,1728; 4A 3 +27B 2 E A,B y 2 = x 3 + 1, if j = 0; E A,B y 2 = x 3 + x, if j = 1728. (you may use MAGMA for that). Conclusion: we see that geometrically, genus 1 curves are determined by a unique parameter j up to isomorphism. 4. Let us assume that j 0,1728. Show that if E A,B k E A,B then u2 k. 5. Deduce that the set of k-isomorphism classes of E A,B with a given j-invariant different from 0,1728 is in bijection with k /(k ) 2. 6. If k = F q conclude that for such an E A,B, there exists only another E A,B no isomorphic to E A,B with the same j-invariant. It is called its quadratic twist. Find an equation of it. When j = 0 (resp. j = 1728) one gets up to 4 (resp. 6) twists (for the general theory, see [0, Cha.X.2]). The morality is that we can run over all curves over F q in 2q + ε steps. a One could wonder if one gains extra-isomorphism if one doesn t ask φ(o) = O. The answer is no thanks to the transitivity of the action of translation on an elliptic curve. More generally, we would like to write curves with as few coefficients as possible (for instance if one has to span over all isomorphism classes). This can be imagined in two flavor: over k or directly over k? Note that over k, one will look at k-isomorphism classes and then if one wants k-isomorphism classes, use the theory of twists as for the genus 1 case. We will see that the first question is already quite hard: what is the minimum number of parameters we can expect? One can show that the set of curves of genus g > 1 up to k-isomorphisms is an irreducible quasi-projective variety of dimension 3g 3 called the moduli space of curves (of genus g) and denoted M g. What we have proved for g = 1 is that M 1 A 1 (actually it s M 1,1 ). Hence, for g = 2 (resp. 3,4,5) we cannot expect to write our curves with less than 3 (resp. 6,9,12) coefficients. The following exercises will try to reach these bounds. Note that we cannot hope this to be always possible. At least for g 24, M g is of general type, in particular it is not unirational and we cannot build such a family. Exercise 8.3 Using the isomorphisms of hyperelliptic curves (see Exercise 8.9), show that over k, we can always write a genus 2 curve C : y 2 = x(x 1)P(x) where P is a monic degree 3 polynomial. What is the smallest number of coefficients you can get over a finite field k (in Section 8.5 we will apply a strategy based on invariants)? This exercise will be used only for models of plane quartics and can be overlooked at first. Exercise 8.4 We show here how to compute the flexes of a plane algebraic curve C : f (x 1,x 2,x 3 ) = 0 of degree n over any algebraically closed field k of characteristic p 0. Let P be a non-singular point of C. Recall that a point P is a flex if the intersection multiplicity at P of the tangent at P with C is greater than or equal to 3. Non classical behaviors may appear when the characteristic divides n 1. For instance, there exist curves, called funny curves, for which all points are flexes (for instance x 4 + y 4 + z 4 in characteristic 3). We are here interested in computational aspects of flexes. In characteristic 0, this is done by computing the Hessian.

8.3 Good models of curves of genus 5 97 Definition 8.3.1 Denote by f i the derivative of f with respect to x i. We call the Hessian matrix of f the matrix ( f i j ) i, j and we call its determinant H( f ) the Hessian of f. We are going to prove that the flexes are the intersection points of the curve H( f ) = 0 and C when p does not divide 2(n 1) (in [0], Abhyankar gives a method to overcome the difficulty when p 2). 1. Let g GL 3 (k) be a linear transformation. Applying chain rule prove that H( f g) = (detg) 2 (H( f ) g) (this is also a consequence of the fact that H is a covariant). 2. Show that x1h( 2 n(n 1) f (n 1) f 2 (n 1) f 3 f ) = (n 1) f 2 f 22 f 23 (n 1) f 3 f 23 f 33 (Hint: Apply twice the Euler s formula x 1 f 1 + x 2 f 2 + x 3 f 3 = (deg f ) f from Exercise 2.7). If f = 0 is an equation of C of degree n 3, then there exists a linear transformation g which sends a non-singular point P = (p 1 : p 2 : p 3 ) on (1 : 0 : 0) and its tangent to the line x 3 = 0. Then in affine coordinates f g 1 = x 2 + rx 2 2 + sx 2 x 3 +tx 2 3 + R(x 2,x 3 ) and R has only terms of degree greater or equal to 3. Then P is a flex if and only if r = 0. 3. Suppose that p does not divide 2(n 1). Prove that P is a flex if and only if H( f )(P) = 0. Exercise 8.5 Let C : F(x,y,z) = 0 be a non-hyperelliptic curve of genus 3 over a field k, canonically embedded as a plane smooth quartic. We will assume that char k 2,3. 1. Prove that C has a flex P over k (actually this is the case in all characteristics as these points are Weierstrass points which always exist but for the rest of the exercise this assumption on the characteristic is anyway useful). 2. Transform F by an element of GL 3 ( k) so that P = (0 : 0 : 1) with tangent x = 0 to find an equation of the form xz 3 + z 3 i=0 p i x 3 i y i + 4 i=0 q j x 4 j y j. 3. If p 3 0, show that you can moreover assume p 3 = 1, p 2 = 0 and q 4 = 0 or 1. Conclude on the number of parameters. 4. If p 3 = 0, show that you can assume q 4 = 1 and then q 3 = 0. Conclude. In characteristic 2, a similar study is made in [0]. In characteristic 3, we can also use another model, called the Riemann model to achieve 6 parameters. Over a finite field F q, the situation is more delicate. In [0] can obtain a family with 7 parameters when the curve has a rational point. Prove that this is the case if q > 29 (but there are pointless curves over F 29 ). Optimal families are obtained in [0] for curves with automorphism groups of order larger than 2, but the question of a generic family with 6 coefficients is still open. Exercise 8.6 We will now deal with genus 4 non hyperelliptic curves over a field of characteristic different from 2. The canonical embedding shows that C = Q E P 3 where Q is an absolutely irreducible quadric and E a cubic surface. 1. Prove that the rank of Q is greater than 2. 2. We will restrict to the case where rank of Q is equal to 4. Show that if k is algebraically

98 Chapter 8. Using MAGMA and some (open) problems closed then Q xt yz = 0 P 1 P 1. Show that if k is a finite field then Q P 1 P 1 if detq is a square. 3. We now assume that Q = xt yz. Now let φ : P 1 P 1 Q the isomorphism given by ((X : Y ),(Z,T )) (XZ : XT : Y Z : Y T ). Show that under this isomorphism, C becomes C P 1 P 1 with X 3 P 0 (Z,T ) + X 2 Y P 1 (Z,T ) + XY 2 P 2 (Z,T ) +Y 3 P 3 (Z,T ) = 0 where the P i are homogeneous of degree 3. 4. Consider now C {(0 : 1) P 1 }. Show that if all the points of C are defined over k then we can transform P 3 by an automorphism of P 1 into a given polynomial (depending on the number of distincts roots of P 3 ). 5. Consider C {(0 : 1) P 1 } and assume that this is three distinct points over k. By a change of variables proves that you can choose these points to be (1 : 1),( 1 : 1) and (1 : 0). 6. Conclude on the number of parameters left. The genus 4 case is the first case for which there are open entries in this web site. The smallest case is: is there a curve over F 19 with 49 or 50 points? With the present model one has to span 19 9. Do you think that this is manageable? Exercise 8.7 Let us end up with genus 5 curves. We will deal with the case where it is the complete intersection of three quadrics in P 4 over an algebraically closed field k of characteristic different from 2. 1. Let Q 1,Q 2 be two non-degenerate quadratic forms over k. Show that we can diagonalize Q 1,Q 2 in the same basis if det(q 1 xq 2 ) has simple roots. 2. Use this result over k in the generic case to reduce the number of parameters to 15. I do not know how to do less (=12). Here we have also an open entry in this web site: is there a genus 5 curve over F 7 with 27 or 28 points? 8.4 Isomorphisms-Automorphisms Exercise 8.8 Let C i be two isomorphic non-hyperelliptic curves canonically embedded in P g 1. Show that an isomorphism between C 1 and C 2 is linear. Exercise 8.9 Let C i : Yi 2 = f i (X i ) be two hyperelliptic curves of genus g 2 over a field k which are isomorphic. We are going to show that an isomorphism between C 1 and C 2 is of the form ( ) ax1 + b φ : (X 1,Y 1 ) cx 1 + d, ey 1 (cx 1 + d) g+1 [ a b with c d ] GL 2 (k) and e k. So Let φ : C 1 C 2 be an isomorphism. 1. Let ι i be the hyperelliptic involution of C i and K i their fixed subfield in k(c i ). By the unicity of the ι i, show that φ K 2 = K 1, i.e. that φ induces an automorphisms φ : P 1 P 1 between the X i. 2. Conclude that X 2 = (ax 1 + b)/(cx 1 + d) as above. 3. Show that one can write Y 2 = (P(X 1 )Y 1 + Q(X 1 ))/(R(X 1 )Y 1 + S(X 1 )). 4. After transforming Y 2 2 = f 2(X), using the facts that F 2 is square free, prove that R = 0,

8.5 Exploring the number of points of curves over finite fields 99 that P is constant and then that Q = 0. Using the equality of the degrees of f i prove that S = (cx 1 + d) g+1 also. Exercise 8.10 We will here find the possible (reduced) automorphism groups Aut (C) = Aut(C)/ ι of a genus 2 curve C : y 2 = F(x) over an algebraically closed field of characteristic 0. Since Aut (C) PGL 2 (k), one can use the classification of finite subgroups up to conjugacy. They are cyclic group C n of order n, dihedral groups D 2n of order 2n, the alternated groups A 4,A 5 and the symmetric group S 4. 1. Prove that the actions of the roots of F induces an injection of Aut (C) into S 6. 2. Let M be an element of maximal order m 6 in Aut (C). Up to conjugation, we can also assume that this is the transformation γ : (x : z) (ζ m x : z). 3. If m = 6, show that C y 2 = x 6 1 and that Aut (C) D 12. 4. If m = 5 show that C y 2 = x 5 1 and that Aut (C) C 5. 5. If m = 4 show that C y 2 = x(x 4 1). Check that (x : z) (x z,ζ 4 x + ζ 4 z) is an automorphism of order 3 and conclude that Aut (C) S 4. 6. If m = 3 show that there exists a k \{1,ζ 3,ζ3 2} such that C y2 = x 6 (a 3 +1)x 3 +a 3 with roots {1,ζ 3,ζ3 2,a,aζ 3,aζ3 2 }. Prove that α : (x : z) (az : x) is an automorphism and that γ,α D 6. Prove that Aut (C) D 6 (one can wonder whether A 4 has a subgroup isomorphic to D 6 in order to exclude it). 7. If m = 2, then the roots of F are equivalent to {1, 1,a, a,b, b} with a ±b k \ { 1,0,1}. Show that the only possibilities are C 2 and D 4. Show that it is D 4 if and only if the roots of F are equivalent to {1, 1,a, a, 1 a, 1 a } with a {0,1, 1}. This gives the following stratification dim 3 {1} dim2 C 2 dim1 D 4 D 6 dim0 C 5 D 12 S 4 Using results of Roquette [0] and Grothendieck [0, page XIII 2.12], on can show that the result hold in characteristic > 5. 8.5 Exploring the number of points of curves over finite fields 8.5.1 Wordings For 5 p 100 a prime, we want to compute what the maximal number of points of an elliptic curve over F p is. To do so, using MAGMA, you have two solutions: Use the form y 2 = x 3 + Ax + B at the beginning of Exercise 8.2; See a bit further down in the exercise and run over the F p -isomorphism classes using E:=EllipticCurveFromjInvariant(j) and then compute the twists using Twists(E). Use a graphical software (like SAGEMATH) to plot this maximum in term of p. Try to find the law satisfied by this function.

100 Chapter 8. Using MAGMA and some (open) problems You can then try to run over all genus 2 curves defined over F p with 2 < p 30. In order to do so, you will imitate the second item of the strategy for elliptic curves, replacing the j-invariant by three invariants J = [ j 1, j 2, j 3 ] F 3 p. The function to run over such the F p -isomorphism classes is now HyperellipticCurveFromG2Invariants(J). Can you see what is the law satisfied by this function? Is it as well behaved than the genus 1 case? Another experiment is to look whether there is an influence of the number of points of the curve over F p on the points over extensions. Run over genus 1 curves over F 23 and check that two curves which have the same number of points over F 23 have the same number of points over F 23 2 and F 23 3. Do the same experiment for genus 2 curves over F 11. Does it hold? What do you observe? 8.5.2 Solutions p:=2; Maxi:=[]; while p le 100 do F:=GF(p); L:=[]; for j in F do E:=EllipticCurveFromjInvariant(j); EL:=Twists(E); ML:=[#Points(E) : E in EL]; L:=L cat ML; end for; m:=max(l); Maxi:=Maxi cat [[p,m]]; p:=nextprime(p); end while; Maxi; [[Maxi[i][1],Maxi[i][2]-(1+Maxi[i][1])] : i in [1..#Maxi]]; p:=2; Maxi:=[]; while p le 30 do F:=GF(p); L:=[]; for JL in CartesianPower(F,3) do H:=HyperellipticCurveFromG2Invariants([JL[1],JL[2],JL[3]]); HL:=Twists(H); ML:=[#Points(H) : H in HL]; L:=L cat ML; end for; m:=max(l); Maxi:=Maxi cat [[p,m]]; p:=nextprime(p); end while;

8.5 Exploring the number of points of curves over finite fields 101 Maxi; [[Maxi[i][1],Maxi[i][2]-(1+Maxi[i][1])] : i in [1..#Maxi]]; p:=23; F:=GF(p); L:=[]; for j in F do E:=EllipticCurveFromjInvariant(j); EL:=Twists(E); ML:=[[#Points(E),#Points(ChangeRing(E,GF(p^2))), #Points(ChangeRing(E,GF(p^3)))] : E in EL]; L:=L cat ML; end for; Sort(L); p:=11; F:=GF(p); L:=[]; for JL in CartesianPower(F,3) do H:=HyperellipticCurveFromG2Invariants([JL[1],JL[2],JL[3]]); HL:=Twists(H); ML:=[[#Points(H),#Points(ChangeRing(H,GF(p^2))), #Points(ChangeRing(H,GF(p^3)))] : H in HL]; L:=L cat ML; end for; Sort(L);

9. Exercise sheet Exercise 9.1 Let Q(x,y,z) = 0 be a plane smooth conic over k of characteristic different from 2. 1. Show that up to a change of variables over k you can always write Q = ax 2 + by 2 + cz 2 with abc 0. 2. Let k be a finite field. Consider the morphisms φ(x) = ax 2 and ψ(y) = c by 2. Prove that there exists (x,y) k 2 such that φ(x) = ψ(y). 3. Conclude. Remark: this is also a consequence of Chevalley-Warning. Exercise 9.2 We will look at genus 1 curve over a field k which have a k-rational point (this is always the case of algebraically closed fields and also over finite fields, thanks to Hasse-Weil bound). We are therefore in the situation presented in the course and we can assume that C : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6. 1. Show that if characteristic k 2,3 then we can assume that C = E A,B : y 2 = x 3 + Ax + B. 2. there exists an isomorphism φe A,B E A,B such that φ(o) = O if and only if there exists u k such that A = u 4 A and B = u 6 B (using the R.R. spaces L (2O) and L (3O) show that an isomorphism between two Weierstrass models is of the form (x,y) (u 2 x + r,u 3 y + su 2 x +t)). 3. Conclude that over k, E A,B y 2 + xy = x 3 36x j 1728 1 j 1728, if j := 1728 4A 3 0,1728; 4A 3 +27B 2 E A,B y 2 = x 3 + 1, if j = 0; E A,B y 2 = x 3 + x, if j = 1728.

104 Chapter 9. Exercise sheet (you may use MAGMA for that). Conclusion: we see that geometrically, genus 1 curves are determined by a unique parameter j up to isomorphism. 4. Let us assume that j 0,1728. Show that if E A,B E A,B then u2 k. 5. Deduce that the set of k-isomorphism classes of E A,B with a given j-invariant different from 0,1728 is in bijection with k /(k ) 2. 6. If k = F q conclude that for such an E A,B, there exists only another E A,B no isomorphic to E A,B with the same j-invariant. It is called its quadratic twist. Find an equation of it. When j = 0 (resp. j = 1728) one gets up to 4 (resp. 6) twists (for the general theory, see [0, Cha.X.2]). The morality is that we can run over all curves over F q in 2q + ε steps. More generally, we would like to write curves with as few coefficients as possible (for instance if one has to span over all isomorphism classes). This can be imagined in two flavor: over k or directly over k? Note that over k, one will look at k-isomorphism classes and then if one wants k-isomorphism classes, use the theory of twists as for the genus 1 case. We will see that the first question is already quite hard: what is the minimum number of parameters we can expect? One can show that the set of curves of genus g > 1 up to k-isomorphisms is an irreducible quasi-projective variety of dimension 3g 3 called the moduli space of curves (of genus g) and denoted M g. What we have proved for g = 1 is that M 1 A 1 (actually it s M 1,1 ). Hence, for g = 2 (resp. 3,4,5) we cannot expect to write our curves with less than 3 (resp. 6,9,12) coefficients. The following exercises will try to reach these bounds. Note that we cannot hope this to be always possible. At least for g 24, M g is of general type, in particular it is not unirational and we cannot build such a family. Exercise 9.3 Let C i : y 2 i = f i (x i ) be two hyperelliptic curves of genus g 2 over a field k of characteristic different from 2 which are isomorphic. We are going to show that an isomorphism between C 1 and C 2 is of the form ( ) ax1 + b φ : (x 1,y 1 ) cx 1 + d, ey 1 (cx 1 + d) g+1 [ ] a b with GL c d 2 (k) and e k. 1. Let ι i be the hyperelliptic involution of C i and K i their fixed subfield in k(c i ). By the unicity of the ι i, show that φ K 2 = K 1, i.e. that φ induces an automorphisms φ : P 1 P 1 between the x i. 2. Conclude that x 2 = (ax 1 + b)/(cx 1 + d) as above. 3. Show that one can write y 2 = (P(x 1 )y 1 + Q(x 1 ))/(R(x 1 )y 1 + S(x 1 )). 4. After transforming y 2 2 = f 2(x), using the facts that F 2 is square free, prove that R = 0, that P is constant and then that Q = 0. Using the equality of the degrees of f i prove that S = 0 also. Show that over k, we can always write a genus 2 curve C : y 2 = x(x 1)P(x) where P is a monic degree 3 polynomial. What is the smallest number of coefficients you can get over a finite field k? Exercise 9.4 For 5 p 100 a prime, we want to compute what the maximal number of points of an elliptic curve over F p is. To do so, using MAGMA, you have two solutions: Use the form y 2 = x 3 + Ax + B at the beginning of Exercise 8.2;

Use the exercise on genus 1 and run over the F p -isomorphism classes using E:=EllipticCurveFromjInvariant(j) and then compute the twists using Twists(E). Use a graphical software (like SAGEMATH) to plot this maximum in term of p. Try to find the law satisfied by this function. You can then try to run over all genus 2 curves defined over F p with 2 < p 30. In order to do so, you will imitate the second item of the strategy for elliptic curves, replacing the j-invariant by three invariants J = [ j 1, j 2, j 3 ] F 3 p. The function to run over such the F p -isomorphism classes is now HyperellipticCurveFromG2Invariants(J). Can you see what is the law satisfied by this function? Is it as well behaved than the genus 1 case? Another experiment is to look whether there is an influence of the number of points of the curve over F p on the points over extensions. Run over genus 1 curves over F 23 and check that two curves which have the same number of points over F 23 have the same number of points over F 23 2 and F 23 3. Do the same experiment for genus 2 curves over F 11. Does it hold? What do you observe? 105 Exercise 9.5 We show here how to compute the flexes of a plane algebraic curve C : f (x 1,x 2,x 3 ) = 0 of degree n over any algebraically closed field k of characteristic p 0. Let P be a non-singular point of C. Recall that a point P is a flex if the intersection multiplicity at P of the tangent at P with C is greater than or equal to 3. Non classical behaviors may appear when the characteristic divides n 1. For instance, there exist curves, called funny curves, for which all points are flexes (for instance x 4 + y 4 + z 4 in characteristic 3). We are here interested in computational aspects of flexes. In characteristic 0, this is done by computing the Hessian. Definition 9.0.1 Denote by f i the derivative of f with respect to x i. We call the Hessian matrix of f the matrix ( f i j ) i, j and we call its determinant H( f ) the Hessian of f. We are going to prove that the flexes are the intersection points of the curve H( f ) = 0 and C when p does not divide 2(n 1) (in [0], Abhyankar gives a method to overcome the difficulty when p 2). 1. Let g GL 3 (k) be a linear transformation. Applying chain rule prove that H( f g) = (detg) 2 H( f ) g (this is also a consequence of the fact that H is a covariant). 2. Show that x1h( 2 n(n 1) f (n 1) f 2 (n 1) f 3 f ) = (n 1) f 2 f 22 f 23 (n 1) f 3 f 23 f 33 (Hint: Apply twice the Euler s formula x 1 f 1 + x 2 f 2 + x 3 f 3 = (deg f ) f ). If f = 0 is an equation of C of degree n 3, then there exists a linear transformation g which sends a non-singular point P = (p 1 : p 2 : p 3 ) on (1 : 0 : 0) and its tangent to the line x 3 = 0. Then in affine coordinates f g 1 = x 2 + rx 2 2 + sx 2 x 3 +tx 2 3 + R(x 2,x 3 ) and R has only terms of degree greater or equal to 3. Then P is a flex if and only if r = 0. 3. Suppose that p does not divide 2(n 1). Prove that P is a flex if and only if H( f )(P) = 0.

106 Chapter 9. Exercise sheet Exercise 9.6 Let C : F(x,y,z) = 0 be a non-hyperelliptic curve of genus 3 over a field k, canonically embedded as a plane smooth quartic. We will assume that char k 2,3. 1. Prove that C has a flex P over k (actually this is the case in all characteristics as these points are Weierstrass points which always exist but for the rest of the exercise this assumption on the characteristic is anyway useful). 2. Transform F by an element of GL 3 ( k) so that P = (0 : 0 : 1) with tangent x = 0 to find an equation of the form xz 3 + z 3 i=0 p i x 3 i y i + 4 i=0 q j x 4 j y j. 3. If p 3 0, show that you can moreover assume p 3 = 1, p 2 = 0 and q 4 = 0 or 1. Conclude on the number of parameters. 4. If p 3 = 0, show that you can assume q 4 = 1 and then q 3 = 0. Conclude. In characteristic 2, a similar study is made in [0]. In characteristic 3, we can also use another model, called the Riemann model to achieve 6 parameters. Over a finite field F q, the situation is more delicate. In [0] can obtain a family with 7 parameters when the curve has a rational point. Prove that this is the case if q > 29 (but there are pointless curves over F 29 ). Optimal families are obtained in [0] for curves with automorphism groups of order larger than 2, but the question of a generic family with 6 coefficients is still open. Exercise 9.7 We will now deal with genus 4 non hyperelliptic curves over a field of characteristic different from 2. The canonical embedding shows that C = Q E P 3 where Q is an absolutely irreducible quadric and E a cubic surface. 1. Prove that the rank of Q is greater than 2. 2. We will restrict to the case where rank of Q is equal to 4. Show that if k is algebraically closed then Q xt yz = 0 P 1 P 1. Show that if k is a finite field then Q P 1 P 1 if detq is a square. 3. We now assume that Q = xt yz. Now let φ : P 1 P 1 Q the isomorphism given by ((X : Y ),(Z,T )) (XZ : XT : Y Z : Y T ). Show that under this isomorphism, C becomes C P 1 P 1 with X 3 P 0 (Z,T ) + X 2 Y P 1 (Z,T ) + XY 2 P 2 (Z,T ) +Y 3 P 3 (Z,T ) = 0 where the P i are homogeneous of degree 3. 4. Consider now C {(0 : 1) P 1 }. Show that if all the points of C are defined over k then we can transform P 3 by an automorphism of P 1 into a given polynomial (depending on the number of distincts roots of P 3 ). 5. Consider C {(0 : 1) P 1 } and assume that this is three distinct points over k. By a change of variables proves that you can choose these points to be (1 : 1),( 1 : 1) and (1 : 0). 6. Conclude on the number of parameters left. The genus 4 case is the first case for which there are open entries in this web site. The smallest case is: is there a curve over F 19 with 49 or 50 points? With the present model one has to span 19 9. Do you think that this is manageable? Exercise 9.8 Let us end up with genus 5 curves. We will deal with the case where it is the complete intersection of three quadrics in P 4 over an algebraically closed field k of characteristic different from 2.

1. Let Q 1,Q 2 be two non-degenerate quadratic forms over k. Show that we can diagonalize Q 1,Q 2 in the same basis if det(q 1 xq 2 ) has simple roots. 2. Use this result over k in the generic case to reduce the number of parameters to 15. I do not know how to do less (=12). Here we have also an open entry in this web site: is there a genus 5 curve over F 7 with 27 or 28 points? 107

10. Solutions of the exercises 2.1 The first equality follows directly from the definition. For the second, note that IJ I and IJ J so V (I) V (J) V (IJ). Conversely, if P V (IJ) and not in V (I) for instance then there is a f I such that f (P) 0. If g J, then f g IJ and ( f g)(p) = 0. This forces g(p) = 0 for all g J hence P V (J). 2.2 One has clearly that V V (I(V )). Conversely, if V = V (I) then I I(V ) and therefore V = V (I) V (I(V )). 2.3 Let us consider av which would not admit such a decomposition and for which I(V ) is maximal with this property (this exist as the ring R n is noetherian and there are no infinite chain). Then V is not irreducible and therefore V = F G with F,G V. We have seen that I is injective so I(V ) I(F) and I(V ) I(G) and I(F),I(G) I(V ). By the maximality of I(V ), F and G are decomposable, so we can write F = F i and G = G i but then V is decomposable and we get a contradiction (note that one still has to remove factors that could appear be included in one another). For unicity, take two different writing V = V i = W i. Write V i = V V i = (W j V i ). As V i is irreducible there exists j such that V i = W j V i, i.e. V i W j. In the same way there is k such that W j V k and then V i V k which imposes i = k ad V i = W j. For the application to hypesurface, it is enough to note that the polynomial F irreducible iif the ideal (F) is prime. 2.4 Let us assume that V is algebraic and let us consider its intersection with the line Y = 0. This is also an algebraic set and consist of infinitely many isolated points. Each point is an irreducible component but one should be able to write V V ((Y )) as a finite sum: contradiction. 2.5 Consider I = I(V ) and J = I(V {P}). Since V I is injective J I. Consider F 0 I \ J. By definition F 0 (x) = 0 for all x V and F 0 (P) 0. Let F = F 0 /F 0 (P). 2.6 Let f 1 be a linear form such that P V ( f 1 ) and Q / V ( f 1 ) and f 2 such that P,Q / V ( f 2 ). Then f = f 1 / f 2 k(v ) and f (P) = 0 whereas f (Q) 0.

110 Chapter 10. Solutions of the exercises 2.7 1. Derive the composition of g : λ (λx,λy,λz) with F : (x,y,z) F(x,y,z). One has (F g)/ λ = ( F/ x, F/ y, F/ z) t( λx/ λ, λx/ λ, λx/ λ) which gives the result. The second equality is straitforward. 2. Let choose an affine space containing the point. We can assume that z 0 0. The point is singular if and only if F(x,y,z)/ x = F(x,y,z)/ y = 0 at (x 0,y 0,1). If it is so, then F(x,y,z)/ z = 0 since F(x 0,y 0,z 0 ) = 0. Conversely if at a point the three partial derivative are zero, since d is not zero, then F is zero and the point is on the curve. 3. An affine equation of the tangent at (x 0 : y 0 : 1) is Developing one gets y y 0 = F/ x F/ y (x 0,y 0,1)(x x 0 ). F/ x(p 0 )x + F/ y(p 0 )y (x 0 F/ x(p 0 ) + F/ y(p 0 )y 0 ) = 0. The last term is F/ z(p 0 ) en after homogenizing one gets the result. 4. The partial derivative are ( 3x 2,2yz,y 2 ). The point (0 : 0 : 1) is the unique singularity. 2.8 By hand, for an affine variety, one needs to compute the system consisting of the equations of the variety plus the equations of the partial differentials. One then look whether there are solutions either computing resultant or Gröbner basis. For projective varieties, one needs to do this for the intersection of the variety with a set of affine spaces which cover the projective space. Let us give directly the MAGMA code which does all this directly. R<x,y>:=PolynomialRing(Rationals(),2); AA:=AffineSpace(R); C:=Curve(AA, (x^2+y^2-1)^3+27*x^2*y^2); Sing:=SingularPointsOverSplittingField(C); Sing; Parent(Sing[5][1]); C:=Curve(AA, (x^2+y^2)*(x-1)^2-4*x^2); Sing:=SingularPointsOverSplittingField(C); Sing; R<x,y,z,t>:=PolynomialRing(Rationals(),4); PP:=ProjectiveSpace(R); S1:=Scheme(PP,[x*t-y*z]); S2:=Scheme(PP,[x^3+y^3+z^3+t^3]); IsSingular(S1); IsSingular(S2); C:=S1 meet S2; Sing:=SingularPointsOverSplittingField(C); Sing; Parent(Sing[5][1]); 2.10 The map is apparently not defined at P = (0 : 1 : 0). But Z X 3 (mod I(V )). So we get Y 2 Z 2 that ( (X 2 : XY : Z 2 ) = X 2 X 6 ) ( X 5 ) : XY : (Y 2 Z 2 ) 2 = X : Y : (Y 2 Z 2 ) 2 and this last expression evaluate at P is (0 : 1 : 0).

111 2.11 Let us consider the square matrix M given by the coordinates of the n + 1 first points P i = (x 0i :... : x ni ). There is a hyperplane containing these points iff there are coefficients a 0,...,a n not all zero such that a 0 x 0i +...a n x ni = 0 for all 0 = 1 n. But then kerm contains (a 0,...,a n ). As this is not the case, we know that M is invertible. Let us consider the linear automorphism φ of P n induced by M 1. Then φ(p i ) = (0 :...0 : 1 : 0 :... : 0) with 1 at the ith position for i = 0,...,n. Now M 1t (x 0n+1,...,x nn+1 ) = t (λ 0,...,λ n ). As P n+1 is not contained in the hyperplans containing n other points, we see that none of the λ i is zero. If we consider therefore the matrix diag(1λ 0,...,1/λ n ) M 1 then the image of the last point is (1 :... : 1) and the others are the same. As for the rationality, if all points are rational, the previous construction shows that the transformation is. Conversely if the transformation is rational, its inverse as well and the image of the points in the set {(1 :... : 0),...,(0 :...0 : 1 : 0...0),...(0 :... : 1)} {(1 :... : 1)} are rational. 3.1 Assume that a i f i = 0 with a n 0 and let P be a pole of f then ord P a i f i < 0. 3.2 1. By a translation, we can assume that P = [ (0,0). ] Now given two distinct line ax +by = 0 a b and cx + dy = 0 (the tangent), the matrix is invertible. This change of variables c d sends the two lines on X = 0 and Y = 0. 2. By definition M P = { f k[x,y ]/F s.t. f (P) = 0}. In particular f (P) = 0 if and only if any representative in f k[x,y ] is such that f (0,0) = 0, i.e. is in the ideal (X,Y,F). By the correspondence between the ideals of k[x,y ] and of k[x,y ]/F we see that M P = (X,Y ). 3. This is equivalent to say that the lowest terms of F is ay which is the case since Y = 0 is the tangent. 4. G(P) 0 so G / M P and is therefore invertible. We can write Y = X 2 H/G so M P = (X). 3.3 Locally around Q = φ(p), we can write f = ut ord Q( f ) Q where t Q is a uniformizer at Q and u is non-zero at Q. So ord P (φ f ) = ord P (φ u) +ord }{{} Q ( f ) ord P (φ t Q ). }{{} =0 =e φ (P) 3.4 Let t be an uniformizer atψ φ(p) and s be an uniformizer at phi(p). One has that (ψ φ) (t) = φ ψ (P) = φ (us e ψ(φ(p)) ) where u(φ(p)) 0 by definition of the ramification index. So ord P (ψ φ) = e ψ (φ(p)) ord P φ (u) = e ψ (φ(p)) e φ (P). 3.6 Using partial fraction decomposition we can decompose P/Q as a polynomial plus a sum of such terms. Now, these expressions are also a basis for polynomials so we can express the polynomial in this basis as well. A differential ω = P/Qdt can be decomposed as a sum of (t a) n dt. At all affine points P = (b : 1) we have that (t a) n dt = (t b + (b a) n d(t b). If b a 0 then ω is regular at P and the residue is 0. When b = a and n = 1, then the residue is 1. Now at P = (1 : 0), using that dt = t 2 d(1/t), we see that (t a) n dt = t n+2 (1 a/t) n d(1/t) which residue is 0 unless n = 1 and then the residue is 1. The formula is then proved. 4.1 Let us assume that C has genus 0. By Riemann-Roch theorem 4.1.1 we get that for any P C, l(p) = 2 (l(κ P) = 0 since this is a negative degree divisor). This means that there exists a

112 Chapter 10. Solutions of the exercises non-constant function f such that P + div f 0. Since f is non constant, it has a pole and this must be P. As the degree of div f is zero it has only one zero Q. This means that P Q = div f hence (P) (Q). Conversely, if this is the case, then let us consider φ : C P 1 the morphism induced by f and h the function x/z. From Exercise 3.3, we get that 1 = ord P ( f ) = e φ (P) ord (0:1) (x/z), }{{} =1 hence e φ(p) is 1. As P is the only point over (0 : 1) (since it is the only zero of f ), it means that degφ = 1 and it is therefore an isomorphism (Corollary 3.2.4). 4.2 Since D is effective and special then it means that κ D is also effective and using the lemma we get r(d) + r(κ D) r(κ) = g 1. Now by Riemann-Roch theorem, r(d) r(κ D) = degd + 1 g so adding the two, we get the result. As for the lemma, any effective divisor R D + E can only be decomposed into a finite number of ways into the sum of an effective divisor in D and in E. Now let us consider Y = φ( D E ). Since D E is irreducible (see for instance this proof) then its image is so too. Now if V is an affine variety inside Y, since φ is finite, by definition, U = φ 1 (V ) is affine k[u] is a finitely generated module over k[v ]. This implies that k(u) is a finite extension of k(v ) and therefore r(d)+r(e) = dim D E = dimk( D E ) = dimk(u) = dimk(v ) dim D+E = r(d+e). 4.3 The first item is a direct consequence of Riemann-Hurwitz theorem 4.3.1 since degφ > 0 and e φ (P) 1 0. For the second item, we can rewrite letting g C1 = g C2 = g (2g 2)(1 degφ) e φ (P) 1 0. If 2g 2 > 0 i.e. g > 1 then this is possible only if degφ = 1 i.e. φ is an isomorphism (Corollary 3.2.4). If g = 1 then we get that e φ (P) 1 0 hence e φ (P) = 1 for all P. The morphism φ is unramified. 4.4 1. Clearly ι is in the kernel as it is the identity on the x-coordinate. Conversely a map which is the identity on the x-coordinate is of the form (x,y) (x,ey). if we want to preserve C, we see that e 2 = 1 so this is the hyperelliptic involution. 2. The hyperelliptic involution is given by (x,y) (x, y) hence the points such that y = 0 are fixed. Then these are the zeros of f. Note that as the degree of f is even the points at infinity are not fixed by the involution. 3. Recall that an automorphism g commutes with the hyperelliptic involution ι. Hence if P is a fixed point of ι then gι(p) = g(p) = ιg(p) so g(p) is a fixed point as well. This implies that g permutes the points Q i. 4. We know that an automorphism (x : z) (ax + bz : cx + dz) of P 1 maps three points on any three points, so we can assume that these three points are 0,1. The first condition impose b = 0, the last one d = 0 and the second one a = c not equal to 0 so this is the identity. 5. We have an action of any element of G on the points Q i. This action is faithful since there are more than 3 Q i. So the maps of G into Sym 2g+2 is injective. 6. We fix a choice of 3 roots of f and we consider the automorphism of P 1 which sends them to any three other roots of f. We then check that this automorphism maps also the remaining roots on other roots. If this is the case we see that (cx + d) 2g+2 f ((ax + b)/(cx + d)) = α f and we let e = α. We then get a list of all automorphisms in this way. 7. Let P and P be two points in the fiber. There exists g G such that g(p) = P. Using for instance exercise 3.1 since g is of degree 1 and so nowhere ramified ord g(p) g 1 t P =

ord P t P = 1 so g 1 t P = vt g(p) where v is non zero at g(p). Now by definition φ t φ(p) = ut e φ (P) P so since φg = φ, φ t φ(p) = g 1 φ t φ(p) = g 1 ug 1 t e φ (P) P = (g 1 uv)t e φ (P) g(p). 113 But φ t φ(p) = wt e φ (g(p)) g(p) so we get that e φ (P ) = e φ (P). Using Proposition 3.2.1 allows to conclude that there are n/r such points in the fiber. 8. Riemann-Hurwitz formula says that 2g C 2 = n(2g D 2) + Q e φ (P) 1. The last sum can be group into fibers with index of ramification r i which appears n/r i times so we get 2g C 2 = n(2g D 2) + s i=1 n r i (r i 1). Dividing by n gets the result. 9. Clearly if g D 2 then the sum is greater than 2 > 1/42. If g D = 1 since the sum is strictly positive, one of the r i > 1 so at least 2 and the sum is greater than 1/2 > 1/42. So we can assume that g D = 0 so s 2 > 1/r i and therefore s > 2. As soon as s 5 then the sum is greater than 1/2. So let us look at the cases s = 3 and s = 4. For s = 4, we have 2 1/r i which we want to be as small as possible, so this gives (by a greedy algorithm we start with r i as small as possible and increases keeping the condition of positivity), 2 1/2 1/2 1/2 1/3 = 1/6 > 1/42. In the case s = 3, we have 1 1/2 1/3 1/7 = 1/42. 10. We have seen that in all cases in the minimum is 1/42, so 2g C 2 n/42 hence n 84(g C 1). 6.1 1. indeed if we had two linearly independent elements f,g with a pole of order t then l(tq) l((t 1)Q) + 2 which is impossible. So after reordering we can find a basis with functions of order of pole at Q strictly growing. 2. If not, we could write 0 = f q 0 i z i with the z i not all zero. Let us isolate the smallest i 0 such that z i0 is not zero. Then the order of the pole at Q of f q 0 i 0 z i0 is < q 0 ord Q f i0 +q 0 = q 0 (ord Q f i0 +1) whereas the order of the pole at Q of i i0 f q 0 i z i is greater or equal to this number since ord Q f i (ord Q f i0 ) + 1. Hence we get a contradiction. 3. The elements ( f q 0 i z j ) for z j a basis of L (nq) are linearly independent and also generate L so they form a basis. Their number is exactly l(nq) l(mq). 4. f i (z i + z i )q 0 = f i z q 0 i + f i z q 0 i and similarly f i (λ q 0z i ) q 0 = f i (λ)z q 0 i since λ F q and q = q 2 0. 5. Let us compute f (P) q 0 = ( f q 0 i z i ) q 0(P) = ( f i z q 0 i )(P) = ψ( f )(P) = 0 since f i, z i are defined over F q. 6. We have since diml = l(nq) l(mq) (n g + 1) (m g + 1) by Riemann-Roch and the inequalities on m and n. 7. This is still Riemann-Roch 8. Notice that we have a semi-linear map but the notion of dimension works in the same way. The kernel is going to be non-zero as soon as diml > l((m + q 0 n)q) = g + q 0 + q 0 n + 1. Since diml (g + 1 + q 0 )(n + 1 g) we can get after simplification that this is the case if n(g + 1) g 2 + g + gq 0. Taking n = q 0 1 we get that this is always the case as soon as q 0 g 2 + 2g + 1. 6.2 Let us take the expression (6.1) (with δ 0 = 1). We see that lim (1 T )Z(C/k,T ) = lim (1 T ) T 1 T 1 Now for n > 2g 2, we have that A n = h qn g 1 q 1 lim (1 T ) T 1 n>2g 2 A n T n = so n>2g 2 A n T n = f (1) 1 q. h q 1 lim T 1 (1 T ) 1 1 T = h 1 q.

114 Chapter 10. Solutions of the exercises Hence we see that f (1) = h. Let us write g = 2g i=1 (T α i). It is easy to see that f (1) = g(1) and that h(f q n) = 2g i=1 (1 αn i ). This can be seen as the value at 1 of the polynomial g n = Res x (g(x),z x n ). Let us look at the polynomials g n (mod d). Since d h(f q ) and d is prime, it means that g = g 1 (mod d) admits 1 as a root and also q/1 = q. Now 2g n 1 g n (1)/g 1 (1) = α j i. i=1 j=0 Since d n(q n 1)/(q 1) and d is prime, either d n and therefore since modulo d one of the α i = 1 (mod d) (say i = 1) we get from the previous formula n 1 j=0 α j 1 = 0 in F d. Otherwise d (q n 1)/(q 1). Since q is also a root modulo d (say α g+1 = q (mod d)) we get n 1 j=0 α j g+1 = (q n 1)/(q 1) = 0 in F q. 7.1 When l(d) = 1 there exists a unique effective divisor D 0 such that D D 0. Now D σ 0 Dσ D so D σ 0 is an effective divisor in the class of D, hence Dσ = D by unicity. Since D is of degree 0 (and non empty otherwise there is nothing to prove) we have that l(d) = 0. By Riemann-Roch theorem there is an n such that l(d + np 0 ) > 0. The previous inequalities insure that by taking the smallest n such that l(d + np 0 ) 0, we get that l(d + np 0 ) = 1. Using the first item, we see that D + np 0 is k-rational and therefore D is rational. 8.1 1. It is classical reduction of quadratic forms: for instance by completing the square ax 2 + bxy+cxz = a(x+b/(2a)y+c/(2a)z) 2 a(b/2a) 2 y 2 a(c/2a) 2 z 2 when say a 0. If none of the coefficients in front of the square are non-zero, it means that the quadric is axy+bxz+cyz with abc 0 (otherwise the quadric is not smooth). One can then go back to the previous situation by changing y = x + y for instance. In all cases, we have then ax 2 + by 2 + cyz + dz 2 and we can reduce further letting by 2 +cyz = b(y+c/(2b)y) 2 b(c/(2b)) 2 y 2 or if b = 0 and d = 0, we have c 0 and we first let z = y + z in order to go back to the previous situation. 2. Since x x 2 has an image of cardinality (q 1)/2 + 1 = (q + 1)/2, it is the same for φ and ψ. Hence their images cannot be distinct and there exists (x,y) which gives a collision. 3. Such a couple (x,y) satisfies ax 2 + by 2 + c = 0 hence the point (x : y : 1) belongs to the conic V p (Q). We have proved that every smooth conic over a finite field of characteristic different from 2 admits a k-rational point and we therefore know that it is isomorphic to P 1. Note that this remains true in characteristic 2. 8.2 1. Characteristic being different from 2 we can complete the square on the left to get y 2 = x 3 + a 2 x 2 + a 4 x + a 6. Then if Characteristic is different from 3, we can moreover let x 3 + a 2 x 2 = (x + a 2 /3) 3 a 2 2 /3x a3 2 /27. 2. Let E A,B : y 2 = x 3 +Ax+B and E A,B : y 2 = x 3 +Ax +B. Since L (2O) = 1,x, L (2O ) = 1,x and φ maps O onto O we see that φ induces an isomorphism between the previous vector spaces. Hence, after identification of these spaces, we get x = αx + r. Similarly for y = βy + su 2 +t. Injecting these equality in the equation of E A,B we see that in order to preserve the reduce Weierstrass form, we need x = u 2 x and y = u 3 y. 3. Let us show this with MAGMA F<A,B>:=FunctionField(Rationals(),2); j:=1728*(4*a^3)/(4*a^3+27*b^2); E:=EllipticCurve([1,0,0,-36/(j-1728),-1/(j-1728)]); SimplifiedModel(E); Elliptic Curve defined by y^2 = x^3 + 1/324*A^3/B^2*x - 1/5832*A^3/B^2 over Multivariate rational function field of rank 2 over Rational Field

115 Bp:=- 1/5832*A^3/B^2; Ap:= 1/324*A^3/B^2; (Bp/B)^2/(Ap/A)^3; 1 As for the two special cases, we see that j = 0 (resp. 1728) iff A = 0 (resp. B = 0) and it is easy to conclude. 4. In that case, AB 0 so we can compute (B/B )/(A/A ) = u 6 /u 4 = u 2 k. 5. Let us define the map from the set of k-isomorphism classes of E A,B with invariants j to k /(k ) 2 by E A,B B/A. This is well defined since a curve E A,B k-isomorphic to E A,B is such that B /A = u 2 B/A so belongs to the same class modulo (k ) 2. This also proves that the map is injective. As for the surjectivity, it is enough to see that y 2 = x 3 + Au 2 x + Bu 3 has the same j-invariant than E A,B and is mapped to ub/a hence can span all k. 6. When k = F q, one knows that k /(k ) 2 is of order 2. This quadratic twist can be written y 2 = x 3 + Au 2 x + Bu 3 where u is a non-square element in k. 8.4 1. On has that ( f g) i j (y) = ( x j 3 k=1 f (g(y)) g(k) (y)) x k x i where g (k) is the kth line of g seen as a linear function. In particular it shows that g(k) x i (y) = g k,i. Let us resume the computation So ( f g) i j (y) = 3 3 l=1 k=1 f (g(y))g l, j g k,i x l x k = ( t ghessian Matrix( f )(g(y))g) i, j and taking the determinant we get the result. 2. From x 1 f 1 + x 2 f 2 + x 3 f 3 = f deg f, one gets Hessian Matrix( f g) = t ghessian Matrix( f ) gg x 1 f 11 + x 2 f 21 + x 3 f 31 = deg( f 1 ) f 1 and similarly for f 2 and f 3. Now x1h( 2 x1 2 f ) = f 11 x 1 f 12 x 1 f 13 x 1 f 21 f 22 f 23 x 1 f 31 f 23 f 33 = n(n 1) f (n 1) f 2 (n 1) f 3 = (n 1) f 2 f 22 f 23 (n 1) f 3 f 23 f 33 x 1 (x 1 f 11 + x 2 f 21 + x 3 f 31 (n 1) f 2 (n 1) f 3 x 1 f 21 f 22 f 23 x 1 f 31 f 23 f 33 first by replacing L 1 by L 1 + x 2 L 2 + x 3 L 3 and then C 1 by C 1 + x 2 C 2 + x 3 C 3. 3. Note that the covariance of H shows that we can reduce the problem to the form f g 1. A quick computation shows that r = 0 if and only if H( f g 1 )(1 : 0 : 0) = 0 when p does not divide 2(n 1). 8.5 This is from [0]. After a transformation of GL 3 ( k), we can assume that P = (0 : 0 : 1) s a flex with tangent x = 0. The polynomial F(0,y,1) has 0 as triple root, so we see that F = cz 3 + XL(X,Y )Z 2 + +P 3 (X,Y )Z 3 + P 4 (X,Y ).

116 Chapter 10. Solutions of the exercises We can normalize with c = 1 and when chark 3, the change of variables Z Z L(X,Y )/3 allows to eliminate the term in Z 2. We therefore get F = XZ 3 + Z p i X 3 i Y i + q j X 4 j Y j. Now if p 3 0, we are going to make a change of variables of the form (X : Y : Z) (rx : sy : t : Z) and we divide the resulting equation by rt 3 so the leading coefficient of F is 1. Doing so the coefficient p 3 becomes p 3 s 3 /(rt 2 ). Taking r = p 3,s = t = 1 makes this coefficient at 1. When chark 3, we can now do Y Y p 2 X/3 to eliminate the coefficient p 2. This model is not changed if we do further transformation with s 3 = rt 2, i.e. (r : s : t) = (1 : u 2 : u 3 ). If q 4 is not zero we can use this transformation to make it 1. If p 3 = 0, then q 4 0 otherwise the curve C has a singular point of the form (0 : x 0 : y 0 ). A diagonal change of variables allows to take q 4 = 1. When chark 2, the change of variables Y Y q 3 X/2 eliminates the coefficient q 3. As for the question on the number of points, this is a simple application of Hasse-Weil-Serre bound: we have that #C(F q ) 1 + q 3 2 q which is stricly greater than 0 as soon as q > 29. 8.9 1. Let us denote f i : C i P 1 the quotients by the involutions. Let us consider φ 1 ι 1 φ : C 2 C 2. This is an involution of C 2 which induces φ f1 : K 1 k(c 2 ), hence a degree 2 map from C 2 P 1. This map is then the hyperelliptic involution ι 2 and therefore if g K 2, one gets φ g = g φ = g ι 2 φ = g φ ι 1, so φ g K 1. 2. An [ automorphism ] of P 1 is linear, i.e. of the form (X : Z) (ax + bz : cx + dz), with a b GL c d 2 (k). So we have the result since φ : X 1 X 2. 3. Looking at k(c i ) as a 2-dimensional vector space over k(x i ) with basis 1,Y i, we get that there exists a,b, c,,d k(x 1 ) such that φ maps 1,Y 1 to X 2,Y 2 by X 2 = a + b Y 1 and Y 2 = c + d Y 1. But we have seen X 2 = (ax 1 + b)/(cx 1 + d) so b = 0. Now let write c = Q 1 /S 1 and d = P 1 /T 1 then Y 2 = Q 1 /S 1 + P 1 /T 1 Y 1 = ((P 1 S 1 )Y 1 + Q 1 T 1 )/(S 1 T 1 ) which is the expected form with R = 0. 4. Now let us write ( ) ( ) ax1 + b P(X1 )Y 1 + Q(X 1 ) 2 f 2 =. cx 1 + d S(X 1 ) P(X 1 ) 0 since f 2 is square free. So we get ( ) ax1 + b Y 1 (2PQ) = f 2 S 2 P 2 f 1 Q 2 cx 1 + d ( ) The second member belongs to k(x 1 ) so Q = 0. Now S 2 f ax1 +b 2 cx 1 +d = P 2 f 1 k[x 1 ] implies that (cx 1 + d) 2g+1 S 2 (and therefore with a power 2g + 2 since it is a square). and by degree comparison we get S = (cx 1 + d) g+1.

Bibliography Articles [0] Shreeram Abhyankar. Remark on Hessians and flexes. In: Nieuw Arch. Wisk. (3) 11 (1963), pages 110 117 (cited on pages 95, 103). [0] Alp Bassa et al. Towers of function fields over non-prime finite fields. In: Mosc. Math. J. 15.1 (2015), pages 1 29, 181 (cited on page 67). [0] Enrico Bombieri. Counting points on curves over finite fields (d après S. A. Stepanov). In: (1974), 234 241. Lecture Notes in Math., Vol. 383 (cited on page 5). [0] G. Cardona, E. Nart, and J. Pujolàs. Curves of genus two over fields of even characteristic. In: Math. Zeitschrift 250 (2005), pages 177 201 (cited on page 44). [0] Max Deuring. Die Typen der Multiplikatorenringe elliptischer Funktionenkörper. In: Abh. Math. Sem. Hansischen Univ. 14 (1941), pages 197 272 (cited on page 61). [0] T. Fisher. A formula for the Jacobian of a genus one curve of arbitrary degree. In: ArXiv e-prints (2015) (cited on page 43). [0] E. Hallouin and M. Perret. From Hodge Index Theorem to the number of points of curves over finite fields. In: ArXiv e-prints (2014) (cited on page 54). [0] Marc Hindry. La preuve par André Weil de l hypothèse de Riemann pour une courbe sur un corps fini. In: (2012), pages 63 98 (cited on pages 5, 54). [0] E. Kani and M. Rosen. Idempotent relations and factors of Jacobians. In: Math. Ann. 284.2 (1989), pages 307 327 (cited on page 82). [0] Andrew Kresch, Joseph L. Wetherell, and Michael E. Zieve. Curves of every genus with many points. I. Abelian and toric families. In: J. Algebra 250.1 (2002), pages 353 370 (cited on page 58). [0] Reynald Lercier et al. Parametrizing the moduli space of curves and applications to smooth plane quartics over finite fields. In: LMS J. Comput. Math. 17.suppl. A (2014), pages 128 147 (cited on pages 95, 104).

118 Chapter 10. Solutions of the exercises [0] D. Mumford. On the equations defining abelian varieties. I. In: Invent. Math. 1 (1966), pages 287 354 (cited on page 71). [0] Enric Nart and Christophe Ritzenthaler. Genus three curves with many involutions and application to maximal curves in characteristic 2. In: 521 (2010), pages 71 85 (cited on pages 5, 81). [0] P. Roquette. Abschätzung der Automorphismenanzahl von Funktionenkörpern. In: Math. Z. 117 (1970), pages 157 163 (cited on page 97). [0] B. Saint-Donat. On Petri s analysis of the linear system of quadrics through a canonical curve. In: Math. Ann. 206 (1973), pages 157 175 (cited on page 47). [0] René Schoof. Counting points on elliptic curves over finite fields. In: J. Théor. Nombres Bordeaux 7.1 (1995). Les Dix-huitièmes Journées Arithmétiques (Bordeaux, 1993), pages 219 254 (cited on page 60). [0] Tetsuji Shioda. Plane quartics and Mordell-Weil lattices of type E 7. In: Comment. Math. Univ. St. Paul. 42.1 (1993), pages 61 79 (cited on page 113). [0] William A. Stein. There are genus one curves over Q of every odd index. In: J. Reine Angew. Math. 547 (2002), pages 139 147 (cited on page 43). [0] John Tate. Endomorphisms of abelian varieties over finite fields. In: Invent. Math. 2 (1966), pages 134 144 (cited on pages 71, 81). [0] C.T.C Wall. Quartic curves in characteristic 2. In: Math. Proc. Cambridge Phil. Soc. 117 (1995), pages 393 414 (cited on pages 95, 104). Books [0] E. Arbarello et al. Geometry of algebraic curves, Vol. I. Volume 267. Grundlehren der Mathematischen Wissenschaften, Springer-Verlag, New-York, 1985 (cited on pages 5, 29, 33, 37, 47). [0] M. F. Atiyah and I. G. Macdonald. Introduction to commutative algebra. Addison-Wesley Publishing Co., Reading, Mass.-London-Don Mills, Ont., 1969, pages ix+128 (cited on page 19). [0] Christina Birkenhake and Herbert Lange. Complex abelian varieties. Second. Volume 302. Grundlehren der Mathematischen Wissenschaften [Fundamental Principles of Mathematical Sciences]. Berlin: Springer-Verlag, 2004, pages xii+635 (cited on page 5). [0] Henri Cohen et al., editors. Handbook of elliptic and hyperelliptic curve cryptography. Discrete Mathematics and its Applications (Boca Raton). Chapman & Hall/CRC, Boca Raton, FL, 2006, pages xxxiv+808 (cited on page 5). [0] Gary Cornell and Joseph H. Silverman, editors. Arithmetic geometry. Papers from the conference held at the University of Connecticut, Storrs, Connecticut, July 30 August 10, 1984. Springer-Verlag, New York, 1986, pages xvi+353 (cited on pages 5, 70 72, 74, 78). [0] David A. Cox, John Little, and Donal O Shea. Ideals, varieties, and algorithms. Fourth. Undergraduate Texts in Mathematics. An introduction to computational algebraic geometry and commutative algebra. Springer, Cham, 2015, pages xvi+646 (cited on pages 5, 12). [0] Olivier Debarre. Tores et variétés abéliennes complexes. Volume 6. Cours Spécialisés [Specialized Courses]. Société Mathématique de France, Paris; EDP Sciences, Les Ulis, 1999, pages vi+125 (cited on pages 5, 15).

119 [0] William Fulton. Algebraic curves. An introduction to algebraic geometry. Notes written with the collaboration of Richard Weiss, Mathematics Lecture Notes Series. W. A. Benjamin, Inc., New York-Amsterdam, 1969, pages xiii+226 (cited on pages 23, 28). [0] P. Griffiths and J. Harris. Principles of algebraic geometry. Wiley Classics Library. Reprint of the 1978 original. New York: John Wiley & Sons Inc., 1994, pages xiv+813 (cited on page 5). [0] A. Grothendieck. Revêtements étales et géométrie algébrique (SGA 1). Volume 224. Lecture Notes in Math. Heidelberg: Springer-Verlag, 1971 (cited on page 97). [0] R. Hartshorne. Algebraic geometry. Graduate Texts in Mathematics, No. 52. New York: Springer-Verlag, 1977, pages xvi+496 (cited on pages 5, 18, 20, 22, 24 26, 28, 33, 38, 39, 44, 45). [0] J. W. P. Hirschfeld, G. Korchmáros, and F. Torres. Algebraic curves over a finite field. Princeton Series in Applied Mathematics. Princeton University Press, Princeton, NJ, 2008, pages xx+696 (cited on page 72). [0] Frances Kirwan. Complex algebraic curves. Volume 23. London Mathematical Society Student Texts. Cambridge University Press, Cambridge, 1992, pages viii+264 (cited on page 16). [0] Qing Liu. Algebraic geometry and arithmetic curves. Volume 6. Oxford Graduate Texts in Mathematics. Translated from the French by Reinie Erné, Oxford Science Publications. Oxford University Press, Oxford, 2002, pages xvi+576 (cited on pages 5, 45). [0] Rick Miranda. Algebraic curves and Riemann surfaces. Volume 5. Graduate Studies in Mathematics. American Mathematical Society, Providence, RI, 1995, pages xxii+390 (cited on pages 5, 30, 33, 47). [0] David Mumford. The red book of varieties and schemes. expanded. Volume 1358. Lecture Notes in Mathematics. Includes the Michigan lectures (1974) on curves and their Jacobians, With contributions by Enrico Arbarello. Springer-Verlag, Berlin, 1999, pages x+306 (cited on page 47). [0] David Mumford. Abelian varieties. Volume 5. Tata Institute of Fundamental Research Studies in Mathematics. With appendices by C. P. Ramanujam and Yuri Manin, Corrected reprint of the second (1974) edition. Published for the Tata Institute of Fundamental Research, Bombay, 2008, pages xii+263 (cited on pages 72, 73). [0] Nghi Huu Nguyen. Whitney theorems and Lefschetz pencils over finite fields. Thesis (Ph.D.) University of California, Berkeley. ProQuest LLC, Ann Arbor, MI, 2005, page 77 (cited on page 39). [0] Daniel Perrin. Géométrie algébrique. Savoirs Actuels. [Current Scholarship]. Une introduction. [An introduction]. InterEditions, Paris; CNRS Éditions, Paris, 1995, pages xii+303 (cited on pages 5, 11, 14). [0] Pierre Samuel. Algebraic theory of numbers. Translated from the French by Allan J. Silberger. Houghton Mifflin Co., Boston, Mass., 1970, page 109 (cited on page 27). [0] Wolfgang Schmidt. Equations over finite fields: an elementary approach. Second. Kendrick Press, Heber City, UT, 2004, pages x+333 (cited on page 57). [0] Jean-Pierre Serre. Algebraic groups and class fields. Volume 117. Graduate Texts in Mathematics. Translated from the French. Springer-Verlag, New York, 1988, pages x+207 (cited on pages 5, 30, 33, 81). [0] Joseph H. Silverman. The arithmetic of elliptic curves. Volume 106. Graduate Texts in Mathematics. Corrected reprint of the 1986 original. New York: Springer-Verlag, 1992, pages xii+400 (cited on pages 5, 23, 38, 70, 94, 102).

120 Chapter 10. Solutions of the exercises [0] Joseph H. Silverman. Advanced topics in the arithmetic of elliptic curves. Volume 151. Graduate Texts in Mathematics. Springer-Verlag, New York, 1994, pages xiv+525 (cited on page 72). [0] Karen E. Smith et al. An invitation to algebraic geometry. Universitext. Springer-Verlag, New York, 2000, pages xii+155 (cited on pages 5, 45). [0] H. Stichtenoth. Algebraic Function Fields and Codes. Lectures Notes in Mathematics 314. Springer-Verlag, 1993 (cited on pages 23, 33, 38, 45). [0] M. A. Tsfasman and S. G. Vlăduţ. Algebraic-geometric codes. Volume 58. Mathematics and its Applications (Soviet Series). Translated from the Russian by the authors. Kluwer Academic Publishers Group, Dordrecht, 1991, pages xxiv+667 (cited on pages 5, 62).

Index A Abelian variety......................... 72 Algebraic set affine.............................. 11 projective.......................... 16 B Birational map.......................... 19 C Canonical divisor....................... 31 Coordinate ring......................... 13 Curve hyperelliptic........................ 46 non hyperelliptic.................... 46 Curves genus 0............................ 44 genus 1............................ 45 genus 2............................ 45 genus 3............................ 48 genus 4............................ 49 D Degree................................. 25 differential forms....................... 30 regular............................. 31 Dimension affine.............................. 13 projective.......................... 18 Divisor.................................28 degree............................. 28 function............................28 linearly equivalent.................. 28 rational............................ 28 F Function pole............................... 21 zero............................... 21 Function field...........................13 projective.......................... 18 G Genus.................................. 31 H Homogeneous polynomial............... 16 I Isogeny................................ 73 J Jacobian................................71