Group Law for elliptic Curves

Similar documents
LECTURE 7, WEDNESDAY

ELLIPTIC CURVES BJORN POONEN

LECTURE 5, FRIDAY

Elliptic Curves and Public Key Cryptography

LECTURE 10, MONDAY MARCH 15, 2004

Projective Spaces. Chapter The Projective Line

Introduction to Arithmetic Geometry Fall 2013 Lecture #23 11/26/2013

On the Torsion Subgroup of an Elliptic Curve

IRREDUCIBILITY OF ELLIPTIC CURVES AND INTERSECTION WITH LINES.

Elliptic Curves: An Introduction

LINEAR ALGEBRA KNOWLEDGE SURVEY

Theorem 6.1 The addition defined above makes the points of E into an abelian group with O as the identity element. Proof. Let s assume that K is

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

COMPLEX MULTIPLICATION: LECTURE 13

LECTURE 18, MONDAY

COMPLEX MULTIPLICATION: LECTURE 14

(II.B) Basis and dimension

ALGEBRAIC GEOMETRY HOMEWORK 3

The group law on elliptic curves

Finite affine planes in projective spaces

COMPLEX ALGEBRAIC SURFACES CLASS 15

Lecture 11. Andrei Antonenko. February 26, Last time we studied bases of vector spaces. Today we re going to give some examples of bases.

Arithmetic Progressions Over Quadratic Fields

Abstract Vector Spaces and Concrete Examples

Examples of numerics in commutative algebra and algebraic geo

Algebraic Geometry: Elliptic Curves and 2 Theorems

div(f ) = D and deg(d) = deg(f ) = d i deg(f i ) (compare this with the definitions for smooth curves). Let:

Points of Finite Order

Introduction to Arithmetic Geometry

Projective space. There are some situations when this approach seems to break down; for example with an equation like f(x; y) =y 2 (x 3 5x +3) the lin

Local properties of plane algebraic curves

SPECIAL POINTS AND LINES OF ALGEBRAIC SURFACES

2.3. VECTOR SPACES 25

CS 259C/Math 250: Elliptic Curves in Cryptography Homework 1 Solutions. 3. (a)

APPM 3310 Problem Set 4 Solutions

The Group Structure of Elliptic Curves Defined over Finite Fields

Elliptic curve cryptography. Matthew England MSc Applied Mathematical Sciences Heriot-Watt University

Math 550 Notes. Chapter 2. Jesse Crawford. Department of Mathematics Tarleton State University. Fall 2010

LECTURE 2 FRANZ LEMMERMEYER

Polynomials. Math 4800/6080 Project Course

Method of Lagrange Multipliers

A Very Elementary Proof of a Conjecture of B. and M. Shapiro for Cubic Rational Functions

Curtis Heberle MTH 189 Final Paper 12/14/2010. Algebraic Groups

MATH 221: SOLUTIONS TO SELECTED HOMEWORK PROBLEMS

Arithmetic Progressions over Quadratic Fields

2.1 Affine and Projective Coordinates

Vector Spaces. 9.1 Opening Remarks. Week Solvable or not solvable, that s the question. View at edx. Consider the picture

12. Linear systems Theorem Let X be a scheme over a ring A. (1) If φ: X P n A is an A-morphism then L = φ O P n

MATH 115, SUMMER 2012 LECTURE 12

FOUNDATIONS OF ALGEBRAIC GEOMETRY CLASS 48

MAS345 Algebraic Geometry of Curves: Exercises

Introduction to Vectors

Lesson 3: Using Linear Combinations to Solve a System of Equations

Systems of Linear Equations

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

LB 220 Homework 4 Solutions

Exercises for algebraic curves

Some new families of positive-rank elliptic curves arising from Pythagorean triples

Elliptic curves and modularity

Points of Ninth Order on Cubic Curves

Elliptic Curves and Mordell s Theorem

Projections of Veronese surface and morphisms from projective plane to Grassmannian

Intersection Theory I

AN ELEMENTARY PROOF OF THE GROUP LAW FOR ELLIPTIC CURVES

COMPLEX ALGEBRAIC SURFACES CLASS 9

Without fully opening the exam, check that you have pages 1 through 11.

Chapter 4: Higher-Order Differential Equations Part 1

INTRODUCTION TO ELLIPTIC CURVES

Secant varieties. Marin Petkovic. November 23, 2015

1 Last time: determinants

Formal groups. Peter Bruin 2 March 2006

THERE ARE NO ELLIPTIC CURVES DEFINED OVER Q WITH POINTS OF ORDER 11

1 Quadratic Functions

Porteous s Formula for Maps between Coherent Sheaves

Math Topics in Algebra Course Notes: A Proof of Fermat s Last Theorem. Spring 2013

Elliptic Curves. Dr. Carmen Bruni. November 4th, University of Waterloo

Linear Algebra Practice Problems

1.5 Inverse Trigonometric Functions

Torsion Points of Elliptic Curves Over Number Fields

Computing a Lower Bound for the Canonical Height on Elliptic Curves over Q

A WHIRLWIND TOUR BEYOND QUADRATICS Steven J. Wilson, JCCC Professor of Mathematics KAMATYC, Wichita, March 4, 2017

Introduction to Arithmetic Geometry Fall 2013 Lecture #2 09/10/2013

Notes on Linear Algebra I. # 1

February 20 Math 3260 sec. 56 Spring 2018

August 23, 2017 Let us measure everything that is measurable, and make measurable everything that is not yet so. Galileo Galilei. 1.

A very simple proof of Pascal s hexagon theorem and some applications

WHY POLYNOMIALS? PART 1

10. Noether Normalization and Hilbert s Nullstellensatz

Math 1060 Linear Algebra Homework Exercises 1 1. Find the complete solutions (if any!) to each of the following systems of simultaneous equations:

x x2 2 + x3 3 x4 3. Use the divided-difference method to find a polynomial of least degree that fits the values shown: (b)

UNC Charlotte Super Competition Level 3 Test March 4, 2019 Test with Solutions for Sponsors

1 Last time: inverses

CITY UNIVERSITY. London

ELLIPTIC CURVES OVER FINITE FIELDS

Week 4: Differentiation for Functions of Several Variables

THE ENVELOPE OF LINES MEETING A FIXED LINE AND TANGENT TO TWO SPHERES

where m is the maximal ideal of O X,p. Note that m/m 2 is a vector space. Suppose that we are given a morphism

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Math 24 Spring 2012 Questions (mostly) from the Textbook

18.06 Problem Set 1 Solutions Due Thursday, 11 February 2010 at 4 pm in Total: 100 points

Transcription:

Group Law for elliptic Curves http://www.math.ku.dk/ verrill/grouplaw/ (Based on Cassels Lectures on Elliptic curves, Chapter 7) 1 Outline: Introductory remarks Construction of the group law Case of finding 2 need nonsingularity example of 2 torsion point Bezouts theorem (statement) cubic meets a line in 3 points Note that + B is in E(k), not just E(k) We have abelian group: the three easy properties ssociativity Statement of a lemma needed Proof of associativity, assuming the lemma and simple case of Bezout Sketch proof of lemma 2 Introduction The group law for an elliptic curve E over some field k is a map E(k) E(k) E(k) (, B) + B that gives E(k) the structure of an abelian group. This means that given any two points P and Q on E(k) there is a way of adding them together to get a third point. For E over Q it will turn out that E(Q) is a finitely generated abelian group, which means you can describe how to give all the points on E(Q) by giving a finite list of points. We will now describe 1) What is the group law. 2) Why does the construction work i.e., that the construction is well defined, and that it gives E(k) the structure of an abelian group. 3) If there s any time: Examples 1

3 Definition of the group law We will assume that our elliptic curve is given in Weierstrass form, E : Y 2 Z + a 1 XY Z + a 3 Y Z 2 = X 3 + a 2 X 2 Z + a 4 XZ 2 + a 6 Z 3 The group law is given by taking 1) The zero of the group is O = (0 : 1 : 0) 2) Given any two points, B E(k), define + B as in the following diagrams. 0. n elliptic curve, E: 1. Take any two points and B on E. B 2 Ḋraw the line L1 through and B. Let C be the third point on E L 1 C B L 1 3. Let L2 be the vertical line through C. Then + B is the other (non infinite) point on E L 2 C L 1 B + B L 2 2

Does this definition make sense? Why does a line meet the elliptic curve in 3 points? nd what do we do if = B and we want to find 2? If = B the constuction works like this: L 1 is tangent to E at. L 1 C 2 L 2 For the construction of the point 2 to work we need that there is a tangent line, and this will be the case since the curve E is non-singular. The tangent at is given by df dx X + df dy Y + df dz Z = 0 nother example: If = (0 : b : 1) then 2 = O. L 1 = L 2 3

That a line meets a cubic in three points is a special case of Bezout s Theorem: Theorem 3.1 (Bezout). If C and D are curves given by homogeneous equations in X, Y, Z, of degrees c and d, then, assuming C and D do not have an infinite number of points in common (which happens e.g., when C = D), then #{C D} c.d. If we work over an algebarically closed field, and intersection points are counted with multiplicity, we have an equality: i(c, D; P ) = c.d, P C D where i(c, D; P ) is the intersection multiplicty of C and D at P. (See below for a definition in a simple case. For more details: Fulton, Hartshorn, or Semple and Roth, (lgebraic curves, Chapter II, 2,Theorem 3.)) Special case of Bezout: cubic curve meets a line in three points: Suppose the cubic curve is given by F (X, Y, Z) = 0 where F has degree 3. Suppose the line is given by ax + by + cz = 0 One of a, b or c is non zero. Suppose c 0, so points on the line are given by Z = (ax + by )/c. Then where the line and cubic intersect, we have F (X, Y, (ax + by )/c) = 0. This is a homogeonous polynomial in two variables, so it looks like α 1 X 3 + α 2 X 2 Y + α 3 XY 2 + α 4 Y 3 = 0 If Y = 0 is not a solution, then dividing by Y 3 we have ( ) 3 ( ) 2 ( ) X X X α 1 + α 2 + α 3 + α 4 = 0 Y Y Y By the fundamental theorem of algeorba, over an algebraically closed field we can factor this polynomial as for example: ( ( ) ) ( ( ) ) ( ( ) ) X X X a 1 + b 1 a 2 + b 2 a 3 + b 3 = 0 Y Y Y Multiplying back through by Y 3, we have (a 1 X + b 1 Y ) (a 2 X + b 2 Y ) (a 3 X + b 3 Y ) = 0 If Y = 0 is a solution, we ll still be able to factor the original polynomial like this. So, there are three solutions, giving three points on the intersection of the line with the conic. The multiplicity of a root is the number of times the factor occurs in this factorization. 4

Example 3.2. For the curve Take the line E : Y 2 Z = X 3 X 2 L : X = 0 then substituting the equation for L into the equation for E we get Y 2 Z = 0. There are three factors of this cubic, Y, Y and Z. If Y = 0, we get the point (0 : 0 : 1). Since this factor has multiplicity two, the line L intersects E with multiplicity 2 at (0 : 0 : 1). The third point of intersection is O = (0 : 1 : 0). Reference: For a proof of Bezouts theorem see Fulton (lgebraic curves) or Hartshorn (lgebraic Geometry). Some special cases are given by Reid (undergraduate algebraic geometry). Semple and Roth give a classical view point. Note: For, B E(k) we have + B E(k). If a cubic has coefficients in k and two roots in k, then the third root is in k. This implies + B E(k). Note: if, B, C on E are on a line, then + B + C = O. Note: You can give explicit formulars for the coordinates of + B in terms of the coordinates for and B. 4 We have an abelian group on E(k) We need to check the following: 1) O + = for all E(k). (easy) 2) For every point = (a, b) there is an inverse given by (a, b). (easy) 3) + B = B +. (easy) 4) The group law is associative. (hard!) 5 associativity Lemma 5.1. If P 1,... P 8 are points in P 2, no 4 on a line, and no 7 on a conic, then there is a 9th point Q such that an cubic through P 1,... P 8 also passes through Q. Proof of ssociativity of the group law on an elliptic curve: ssuming the lemma, and Bezout s theorem, we now give a proof of associativity. (For a complete proof see Hartshone, ChapterV, 4, corollary 4.5.) We need to show that for, B, C we have So it s enough to show that ( + B) + C = + (B + C) (( + B) + C) = ( + (B + C)) 5

Consider the following lines: L 1 is the line through, B, ( + B) L 2 is the line through + B, C, (( + B) + C) L 3 is the line through B + C, O, (B + C) N 1 is the line through + B, O, ( + B) N 2 is the line through B, C, (B + C) N 3 is the line through, B + C, ( + (B + C)) We can draw a picture to represent all the above information, and we also lable a point D where L 2 intersects N 3 : L 3 B + C (B + C) O ( + (B + C)) L 2 D C + B L 1 B ( + B) N 3 N 2 N 1 (( + B) + C) This picture should be taken as a reminder of which lines pass through which points, not as a remotely accurate drawing. Remember, our elliptic curve is in the background, also passing through these points: L 3 B + C (B + C) O L 2 D C + B L 1 B N 3 N 2 N 1 ( + B) 6

(gain, this is not what an accurate picture would look like! lso note, we don t know E passes through D. This is what we want to show.) We know that ((+B)+C) lies on L 2, because this is how L 2 was defined. nd we know that ( + (B + C)) lies on N 3, because this is how N 3 was defined. But we d like these points to be equal, ie, they must both be equal to the point D which is on L 2 N 3. Now we have two cubic curves, (L 1 L 2 L 3 = 0) and (N 1 N 2 N 3 = 0) We know by construction that these both pass through the eight points O,, B, C, + B, B + C, ( + B), (B + C), By Bezout s theorem we know that two cubics intersect in 9 points, and we call the 9th point D. By the lemma (assuming conditions are satisfied so we can apply the lemma) we know that any other cubic through these 8 points also passes through D. So, since E is through these 8 points, it also passes through D. So on N 1 N 2 N 3 E we have the points O,, B, C, + B, B + C, ( + B), (B + C), ( + (B + C)), D But since there are only 9 points on a line intersect a cubic, two of these must be equal, but, by definition, D is not equal to any of the first 8, so we have D = ( + (B + C)). Similarly, by considering the 10 labeled points on L 1 L 2 L 2 E, we will have D = (( + B) + C)). So, we have ( + (B + C)) = D = (( + B) + C)), and this completes the proof of associativity. filling in details 1) The lemma does apply: No four of the points O,, B, C, + B, B + C, ( + B), (B + C), can lie on a line, since if those four points are on L, then since they are also on E, we have that #{L E} 4, which contradicts Bezouts theorem. lso, no 7 can lie on a conic, since 7 are on a conic C, since they are also on E, so #{C E} 7, which again contradicts Bezouts theorem. (Conic has degree 2, cubic degree 3, and 2.3 = 6.) 7

2) Sketch proof of lemma: We want to show that given points P 1,... P 8, no 4 on a line, no 7 on a conic, there is a 9th point Q so that all cubics through P 1,... P 9 also pass through Q. ny cubic curve is given by an equation of the form f(x, Y, Z) = a 1 X 3 + a 2 X 2 Y + a 3 X 2 Z + a 4 XY 2 + a 5 XZ 2 +a 6 XY Z + a 7 Y 3 + a 8 Y 2 Z + a 9 Y Z 2 + a 10 Z 3 = 0 Given any cubics we can add them together to get a another, just by adding the coefficients; and we can also multiply by any element of k. So the cubic equations form a vector space of dimension 10, and any cubic corresponds to a point: (a 1, a 2, a 3, a 4, a 5, a 6, a 7, a 8, a 9, a 10 ) k 10 To say a point lies on a cubic curve given by an equation f(x, Y, Z) as above puts a linear condition on the coefficients (a i ) for example, if we say that (1, 1, 1) must lie on f(x, Y, Z) = 0, then we must have f(1, 1, 1) = 0, so we must have f(1, 1, 1) = a 1 + a 2 + a 3 + a 4 + a 5 + a 6 + a 7 + a 8 + a 9 + a 10 = 0. Or, if (1, 0, 0) is on (f(x, Y, Z) = 0), we must have f(1, 0, 0) = a 1 = 0. Generally, saying that a point is on the cubic puts a linear condition on the space of cubic. So, the space of all cubics is 10 dimensional. The space of cubics through a given point, for example, the space of cubics passing through (1, 0, 0) is 9 dimensional. Each extra point we require to be on a set of cubics will reduce the dimension by 1, provided that the conditions are linealy independent. It turns out that to make the conditions imposed by 8 points linearly independent, we need that no 4 points are on a line, and no 7 on a conic. (Hartshone, page 400 proves this). So, assuming that our points give linealry independent conditions, the space of cubics through P 1,... P 8 is 10 8 = 2 dimensional. So, this two dimensional vector space is spanned by 2 things, call them F 1 and F 2. That they span this space means that all the points P 1,... P 8 lie on both (F 1 = 0) and on (F 2 = 0), and that for any other curve (G = 0) through these points, that curve is in this subspace, and so can be expressed in terms of the basis, so for some µ, ν we have G = µf 1 + νf 2. By Bezout s theorem, #{F 1 F 2 } = 9. So, there is another point Q on (F 1 = 0) and (F 2 = 0), so we have F 1 (Q) = F 2 (Q) = 0. This means that G(Q) = µf 1 (Q) + νf 2 (Q) = 0 + 0 = 0. So Q is also on G = 0. So, there is a ninth point, Q lying on all cubics through P 1,... P 8. 8

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback