Elliptic Curves and the Mordell-Weil Theorem

Elliptic Curves and the Mordell-Weil Theorem Jake Marcinek September 26, 2013 Abstract This paper introduces the notion of elliptic curves with an emphasis on elliptic curves defined over Q and their rational points. Some algebraic number theory and algebraic geometry is developed in order to prove the Mordell-Weil Theorem. Contents 1 Introduction 2 1.1 Goals of this paper........................ 2 1.2 Introduction to elliptic curves.................. 3 2 Some Algebraic Geometry 5 2.1 Some notes on Div(C) and Pic(C)................ 5 2.2 Application to elliptic curves................... 9 3 Some Algebraic Number Theory 11 4 Elliptic curves over C 16 5 Preliminary constructions on elliptic curves 19 5.1 Weil Pairing............................ 19 5.2 Reduction of elliptic curves.................... 21 5.3 Galois Cohomology and Kummer Theory............ 23 1

6 Elliptic curves over Q 27 6.1 Lutz-Nagell............................ 27 6.2 Mordell-Weil............................ 28 6.2.1 Weak Mordell-Weil.................... 29 6.2.2 Descent Procedure.................... 34 1 Introduction 1.1 Goals of this paper In Section 1, we will introduce a specific kind of plane curve called an ellilptic curve. We define an addition on the points of such a curve making the set of points in a field into an abelian group. A brief background in algebraic geometry is provided in Section 2 to justify and motivate the definitions of elliptic curves and their group structure. The group structure of the elliptic curve varies greatly depending on the field from which the coordinates of the points are taken. The R-points on an elliptic curve are not discussed in this paper but it is easy to see that they form a group isomorphic to the circle group, S 1, or two copies of the circle group, S 1 Z/2Z, depending on how many times the curve intersects the x-axis. The C-points on an elliptic curve are discussed in Chapter 4. They form a group topologically isomorphic to a torus (see Theorem 4.12). Elliptic curves over finite fields are obviously finite groups (as the projective plane over a finite field has finitely many points) and are used in Sections 5 and 6 to simplify computations and proofs of results for elliptic curves over Q. In Section 6, we conclude with the focus of this paper, the Q-points on elliptic curves. The group structure of the rational points is more subtle than that of points over R, C, or finite fields. Our goal will be to explain the structure theory of this group. The discussion will culminate with Main Theorem (Mordell-Weil). The group of Q-points on an elliptic curve defined over Q is finitely generated. This generalizes to the K-points on an elliptic curve defined over K for any number field K. In order to prove this theorem, Section 3 develops some background in algebraic number theory and Section 5 discusses tools for simplifying computation on elliptic curves and aspects of Galois cohomology. 2

1.2 Introduction to elliptic curves Fix a field K and an algebraic closure K. An elliptic curve over K is a nonsingular curve over K of genus 1 with a specified base point. Using algebraic geometry, it can be shown that any such curve can be embedded in P 2 (K) as the locus of a cubic equation with only one point, the base point, on the line at infinity. Thus any elliptic curve is the solution set of a corresponding Weierstrass equation Y 2 Z + a 1 XY Z + a 3 Y Z 2 = X 3 + a 2 X 2 Z + a 4 XZ 2 + a 6 Z 3 with base point O = [0, 1, 0] and a i K. We often write the Weierstrass equation using non-homogeneous coordinates x = X/Z and y = Y/Z, E : y 2 + a 1 xy + a 3 y 2 = x 3 + a 2 x 2 + a 4 x + a 6 (1) keeping in mind the extra point at infinity, O. If each a i K, then we say E is defined over K and denote this by E/K. For any field extension L/K, we let E(L) = {O} {(x, y) L 2 x, y satisfy the Weierstrass equation}. Suppose E/K is an elliptic curve and chark 2, then through a change of variables, we may always simplify the Weierstrass equation to the form E : y 2 = f(x) = 4x 3 + b 2 x 2 + 2b 4 x + b 6. (2) Here we define two fundamental constants associated to such an elliptic curve and Weierstrass equation Definition 1.1. The discriminant of the Weierstrass equation,, and the j-invariant of the elliptic curve, j, are given by = (E) = 16Disc(f) = b 2 2b 8 8b 3 4 27b 2 6 + 9b 2 b 4 b 6, (3) j = j(e) = b2 2 24b 4. (4) If we further assume chark 2, 3, then the Weierstrass equation may be further simplified to the form E : y 2 = f(x) = x 3 + Ax + B. (5) With a Weierstrass equation of this form, it is easy to check that = 16(4A 3 + 27B 2 ) and j = 1728 (4A)3. (6) 3

Proposition 1.2. Let E and E be two elliptic curves defined over K. (a) Say E/K is defined over K and is given by the Weierstrass equation in Equation (2). Then (i) E is nonsingular if and only if = 0, (ii) E has a node if and only if = 0, b 2 2 24b 4 0, (iii) E has a cusp if and only if = 0, b 2 2 24b 4 = 0. 1 (b) The two elliptic curves E and E are isomorphic if and only if j(e) = j(e ). (c) Take any j 0 K. Then there is an elliptic curve E /K(j 0 ) with j(e ) = j 0. For a proof, see Chapter 3 of [Si09]. To conclude the introduction, we describe the group law on elliptic curves. Suppose E/K is an elliptic curve, L/K is any field extension, and P, Q E(L). Let l be the unique line through P and Q. 2 By the cubic nature of the elliptic curve, counting points with multiplicity, l intersects E at a unique third point, R P 2 (L). Let v R be the unique line through R and O and set P + Q to be the third intersection point of E(L) and v R. This construction in fact gives an abelian group structure to E(L). It is clear that O + P = P + O = P for any P E(L) so O is the identity. For inverses, it is easy to see that for any P E(L), v P E(L) = {O, P, P }. Commutativity is also obvious. The only axiom that is nontrivial to check is associativity which can be shown via heavy yet direct computation. Rather than working through this computation, we give another proof in Section 2 (Proposition 2.16). 1 Note that for a Weierstrass equation in equation (5), we have b 2 2 24b 4 = 0 if and only if A = 0. 2 It is worth bringing up two points here. First, O lies on a line if and only if that line is vertical or the line at infinity. Second, if P = Q, then let l be the tangent line to E at P (with the tangent line at O being the line at infinity). 4

2 Some Algebraic Geometry In order to discuss curves, one needs the language of algebraic geometry. Let K be some field with algebraic closure K. We say C is a curve when C is a one dimensional projective variety in P n (K). Let K[X] = K[X 1,..., X n ] be the polynomial ring in n variables with field of fractions K(X) of rational functions (analogously for K). Let I(C/K) = {f K[X] f(p ) = 0, P C} K[X]. We say C is a curve defined over K and denote this by C/K when I(C) has a generating set in K[X]. Next let K[C] = K[X] I(C/K) be the coordinate ring of C, whose field of fractions is called the function field of C and is denoted K(C). Let M P K[C] be the maximal ideal of functions vanishing at P and K[C] P the localization at M P. A generator of M P is called a uniformizer at P and f K(C) is called regular at P if f K[C] P. If dim K M P /MP 2 = 1, then we say C is nonsingular (or smooth) at P. Proposition 2.1. Let P C be a nonsingular point. Then K[C] P is a discrete valuation ring. The valuation is given by ord P : K[C] P N { }, ord P (f) = sup{d Z f M d P }. Proof. We know dim K M P /M 2 P = 1 so the result comes from Lemma 3.4. 2.1 Some notes on Div(C) and Pic(C) Fix a perfect field K with algebraic closure K and absolute Galois group G = G(K/K). Let C/K be a smooth curve. Note that G acts on the points of C by the natural action on each coordinate. Definition 2.2. A divisor on C is a finite formal sum D = P C n P (P ), n P Z 5

of K-points on C. The degree of a divisor D is deg(d) = P C n P. The divisor group of C is the free abelian group generated by the K-points on C and is denoted Div(C). The set of degree 0 divisors forms a subgroup and is denoted Div 0 (C). There is a natural action of G on Div(C) by ( ) σ n P (P ) = n P (σp ). P C P C The divisors fixed by G form a subgroup which is denoted Div K (C) and has a subgroup of degree 0 divisors Div 0 K(C). Any f K(C) has an associated divisor div(f) = P C ord P (f)(p ). Two divisors D 1, D 2 Div(C) are said to be linearly equivalent if D 1 D 2 = div(f) for some f K(C) and we write and we write D 1 D 2. The Picard group, is the group of equivalence classes. Pic(C) = Div(C)/ Proposition 2.3. Let C be a smooth curve and let f K(C). Then (a) div(f) = 0 if and only if f K. (b) deg divf = 0. Proof. For (a), if div(f) = 0, then f is constant (see Proposition 4.3 for the idea). The converse is clear. For (b), see [Si09, II, Prop. 3.1, p. 28] or [Ha77, II, Prop. 6.4, p. 132]. Theorem 2.4. The following sequence is exact 1 K K(C) div Div 0 (C) Pic 0 (C) 0. 6

Proof. This follows from the definitions and the above proposition. Definition 2.5. Let C be a curve. The space of (meromorphic) differential forms on C, denoted by Ω C, is the K-vector space generated by the symbols of the form dx for x K(C), modulo the following relations: 1. d(x + y) = dx + dy for all x, y K(C). 2. d(xy) = xdy + ydx for all x, y K(C). 3. da = 0 for all a K. Remark 2.6. Given a nonconstant map of curves φ : C 1 C 2, we get an associated function field map given by φ: K[C 2 ] K[C 1 ] which induces the map on differentials [f] [f φ] φ : Ω C2 Ω C1 fi dx i (φf i )d(φx i ). Proposition 2.7. Let C be a curve, P C, t K(C) a uniformizer at P. Then (a) For any differential ω Ω C, there is a unique g K(C) satisfying ω = gdt. We denote g by ω/dt. (b) Let f K(C) be regular at P. Then df dt (c) Let 0 ω Ω C. Then ord P (ω) := ord P (ω/dt) depends only on ω and P (independent of t). (d) x, f K(C) with x(p ) = 0, p = chark. Then is regular at P. ord P (fdx) = ord P (f) + ord P (x) 1 ord P (fdx) ord P (f) + ord P (x) if p = 0 or p ord P (x) if p > 0 and p ord P (x). 7

(e) Let 0 ω Ω C. Then ord P (ω) = 0 for all but finitely many P C. As with divisors associated to functions, there is an analogous definition for divisors associated to differentials. Definition 2.8. Suppose ω Ω C, then div(ω) = P C ord P (ω). Proposition 2.9. (a) Ω C is a 1-dimensional K(C)-vector space (b) Let x K(C). Then dx is a K(C) basis for Ω C if and only if K(C)/K(x) is a finite separable extension. (c) Let φ : C 1 C 2 nonconstant, then φ is separable if and only if φ : Ω C2 Ω C1 is injective. Remark 2.10. For all nonzero ω 1, ω 2 Ω C, there is some f K(C) such that ω 1 = fω 2. Thus div(ω 1 ) = div(f) + div(ω 2 ). This shows the following definition makes sense. Definition 2.11. For any nonzero differential ω Ω C, div(ω) is called a canonical divisor and its image in Pic(C) is called the canonical divisor class on C. Example 2.12. There are no holomorphic differentials on P 1 (K). Let t be a coordinate function on P 1. Then t a is a uniformizer at a for all a K and 1/t is a uniformizer at. Thus ord a (dt) = ord a (d(t a)) = 0. However, ord (dt) = ord ( t 2 d(1/t)) = 2. Therefore div(t) = 2( ). Then for any ω Ω C, there is some f K(C) such that ω = fdt. Thus deg divω = deg divf + deg divdt = 2. Definition 2.13. Suppose D = P C n P (P ), D = P C n P (P ) Div(C). Then we write D D if n P n P for all P C. Given some divisor D Div(C), we associate to D the set of functions L(D) = {f K(C) div(f) D} {0} which is clearly a K-vector space whose dimension is denoted by l(d) = dim K L(D). 8

Theorem 2.14 (Riemann-Roch). Let C be a smooth curve and K C a canonical divisor on C. There is an integer g 0, called the genus of C, such that for every divisor D Div(C), l(d) l(k C D) = deg D g + 1. Proof. See [Ha77, IV, Thm. 1.3, p. 295]. 2.2 Application to elliptic curves Lemma 2.15. Let C be a curve of genus one and let P, Q C. (P ) (Q) if and only if P = Q. Then Proof. Suppose (P ) (Q). Then there exists f K(C) such that div(f) = (P ) (Q). Then f L((Q)) which has dimension 1 as a K-vector space by the Riemann- Roch theorem. However, L((Q)) clearly contains the constant functions so f K and P = Q. Proposition 2.16. Let E/K be an elliptic curve. (a) For every degree 0 divisor D Div 0 (E) there exists a unique point P E satisfying D (P ) (O). Define ψ : Div 0 (E) E to be the map sending D to its associated P. (b) ψ is surjective. (c) Let D 1, D 2 Div 0 (E). Then ψ(d 1 ) = ψ(d 2 ) if and only if D 1 D 2, i.e. ψ : Pic 0 (E) E is a bijection of sets. (d) The inverse of ψ is κ : E Pic 0 (E), P (P ) (O). 9

(e) The group law induced on E via ψ is the addition law described earlier. In particular, the addition law on elliptic curves is associative. Proof. (a) E has genus 1 so l(d + (O)) = 1 by Riemann-Roch. Take a nonzero function f L(D + (O)) as the basis element. Since div(f) D (O) and deg div(f) = 0, we must have div(f) = D (O)+(P ) for some P E. Therefore, D (P ) (O). To show uniqueness, suppose D (P ) (O) (P ) (O). Then (P ) D + (O) (P ) so P = P by Lemma 2.15. (b) Suppose P E. Then ψ((p ) (O)) = P. (c) Suppose D 1, D 2 Div 0 (E) and set P i = ψ(d i ). Then (P 1 ) (P 2 ) D 1 D 2. Thus, if P 1 = P 2, then D 1 D 2. Conversely, if D 1 D 2, then P 1 P 2 so P 1 = P 2 by Lemma 2.15. (d) This is clear. (e) It suffices to show κ(p + Q) = κ(p ) + κ(q) for all P, Q E. Let L : f(x, Y, Z) = αx + βy + γz = 0 be the line in P 2 (K) passing through P and Q. Let R be the unique third point of intersection between L and E and let L : f (X, Y, Z) = α X + β Y + γ Z = 0 be the line in P 2 (K) passing through R and O. Note that L also passes through P + Q by the definition of addition. Then div(f/z) = (P ) + (Q) + (R) 3(O) div(f /Z) = (R) + (O) + (P + Q) 3(O). Subtracting the two equation gives (P + Q) (P ) (Q) + (O) = div(f /Z) div(f/z) = div(f /f) 0 so κ(p + Q) κ(p ) κ(q) = 0. Remark 2.17. Through the group isomorphism Pic 0 (E) ψ E, we see the correspondence Pic 0 K(E) = E(K). This is because for P E, P E(K) if and only if P is fixed by G if and only if the divisor (P ) (O) is fixed by G. 10

3 Some Algebraic Number Theory Definition 3.1. A ring R is called a discrete valuation ring if it is a principal ideal domain with a unique nonzero prime ideal, m. The residue field of R is k = R/m. Definition 3.2. An integral domain A is a Dedekind domain if A satisfies either of the equivalent conditions 1. A is Noetherian, integrally closed, and has Krull dimension 1. 2. A is Noetherian and the localization A p is a discrete valuation ring for all primes p. Let K be the field of fractions of A. A fractional ideal of K, I, is a finitely generated sub-a-module of K. Definition 3.3. A number field, K, is a finite field extension of Q. The ring of integers of K is O K = {x K f(x) = 0 for some monic f Z[X]}. Here we state a few preliminary results. See [Se79] and [Mi13] for more on discrete valuation rings, Dedekind domains, and number fields. Lemma 3.4. Let R be a Noetherian local domain that is not a field, let m be its maximal ideal, and let k = R/m be its residue field. The following are equivalent: (i) R is a discrete valuation ring. (ii) m is principal. (iii) dim k m/m 2 = 1. Theorem 3.5. Let A be a Dedekind domain with field of fractions K. The set of nonzero fractional ideals, Id(A), forms a group under multiplication. In fact, Id(A) is free with the prime ideals as a generating set. In particular, Dedekind domains have unique factorization of ideals into primes. 11

Note 3.6. Throughout this section, there are instances where general results are presented, but only special cases of these results will be used in our discussion of elliptic curves later. To shorten this background discussion, proofs will be given only for these special cases. In preparation for these special cases, we now give two definitions and two well-known result. Definition 3.7. A number field K is called a quadratic field if [K : Q] = 2. Proposition 3.8. If [K : Q] = n, then O K is a free Z-module of rank n. Definition 3.9. A finite field extension K/Q is called monogenic if O K = Z[ω] for some ω K. From this, it is clear that all quadratic fields are monogenic. A stronger classification is now given. Proposition 3.10. Let K = Q( d) be a quadratic field. 3 By multiplying by elements of Q 2, we may assume d Z is square free, d 0, 1. Then O K = Z[ω] where ω = { d if d 1 1+ d 2 if d 1 (mod 4). The minimal polynomial of ω is { X 2 d if d 1 f(x) = X 2 X + 1 d if d 1 4 (mod 4). In particular, Disc(K) = Disc(f) = { 4d if d 1 d if d 1 (mod 4). Now we return to the general theory with the following proposition. Proposition 3.11. Let K be a number field. Then O K is a Dedekind domain. 3 Any quadratic field, K, is of the form Q( d), d Q. This follows from Theorem 5.11 since G(K/Q) = Z/2Z is cyclic. 12

Definition 3.12. Let L/K be a degree n field extension of number fields and let p be a prime in O K. By Theorem 3.5, po L = q e 1 1... q eg g uniquely for some q i O L prime. The q i are said to divide p or lay above p and this is denoted by q i p. We say L/K is unramified at q i if e i = 1 and say unramified above p if e i = 1 for all i. Otherwise, L/K is ramified above p. When g = 1 and e 1 = n, we say L/K is totally ramified at p. By Definition 3.2, given a prime p in a Dedekind domain A with field of fractions K, A p is a discrete valuation ring so we may make the following definition. Definition 3.13. The residue field of K with respect to p is the residue field of A p. The completion of K with respect to p is the field of fractions of the completion of A p with respect to the unique maximal ideal p and is denoted K p. Proposition 3.14. Let L/K be a finite Galois extension and p O K be a prime ideal. Then G(L/K) acts transitively on S, the set of primes q O L above p. Definition 3.15. Using the setup from Proposition 3.14, for q S, the decomposition group of q is D q (L/K) = Stab(q) G(L/K). Proposition 3.16. D q (L/K) is precisely the Galois group of the corresponding extension of completions. That is, G(L q /K p ) = D q (L/K). Proposition 3.17. With the same setup as above, let k (resp. l) be the residue field of K (resp. L) with respect to p (resp. q). Via passage to the quotient, the map ε : D q (L/K) G(l/k) is a surjection. 13

Definition 3.18. The inertia subgroup of q is I q (L/K) = Ker(ε) where ε is as in the previous proposition. Theorem 3.19. Using the previous setup, let G = G(L/K), D = D q (L/K), and I = I q (L/K). We have the following picture. q O L L L q I I D L I L I q l G D/I L D K p k p O K K Here the columns are field extensions. The Galois group of an extension from the first row to the fourth row is G, second to fourth is D, third to fourth is I, second to third is D/I. The third to fourth row extensions are totally ramified at q and all extensions below the fourth row are unramified at q. Theorem 3.20. Let K be a number field and p a rational prime. Then K/Q is ramified above p if and only if p Disc(K). Proof. We prove the special case where K/Q is monogenic with O K = Z[ω]. Let f Z[X] be the minimal polynomial for ω and suppose p is a rational prime. Say po K = p e 1 1... p eg g is the decomposition into a product of primes. Let f F p [X] be the reduction of f modulo p. Since F p is a field, F p [X] is a PID. In particular, f factors uniquely into irreducibles as f = g b 1 1... gr br. With two applications of the Chinese Remainder Theorem, we can form the following sequence of isomorphisms A := O K p e 1 1 O K p eg g = O K (p) = Z[X] (f, p) = F p[x] ( f) 14 F p [X] = (g 1 ) F p[x] := B. b 1 br (g r )

Now K/Q is ramified above p if and only if some e i is greater than 1 if and only if A contains a nilpotent element if and only if B contains a nilpotent element if and only if some b i is greater than 1 if and only if f has a multiple root if and only if Disc( f) = 0 if and only if p Disc(f) = Disc(K). Theorem 3.21 (Hermite s Theorem). Given N Z and a finite set of rational primes S, there are only finitely many extensions over Q of degree at most N that are unramified above all primes outside S. Proof. We prove the special case where N = 2. For a proof of the general theorem, see [La94]. From Kummer Theory, we know the number fields of degree at most 2 are in one-to-one correspondence with Q /Q 2 (via d Q( d)). From Proposition 3.10, d Disc(Q( d)). From Proposition 3.20, if Q( d)/q is unramified above p, then p d. Therefore, if Q( d) is unramified above all primes p S, then d = ± p S pαp of which there are only finitely many up to equivalence in Q /Q 2. We now prove another special case which will be used in our proof of the Mordell-Weil Theorem in Section 6. Theorem 3.22. Let K be a number field containing the m th roots of unity, µ m. Let C be the collection of cyclic extensions of K of degree dividing m that are unramified above all primes, p O K, outside a finite set of primes, S. Then C is finite. For this proof, we use an important result of algebraic number theory, the finiteness of the ideal class group. For the purposes of this paper, we state this result as Theorem 3.23. There exists a finite set of ideals in O K, I 1,..., I n, such that for any ideal I O K, II k is principal for some 1 k n. We will also need Definition 3.24. For p O K prime, let v p be the normalized valuation defined on K p. Given a finite set of primes S in K, let the S-units be K S = {x K v p (x) = 0, p S}. Theorem 3.25 (Dirichlet s S-unit Theorem). For S a finite set of primes in O K, K S is finitely generated. In particular, for any 2 m Z, K S /K S m is finite. (If K S is finitely generated, then K S = T Z r for some finite group T and some 0 r Z. Then K S /K S m = T/mT (Z/mZ) r is finite.) 15

For proofs of these two theorems, see [La94]. Proof of Theorem 3.22. Let C m be the collection of cyclic extensions of K of degree dividing m and let C be the subcollection described in the theorem. Let S = S {p O K prime p divides I k, for some 1 k n}, a finite set of primes containing S. First, we wish to show that if L C, then L = K( m a) for some a K with v p (a) = 0 for all primes p outside S. Fix L C. Theorem 5.9 says, Φ : K /K m C m, by ak m K( m a) is surjective so L = K( m a) for some a K. Say (a) = p pep is the unique prime factorization in O K. If p S, then m e p, say e p = ma p. Therefore, (a) = ( p S p ep )( p S p ap ) m. Let I = p S pap. Then there is some 1 k n such that I 1 I k = (b) is principal. Then (ab m ) = p S p ep I m I m I m k = p S p ep I m k and L = K( m a) = K( m ab m ) as we were to show. Under the Kummer theory correspondence, Φ : K /K m C m, we have shown that C is contained in the image of the composition K S /K S m K /K m Φ C m where the first map is the natural quotient. By Theorem 3.25, K S /K S m is finite so C is also finite. 4 Elliptic curves over C Definition 4.1. A lattice Λ = ω 1, ω 2 C is a rank 2 free discrete subgroup of C. A fundamental parallelogram for Λ is a set of the form Π = {α + aω 1, bω 2 0 a, b < 1} 16

for some α C and {ω 1, ω 2 } any generators for Λ. A meromorphic function, f : C C, is called an elliptic function relative to Λ if f(z) = f(z + λ) for all λ Λ. Denote the set of elliptic functions relative to Λ by E Λ. Note 4.2. The fundamental parallelogram is in natural bijection with C/Λ so I will sometimes abuse notation and identify the two. The elliptic functions can be thought of as the meromorphic functions f that factor through C/Λ. Proposition 4.3. If f E Λ has no pole, then f is constant. Proof. By the note above, C f C/Λ C f Π commutes. Since Π is compact, f Π is bounded, so f is bounded. Then Liouville s theorem says f is constant. Proposition 4.4. Suppose f has no poles on Π. Then res w (f) = 0. Proof. By the residue theorem, w Π w Π res w (f) = 1 2πi Π fdz. However, f takes the same values on opposite edges of Π and these edges are traversed in reverse direction so the integral is 0. Note 4.5. Holomorphic functions only have finitely many poles in any bounded region so there is some α such that Π misses all poles. Corollary 4.6. All nonconstant elliptic functions have at least two poles (counted with multiplicity) in Π. Proof. Pick α so that Π misses all poles. If there is exactly one pole of multiplicity 1 at w 0 Π, then res w0 (f) = w Π res w(f) = 0 by Proposition 4.4 so f must have 0 poles in which case f is constant by 4.3. 17

Corollary 4.7. Let m i (resp. n j ) be the orders of the poles (resp. zeros) of f Π. Then m i = n j. Proof. Let P = m i, N = n j. By the argument principle, f (z) dz = 2π(N P ). f(z) Π However, f is Λ-periodic so f is Λ-periodic, and therefore so is f /f and we have already shown that integrating an elliptic function over Π gives 0. Definition 4.8. The Weierstrass -function is given by (z, Λ) = 1 z 2 + 0 λ Λ 1 (z λ) 2 1 λ 2. I refer the reader to Chapter 1 of [Ko84] for proofs of the following four propositions and main theorem. Proposition 4.9. The Weierstrass -function, (z, Λ), converges absolutely and is uniformly convergent in any compact subset K C\Λ. Proposition 4.10. (z, Λ) E Λ and the poles of are precisely the double poles at each λ Λ. Proposition 4.11. E Λ = C(, ), i.e. E Λ is generated as a field over C by and its derivative. Theorem 4.12. Consider the elliptic curve E : y 2 = 4x 3 g 2 x g 3 where g 2 = 60 0 λ Λ λ 4 and g 3 = 140 0 λ Λ λ 6. C/Λ E(C) z ( (z, Λ), (z, Λ)) is a complex analytic isomorphism. Moreover, for any elliptic curve E/C, there exists lattice Λ such that E(C) = C/Λ. This identification of any elliptic curve with the torus is very powerful and has many corollaries such as the following two. Corollary 4.13. Suppose E/C is an elliptic curve. subgroup E[m] = Z/mZ Z/mZ. Then the m-torsion 18

Proof. There exists lattice Λ such that E(C) = C/Λ. Then E[m] = (C/Λ)[m] = 1 Λ m Λ = Z/mZ Z/mZ. Corollary 4.14. The multiplication by m map on E(C), is surjective. E(C) m E(C) by P mp, Proof. There exists lattice Λ such that E(C) = C/Λ. The map C/Λ m C/Λ is clearly surjective (the kernel of the composition of surjections C m C π C/Λ is 1 m Λ Λ). Remark 4.15. For an elliptic curve E/K defined over an arbitrary field K, Corollary 4.13 holds when chark m (see [Wa08, III, Thm. 3.2, p. 79]) and Corollary 4.14 holds when K is algebraically closed (see [Si09, III, Prop. 4.2, p. 68]). 5 Preliminary constructions on elliptic curves 5.1 Weil Pairing Let K be a number field and let E/K be an elliptic curve defined over K. By 4.13 E[m] = Z/mZ Z/mZ is a free Z/mZ-module of rank 2. 4 Thus E[m] is equipped with a natural nondegenerate multilinear map, namely the determinant. Picking some basis {T 1, T 2 } for E[m], the determinant pairing is given by det : E[m] E[m] Z/mZ (at 1 + bt 2, ct 1 + dt 2 ) ad bc However, this pairing is not necessarily Galois invariant. Our goal is to construct a pairing which is Galois invariant and we aim for this pairing to be of the form ζ det(p,q) for some primitive m th root of unity, ζ. For this construction, we will use the following result on divisors which follows directly from the isomorphism in Theorem 2.16. 4 In general, by Remark 4.15, this isomorphism is valid for an elliptic curve over any field K of characteristic not dividing m. 19

Theorem 5.1. A divisor P n P (P ) Div(E) is principal if and only if n P = 0 P and n P P = O. To begin the construction, take T E[m]. By the theorem, there exists a function f T K(E) such that div(f T ) = m(t ) m( ). Then take some T E such that mt = T. Again, by the theorem above, there exists a function g T K(E) such that div(g T ) = (T + R) (R) R E[m] since m 2 T =. It is easy to see that div(f T m) = mdiv(g T ) = div(g m T ). Therefore, f T m = cg m T for some c K (WLOG c = 1). Next, let S E[m]. Then g m T (X + S) = f T (mx + ms) = f T (mx) = g m T (X) so g T (X + S)/g T (X) µ m for all X E. In particular, E P 1 X g T (X + S)/g T (X) is not surjective, so it must be constant. Hence, we may define the pairing P, m : E[m] E[m] µ m (S, T ) g T (X + S)/g T (X) where X E is any point such that g T (X + S) and g T (X) and both defined and nonzero. This pairing is called the Weil pairing and satisfies the following properties. Proposition 5.2. The Weil pairing, m is 1. bilinear. That is, S 1 +S 2, T m = S 1, T m S 2, T m and S, T 1 +T 2 m = S, T 1 m S, T 2 m. 20

2. alternating. That is, T, T m = 1 for all T E[m]. In particular, S, T m = T, S 1 m. 3. nondegenerate. That is, S, T m = 1 for all S E[m] if and only if T = O. 4. Galois invariant. That is, σ S, T m = σs, σt m for all S, T E[m], σ G(K/K). 5. compatible. That is, S, T mm = m S, T m for all 0 < m, m Z and S E[mm ], T E[m] From this, we can prove the following corollary. Corollary 5.3. If E[m] E(K), then µ m K. Proof. Suppose E[m] E(K). I claim there exist S, T E[m] such that S, T m = ζ, a primitive m th root of unity. Say Im(, m ) = µ d µ m. As, m is bilinear, 1 = S, T d m = ds, T m for all S, T E[m]. By the nondegeneracy of, m, ds = O for all S E[m]. This means E[m] E[d] so we must have d = m. Therefore, S, T m = ζ for some S, T E[m]. By the Galois invariance of, m, we see that σζ = σ S, T m = σs, σt m = S, T m = ζ for all σ G(K/K). This means ζ K so µ m = ζ K. 5.2 Reduction of elliptic curves Let K be a local field, complete with respect to a discrete valuation v with ring of integers R = {x K v(x) 0}, maximal ideal m, uniformizer π, and residue field k = R/m with characteristic p. We denote reduction modulo m by a tilde. Example 5.4. There is a natural reduction map R π R/m given by t t. This extends to the map of polynomial rings given by a i X i ã i X i. R[X] π 21 R/m[X]

Example 5.5. There is also a reduction of the projective plane P 2 (K) π P 2 (k) which works as follows. Take some [a, b, c] P 2 (K). By multiplying through by some element of R, we may clear the denominators and assume a, b, c R. Then by dividing through by an appropriate power of π, we may assume min{v(a), v(b), v(c)} = 0. (7) Then using the natural reduction of R from Example 5.4, [a, b, c] = [ã, b, c] is well-defined since the situation ã = b = c = 0 is impossible by Equation 7. Let E/K be an elliptic curve over K. That is, E is the solution set to a Weierstrass equation f(x, Y, Z) = 0 with discriminant. 5 Via the reduction of Example 5.4 f(x, Y, Z) = 0 defines another curve Ẽ/k over k with discriminant. Then Ẽ is an elliptic curve as long as 0 (as long as m). In this case, there is a natural reduction map of elliptic curves ρ : E/K Ẽ/k given by the projective space reduction from Example 5.5. Theorem 5.6. Let m be a positive integer not divisible by p. When restricted to the m-torsion points, ρ : E[m] Ẽ[m] is an isomorphism. Proof. I prove the case where p m = 2. This is the only case we will need to use below but a proof of the general statement can be found in [Wa08] or [Si09]. Suppose E/K is given by the Weierstrass equation E : y 2 = f(x) = x 3 + Ax + B from Equation 5. After a suitable change of variables, we may assume A, B R. Let L be the splitting field of f over K with corresponding ring of integers, R, and say the roots of f are e 1, e 2, e 3. We will be concerned with the reduction from L to the residue field l, ρ : E/L Ẽ/l. For O P E, 2P = O if and only if the tangent line at P is vertical if and only if P = (e i, 0). Therefore, E[2] = {O, (e 1, 0), (e 2, 0), (e 3, 0)}. 5 By clearing denominators, there exists d R such that df R[X, Y, Z]. Since f is homogeneous, f and df share the same zero set. Thus we may assume f R[X, Y, Z]. 22

Similarly, f = (x ẽ1 )(x ẽ 2 )(x ẽ 3 ). Note that the e i have well-defined reduction as described in Example 5.4 since we assume A, B R R which means e i R by Gauss Lemma. Furthermore, the ẽ i are distinct since the discriminant of f is a multiple of 0. Therefore, Ẽ[2] = {Õ, (ẽ 1, 0), (ẽ 2, 0), (ẽ 3, 0)} and ρ : E[m] Ẽ[m], by ρ(o) = Õ and ρ((e i, 0)) = (ẽ i, 0), is an isomorphism. 5.3 Galois Cohomology and Kummer Theory Before moving onto elliptic curves over Q, we recall some results from Galois Cohomology and Kummer Theory. Theorem 5.7 (Hilbert s Theorem 90). Consider a Galois extension L/K with corresponding Galois group G. Then H 1 (G, L) and H 1 (G, L ) are trivial. Example 5.8. Let K be a number field, G = G(K/K), and 0 < m Z a positive integer. Start with the short exact sequence and use Galois cohomology to induce 0 µ m K m K 0 0 µ m K m K δ H 1 (G, µ m ) H 1 (G, K ) = 0 the right end is trivial by Theorem 5.7. Therefore, H 1 (G, µ m ) = K /K m with explicit isomorphism K /K m δ H 1 (G, µ m ) [ a σ σ m ] a m a Now we turn our focus to certain cyclic extensions and prove the following classification. Theorem 5.9. If µ n K is a number field, then Φ : K /K n {L/K cyclic extension [L : K] n} := C n a K( n a) 23

is surjective and Φ 1 (L) = {K(α k ) (k, [L : K]) = 1} for some α L. In particular, #Φ 1 (L) = ϕ([l : K]), where ϕ is the Euler ϕ-function. We split the proof into two parts. First we show Φ is well-defined and investigate Φ 1 (K(α)). Proof. For all a K, let L a = K(α) be the splitting field of n 1 X n a = (X ζ i α) i=0 where α n = a and ζ µ n is a primitive n th root of unity. The extension L a /L is Galois since ζ K and G(L a /L) is cyclic with generator [α ζα]. For a, b K, we say a b if L a = L b. Clearly, is an equivalence relation. Moreover, a ab n for all a, b K so factors to an equivalence relation on K /K n. Therefore, Φ is well-defined. By Example 5.8, K /K n = H 1 (G(K/K), µ n ) = Hom(G(K/K), µ n ) since µ n K is fixed by G(K/K). For a K /K n, consider the restriction map ρ a ρ a 0 Ker(f a ) G(K/K) G(L a /K) 0. Now, ρ a (σ) = id if and only σ( n a) = L a = K Ker(δ(a)) by elementary Galois theory. Suppose b K /K n such that b a. Let n a so Ker(ρ a ) = Ker(δ(a)) and L := L a = L b and H := Ker(δ(a)) = Ker(ρ a ) = Ker(ρ b ) = Ker(δ(b)). Let m = [L : K] = [G : H]. Then m divides n and µ m is the unique subgroup of µ n of m elements 6. Therefore, δ(a), δ(b) : G µ m are two cokernels of the inclusion H G(K/K). However, cokernels are unique up to isomorphism, so there exists an isomorphism h a,b : µ m µ m such that δ(b) = h a,b δ(a). Since δ is an isomorphism, Φ 1 (L a ) Aut(µ m ) by b h a,b is an injection. This means #Φ 1 (L a ) #Aut(µ m ) = ϕ(m). 6 Cyclic groups of order n have a unique subgroup of order m for each m dividing n. 24

On the other hand, for all integers k relatively prime to m, sk + tm = 1 for some s, t Z. Thus, α k K(α) = L a while α = (α k ) s (α m ) t K(α k ) = L a k so a a k. Therefore, {a k (k, m) = 1} Φ 1 (L a ), and in fact this is equality since #{a k (k, m) = 1} = ϕ(m) #Φ 1 (L a ). Remark 5.10. During this proof, we saw Φ : K /K n C n factors through Hom(G(K/K), µ n ) as K /K n δ Hom(G(K/K), µ n ) κ n C n Φ where κ n : Hom(G(K/K), µ n ) C n by σ K Ker(σ). We have shown above that Φ 1 (L a ) has exactly [L a : K] elements. The next result says that are all the cyclic extensions are of the form L a for some a K /K n, i.e. that Φ is surjective. Theorem 5.11 (Kummer Theory). Suppose L/K is a cyclic extension of degree n and assume µ n K. Then L = K( n a) for some a K. Furthermore, there are at most m 2 such classes a in K /K n corresponding to a given cyclic extension L. Proof. Let G = G(L/K) = σ = Z/nZ. Let ζ µ n be a primitive n th root of unity. Since µ n K, the action of G on µ n is trivial so the 1- cocycles (resp. 1-coboundaries), G(L/K) µ n, are the homomorphisms (resp. trivial), i.e. H 1 (G, µ n ) = Hom(G, µ n ). From the Example 5.8, we have the exact sequence δ... K H 1 (G, µ n ) H 1 (G, K ) 0 Hom(G, µ n ) In other words, all homomorphisms are coboundaries. In particular, the isomorphism F : G(L/K) µ n given by F (σ) = ζ is in fact also realized 25

as F (σ i ) = σi α for some α α L. Thus α has n conjugates so L = K(α). Furthermore, the minimal polynomial of α in L/K is so a = α n K. n 1 n 1 (X σ i α) = (X ζ i α) = X n α n i=0 i=0 This concludes the proof of Theorem 5.9. An immediate consequence is a finite result of the map Φ. Corollary 5.12. The map Φ : K /K n C n is at most ϕ(n)-to-1. Proof. By Theorem 5.9, #Φ 1 (L) = ϕ([l : K]) which divides φ(m) since [L : K] divides m. Now we look at the special case where K = Q and n = 2. Example 5.13. Let G = G(Q/Q). Note that {±1} = µ 2 Q so G fixes µ 2. By Example 5.8, [ ] a δ : Q /Q 2 H 1 (G, µ 2 ) = Hom(G, µ 2 ) via a σ σ a is an isomorphism. We want to find an explicit inverse of δ. By Theorem 5.9, the map Φ : K /K n C n via a L a = Q( a) is surjective and Corollary 5.12 says Φ is at most ϕ(2)-to-1. However, ϕ(2) = 1 so Φ is a bijection. By Remark 5.10, Φ factors as κ 2 δ so it suffices to find an inverse to Φ. By Proposition 3.10, the discriminant map Disc : C 2 Q behaves as follows; { a if a 1 (mod 4) Disc(L a ) = 4a if a 1 (mod 4) which are equivalent in Q /Q 2. Thus, the triangle Q /Q 2 δ Hom(G, µ 2 ) Φ Disc κ 2 C 2 26

commutes. Then the composition Disc κ 2 : Hom(G, µ 2 ) Q /Q 2 f Disc(Q Ker(f) ), which we will denote by Disc, is the inverse of δ. 6 Elliptic curves over Q For this first subsection, let E/Q be an elliptic curve defined over Q. Say E is defined by the Weierstrass equation y 2 = x 3 + Ax + B. After an appropriate change of variables, we may assume A, B Z. Let be the discriminant of E. 6.1 Lutz-Nagell Theorem 6.1 (Lutz-Nagell). Suppose P = (x, y) E(Q) has finite order. Then x, y Z and either y 2 or y = 0. Proof. See Chapter 7 of [Si09] or Chapter 8 of [Wa08]. Corollary 6.2. Let E be an elliptic curve defined over Q. Then the torsion subgroup E(Q) tors is finite. Proof. Suppose P = (x, y) E(Q) tors. By Lutz-Nagell, y or y = 0 so there are only finitely many possibilities for y. Fixing y, there are at most 3 solutions to the Weierstrass equation in x, thus E(Q) tors is finite. Corollary 6.3. Let p be an odd prime not dividing. Then the reduction map ρ : E(Q) tors Ẽ(F p) is injective on the torsion points. Proof. By Lutz-Nagell, all nontrivial torsion points have integer coordinates and thus reduce to well-defined points over F p. In particular, the only torsion point reduced to Õ is O so the reduction map restricted to torsion points has trivial kernel. Example 6.4. We determine the torsion subgroup, E(Q) tors, of the elliptic curve E : y 2 = f(x) = x 3 + 31x + 96. 27

Note that and = 4A 3 + 27B 2 = 4 31 3 + 27 96 2 1 mod 3 = 4 31 3 + 27 96 2 1 + 2 1 mod 5. Thus the corollary tells us that E(Q) tors embeds in E(F 3 ) and E(F 5 ). By computing f(x) F 3 for each x F 3 and noting which are squares, we can easily find every point on E(F 3 ). The results are E(F 3 ) = {, (0, 0), ( 1, 1), ( 1, 1)}. Thus, either E(Q) contains a nontrivial 2-torsion point or E(Q) tors is trivial. However, the 2-torsion points correspond to roots of f and the reader can quickly check that f has no roots in F 5. Therefore E(Q) tors is trivial. We conclude this subsection by stating (without proof) a theorem of Mazur classifying all possible torsion subgroups. Theorem 6.5 (Mazur). Let E be an elliptic curve defined over Q. Then the torsion subgroup, E(Q) tors, is either Z/nZ with 1 n 10 or n = 12 or Z/2Z Z/2nZ with 1 n 4. 6.2 Mordell-Weil For the remainder of this section, fix some number field K and let E/K be an elliptic curve defined over K with discriminant. We now come to the main theorem of this paper. Theorem 6.6 (Mordell-Weil). E(K) is finitely generated. The proof of this theorem will be split into two parts. proving We begin by Theorem 6.7 (Weak Mordell-Weil). E(K)/mE(K) is finite. Then we will continue with a descent procedure to complete the proof. 28

6.2.1 Weak Mordell-Weil Turning our attention to Weak Mordell-Weil, we begin with a lemma. Lemma 6.8. Suppose L/K is a finite Galois extension. If E(L)/mE(L) is finite, then E(K)/mE(K) is finite. Proof. Begin with the short exact sequence of G = G(L/K)-modules 0 E(L)[m] E(L) m me(l) 0. Through Galois cohomology, this induces the long exact sequence 0 E(K)[m] E(K) m E(K) me(l) δ H 1 (G(L/K), E(L)[m])... and in particular H H 1 (G, E(L)[m]), where H = E(K) me(l). However, G and E(L)[m] are finite so H 1 (G, E(L)[m]) me(k) is finite so H is finite. Then 0 H E(K)/mE(K) E(L)/mE(L) is exact, so E(K)/mE(K) is finite as it lies between two finite groups. From this lemma, by taking L to be the Galois closure of the finite extension K(E[m])/K, it suffices to prove Mordell-Weil under the assumption E[m] E(K). Lemma 6.9. For any point P E(K), the field extension K(m 1 P )/K is unramified above all primes p m. Proof. Let L = K(m 1 P ), q L a prime above p, D = D q (L/K), and I = I q (L/K). By Proposition (3.19), we have the following situation, L I L I L D K L q I L I q K p l k D/I 29

where all extensions below the fourth row are unramified at q. To show L/K is unramified above p, it suffices to show that I is trivial. Suppose σ I. Then for any Q m 1 P, σq Q = σ Q Q = Õ so σq = Q by the isomorphism in Theorem 5.6. Therefore, σ = id so I is trivial and L/K is unramified at P. We are now ready to complete the proof of the Weak Mordell-Weil Theorem. Proof. Let G = G(Q/Q). By Corollary 4.14, the multiplication-by-m map, E(C) m E(C) is surjective. Note that this is a polynomial map. 7 Thus any preimage of an algebraic point is an algebraic point so m restricts to a surjection on the Q-points, E(Q) m E(Q). This gives a short exact sequence of G-modules 0 E[m] E(Q) m E(Q) 0. Through Galois cohomology, this induces the long exact sequence 0 E[m] E(K) m E(K) δ H 1 (G, E[m])... Since we are assuming E[m] E(K), the action of G on E[m] is trivial so H 1 (G, E[m]) = Hom(G, E[m]). In particular, we get an injection E(K)/mE(K) δ Hom(G, E[m]) given by δ(p )(σ) = σq Q for any P E(K)/mE(K), σ G where Q m 1 P. Take f Hom(G, E[m]). Since Ker(f) G, Galois Theory gives an associated fixed field L = Q Ker(f). Furthermore, G(L/K) = G/G(Q/L) = G/Ker(f) = Im(f) E[m] = (Z/mZ) 2 so L/K is the composite of at most two cyclic extensions of degrees dividing m. Thus the following function is well-defined Ψ : Hom(G, E[m]) {Galois Extensions L/K G(L/K) (Z/mZ) 2 } f L. 7 The multiplication-by-m map can be computed explicitly by following the definition of addition on elliptic curves. The computations involve calculating intersection points of E with certain lines which gives rise to a polynomial map. 30

Suppose Ψ(f) = Ψ(g). factors through G/H. Then Ker(f) = Ker(g) =: H so their difference G f g E[m] π f g G/H However, G/H = G(L/K) (Z/mZ) 2, so Hom(G/H, E[m]) Maps((Z/mZ) 2, (Z/mZ) 2 ) which has order m 4. Therefore, any homomorphism f : G E[m] shares an associated field with no more than m 4 other homomorphisms. In other words, Ψ is at most m 4 -to-1. To finish the proof, it suffices to show Im(Ψ δ) is finite. Suppose P E(K)/mE(K). Then Ker(δ(P )) = {σ G(Q/K) σq Q = 0, Q m 1 P } so Ψδ(P ) = Q Ker(δ(P )) = K(m 1 P ). Now, Ψδ(P )/K is unramified above all primes p m by Lemma 6.9. Let S be the set of primes in O K containing m and let C be the collection of cyclic extensions of K of degree dividing m that are unramified above all primes p S. Since E[m] E(K), Corollary 5.3 says µ m K so we may apply Theorem 3.22 to see that C is finite. Any field extension L/K Im(Ψδ) is the composite of two fields in C. This means Im(Ψδ) is finite so E(K)/mE(K) is finite. This completes the proof of Weak Mordell-Weil in the general case, however before moving on to the descent procedure, it is worth mentioning an argument for a special case of Weak Mordell-Weil which has the advantage of being completely explicit. When m = 2, K = Q, and E[2] E(Q), the argument may be stated more concretely as follows. Theorem 6.10 (Weak Mordell-Weil, Special Case). Let E/Q be an elliptic curve defined over Q such that E[2] E(Q). Then E(Q)/2E(Q) is finite. Proof. Suppose E/Q is given by the Weierstrass equation y 2 = f(x) = x 3 + Ax + B = (x e 1 )(x e 2 )(x e 3 ). 31

After a change of variables, we may assume A, B Z (and hence e i Z). Again, set G = G(Q/Q). From the same Galois cohomology argument as before, we have an injection E(Q)/2E(Q) δ Hom(G, E[2]). Let T 1 = (e 1, 0), T 2 = (e 2, 0) be generators for E[2] as a Z/2Z-module. The nondegeneracy of the Weil-pairing allows us to explicitly identify the target, Hom(G, E[2]), with the more familiar group, Hom(G, µ 2 ) 2. Hom(G, E[2]) Hom(G, µ 2 2) Hom(G, µ 2 ) 2 u f [σ ( f(σ), T 1 2, f(σ), T 2 2 )] From Example 5.13, we have the isomorphism Disc : Hom(G, µ 2 ) Q /Q 2. Let π i : Hom(G, µ 2 ) 2 Hom(G, µ 2 ) be the i th projection map and define (Disc ) 2 : Hom(G, µ 2 ) 2 (Q /Q 2 ) 2 by (Disc ) 2 = Disc π 1 Disc π 2. Then, by Lemma 6.11 below, the following composition of injections and isomorphisms is given explicitly by E(Q)/2E(Q) δ H 1 (G, E[2]) u Hom(G, µ 2 ) 2 (Disc ) 2 (Q /Q 2 ) 2 P = (x, y) (x e 1, x e 2 ), where P O, T 1, T 2 O (1, 1) T 1 = (e 1, 0) ((e 2 e 1 )(e 3 e 1 ), e 1 e 2 ) T 2 = (e 2, 0) ((e 2 e 1 ), (e 1 e 2 )(e 3 e 2 )) so it suffices to show that the image of E(Q)/mE(Q) in (Q /Q 2 ) 2 is finite. Since E[2] is finite, we do this by showing that for P = (x, y) E(Q)\E[2], if some prime p divides the square-free part of x e i, then p divides. Fix P = (x, y) E(Q)\E[2] and let x e i = a i u 2 i where u i Q and a i Z is square-free. We may also write x e i = p k i v i where v i Q and k i Z is the exact power of p dividing x e i. Suppose p a i for some i = 1, 2, 3. To simplify notation, assume p a 1. Then k 1 is odd. If k 1 < 0, 32

then k 1 = k 2 = k 3 since e i are integers. Therefore, p 3k 1 is the exact power of p dividing y 2 = (x e i ), which is impossible as 3k 1 is odd. On the other hand, if k 1 > 0, then k 2, k 3 0 as well since e i Z. If k 2 = k 3 = 0, then the exact power of p dividing y 2 is p k 1+k 2 +k 3 = p k 1, an odd power. Thus k i > 0 for some i = 2, 3 which means p (x e i ) (x e 1 ) = e 1 e i. Lemma 6.11. Let E/Q be an elliptic curve such that E[2] = {O, T 1, T 2, T 3 } E(Q) where T i = (e i, 0). Suppose P E(Q) and σ G(Q/Q). Let δ(p )(σ) = σq Q, where Q E(Q) such that 2Q = P, as above. (i) If P = (x, y) O, T i, then δ(p )(σ), T i 2 = 1 if and only if σ fixes x ei. (ii) If P = O, then e 2 (δ(p )(σ), T i ) = 1. (iii) If P = T i, then δ(p )(σ), T i 2 = 1 if and only if σ fixes (ei+1 e i )(e i+2 e i ) (subscripts are taken mod 3). Proof. For i = 1, 2, 3, there exists T i E(Q) such that 2T i = T i. Using the notation from the Weil pairing construction in Subsection 5.1, there exists f Ti, g Ti Q(E) such that div(f Ti ) = 2(T i ) 2(O) and div(g T ) = (T i + R) (R). R E[2] It is not hard to see that f Ti = X e i satisfies this condition. As in the construction in Subsection 5.1, f Ti 2 = gt 2 i and σq Q, T i 2 = g T i (X + σq Q), (8) g Ti (X) where X E is any point such that g Ti (X + σq Q), g Ti (X) 0,. Note that E is defined over Q so the multiplication-by-2 map is defined over Q. Furthermore, T i is defined over Q, so 2 1 T i = {T i + R R E[2]} are precisely the Galois conjugates of T i. Thus div(g Ti ) is fixed by the G-action, so g Ti can be chosen in Q(E) by [Si09, II, Ex. II.2.13]. 33

(i) Suppose P = (x, y) O, T i. Then, by setting X = Q in Equation 8, σq Q, T i 2 = g T i (σq) g Ti (Q) = σ x ei x ei is trivial if and only if σ fixes x e i. (ii) Suppose P = O. Then σq Q, T i 2 = 1 as, m is a bilinear form and σq Q = O since Q = O. (iii) Suppose P = T i. Then δ(t i ), T i 2 = δ(t i+1 + T i+2 ), T i 2 = δ(t i+1 ), T i 2 δ(t i+2 ), T i 2 = σ e i+1 e i σ e i+2 e i ei+1 e i ei+2 e i by (i). Therefore, δ(t i ), T i 2 is trivial if and only if σ fixes (ei+1 e i )(e i+2 e i ). 6.2.2 Descent Procedure In this section, we discuss the descent procedure which brings us from the Weak Mordell-Weil Theorem to the full Mordell-Weil Theorem. The general process is described in the Descent Theorem below. The problem is then reduced to finding a satisfactory height function on the curve. Theorem 6.12 (Descent Theorem). Suppose A is an abelian group with some function h : A R satisfying (i) Fix Q A. There exists a constant C Q such that h(p + Q) 2h(P ) + C Q for all P A. (ii) There exists some integer m 2 and a constant C such that h(mp ) m 2 h(p ) C for all P A. (iii) For any D R, the set {P A h(p ) D} is finite. If A/mA is finite, then A is finitely generated. 34

Proof. Let Q 1,..., Q r A be coset representatives for A/mA. Suppose P A. As the cosets partition A, P Q i1 ma for some 1 i 1 r. Say P = P 0 = mp 1 + Q i1. Similarly, we can recursively construct the sequence of points P j 1 = mp j + Q ij, P j A, i j 1,..., r. Then for all j, h(p j ) 1 m 2 (h(mp j) + C) = 1 m 2 (h(p j 1 Q ij ) + C) by (ii) 1 m 2 (2h(P j 1) + C + C) by (i) where C = max{c Q1,..., C Qr }. Repeated use of this inequality gives us a formula for h(p n ) in terms of (P ) Then h(p n ) ( 2 m 2 )n h(p ) + ( 1 m +... + 2n 1 2 m 2n )(C + C) < ( 2 1 m 2 )n h(p ) + m 2 2 (C + C) ( 1 2 )n h(p ) + 1 2 (C + C) as m 2 1 + so E(Q) is generated by which is finite by (iii). 1 m 2 2 (C + C) P = m n P n + n m j 1 Q ij j=1 {Q 1,..., Q r } {P A h(p ) 1 + (C + C)/2} for n large. We now give a height function on a rational curve. There is a slightly more complicated height function for the K-points on an elliptic curve where K is any number field. However, this will not be discussed here (see Chapter 8 of [Si09]). Let E/Q be an elliptic curve defined over Q. By the Weak Mordell-Weil Theorem, E(Q)/2E(Q) is finite. Definition 6.13. Suppose t Q and t = p/q with (p, q) = 1. The height of t is given by H(t) = max{ p, q }. 35

The (log) height on E(Q) is the function h x : E(Q) R 0 given by h x (0) = 0 and h x (x, y) = logh(x). Lemma 6.14. (i) Pick P 0 E(Q). There exists a constant C P0 such that h(p + P 0 ) 2h(P ) + C P0 for all P E(Q). (ii) There exists a constant C such that h(2p ) 4h(P ) C for all P E(Q). (iii) For any D R, the set {P E(Q) h(p ) D} is finite. Very brief justification / Method of proof. (i). By increasing C P0 as needed, we may ignore finitely many P E(Q). In particular, assume P 0 P and neither are the point at infinity. Use the formula for sums of distinct points ( ) 2 y1 y 0 x(p + P 0 ) = x 1 x 0 x 1 x 0 which has degree 2 so we would expect h(p + P 0 ) 2h(P ). (For a complete proof, plug in x = a/b 2, y = c/d 3 and similar forms for x 0, y 0, expand, and keep track of gcd s.) (ii). The main inspiration for this part is that the doubling isogeny is of degree 4. This is clear since the kernel of this isogeny (when considered over E(Q)) is E[2] which has four points. The same general approach as above would give a complete proof. (iii). Pick any D R. Then {P E(Q) h x (P ) D} {0} {(p/q, y) E(Q) max{ p, q } D} but there are at most 2D + 1 values for p and q and for each p/q there are at most 2 values for y so #{P E(Q) h x (P ) D} 1 + 2(2D + 1) 2. Theorem 6.15 (Mordell-Weil). E(Q) is finitely generated. Proof. By the Weak Mordell-Weil Theorem and Lemma (6.14), E(Q) and h x satisfy the conditions of Theorem (6.12) at m = 2 so by the Descent Theorem, E(Q) is finitely generated. 36