AN INTRODUCTION TO ELLIPTIC CURVES

AN INTRODUCTION TO ELLIPTIC CURVES MACIEJ ULAS.. First definitions and properties.. Generalities on elliptic curves Definition.. An elliptic curve is a pair (E, O), where E is curve of genus and O E. We say that the elliptic curve E is defined over K and write E/K if E is defined over K as a curve and O E(K)-the set o K-rational points on E. Theorem.. Let E be an elliptic curve defined over K. (a) There exists functions x, y K(E) such that the map ϕ : E P (ϕ = [x, y, ]) gives and isomorphisms of E/K onto a curve given by a Weierstrass equation C : y + a xy + a 3y = x 3 + a x + a 4x + a 6 with coefficients a,..., a 6 K; and such that ϕ(o) = [0,, 0]. (b) Any two Weierstrass equation for E as in (a) are related by linear change of variables of the form x = u x + r, y = u 3 y + su x + t with u, r, s, t K and u 0. (c) Conversely, every smooth cubic curve C given by a Weierstrass equation as in (a) is an elliptic curve defined over K with origin O = [0,, 0]. If the characteristic of K is not or 3, we may assume that our elliptic curve has Weierstrass equation of the form This equation has associated quantities: the discriminant of E, and j-invariant E : y = x 3 + Ax + B. (E) = 6(4A 3 + 7B ), j(e) = 78 (4A)3 (E). From the previous theorem we deduce that the only change of variables preserving this form of the equation is and then x = u x, y = u 3 y for some u K ; u 4 A = A, u 6 B = B, u (E ) =, j(e ) = j(e). Theorem.3. () Let A, B K and consider E : y = x 3 + Ax + B. Then (a) E is nonsingular if and only if (E) 0. (b) E has a node if and only if (E) = 0 and A 0. (c) E has a cusp if and only if A = B = 0. () Two elliptic curves are isomorphic (over K) if and only if they have the same j-invariant. (3) Let j 0 K. Then there exists and elliptic curve defined over K(j 0) with j-invariant equal to j 0. More precisely, if j 0 0, 78 then If j 0 = 0 then we take If j 0 = 78 then we take E : y + xy = x 3 We can define an addition law on E by the following rule. 36 j 0 78 x j 0 78, (E) = j0 (j 0 78), j = j0. 3 E : y + y = x 3, (E) = 7, j = 0. E : y = x 3 + x, (E) = 64, j = 78. Addition law Let P, Q E and let L be the line containing P and Q (tangent line to E if P = Q), and let R be the third point of intersection of L with E. Let L be the line connecting R and O. Then P + Q is the point such that L intersects E at R, O, and P + Q. Theorem.4. The addition law has the following properties: (a) If a line L intersects E at the (not necessarily distinct) points P, Q, R, then P + Q + R = O.

MACIEJ ULAS (b) P + O = P for all P E. (c) P + Q = Q + P for all P, Q E. (d) Let P E. There is a point of E, denoted P, so that P + ( P ) = O. (e) (P + Q) + R = P + (Q + R) for all P, Q, R E. Corollary.5. The addition law makes E into an abelian group with identity element O. Moreover, if E is defined over K, then the set E(K) = {(x, y) K : y + a xy + a 3y = x 3 + a x + a 4x + a 6} {O} is a subgroup of E. The set E(K) is usually called the set of K-rational points on E. For m Z and P E we will write [m]p = P +... + P (m terms) for m > 0, [0]P = O, [m]p = [ m]p for m < 0. Definition.6. Let E be an elliptic curve and m Z, 0. The m-torsion subgroup of E is the set The torsion subgroup of E is the set of points of finite order E[m] := {P E : [m]p = O}. Tors(E) = E[m]. If E is defined over the field K then Tors(E(K)) will denote the points of finite order in E(K)... Group law algorithm. Theorem.7. Let E be an elliptic curve given by a Weierstrass equation and let and P i = (x i, y i) E for i = 0,,. () Let P 0 = (x 0, y 0) E. Then m= E(K) = {(x, y) K : y + a xy + a 3y = x 3 + a x + a 4x + a 6} {O} P 0 = (x 0, y 0 a x 0 a 3). () Let P + P = P 3. If x + x = 0 and y + y + a x + a 3 = 0, then Otherwise, let P + P = O. λ = y y x x, ν = y x y x x x if x x λ = 3x +a x +a 4 a y y +a x +a 3, ν = x3 +a 4x +a 6 a 3 y y +a x +a 3 if x = x (3) With λ and ν given above y = λx + ν is the line through P and P, or tangent to E if P = P and then P 3 = (x 3, y 3) with x 3 = λ + a λ a x x, y 3 = ( λ + a )x 3 ν a 3. Definition.8. Let E/K be an elliptic curve given in long Weierstrass form. The differential form ω = is called the invariant differential associated with Weierstrass equation. dx dy = y + a x + a 3 3x + a x + a 4 a y Theorem.9. Let E be an elliptic curve. Then the invariant differential ω of E is holomorphic and non-vanishing, i.e. ord P (ω) = 0 for all P E, where ord P (ω) := ord P (ω/dx). Definition.0. Let E/K be an elliptic curve Q E. The translation by Q map is the map of the form τ Q : E P P + Q E. We then have ( τqω = τq ω ) d(τqx) = ω. dx

AN INTRODUCTION TO ELLIPTIC CURVES 3.3. Torsion points and Mordell-Weil theorem. Theorem.. (Lutz, Nagell) Let E/Q be an elliptic curve with Weierstrass equation E : y = x 3 + Ax + B, A, B Z. Suppose that P = (x P, y P ) E(Q) is a non-zero torsion point. Then () x P, y P Z. () If []P O, then y P (E). In particular, Tors(E(Q)) is a finite group. Theorem.. (Mazur) Let E/Q be an elliptic curve. Then the torsion subgroup Tors(E) is one of the following fifteen groups: Further, each of these groups does occur as an Tors(E(Q)). Z/NZ, N 0 or N = ; Z/Z Z/NZ, N 4. Theorem.3. (Mordell, Weil) Let K be a number field and E/K ba an elliptic curve. The group E(K) is finitely generated, i.e. where the number r = r(e) is called the rank of E(K). E(K) = Tors(E(K)) Z r, Conjecture.4. Let K = Q. Then for each n N there exists an elliptic curve E/Q such that r E n. Theorem.5. (Merel) () For all d N there exists a constant B(d) 0 such that for all elliptic curves E over a number field K with [K : Q] = d then Tors(E(K)) B(d). () Let E be an elliptic curve over a number field K such that [K : Q] = d. If E(K) has a torsion point of order p, where p is a prime number, then p > d 3d..4. Isogenies. First of all let us note the following. Theorem.6. The expressions giving the group law on the curve E define morphisms + : E E (P, P ) P + P E and : E P P E. Definition.7. Let E and E be elliptic curves. An isogeny between E and E is a morphism ϕ : E E, satisfying ϕ(o) = O. We say that t E and E are isogenous if there is an isogeny ϕ between them with ϕ(e ) {O}. It is well known that if ϕ : C C is a morphism of curves then ϕ is either constant or surjective. In particular, we get that if ϕ : E E is an isogeny then ϕ(e ) = {O} or ϕ(e ) = E. Thus, expect the trivial isogeny [0](P ) = O for all P E, every other isogeny is a finite map of curves. Because a nontrivial isogeny is finite map we can consider an injection of function fields ϕ : K(E ) f f ϕ K(E ). This allows us to consider degree of ϕ (deg ϕ), separable and inseparable degrees of ϕ (deg s ϕ and deg i ϕ respectively) and more generally each property of ϕ is a manifestation of a property of the finite extension K(E )/ϕ K(E ). We put deg[0] = 0. We define the set Hom(E, E ) = {isogenies ϕ : E E }. Because the addition of points defines a morphism we get that Hom(E, E ) is a group under the addition law If E = = E then for an elliptic curve E we define This is a ring with addition and multiplication given by composition (ϕ + ψ)(p ) = ϕ(p ) + ψ(p ). End(E) = Hom(E, E). (ϕψ)(p ) = ϕ(ψ(p )) and is called the endomorphism ring of E. The set of invertible elements of End(E) is called the automorphism group of E and is denoted by Aut(E). In a similar way we define the sets of isogenies defined over K. The corresponding groups of isogenies are denoted with the usual subscripts, thus Hom K(E, E ), End K(E, E ), Aut K(E, E ). Example.8. For each m Z we can define a multiplication by m isogeny by: [m] : E P [m]p E. Let us note that if E is defined over K then [m] is defined over K too. Lemma.9. (a) Let E/K be an elliptic curve and let m Z \ {0}. Then the multiplication by m map [m] : E E is non-constant. (b) Let E, E be elliptic curves. Then the group of isogenies Hom(E, E ) is a torsion-free Z module.

4 MACIEJ ULAS (c) Let E be an elliptic curve. Then the endomorphism ring End(E) is a (not necessarily commutative) ring of characteristic zero with no zero divisors. Definition.0. Let K be a field and suppose that char K = 0. If End(E) = Z, then we say that E has complex multiplication. Here we identify multiplication by m map with an integer m. Example.. Let E/K be an the elliptic curve E : y = x 3 + ax. Then End(E) is strictly larger then Z. Indeed, it contains an element which we denote [i] given by [i] : E (x, y) ( x, iy) E, where i K is primitive fourth root of unity. In particular, if i K then End K(E) is a proper subset of End(E). Example.. Let us assume that char K and let a, b K with b 0 and r = a 4b 0. Let us consider two elliptic curves E : y = x 3 + ax + bx, E : Y = X 3 ax + rx. There are isogenies of degree ( y ϕ : E (x, y) x, y(b x ) ), x ( Y ˆϕ : E (X, Y ) 4X, Y (r X ) ). 8X We have ϕ ˆϕ = [] and ˆϕ ϕ = []. This gives an example of so called dual isogenies. Example.3. Let K be a field of characteristic p > 0 and put q = p r. If E/K is given by Weierstrass equation then we define Using expression for (E) and j(e) we deduce that E : y + a xy + a 3x = x 3 + a x + a 4x + a 6 E (q) : y + a q xy + a q 3x = x 3 + a q x + a q 4x + a q 6. ϕ q : E (x, y) (x q, y q ) E (q). (E (q) ) = (E) q, j(e (q) ) = j(e) q. In particular, if E is nonsingular then E (q) is nonsingular too. If K = F q is a finite field then the q th -power map on K is the identity and thus E (q) = E. Then ϕ q is an endomorphisms of E, called the Frobenius endomorphism. Moreover, we have P E(K) if and only if ϕ q(p ) = P..5. The dual isogeny. Let ϕ : E E be a non-constant isogeny. Then ϕ induces a map ϕ : Pic 0 (E ) Pic 0 (E ). Moreover, we have group isomorphisms κ i : E i P class of (P ) (O) Pic 0 (E i) for i =,. We thus get a homomorphism going in the opposite direction to ϕ given by the composition κ ϕ κ. For given Q E and any P E such that ϕ(p ) = Q we have an equality (κ ϕ κ )(Q) = [deg ϕ](p ). The above equality suggests that there should be an isogeny ˆϕ : E E satisfying ˆϕ ϕ = [deg ϕ]. Theorem.4. Let ϕ : E E be an isogeny of degree m. () There exists a unique isogeny ˆϕ : E E satisfying ˆϕ ϕ = [deg ϕ]. () As a group homomorphism, ˆϕ equals the composition of the maps κ : E Q (Q) (O) Div 0 (E ), ϕ : Div 0 (E ) Div 0 (E ), κ : Div 0 (E ) n p(p ) [n P ]P E. Definition.5. Let ϕ : E E be an isogeny. The dual isogeny to ϕ is the isogeny ˆϕ given above. If ϕ = [0] then we put ˆϕ = [0]. Theorem.6. Let ϕ : E E be an isogeny. () Let m = deg ϕ. Then () Let λ : E E 3 be another isogeny. Then (3) Let ψ : E E be another isogeny. Then ˆϕ ϕ = [m] E, ϕ ˆϕ = [m] E. λ ϕ = ˆϕ ˆλ. ψ + ϕ = ˆψ + ˆϕ.

AN INTRODUCTION TO ELLIPTIC CURVES 5 (4) For all m Z we have (5) We have (6) We have ˆ [m] = [m] and deg[m] = m. deg ˆϕ = deg ϕ. ˆϕ = ϕ. As a consequence of the previous theorem we get two interesting results. Theorem.7. Let E, E be elliptic curves. The degree map is positive definite quadratic form. deg : Hom(E, E ) Z Theorem.8. Let E be an elliptic curve and m Z \ {0}. () If char(k) = 0 or gcd(m, char(k)) =, then () If char(k) = p, then either E[m] = (Z/mZ) (Z/mZ). E[p r ] = {O} for all r =,,... ; or E[p r ] = Z/p r Z for all r =,,.....6. The Tate module. Let E/K be an elliptic curve and m. Let us suppose that char(k) = 0 or gcd(m, char(k)) =. Then E[m] = (Z/mZ) (Z/mZ). If G K/K := Gal(K/K), then G K/K acts on E[m]. Indeed, if [m]p = O and σ G K/K, then This observation leads to representation [m]p σ = ([m]p ) σ = O. G K/K Aut(E[m]) = GL (Z/mZ), where the isomorphism depends on the basis chosen for E[m]. However, in general it is easier to work with matrices with entries from a ring of characteristic 0. This leads to : Definition.9. Let E be an elliptic curve and l Z a prime. The (l adic) Tate module of E is the group T l (E) = lim E[l n ], where the inverse limit being taken with respect to the natural maps E[l n+ ] P [l]p E[l n ]. Each E[l n ] can be seen as a Z/l n Z-module and thus T l (E) has a natural structure as a Z l -module. With the help of characterization of E[l n ] we get: Lemma.30. As a Z l -module, the Tate module has the following structure. () T l (E) = Z l Z l if l char(k). () T l (E) = {0} or Z l if p = char(k) > 0. Let us note that the action of G K/K commutes with the multiplication by l maps used to form the inverse limit. This implies that G K/K acts on T l (E) too. Moreover, one can prove that this action is continuous. Definition.3. The l-adic representation (of G K/K on E), denoted by ρ l, is the map giving the action of G K/K on T l (E). ρ l : G K/K Aut(T l (E)) An important property of a Tate module of an elliptic curve is the fact that it can be used as a useful tool for studying isogenies. More precisely, if ϕ : E E is an isogeny, then ϕ, for any given n, gives map This allows us to define a Z l -linear map which induces homomorphism and in case of E = E = E Theorem.3. Let E, E be elliptic curves. Then the natural map is injective. ϕ : E [l n ] E [l n ]. ϕ l : T l (E ) T l (E ) Hom(E, E ) Hom(T l (E ), T l (E )) End(E) End(T l (E)). Hom(E, E ) Z l ϕ ϕ l Hom(T l (E ), T l (E ))

6 MACIEJ ULAS From the previous result we deduce the following: Theorem.33. Let E, E be elliptic curves. Then Hom(E, E ) is a free Z-module of rank at most 4. Similarly, we can define Hom K(T l (E ), T l (E )) to be the group of Z l -linear maps from T l (E ) to T l (E ) which commute with the action of G K/K as given by l-adic representation. This implies that we have homomorphism Theorem.34. The natural map is an isomorphism if: (a) (Tate) K is finite field; (b) (Faltings) K is number field. Hom K(E, E ) Z l Hom K(T l (E ), T l (E )). Hom K(E, E ) Z l Hom K(T l (E ), T l (E )). Definition.35. Let A be a (not necessarily commutative) algebra, finitely generated over Q. An order R of A is a subring of A which is finitely generated as Z-module and which satisfies R Q = A. Example.36. Let A be a quadratic imaginary field and O A its ring of integers. Then for each integers f > 0, the ring Z + fo A is an order of A. Definition.37. A quaternion algebra is an algebra of the form with multiplication rules A = Q + Qα + Qβ + Qαβ α, β Q, α < 0, β < 0, αβ = βα. Example.38. The ring of quaternions, i.e. R = Q + Qi + Qj + Qk with multiplicity rules i = j = k = ijk = is an example of quaternion algebra. Theorem.39. Let E/K be an elliptic curve. The endomorphism ring of E is either Z, an order in imaginary quadratic field, or an order in a quaternion algebra. Remark.40. If char(k) = 0 then End(E) can not be a quaternion algebra. Theorem.4. Let E/K be an elliptic curve. Then its automorphism group Aut(E) is a finite group dividing 4. More precisely, the order of Aut(E) is given by the following list: () if j(e) 0, 78, () 4 if j(e) = 78 and char(k), 3, (3) 6 if j(e) = 0 and char(k), 3, (4) if j(e) = 0 = 78 and char(k) = 3, (5) 4 if j(e) = 0 = 78 and char(k) =. Moreover, if char(k), 3 then Aut(E) = µ n.. Elliptic curves over finite fields.. The Hasse bound. Let K be finite field with q elements and let E be an elliptic curve defined over K. Here q is a power of a prime number. A question arises how big is the (finite!) set E(K) in this case? The following theorem was conjectured by E. Artin and was proved by H. Hasse in 930 s. Theorem.. Let E/K be an elliptic curve defined over the field with q elements. Then E(K) q q... The Weil conjectures. In 949 A. Weil states a general conjectures concerning the behaviour of the number of rational points on varietes defined over finite fields. Let K be finite field of q elements and let K n be the extension of K of degree n for each n. We have K n = q n. Let V/K be a projective variety defined over K. Definition.. The zeta function of V/K is the power series ( Z(V/K, T ) = exp V (K) T n ). n If we know the closed expression for Z(V/K, T ) then we can find the numbers V (K n) by the formula n= V (K n) = log Z(V/K, T ). (n )! dt n Theorem.3. (Weil conjectures) Let K be a finite field with q elements and V/K be a smooth projective variety of dimension n. (a) Rationality. The zeta function of V is rational Z(V/K, T ) Q(T ). (b) Functional equation. There is an integer ɛ such that Z ( V/K, q n T d n ) = ±q nɛ T ɛ Z(V/K, T ).

AN INTRODUCTION TO ELLIPTIC CURVES 7 (c) Riemman Hypothesis. There is a factorization Z(V/K, T ) = P(T ) Pn (T ) P 0(T )P (T ) P n(t ) with P i Z[T ]. Moreover, P 0(T ) = T, P n(t ) = q n T, and for each i n, P i(t ) factors over C as P i(t ) = j ( α ijt ) with α ij = q i/. Weil proved the above conjecture for curves and abelian varietes. The rationality of Zeta function was proved by Dwork in 960. The Riemann hypothesis was proved by Deligne in 973. In case of elliptic curves we have the following: Theorem.4. Let K be a finite field with q elements and E/K an elliptic curve. Then there is an a Z such that ( ) Moreover Z E/K, = Z(E/K, T ), and qt Z(E/K, T ) = at + qt ( T )( qt ). at + qt = ( αt )( βt ) with α = β = q. Remark.5. The reason why the shape of factorization of Z(V/K, T ) is called Riemman hypothesis is the following. Introducing the new variable s by the equality T = q s we get that the for an elliptic curve E ζ E/K (s) = Z(E/K, q s ) = aq s + q s ( q s )( q s ). From the functional equation we get the equality ζ E/K (s) = ζ E/K ( s) ( ) which strongly resembles the functional equation for ξ(s) = s pi s(s )Γ s ζ(s), where ζ(s) is zeta function of Riemman. Moreover, the Riemann hypothesis for Z(E/K, T ) implies that if ζ E/K (s) = 0 then q s = q and thus Re(s) =..3. The endomorphism ring. We know that in characteristic p there is only two possibilities for the group of p-torsion points E[p], namely 0 and Z/pZ. Moreover, we have also seen the characterization of End(E). There is a strong connection between these two notions. Theorem.6. (Deuring) Let K be a (perfect) field of characteristic p and E/K be an elliptic curve. For each integer r, let ϕ r : E E (pr ) and ˆϕ r : E (pr) E be the p r -power Frobenius map and its dual. () The following statements are equivalent. (a) E[p r ] = 0 for one (all) r. (b) ˆϕ r is (purely) inseparable for one (all) r. (c) The map [p] : E E is purely inseparable and j(e) F p. (d) End(E) is an order in a quaternion algebra (here End(E) means End K (E)). () If the equivalent conditions in () do not hold then E[p r ] = Z/p r Z for all r. Further, if j(e) F p, then End(E) is an order in a quadratic imaginary field Definition.7. If E has the properties given by Deuring theorem in (), then we say that E is supersingular, or that E has Hasse invariant 0. Otherwise, we say that E is ordinary, or that E has Hasse invariant. From the Deuring theorem we know that up to isomorphism, there are only finitely many elliptic curves with Hasse invariant 0, since each has j-invariant in F p. For example, for p = the only one supersingular elliptic curve is We have the following supersingularity criterion. Theorem.8. Let K be finite field of characteristic p >. () Let E/K be an elliptic curve with Weierstrass equations E : y + y = x 3. E : y = f(x), where F K[x] is a cubic polynomial with distinct roots (in K). Then E is supersingular if and only if the coefficient of x p in f(x) p is zero. () Let m = p, and define a polynomial ( ) m m H p(t) = t i. i Let λ K, λ 0,. Then the elliptic curve is supersingular if and only if H p(λ) = 0. i=0 E : y = x(x )(x λ)

8 MACIEJ ULAS (3) The polynomial H p(t) has distinct roots in K. Up to isomorphism, there are exactly [ p ] + ɛ p supersingular elliptic curves in characteristic p, where ɛ 3 =, and for p 5 ɛ p = 0,,, if p, 5, 7, (mod ) respectively. Using the criterion () one can easily check that the curve E : y = x 3 + with j-invariant j(e) = 0, satisfies: E is supersingular in characteristic p p (mod 3), E is ordinary in characteristic p p (mod 3). Similarly, one can check that the curve E : y = x 3 + x with j-ivariant j(e) = 78, satisfies: E is supersingular in characteristic p p 3 (mod 4), E is ordinary in characteristic p p (mod 4). If j(e) 0, 78 then primes for which E is supersingular are rare. For example, for the curve E : y + y = x 3 x 0x 0 with j(e) = 3 3 5 there are only 7 primes 3500 for which E is supersingular. However, we have the following result. Theorem.9. (Elkies) For each E/Q the set of those primes for which E/F p is superingular is infinite. 3. Elliptic curves over C Definition 3.. We say that Λ C is a lattice if Λ is a discrete subgroup of C which contains an R-basis of C. Definition 3.. An elliptic function (relative to the lattice Λ) is a meromorphic function on C which satisfies The set of all elliptic functions is denoted C(Λ). f(z + ω) = f(z) for all ω Λ, z C. Definition 3.3. Let Λ C be a lattice. The Weierstrass -function (relative to Λ) is defined by the series (z; Λ) = z + ( (z ω) ). ω The Eisenstein series of weight k (for Λ) is the series G k (Λ) = ω Λ\{0} ω Λ\{0} ω k. There is a strong connection between these two notions. More precisely, we have: Theorem 3.4. (b) For all z C \ Λ, (a) The Laurent series for about z = 0 is given by where g = 60G 4, g 3 = 40G 6. We also have: Theorem 3.5. Let Λ be a lattice. Then (z) = z + (k + )G k+ (Λ)z k. k= (z) = 4 (z) 3 g (z) g 3, C(Λ) = C( (z), (z)). Theorem 3.6. Let g and g 3 be the quantities associated to a lattice Λ C. (a) The polynomials f(x) = 4x 3 g x g 3 has distinct zeros and its discriminant (Λ) = g 3 7g3 is non zero. (b) Let E/C be the elliptic curve E : y = 4x 3 g x g 3, which is an elliptic curve from (a). Then the map G : C/Λ z [ (z) : (z) : ] E P (C) is a complex analytic isomorphism of complex Lie groups. (c) (Uniformization) Let E/C be the elliptic curve E : y = 4x 3 Ax B with A 3 7B 0. Then there exists a unique lattice Λ C such that g (Λ) = A, g 3(Λ) = B. Theorem 3.7. Let E : y = 4x 3 g x g 3 be the elliptic curve over C.

AN INTRODUCTION TO ELLIPTIC CURVES 9 () Let α i β be paths on E(C) giving a basis for H (E, Z). Then the periods dx ω = y, ω = dx y are R-linearly independent. () Let Λ C be the lattice generated by ω and ω. Then the map α F : E(C) P P O dx y β (mod Λ) is a complex analytic isomorphism. Its inverse is the map G given in the previous theorem. Let Λ, Λ be lattices in C. If α C satisfies αλ Λ then the map is holomorphic homomorphism. We have the following result: Theorem 3.8. (a) With notation as above, the association ϕ α : C/Λ z αz mod Λ {α C : αλ Λ } {holomorphic maps ϕ : C/Λ C/Λ, ϕ(0) = 0}. α ϕ α is a bijection. (b) Let E and E be the elliptic curves corresponding to the lattices Λ and Λ. Then the inclusion {isogenies ϕ : E E } {holomorphic maps ϕ : C/Λ C/Λ, ϕ(0) = 0} is a bijection. (c) Let E i/c be an elliptic curve with corresponding lattice Λ i for i =,. Then E, E are isomorphic over C if and only if Λ and Λ are homotetic, i.e. Λ = αλ for some α C. 4. Modular forms and modular curves 4.. Modular functions and modular forms. Let Γ C be a lattice and let us consider the Eisenstein series G k (Λ), the discriminant and the j-invariant We have the following properties (Λ) = g 3 7g 3 j(λ) = 78 (4g)3 (Λ). G k (αλ) = α k G k (Λ), (αλ) = α (Λ), j(αλ) = j(λ). The domain of these functions is the space of lattices. We consider these functions modulo homothety. We introduce the following notation and terminology: Definition 4.. The modular group is the group of matrices with integer entries and determinant. { ( ) a b } SL (Z) = : a, b, c, d Z, ad bc =. Each element of SL (Z) can be understood as an automorphism of the Riemann sphere Ĉ = C { }. We have ( ) a b (τ) = aτ + b cτ + d, τ Ĉ. Definition 4.. The upper half plane is the set H = {τ C : Im(τ) > 0}. The formula Im(γ(τ)) = Im(τ) ( ) a b cτ + d, τ = SL (Z) together with the equality (γ γ )(τ) = γ (γ (τ ) ) for all γ, γ SL (Z) show that SL (Z) acts on H. Moreover, we put Λ τ = Z + Zτ for τ H and G k (τ) = G k (Λ τ ), (τ) = (Λ τ ), j(τ) = j(λ τ ). We have identities ( ) G k (γτ) = (cτ + d) k a b G k (τ) for γ = SL (Z). In particular, if c = 0, then necessarily d = ± and G k (γτ) = G k (τ). For example G k (τ + ) = G k (τ) and thus G k has Fourier expansion G k (τ) = c(n)q n, where we put q = e πiτ. n=

0 MACIEJ ULAS Definition 4.3. A meromorphic function on H is called a modular function of weight k (for SL (Z)) if it satisfies: ( ) a b (a) f(τ) = (cτ + d) k f(γτ) for all γ = SL (Z); (b) The Fourier expansion of f in the variable q = e πiτ has the form f(τ) = for some finite integer n 0 = n 0(f). n=n 0 c(n)q n Definition 4.4. We say that f is a modular form of weight k if f is holomorphic on H and n 0(f) = 0, in which case we also say that f is holomorphic at and then we put f( ) = c(0). If f( ) = 0, then we call f a cusp form. We have the following examples of modular functions Theorem 4.5. form (a) The j-function j(τ) is a modular function of weight 0 which is holomorphic on H. The Fourier series of j has the j(τ) = τ + 744 + c(n)q n with c(n) Z. (b) The Eisenstein series G k (τ) is a modular form of weight k. Its Fourier series is given by G k (τ) = ζ(k) + (πi)k σ k (n)q n, (k )! where σ α(n) = d n dα. (c) The discriminant function (τ) is a cusp form of weight. Its Fourier series has the form (τ) = (π) τ(n)q n = (π) q ( q n ) 4 with τ() = and τ(n) Z. n= n= We know that j(τ) is modular function of weight 0 and H/ SL (Z) has an natural structure of a Riemann surface. This plus some extra work allows to prove the following: Theorem 4.6. The map j : H/ SL (Z) C is a complex analytic isomorphism of (open) Riemann surfaces. In particular this implies that H/ SL (Z) is not compact (but has natural compactification as P(C)). We define H = H P(Q). Here SL (Z) acts (transitively) on P(Q) in the usual manner. One can prove that the quotient H / SL (Z) has a structure of a Riemann surface and then that the function j defines complex analytic isomorphism n= j : H / SL (Z) P(C). Definition 4.7. For each integer N, we define subgroups SL (Z) as follows: { ( ) a b } Γ 0(N) = SL (Z) : c 0 (mod N), { ( ) a b Γ (N) = { ( ) a b Γ(N) = n= } SL (Z) : c 0 (mod N), a d (mod N), } SL (Z) : b c 0 (mod N), a d (mod N). More generally, a congruence subgroup of SL (Z) is defined to be a subgroup Γ of SL (Z) which contains Γ(N) for some integer N. If Γ is a congruence subgroup of SL (Z), then Γ acts on H and we can form the quotient space H /Γ. Shimura proved that H /Γ has a natural structure as a Riemann surface. The action of Γ on Q H gives finitely many orbits and the images of these orbits in the quotient space H /Γ are called cusps of Γ. Definition 4.8. Let Γ be a congruence subgroup of SL (Z). A meromorphic function f on H is called a modular function of weight k for Γ if: ( ) a b (a) f(τ) = (cτ + d) k f(γτ) for all γ = Γ; and (b) f is meromorphic at each of the cusps of H /Γ. A modular function is called a modular form if it is holomorphic on H and at each cusps of H /Γ. A modular function is called a cusp form if it is a modular form and vanishes at every cusp. Example 4.9. Let η(τ) = q /4 n= ( qn ) be the Dedekind η function. The function is a cusp form of weight for the group Γ 0(). f(τ) = η(τ) η(τ)

AN INTRODUCTION TO ELLIPTIC CURVES 4.. Modular curves. Let Γ be a congruence subgroup of SL (Z). If Γ = SL (Z), then we have seen that the points of the Riemann surface H/ SL (Z) are in one-to-one correspondence with the isomorphism classes of elliptic curves defined over C. This isomorphism sends the point τ (mod Γ) of H/Γ to the elliptic curve E τ = Z/(Z + Zτ). Let us consider now the subgroup { ( ) a b } Γ (N) = SL (Z) : c 0 (mod N), a d (mod N). Since Γ (N) SL (Z) for each τ H/Γ (N) we have corresponding elliptic curve E τ. However, each point of H/Γ (N) contains additional information. To be more precise, let us note that if T τ E τ corresponds with the fraction /N C/Λ τ then T τ E τ [N]. Next, we note that the isomorphism f : C/Γ τ z z cτ + d C/Λ γ(τ), where γ(τ) = (aτ + b)/(cτ + d), sends /N to /N(cτ + d). If now γ Γ (N) then N N(cτ + d) = c τ + d N N cτ + d f(λ τ ) = Λ γ(τ). What does it mean? This means that the point /N C/Λ τ remains fixed under the action of an element of Γ (N). This implies that each point of H/Γ (N) gives an elliptic curve E τ /C together with a specified point T τ of exact order N. Moreover, for any given elliptic curve E/C there is a point τ H/Γ (N) and an isomorphism E τ E such that T τ T. Thus the Riemann surface H/Γ (N) can be understood as a space which parameterizes equivalence classes of pairs (E, T ), where E is an elliptic curve defined over C and T E is a point of exact order N. The quotient H/Γ (N) is an example of moduli space for the moduli problem of determining equivalence classes of pairs (E, T ), where E is an elliptic curve defined over C and T E is a point of exact order N. Similar analysis can be performed for the subgroup Γ 0(N). If γ Γ 0(N) and τ H/Γ 0(N) then the subgroup { N, N,..., N } C/Λ τ N remains invariant under the action of γ. Thus, we get that the quotient H/Γ (N) is a moduli space for the problem of determining equivalence classes of pairs (E, G), where E is an elliptic curve over C and G E is a cyclic subgroup of exact order N. We summarize the observations given above in the following: Theorem 4.0. (Shimura) Let N be an integer. (a) There exists a smooth projective curve X 0(N)(C) and a complex analytic isomorphism j N,0 : H /Γ 0(N) X 0(N)(C) such that the following holds: Let τ H/Γ 0(N), and let K = Q(j N,0(τ)). τ corresponds to an equivalence class of pairs (E, G), where E is an elliptic curve and G E is a cyclic group of order N. This equivalence class contains a pair such that both E and G are defined over K. (b) There exists a smooth projective curve X (N)(C) and a complex analytic isomorphism j N, : H /Γ 0(N) X (N)(C) such that the following holds: Let τ H/Γ (N), and let K = Q(j N,(τ)). τ corresponds to an equivalence class of pairs (E, T ), where E is an elliptic curve and T E is a point of exact order N. This equivalence class contains a pair such that E is defined over K and T E(K). More generally, Shimura proved that if Γ is any congruence subgroup of SL (Z), then one can find in a similar manner a smooth projective curve X(Γ) defined over some number field K(Γ) and a complex analytic isomorphism j Γ : H /Γ X(Γ)(C). This allows to put the following: Definition 4.. The curve X(Γ) is a modular curve. The set of cusps of X(Γ) consists of the finite set of points j Γ(P(Q)/Γ). In other words the cusps of X(Γ) are the image under j Γ of the cusps of Γ. Using the machinery of modular curves B. Mazur was able to prove the following: Theorem 4.. (Mazur) Let E/Q be an elliptic curve. Then the torsion subgroup Tors(E) is one of the following fifteen groups: Further, each of these groups does occur as an Tors(E). Z/NZ, N 0 or N = ; Z/Z Z/NZ, N 4. Theorem 4.3. (Modularity theorem) (Wiles, Taylor, Breuil, Conrad, Diamond) Let E/C be an elliptic curve with j Q. Then for some positive integer N there exists a surjective holomorphic function f : X 0(N)(C) E. References [] J. Silverman, The Arithmetic of Elliptic pa Curves, Springer-Verlag, New York, 986.