In
mathematics, an elliptic curve is a
smooth
Smooth may refer to:
Mathematics
* Smooth function, a function that is infinitely differentiable; used in calculus and topology
* Smooth manifold, a differentiable manifold for which all the transition maps are smooth functions
* Smooth algebrai ...
,
projective,
algebraic curve
In mathematics, an affine algebraic plane curve is the zero set of a polynomial in two variables. A projective algebraic plane curve is the zero set in a projective plane of a homogeneous polynomial in three variables. An affine algebraic plane ...
of
genus
Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
one, on which there is a specified point . An elliptic curve is defined over a
field and describes points in , the
Cartesian product of with itself. If the field's
characteristic is different from 2 and 3, then the curve can be described as a
plane algebraic curve
In mathematics, an affine algebraic plane curve is the zero set of a polynomial in two variables. A projective algebraic plane curve is the zero set in a projective plane of a homogeneous polynomial in three variables. An affine algebraic plane c ...
which consists of solutions for:
:
for some coefficients and in . The curve is required to be
non-singular
In the mathematical field of algebraic geometry, a singular point of an algebraic variety is a point that is 'special' (so, singular), in the geometric sense that at this point the tangent space at the variety may not be regularly defined. In ca ...
, which means that the curve has no
cusps or
self-intersections. (This is equivalent to the condition , that is, being
square-free {{no footnotes, date=December 2015
In mathematics, a square-free element is an element ''r'' of a unique factorization domain ''R'' that is not divisible by a non-trivial square. This means that every ''s'' such that s^2\mid r is a unit of ''R''.
A ...
in .) It is always understood that the curve is really sitting in the
projective plane
In mathematics, a projective plane is a geometric structure that extends the concept of a plane. In the ordinary Euclidean plane, two lines typically intersect in a single point, but there are some pairs of lines (namely, parallel lines) that d ...
, with the point being the unique
point at infinity
In geometry, a point at infinity or ideal point is an idealized limiting point at the "end" of each line.
In the case of an affine plane (including the Euclidean plane), there is one ideal point for each pencil of parallel lines of the plane. Ad ...
. Many sources define an elliptic curve to be simply a curve given by an equation of this form. (When the
coefficient field has characteristic 2 or 3, the above equation is not quite general enough to include all non-singular
cubic curves; see below.)
An elliptic curve is an
abelian variety – that is, it has a group law defined algebraically, with respect to which it is an
abelian group
In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
– and serves as the identity element.
If , where is any polynomial of degree three in with no repeated roots, the solution set is a nonsingular plane curve of
genus
Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
one, an elliptic curve. If has degree four and is
square-free {{no footnotes, date=December 2015
In mathematics, a square-free element is an element ''r'' of a unique factorization domain ''R'' that is not divisible by a non-trivial square. This means that every ''s'' such that s^2\mid r is a unit of ''R''.
A ...
this equation again describes a plane curve of genus one; however, it has no natural choice of identity element. More generally, any algebraic curve of genus one, for example the intersection of two
quadric surfaces embedded in three-dimensional projective space, is called an elliptic curve, provided that it is equipped with a marked point to act as the identity.
Using the theory of
elliptic functions, it can be shown that elliptic curves defined over the
complex number
In mathematics, a complex number is an element of a number system that extends the real numbers with a specific element denoted , called the imaginary unit and satisfying the equation i^= -1; every complex number can be expressed in the fo ...
s correspond to embeddings of the
torus
In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle.
If the axis of revolution does not tou ...
into the
complex projective plane
In mathematics, the complex projective plane, usually denoted P2(C), is the two-dimensional complex projective space. It is a complex manifold of complex dimension 2, described by three complex coordinates
:(Z_1,Z_2,Z_3) \in \mathbf^3,\qquad (Z_1, ...
. The torus is also an
abelian group
In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
, and this correspondence is also a
group isomorphism.
Elliptic curves are especially important in
number theory
Number theory (or arithmetic or higher arithmetic in older usage) is a branch of pure mathematics devoted primarily to the study of the integers and integer-valued functions. German mathematician Carl Friedrich Gauss (1777–1855) said, "Mat ...
, and constitute a major area of current research; for example, they were used in
Andrew Wiles's proof of Fermat's Last Theorem. They also find applications in
elliptic curve cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide ...
(ECC) and
integer factorization.
An elliptic curve is ''not'' an
ellipse in the sense of a projective conic, which has genus zero: see
elliptic integral
In integral calculus, an elliptic integral is one of a number of related functions defined as the value of certain integrals, which were first studied by Giulio Fagnano and Leonhard Euler (). Their name originates from their originally arising in ...
for the origin of the term. However, there is a natural representation of real elliptic curves with shape invariant as ellipses in the hyperbolic plane
. Specifically, the intersections of the Minkowski hyperboloid with quadric surfaces characterized by a certain constant-angle property produce the Steiner ellipses in
(generated by orientation-preserving collineations). Further, the orthogonal trajectories of these ellipses comprise the elliptic curves with , and any ellipse in
described as a locus relative to two foci is uniquely the elliptic curve sum of two Steiner ellipses, obtained by adding the pairs of intersections on each orthogonal trajectory. Here, the vertex of the hyperboloid serves as the identity on each trajectory curve.
Topologically, a complex elliptic curve is a
torus
In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle.
If the axis of revolution does not tou ...
, while a complex ellipse is a
sphere
A sphere () is a geometrical object that is a three-dimensional analogue to a two-dimensional circle. A sphere is the set of points that are all at the same distance from a given point in three-dimensional space.. That given point is th ...
.
Elliptic curves over the real numbers
Although the formal definition of an elliptic curve requires some background in
algebraic geometry, it is possible to describe some features of elliptic curves over the
real number
In mathematics, a real number is a number that can be used to measure a ''continuous'' one-dimensional quantity such as a distance, duration or temperature. Here, ''continuous'' means that values can have arbitrarily small variations. Every ...
s using only introductory
algebra
Algebra () is one of the broad areas of mathematics. Roughly speaking, algebra is the study of mathematical symbols and the rules for manipulating these symbols in formulas; it is a unifying thread of almost all of mathematics.
Elementary ...
and
geometry
Geometry (; ) is, with arithmetic, one of the oldest branches of mathematics. It is concerned with properties of space such as the distance, shape, size, and relative position of figures. A mathematician who works in the field of geometry is ...
.
In this context, an elliptic curve is a
plane curve
In mathematics, a plane curve is a curve in a plane that may be either a Euclidean plane, an affine plane or a projective plane. The most frequently studied cases are smooth plane curves (including piecewise smooth plane curves), and algebraic ...
defined by an equation of the form
:
after a linear change of variables ( and are real numbers). This type of equation is called a Weierstrass equation, and said to be in Weierstrass form, or Weierstrass normal form.
The definition of elliptic curve also requires that the curve is
non-singular
In the mathematical field of algebraic geometry, a singular point of an algebraic variety is a point that is 'special' (so, singular), in the geometric sense that at this point the tangent space at the variety may not be regularly defined. In ca ...
. Geometrically, this means that the graph has no
cusps, self-intersections, or
isolated points. Algebraically, this holds if and only if the
discriminant,
, is not equal to zero.
:
(Although the factor −16 is irrelevant to whether or not the curve is non-singular, this definition of the discriminant is useful in a more advanced study of elliptic curves.)
The real graph of a non-singular curve has ''two'' components if its discriminant is positive, and ''one'' component if it is negative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in the second case is −368.
The group law
When working in the
projective plane
In mathematics, a projective plane is a geometric structure that extends the concept of a plane. In the ordinary Euclidean plane, two lines typically intersect in a single point, but there are some pairs of lines (namely, parallel lines) that d ...
, we can define a
group
A group is a number of persons or things that are located, gathered, or classed together.
Groups of people
* Cultural group, a group whose members share the same cultural identity
* Ethnic group, a group whose members share the same ethnic ide ...
structure on any smooth cubic curve. In Weierstrass normal form, such a curve will have an additional point at infinity (the
homogeneous coordinates ), which serves as the identity of the group.
Since the curve is symmetrical about the -axis, given any point , we can take to be the point opposite it.
, as it is the identity element.
If and are two points on the curve, then we can uniquely describe a third point in the following way. First, draw the line that intersects and . This will generally intersect the cubic at a third point, . We then take to be , the point opposite .
This definition for addition works except in a few special cases related to the point at infinity and intersection multiplicity. The first is when one of the points is . Here, we define , making the identity of the group. If we only have one point, thus we cannot define the line between them. In this case, we use the tangent line to the curve at this point as our line. In most cases, the tangent will intersect a second point and we can take its opposite. If and are opposites of each other, we define . Lastly, If is an
inflection point
In differential calculus and differential geometry, an inflection point, point of inflection, flex, or inflection (British English: inflexion) is a point on a smooth plane curve at which the curvature changes sign. In particular, in the case ...
(a point where the concavity of the curve changes), we take to be itself and is simply the point opposite itself, i.e. itself.
Let be a field over which the curve is defined (that is, the coefficients of the defining equation or equations of the curve are in ) and denote the curve by . Then the -
rational point
In number theory and algebraic geometry, a rational point of an algebraic variety is a point whose coordinates belong to a given field. If the field is not mentioned, the field of rational numbers is generally understood. If the field is the fiel ...
s of are the points on whose coordinates all lie in , including the point at infinity. The set of -rational points is denoted by . is a group, because properties of polynomial equations show that if is in , then is also in , and if two of , , are in , then so is the third. Additionally, if is a subfield of , then is a
subgroup
In group theory, a branch of mathematics, given a group ''G'' under a binary operation ∗, a subset ''H'' of ''G'' is called a subgroup of ''G'' if ''H'' also forms a group under the operation ∗. More precisely, ''H'' is a subgroup ...
of .
Algebraic interpretation
The above groups can be described algebraically as well as geometrically. Given the curve over the field (whose
characteristic we assume to be neither 2 nor 3), and points and on the curve, assume first that (case ''1''). Let be the equation of the line that intersects and , which has the following slope:
:
The line equation and the curve equation intersect at the points , , and , so the equations have identical values at these values.
:
which is equivalent to
:
Since , , and are solutions, this equation has its roots at exactly the same values as
:
and so must be the same polynomial. Then
equating the coefficients In mathematics, the method of equating the coefficients is a way of solving a functional equation of two expressions such as polynomials for a number of unknown parameters. It relies on the fact that two expressions are identical precisely when cor ...
of in both equations
:
and solving for the unknown .
:
follows from the line equation
:
and this is an element of , because is.
If , then there are two options: if (case ''3''), including the case where (case ''4''), then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the -axis.
If , then and (case ''2'' using as ). The slope is given by the tangent to the curve at (''x''
''P'', ''y''
''P'').
:
Non-Weierstrass curves
For a cubic curve not in Weierstrass normal form, we can still define a group structure by designating one of its nine inflection points as the identity . In the projective plane, each line will intersect a cubic at three points when accounting for multiplicity. For a point , is defined as the unique third point on the line passing through and . Then, for any and , is defined as where is the unique third point on the line containing and .
Elliptic curves over the rational numbers
A curve ''E'' defined over the field of rational numbers is also defined over the field of real numbers. Therefore, the law of addition (of points with real coordinates) by the tangent and secant method can be applied to ''E''. The explicit formulae show that the sum of two points ''P'' and ''Q'' with rational coordinates has again rational coordinates, since the line joining ''P'' and ''Q'' has rational coefficients. This way, one shows that the set of rational points of ''E'' forms a subgroup of the group of real points of ''E''. As this group, it is an
abelian group
In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
, that is, ''P'' + ''Q'' = ''Q'' + ''P''.
Integral points
This section is concerned with points ''P'' = (''x'', ''y'') of ''E'' such that ''x'' is an integer.
For example, the equation ''y''
2 = ''x''
3 + 17 has eight integral solutions with ''y'' > 0 :
:(''x'', ''y'') = (−2, 3), (−1, 4), (2, 5), (4, 9), (8, 23), (43, 282), (52, 375), (, ).
As another example,
Ljunggren's equation, a curve whose Weierstrass form is ''y''
2 = ''x''
3 − 2''x'', has only four solutions with ''y'' ≥ 0 :
:(''x'', ''y'') = (0, 0), (−1, 1), (2, 2), (338, ).
The structure of rational points
Rational points can be constructed by the method of tangents and secants detailed
above, starting with a ''finite'' number of rational points. More precisely the
Mordell–Weil theorem states that the group ''E''(Q) is a
finitely generated (abelian) group. By the
fundamental theorem of finitely generated abelian groups it is therefore a finite direct sum of copies of Z and finite cyclic groups.
The proof of the theorem involves two parts. The first part shows that for any integer ''m'' > 1, the
quotient group ''E''(Q)/''mE''(Q) is finite (this is the weak Mordell–Weil theorem). Second, introducing a
height function
A height function is a function that quantifies the complexity of mathematical objects. In Diophantine geometry, height functions quantify the size of solutions to Diophantine equations and are typically functions from a set of points on algeb ...
''h'' on the rational points ''E''(Q) defined by ''h''(''P''
0) = 0 and if ''P'' (unequal to the point at infinity ''P''
0) has as
abscissa
In common usage, the abscissa refers to the (''x'') coordinate and the ordinate refers to the (''y'') coordinate of a standard two-dimensional graph.
The distance of a point from the y-axis, scaled with the x-axis, is called abscissa or x coo ...
the rational number ''x'' = ''p''/''q'' (with
coprime
In mathematics, two integers and are coprime, relatively prime or mutually prime if the only positive integer that is a divisor of both of them is 1. Consequently, any prime number that divides does not divide , and vice versa. This is equivale ...
''p'' and ''q''). This height function ''h'' has the property that ''h''(''mP'') grows roughly like the square of ''m''. Moreover, only finitely many rational points with height smaller than any constant exist on ''E''.
The proof of the theorem is thus a variant of the method of
infinite descent and relies on the repeated application of
Euclidean division
In arithmetic, Euclidean division – or division with remainder – is the process of dividing one integer (the dividend) by another (the divisor), in a way that produces an integer quotient and a natural number remainder strictly smaller than ...
s on ''E'': let ''P'' ∈ ''E''(Q) be a rational point on the curve, writing ''P'' as the sum 2''P''
1 + ''Q''
1 where ''Q''
1 is a fixed representant of ''P'' in ''E''(Q)/2''E''(Q), the height of ''P''
1 is about of the one of ''P'' (more generally, replacing 2 by any ''m'' > 1, and by ). Redoing the same with ''P''
1, that is to say ''P''
1 = 2''P''
2 + ''Q''
2, then ''P''
2 = 2''P''
3 + ''Q''
3, etc. finally expresses ''P'' as an integral linear combination of points ''Q
i'' and of points whose height is bounded by a fixed constant chosen in advance: by the weak Mordell–Weil theorem and the second property of the height function ''P'' is thus expressed as an integral linear combination of a finite number of fixed points.
The theorem however doesn't provide a method to determine any representatives of ''E''(Q)/''mE''(Q).
The
rank
Rank is the relative position, value, worth, complexity, power, importance, authority, level, etc. of a person or object within a ranking, such as:
Level or position in a hierarchical organization
* Academic rank
* Diplomatic rank
* Hierarchy
* ...
of ''E''(Q), that is the number of copies of Z in ''E''(Q) or, equivalently, the number of independent points of infinite order, is called the ''rank'' of ''E''. The
Birch and Swinnerton-Dyer conjecture
In mathematics, the Birch and Swinnerton-Dyer conjecture (often called the Birch–Swinnerton-Dyer conjecture) describes the set of rational solutions to equations defining an elliptic curve. It is an open problem in the field of number theory an ...
is concerned with determining the rank. One conjectures that it can be arbitrarily large, even if only examples with relatively small rank are known. The elliptic curve with the currently largest exactly-known rank is
:''y''
2 + ''xy'' + ''y'' = ''x''
3 − ''x''
2 − ''x'' +
It has rank 20, found by
Noam Elkies and Zev Klagsbrun in 2020. Curves of rank higher than 20 have been known since 1994, with lower bounds on their ranks ranging from 21 to 28, but their exact ranks are not known and in particular it is not proven which of them have higher rank than the others or which is the true "current champion".
As for the groups constituting the
torsion subgroup of ''E''(Q), the following is known: the torsion subgroup of ''E''(Q) is one of the 15 following groups (
a theorem due to
Barry Mazur): Z/''N''Z for ''N'' = 1, 2, ..., 10, or 12, or Z/2Z × Z/2''N''Z with ''N'' = 1, 2, 3, 4. Examples for every case are known. Moreover, elliptic curves whose Mordell–Weil groups over Q have the same torsion groups belong to a parametrized family.
The Birch and Swinnerton-Dyer conjecture
The ''Birch and Swinnerton-Dyer conjecture'' (BSD) is one of the
Millennium problems of the
Clay Mathematics Institute. The conjecture relies on analytic and arithmetic objects defined by the elliptic curve in question.
At the analytic side, an important ingredient is a function of a complex variable, ''L'', the
Hasse–Weil zeta function of ''E'' over Q. This function is a variant of the
Riemann zeta function and
Dirichlet L-function
In mathematics, a Dirichlet ''L''-series is a function of the form
:L(s,\chi) = \sum_^\infty \frac.
where \chi is a Dirichlet character and ''s'' a complex variable with real part greater than 1. It is a special case of a Dirichlet series. By ...
s. It is defined as an
Euler product In number theory, an Euler product is an expansion of a Dirichlet series into an infinite product indexed by prime numbers. The original such product was given for the sum of all positive integers raised to a certain power as proven by Leonhard Eu ...
, with one factor for every
prime number
A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...
''p''.
For a curve ''E'' over Q given by a minimal equation
:
with integral coefficients
, reducing the coefficients
modulo ''p'' defines an elliptic curve over the
finite field
In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
F
''p'' (except for a finite number of primes ''p'', where the reduced curve has a
singularity and thus fails to be elliptic, in which case ''E'' is said to be of
bad reduction at ''p'').
The zeta function of an elliptic curve over a finite field F
''p'' is, in some sense, a
generating function assembling the information of the number of points of ''E'' with values in the finite
field extensions F
''pn'' of F
''p''. It is given by
:
The interior sum of the exponential resembles the development of the
logarithm
In mathematics, the logarithm is the inverse function to exponentiation. That means the logarithm of a number to the base is the exponent to which must be raised, to produce . For example, since , the ''logarithm base'' 10 of ...
and, in fact, the so-defined zeta function is a
rational function:
:
where the 'trace of Frobenius' term
is defined to be the difference between the 'expected' number
and the number of points on the elliptic curve
over
, viz.
:
or equivalently,
:
.
We may define the same quantities and functions over an arbitrary finite field of characteristic
, with
replacing
everywhere.
The
L-function
In mathematics, an ''L''-function is a meromorphic function on the complex plane, associated to one out of several categories of mathematical objects. An ''L''-series is a Dirichlet series, usually convergent on a half-plane, that may give ri ...
of ''E'' over Q is then defined by collecting this information together, for all primes ''p''. It is defined by
:
where ''N'' is the
conductor of ''E'', i.e. the product of primes with bad reduction, in which case ''a
p'' is defined differently from the method above: see Silverman (1986) below.
This product
converges for Re(''s'') > 3/2 only. Hasse's conjecture affirms that the ''L''-function admits an
analytic continuation
In complex analysis, a branch of mathematics, analytic continuation is a technique to extend the domain of definition of a given analytic function. Analytic continuation often succeeds in defining further values of a function, for example in a n ...
to the whole complex plane and satisfies a
functional equation
In mathematics, a functional equation
is, in the broadest meaning, an equation in which one or several functions appear as unknowns. So, differential equations and integral equations are functional equations. However, a more restricted meaning ...
relating, for any ''s'', ''L''(''E'', ''s'') to ''L''(''E'', 2 − ''s''). In 1999 this was shown to be a consequence of the proof of the Shimura–Taniyama–Weil conjecture, which asserts that every elliptic curve over ''Q'' is a
modular curve
In number theory and algebraic geometry, a modular curve ''Y''(Γ) is a Riemann surface, or the corresponding algebraic curve, constructed as a quotient of the complex upper half-plane H by the action of a congruence subgroup Γ of the modular ...
, which implies that its ''L''-function is the ''L''-function of a
modular form whose analytic continuation is known. One can therefore speak about the values of ''L''(''E'', ''s'') at any complex number ''s''.
At ''s=1'' (the conductor product can be discarded as it is finite), the L-function becomes
:
The ''Birch and Swinnerton-Dyer conjecture'' relates the arithmetic of the curve to the behaviour of this ''L''-function at ''s'' = 1. It affirms that the vanishing order of the ''L''-function at ''s'' = 1 equals the rank of ''E'' and predicts the leading term of the Laurent series of ''L''(''E'', ''s'') at that point in terms of several quantities attached to the elliptic curve.
Much like the
Riemann hypothesis, the truth of the BSD conjecture would have multiple consequences, including the following two:
* A
congruent number
In number theory, a congruent number is a positive integer that is the area of a right triangle with three rational number sides. A more general definition includes all positive rational numbers with this property.
The sequence of (integer) c ...
is defined as an odd
square-free integer
In mathematics, a square-free integer (or squarefree integer) is an integer which is divisible by no square number other than 1. That is, its prime factorization has exactly one factor for each prime that appears in it. For example, is square-f ...
''n'' which is the area of a right triangle with rational side lengths. It is known that ''n'' is a congruent number if and only if the elliptic curve
has a rational point of infinite order; assuming BSD, this is equivalent to its ''L''-function having a zero at ''s'' = 1.
Tunnell has shown a related result: assuming BSD, ''n'' is a congruent number if and only if the number of triplets of integers (''x'', ''y'', ''z'') satisfying
is twice the number of triples satisfying
. The interest in this statement is that the condition is easy to check.
*In a different direction, certain analytic methods allow for an estimation of the order of zero in the center of the
critical strip for certain ''L''-functions. Admitting BSD, these estimations correspond to information about the rank of families of the corresponding elliptic curves. For example: assuming the
generalized Riemann hypothesis
The Riemann hypothesis is one of the most important conjectures in mathematics. It is a statement about the zeros of the Riemann zeta function. Various geometrical and arithmetical objects can be described by so-called global ''L''-functions, whic ...
and BSD, the average rank of curves given by
is smaller than 2.
Elliptic curves over finite fields
Let ''K'' = F
''q'' be the
finite field
In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
with ''q'' elements and ''E'' an elliptic curve defined over ''K''. While the precise
number of rational points of an elliptic curve ''E'' over ''K'' is in general difficult to compute,
Hasse's theorem on elliptic curves
Hasse's theorem on elliptic curves, also referred to as the Hasse bound, provides an estimate of the number of points on an elliptic curve over a finite field, bounding the value both above and below.
If ''N'' is the number of points on the ell ...
gives the following inequality:
:
In other words, the number of points on the curve grows proportionally to the number of elements in the field. This fact can be understood and proven with the help of some general theory; see
local zeta function and
étale cohomology
In mathematics, the étale cohomology groups of an algebraic variety or scheme are algebraic analogues of the usual cohomology groups with finite coefficients of a topological space, introduced by Grothendieck in order to prove the Weil conjectur ...
for example.
The set of points ''E''(F
''q'') is a finite abelian group. It is always cyclic or the product of two cyclic groups, depending whether ''q'' is even or odd. For example, the curve defined by
:
over F
71 has 72 points (71
affine points including (0,0) and one
point at infinity
In geometry, a point at infinity or ideal point is an idealized limiting point at the "end" of each line.
In the case of an affine plane (including the Euclidean plane), there is one ideal point for each pencil of parallel lines of the plane. Ad ...
) over this field, whose group structure is given by Z/2Z × Z/36Z. The number of points on a specific curve can be computed with
Schoof's algorithm Schoof's algorithm is an efficient algorithm to count points on elliptic curves over finite fields. The algorithm has applications in elliptic curve cryptography where it is important to know the number of points to judge the difficulty of solving t ...
.
Studying the curve over the
field extensions of F
''q'' is facilitated by the introduction of the local zeta function of ''E'' over F
''q'', defined by a generating series (also see above)
:
where the field ''K
n'' is the (unique up to isomorphism) extension of ''K'' = F
''q'' of degree ''n'' (that is, F
''qn'').
The zeta function is a rational function in ''T''. To see this, the integer
such that
:
has an associated complex number
such that
:
where
is the
complex conjugate
In mathematics, the complex conjugate of a complex number is the number with an equal real part and an imaginary part equal in magnitude but opposite in sign. That is, (if a and b are real, then) the complex conjugate of a + bi is equal to a - ...
. We choose
so that its
absolute value is
, that is
, and that
, so that
and
, or in other words,
.
can then be used in the local zeta function as its values when raised to the various powers of can be said to reasonably approximate the behaviour of
.
:
:
:
:
:
Then
, so finally
:
For example, the zeta function of ''E'' : ''y''
2 + ''y'' = ''x''
3 over the field F
2 is given by
:
which follows from:
:
The
functional equation
In mathematics, a functional equation
is, in the broadest meaning, an equation in which one or several functions appear as unknowns. So, differential equations and integral equations are functional equations. However, a more restricted meaning ...
is
:
As we are only interested in the behaviour of
, we can use a reduced zeta function
:
:
and so
:
which leads directly to the local L-functions
:
The
Sato–Tate conjecture
In mathematics, the Sato–Tate conjecture is a statistical statement about the family of elliptic curves ''Ep'' obtained from an elliptic curve ''E'' over the rational numbers by reduction modulo almost all prime numbers ''p''. Mikio Sato and J ...
is a statement about how the error term
in Hasse's theorem varies with the different primes ''q'', if an elliptic curve E over Q is reduced modulo q. It was proven (for almost all such curves) in 2006 due to the results of Taylor, Harris and Shepherd-Barron, and says that the error terms are equidistributed.
Elliptic curves over finite fields are notably applied in
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
and for the
factorization
In mathematics, factorization (or factorisation, see English spelling differences) or factoring consists of writing a number or another mathematical object as a product of several ''factors'', usually smaller or simpler objects of the same kind ...
of large integers. These algorithms often make use of the group structure on the points of ''E''. Algorithms that are applicable to general groups, for example the group of invertible elements in finite fields, F*
''q'', can thus be applied to the group of points on an elliptic curve. For example, the
discrete logarithm is such an algorithm. The interest in this is that choosing an elliptic curve allows for more flexibility than choosing ''q'' (and thus the group of units in F
''q''). Also, the group structure of elliptic curves is generally more complicated.
Elliptic curves over a general field
Elliptic curves can be defined over any
field ''K''; the formal definition of an elliptic curve is a non-singular projective algebraic curve over ''K'' with
genus
Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
1 and endowed with a distinguished point defined over ''K''.
If the
characteristic of ''K'' is neither 2 nor 3, then every elliptic curve over ''K'' can be written in the form
:
after a linear change of variables. Here ''p'' and ''q'' are elements of ''K'' such that the right hand side polynomial ''x''
3 − ''px'' − ''q'' does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of the form
:
for arbitrary constants ''b''
2, ''b''
4, ''b''
6 such that the polynomial on the right-hand side has distinct roots (the notation is chosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is
:
provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation would reduce to the previous ones by a suitable linear change of variables.
One typically takes the curve to be the set of all points (''x'',''y'') which satisfy the above equation and such that both ''x'' and ''y'' are elements of the
algebraic closure
In mathematics, particularly abstract algebra, an algebraic closure of a field ''K'' is an algebraic extension of ''K'' that is algebraically closed. It is one of many closures in mathematics.
Using Zorn's lemmaMcCarthy (1991) p.21Kaplansky ( ...
of ''K''. Points of the curve whose coordinates both belong to ''K'' are called ''K''-rational points.
Many of the preceding results remain valid when the field of definition of ''E'' is a
number field
In mathematics, an algebraic number field (or simply number field) is an extension field K of the field of rational numbers such that the field extension K / \mathbb has finite degree (and hence is an algebraic field extension).
Thus K is a f ...
''K'', that is to say, a finite
field extension of Q. In particular, the group ''E(K)'' of ''K''-rational points of an elliptic curve ''E'' defined over ''K'' is finitely generated, which generalizes the Mordell–Weil theorem above. A theorem due to
Loïc Merel shows that for a given integer ''d'', there are (
up to isomorphism) only finitely many groups that can occur as the torsion groups of ''E''(''K'') for an elliptic curve defined over a number field ''K'' of
degree ''d''. More precisely, there is a number ''B''(''d'') such that for any elliptic curve ''E'' defined over a number field ''K'' of degree ''d'', any torsion point of ''E''(''K'') is of
order less than ''B''(''d''). The theorem is effective: for ''d'' > 1, if a torsion point is of order ''p'', with ''p'' prime, then
:
As for the integral points, Siegel's theorem generalizes to the following: Let ''E'' be an elliptic curve defined over a number field ''K'', ''x'' and ''y'' the Weierstrass coordinates. Then there are only finitely many points of ''E(K)'' whose ''x''-coordinate is in the
ring of integers ''O''
''K''.
The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extended to this more general situation.
Elliptic curves over the complex numbers
The formulation of elliptic curves as the embedding of a
torus
In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle.
If the axis of revolution does not tou ...
in the
complex projective plane
In mathematics, the complex projective plane, usually denoted P2(C), is the two-dimensional complex projective space. It is a complex manifold of complex dimension 2, described by three complex coordinates
:(Z_1,Z_2,Z_3) \in \mathbf^3,\qquad (Z_1, ...
follows naturally from a curious property of
Weierstrass's elliptic functions. These functions and their first derivative are related by the formula
:
Here, and are constants; is the
Weierstrass elliptic function and its derivative. It should be clear that this relation is in the form of an elliptic curve (over the
complex number
In mathematics, a complex number is an element of a number system that extends the real numbers with a specific element denoted , called the imaginary unit and satisfying the equation i^= -1; every complex number can be expressed in the fo ...
s). The Weierstrass functions are doubly periodic; that is, they are
periodic with respect to a
lattice
Lattice may refer to:
Arts and design
* Latticework, an ornamental criss-crossed framework, an arrangement of crossing laths or other thin strips of material
* Lattice (music), an organized grid model of pitch ratios
* Lattice (pastry), an orna ...
; in essence, the Weierstrass functions are naturally defined on a torus . This torus may be embedded in the complex projective plane by means of the map
: