HOME

TheInfoList



OR:

In mathematics, an elliptic curve is a
smooth Smooth may refer to: Mathematics * Smooth function, a function that is infinitely differentiable; used in calculus and topology * Smooth manifold, a differentiable manifold for which all the transition maps are smooth functions * Smooth algebrai ...
, projective,
algebraic curve In mathematics, an affine algebraic plane curve is the zero set of a polynomial in two variables. A projective algebraic plane curve is the zero set in a projective plane of a homogeneous polynomial in three variables. An affine algebraic plane ...
of
genus Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a
plane algebraic curve In mathematics, an affine algebraic plane curve is the zero set of a polynomial in two variables. A projective algebraic plane curve is the zero set in a projective plane of a homogeneous polynomial in three variables. An affine algebraic plane c ...
which consists of solutions for: :y^2 = x^3 + ax + b for some coefficients and in . The curve is required to be
non-singular In the mathematical field of algebraic geometry, a singular point of an algebraic variety is a point that is 'special' (so, singular), in the geometric sense that at this point the tangent space at the variety may not be regularly defined. In ca ...
, which means that the curve has no cusps or self-intersections. (This is equivalent to the condition , that is, being
square-free {{no footnotes, date=December 2015 In mathematics, a square-free element is an element ''r'' of a unique factorization domain ''R'' that is not divisible by a non-trivial square. This means that every ''s'' such that s^2\mid r is a unit of ''R''. A ...
in .) It is always understood that the curve is really sitting in the
projective plane In mathematics, a projective plane is a geometric structure that extends the concept of a plane. In the ordinary Euclidean plane, two lines typically intersect in a single point, but there are some pairs of lines (namely, parallel lines) that d ...
, with the point being the unique
point at infinity In geometry, a point at infinity or ideal point is an idealized limiting point at the "end" of each line. In the case of an affine plane (including the Euclidean plane), there is one ideal point for each pencil of parallel lines of the plane. Ad ...
. Many sources define an elliptic curve to be simply a curve given by an equation of this form. (When the coefficient field has characteristic 2 or 3, the above equation is not quite general enough to include all non-singular cubic curves; see below.) An elliptic curve is an abelian variety – that is, it has a group law defined algebraically, with respect to which it is an
abelian group In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
– and serves as the identity element. If , where is any polynomial of degree three in with no repeated roots, the solution set is a nonsingular plane curve of
genus Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
one, an elliptic curve. If has degree four and is
square-free {{no footnotes, date=December 2015 In mathematics, a square-free element is an element ''r'' of a unique factorization domain ''R'' that is not divisible by a non-trivial square. This means that every ''s'' such that s^2\mid r is a unit of ''R''. A ...
this equation again describes a plane curve of genus one; however, it has no natural choice of identity element. More generally, any algebraic curve of genus one, for example the intersection of two quadric surfaces embedded in three-dimensional projective space, is called an elliptic curve, provided that it is equipped with a marked point to act as the identity. Using the theory of elliptic functions, it can be shown that elliptic curves defined over the
complex number In mathematics, a complex number is an element of a number system that extends the real numbers with a specific element denoted , called the imaginary unit and satisfying the equation i^= -1; every complex number can be expressed in the fo ...
s correspond to embeddings of the
torus In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle. If the axis of revolution does not tou ...
into the
complex projective plane In mathematics, the complex projective plane, usually denoted P2(C), is the two-dimensional complex projective space. It is a complex manifold of complex dimension 2, described by three complex coordinates :(Z_1,Z_2,Z_3) \in \mathbf^3,\qquad (Z_1, ...
. The torus is also an
abelian group In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
, and this correspondence is also a group isomorphism. Elliptic curves are especially important in
number theory Number theory (or arithmetic or higher arithmetic in older usage) is a branch of pure mathematics devoted primarily to the study of the integers and integer-valued functions. German mathematician Carl Friedrich Gauss (1777–1855) said, "Mat ...
, and constitute a major area of current research; for example, they were used in Andrew Wiles's proof of Fermat's Last Theorem. They also find applications in
elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide ...
(ECC) and integer factorization. An elliptic curve is ''not'' an ellipse in the sense of a projective conic, which has genus zero: see
elliptic integral In integral calculus, an elliptic integral is one of a number of related functions defined as the value of certain integrals, which were first studied by Giulio Fagnano and Leonhard Euler (). Their name originates from their originally arising in ...
for the origin of the term. However, there is a natural representation of real elliptic curves with shape invariant as ellipses in the hyperbolic plane \mathbb^2. Specifically, the intersections of the Minkowski hyperboloid with quadric surfaces characterized by a certain constant-angle property produce the Steiner ellipses in \mathbb^2 (generated by orientation-preserving collineations). Further, the orthogonal trajectories of these ellipses comprise the elliptic curves with , and any ellipse in \mathbb^2 described as a locus relative to two foci is uniquely the elliptic curve sum of two Steiner ellipses, obtained by adding the pairs of intersections on each orthogonal trajectory. Here, the vertex of the hyperboloid serves as the identity on each trajectory curve. Topologically, a complex elliptic curve is a
torus In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle. If the axis of revolution does not tou ...
, while a complex ellipse is a
sphere A sphere () is a geometrical object that is a three-dimensional analogue to a two-dimensional circle. A sphere is the set of points that are all at the same distance from a given point in three-dimensional space.. That given point is th ...
.


Elliptic curves over the real numbers

Although the formal definition of an elliptic curve requires some background in algebraic geometry, it is possible to describe some features of elliptic curves over the
real number In mathematics, a real number is a number that can be used to measure a ''continuous'' one-dimensional quantity such as a distance, duration or temperature. Here, ''continuous'' means that values can have arbitrarily small variations. Every ...
s using only introductory
algebra Algebra () is one of the broad areas of mathematics. Roughly speaking, algebra is the study of mathematical symbols and the rules for manipulating these symbols in formulas; it is a unifying thread of almost all of mathematics. Elementary ...
and
geometry Geometry (; ) is, with arithmetic, one of the oldest branches of mathematics. It is concerned with properties of space such as the distance, shape, size, and relative position of figures. A mathematician who works in the field of geometry is ...
. In this context, an elliptic curve is a
plane curve In mathematics, a plane curve is a curve in a plane that may be either a Euclidean plane, an affine plane or a projective plane. The most frequently studied cases are smooth plane curves (including piecewise smooth plane curves), and algebraic ...
defined by an equation of the form :y^2 = x^3 + ax + b after a linear change of variables ( and are real numbers). This type of equation is called a Weierstrass equation, and said to be in Weierstrass form, or Weierstrass normal form. The definition of elliptic curve also requires that the curve is
non-singular In the mathematical field of algebraic geometry, a singular point of an algebraic variety is a point that is 'special' (so, singular), in the geometric sense that at this point the tangent space at the variety may not be regularly defined. In ca ...
. Geometrically, this means that the graph has no cusps, self-intersections, or isolated points. Algebraically, this holds if and only if the discriminant, \Delta, is not equal to zero. : \Delta = -16\left(4a^3 + 27b^2\right) \neq 0 (Although the factor −16 is irrelevant to whether or not the curve is non-singular, this definition of the discriminant is useful in a more advanced study of elliptic curves.) The real graph of a non-singular curve has ''two'' components if its discriminant is positive, and ''one'' component if it is negative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in the second case is −368.


The group law

When working in the
projective plane In mathematics, a projective plane is a geometric structure that extends the concept of a plane. In the ordinary Euclidean plane, two lines typically intersect in a single point, but there are some pairs of lines (namely, parallel lines) that d ...
, we can define a
group A group is a number of persons or things that are located, gathered, or classed together. Groups of people * Cultural group, a group whose members share the same cultural identity * Ethnic group, a group whose members share the same ethnic ide ...
structure on any smooth cubic curve. In Weierstrass normal form, such a curve will have an additional point at infinity (the homogeneous coordinates ), which serves as the identity of the group. Since the curve is symmetrical about the -axis, given any point , we can take to be the point opposite it. -O = O, as it is the identity element. If and are two points on the curve, then we can uniquely describe a third point in the following way. First, draw the line that intersects and . This will generally intersect the cubic at a third point, . We then take to be , the point opposite . This definition for addition works except in a few special cases related to the point at infinity and intersection multiplicity. The first is when one of the points is . Here, we define , making the identity of the group. If we only have one point, thus we cannot define the line between them. In this case, we use the tangent line to the curve at this point as our line. In most cases, the tangent will intersect a second point and we can take its opposite. If and are opposites of each other, we define . Lastly, If is an
inflection point In differential calculus and differential geometry, an inflection point, point of inflection, flex, or inflection (British English: inflexion) is a point on a smooth plane curve at which the curvature changes sign. In particular, in the case ...
(a point where the concavity of the curve changes), we take to be itself and is simply the point opposite itself, i.e. itself.
Let be a field over which the curve is defined (that is, the coefficients of the defining equation or equations of the curve are in ) and denote the curve by . Then the -
rational point In number theory and algebraic geometry, a rational point of an algebraic variety is a point whose coordinates belong to a given field. If the field is not mentioned, the field of rational numbers is generally understood. If the field is the fiel ...
s of are the points on whose coordinates all lie in , including the point at infinity. The set of -rational points is denoted by . is a group, because properties of polynomial equations show that if is in , then is also in , and if two of , , are in , then so is the third. Additionally, if is a subfield of , then is a
subgroup In group theory, a branch of mathematics, given a group ''G'' under a binary operation ∗, a subset ''H'' of ''G'' is called a subgroup of ''G'' if ''H'' also forms a group under the operation ∗. More precisely, ''H'' is a subgroup ...
of .


Algebraic interpretation

The above groups can be described algebraically as well as geometrically. Given the curve over the field (whose characteristic we assume to be neither 2 nor 3), and points and on the curve, assume first that (case ''1''). Let be the equation of the line that intersects and , which has the following slope: :s = \frac The line equation and the curve equation intersect at the points , , and , so the equations have identical values at these values. :\left(s x + d\right)^2 = x^3 + ax + b which is equivalent to :x^3 - s^2 x^2 - 2sdx + ax + b - d^2 = 0 Since , , and are solutions, this equation has its roots at exactly the same values as :(x - x_P) (x - x_Q) (x - x_R) = x^3 + (-x_P - x_Q - x_R) x^2 + (x_P x_Q + x_P x_R + x_Q x_R) x - x_P x_Q x_R and so must be the same polynomial. Then
equating the coefficients In mathematics, the method of equating the coefficients is a way of solving a functional equation of two expressions such as polynomials for a number of unknown parameters. It relies on the fact that two expressions are identical precisely when cor ...
of in both equations :-s^2 = (-x_P - x_Q - x_R) and solving for the unknown . :x_R = s^2 - x_P - x_Q follows from the line equation :y_R = y_P + s(x_R - x_P) and this is an element of , because is. If , then there are two options: if (case ''3''), including the case where (case ''4''), then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the -axis. If , then and (case ''2'' using as ). The slope is given by the tangent to the curve at (''x''''P'', ''y''''P''). :\begin s &= \frac\\ x_R &= s^2 - 2x_P\\ y_R &= y_P + s(x_R - x_P) \end


Non-Weierstrass curves

For a cubic curve not in Weierstrass normal form, we can still define a group structure by designating one of its nine inflection points as the identity . In the projective plane, each line will intersect a cubic at three points when accounting for multiplicity. For a point , is defined as the unique third point on the line passing through and . Then, for any and , is defined as where is the unique third point on the line containing and .


Elliptic curves over the rational numbers

A curve ''E'' defined over the field of rational numbers is also defined over the field of real numbers. Therefore, the law of addition (of points with real coordinates) by the tangent and secant method can be applied to ''E''. The explicit formulae show that the sum of two points ''P'' and ''Q'' with rational coordinates has again rational coordinates, since the line joining ''P'' and ''Q'' has rational coefficients. This way, one shows that the set of rational points of ''E'' forms a subgroup of the group of real points of ''E''. As this group, it is an
abelian group In mathematics, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written. That is, the group operation is comm ...
, that is, ''P'' + ''Q'' = ''Q'' + ''P''.


Integral points

This section is concerned with points ''P'' = (''x'', ''y'') of ''E'' such that ''x'' is an integer. For example, the equation ''y''2 = ''x''3 + 17 has eight integral solutions with ''y'' > 0 : :(''x'', ''y'') = (−2, 3), (−1, 4), (2, 5), (4, 9), (8, 23), (43, 282), (52, 375), (, ). As another example, Ljunggren's equation, a curve whose Weierstrass form is ''y''2 = ''x''3 − 2''x'', has only four solutions with ''y'' ≥ 0 : :(''x'', ''y'') = (0, 0), (−1, 1), (2, 2), (338, ).


The structure of rational points

Rational points can be constructed by the method of tangents and secants detailed above, starting with a ''finite'' number of rational points. More precisely the Mordell–Weil theorem states that the group ''E''(Q) is a finitely generated (abelian) group. By the fundamental theorem of finitely generated abelian groups it is therefore a finite direct sum of copies of Z and finite cyclic groups. The proof of the theorem involves two parts. The first part shows that for any integer ''m'' > 1, the quotient group ''E''(Q)/''mE''(Q) is finite (this is the weak Mordell–Weil theorem). Second, introducing a
height function A height function is a function that quantifies the complexity of mathematical objects. In Diophantine geometry, height functions quantify the size of solutions to Diophantine equations and are typically functions from a set of points on algeb ...
''h'' on the rational points ''E''(Q) defined by ''h''(''P''0) = 0 and if ''P'' (unequal to the point at infinity ''P''0) has as
abscissa In common usage, the abscissa refers to the (''x'') coordinate and the ordinate refers to the (''y'') coordinate of a standard two-dimensional graph. The distance of a point from the y-axis, scaled with the x-axis, is called abscissa or x coo ...
the rational number ''x'' = ''p''/''q'' (with
coprime In mathematics, two integers and are coprime, relatively prime or mutually prime if the only positive integer that is a divisor of both of them is 1. Consequently, any prime number that divides does not divide , and vice versa. This is equivale ...
''p'' and ''q''). This height function ''h'' has the property that ''h''(''mP'') grows roughly like the square of ''m''. Moreover, only finitely many rational points with height smaller than any constant exist on ''E''. The proof of the theorem is thus a variant of the method of infinite descent and relies on the repeated application of
Euclidean division In arithmetic, Euclidean division – or division with remainder – is the process of dividing one integer (the dividend) by another (the divisor), in a way that produces an integer quotient and a natural number remainder strictly smaller than ...
s on ''E'': let ''P'' ∈ ''E''(Q) be a rational point on the curve, writing ''P'' as the sum 2''P''1 + ''Q''1 where ''Q''1 is a fixed representant of ''P'' in ''E''(Q)/2''E''(Q), the height of ''P''1 is about of the one of ''P'' (more generally, replacing 2 by any ''m'' > 1, and by ). Redoing the same with ''P''1, that is to say ''P''1 = 2''P''2 + ''Q''2, then ''P''2 = 2''P''3 + ''Q''3, etc. finally expresses ''P'' as an integral linear combination of points ''Qi'' and of points whose height is bounded by a fixed constant chosen in advance: by the weak Mordell–Weil theorem and the second property of the height function ''P'' is thus expressed as an integral linear combination of a finite number of fixed points. The theorem however doesn't provide a method to determine any representatives of ''E''(Q)/''mE''(Q). The
rank Rank is the relative position, value, worth, complexity, power, importance, authority, level, etc. of a person or object within a ranking, such as: Level or position in a hierarchical organization * Academic rank * Diplomatic rank * Hierarchy * ...
of ''E''(Q), that is the number of copies of Z in ''E''(Q) or, equivalently, the number of independent points of infinite order, is called the ''rank'' of ''E''. The
Birch and Swinnerton-Dyer conjecture In mathematics, the Birch and Swinnerton-Dyer conjecture (often called the Birch–Swinnerton-Dyer conjecture) describes the set of rational solutions to equations defining an elliptic curve. It is an open problem in the field of number theory an ...
is concerned with determining the rank. One conjectures that it can be arbitrarily large, even if only examples with relatively small rank are known. The elliptic curve with the currently largest exactly-known rank is :''y''2 + ''xy'' + ''y'' = ''x''3 − ''x''2 − ''x'' + It has rank 20, found by Noam Elkies and Zev Klagsbrun in 2020. Curves of rank higher than 20 have been known since 1994, with lower bounds on their ranks ranging from 21 to 28, but their exact ranks are not known and in particular it is not proven which of them have higher rank than the others or which is the true "current champion". As for the groups constituting the torsion subgroup of ''E''(Q), the following is known: the torsion subgroup of ''E''(Q) is one of the 15 following groups ( a theorem due to Barry Mazur): Z/''N''Z for ''N'' = 1, 2, ..., 10, or 12, or Z/2Z × Z/2''N''Z with ''N'' = 1, 2, 3, 4. Examples for every case are known. Moreover, elliptic curves whose Mordell–Weil groups over Q have the same torsion groups belong to a parametrized family.


The Birch and Swinnerton-Dyer conjecture

The ''Birch and Swinnerton-Dyer conjecture'' (BSD) is one of the Millennium problems of the Clay Mathematics Institute. The conjecture relies on analytic and arithmetic objects defined by the elliptic curve in question. At the analytic side, an important ingredient is a function of a complex variable, ''L'', the Hasse–Weil zeta function of ''E'' over Q. This function is a variant of the Riemann zeta function and
Dirichlet L-function In mathematics, a Dirichlet ''L''-series is a function of the form :L(s,\chi) = \sum_^\infty \frac. where \chi is a Dirichlet character and ''s'' a complex variable with real part greater than 1. It is a special case of a Dirichlet series. By ...
s. It is defined as an
Euler product In number theory, an Euler product is an expansion of a Dirichlet series into an infinite product indexed by prime numbers. The original such product was given for the sum of all positive integers raised to a certain power as proven by Leonhard Eu ...
, with one factor for every
prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...
''p''. For a curve ''E'' over Q given by a minimal equation :y^2 + a_1xy + a_3y = x^3 + a_2x^2 + a_4x + a_6 with integral coefficients a_i, reducing the coefficients modulo ''p'' defines an elliptic curve over the
finite field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
F''p'' (except for a finite number of primes ''p'', where the reduced curve has a singularity and thus fails to be elliptic, in which case ''E'' is said to be of bad reduction at ''p''). The zeta function of an elliptic curve over a finite field F''p'' is, in some sense, a generating function assembling the information of the number of points of ''E'' with values in the finite field extensions F''pn'' of F''p''. It is given by :Z(E(\mathbf_p)) = \exp\left(\sum \# \left (_)\rightfrac\right) The interior sum of the exponential resembles the development of the
logarithm In mathematics, the logarithm is the inverse function to exponentiation. That means the logarithm of a number  to the base  is the exponent to which must be raised, to produce . For example, since , the ''logarithm base'' 10 of ...
and, in fact, the so-defined zeta function is a rational function: :Z(E(\mathbf_p)) = \frac, where the 'trace of Frobenius' term a_p is defined to be the difference between the 'expected' number p+1 and the number of points on the elliptic curve E over \mathbb_p, viz. : a_p = p + 1 - \#E(\mathbb_p) or equivalently, : \#E(\mathbb_p) = 1 - a_p + p . We may define the same quantities and functions over an arbitrary finite field of characteristic p, with q = p^n replacing p everywhere. The
L-function In mathematics, an ''L''-function is a meromorphic function on the complex plane, associated to one out of several categories of mathematical objects. An ''L''-series is a Dirichlet series, usually convergent on a half-plane, that may give ri ...
of ''E'' over Q is then defined by collecting this information together, for all primes ''p''. It is defined by :L(E(\mathbf), s) = \prod_ \left(1 - a_p p^ + p^\right)^ \cdot \prod_ \left(1 - a_p p^\right)^ where ''N'' is the conductor of ''E'', i.e. the product of primes with bad reduction, in which case ''ap'' is defined differently from the method above: see Silverman (1986) below. This product converges for Re(''s'') > 3/2 only. Hasse's conjecture affirms that the ''L''-function admits an
analytic continuation In complex analysis, a branch of mathematics, analytic continuation is a technique to extend the domain of definition of a given analytic function. Analytic continuation often succeeds in defining further values of a function, for example in a n ...
to the whole complex plane and satisfies a
functional equation In mathematics, a functional equation is, in the broadest meaning, an equation in which one or several functions appear as unknowns. So, differential equations and integral equations are functional equations. However, a more restricted meaning ...
relating, for any ''s'', ''L''(''E'', ''s'') to ''L''(''E'', 2 − ''s''). In 1999 this was shown to be a consequence of the proof of the Shimura–Taniyama–Weil conjecture, which asserts that every elliptic curve over ''Q'' is a
modular curve In number theory and algebraic geometry, a modular curve ''Y''(Γ) is a Riemann surface, or the corresponding algebraic curve, constructed as a quotient of the complex upper half-plane H by the action of a congruence subgroup Γ of the modular ...
, which implies that its ''L''-function is the ''L''-function of a modular form whose analytic continuation is known. One can therefore speak about the values of ''L''(''E'', ''s'') at any complex number ''s''. At ''s=1'' (the conductor product can be discarded as it is finite), the L-function becomes :L(E(\mathbf), 1) = \prod_ \left(1 - a_p p^ + p^\right)^ = \prod_ \frac = \prod_\frac The ''Birch and Swinnerton-Dyer conjecture'' relates the arithmetic of the curve to the behaviour of this ''L''-function at ''s'' = 1. It affirms that the vanishing order of the ''L''-function at ''s'' = 1 equals the rank of ''E'' and predicts the leading term of the Laurent series of ''L''(''E'', ''s'') at that point in terms of several quantities attached to the elliptic curve. Much like the Riemann hypothesis, the truth of the BSD conjecture would have multiple consequences, including the following two: * A
congruent number In number theory, a congruent number is a positive integer that is the area of a right triangle with three rational number sides. A more general definition includes all positive rational numbers with this property. The sequence of (integer) c ...
is defined as an odd
square-free integer In mathematics, a square-free integer (or squarefree integer) is an integer which is divisible by no square number other than 1. That is, its prime factorization has exactly one factor for each prime that appears in it. For example, is square-f ...
''n'' which is the area of a right triangle with rational side lengths. It is known that ''n'' is a congruent number if and only if the elliptic curve y^2 = x^3 - n^2x has a rational point of infinite order; assuming BSD, this is equivalent to its ''L''-function having a zero at ''s'' = 1. Tunnell has shown a related result: assuming BSD, ''n'' is a congruent number if and only if the number of triplets of integers (''x'', ''y'', ''z'') satisfying 2x^2 + y^2 + 8z^2 = n is twice the number of triples satisfying 2x^2 + y^2 + 32z^2 = n. The interest in this statement is that the condition is easy to check. *In a different direction, certain analytic methods allow for an estimation of the order of zero in the center of the critical strip for certain ''L''-functions. Admitting BSD, these estimations correspond to information about the rank of families of the corresponding elliptic curves. For example: assuming the
generalized Riemann hypothesis The Riemann hypothesis is one of the most important conjectures in mathematics. It is a statement about the zeros of the Riemann zeta function. Various geometrical and arithmetical objects can be described by so-called global ''L''-functions, whic ...
and BSD, the average rank of curves given by y^2=x^3+ax+b is smaller than 2.


Elliptic curves over finite fields

Let ''K'' = F''q'' be the
finite field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
with ''q'' elements and ''E'' an elliptic curve defined over ''K''. While the precise number of rational points of an elliptic curve ''E'' over ''K'' is in general difficult to compute,
Hasse's theorem on elliptic curves Hasse's theorem on elliptic curves, also referred to as the Hasse bound, provides an estimate of the number of points on an elliptic curve over a finite field, bounding the value both above and below. If ''N'' is the number of points on the ell ...
gives the following inequality: :, \# E(K) - (q + 1), \le 2\sqrt In other words, the number of points on the curve grows proportionally to the number of elements in the field. This fact can be understood and proven with the help of some general theory; see local zeta function and
étale cohomology In mathematics, the étale cohomology groups of an algebraic variety or scheme are algebraic analogues of the usual cohomology groups with finite coefficients of a topological space, introduced by Grothendieck in order to prove the Weil conjectur ...
for example. The set of points ''E''(F''q'') is a finite abelian group. It is always cyclic or the product of two cyclic groups, depending whether ''q'' is even or odd. For example, the curve defined by :y^2 = x^3 - x over F71 has 72 points (71 affine points including (0,0) and one
point at infinity In geometry, a point at infinity or ideal point is an idealized limiting point at the "end" of each line. In the case of an affine plane (including the Euclidean plane), there is one ideal point for each pencil of parallel lines of the plane. Ad ...
) over this field, whose group structure is given by Z/2Z × Z/36Z. The number of points on a specific curve can be computed with
Schoof's algorithm Schoof's algorithm is an efficient algorithm to count points on elliptic curves over finite fields. The algorithm has applications in elliptic curve cryptography where it is important to know the number of points to judge the difficulty of solving t ...
. Studying the curve over the field extensions of F''q'' is facilitated by the introduction of the local zeta function of ''E'' over F''q'', defined by a generating series (also see above) :Z(E(K), T) = \exp \left(\sum_^ \# \left (K_n)\right \right) where the field ''Kn'' is the (unique up to isomorphism) extension of ''K'' = F''q'' of degree ''n'' (that is, F''qn''). The zeta function is a rational function in ''T''. To see this, the integer a_n such that :\#E(K_n) = 1 - a_n + q^n has an associated complex number \alpha such that :\ = 1 - \alpha^n - \bar\alpha^n + q^n where \bar\alpha is the
complex conjugate In mathematics, the complex conjugate of a complex number is the number with an equal real part and an imaginary part equal in magnitude but opposite in sign. That is, (if a and b are real, then) the complex conjugate of a + bi is equal to a - ...
. We choose \alpha so that its absolute value is \sqrt, that is \alpha = q^e^, \bar\alpha = q^e^, and that \cos n\theta=\frac, so that \alpha^n\bar\alpha^n = q^n and \alpha^n+\bar\alpha^n = a_n, or in other words, (1 - \alpha^n)(1 - \bar\alpha^n) = 1 - a_n + q^n. \alpha can then be used in the local zeta function as its values when raised to the various powers of can be said to reasonably approximate the behaviour of a_n. :Z_E(T) = \exp \left(\sum_^ \left(1 - \alpha^n - \bar\alpha^n + q^n\right) \right) :Z_E(T) = \exp \left(\sum_^ - \sum_^\alpha^n - \sum_^\bar\alpha^n + \sum_^q^n \right) :Z_E(T) = \exp \left(-\ln(1-T) + \ln(1-\alpha T) + \ln(1-\bar\alpha T) - \ln(1-qT) \right) :Z_E(T) = \exp \left(\ln\frac \right) :Z_E(T) =\frac Then (1 - \alpha T)(1 - \bar\alpha T) = 1 - aT + qT^2, so finally :Z(E(K), T) = \frac For example, the zeta function of ''E'' : ''y''2 + ''y'' = ''x''3 over the field F2 is given by :\frac which follows from: : \left, E(\mathbf_) \ = \begin 2^r + 1 & r \text \\ 2^r + 1 - 2(-2)^ & r \text \end The
functional equation In mathematics, a functional equation is, in the broadest meaning, an equation in which one or several functions appear as unknowns. So, differential equations and integral equations are functional equations. However, a more restricted meaning ...
is :Z \left(E(K), \frac \right) = \frac= \frac = Z(E(K), T) As we are only interested in the behaviour of a_n, we can use a reduced zeta function :Z(a, T) = \exp \left(\sum_^ -a_n \right) :Z(a, T) = \exp \left(\sum_^ -\alpha^n - \bar\alpha^n \right) and so :Z_a(T) = \exp \left(\ln(1-\alpha T) + \ln(1-\bar\alpha T)\right) which leads directly to the local L-functions :L(E(K), T) = 1 - aT + qT^2 The
Sato–Tate conjecture In mathematics, the Sato–Tate conjecture is a statistical statement about the family of elliptic curves ''Ep'' obtained from an elliptic curve ''E'' over the rational numbers by reduction modulo almost all prime numbers ''p''. Mikio Sato and J ...
is a statement about how the error term 2\sqrt in Hasse's theorem varies with the different primes ''q'', if an elliptic curve E over Q is reduced modulo q. It was proven (for almost all such curves) in 2006 due to the results of Taylor, Harris and Shepherd-Barron, and says that the error terms are equidistributed. Elliptic curves over finite fields are notably applied in
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
and for the
factorization In mathematics, factorization (or factorisation, see English spelling differences) or factoring consists of writing a number or another mathematical object as a product of several ''factors'', usually smaller or simpler objects of the same kind ...
of large integers. These algorithms often make use of the group structure on the points of ''E''. Algorithms that are applicable to general groups, for example the group of invertible elements in finite fields, F*''q'', can thus be applied to the group of points on an elliptic curve. For example, the discrete logarithm is such an algorithm. The interest in this is that choosing an elliptic curve allows for more flexibility than choosing ''q'' (and thus the group of units in F''q''). Also, the group structure of elliptic curves is generally more complicated.


Elliptic curves over a general field

Elliptic curves can be defined over any field ''K''; the formal definition of an elliptic curve is a non-singular projective algebraic curve over ''K'' with
genus Genus ( plural genera ) is a taxonomic rank used in the biological classification of living and fossil organisms as well as viruses. In the hierarchy of biological classification, genus comes above species and below family. In binomial nom ...
1 and endowed with a distinguished point defined over ''K''. If the characteristic of ''K'' is neither 2 nor 3, then every elliptic curve over ''K'' can be written in the form :y^2 = x^3 - px - q after a linear change of variables. Here ''p'' and ''q'' are elements of ''K'' such that the right hand side polynomial ''x''3 − ''px'' − ''q'' does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of the form :y^2 = 4x^3 + b_2 x^2 + 2b_4 x + b_6 for arbitrary constants ''b''2, ''b''4, ''b''6 such that the polynomial on the right-hand side has distinct roots (the notation is chosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is :y^2 + a_1 xy + a_3 y = x^3 + a_2 x^2 + a_4 x + a_6 provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation would reduce to the previous ones by a suitable linear change of variables. One typically takes the curve to be the set of all points (''x'',''y'') which satisfy the above equation and such that both ''x'' and ''y'' are elements of the
algebraic closure In mathematics, particularly abstract algebra, an algebraic closure of a field ''K'' is an algebraic extension of ''K'' that is algebraically closed. It is one of many closures in mathematics. Using Zorn's lemmaMcCarthy (1991) p.21Kaplansky ( ...
of ''K''. Points of the curve whose coordinates both belong to ''K'' are called ''K''-rational points. Many of the preceding results remain valid when the field of definition of ''E'' is a
number field In mathematics, an algebraic number field (or simply number field) is an extension field K of the field of rational numbers such that the field extension K / \mathbb has finite degree (and hence is an algebraic field extension). Thus K is a f ...
''K'', that is to say, a finite field extension of Q. In particular, the group ''E(K)'' of ''K''-rational points of an elliptic curve ''E'' defined over ''K'' is finitely generated, which generalizes the Mordell–Weil theorem above. A theorem due to Loïc Merel shows that for a given integer ''d'', there are ( up to isomorphism) only finitely many groups that can occur as the torsion groups of ''E''(''K'') for an elliptic curve defined over a number field ''K'' of degree ''d''. More precisely, there is a number ''B''(''d'') such that for any elliptic curve ''E'' defined over a number field ''K'' of degree ''d'', any torsion point of ''E''(''K'') is of order less than ''B''(''d''). The theorem is effective: for ''d'' > 1, if a torsion point is of order ''p'', with ''p'' prime, then :p < d^ As for the integral points, Siegel's theorem generalizes to the following: Let ''E'' be an elliptic curve defined over a number field ''K'', ''x'' and ''y'' the Weierstrass coordinates. Then there are only finitely many points of ''E(K)'' whose ''x''-coordinate is in the ring of integers ''O''''K''. The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extended to this more general situation.


Elliptic curves over the complex numbers

The formulation of elliptic curves as the embedding of a
torus In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle. If the axis of revolution does not tou ...
in the
complex projective plane In mathematics, the complex projective plane, usually denoted P2(C), is the two-dimensional complex projective space. It is a complex manifold of complex dimension 2, described by three complex coordinates :(Z_1,Z_2,Z_3) \in \mathbf^3,\qquad (Z_1, ...
follows naturally from a curious property of Weierstrass's elliptic functions. These functions and their first derivative are related by the formula :\wp'(z)^2 = 4\wp(z)^3 -g_2\wp(z) - g_3 Here, and are constants; is the Weierstrass elliptic function and its derivative. It should be clear that this relation is in the form of an elliptic curve (over the
complex number In mathematics, a complex number is an element of a number system that extends the real numbers with a specific element denoted , called the imaginary unit and satisfying the equation i^= -1; every complex number can be expressed in the fo ...
s). The Weierstrass functions are doubly periodic; that is, they are periodic with respect to a
lattice Lattice may refer to: Arts and design * Latticework, an ornamental criss-crossed framework, an arrangement of crossing laths or other thin strips of material * Lattice (music), an organized grid model of pitch ratios * Lattice (pastry), an orna ...
; in essence, the Weierstrass functions are naturally defined on a torus . This torus may be embedded in the complex projective plane by means of the map :z \mapsto \left : \wp(z) : \tfrac12\wp'(z)\right/math> This map is a group isomorphism of the torus (considered with its natural group structure) with the chord-and-tangent group law on the cubic curve which is the image of this map. It is also an isomorphism of
Riemann surface In mathematics, particularly in complex analysis, a Riemann surface is a connected one-dimensional complex manifold. These surfaces were first studied by and are named after Bernhard Riemann. Riemann surfaces can be thought of as deformed ver ...
s from the torus to the cubic curve, so topologically, an elliptic curve is a torus. If the lattice is related by multiplication by a non-zero complex number to a lattice , then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the -invariant. The isomorphism classes can be understood in a simpler way as well. The constants and , called the modular invariants, are uniquely determined by the lattice, that is, by the structure of the torus. However, all real polynomials factorize completely into linear factors over the complex numbers, since the field of complex numbers is the
algebraic closure In mathematics, particularly abstract algebra, an algebraic closure of a field ''K'' is an algebraic extension of ''K'' that is algebraically closed. It is one of many closures in mathematics. Using Zorn's lemmaMcCarthy (1991) p.21Kaplansky ( ...
of the reals. So, the elliptic curve may be written as :y^2 = x(x - 1)(x - \lambda) One finds that :\begin g_2' &= \frac \left(\lambda^2 - \lambda + 1\right) \\ ptg_3' &= \frac (\lambda + 1)\left(2\lambda^2 - 5\lambda + 2\right) \end and :j(\tau) = 1728\frac = 256\frac with -invariant and is sometimes called the modular lambda function. For example, let , then which implies , , and therefore of the formula above are all
algebraic numbers An algebraic number is a number that is a root of a non-zero polynomial in one variable with integer (or, equivalently, rational) coefficients. For example, the golden ratio, (1 + \sqrt)/2, is an algebraic number, because it is a root of the po ...
if involves an
imaginary quadratic field In algebraic number theory, a quadratic field is an algebraic number field of degree two over \mathbf, the rational numbers. Every such quadratic field is some \mathbf(\sqrt) where d is a (uniquely defined) square-free integer different from 0 ...
. In fact, it yields the integer . In contrast, the
modular discriminant In mathematics, the Weierstrass elliptic functions are elliptic functions that take a particularly simple form. They are named for Karl Weierstrass. This class of functions are also referred to as ℘-functions and they are usually denoted by the ...
:\Delta(\tau) = g_2(\tau)^3 - 27g_3(\tau)^2 = (2\pi)^\,\eta^(\tau) is generally a
transcendental number In mathematics, a transcendental number is a number that is not algebraic—that is, not the root of a non-zero polynomial of finite degree with rational coefficients. The best known transcendental numbers are and . Though only a few classes ...
. In particular, the value of the
Dedekind eta function In mathematics, the Dedekind eta function, named after Richard Dedekind, is a modular form of weight 1/2 and is a function defined on the upper half-plane of complex numbers, where the imaginary part is positive. It also occurs in bosonic string ...
is :\eta(2i)=\frac Note that the
uniformization theorem In mathematics, the uniformization theorem says that every simply connected Riemann surface is conformally equivalent to one of three Riemann surfaces: the open unit disk, the complex plane, or the Riemann sphere. The theorem is a generalization ...
implies that every compact Riemann surface of genus one can be represented as a torus. This also allows an easy understanding of the torsion points on an elliptic curve: if the lattice is spanned by the fundamental periods and , then the -torsion points are the (equivalence classes of) points of the form : \frac \omega_1 + \frac \omega_2 for integers and in the range . If :E : y^2=4(x-e_1)(x-e_2)(x-e_3) is an elliptic curve over the complex numbers and :a_0=\sqrt, \qquad b_0=\sqrt, \qquad c_0=\sqrt, then a pair of fundamental periods of can be calculated very rapidly by :\omega_1=\frac, \qquad \omega_2=\frac is the arithmetic–geometric mean of and . At each step of the arithmetic–geometric mean iteration, the signs of arising from the ambiguity of geometric mean iterations are chosen such that where and denote the individual arithmetic mean and geometric mean iterations of and , respectively. When , there is an additional condition that . Over the complex numbers, every elliptic curve has nine
inflection point In differential calculus and differential geometry, an inflection point, point of inflection, flex, or inflection (British English: inflexion) is a point on a smooth plane curve at which the curvature changes sign. In particular, in the case ...
s. Every line through two of these points also passes through a third inflection point; the nine points and 12 lines formed in this way form a realization of the
Hesse configuration In geometry, the Hesse configuration, introduced by Colin Maclaurin and studied by , is a configuration of 9 points and 12 lines with three points per line and four lines through each point. It can be realized in the complex projective plane as t ...
.


Algorithms that use elliptic curves

Elliptic curves over finite fields are used in some cryptographic applications as well as for integer factorization. Typically, the general idea in these applications is that a known
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. For more see also: *
Elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide ...
* Elliptic-curve Diffie–Hellman key exchange * Supersingular isogeny key exchange *
Elliptic curve digital signature algorithm In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the b ...
* EdDSA digital signature algorithm *
Dual EC DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public crit ...
random number generator *
Lenstra elliptic-curve factorization The Lenstra elliptic-curve factorization or the elliptic-curve factorization method (ECM) is a fast, sub- exponential running time, algorithm for integer factorization, which employs elliptic curves. For general-purpose factoring, ECM is the th ...
*
Elliptic curve primality proving In mathematics, elliptic curve primality testing techniques, or elliptic curve primality proving (ECPP), are among the quickest and most widely used methods in primality proving. It is an idea put forward by Shafi Goldwasser and Joe Kilian in 1986 ...


Alternative representations of elliptic curves

* Hessian curve *
Edwards curve In mathematics, the Edwards curves are a family of elliptic curves studied by Harold Edwards in 2007. The concept of elliptic curves over finite fields is widely used in elliptic curve cryptography. Applications of Edwards curves to cryptograp ...
* Twisted curve * Twisted Hessian curve *
Twisted Edwards curve In algebraic geometry, the twisted Edwards curves are plane models of elliptic curves, a generalisation of Edwards curves introduced by Bernstein, Birkner, Joye, Lange and Peters in 2008. The curve set is named after mathematician Harold M. Edw ...
* Doubling-oriented Doche–Icart–Kohel curve * Tripling-oriented Doche–Icart–Kohel curve * Jacobian curve * Montgomery curve


See also

*
Arithmetic dynamics Arithmetic dynamics is a field that amalgamates two areas of mathematics, dynamical systems and number theory. Classically, discrete dynamics refers to the study of the iteration of self-maps of the complex plane or real line. Arithmetic dynamics is ...
*
Elliptic algebra In algebra, an elliptic algebra is a certain regular algebra of a Gelfand–Kirillov dimension three ( quantum polynomial ring in three variables) that corresponds to a cubic divisor in the projective space P2. If the cubic divisor happens to be a ...
* Elliptic surface * Comparison of computer algebra systems * Isogeny * j-line *
Level structure (algebraic geometry) In algebraic geometry, a level structure on a space ''X'' is an extra structure attached to ''X'' that shrinks or eliminates the automorphism group of ''X'', by demanding automorphisms to preserve the level structure; attaching a level structure is ...
*
Modularity theorem The modularity theorem (formerly called the Taniyama–Shimura conjecture, Taniyama-Weil conjecture or modularity conjecture for elliptic curves) states that elliptic curves over the field of rational numbers are related to modular forms. And ...
*
Moduli stack of elliptic curves In mathematics, the moduli stack of elliptic curves, denoted as \mathcal_ or \mathcal_, is an algebraic stack over \text(\mathbb) classifying elliptic curves. Note that it is a special case of the moduli stack of algebraic curves \mathcal_. In part ...
* Nagell–Lutz theorem *
Riemann–Hurwitz formula In mathematics, the Riemann–Hurwitz formula, named after Bernhard Riemann and Adolf Hurwitz, describes the relationship of the Euler characteristics of two surfaces when one is a ''ramified covering'' of the other. It therefore connects ramif ...
*
Wiles's proof of Fermat's Last Theorem Wiles's proof of Fermat's Last Theorem is a proof by British mathematician Andrew Wiles of a special case of the modularity theorem for elliptic curves. Together with Ribet's theorem, it provides a proof for Fermat's Last Theorem. Both Ferma ...


Notes


References

Serge Lang, in the introduction to the book cited below, stated that "It is possible to write endlessly on elliptic curves. (This is not a threat.)" The following short list is thus at best a guide to the vast expository literature available on the theoretical, algorithmic, and cryptographic aspects of elliptic curves. * * , winner of the MAA writing prize the George Pólya Award * * * * Chapter XXV * * * * * * * * * * * * * *


External links


LMFDB: Database of Elliptic Curves over Q
* *
The Arithmetic of elliptic curves
from PlanetMath
Interactive elliptic curve over R
an
over Zp
– web application that requires HTML5 capable browser. {{DEFAULTSORT:Elliptic Curve Analytic number theory Group theory