Elliptic curve

In mathematics, an elliptic curve is a Smoothness, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions for:

$y^2\; =\; x^3\; +\; ax\; +\; b$

for some coefficients and in . The curve is required to be non-singular, which means that the curve has no cusps or self-intersections. (This is equivalent to the condition , that is, being square-free in .) It is always understood that the curve is really sitting in the projective plane, with the point being the unique point at infinity. Many sources define an elliptic curve to be simply a curve given by an equation of this form. (When the coefficient field has characteristic 2 or 3, the above equation is not quite general enough to include all non-singular cubic curves; see below.)

An elliptic curve is an abelian variety – that is, it has a group law defined algebraically, with respect to which it is an abelian group – and serves as the identity element.

If , where is any polynomial of degree three in with no repeated roots, the solution set is a nonsingular plane curve of genus one, an elliptic curve. If has degree four and is square-free this equation again describes a plane curve of genus one; however, it has no natural choice of identity element. More generally, any algebraic curve of genus one, for example the intersection of two quadric surfaces embedded in three-dimensional projective space, is called an elliptic curve, provided that it is equipped with a marked point to act as the identity.

Using the theory of elliptic functions, it can be shown that elliptic curves defined over the correspond to embeddings of the torus into the complex projective plane. The torus is also an abelian group, and this correspondence is also a group isomorphism.

Elliptic curves are especially important in number theory, and constitute a major area of current research; for example, they were used in Andrew Wiles's proof of Fermat's Last Theorem. They also find applications in elliptic curve cryptography (ECC) and integer factorization.

An elliptic curve is not an ellipse in the sense of a projective conic, which has genus zero: see elliptic integral for the origin of the term. However, there is a natural representation of real elliptic curves with shape invariant as ellipses in the hyperbolic plane $\backslash mathbb\{H\}^2$. Specifically, the intersections of the Minkowski hyperboloid with quadric surfaces characterized by a certain constant-angle property produce the Steiner ellipses in $\backslash mathbb\{H\}^2$ (generated by orientation-preserving collineations). Further, the orthogonal trajectories of these ellipses comprise the elliptic curves with , and any ellipse in $\backslash mathbb\{H\}^2$ described as a locus relative to two foci is uniquely the elliptic curve sum of two Steiner ellipses, obtained by adding the pairs of intersections on each orthogonal trajectory. Here, the vertex of the hyperboloid serves as the identity on each trajectory curve.

Topologically, a complex elliptic curve is a torus, while a complex ellipse is a sphere.

---

Elliptic curves over the real numbers Although the formal definition of an elliptic curve requires some background in algebraic geometry, it is possible to describe some features of elliptic curves over the using only introductory algebra and geometry.

In this context, an elliptic curve is a plane curve defined by an equation of the form

$y^2\; =\; x^3\; +\; ax\; +\; b$

after a linear change of variables ( and are real numbers). This type of equation is called a Weierstrass equation, and said to be in Weierstrass form, or Weierstrass normal form.

The definition of elliptic curve also requires that the curve be non-singular. Geometrically, this means that the graph has no cusps, self-intersections, or Isolated point. Algebraically, this holds if and only if the discriminant, $\backslash Delta$, is not equal to zero.

$\backslash Delta\; =\; -16\backslash left(4a^3\; +\; 27b^2\backslash right)\; \backslash neq\; 0$

The discriminant is zero when $a=-3k^2,\; b=2k^3$ for some real $k$.

(Although the factor −16 is irrelevant to whether or not the curve is non-singular, this definition of the discriminant is useful in a more advanced study of elliptic curves.)

The real graph of a non-singular curve has two components if its discriminant is positive, and one component if it is negative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in the second case is −368. Following the convention at Conic section#Discriminant, elliptic curves require that the discriminant is negative.

---

Group law When working in the projective plane, the equation in homogeneous coordinates becomes

$\backslash frac\{Y^2\}\{Z^2\}\; =\; \backslash frac\{X^3\}\{Z^3\}\; +\; a\backslash frac\{X\}\{Z\}\; +\; b.$

This equation is not defined on the line at infinity, but we can multiply by $Z^3$ to get one that is:

$ZY^2\; =\; X^3\; +\; aZ^2X\; +\; bZ^3.$

This resulting equation is defined on the whole projective plane, and the curve it defines projects onto the elliptic curve of interest. To find its intersection with the line at infinity, we can just posit $Z\; =\; 0$. This implies $X^3\; =\; 0$, which in a field means $X\; =\; 0$. $Y$ on the other hand can take any value, and thus all triplets $(0,Y,0)$ satisfy the equation. In projective geometry this set is simply the point $O\; =\; 0:1:0$, which is thus the unique intersection of the curve with the line at infinity.

Since the curve is smooth, hence continuous, it can be shown that this point at infinity is the identity element of a group structure whose operation is geometrically described as follows:

Since the curve is symmetric about the axis, given any point , we can take to be the point opposite it. We then have $-O\; =\; O$, as $O$ lies on the plane, so that $-O$ is also the symmetrical of $O$ about the origin, and thus represents the same projective point.

If and are two points on the curve, then we can uniquely describe a third point in the following way. First, draw the line that intersects and . This will generally intersect the cubic at a third point, . We then take to be , the point opposite .

This definition for addition works except in a few special cases related to the point at infinity and intersection multiplicity. The first is when one of the points is . Here, we define , making the identity of the group. If , we only have one point, thus we cannot define the line between them. In this case, we use the tangent line to the curve at this point as our line. In most cases, the tangent will intersect a second point , and we can take its opposite. If and are opposites of each other, we define . Lastly, if is an inflection point (a point where the concavity of the curve changes), we take to be itself, and is simply the point opposite itself, i.e. itself.

Let be a field over which the curve is defined (that is, the coefficients of the defining equation or equations of the curve are in ) and denote the curve by . Then the - of are the points on whose coordinates all lie in , including the point at infinity. The set of -rational points is denoted by . is a group, because properties of polynomial equations show that if is in , then is also in , and if two of , , are in , then so is the third. Additionally, if is a subfield of , then is a subgroup of .

---

Algebraic interpretation The above groups can be described algebraically as well as geometrically. Given the curve over the field (whose Prime subfield we assume to be neither 2 nor 3), and points and on the curve, assume first that (case 1). Let be the equation of the line that intersects and , which has the following slope:

$s\; =\; \backslash frac\{y\_P\; -\; y\_Q\}\{x\_P\; -\; x\_Q\}.$

The line equation and the curve equation intersect at the points , , and , so the equations have identical values at these values.

$(sx\; +\; d)^2\; =\; x^3\; +\; bx\; +\; c,$

which is equivalent to

$x^3\; -\; s^2\; x^2\; -\; 2sdx\; +\; bx\; +\; c\; -\; d^2\; =\; 0.$

Since , , and are solutions, this equation has its roots at exactly the same values as

$(x\; -\; x\_P)\; (x\; -\; x\_Q)\; (x\; -\; x\_R)\; =\; x^3\; +\; (-x\_P\; -\; x\_Q\; -\; x\_R)\; x^2\; +\; (x\_P\; x\_Q\; +\; x\_P\; x\_R\; +\; x\_Q\; x\_R)\; x\; -\; x\_P\; x\_Q\; x\_R,$

and because both equations are cubics, they must be the same polynomial up to a scalar. Then equating the coefficients of in both equations

$-s^2\; =\; (-x\_P\; -\; x\_Q\; -\; x\_R)$

and solving for the unknown ,

$x\_R\; =\; s^2\; -\; x\_P\; -\; x\_Q.$

follows from the line equation
     

$y\_R\; =\; y\_P\; -\; s(x\_P\; -\; x\_R),$

and this is an element of , because is.

If , then there are two options: if (case 3), including the case where (case 4), then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the  axis.

If , then and (case 2 using as ). The slope is given by the tangent to the curve at ( x _P, y _P).

$\backslash begin\{align\}$

   s &= \frac{3{x_P}^2 + b}{2y_P}, \\
 x_R &= s^2 - 2x_P, \\
 y_R &= y_P - s(x_P - x_R).
     

\end{align}

A more general expression for $s$ that works in both case 1 and case 2 is

as $q=2$, then $|E|=2^1+1=3=1-a+2$, so $a=0$.

The functional equation is

$Z\; \backslash left(E(K),\; \backslash frac\{1\}\{qT\}\; \backslash right)\; =\; \backslash frac\{1\; -\; a\backslash frac\{1\}\{qT\}\; +\; q\backslash left(\backslash frac\{1\}\{qT\}\backslash right)^2\}\{(1\; -\; q\backslash frac\{1\}\{qT\})(1\; -\; \backslash frac\{1\}\{qT\})\}=\; \backslash frac\{q^2T^2\; -\; aqT\; +\; q\}\{(qT\; -\; q)(qT\; -\; 1)\}\; =\; Z(E(K),\; T)$

As we are only interested in the behaviour of $a\_n$, we can use a reduced zeta function

$Z(a,\; T)\; =\; \backslash exp\; \backslash left(\backslash sum\_\{n=1\}^\{\backslash infty\}\; -a\_n\; \{T^n\backslash over\; n\}\; \backslash right)$

$Z(a,\; T)\; =\; \backslash exp\; \backslash left(\backslash sum\_\{n=1\}^\{\backslash infty\}\; -\backslash alpha^n\; \{T^n\backslash over\; n\}\; -\; \backslash bar\backslash alpha^n\; \{T^n\backslash over\; n\}\; \backslash right)$

and so

$Z(a,\; T)\; =\; \backslash exp\; \backslash left(\backslash ln(1-\backslash alpha\; T)\; +\; \backslash ln(1-\backslash bar\backslash alpha\; T)\backslash right)$

which leads directly to the local L-functions

$L(E(K),\; T)\; =\; 1\; -\; aT\; +\; qT^2$

The Sato–Tate conjecture is a statement about how the error term $2\backslash sqrt\{q\}$ in Hasse's theorem varies with the different primes q, if an elliptic curve E over Q is reduced modulo q. It was proven (for almost all such curves) in 2006 due to the results of Taylor, Harris and Shepherd-Barron, and says that the error terms are equidistributed.

Elliptic curves over finite fields are notably applied in cryptography and for the factorization of large integers. These algorithms often make use of the group structure on the points of E. Algorithms that are applicable to general groups, for example the group of invertible elements in finite fields, F* _q, can thus be applied to the group of points on an elliptic curve. For example, the discrete logarithm is such an algorithm. The interest in this is that choosing an elliptic curve allows for more flexibility than choosing q (and thus the group of units in F _q). Also, the group structure of elliptic curves is generally more complicated.

---

Elliptic curves over a general field Elliptic curves can be defined over any field K; the formal definition of an elliptic curve is a non-singular projective algebraic curve over K with genus 1 and endowed with a distinguished point defined over K.

If the characteristic of K is neither 2 nor 3, then every elliptic curve over K can be written in the form

$y^2\; =\; x^3\; -\; px\; -\; q$

after a linear change of variables. Here p and q are elements of K such that the right hand side polynomial x³ − px − q does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of the form

$y^2\; =\; x^3\; +\; b\_2\; x^2\; -\; b\_4\; x\; +\; b\_6$

for arbitrary constants b₂, b₄, b₆ such that the polynomial on the right-hand side has distinct roots (the notation is chosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is

$y^2\; +\; a\_1\; xy\; +\; a\_3\; y\; =\; x^3\; +\; a\_2\; x^2\; +\; a\_4\; x\; +\; a\_6$

provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation would reduce to the previous ones by a suitable linear change of variables.

One typically takes the curve to be the set of all points ( x, y) which satisfy the above equation and such that both x and y are elements of the algebraic closure of K. Points of the curve whose coordinates both belong to K are called K-rational points.

Many of the preceding results remain valid when the field of definition of E is a number field K, that is to say, a finite field extension of Q. In particular, the group E(K) of K-rational points of an elliptic curve E defined over K is finitely generated, which generalizes the Mordell–Weil theorem above. A theorem due to Loïc Merel shows that for a given integer d, there are (up to isomorphism) only finitely many groups that can occur as the torsion groups of E( K) for an elliptic curve defined over a number field K of degree d. More precisely, there is a number B( d) such that for any elliptic curve E defined over a number field K of degree d, any torsion point of E( K) is of order less than B( d). The theorem is effective: for d > 1, if a torsion point is of order p, with p prime, then

As for the integral points, Siegel's theorem generalizes to the following: Let E be an elliptic curve defined over a number field K, x and y the Weierstrass coordinates. Then there are only finitely many points of E(K) whose x-coordinate is in the ring of integers O _K.

The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extended to this more general situation.

---

Elliptic curves over the complex numbers The formulation of elliptic curves as the embedding of a torus in the complex projective plane follows naturally from a curious property of Weierstrass's elliptic functions. These functions and their first derivative are related by the formula

$\backslash wp\text{'}(z)^2\; =\; 4\backslash wp(z)^3\; -g\_2\backslash wp(z)\; -\; g\_3$

Here, and are constants; is the Weierstrass elliptic function and its derivative. It should be clear that this relation is in the form of an elliptic curve (over the ). The Weierstrass functions are doubly periodic; that is, they are periodic with respect to a lattice ; in essence, the Weierstrass functions are naturally defined on a torus . This torus may be embedded in the complex projective plane by means of the map

$z\; \backslash mapsto\; \backslash left1$

This map is a group isomorphism of the torus (considered with its natural group structure) with the chord-and-tangent group law on the cubic curve which is the image of this map. It is also an isomorphism of from the torus to the cubic curve, so topologically, an elliptic curve is a torus. If the lattice is related by multiplication by a non-zero complex number to a lattice , then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the j-invariant.

The isomorphism classes can be understood in a simpler way as well. The constants and , called the j-invariant, are uniquely determined by the lattice, that is, by the structure of the torus. However, all real polynomials factorize completely into linear factors over the complex numbers, since the field of complex numbers is the algebraic closure of the reals. So, the elliptic curve may be written as

$y^2\; =\; x(x\; -\; 1)(x\; -\; \backslash lambda)$

One finds that

$\backslash begin\{align\}$

g_2' &= \frac{\sqrt34}{3} \left(\lambda^2 - \lambda + 1\right) \\4pt g_3' &= \frac{1}{27} (\lambda + 1)\left(2\lambda^2 - 5\lambda + 2\right) \end{align}

and

$j(\backslash tau)\; =\; 1728\backslash frac$

Post Comment