Elliptic curve

Encyclopedia : E : EL : ELL : Elliptic curve

---

In mathematics, an elliptic curve is an algebraic curve defined by an equation of the form

y² = x³ + a x + b,

which is non-singular; that is, its graph has no cusps or self-intersections. (When the characteristic of the coefficient field is equal to 2 or 3, the above equation is not quite general enough to comprise all non-singular cubic curves; see below for a more precise definition.)

If y² = P(x), where P is any polynomial of degree three or four in x with no repeated roots, then we obtain a nonsingular plane curve of genus one, which is often also called an elliptic curve. Even more generally, an algebraic curve of genus one, for example from the intersection of two three-dimensional quadric surfaces, is called an elliptic curve.

One finds that elliptic curves correspond to embeddings of the torus into the complex projective plane; such embeddings generalize to arbitrary fields, and so it is said that elliptic curves are non-singular projective algebraic curves of genus 1 over a field K, together with a distinguished point defined over K. The natural group structure of a torus manifests itself in a curious geometric way on an elliptic curve; the set of points of the curve form an abelian group.

Elliptic curves are especially important in number theory, and constitute a major area of current research; for example, they were used in the proof, by Andrew Wiles (assisted by one of his former PhD students, Richard Taylor), of Fermat's last theorem. They also find applications in cryptography (see the article elliptic curve cryptography) and integer factorization.

An elliptic curve is not the same as an ellipse: see elliptic integral for the origin of the term.

Elliptic curves over the real numbers

Although the formal definition of an elliptic curve is fairly technical and requires some background in algebraic geometry, it is possible to describe some features of elliptic curves over the real numbers using only high school algebra and geometry.

In this context, an elliptic curve is a plane curve defined by an equation of the form

[y^2 = x^3 + ax + b],

where a and b are real numbers. This type of equation is called a Weierstrass equation.

For example, the following graphs illustrate the elliptic curves given by the equations [y^2 = x^3 - x] and [y^2 = x^3 - x + 1].

The definition of elliptic curve also requires that the curve be non-singular. Geometrically, this means that the graph has no cusps or self-intersections. Algebraically, this involves calculating the discriminant,

[\Delta = -16(4a^3 + 27b^2)]

The curve is non-singular if the discriminant is not equal to zero. (Although the factor −16 seems irrelevant here, it turns out to be convenient in more advanced study of elliptic curves.)

The graph of a non-singular curve has two components if its discriminant is positive, and one component if it is negative. For example, in the graphs shown above, the discriminant in the first case is 64, and in the second case is −368.

The group law

By adding a "point at infinity", we obtain the projective version of this curve. If P and Q are two points on the curve, then we can uniquely describe a third point which is the intersection of the curve with the line through P and Q. If the line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the y-axis, we define the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on an elliptic curve.

It is then possible to introduce a group operation, "+", on the curve with the following properties: we consider the point at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points P, Q and R, then we require that P + Q + R = 0 in the group. One can check that this turns the curve into an abelian group, and thus into an abelian variety. It can be shown that the set of K-rational points (including the point at infinity) forms a subgroup of this group. If the curve is denoted by E, then this subgroup is often written as E(K).

The above group can be described algebraically as well as geometrically. Given the curve y² = x³ − px − q over the field K (whose characteristic we assume to be neither 2 nor 3), and points P = (x_P, y_P) and Q = (x_Q, y_Q) on the curve, assume first that x_P ≠ x_Q. Let s = (y_P − y_Q)/(x_P − x_Q); since K is a field, s is well-defined. Then we can define R = P + Q = (x_R, y_R) by

[x_R = s^2 - x_P - x_Q]

[y_R = -y_P + s(x_P - x_R)]

If x_P = x_Q, then there are two options: if y_P = −y_Q, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the x-axis. If y_P = y_Q ≠ 0, then R = P + P = 2P = (x_R, y_R) is given by

[s = ^2 - p)}/]

[x_R = s^2 - 2x_P]

[y_R = -y_P + s(x_P - x_R)]

If y_P = y_Q = 0, then P + P = 0.

Elliptic curves over the complex numbers

The formulation of elliptic curves as the embedding of a torus in the complex projective plane follows naturally from a curious property of Weierstrass's elliptic functions. These functions and their first derivative are related by the formula

[\wp'(z)^2 = 4\wp(z)^3 -g_2\wp(z) - g_3]

Here, [g_2] and [g_3] are constants; [\wp(z)] is the Weierstrass elliptic function and [\wp'(z)] its derivative. It should be clear that this relation is in the form of an elliptic curve (over the complex numbers). The Weierstrass functions are doubly-periodic; that is, they are periodic with respect to a lattice Λ; in essence, the Weierstrass functions are naturally defined on a torus [T=\mathbb/\Lambda]. This torus may be embedded in the complex projective plane by means of the map

[z \mapsto (1,\wp(z), \wp'(z))].

This map is a group isomorphism, carrying the natural group structure of the torus into the projective plane. It is also an isomorphism of Riemann surfaces, and so topologically, a given elliptic curve looks like a torus. If the lattice Λ is related to a lattice cΛ by multiplication by a non-zero complex number c, then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the j-invariant.

The isomorphism classes can be understood in a simpler way as well. The constants [g_2] and [g_3], called the modular invariants, are uniquely determined by the lattice, that is, by the structure of the torus. However, the complex numbers are the splitting field for polynomials, and so the elliptic curve may be written as

[y^2=x(x-1)(x-\lambda)]

One finds that

[g_2 = \frac} (\lambda^2-\lambda+1)]

and

[g_3=\frac (\lambda+1)(2\lambda^2-5\lambda+2)]

so that the modular discriminant is

[\Delta = g_2^3-27g_3^2 = \lambda^2(\lambda-1)^2]

Here, λ is sometimes called the modular lambda function.

Note that the uniformization theorem states that every compact Riemann surface of genus one can be represented as a torus.

Elliptic curves over a general field

Elliptic curves can be defined over any field K; the formal definition of an elliptic curve is a non-singular projective algebraic curve over K with genus 1 with a given point defined over K.

If the characteristic of K is neither 2 nor 3, then every elliptic curve over K can be written in the form

y² = x³ − px − q

where p and q are elements of K such that the right hand side polynomial x³ − px − q does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept.

One typically takes the curve to be the set of all points (x,y) which satisfy the above equation and such that both x and y are elements of the algebraic closure of K. Points of the curve whose coordinates both belong to K are called K-rational points.

Isogeny

Let [E] and [E'] be elliptic curves over a field [k.] An isogeny between [E] and [E'] is a finite morphism [f : E\to E'] of varieties that preserves basepoints. (see also Abelian varieties up to isogeny).

The two curves are called isogenous if there is an isogeny between them. This is an equivalence relation, symmetry being due to the existence of the dual isogeny. Every isogeny is an algebraic homomorphism and thus induces homomorphisms of the groups of the elliptic curves for [k]-valued points.

Connections to number theory

The Mordell-Weil theorem states that if the underlying field K is the field of rational numbers (or more generally a number field), then the group of K-rational points is finitely generated. This means that the group can be expressed as the direct sum of a free abelian group and a finite torsion subgroup. While it is relatively easy to determine the torsion subgroup of E(K), no general algorithm is known to compute the rank of the free subgroup. A formula for this rank is given by the Birch and Swinnerton-Dyer conjecture.

The recent proof of Fermat's last theorem proceeded by proving a special case of the deep Taniyama-Shimura conjecture relating elliptic curves over the rationals to modular forms; this conjecture has since been completely proved.

While the precise number of rational points of an elliptic curve E over a finite field F_p is in general rather difficult to compute, Hasse's theorem on elliptic curves tells us

[ \left| \sharp E( \mathbb_p ) - p - 1 \right| < 2 \sqrt ]

This fact can be understood and proven with the help of some general theory; see local zeta function, Étale cohomology. The number of points on a specific curve can be computed with Schoof's algorithm.

For further developments see arithmetic of abelian varieties.

Algorithms that use elliptic curves

Elliptic curves over finite fields are used in some cryptographic applications as well as for integer factorization. Typically, the general idea in these applications is that a known algorithm which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. For more see also:

• Elliptic curve cryptography
• Elliptic Curve DSA
• Lenstra elliptic curve factorization
• Elliptic curve primality proving.

References

Serge Lang, in the introduction to the book cited below, stated that "It is possible to write endlessly on elliptic curves. (This is not a threat.)" The following short list is thus at best a guide to the vast expository literature available on the theoretical, algorithmic, and cryptographic aspects of elliptic curves.

External links

• [The Mathematical Atlas: 14H52 Elliptic Curves]
• , [Elliptic Curves] at MathWorld.

  This article incorporates material from on PlanetMath, which is licensed under the [Text of the GNU Free Documentation LicenseGFDL].

   

  ---

  From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
  All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?