PONTIFICIA UNIVERSIDAD CATÓLICA DEL PERÚ FACULTAD DE CIENCIAS E INGENIERÍA ASSOCIATIVE PROPERTY ON THE GROUP OF ELLIPTIC CURVES Tesis para optar el Título de Licenciado en Matemáticas, que presenta el bachiller: Iván Pérez Avellaneda ASESOR: Alfredo B. Poirier Schmitz Lima, setiembre de 2017 Acknowledgments These notes would not exist without the support of my family, especially of my beloved mother and the everyday stronger memory of my father. To both I entirely dedicate this work and express my deepest gratitude. I must thank the members of the Mathematics Section within the Sciences Department of Pontificia Universidad Católica del Perú, especially professor Alfredo Poirier, for his enthusiastic and enlightening guidance throughout the development of these notes and his promptness to help. Professors Richard Gonzales and Jaime Cuadros for taking their time to read this work. Pro- fessors Francisco Ugarte, Richard Chávez, Christiam Figueroa, Juan Mon- tealegre, José Flores and Rubén Agapito, for their advice, encouragement or support through teaching assistantships. Also, I thank DGI for granting me the PADET project with code 2016- 6-0060. Resumen La conjetura de Fermat fue uno de los acertijos matemáticos más misteriosos hasta 1995. El problema fue formulado en 1637 por Pierre de Fermat. Él afirmó saber cómo resolverlo, sin embargo, no pod́ıa mostrar la prueba de- bido a que el espacio en el margen de su copia de Arithmetica de Diofanto era insuficiente. Desde entonces mucho misticismo rodeó a la conjetura. Mientras tanto, independientemente, nuevas ramas de las matemáticas se desarrollaban. La geometŕıa algebraica y el análisis complejo permitieron a Andrew Wiles resolver finalmente la conjetura. La solución involucra, entre otras herramientas, el uso de curvas eĺıpticas. Esto es suficiente motivo para estudiarlas. En lineas generales las curvas eĺıpticas son polinomios cúbicos no singu- lares en dos variables con un punto especial de coordenadas racionales en los que podemos establecer una estructura de grupo. Para manipular las opera- ciones cómodamente transformamos la ecuación de la curva eĺıptica en una más apropiada con menos términos. Para lograr esto exploramos los aspectos fundamentales de los espacios proyectivos que facilitarán la transición. Como ya es conocido, existen casos en las matemáticas en los que hay un intercambio entre simpleza y elegancia. Uno debe profundizar un poco para alcanzar la estética. Nuestro objetivo es probar la propiedad de asociativi- dad del grupo en las curvas eĺıpticas por medio del grupo de Picard de una variedad algebraica asociada. Esto provee una prueba alternativa de dicha propiedad y reemplaza los cálculos engorrosos de la prueba directa que usa solo la definición de la operación del grupo. Para lograr esto desarrollamos la teoŕıa de divisores. Esto nos conduce al estudio de funciones racionales sobre las curvas y de este modo nos enfrentamos a uno de los resultados más im- portantes de la geometŕıa algebraica: el teorema de Riemann-Roch. Basados en esto probamos que las curvas eĺıpticas sobre los cuerpos de caracteŕıstica cero tienen genero uno. Finalmente definimos el grupo de Picard. Este grupo mide el grado de cuánto del conjunto de divisores no tiene origen en las funciones racionales. Luego establecemos un homomorfismo entre este grupo y la curva eĺıptica: esta es en una manera elaborada de afirmar que la asociatividad de una estructura se preserva en la otra. Contents Introduction 1 1 Non singular cubics 2 1.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Projective space . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 Weierstrass normal forms . . . . . . . . . . . . . . . . . . . . . 7 1.4 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2 Groups over elliptic curves 15 2.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Sum of points . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3 Explicit expression of the sum . . . . . . . . . . . . . . . . . . 17 2.4 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3 Associativity 22 3.1 Divisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.2 Canonical divisors . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.3 Riemann-Roch . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.4 The Picard group . . . . . . . . . . . . . . . . . . . . . . . . . 32 Bibliography 35 ii Introduction The Fermat conjecture was one of the most mysterious puzzles of mathemat- ics until 1995. The problem was formulated in 1637 by Pierre de Fermat. He claimed that he knew how to solve it, but was however unable to exhibit the proof because of the lack of space on the margin of his copy of Diophan- tus’s Arithmetica. Since then a lot of mysticism surrounded the conjecture. Meanwhile, independently, new branches of mathematics were developed. Algebraic geometry and complex analysis allowed Andrew Wiles to finally solve the conjecture. The solution involves, among other tools, the use of elliptic curves. That is enough reason for their study. Roughly speaking elliptic curves are non-singular cubic polynomials in two variables with a special point of rational coordinates where a group structure can be set. In order to handle computations comfortably we trans- form the equation of the elliptic curve into an appropriate one with fewer terms. To achieve this goal we explore fundamental aspects of projective spaces which facilitate the transition. As it is known, in some cases there is a trade-off in mathematics between simplicity and elegance. One must dig a little deep to reach aesthetics. We aim to prove the associativity law of the group on elliptic curves by means of the Picard group of an associated algebraic variety. This provides an alterna- tive proof of the property and replaces the usual burdensome computations of the straight proof by definition of the group operation. In order to achieve this, we develop the theory of divisors. This leads us to the study of ratio- nal functions on curves, and thus face one of the crucial results of algebraic geometry: the Riemann-Roch theorem. Based on this we prove that elliptic curves over fields of characteristic zero have genus one. Finally we define the Picard group. This group measures the extent of how much of the set of divisors fails to have its origin on rational functions. Then we establish a homomorphism between this group and the elliptic curve: this yields a fancy way of saying that associativy of one structure is preserved in the other. 1 Chapter 1 Non singular cubics In this chapter we introduce elliptic curves and the equations that represent them. We also treat the basic and necessary aspects of projective spaces in order to simplify their representation. 1.1 Preliminaries We consider a quadratic polynomial in Q[X, Y ], and call its locus a curve, which we denote by C. A dichotomy appears here: there is a pair of rational numbers that satisfies the equation, or there are not such pairs. The knowl- edge of a rational point over a curve will automatically reveal many of them. In order to justify this assertion, we fix a point O ∈ Q×Q on the curve to- gether with a line L with coefficients in Q. The idea is to parametrize the rest of the rational points on C through the rational points of L. Each rational point on L along with O determines a unique line, obviously rational. If C is irreducible, this line intersects C in exactly two points by Bezout’s theorem. Of course one of them is O and the other P , say. To find numerically the coordinates of P one must set a pair of quadratic equations with rational coefficients. If one of the solutions is rational, the other will also be rational, thus P is rational. On the other hand, every rational P ∈ C determines along with O a rational line which intersects with L at a rational point (if P = O the line is the tangent to C at O). In this way we have established a one to one correspondence between the rational points on C and the rational points on L. We state this fact as a proposition. Proposition 1.1. The locus of an irreducible quadratic polynomial in Q[X, Y ] with at least one rational point is equivalent to the rational line.  Next we consider cubics of the form y2 = f(x), where f(x) ∈ Q[X] with deg(f) = 3. We say that the curve has a singular point at (x0, 0) if x0 ∈ Q 2 is a root of f(x) = 0 with multiplicity at least 2. The equation can then be expressed as y2 = λ(x − x )20 (x − x1). We claim that these curves reduce to a line as previously explained for curves of genus zero. Taking a rational line y = m(x− x0) through (x0, 0), we observe that the third meeting point between the line and the cubic is a rational point. Considering all the rational lines through this singular point and again projecting them stereographically to a rational line L we obtain a one to one correspondence between the rational points of the cubic and the line. We have proved the following. Proposition 1.2. Rational cubics of the form y2 = f(x) with a singular rational point are equivalent to rational lines.  Now we take a polynomial relation of degree 3 with coefficients in an arbitrary field K such as ax3 + bx2y + cxy2 + dy3 + ex2 + fxy + gy2 + hx+ iy + j = 0. (1.1) We call a point (x, y) ∈ K × K that satisfies the equation a K-rational point. Curves f(x, y) = 0 and F (X, Y ) = 0 are called equivalent if there exists rational functions a, b, A, B with rational coefficients which satisfy x = a(X, Y ), y = b(X, Y ), X = A(x, y), Y = B(x, y) except for a finite number of points. Consider the cubic curve y2 = P (x), (1.2) where P (x) is polynomial of degree 3, and define F (x, y) = y2−P (x). If the point (x0, y0) satisfies ∂F ∂F (x0, y0) = (x0, y0) = 0, (1.3) ∂x ∂y then we have y = 0 and P ′0 (x0) = 0. Evaluating at (x0, y0), this means that we have P (x0) = 0, so it is a solution with multiplicity at least 2. In the other direction, if x0 is a solution of P (x) with multiplicity at least 2, then it must satisfy Relation (1.3). 3 In general, let P (x, y) be a polynomial in K[X, Y ]. We say that the point (x0, y0) is a singular point of the curve P (x, y) = 0 if we have also ∂P ∂P (x0, y0) = (x0, y0) = 0. ∂x ∂y The exclusion of singular points in the definition of the curve represented by Equation (1.2) will allow us to diversify in the algebraic aspect and regularize in the geometric sense. Proposition 1.3. A polynomial P (x) ∈ K[X] of degree 3 has different roots if and only if at every point on the curve y2 = P (x) it is possible to define the tangent.  We can now introduce our object of study. By an elliptic curve over the field K we mean a non-singular cubic in K[X, Y ] which has at least one K-rational point. 1.2 Projective space One of the biggest concerns of renaissance art was the analysis of perspectives; an obsession that motivated the foundations of projective geometry. We will recall the concepts and relevant results of this theory in order to manipulate elliptic curves on projective spaces. We call projective space of K, and denote it by P2(K), the set of equivalent classes of the quotient of P2[K] = {(a : b : c) : a, b, c ∈ K} \ {(0 : 0 : 0)} modulo the equivalence relation ∼ given by (a : b : c) ∼ (a′ : b′ : c′) when there is some t 6= 0 such that a′ = at, b′ = bt, c′ = ct. The sum of points in this “plane”, as in a vector space, is senseless. For instance it has no meaning to try to compute (0 : 1 : 0) + (1 : 1 : 1). At first glance the result must be (1 : 2 : 1), nonetheless these elements are equivalence classes, so by taking other representatives for each point, say (0 : 4 : 0) and (2 : 2 : 2), we obtain (2 : 6 : 2), which is not equivalent to the previous (1 : 2 : 1). Therefore the sum, coordinate by coordinate, is meaningless in this object. In order to set a relationship between projective space and the affine universe we look at the application A2(K)→ P2(K) (x, y)→7 (x : y : 1). This map is injective with inverse (x : y : z) 7→ (x/z, y/z) for z =6 0. Because of this, the affine space can be construed as embedded in the projective 4 space. The points that do not belong to the affine space (those with Z = 0) are called points at infinity. If our purpose is to study elliptic curves in projective space, we consider other kind of polynomials. A homogeneous polynomial of degree d is a polynomial F (x, y, z) ∈ K[X, Y, Z] which s∑atisfies F (tx, ty, tz) = tdF (x, y, z). Now consider a polynomial f(x, y) = a ii,jx y j in K[X, Y ] of degree d. The homogenization of f in P2(K∑) is the formal sum F (X : Y : Z) = ai,jX iY jZd−i−j. (1.4) i,j It is clear that the homogenization of a polynomial is a homogeneous polynomial in one more variable. On the other hand, by handling and reorganizing the variable Z at the right hand side of the equation we get the following. Proposition 1.4. The homogenization of f(x, y) is equal to Zdf(X/Z, Y/Z). (1.5) Thus f(X/Z, Y/Z) is the quotient of two polynomials of the same degree.  This expression helps us return to the affine plane. Let F (X : Y : Z) be the homogenization of f(x, y). We call the dehomogenization with respect to Z the polynomial F (X : Y : 1). (1.6) Homogeneous polynomials are the only ones that allow us to maintain certain coherence when working in projective space. Let F (X : Y : Z) be a homogeneous polynomial of degree d. By definition we have then F (tX : tY : tZ) = tdF (X : Y : Z). If F (X0 : Y0 : Z0) = 0, then necessarily every element (X1 : Y1 : Z1) in the equivalence class of (X0 : Y0 : Z0) also satisfies F (X1 : Y1 : Z1) = 0. Another important feature is that although it seems mystic to grab the infinite and reach it at the line Z = 0, this does not make the variable Z a distinguished one. One must understand that the dehomogenization of a curve in projective plane can take three different roads, namely Z = 1, Y = 1 and X = 1. Thus taking Z = 1 only means that we are going to work with certain coordinates of projective space. Most probably, picking Z = 1 is the most natural one if we started with x, y in the affine plane. Singularities can also be defined in the projective plane in the same way as in the affine case. Let F (X : Y : Z) be a polynomial in P2(K). The point 5 P = (X0 : Y0 : Z0) is a singular point on the curve F (X : Y : Z) = 0 if it satisfies ∂F ∂F ∂F (P ) = (P ) = (P ) = 0. ∂X ∂Y ∂Z Proposition 1.5. If F (X : Y : Z) is a homogeneous polynomial of degree d, then each partial derivative is a homogeneous polynomial of degree d− 1. Proof. From the definition we have ∂ ∂ t F (tX : tY : tZ) =td F (X : Y : Z), ∂X ∂X and the result follows. We use the same argument for the other coordinates. We analyze the relationship between a singular point in an affine curve and its homogenized version in projective space. Proposition 1.6. The point (x0/z0, y0/z0) in the curve f(x, y) in the affine plane is singular if and only if the corresponding point (X0, Y0, Z0) with Z0 6= 0 is singular in the homogenization F (X : Y : Z). Proof. By Equation (1.5) we have F (X : Y : Z) = Zdf(X/Z, Y/Z). Differ- entiating with respect to X, Y, Z we obtain ∂F ∂f (X : Y : Z) =Zd−1 (X/Z, Y/Z), ∂X ∂X ∂F ∂f (X : Y : Z) =Zd−1 (X/Z, Y/Z), ∂Y ∂Y ∂F (X : Y : Z) =dZd−1f(X/Z, Y/Z) − ∂Z − d−2 ∂f ∂fZ (X (X/Z, Y/Z) + Y (X/Z, Y/Z)). ∂X ∂Y The stated equivalence is now clear. The equation of the tangent line to a curve defined by means of a homo- geneous polynomial has a simple form. Proposition 1.7. Let F (X : Y : Z) be a homogeneous polynomial of degree d with a non-singular point P . Then a homogeneous tangent line at P is given by ∂F ∂F ∂F (P )X + (P )Y + (P )Z = 0. (1.7) ∂X ∂Y ∂Z 6 Proof. First notice that F must be non-constant, as otherwise all points are singular; thus we take d > 0 without further comment. From the definition of homogeneous polynomial we have F (tX : tY : tZ) = tdF (X : Y : Z). (1.8) Diffe[rentiating the left hand side with respect to t we get ] ∂F ∂F ∂F (tX : tY : tZ) (tX : tY : tZ) (tX : tY : tZ) [X Y Z]T . ∂X ∂Y ∂Z By Proposition 1.5 the partial derivatives are homogeneous polynomials of degree d−[1. Therefore this side of the equation has the fo]rm d−1 ∂F ∂F ∂Ft (X : Y : Z) (X : Y : Z) (X : Y : Z) [X Y Z]T . ∂X ∂Y ∂Z Differentiating the right hand side of (1.8) and comparing it with the left hand side we obtain ∂F ∂F ∂F X + Y + Z = d · F (X : Y : Z). ∂X ∂Y ∂Z Finally we evaluate at P and achieve the desired result. We state a crucial theorem that we have used before without proof. For further details see [8, page 237]. Theorem 1.8. (Bezout) For projective curves C1 and C2 without common factors, we have ∑ I(C1 ∩ C2, P ) = (degC1)(degC2). (1.9) P∈C1∩C2 Here I(C1 ∩ C2, P ) stands for the multiplicity of P at the intersection of C1 and C2 which can be interpreted as the degree of tangency of both curves at P . So, if we have a line and a cubic curve with two distinct points of intersection then a third point of intersection necessarily pops. 1.3 Weierstrass normal forms By a Weierstrass normal form we mean any of the following polynomial relations y2 + a1xy + a y = x 3 3 + a2x 2 + a4x+ a6, (1.10) y2 = x3 + ax2 + bx+ c, (1.11) y2 = x3 + ax+ b. (1.12) 7 Every elliptic curve can be transformed into one of these forms depending on the characteristic of the defined ground field. First we reveal the universal nature of the point O = (0 : 1 : 0) over the homogenized version of the curve (1.10). For that we first homogenize Y 2Z + a1XY Z + a3Y Z 2 = X3 + a2X 2Z + a4XZ 2 + a6Z 3. (1.13) Next we need the tangent line at O: following Proposition 1.7 we find the partial derivatives ∂F (O) = 0, ∂X ∂F (O) = 0, ∂Y ∂F (O) = 1. ∂Z We conclude easily that Z = 0 is the tangent line at O. Next we intersect the curve in projective space with the projective line Z = 0 at infinite, the result being X3 = 0; that is, the point O has a triple contact, which by definition is called an inflexion point. Proposition 1.9. Every elliptic curve can be transformed into a Weierstrass normal form. Proof. Suppose an elliptic curve has a rational point P . By the theorem of Bezout, the tangent at this point meets three times the curve. Two options emerge: the tangent line contacts three times the point P , and so is an inflexion point, or the line contacts P two times and one time a different point in the curve. In the first case we want to resettle the point P in O and carry the tangent line at P to the line Z = 0. For this purpose we change coordinates through a linear inversible transformation. In this way we obtain the equation aX3+bX2Y +cXY 2+dY 3+eX2Z+fXY Z+gY 2Z+hXZ2+iY Z2+jZ3 = 0 with d = 0 because the point (0 : 1 : 0) belongs to the curve. Moreover, as the tangent line at this point is Z = 0, we find the partial derivatives ∂F = 3aX2 + 2bXY + cY 2 + 2eXZ + fY Z + hZ2, ∂X ∂F = bX2 + 2cXY + fXZ + 2gY Z + iZ2, ∂Y ∂F = eX2 + fXY + gY 2 + 2hXZ + 2iY Z + 3jZ2 ∂Z 8 and evaluate at O to obtain ∂F ∂F ∂F (O) = c, (O) = 0, (O) = g. ∂X ∂Y ∂Z In this way the tangent line is cX + gZ = 0. We get c = 0 and g 6= 0. Evaluating the curve at Y = 1 and Z = 0 gives us X2(aX + b) = aX3 + bX2 = 0. In order to obtain a triple contact we must have b = 0 and a 6= 0. So far the equation of the curve reduces to gY 2Z + fXY Z + iY Z2 = −aX3 − eX2Z − hXZ2 − jZ3. Changing the variables from X to −agX and Y to a2gY and returning to the affine space through the immersion Z = 1 we obtain y2 + a xy + a y = x31 3 + a2x 2 + a4x+ a6, as desired. Suppose now P is not an inflexion point. In this framework the tangent line has a double contact and intersects transversally the curve at Q, another rational point. If Q is an inflexion point, we start all over again using the just described method and proceed accordingly. Therefore we assume it is not an inflexion point. Then we trace the tangent at Q and by Bezout obtain the point R on the elliptic curve. As the three points P , Q, and R are not colinear, we can define a linear invertible transformation which carries P , Q and R to (1 : 0 : 0), (0 : 1 : 0) and (0 : 0 : 1), respectively. Let the equation F (X, Y, Z) = aX3+bX2Y + cXY 2 + dY 3 + eX2Z+ + fXY Z + gY 2Z + hXZ2 + iY Z2 + jZ3 describe the transformed elliptic curve. The coefficients a, d and j are null since the points (1 : 0 : 0), (0 : 1 : 0) and (0 : 0 : 1) belong to the curve. Then the equation simplifies to F (X, Y, Z) = bX2Y + cXY 2 + eX2Z + fXY Z + gY 2Z + hXZ2 + iY Z2. By the nature of the construction of P , Q and R, the tangent line at P will be carried to the line that passes through (1 : 0 : 0) and (0 : 1 : 0); this 9 is Z = 0. By the same reason the tangent line at Q is carried to X = 0 through the linear transformation. Setting these conditions in the curve, the coefficients of the tangent at (1 : 0 : 0) become ∂F ((1 : 0 : 0)) = 0, ∂X ∂F ((1 : 0 : 0)) = b, ∂Y ∂F ((1 : 0 : 0)) = e; ∂Z hence we get b = 0 and e 6= 0. The coefficients of the tangent line at (0 : 1 : 0) are ∂F ((0 : 1 : 0)) = c, ∂X ∂F ((0 : 1 : 0)) = 0, ∂Y ∂F ((0 : 1 : 0)) = g; ∂Z so we get g = 0 and c 6= 0. The defining polynomial is now F (X, Y, Z) = cXY 2 + eX2Z + fXY Z + hXZ2 + iY Z2. (1.14) We use the non linear transformations α(X, Y, Z) =(XZ : XY : Z2), β(X, Y, Z) =(X2 : Y Z : XZ) that take rational points into rational points. The compositions α ◦ β and β ◦ α work as the identity except for the points (1 : 0 : 0), (0 : 1 : 0) and (0 : 0 : 1). Multiplying Equation (1.14) by XZ2 and changing the variables to U = XZ, V = XY and W = Z2, we obtain cV 2W + eU3 + fUVW + hU2W + iV W 2 = 0. Dividing by e and replacing W by W/c, we obtain the Weierstrass form V 2W + a1UVW + a3VW 2 = U3 + a U22 W. Finally we set W = 1, and conclude the proof. 10 Working in a field K with charK 6= 2 allows us to accomplish the extra change of variable y by y − (a1x + a3)/2, and we obtain the equation y2 = x3 + ax2 + bx+ c. If the field is also such that charK 6= 3, we can make the further change of x by x− a/3 and obtain the equation y2 = x3 + ax+ b. Y Y 2 4 1 2 0 X 0 X - -21 -4 -2 -2 -1 0 1 2 -4 -2 0 2 4 Figure 1.1: y2 = x3 − x Figure 1.2: y2 = x3 + x Y Y 2 2 1 1 0 X 0 X -1 -1 -2 -2 - -21 0 1 2 -2 -1 0 1 2 Figure 1.3: y2 = x3 − x2 Figure 1.4: y2 = x3 11 Y 2 1 0 X -1 -2 -2 -1 0 1 2 Figure 1.5: y2 = x3 + x2 1.4 Examples Example 1.10. Take the Fermat’s elliptic curve x3+y3 = 1 of a field K with charK 6= 2, 3. We will obtain the three versions of the Weierstrass normal form. The homogenized version of the curve is X3 + Y 3 − Z3 = 0. The point (1 : −1 : 0) is an inflexion point with tangent line X + Z = 0. Applying the projective linear transformation (X, Y, Z)→7 (Z −X − Y,X +Z,X + Y ) we get 3Y 2Z + 6XY Z − 3Y Z2 = −X3 + 6XZ2. Changing the variables X to −3X and Y to 3Y results in the equation Y 2 1 2 Z − 2XY Z − Y Z2 = X3 − XZ2, 3 3 whose affine representation is given by y2 − 12xy − y = x3 − 2x. 3 3 Then we change the variable y to y + x+ 1 . After some toiling we obtain 6 1 1 y2 = x3 + x2 − x+ . 3 36 Finally we replace the variable x by x− 2 to get y2 = x3 − 2 23x+ . 3 108 12 Y Y 2 2 1 1 0 X 0 X -1 -1 -2 - - -22 1 0 1 2 -2 -1 0 1 2 Figure 1.6: x3 + y3 = 1 Figure 1.7: y2 − 2xy − 1y = 3 x3 − 2x 3 Y Y 2 2 1 1 0 X 0 X -1 -1 -2 -2 - -21 0 1 2 -2 -1 0 1 2 Figure 1.8: y2 = x3+x2− 1x+ Figure 1.9: y2 = x3 − 2x+ 23 3 3 108 1 36 Example 1.11. Consider the non-singular cubic equation x3 +y3 +x2−y2 + 1 = 0, whose homogenized version is X3 + Y 3 +X2Z − Y 2Z + Z3 = 0. The point (1 : −1 : 0) is an inflexion point of the curve. We apply the projective linear transformation (X, Y, Z) 7→ (X + Y + Z,−X − Y,X) and obtain 3Y 2Z + 8XY Z + 3Y Z2 = −X3 − 5X2Z − 4XZ2 − Z3. Changing the variables X to −3X and Y to 3Y , we get Y 2Z − 8/3XY Z + 1/3Y Z2 = X3 − 5/3X2Z + 4/9XZ2 − 1/27Z3 13 whose representation in the affine plane is given by y2 − 8 1xy + y = x3 − 5x2 4 1+ x− . 3 3 3 9 27 Replacing y by y − (−8/3x+ 1/3)/2 results in y2 1 1 = x3 + x2 − ; 9 108 and replacing x by x− 1/27 results in 1 y2 = x3 − x− 721 . 243 78732 Y Y 2 2 1 1 0 X 0 X -1 -1 -2 -2 - -21 0 1 2 -2 -1 0 1 2 Figure 1.10: x3+y3+x2−y2+ Figure 1.11: y2 − 8xy + 1y = 3 3 1 = 0 x3 − 5x2 + 4x− 1 3 9 27 Y Y 1.0 1.0 0.5 0.5 0.0 X 0.0 X -0.5 -0.5 -1.0- -1.01.0 -0.5 0.0 0.5 1.0 -1.0 -0.5 0.0 0.5 1.0 Figure 1.12: y2 = x3+ 1x2− 1 Figure 1.13: y2 = x3 − 1 x − 9 108 243 721 78732 14 Chapter 2 Groups over elliptic curves In the present chapter we are concerned with the structural aspects of elliptic curves from the purely algebraic point of view. In particular we define a group over its set of rational points. 2.1 Preliminaries An easy application of Bezout’s theorem states that every line over K[X, Y ] that intersects an elliptic curve twice in fact cuts it a third time. This is the starting point to set a group structure in an elliptic curve. As before, we are going to work with elliptic curves of the form Y 2Z + a1XY Z + a3Y Z 2 = X3 + a X22 Z + a4XZ 2 + a6Z 3 (2.1) with a preferred point O = (0 : 1 : 0), which happens to be an inflexion point and the unique point of the curve at infinity. We state the following proposition about a defining property of the pro- jective lines that meet the curve at infinity. Proposition 2.1. The projective lines of the form X = x0Z are the only ones different from Z = 0 that cut the curve at infinity. Proof. In general a projective line has the form α1X + α2Y + α3Z = 0. As O is the only point of the curve at infinity, then O must belong to the projective line, therefore we get α2 = 0. Also as we are not considering Z = 0 we must have α1 6= 0, so we get X = −α3/α1Z. By setting x0 = −α3/α1 and dehomogenizing we obtain the result. Next take points P and Q on the elliptic curve C. Recalling Bezout’s theorem we know that if we draw the line through P and Q, this line must 15 intercept the curve at another point: call this point P ∗ Q (compare Figure 2.1). In this way the operation ∗ : C × C → C is established. Notice that there is no extra burden in finding a third point if we have P = Q: it simply happens that the line becomes the tangent line. Also, as O is an inflexion point we have O ∗ O = O. To familiarize ourselves with ∗ we state the following preliminary result. Proposition 2.2. Take points P,Q in the elliptic curve. The operation ∗ is commutative and satisfies (P ∗Q) ∗ P = Q. Proof. Commutativity follows inmediately by definition because the line from P to Q is the same as the line from Q to P . The other claim is clear because P ∗ Q is the third point on the curve resulting from the intersection of the line that joins P and Q and the curve. Focusing on P ∗ Q and P now the third point must be Q. Y Y 2 2 1 * 1P Q P*Q P Q P Q 0 X 0 X P+Q -1 -1 -2 - - -22 1 0 1 2 -2 -1 0 1 2 Figure 2.1: P,Q and P ∗Q Figure 2.2: P +Q 2.2 Sum of points Take points P,Q on the elliptic curve C. We define the sum of P and Q to be P +Q = (P ∗Q) ∗O. (2.2) It turns out that this simple operation satisfies several important rela- tions. Proposition 2.3. Take points P,Q,R on the elliptic curve. Then the sum + must satisfy the following properties: 16 1. P +Q = Q+ P , 2. P +O = P , 3. if the points P,Q,R are colinear, then (P +Q) +R = O, (2.3) 4. there exists a point −P of the curve which satisfies P + (−P ) = O. (2.4) Proof. As the operation ∗ is commutative we have P ∗Q = Q ∗ P . Thus we get P +Q = (P ∗Q) ∗O = (Q ∗P ) ∗O = Q+P . By definition of + we have P +O = (P ∗O) ∗O. Again by the commutativity of the operation ∗ we get (P ∗O)∗O = (O∗P )∗O. Thus by Proposition 2.2 we obtain (P ∗O)∗O = P , which is equivalent to P + O = P . Next, if P,Q,R are colinear we get P +Q = (P ∗Q) ∗O = R ∗O. In this way (P +Q) +R = ((R ∗O) ∗R) ∗O. From Proposition 2.2 we know that (R ∗ O) ∗ R = O holds, and this yields (P + Q) + R = O ∗ O = O. Finally take O,P,R colinear. By the preceding item we have (P +O) +R = O, therefore it is enough to set R = −P . In the next chapter, we develop the theory of divisors in order to proof the associative property; this gives us an elegant proof of this fact. If we take this for granted, then the preceding proposition shows that the K-rational points together with + ensemble a group on elliptic curves. 2.3 Explicit expression of the sum We find the explicit expression for the sum of points over an elliptic curve of the form y2 + a1xy+ a3y = x 3 + a2x 2 + a4x+ a6 in K[X, Y ]. To achieve this goal we take the line y = αx + β that passes through the distinct rational points P = (x1, y1) and Q = (x2, y2), where α = (y2 − y1)/(x2 − x1) and β = (y1x2 − x1y2)/(x2 − x1). We plug in the equation of the line in the equation of the elliptic curve and obtain the cubic equation x3 + (a2 − α2 − a 21α)x + (a4 − 2αβ − a1β − a3α)x+ a6 − β2 − a3β = 0, whose solutions represent the x-coordinates of the three points of intersection of the line with the curve. In particular we realize that x3 + x2 + x1 = −a2 + α2 + a1α holds, and so we have x3 = α 2 + a1α− a2 − (x1 + x2), y3 = α 3 + a1α 2 − (a2 + x1 + x2)α + β. 17 We replace x3 in the equation of the elliptic curve in order to obtain y2 + (a1x3 + a3)y − (x33 + a x22 3 + a4x3 + a6) = 0. (2.5) In view of the K-rational nature of one solution of the latter equation, the other one must also be K-rational. In addition, the sum of the solutions of this equation is equal to the negative of the associated coefficient of y. Thus the second solution is precisely ỹ3 = −y3 − (a1x3 + a3). According to Proposition 2.1 the point (x3, ỹ3) represents P +Q. 2.4 Examples Example 2.4. For the elliptic curve y2 = x3 + 17, (2.6) the points P = (4, 9) and Q = (8, 23) are points within. We want to find −P and −Q. According to the previous explanation this is an easy task. We just have to find the points P ∗O and Q∗O on the curve. As mentioned early, this is equivalent to find the other points of intersection of the curve and the lines x = xP , x = xQ, respectively. Since this elliptic curve is symetrical respect to the x-axis, the points −P and −Q are (4,−9) and (8,−23), accordingly. Another interesting computation is associated to the double of a point. Now we are looking for the point 2P , which must lay on the curve. As we are performing the sum P + P , this means that the intersecting line is now the tangent line to the curve on P , which is 3y − 8x+ 5 = 0. (2.7) The resulting equation that expresses this intersection is 9x3 − 64x2 + 80x+ 128 = 0. (2.8) So we have xP∗P = 64/9− 2× 4 = −8/9, and thus also yP∗P = −109/27. We finally get 2P = (−8/9, 109/27) by intersecting the curve with the vertical line x = −8/9 or just reflecting P ∗ P along the x-axis. Next we compute P + Q following the previously explained algorithm. First, we note that the equation of the line that passes through P and Q is 14x− 4y − 20 = 0. (2.9) 18 Then we get the x-coordinate of P ∗ Q by intersecting it with the elliptic curve in order to get the system y2 − x3 − 17 = 0, 14x− 4y − 20 = 0. Replacing y in the first equation we obtain x3 − (7/2)2x2 + 35x− 8 = 0. (2.10) Then we get xP∗Q = 49/4− (xP + xQ) = 49/4− (4 + 8) = 1/4. We replace xP∗Q in the equation of the line and obtain yP∗Q = −33/8. Therefore, we have P ∗Q = (1/4,−33/8). Finally we get P+Q by intersecting the elliptic curve with x = 1/4, and so we end up with P +Q = (1/4, 33/8). Y Y Q Q 20 20 10 P 10 P 0 X 0 P* XQ -10 -10 -20 -20 -20 -10 0 10 20 -20 -10 0 10 20 Figure 2.3: Curve y2 = x3 +17 Figure 2.4: Curve y2 = x3 +17 and points P,Q and point P ∗Q Example 2.5. Another interesting example is the elliptic curve y2 = x3 + 1, which has P = (2, 3) as rational point. According to the method just described we obtain 2P = (0, 1). Adding P + 2P we get 3P = (−1, 0). Performing the sum repeatedly we have 4P = (0,−1) and 5P = (2,−3). We notice the equality 5P = −P , so 6P = P + 5P = P − P = O. Therefore the set {O,P, 2P, 3P, 4P, 5P} is a subgroup of the set of rational points on the elliptic curve. 19 Y Y Q Q 20 20 10 + P 10 PP Q 0 * X 0 XP Q -10 -10 -P -20 -20 - - -Q20 10 0 10 20 -20 -10 0 10 20 Figure 2.5: Curve y2 = x3 +17 Figure 2.6: Curve y2 = x3 +17 and point P +Q and points −P,−Q Y 10 P 5 2P 0 X P*P -5 -10-10 -5 0 5 10 Figure 2.7: Curve y2 = x3 +17 and point 2P 20 Y 3 P 2 2P 1 0 X - 3P1 - 4P2 -3 5P -3 -2 -1 0 1 2 3 Figure 2.8: Curve y2 = x3 + 1 and the orbit of the point P = (2, 3); the iterate 6P = O is at infinity. 21 Chapter 3 Associativity In the previous chapter we learned how an inflexion point within an elliptic curve allows us to define a “sum”. We showed that this structure satisfies all group properties but associativity. In this chapter we are concerned with this delicate task. To accomplish it we need the help of a tool from algebraic geometry: divisors. We are going to introduce key results about them that will help us build a proof. Because of technical reasons, from now on we will focus in the case of fields of characteristic 0. 3.1 Divisors A function f with poles in a finite set S ⊂ X is called meromorphic if f is holomorphic on X \ S. We take a meromorphic function f , and denote the order of f at the point P as ordP (f). If ordP (f) > 0 then f has a zero at P ; if ordP (f) < 0, then f has a pole at P . For the sake of completeness we write ordP (0) = +∞. Proposition 3.1. Let f, g be two meromorphic functions. Then the order at a point P satisfies the inequality ordP (f + g) ≥ min{ordP (f), ordP (g)}. Proof. This is clear by writing f and g in coordinates. Another helpful fact is the logarithmic behavior of the order of a function at a point. This will help us provide a group structure in a set of divisors associated to rational functions. 22 Proposition 3.2. Take f and g meromorphic functions. The order of a function at a point P satisfies ordP (fg) = ordP (f) + ordP (g). (3.1) Proof. Again, this must be clear enough. A fundamental element in algebraic geometry is the concept of formal sum. A divisor is a formal sum o∑f points nPP. (3.2) P∈X Here all the coefficients are in Z and only a finite number of them are non- zero. We impose an algebraic structure on this new set of elements. Proposition 3.3. The set of diviso∑rs with sum defined as D1 +D2 = (nP +mP )P, (3.3) ∑ ∑P∈X where D1 = P∈X nPP and D2 = P∈X mPP , forms a group. Proof. Clear; in fact, this group is abelian and free. W∑e define an important homomorphism to be used later. Take a divisor D = P∈X nPP . By the degree of the divisor D we mean the sum of its coefficients, this is, the integer ∑ deg(D) = nP . (3.4) P∈X Now we provide another structural feature that would allow us compare two divisors in a similar fashion as how we compare a pair of natural numbers. However, in our case, the comparison will not be available for every pair of divisors. Let D1 and D2 be two divisors with coefficients nP and mP , respectively. An order ≥ is defined in the set of divisors by setting D1 ≥ D2 (3.5) whenever nP ≥ mP for every P . Fix a point P , and note that the divisor P is always greater than the divisor −P . Anyhow, here we are unable to compare the divisors D1 = P−Q, D2 = −P +Q even in this case in which we have D1 = −D2. 23 Now let f be a meromorphic fun∑ction. By the divisor of f we mean thesum div(f) = ordPf · P. (3.6) P∈X Similarly, we define an induced order: take two functions f and g and write div(f) ≥ div(g) (3.7) if ordPf ≥ ordPg for every P . A rational function is the quotient of two polynomials. We call a divisor principal if it is the divisor of a rational function in the curve. For the following examples consider the elliptic curve y2 = (x− x1)(x− x2)(x− x3), (3.8) with x1, x2, x3 different. Example 3.4. Take the rational function given by x− x1. (3.9) (Actually, for this to be a rational function, we must express it in projective coordinates). We are looking for zeros and poles of this function. For this purpose we pass to projective coordinates and obtain Y 2Z = (X − x1Z)(X − x2Z)(X − x3Z), (3.10) for the elliptic curve, and X − x1Z , (3.11) Z for the rational function. Handling the equation of the elliptic curve we get Y 2 X − x1Z = . (3.12) (X − x2Z)(X − x3Z) Z This sets an equivalence between the analyzed function on the right hand side and another rational function on the left side. The equation also provides an example of the fact that a rational function on an elliptic curve does not have a unique presentation. Thus we can take advantage of this phenomenon and evaluate points where we feel more comfortable. The left hand side can be expressed as Y × Y (3.13) X − x2Z X − x3Z 24 where each factor has a simple pole at (0 : 1 : 0) and a zero at (x1 : 0 : 1). Writing P1 = (x1 : 0 : 1), P2 = (x2 : 0 : 1) and P3 = (x3 : 0 : 1), we conclude that the divisor of the rational function is given by div(x− x1) = 2P1 − 2O. (3.14) Example 3.5. Consider the rational function y , (3.15) x− x1 with projective version equal to Y . (3.16) X − x1Z Again, handling the equation of the elliptic curve we arrive at Y (X − x2Z)(X − x3Z) = . (3.17) (X − x1Z) Y Z If we evaluate the points (x2 : 0 : 1) and (x3 : 0 : 1) on the right hand side we obtain 0/0, yet the left side indicates us that these points are different zeroes of the rational function. In a similar manner we conclude that the poles are precisely (x1 : 0 : 1) and (0 : 1 : 0). Thus we get div(y/(x− x1)) = P2 + P3 − P1 −O. (3.18) Example 3.6. Given the rational function x we want to find its poles. Expressing the elliptic curve as y2 = x3 + ax2 + bx + c we obtain x = (y2 − c)/(x2 + ax+ b). Passing to projective coordinates we have X Y 2 − cZ2 Y 2 − cZ2 = = . (3.19) Z X2 + aXZ + bZ2 (X + dZ)(X + eZ) √ The conclusion is that x has zeroes at (0 : ± c : 1) as well as a pole of order two at (0 : 1 : 0). Notice that in all our examples the degree of the divisor was zero. As we will show briefly, this is not mere coincidence. Proposition 3.7. For f, g meromorphic functions, we have div(fg) = div(f) + div(g). 25 Proof. This is a direct consequence of the formula ordP (fg) = ordP (f) + ordP (g) of Proposition 3.2. Proposition 3.8. The set of principal divisors forms a subgroup of the di- visor group. Proof. This is clear from Proposition 3.2 since fg is a meromorphic function that satisfies ∑ D1 +D2 = ordP (fg)P, (3.20) P∈X ∑ w∑hile the inverse of an element, say D1, is just P∈X(ord f−1P )P = P∈X −(ordPf)P . Next we disclose a relevant property valid for rational functions. Proposition 3.9. The degree of every principal divisor is zero. Proof. Consider the rational function f = g/h. Set G/H a projective version; here G and H are polynomials of the same degree in projective space. By Bezout, as none of the polynomials can have common factors with the elliptic curve, each one must intersect the elliptic curve an equal number of times, say 3m. As the divisor of f is div(f) = div(G) − div(H), we get deg(div(f)) = 3m− 3m = 0. Divisors provide another interpretation of intersection of curves. For ex- ample take two curves C1 and C2 with no common factor represented by polynomials in two variables. Take f for the curve C2. We analize the divi- sors associated to f on the first curve. Passing to the projective plane, by definition we have ∑ div(f) = (nP )P. (3.21) P∈C1 But the zeroes of f are the points at which both curves intersect each other, and by Bezout, we know this∑number. Hence we∑can write alternatively div(f) = I(P ) · P − nQQ, (3.22) P∈C1∩C2 Q∈T∩C2 where I is the index function as in the Bezout theorem and T is the set of poles of f , each element counted with multiplicity nQ. Our next concern is divisor classification. For this we establish a crite- rion to determine equivalence among divisors. Two divisors D1 and D2 are equivalent, and we write D1 ∼ D2, if D1 −D2 is principal. 26 Example 3.10. Take the points P , Q, P +Q and O on a fixed elliptic curve. Define the divisors D1 = P + Q and D2 = (P + Q) + O and set L1 to be the projective line that passes through P and Q, and L2 the one that passes through P +Q and O. By the imposed group structure, L1 and L2 intersect the elliptic curve at a common point R = P ∗ Q. Let L1 and L2 be the equations of the corresponding projectives lines. Then div(L1) = P +Q+R and div(L2) = (P + Q) + R + O. We define the rational function f on the elliptic curve as L1/L2. Thus we obtain div(f) = div(L1)− div(L2), = P +Q− (P +Q)−O, = D1 −D2. We conclude that D1 = P +Q and D2 = (P +Q) +O are equivalent. 3.2 Canonical divisors We present 1-forms on curves. These elements enrich the structure by adding differentiable features to curves. We will focus on extending the concepts defined for divisors to the vector space of 1-forms. We denote K̄(C) the field of rational functions on the elliptic curve C with coefficients in K̄, an algebraic closure of K. We call uniformizer of C at P a generator of the maximal ideal at P of the coordinate ring. Fix an elliptic curve C and consider the K̄(C)-vector space generated by the forms df , where f ∈ K̄(C). The following basic relations are satisfied: 1. d(f + g) = df + dg, for all f, g ∈ K̄(C), 2. d(fg) = fdg + gdf , for all f, g ∈ K̄(C), 3. dα = 0, for all α ∈ K̄. We call this vector space the space of differential forms on C and we denote it by ΩC. We require two results in order to continue (the second one without proof since its justification involves a broader view of algebraic geometry and is outside the scope of these notes. For more details we refer to [7, page 31]). Proposition 3.11. The space ΩC is a K̄(C)-vector space of dimension 1. 27 Proof. In some sense it is clear that the space ΩC lies inside the two dimen- sional space spaned by dx and dy because in affine space we have dz = 0. We make this precise first. Notice, as in the previous sections, that the rational function x only makes sense as X/Z, while y is really a shorthand for Y/Z. For them we have dX dx = − XdZ dY, dy = − Y dZ . Z Z2 Z Z2 Because the curve interects the line at infinity at a single point, it is triv- ial to see that all rational functions on C can be expressed as a quotient F (X/Z, Y/Z)/G(X/Z, Y/Z) for suitable chosen polynomials F and G. A straight-forward(calc)ulation yields then F Fx Fy F d = dx+ dy − (Gxdx+Gydy), G G G G2 which clearly belongs to the K(C)-span of dx and dy as F (X , Y ), G(X , Y ), Z Z Z Z F (X , Yx ) and Gx( X , Y ) are rational functions on C. Thus dx and dy are Z Z Z Z enough to generate ΩC. For F (x, y) = 0, the equation of the curve, we get dF = ∂F dx + ∂F dy. ∂x ∂y However we have dF = 0, and thus also dy = ∂F /∂F dx, which is well defined ∂x ∂y because the curve is nonsingular. Therefore we need dx alone in order to generate ΩC. Proposition 3.12. Fix the curve C together with a point P in it. For a uniformizer t ∈ K̄(C) at P , we have the following. • There exists a unique function g ∈ K̄(C) for each differential form ω ∈ ΩC (which depends on ω and the uniformizer t) that satisfies ω = gdt. (3.23) This function g will be symbolized by ω/dt. • Take ω ∈ ΩC, with ω 6= 0. The quantity ordP (ω/dt) (3.24) depends only on ω and P in the sense that it is independent of the uniformizer t. We call this value the order of ω at P and denote it by ordP (ω). 28 • For f ∈ K̄(C) and P such that x(P ) = 0 we have ordP (fdx) = ordP (f) + ordP (x)− 1. (3.25)  Consider a differential form ω ∈∑ΩC. Define its associated divisor as div(ω) = ordP (ω)(P ). (3.26) P∈C From Proposition 3.11, as ΩC is a one dimensional vector space in K̄(C), any given two forms ω1 and ω2 are related by ω2 = fω1, for a certain f ∈ K̄(C). In such case we have div(ω2) = div(f) + div(ω1). (3.27) We call canonical divisor class the class on ΩC of the divisors of the differ- ential forms modulo principal divisors and its elements canonical divisors. Example 3.13. The differential form dx/y on an elliptic curve has associated the canonical divisor div(dx/y). From Formula 3.27 we conclude that all canonical divisors have the same degree. 3.3 Riemann-Roch We will face one of the main theorems in algebraic geometry, the Riemann- Roch theorem. In order to understand its details we need a profound knowl- edge of the topic, which is out of our scope. The interested reader can take a look at [9] for a deeper insight. Take a divisor D, and define the Riemann-Roch space of D as the set L(D) = {g ∈ K̄(C)∗ | div(g) +D ≥ 0} ∪ {0}, (3.28) where K̄(C)∗ is the set of non-zero elements of the function field of rational functions on C over K̄, an algebraic closure of K. Proposition 3.14. For a divisor D, the set L(D) is a K̄(C)-vector space. 29 ∑ Proof. Let D = nPP . For rational functions f, g ∈ L(D) and λ a non zero constant, by Proposition 3.7, we have div(λf) = div(λ) + div(f). But as we have div(λ) = 0, we get then div(λf) = div(f); hence λf ∈ L(D). By Proposition 3.1 we know that ordP (f + g) ≥ min{ordP (f), ordP (g)} holds, and by hypothesis we have min{ordP (f), ordP (g)}+nP ≥ 0. Putting together these two facts we achieve ordP (f + g) + nP ≥ 0, and this boils down to f + g ∈ L(D). Proposition 3.15. For D1 and D2 divisors subject to D1 ∼ D2, the spaces L(D1) and L(D2) are isomorphic. Proof. By hypothesis we have D1 = div(f) + D2 with f a rational func- tion on the curve. For g ∈ L(D1), this is, with div(g) + D1 ≥ 0, we get div(gf) +D2 ≥ 0, and so we have gf ∈ L(D2). In the same way we show that g ∈ L(D2) implies g/f ∈ L(D1). In this way the isomorphism is clearly established. Notice that the last proposition delivers the following result in particular: canonical divisors have assigned isomorphic Riemann-Roch spaces. Proposition 3.16. If D is a divisor subject to deg(D) < 0, we have L(D) = {0} for its Riemann-Roch space. Proof. Suppose we have deg(D) ≤ 0 and that there exists a non null rational function f ∈ L(D). By definition of the Riemann-Roch space for the divisor D, we have div(f) +D ≥ 0. Then, applying the homomorphism deg, we get deg(div(f)) + deg(D) = deg(D) < 0. This is a contradiction to f ∈ L(D); hence the result. Set l(D) for the dimension of L(D). Notice that if KC is a canonical divisor L(KC) might depend on our choice. However, Proposition 3.15 makes it clear that the number l(KC) is indeed canonical. To keep things in perspective, we state the following theorem without proof (compare Zuñiga [9]). Theorem 3.17. (Riemann-Roch theorem) Let C be a smooth curve and KC a canonical divisor on C. Then there is an integer g ≥ 0, which we call the genus of C, that satisfies the relation l(D)− l(KC −D) = deg(D)− g + 1 for all divisors D.  30 Corollary 3.18. For a fixed curve C we have 1. l(KC) = g, 2. degKC = 2g − 2, 3. if deg(D) > 2g − 2, then l(D) = deg(D)− g + 1. Proof. 1. The result follows by taking D = 0, as L(0) is the space of con- stants. 2. Taking D = KC in the Riemann-Roch theorem, we have l(KC) − 1 = deg(KC)− g + 1. By the previous item we get then degKC = 2g − 2. 3. If deg(D) > 2g − 2, then deg(−D) + 2g − 2 < 0. By previous item we get deg(KC − D) < 0. By Proposition 3.16 we obtain then l(KC − D) = 0. Using the Riemann-Roch we achieve the desired result. For the following statement we rely in most properties of the theory of divisors developed so far. Proposition 3.19. The genus of the elliptic curve C : y2 = (x− x1)(x− x2)(x− x3) (3.29) is 1. Proof. Key here is to show that the canonical divisor div(dx/y) is equal to 0 and then apply the Riemann-Roch theorem to it. By definition we have div(dx/y) = div(dx)−div(y). In this way we focus on calculating simpler divisors. Taking the divisor operator on both sides of the equation of the elliptic curve we get div(y2) = div(x− x1) + div(x− x2) + div(x− x3). (3.30) As we have div(y2) = 2div(y), by Example 3.4 this reduces to 2div(y) = 2P1 + 2P2 + 2P3 − 6O; (3.31) hence we get div(y) = P1 + P2 + P3 − 3O. (3.32) Now, for dx notice the equality dx = d(x−x1). So from Proposition 3.12, third part, and Example 3.4 we get ordP1d(x− x1) = ordP1(1) + ordP1(x− x1)− 1 = 0 + 2− 1 = 1. 31 Similarly for ordP2d(x − x2) and ordP3d(x − x3). Also, since we have dx = −x2d(1/x), from Example 3.6 we obtain ordO(−x2d(1/x)) = ordO(−x2) + ordO(1/x)− 1, = 2ordO(x) + ordO(1/x)− 1, = 2ordO(x)− ordO(x)− 1, = ordO(x)− 1, = −2− 1 = −3. Thus we get div(dx) = P1 + P2 + P3 − 3O, (3.33) which conduces to div(dx/y) = 0, as claimed. Then the class of the canonical divisors is trivial and we can take KC = 0 as a representative. Finally by Corolary 3.18, part one, we obtain g = 1. As elliptic curves have genus 1, the following corollary follows from the Riemann-Roch theorem. Corollary 3.20. In an elliptic curve the condition deg(D) > 0 implies l(D) = deg(D). (3.34) Proof. We obtain the result directly by item 3 of Corollary 3.18 because of g = l(KC) = l(0) = 1. 3.4 The Picard group Quotients are important in algebra and from this perspective we define a tool that measures the extend of the failure of the set of principal divisors to be the whole set of divisors. The Picard group of the curve C, denoted Pic(C), is the quotient of the group of divisors on C modulo the subgroup of principal divisors. We denote Div0(C) the set of divisors with degree zero and Pic0(C) the quotient between Div0(C) and the group of principal divisors. Proposition 3.21. Let P and Q be two points on the elliptic curve C. Then P ∼ Q if and only if P = Q. Proof. If we suppose P ∼ Q, then we have div(f) = P − Q for a certain f ∈ K̄(C). We can write div(f) + Q = P > O, so by definition we get f ∈ L(Q). By Corollary 3.20 we have l(Q) = degQ = 1. As the vector space 32 of constant functions is included in L(Q) and is one dimensional, both are equal. Therefore f is constant and we get div(f) = 0, so P = Q. The reciprocal is trivial. Proposition 3.22. Let D be a degree 0 divisor. There exists a point P on the elliptic curve which satisfies D ∼ P −O. (3.35) Furthermore, this point is unique. Proof. By hypothesis we have deg(D+O) = deg(D) + deg(O) = 1. Then by Corollary 3.20 we get l(D + O) = 1. In this way L(D + O) is generated by one element. Take f non trivial in this vector space. Then, by definition we get div(f) ≥ −D−O, which implies div(f) = −D−O + P for certain P as we have deg(div(f)) = 0. By definition we obtain D ∼ P −O. For uniqueness, let P̃ be a point with P̃ ∼ D + O so that P̃ ∼ P . Then Proposition 3.21 implies P̃ = P . Now we define a map σ : Div0(C) → C which sends D to P according to the last proposition. Here Div0(C) is the set of zero degree divisors on C. Take an arbitrary point P ∈ C. Trivially we have P − O ∼ P − O, and therefore σ(P −O) = P . Hence σ is surjective. Proposition 3.23. Take D1, D ∈ Div02 (C). We have σ(D1) = σ(D2) if and only if D1 ∼ D2. Proof. Let P = σ(D1) and Q = σ(D2) with D1, D 0 2 ∈ Div (C). We have then D1 ∼ P −O and D2 ∼ Q−O, so by definition we have div(f1) = P −O−D1 and div(f2) = Q − O − D2 for some rational functions f1, f2 on C. These expressions together mean div(f1/f2) = div(f1)−div(f2) = P−Q−(D1−D2); hence we get P − Q ∼ D1 − D2. The rest is easy. If σ(D1) = σ(D2), we have P = Q and therefore D1−D2 ∼ 0. And reciprocally, if D1 ∼ D2 we get P −Q ∼ O, and Proposition 3.21 yields P = Q. The previous proposition says in simple terms that σ induces a bijection σ̃ : Pic0(C)→ C with an inverse k : C → Pic0(C) that maps P to the divisor class of P −O. Theorem 3.24. There exists a homomorphism between the elliptic curve C and Pic0(C). 33 Proof. Fix P,Q ∈ C and call L1 the line through them. This line intersects C at a third point R. Let L2 be the line through R and O. By Equation (1.13) Z = 0 intersects C with multiplicity three. Then div(L1/Z) = P+Q+R−3O and div(L2/Z) = R+ (P +Q) +O−3O = R+ (P +Q)−2O hold. Therefore we get div(L1/L2) =div(L1/Z)− div(L2/Z) =P +Q+R− 3O −R− (P +Q) + 2O =P +Q− (P +R)−O. As L1/L2 is a rational function we have div(L1/L2) ∼ 0. Thus we obtain P −O+Q−O− (P +R) +O = 0. Finally from the definition of k, this last relation is equivalent to k(P ) + k(Q) = k(P +Q). As a consequence of this theorem the associativity of the operation on the elliptic curve holds. To see this take points P , Q and R on the elliptic curve and do as follows: k((P +Q) +R) = k(P +Q) + k(R), = k(P ) + k(Q) + k(R), = k(P ) + k(Q+R) = k(P + (Q+R)). Taking inverses we obtain (P +Q) +R = P + (Q+R), as we aimed to prove. 34 Bibliography [1] Cassels, J.W.S., Lectures on elliptic curves ; Cambrige University Press, 1991. [2] Duif, Niels, Transforming a general cubic elliptic curve equation to Weierstrass form ; https://trac.sagemath.org/raw-attachment/ ticket/3416/cubic to weierstrass documentation.pdf (electronic re- source). [3] Fulton, William, Algebraic curves: an introduction to algebraic geometry ; Addison-Wesley Publishing Company, 1989. [4] Lozano-Robledo, Álvaro, Elliptic curves, modular forms and their L- functions ; American Mathematical Society, Institute for Advance Study, 2011. [5] Miranda, Rick, Algebraic curves and Riemann surfaces ; American Math- ematical Society, 1995. [6] Shafarevich, Igor R., Basic algebraic geometry 1 ; Springer Verlag, 2013. [7] Silverman, Joseph H., The arithmetic of elliptic curves ; Springer Verlag, 2009. [8] Silverman, Joseph H. and Tate, John T., Rational points on elliptic curves ; Springer Verlag, 2015. [9] Zuñiga, Javier, El teorema de Riemann-Roch ; Tesis de licenciatura en Matemáticas, Pontificia Universidad Católica del Perú, 2001. 35