In
mathematicsMathematics is the study of quantity, space, structure, and change. Mathematicians seek out patterns and formulate new conjectures. Mathematicians resolve the truth or falsity of conjectures by mathematical proofs, which are arguments sufficient to convince other mathematicians of their validity...
, an elliptic curve is a
smoothA differentiable manifold is a type of manifold that is locally similar enough to a linear space to allow one to do calculus. Any manifold can be described by a collection of charts, also known as an atlas. One may then apply ideas from calculus while working within the individual charts, since...
, projective
algebraic curveIn algebraic geometry, an algebraic curve is an algebraic variety of dimension one. The theory of these curves in general was quite fully developed in the nineteenth century, after many particular examples had been considered, starting with circles and other conic sections.- Plane algebraic curves...
of genus one, on which there is a specified point O. An elliptic curve is in fact an
abelian varietyIn mathematics, particularly in algebraic geometry, complex analysis and number theory, an abelian variety is a projective algebraic variety that is also an algebraic group, i.e., has a group law that can be defined by regular functions...
— that is, it has a multiplication defined algebraically with respect to which it is a (necessarily commutative)
groupIn mathematics, a group is an algebraic structure consisting of a set together with an operation that combines any two of its elements to form a third element. To qualify as a group, the set and the operation must satisfy a few conditions called group axioms, namely closure, associativity, identity...
— and O serves as the identity element. Often the curve itself, without O specified, is called an elliptic curve.
Any elliptic curve can be written as a plane algebraic curve defined by an equation of the form:
which is non-singular; that is, its graph has no
cuspsIn the mathematical theory of singularities a cusp is a type of singular point of a curve. Cusps are local singularities in that they are not formed by self intersection points of the curve....
or self-intersections. (When the
characteristicIn mathematics, the characteristic of a ring R, often denoted char, is defined to be the smallest number of times one must use the ring's multiplicative identity element in a sum to get the additive identity element ; the ring is said to have characteristic zero if this repeated sum never reaches...
of the coefficient field is equal to 2 or 3, the above equation is not quite general enough to comprise all non-singular
cubic curvesIn mathematics, a cubic plane curve is a plane algebraic curve C defined by a cubic equationapplied to homogeneous coordinates x:y:z for the projective plane; or the inhomogeneous version for the affine space determined by setting z = 1 in such an equation...
; see below for a more precise definition.) The point O is actually the "
point at infinity" in the
projective planeIn mathematics, a projective plane is a geometric structure that extends the concept of a plane. In the ordinary Euclidean plane, two lines typically intersect in a single point, but there are some pairs of lines that do not intersect...
.
If y
2 = P(x), where P is any polynomial of degree three in x with no repeated roots, then we obtain a nonsingular plane curve of
genusIn mathematics, genus has a few different, but closely related, meanings:-Orientable surface:The genus of a connected, orientable surface is an integer representing the maximum number of cuttings along non-intersecting closed simple curves without rendering the resultant manifold disconnected. It...
one, which is thus also an elliptic curve. If P has degree four and is squarefree this equation again describes a plane curve of genus one; however, it has no natural choice of identity element. More generally, any algebraic curve of genus one, for example from the intersection of two
quadric surfacesIn mathematics, a quadric, or quadric surface, is any D-dimensional hypersurface in -dimensional space defined as the locus of zeros of a quadratic polynomial...
embedded in three-dimensional projective space, is called an elliptic curve, provided that it has at least one rational point.
Using the theory of
elliptic functionIn complex analysis, an elliptic function is a function defined on the complex plane that is periodic in two directions and at the same time is meromorphic...
s, it can be shown that elliptic curves defined over the
complex numberA complex number is a number consisting of a real part and an imaginary part. Complex numbers extend the idea of the one-dimensional number line to the two-dimensional complex plane by using the number line for the real part and adding a vertical axis to plot the imaginary part...
s correspond to embeddings of the
torusIn geometry, a torus is a surface of revolution generated by revolving a circle in three dimensional space about an axis coplanar with the circle...
into the
complex projective plane. The torus is also an abelian group, and in fact this correspondence is also a
group isomorphismIn abstract algebra, a group isomorphism is a function between two groups that sets up a one-to-one correspondence between the elements of the groups in a way that respects the given group operations. If there exists an isomorphism between two groups, then the groups are called isomorphic...
.
Elliptic curves are especially important in
number theoryNumber theory is a branch of pure mathematics devoted primarily to the study of the integers. Number theorists study prime numbers as well...
, and constitute a major area of current research; for example, they were used in the proof, by
Andrew WilesSir Andrew John Wiles KBE FRS is a British mathematician and a Royal Society Research Professor at Oxford University, specializing in number theory...
(assisted by
Richard Taylor-External links:**...
), of
Fermat's Last TheoremIn number theory, Fermat's Last Theorem states that no three positive integers a, b, and c can satisfy the equation an + bn = cn for any integer value of n greater than two....
. They also find applications in
cryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
(see the article
elliptic curve cryptographyElliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...
) and
integer factorizationIn number theory, integer factorization or prime factorization is the decomposition of a composite number into smaller non-trivial divisors, which when multiplied together equal the original integer....
.
An elliptic curve is not an
ellipseIn geometry, an ellipse is a plane curve that results from the intersection of a cone by a plane in a way that produces a closed curve. Circles are special cases of ellipses, obtained when the cutting plane is orthogonal to the cone's axis...
: see
elliptic integralIn integral calculus, elliptic integrals originally arose in connection with the problem of giving the arc length of an ellipse. They were first studied by Giulio Fagnano and Leonhard Euler...
for the origin of the term. Topologically, an elliptic curve is a two-torus.
Elliptic curves over the real numbers
Although the formal definition of an elliptic curve is fairly technical and requires some background in
algebraic geometryAlgebraic geometry is a branch of mathematics which combines techniques of abstract algebra, especially commutative algebra, with the language and the problems of geometry. It occupies a central place in modern mathematics and has multiple conceptual connections with such diverse fields as complex...
, it is possible to describe some features of elliptic curves over the real numbers using only high school
algebraAlgebra is the branch of mathematics concerning the study of the rules of operations and relations, and the constructions and concepts arising from them, including terms, polynomials, equations and algebraic structures...
and
geometryGeometry arose as the field of knowledge dealing with spatial relationships. Geometry was one of the two fields of pre-modern mathematics, the other being the study of numbers ....
.
In this context, an elliptic curve is a
plane curveIn mathematics, a plane curve is a curve in a Euclidean plane . The most frequently studied cases are smooth plane curves , and algebraic plane curves....
defined by an equation of the form
where a and b are real numbers. This type of equation is called a Weierstrass equation.
The definition of elliptic curve also requires that the curve be non-singular. Geometrically, this means that the graph has no
cuspsIn the mathematical theory of singularities a cusp is a type of singular point of a curve. Cusps are local singularities in that they are not formed by self intersection points of the curve....
, self-intersections, or isolated points. Algebraically, this involves calculating the
discriminantIn algebra, the discriminant of a polynomial is an expression which gives information about the nature of the polynomial's roots. For example, the discriminant of the quadratic polynomialax^2+bx+c\,is\Delta = \,b^2-4ac....
-
The curve is non-singular if and only if the discriminant is not equal to zero. (Although the factor −16 seems irrelevant here, it turns out to be convenient in a more advanced study of elliptic curves.)
The (real) graph of a non-singular curve has two components if its discriminant is positive, and one component if it is negative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in the second case is −368.
The group law
By adding a "point at infinity", we obtain the projective version of this curve. If P and Q are two points on the curve, then we can uniquely describe a third point which is the intersection of the curve with the line through P and Q. If the line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the y-axis, we define the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on an elliptic curve.
It is then possible to introduce a
group operationIn mathematics, a group is an algebraic structure consisting of a set together with an operation that combines any two of its elements to form a third element. To qualify as a group, the set and the operation must satisfy a few conditions called group axioms, namely closure, associativity, identity...
, +, on the curve with the following properties: we consider the point at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points P, Q and R, then we require that P + Q + R = 0 in the group. One can check that this turns the curve into an
abelian groupIn abstract algebra, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on their order . Abelian groups generalize the arithmetic of addition of integers...
, and thus into an
abelian varietyIn mathematics, particularly in algebraic geometry, complex analysis and number theory, an abelian variety is a projective algebraic variety that is also an algebraic group, i.e., has a group law that can be defined by regular functions...
. It can be shown that the set of K-
rational pointIn number theory, a K-rational point is a point on an algebraic variety where each coordinate of the point belongs to the field K. This means that, if the variety is given by a set of equationsthen the K-rational points are solutions ∈Kn of the equations...
s (including the point at infinity) forms a
subgroupIn group theory, given a group G under a binary operation *, a subset H of G is called a subgroup of G if H also forms a group under the operation *. More precisely, H is a subgroup of G if the restriction of * to H x H is a group operation on H...
of this group. If the curve is denoted by E, then this subgroup is often written as E(K).
The above group can be described algebraically as well as geometrically. Given the curve y
2 = x
3 − px − q over the field K (whose characteristic we assume to be neither 2 nor 3), and points P = (x
P, y
P) and Q = (x
Q, y
Q) on the curve, assume first that x
P ≠ x
Q. Let s be the slope of the line containing P and Q; i.e., s = . Since K is a field, s is well-defined. Then we can define R = P + Q = (x
R, −y
R) by
If x
P = x
Q, then there are two options: if y
P = −y
Q, including the case where y
P = y
Q = 0, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the x-axis. If y
P = y
Q ≠ 0, then R = P + P = 2P = (x
R, −y
R) is given by
Elliptic curves over the complex numbers
The formulation of elliptic curves as the embedding of a
torusIn geometry, a torus is a surface of revolution generated by revolving a circle in three dimensional space about an axis coplanar with the circle...
in the
complex projective plane follows naturally from a curious property of
Weierstrass's elliptic functionsIn mathematics, Weierstrass's elliptic functions are elliptic functions that take a particularly simple form; they are named for Karl Weierstrass...
. These functions and their first derivative are related by the formula
Here,
and
are constants;
is the Weierstrass elliptic function and
its derivative. It should be clear that this relation is in the form of an elliptic curve (over the
complex numberA complex number is a number consisting of a real part and an imaginary part. Complex numbers extend the idea of the one-dimensional number line to the two-dimensional complex plane by using the number line for the real part and adding a vertical axis to plot the imaginary part...
s). The Weierstrass functions are doubly periodic; that is, they are periodic with respect to a
latticeIn mathematics, a fundamental pair of periods is an ordered pair of complex numbers that define a lattice in the complex plane. This type of lattice is the underlying object with which elliptic functions and modular forms are defined....
Λ; in essence, the Weierstrass functions are naturally defined on a torus
. This torus may be embedded in the complex projective plane by means of the map
This map is a
group isomorphismIn abstract algebra, a group isomorphism is a function between two groups that sets up a one-to-one correspondence between the elements of the groups in a way that respects the given group operations. If there exists an isomorphism between two groups, then the groups are called isomorphic...
, carrying the natural group structure of the torus into the projective plane. It is also an isomorphism of
Riemann surfaceIn mathematics, particularly in complex analysis, a Riemann surface, first studied by and named after Bernhard Riemann, is a one-dimensional complex manifold. Riemann surfaces can be thought of as "deformed versions" of the complex plane: locally near every point they look like patches of the...
s, and so topologically, a given elliptic curve looks like a torus. If the lattice Λ is related to a lattice cΛ by multiplication by a non-zero complex number c, then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the
j-invariantIn mathematics, Klein's j-invariant, regarded as a function of a complex variable τ, is a modular function defined on the upper half-plane of complex numbers.We haveThe modular discriminant \Delta is defined as \Delta=g_2^3-27g_3^2...
.
The isomorphism classes can be understood in a simpler way as well. The constants
and
, called the
modular invariantIn mathematics, Klein's j-invariant, regarded as a function of a complex variable τ, is a modular function defined on the upper half-plane of complex numbers.We haveThe modular discriminant \Delta is defined as \Delta=g_2^3-27g_3^2...
s, are uniquely determined by the lattice, that is, by the structure of the torus. However, the complex numbers form the
splitting fieldIn abstract algebra, a splitting field of a polynomial with coefficients in a field is a smallest field extension of that field over which the polynomial factors into linear factors.-Definition:...
for polynomials with real coefficients, and so the elliptic curve may be written as
One finds that
and
so that the modular discriminant is
Here, λ is sometimes called the
modular lambda functionIn mathematics, the elliptic modular lambda function \lambda is a highly symmetric holomorphic function on the complex upper half-plane. It is invariant under the fractional linear action of the congruence group \Gamma, and generates the function field of the corresponding quotient, i.e., it is...
.
Note that the
uniformization theoremIn mathematics, the uniformization theorem says that any simply connected Riemann surface is conformally equivalent to one of the three domains: the open unit disk, the complex plane, or the Riemann sphere. In particular it admits a Riemannian metric of constant curvature...
implies that every
compactIn mathematics, specifically general topology and metric topology, a compact space is an abstract mathematical space whose topology has the compactness property, which has many important implications not valid in general spaces...
Riemann surface of genus one can be represented as a torus.
Elliptic curves over the rational numbers
A curve E defined over the field of rational numbers is also defined over the field of real numbers, therefore the law of addition (of points with real coordinates) by the tangent and secant method can be applied to E. The explicit formulae show that the sum of two points P and Q with rational coordinates has again rational coordinates, since the line joining P and Q has rational coefficients. This way, one shows that the set of rational points of E forms a subgroup of the group of real points of E. As this group, it is an
abelian groupIn abstract algebra, an abelian group, also called a commutative group, is a group in which the result of applying the group operation to two group elements does not depend on their order . Abelian groups generalize the arithmetic of addition of integers...
, that is, P + Q = Q + P.
The structure of rational points
The most important result is that all points can be constructed by the method of tangents and secants starting with a finite number of points. More precisely the Mordell-Weil theorem states that the group E(Q) is a finitely generated (abelian) group. By the fundamental theorem of finitely generated abelian groups it is therefore a finite direct sum of copies of Z and finite cyclic groups.
The proof of that theorem rests on two ingredients: first, one shows that for any integer m > 1, the quotient group E(Q)/mE(Q) is finite (weak Mordell–Weil theorem). Second, introducing a height function h on the rational points E(Q) defined by h(P
0) = 0 and h(P) = log max (|p|, |q|) if P (unequal to the point at infinity P
0) has as abscissa the rational number x = (with
coprimeIn number theory, a branch of mathematics, two integers a and b are said to be coprime or relatively prime if the only positive integer that evenly divides both of them is 1. This is the same thing as their greatest common divisor being 1...
p and q). This height function h has the property that h(mP) grows roughly like the square of m. Moreover, only finitely many rational points with height smaller than any constant exist on E.
The proof of the theorem is thus a variant of the method of
infinite descentIn mathematics, a proof by infinite descent is a particular kind of proof by contradiction which relies on the fact that the natural numbers are well ordered. One typical application is to show that a given equation has no solutions. Assuming a solution exists, one shows that another exists, that...
and relies on the repeated application of
Euclidean divisionIn mathematics, the Euclidean algorithm is an efficient method for computing the greatest common divisor of two integers, also known as the greatest common factor or highest common factor...
s on E: let P ∈ E(Q) be a rational point on the curve, writing P as the sum 2P
1 + Q
1 where Q
1 is a fixed representant of P in E(Q)/2E(Q), the height of P
1 is about of the one of P (more generally, replacing 2 by any m > 1, and by ). Redoing the same with P
1, that is to say P
1 = 2P
2 + Q
2, then P
2 = 2P
3 + Q
3, etc. finally expresses P as an integral linear combination of points Q
i and of points whose height is bounded by a fixed constant chosen in advance: by the weak Mordell–Weil theorem and the second property of the height function P is thus expressed as an integral linear combination of a finite number of fixed points.
So far, the theorem is not effective since there is no known general procedure for determining the representants of E(Q)/mE(Q).
The
rankIn mathematics, the rank, Prüfer rank, or torsion-free rank of an abelian group A is the cardinality of a maximal linearly independent subset. The rank of A determines the size of the largest free abelian group contained in A. If A is torsion-free then it embeds into a vector space over the...
of E(Q), that is the number of copies of Z in E(Q) or, equivalently, the number of independent points of infinite order, is called the rank of E. The
Birch and Swinnerton-Dyer conjectureIn mathematics, the Birch and Swinnerton-Dyer conjecture is an open problem in the field of number theory. Its status as one of the most challenging mathematical questions has become widely recognized; the conjecture was chosen as one of the seven Millennium Prize Problems listed by the Clay...
is concerned with determining the rank. One conjectures that it can be arbitrarily large, even if only examples with relatively small rank are known. The elliptic curve with biggest exactly known rank is
- y2 + xy = x3 − x + .
It has rank 18, found by
Noam ElkiesNoam David Elkies is an American mathematician and chess master.At age 14, Elkies received a gold medal with a perfect score at the International Mathematical Olympiad, the youngest ever to do so...
in 2006. Curves of rank at least 28 are known, but their rank is not exactly known.
As for the groups constituting the
torsion subgroupIn the theory of abelian groups, the torsion subgroup AT of an abelian group A is the subgroup of A consisting of all elements that have finite order...
of E(Q), the following is known the torsion subgroup of E(Q) is one of the 15 following groups (a theorem due to
Barry Mazur-Life:Born in New York City, Mazur attended the Bronx High School of Science and MIT, although he did not graduate from the latter on account of failing a then-present ROTC requirement. Regardless, he was accepted for graduate school and received his Ph.D. from Princeton University in 1959,...
): Z/N Z for N = 1, 2, …, 10, or 12, or Z/2 × Z/2N Z with N = 1, 2, 3, 4. Examples for every case are known. Moreover, elliptic curves whose Mordell-Weil groups over Q have the same torsion groups belong to a parametrized family.
The Birch and Swinnerton-Dyer conjecture
The Birch and Swinnerton-Dyer conjecture (BSD) is one of the Millennium problems of the
Clay Mathematics InstituteThe Clay Mathematics Institute is a private, non-profit foundation, based in Cambridge, Massachusetts. The Institute is dedicated to increasing and disseminating mathematical knowledge. It gives out various awards and sponsorships to promising mathematicians. The institute was founded in 1998...
. The conjecture relies on analytic and arithmetic objects defined by the elliptic curve in question.
At the analytic side, an important ingredient is a function of a complex variable, L, the Hasse–Weil zeta function of
over
. This function is a variant of the
Riemann zeta function and
Dirichlet L-functions. It is defined as an
Euler productIn number theory, an Euler product is an expansion of a Dirichlet series into an infinite product indexed by prime numbers. The name arose from the case of the Riemann zeta-function, where such a product representation was proved by Leonhard Euler.-Definition:...
, with one factor for every
prime numberA prime number is a natural number greater than 1 that has no positive divisors other than 1 and itself. A natural number greater than 1 that is not a prime number is called a composite number. For example 5 is prime, as only 1 and 5 divide it, whereas 6 is composite, since it has the divisors 2...
p.
For a curve E over Q given by a minimal equation
-
with integral coefficients
, reducing the coefficients
moduloIn mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" after they reach a certain value—the modulus....
p defines an elliptic curve over the
finite fieldIn abstract algebra, a finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory, algebraic geometry, Galois theory, cryptography, and coding theory...
(except for a finite number of primes p, where the reduced curve has a
singularityIn mathematics, a singularity is in general a point at which a given mathematical object is not defined, or a point of an exceptional set where it fails to be well-behaved in some particular way, such as differentiability...
and thus fails to be elliptic, in which case E is said to be of bad reduction at p).
The zeta function of an elliptic curve over a finite field
is, in some sense, a
generating functionIn mathematics, a generating function is a formal power series in one indeterminate, whose coefficients encode information about a sequence of numbers an that is indexed by the natural numbers. Generating functions were first introduced by Abraham de Moivre in 1730, in order to solve the general...
assembling the information of the number of points of E with values in the finite
field extensionIn abstract algebra, field extensions are the main object of study in field theory. The general idea is to start with a base field and construct in some manner a larger field which contains the base field and satisfies additional properties...
s of
,
. It is given,
The interior sum of the exponential resembles the development of the
logarithmThe logarithm of a number is the exponent by which another fixed value, the base, has to be raised to produce that number. For example, the logarithm of 1000 to base 10 is 3, because 1000 is 10 to the power 3: More generally, if x = by, then y is the logarithm of x to base b, and is written...
and, in fact, the so-defined zeta function is a
rational functionIn mathematics, a rational function is any function which can be written as the ratio of two polynomial functions. Neither the coefficients of the polynomials nor the values taken by the function are necessarily rational.-Definitions:...
:
The Hasse–Weil zeta function of E over
is then defined by collecting this information together, for all primes p. It is defined by
where
if E has good reduction at p and 0 otherwise (in which case
is defined differently than above).
This product
convergesIn mathematics, a series of numbers is said to converge absolutely if the sum of the absolute value of the summand or integrand is finite...
for
only. Hasse's conjecture affirms that the L-function admits an
analytic continuationIn complex analysis, a branch of mathematics, analytic continuation is a technique to extend the domain of a given analytic function. Analytic continuation often succeeds in defining further values of a function, for example in a new region where an infinite series representation in terms of which...
to the whole complex plane and satisfies a
functional equationIn mathematics, a functional equation is any equation that specifies a function in implicit form.Often, the equation relates the value of a function at some point with its values at other points. For instance, properties of functions can be determined by considering the types of functional...
relating, for any s, L(E, s) to L(E, 2−s). In 1999 this was shown to be a consequence of the proof of the Shimura–Taniyama–Weil conjecture, which asserts that every elliptic curve over E is a
modular curveIn number theory and algebraic geometry, a modular curve Y is a Riemann surface, or the corresponding algebraic curve, constructed as a quotient of the complex upper half-plane H by the action of a congruence subgroup Γ of the modular group of integral 2×2 matrices SL...
, which implies that its L-function is the L-function of a
modular formIn mathematics, a modular form is a analytic function on the upper half-plane satisfying a certain kind of functional equation and growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections...
whose analytic continuation is known.
One can therefore speak about the values of L(E, s) at any complex number s. The Birch-Swinnerton-Dyer conjecture relates the arithmetic of the curve to the behavior of its L-function at s = 1. More precisely, it affirms that the order of the L-function at s = 1 equals the rank of E and predicts the leading term of the Laurent series of L(E, s) at that point in terms of several quantities attached to the elliptic curve.
Much like the
Riemann hypothesisIn mathematics, the Riemann hypothesis, proposed by , is a conjecture about the location of the zeros of the Riemann zeta function which states that all non-trivial zeros have real part 1/2...
, this conjecture has multiple consequences, including the following two:
- Let n be an odd square-free
In mathematics, an element r of a unique factorization domain R is called square-free if it is not divisible by a non-trivial square. That is, every s such that s^2\mid r is a unit of R....
integer. Assuming the Birch and Swinnerton-Dyer conjecture, n is the surface of a rectangular triangle if and only if the number of triplets of integers 
satisfying 
is twice the number of triples satisfying 
. This statement, due to TunnellTunnell is a surname, and may refer to:* Byron M. Tunnell - Railroad Commission of Texas member and politician* Ebe W. Tunnell - American merchant and politician* Emlen Tunnell - African-American football player* George Tunnell - American vocalist...
, is related to the fact that n is the surface area of a right triangle with rational sidesA Pythagorean triple consists of three positive integers a, b, and c, such that . Such a triple is commonly written , and a well-known example is . If is a Pythagorean triple, then so is for any positive integer k. A primitive Pythagorean triple is one in which a, b and c are pairwise coprime...
if and only if the elliptic curve 
has a rational point of infinite order (thus, under the Birch and Swinnerton-Dyer conjecture, its L-function has a zero at 1). The interest in this statement is that the condition is easily verified.
- In a different direction, certain analytic methods allow for an estimation of the order of zero in the center of the critical strip of families of L-functions. Admitting the BSD conjecture, these estimations correspond to information about the rank of families of elliptic curves in question. For example,: suppose the generalized Riemann hypothesis
The Riemann hypothesis is one of the most important conjectures in mathematics. It is a statement about the zeros of the Riemann zeta function. Various geometrical and arithmetical objects can be described by so-called global L-functions, which are formally similar to the Riemann zeta-function...
and the BSD conjecture, the average rank of curves given by 
is smaller than 2.
The Modularity theorem and its application to Fermat's Last Theorem
The modularity theorem, once known as the Taniyama–Shimura–Weil conjecture, states that every elliptic curve E over Q is a
modular curveIn number theory and algebraic geometry, a modular curve Y is a Riemann surface, or the corresponding algebraic curve, constructed as a quotient of the complex upper half-plane H by the action of a congruence subgroup Γ of the modular group of integral 2×2 matrices SL...
, that is to say, its Hasse–Weil zeta function is the L-function of a
modular formIn mathematics, a modular form is a analytic function on the upper half-plane satisfying a certain kind of functional equation and growth condition. The theory of modular forms therefore belongs to complex analysis but the main importance of the theory has traditionally been in its connections...
of weight 2 and level N, where N is the
conductorIn mathematics, in Diophantine geometry, the conductor of an abelian variety defined over a local or global field F is a measure of how "bad" the bad reduction at some prime is...
of E (an integer divisible by the same prime numbers as the discriminant of E, Δ(E).) In other words, if, for
, one writes the L-function in the form
the expression
, where
defines a parabolic modular newform of weight 2 and level N. For prime numbers ℓ not dividing N, the coefficient
of the form equals ℓ – the number of solutions of the minimal equation of the curve modulo ℓ.
For example, to the elliptic curve
with discriminant (and conductor) 37, is associated the form
, where
. For prime numbers ℓ distinct of 37, one can verify the property about the coefficients. Thus, for ℓ = 3, the solutions of the equation modulo 3 are (0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2), as and
.
The conjecture, going back to the fifties, has been completely shown in 1999 using ideas of
Andrew WilesSir Andrew John Wiles KBE FRS is a British mathematician and a Royal Society Research Professor at Oxford University, specializing in number theory...
, who already proved it in 1994 for a large family of elliptic curves.
There are several formulations of the conjecture. Showing that they are equivalent is difficult and was a main topic of number theory in the second half of the 20th century. The modularity of an elliptic curve E of conductor N can be expressed also by saying that there is a non-constant rational map defined over Q, from the modular curve
to E. In particular, the points of E can be parametrized by modular functions.
For example, a modular parametrization of the curve
is given by
where, as above,
. The functions
and
are modular of weight 0 and level 37; in other words they are meromorphic, defined on the
upper half-plane 
and satisfy
and likewise for
for all integers
with
and
.
Another formulation stakes on the comparison of Galois representations attached on the one hand to elliptic curves, and on the other hand to modular forms. The latter formulation has been used in the proof the conjecture. Dealing with the level of the forms (and the connection to the conductor of the curve) is particularly delicate.
The most spectacular application of the conjecture is the proof of
Fermat's Last TheoremIn number theory, Fermat's Last Theorem states that no three positive integers a, b, and c can satisfy the equation an + bn = cn for any integer value of n greater than two....
(FLT). Suppose that for a prime p > 5, the Fermat equation
has a solution with non-zero integers, hence a counter-example to FLT. Then the elliptic curve
of discriminant
can not be modular. Thus, the proof of the Taniyama–Shimura–Weil conjecture for this family of elliptic curves (called Hellegouarch–Frey curves) implies the FLT. The proof of the link between these two statements, based on an idea of
Gerhard FreyGerhard Frey is a German mathematician, known for his work in number theory. His Frey curve, a construction of an elliptic curve from a purported solution to the Fermat equation, was central to Wiles' proof of Fermat's Last Theorem....
(1985), is difficult and technical. It was established by Kenneth Ribet in 1987.
Integral points
This section is concerned with points
of E such that x is an integer. The following theorem is due to C. L. Siegel: the set of points
of E(Q) such that x is integral is finite. This theorem can be generalized to points whose x coordinate has a denominator divisible only by a fixed finite set of prime numbers.
The theorem can be formulated effectively. For example, if the Weierstrass equation of E has integer coefficients bounded by a constant H, the coordinates
of a point of E with both x and y integer satisfy:
For example: the equation
has eight integral solutions with y > 0 : = (−1,4), (−2,3), (2,5), (4,9), (8,23), (43,282), (52,375), .
Generalization to number fields
Many of the preceding results remain valid when the field of definition of E is a number field, that is to say, a finite
field extensionIn abstract algebra, field extensions are the main object of study in field theory. The general idea is to start with a base field and construct in some manner a larger field which contains the base field and satisfies additional properties...
of Q. In particular, the group
of K-rational points of an elliptic curve E defined over K is finite, which generalizes the Mordell–Weil theorem above. A theorem due to
Loïc MerelLoïc Merel is a French mathematician. His research interests include modular forms and number theory.Born in Carhaix-Plouguer, Brittany, Merel became a student at the École Normale Supérieure. He finished his doctorate at Pierre and Marie Curie University under supervision of Joseph Oesterlé in 1993...
shows that for a given integer d, there are (
up toIn mathematics, the phrase "up to x" means "disregarding a possible difference in x".For instance, when calculating an indefinite integral, one could say that the solution is f "up to addition by a constant," meaning it differs from f, if at all, only by some constant.It indicates that...
isomorphism) only finitely many groups that can occur as the torsion groups of E(K) for an elliptic curve defined over a number field K of
degreeIn mathematics, more specifically field theory, the degree of a field extension is a rough measure of the "size" of the extension. The concept plays an important role in many parts of mathematics, including algebra and number theory — indeed in any area where fields appear prominently.-...
d. More precisely, there is a number B(d) such that for any elliptic curve E defined over a number field K of degree d, any torsion point of E(K) is of
orderIn group theory, a branch of mathematics, the term order is used in two closely related senses:* The order of a group is its cardinality, i.e., the number of its elements....
less than B(d). The theorem is effective: for d > 1, if a torsion point is of order p, with p prime, then
.
As for the integral points, Siegel's theorem generalizes to the following: let E be an elliptic curve defined over a number field K, x and y the Weierstrass coordinates. Then the points of
whose x-coordinate is in the ring of integers O
K is finite.
The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extended to this more general situation.
Elliptic curves over a general field
Elliptic curves can be defined over any
fieldIn abstract algebra, a field is a commutative ring whose nonzero elements form a group under multiplication. As such it is an algebraic structure with notions of addition, subtraction, multiplication, and division, satisfying certain axioms...
K; the formal definition of an elliptic curve is a non-singular projective algebraic curve over K with
genusIn mathematics, genus has a few different, but closely related, meanings:-Orientable surface:The genus of a connected, orientable surface is an integer representing the maximum number of cuttings along non-intersecting closed simple curves without rendering the resultant manifold disconnected. It...
1 with a given point defined over K.
If the
characteristicIn mathematics, the characteristic of a ring R, often denoted char, is defined to be the smallest number of times one must use the ring's multiplicative identity element in a sum to get the additive identity element ; the ring is said to have characteristic zero if this repeated sum never reaches...
of K is neither 2 nor 3, then every elliptic curve over K can be written in the form
where p and q are elements of K such that the right hand side polynomial x
3 − px − q does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of the form
for arbitrary constants
such that the polynomial on the right-hand side has distinct roots (the notation is chosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is
provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation would reduce to the previous ones by a suitable change of variables.
One typically takes the curve to be the set of all points (x,y) which satisfy the above equation and such that both x and y are elements of the
algebraic closureIn mathematics, particularly abstract algebra, an algebraic closure of a field K is an algebraic extension of K that is algebraically closed. It is one of many closures in mathematics....
of K. Points of the curve whose coordinates both belong to K are called K-rational points.
Isogeny
Let E and D be elliptic curves over a field k. An isogeny between E and D is a
finite morphism 
of
varietiesIn mathematics, particularly in algebraic geometry, complex analysis and number theory, an abelian variety is a projective algebraic variety that is also an algebraic group, i.e., has a group law that can be defined by regular functions...
that preserves basepoints (in other words, maps the given point on E to that on D).
The two curves are called isogenous if there is an isogeny between them. This is an
equivalence relationIn mathematics, an equivalence relation is a relation that, loosely speaking, partitions a set so that every element of the set is a member of one and only one cell of the partition. Two elements of the set are considered equivalent if and only if they are elements of the same cell...
, symmetry being due to the existence of the dual isogeny. Every isogeny is an algebraic
homomorphismIn abstract algebra, a homomorphism is a structure-preserving map between two algebraic structures . The word homomorphism comes from the Greek language: ὁμός meaning "same" and μορφή meaning "shape".- Definition :The definition of homomorphism depends on the type of algebraic structure under...
and thus induces homomorphisms of the
groupsIn mathematics, a group is an algebraic structure consisting of a set together with an operation that combines any two of its elements to form a third element. To qualify as a group, the set and the operation must satisfy a few conditions called group axioms, namely closure, associativity, identity...
of the elliptic curves for k-valued points.
Elliptic curves over finite fields
Let K = F
q be the
finite fieldIn abstract algebra, a finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory, algebraic geometry, Galois theory, cryptography, and coding theory...
with q elements and E an elliptic curve defined over K. While the precise
number of rational points of an elliptic curveAn important aspect in the study of elliptic curves is devising effective ways of counting points on the curve. There have been several approaches to do so, and the algorithms devised have proved to be useful tools in the study of various fields such as number theory, and more recently in...
E over K is in general rather difficult to compute,
Hasse's theorem on elliptic curves gives us, including the point at infinity, the following estimate:
In other words, the number of points of the curve grows roughly as the number of elements in the field. This fact can be understood and proven with the help of some general theory; see local zeta function,
Étale cohomologyIn mathematics, the étale cohomology groups of an algebraic variety or scheme are algebraic analogues of the usual cohomology groups with finite coefficients of a topological space, introduced by Grothendieck in order to prove the Weil conjectures...
.
The set of points
is a finite abelian group. It is always cyclic or the product of two cyclic groups. For example, the curve defined by
over
has 72 points (71 affine points including
(0,0) and one
point at infinity) over this field, whose group structure is given by
. The number of points on a specific curve can be computed with
Schoof's algorithmSchoof's algorithm is an efficient algorithm to count points on elliptic curves over finite fields. The algorithm has applications in elliptic curve cryptography where it is important to know the number of points to judge the difficulty of solving the discrete logarithm problem in the group of...
.
Studying the curve over the
field extensionIn abstract algebra, field extensions are the main object of study in field theory. The general idea is to start with a base field and construct in some manner a larger field which contains the base field and satisfies additional properties...
s of
is facilitated by the introduction of the local zeta function of E over
, defined by a generating series (also see above)
where the field
is the (unique) extension of
of degree n (that is,
). The zeta function is a rational function in T. There is an integer a such that
Moreover,
with complex numbers
of
absolute valueIn mathematics, the absolute value |a| of a real number a is the numerical value of a without regard to its sign. So, for example, the absolute value of 3 is 3, and the absolute value of -3 is also 3...
. This result are a special case of the
Weil conjecturesIn mathematics, the Weil conjectures were some highly-influential proposals by on the generating functions derived from counting the number of points on algebraic varieties over finite fields....
. For example, the zeta function of
over the field
is given by
since the curve has
(
) points over
if r is odd (even, respectively).
The Sato–Tate conjecture is a statement about how the error term
in Hasse's theorem varies with the different primes q, if you take an elliptic curve E over
and reduce it modulo q. It was proven (for almost all such curves) in 2006 due to the results of Taylor, Harris and Shepherd-Barron, and says that the error terms are equidistributed.
Elliptic curves over finite fields are notably applied in
cryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
and for the
factorizationIn mathematics, factorization or factoring is the decomposition of an object into a product of other objects, or factors, which when multiplied together give the original...
of large integers. These algorithms often make use of the group structure on the points of E. Algorithms that are applicable to general groups, for example the group of invertible elements in finite fields,
, can thus be applied to the group of points on an elliptic curve. For example, the
discrete logarithmIn mathematics, specifically in abstract algebra and its applications, discrete logarithms are group-theoretic analogues of ordinary logarithms. In particular, an ordinary logarithm loga is a solution of the equation ax = b over the real or complex numbers...
is such an algorithm. The interest in this is that choosing an elliptic curve allows for more flexibility than choosing q (and thus the group of units in F
q). Also, the group structure of elliptic curves is generally more complicated.
Algorithms that use elliptic curves
Elliptic curves over finite fields are used in some
cryptographicCryptography is the practice and study of techniques for secure communication in the presence of third parties...
applications as well as for
integer factorizationIn number theory, integer factorization or prime factorization is the decomposition of a composite number into smaller non-trivial divisors, which when multiplied together equal the original integer....
. Typically, the general idea in these applications is that a known
algorithmIn mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. For more see also:
- Elliptic curve cryptography
Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...
- Elliptic Curve DSA
The Elliptic Curve Digital Signature Algorithm is a variant of the Digital Signature Algorithm which uses Elliptic curve cryptography.-Key and signature size comparison to DSA:...
- Lenstra elliptic curve factorization
The Lenstra elliptic curve factorization or the elliptic curve factorization method is a fast, sub-exponential running time algorithm for integer factorization which employs elliptic curves. For general purpose factoring, ECM is the third-fastest known factoring method...
- Elliptic curve primality proving
Elliptic Curve Primality Proving is a method based on elliptic curves to prove the primality of a number . It is a general-purpose algorithm, meaning it does not depend on the number being of a special form...
Alternative representations of elliptic curves
- Hessian curve
- Edwards curve
In mathematics, an Edwards curve is a new representation of elliptic curves, discovered by Harold M. Edwards in 2007. The concept of elliptic curves over finite fields is widely used in elliptic curve cryptography...
- Twisted curve
In mathematics an elliptic curve E over a field K has its quadratic twist, that is another elliptic curve which is isomorphic to E over an algebraic closure of K. In particular, an isomorphism between elliptic curves is an isogeny of degree 1, that is an invertible isogeny. Some curves have higher...
- Twisted Hessian curve
In mathematics, the Twisted Hessian curve represents a generalization of Hessian curves; it was introduced in elliptic curve cryptography to speed up the addition and doubling formulas and to have strongly unified arithmetic. In some operations , it is close in speed to Edwards...
- Twisted Edwards curve
In algebraic geometry, the Twisted Edwards curves are plane models of elliptic curves, a generalisation of Edwards curves introduced by Bernstein et al. and named after Harold M. Edwards...
- Doubling-oriented Doche–Icart–Kohel curve
In mathematics, the doubling-oriented Doche–Icart–Kohel curve is a form in which an elliptic curve can be written. It is a special case of Weierstrass form and it is also important in elliptic-curve cryptography because the doubling speeds up considerably .It has been introduced by Christophe...
- Tripling-oriented Doche–Icart–Kohel curve
The tripling-oriented Doche–Icart–Kohel curve is a form of an elliptic curve that has been used lately in cryptography; it is a particular type of Weierstrass curve...
- Jacobian curve
In mathematics, the Jacobi curve is a representantion of an elliptic curve different than the usual one . Sometimes it is used in cryptography instead of the Weierstrass form because it can provide a defence against simple and differential power analysis style attacks; it is possible, indeed, to...
- Montgomery curve
See also
- Riemann–Hurwitz formula
- Nagell–Lutz theorem
In mathematics, the Nagell–Lutz theorem is a result in the diophantine geometry of elliptic curves, which describes rational torsion points on elliptic curves over the integers.-Definition of the terms:Suppose that the equationy^2 = x^3 + ax^2 + bx + c \...
- Arithmetic dynamics
Arithmetic dynamicsis a field that amalgamates two areas of mathematics, dynamical systems and number theory.Classically, discrete dynamics refers to the study of the iteration of self-maps of the complex plane or real line...
- Elliptic surface
In mathematics, an elliptic surface is a surface that has an elliptic fibration, in other words a proper connected morphism to an algebraic curve, almost all of whose fibers are elliptic curves....
- Comparison of computer algebra systems
- j-line
In the study of the arithmetic of elliptic curves, the j-line over any ring R is the coarse moduli scheme attached to the moduli problem Γ]:...
External links