🔢Arithmetic Geometry Unit 2 – Elliptic curves

Introduction to Elliptic Curves

• Elliptic curves are a fundamental object of study in algebraic geometry and number theory
• Defined as nonsingular cubic curves in the projective plane $\mathbb{P}^2$ over a field $K$
• Can be described by a Weierstrass equation of the form $y^2 = x^3 + ax + b$, where $a, b \in K$ and the discriminant $\Delta = 4a^3 + 27b^2 \neq 0$
• The set of points on an elliptic curve, together with a special point called the "point at infinity," form an abelian group under a geometric operation called the "group law"
• Elliptic curves have a rich structure and connections to various branches of mathematics, including complex analysis, topology, and representation theory
• Have important applications in cryptography, such as in the design of secure key exchange protocols and digital signature schemes

Basic Definitions and Properties

• An elliptic curve $E$ over a field $K$ is a smooth, projective curve of genus 1 with a specified base point $O \in E(K)$
• The group law on an elliptic curve is defined geometrically: given two points $P, Q \in E(K)$, the sum $P + Q$ is obtained by finding the third intersection point of the line through $P$ and $Q$ with the curve, and then reflecting that point across the $x$-axis
• The group law is associative, commutative, and has identity element $O$, the point at infinity
• For each point $P \in E(K)$, there exists a unique inverse point $-P$ such that $P + (-P) = O$
• The group of $K$-rational points, denoted $E(K)$, is a finitely generated abelian group by the Mordell-Weil theorem
  • $E(K) \cong \mathbb{Z}^r \oplus E(K)_{\text{tors}}$, where $r$ is the rank and $E(K)_{\text{tors}}$ is the torsion subgroup
• The torsion subgroup $E(K)_{\text{tors}}$ consists of all points of finite order in $E(K)$

Weierstrass Form and Group Law

• Every elliptic curve over a field $K$ can be described by a Weierstrass equation of the form $y^2 + a_1xy + a_3y = x^3 + a_2x^2 + a_4x + a_6$, where $a_1, a_2, a_3, a_4, a_6 \in K$
• The discriminant $\Delta$ of the Weierstrass equation must be nonzero for the curve to be nonsingular
• The j-invariant of an elliptic curve, defined as $j(E) = c_4^3/\Delta$, is an important invariant that characterizes the isomorphism class of the curve over the algebraic closure of $K$
• The group law can be explicitly described using the Weierstrass equation:
  • For points $P = (x_1, y_1)$ and $Q = (x_2, y_2)$, the sum $P + Q = (x_3, y_3)$ is given by:
    • If $P \neq Q$: $x_3 = \lambda^2 - x_1 - x_2$, $y_3 = \lambda(x_1 - x_3) - y_1$, where $\lambda = (y_2 - y_1)/(x_2 - x_1)$
    • If $P = Q$: $x_3 = \lambda^2 - 2x_1$, $y_3 = \lambda(x_1 - x_3) - y_1$, where $\lambda = (3x_1^2 + a)/(2y_1)$
• The group law formulas can be used to efficiently compute multiples of points, which is crucial in elliptic curve cryptography

Points of Finite Order

• A point $P \in E(K)$ is said to have finite order if there exists a positive integer $n$ such that $nP = O$, where $nP$ denotes the sum of $P$ with itself $n$ times under the group law
• The smallest such positive integer $n$ is called the order of $P$
• The set of all points of finite order in $E(K)$ forms the torsion subgroup $E(K)_{\text{tors}}$
• Torsion points play a crucial role in understanding the structure of the group of rational points $E(K)$
• The possible torsion subgroups of elliptic curves over $\mathbb{Q}$ are completely classified by Mazur's theorem:
  • $E(\mathbb{Q})_{\text{tors}}$ is isomorphic to one of the following groups: $\mathbb{Z}/n\mathbb{Z}$ for $n = 1, 2, \ldots, 10, 12$, or $\mathbb{Z}/2\mathbb{Z} \oplus \mathbb{Z}/2n\mathbb{Z}$ for $n = 1, 2, 3, 4$
• Over finite fields $\mathbb{F}_q$, the torsion subgroup $E(\mathbb{F}_q)$ is always finite and cyclic, with order bounded by the Hasse-Weil bound

Elliptic Curves over Finite Fields

• Elliptic curves over finite fields $\mathbb{F}_q$ have a finite number of points, denoted $\#E(\mathbb{F}_q)$
• The group structure of $E(\mathbb{F}_q)$ is always of the form $\mathbb{Z}/n\mathbb{Z}$ for some integer $n$
• The number of points $\#E(\mathbb{F}_q)$ satisfies the Hasse-Weil bound: $|\#E(\mathbb{F}_q) - (q+1)| \leq 2\sqrt{q}$
• Elliptic curves over finite fields have important applications in cryptography, such as in the Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol
• The security of elliptic curve cryptography relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP): given points $P, Q \in E(\mathbb{F}_q)$, find an integer $n$ such that $Q = nP$
• Supersingular elliptic curves, which have certain special properties, are of particular interest in cryptography and have connections to the theory of modular forms

Counting Points and Hasse's Theorem

• Counting the number of points on an elliptic curve over a finite field $\mathbb{F}_q$ is a fundamental problem in arithmetic geometry
• The Hasse-Weil bound provides a tight estimate for $\#E(\mathbb{F}_q)$: $|\#E(\mathbb{F}_q) - (q+1)| \leq 2\sqrt{q}$
• The Hasse-Weil L-function $L(E/\mathbb{F}_q, T)$ is a generating function that encodes information about the number of points on $E$ over extensions of $\mathbb{F}_q$
  • $L(E/\mathbb{F}_q, T) = \exp(\sum_{n=1}^\infty \#E(\mathbb{F}_{q^n})\frac{T^n}{n})$
• The Hasse-Weil L-function satisfies a functional equation and has an analytic continuation to the entire complex plane
• The Birch and Swinnerton-Dyer conjecture, one of the Millennium Prize Problems, relates the rank of an elliptic curve over $\mathbb{Q}$ to the behavior of its L-function at $s = 1$
• Efficient point counting algorithms, such as Schoof's algorithm and its improvements (Schoof-Elkies-Atkin algorithm), are essential for implementing elliptic curve cryptography

Applications in Cryptography

• Elliptic curve cryptography (ECC) is based on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP)
• ECC offers the same level of security as RSA and other traditional public-key cryptosystems with smaller key sizes, making it more efficient for implementation
• The Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol allows two parties to establish a shared secret key over an insecure channel
  • Alice and Bob agree on an elliptic curve $E$ over a finite field $\mathbb{F}_q$ and a base point $P \in E(\mathbb{F}_q)$
  • Alice chooses a secret integer $a$, computes $aP$, and sends it to Bob
  • Bob chooses a secret integer $b$, computes $bP$, and sends it to Alice
  • Both Alice and Bob can now compute the shared secret $abP$, which is difficult for an eavesdropper to determine without knowing $a$ or $b$
• The Elliptic Curve Digital Signature Algorithm (ECDSA) is used for digital signatures and is the basis for secure communication protocols like Bitcoin and Ethereum
• Pairing-based cryptography, which uses bilinear maps on elliptic curves, enables advanced cryptographic functionalities like identity-based encryption and attribute-based encryption

Advanced Topics and Open Problems

• The Birch and Swinnerton-Dyer conjecture relates the rank of an elliptic curve over $\mathbb{Q}$ to the behavior of its L-function at $s = 1$
  • The conjecture has been proven for specific cases but remains open in general
• Elliptic curves over complex numbers have a rich geometric structure and are related to the theory of modular forms and Riemann surfaces
• The Langlands program, a vast network of conjectures connecting representation theory, automorphic forms, and arithmetic geometry, has deep connections to elliptic curves
  • The Taniyama-Shimura conjecture, now known as the Modularity Theorem, states that every elliptic curve over $\mathbb{Q}$ is modular, i.e., its L-function coincides with the L-function of a modular form
• The study of rational points on elliptic curves is a central problem in Diophantine geometry
  • The Mordell-Weil theorem states that the group of rational points $E(\mathbb{Q})$ is finitely generated, but finding generators and computing the rank is a difficult problem
• Elliptic curves over function fields, such as the field of rational functions $\mathbb{C}(t)$, have connections to the theory of algebraic curves and the Birch and Swinnerton-Dyer conjecture in higher dimensions
• The arithmetic of elliptic curves over number fields and their connections to Galois representations and the Tate conjecture are active areas of research in arithmetic geometry