Elliptic Curves: The Basics

Working over the rationals (or more precisely any field with characteristic 0) an elliptic curve is a curve given the equation

such that the discriminant, which is 4A3 + 27B2, is non-zero. Equivalently, the polynomial on the right hand side has distinct roots, ensuring that the curve is non-singular. Though we restrict our attention to these non-singular curves we note that if the right hand side is a cubic polynomial, there are only two types of singular curves, corresponding to whether there is a double root (node) or triple root (cusp).

Source: Wolfram Mathworld

Point at Infinity

The point at infinity is an important point that always lies on an elliptic curve. For those who have studied algebraic geometry this is a familiar concept and comes from defining a projective closure of the equation defining the elliptic curve. However, informally it can be described as an idealised limiting point at the ‘end’ of each line.

If you imagine a vertical straight line, which intersects the elliptic curve at most two times.

The point at infinity is the point at which the two ends of this vertical line ‘meet’.

The reason that elliptic curves are amazing objects is because we can use geometry to make the points on the curve a group. Therefore we can use tools from algebraic number theory to study them.

Making Points on an Elliptic Curve into a Group

This is done using the chord and tangent process:

We denote the point at infinity on an elliptic curve E over Q as OE. E meets each line in 3 points, counted with multiplicity. Given two points on E, say P and Q, let R be the third point of intersection of PQ and E. Then P ⊕ Q is the third point of intersection of OER (vertical line through R) and E.

Source: jeremykun.com

If P = Q we take the tangent at P instead of the line PQ.

Then E with the group law on points defined above, denoted by (E, ⊕), is an abelian group:

  • The fact that is abelian is clear by construction
  • Identity: OE – this is why the point at infinity is such an important point and exists on all elliptic curves.
  • Inverses: Given a point P, let S be the point of intersection of the tangent at OE and E. Then let Q be the intersection of PS and E. Then the inverse of P is defined to be Q. Note that if OE is a point of inflection (point of multiplicity 3) then S = OE in the above.
  • Associativity: This is much harder to prove. It can be done by identifying (E, ⊕) with a subgroup of the Picard Group, which related to something called divisors.

Divisors are a tool for keeping track of poles and zeroes. For example, suppose a function g has a zero at a point P of order 3, and a pole at another point Q of order 2, and a pole at O of order 1 (note the number of zeroes and poles are equal, as they must be for a function). Then using divisors, we can say all this concisely as follows:

div g=3P−2Q−O

More precisely, we can define a divisor D to be a ‘formal sum’ of points on E (meaning that we write a sum of points using a + symbol but no actual operation is defined), say

Then the degree of a divisor is the sum of the coefficients.

This set of divisors forms a group, Div(E), generated by the points on E. Immediately we can identify a subgroup of Div(E), namely the divisors of degree zero denoted Div0(E).

We can also define an equivalence relation ~ on divisors: D1, D2 ∈ Div(E) are linearly equivalent, written D1 ~ D2, if exists an f such that div(f) = D1 – D2.

We can now introduce the Picard Group. It is a subgroup of Div(E), defined by quotienting out by this equivalence relation

A subgroup of the Picard group is given by

We’re now ready to go back to talking about elliptic curves. The point of this discussion is that we know (Pic0(E), +) is a group which has the associative property. Furthermore, we can show that we have a bijection between (E, ⊕) and (Pic0(E), +) that preserves the group structure i.e. we have an isomorphism of groups. So, using this isomorphism we can identify the two groups and deduce that (E, ⊕) is also associative.

Consequence

Say we started looking at points defined over Q (denoted by E(Q)). A natural question is to ask how we know that the addition or inverses of these points remains in Q?

We defined the group law by looking at the intersections of lines and curves. So, working through the algebra, we can get explicit equations for the addition of points and inverses. For example if we have an elliptic curve E over Q and a point P = (x,y) in E(Q), then -P = (x, -y).

These explicit equations are useful because they tell us that the points do indeed remain defined over Q. More precisely, we find that (E(Q), ⊕) is a subgroup of (E, ⊕):

  • The identity OE is in E(Q) by definition
  • (E(Q), ⊕) is closed under addition and has inverses by the explicit formulae
  • Associativity and commutativity is inherited from (E, ⊕).

Note: This in fact holds for any field K, not just Q, but we must be a bit more careful, as the elliptic curve may not be expressible in the nice form y2 = x3 + Ax + B so the formulae are a bit messier. The reason why this is important is that we often want to consider elliptic curves over finite fields, something I will explore in future posts.

M x

2: Dedekind’s Criterion

In episode 1, I introduced the idea of prime ideals. Today we will extend this idea and prove a really important result in algebraic number theory: Dedekind’s Criterion.

We will use the following fact:

If P, contained in O, is a non-zero prime ideal, then there is a unique prime number p such that pP.

For those who are more advanced, this is because the ideal generated by p, namely (p), is the kernel of

Screen Shot 2019-09-17 at 11.12.53 AM.png

Then P|pOand N(P) = pfor some f > 0.

The proof of Dedekind’s Criterion uses a lot of Group Theory and therefore I will not prove it for you. However, it is a really useful tool in algebraic number theory and so I will state it and show how it can be used to factor ideals (remember that in episode 1 we showed that this factorisation is unique).

Before stating the theorem, let me define a few things:

  • Let 𝛼 ∈ Othen Screen Shot 2019-09-17 at 11.39.55 AM.png(𝛼) = { x + 𝛼y | x, y ∈ Screen Shot 2019-09-17 at 11.39.55 AM.png}
  • Let 𝐿/𝐾 be a field extension and let 𝛼 ∈ 𝐿 be algebraic over 𝐾 (i.e. there is a polynomial p with coefficients in such that p(𝛼)=0). We call the minimal polynomial of 𝛼 over 𝐾 the monic polynomial 𝑓 with coefficients in K of the least degree such that f(𝛼) = 0.
  • Say we have a polynomial p(x) = anx+ an-1xn-1 … + a1x1 + a0  with coefficients in K. Then its reduction mod p is defined as p(x) = anx+ … + a0 where ai  ≡ ai (mod p).
  • In episode 1 we defined the degree of a field extension L/K. We denote this as [L:K].
  • Z/pZ is the additive group of the integers mod p. For p prime, this is a finite field. We usually denote this as Fp.

Okay, now we’re ready for the theorem!

Theorem: Dedekind’s Criterion

Let 𝛼 ∈ Obe such that 𝐿 = Q(𝛼). Let 𝑓(x), with integer coefficients, be its minimal polynomial and let 𝑝 be a prime integer such that 𝑝 does not divide the degree [O∶ Z[𝛼]]. Let 𝑓(x) be its reduction mod p and factor

Screen Shot 2019-09-17 at 12.02.55 PM.png

where g1(x), … , gr(x F𝑝 [x] are distinct monic irreducible polynomials. Let gi(x) ∈ Z[x] be any polynomial with gi(x) (mod 𝑝) = gi(x), and define

Screen Shot 2019-09-17 at 12.11.25 PM.png

an ideal of OL. Let f= deg gi(x).

Then p1 ,…, pare disjoint prime ideals of OL and

Screen Shot 2019-09-17 at 12.14.55 PM.png

If you don’t quite understand the theorem, don’t worry! The first time I read this I was really confused as well. I think the more examples you see and the more you use it the easier it becomes to understand. Because of this, I will give you an example next.

Example

Let L = Screen Shot 2019-09-17 at 11.39.55 AM.png(√−11) and p = 5. We will use the following result:

Let d ∈ Z be square-free and not equal to 0 or 1. Let L = Screen Shot 2019-09-17 at 11.39.55 AM.png(√d). Then 

Screen Shot 2019-09-17 at 12.20.18 PM.png

As – 11 = 1 (mod 4), OLScreen Shot 2019-09-17 at 12.22.14 PM.png. Then, [OL: Z[√−11]] = 2 and so we can apply Dedekind’s criterion to 𝛼 = √−11 for p = 5. Then the minimal polynomial is f(x) = x+ 11, so 𝑓(x) = f(x) (mod 5) = x+ 1 = (x+2)(x+3) F5 [x].

Therefore by Dedekind’s Criterion, 5OL= P·where

P = (5, √−11 + 2) and Q = (5, √ −11 + 3)

and P, Q are distinct prime ideals in OL. So we have found how 5 splits in Screen Shot 2019-09-17 at 11.39.55 AM.png(√−11).


In the next episode I will talk about Dirichlet’s Unit Theorem and then we will be ready to solve some problems in Number Theory!

M x

Diophantine Approximation: Liouville’s Theorem

Diophantine approximation deals with the approximation of real numbers by rational numbers.

Liouville’s Theorem

In the 1840’s Liouville obtained the first lower bound for the approximation of algebraic numbers:

Let α ∈ R be an irrational algebraic number satisfying f(α) = 0 with non-zero irreducible (cannot be reduced) f ∈ Z[x] of degree d. Then there is a non-zero constant C such that for every fraction p/q

Screen Shot 2016-12-11 at 10.35.05 AM.png

Proof

The proof utilises the mean value theorem. By this theorem, given p/q, there is a real ξ between α and p/q such that

Screen Shot 2016-12-11 at 10.35.08 AM.png

Since f has integer coefficients and is of degree d, the value of f(p/q) is a rational number with denominator at worst q^d. Since f is irreducible, f(p/q) cannot be equal to 0. Thus

Screen Shot 2016-12-11 at 10.40.22 AM.png

and so

Screen Shot 2016-12-11 at 10.40.58 AM.png

A corollary of this result is that numbers that are well approximable by rational numbers, i.e. in for every d ≥ 1 and positive constant C, there is a rational p/q such that

Screen Shot 2016-12-11 at 10.43.32 AM.png

are transcendental.

Example

Letscreen-shot-2016-12-11-at-10-45-22-am

β is a real, transcendental number.

This is because there is a rational approximation

Screen Shot 2016-12-11 at 10.46.43 AM.png

with

screen-shot-2016-12-11-at-10-47-21-am

Analysing this inequality, the ratio

screen-shot-2016-12-11-at-10-48-30-am

is unbounded as N → +∞, and so β is well approximable by rationals.

M x

 

Transcendental Numbers

A transcendental number is a number that is real or complex, but it not algebraic, meaning that it is not the root of a polynomial with non-zero integer coefficients. For example, √2 is algebraic as it is the solution to the polynomial equation x– 2 = 0.

History

In 1844, Joseph Liouville proved the existence of transcendental numbers and in 1851 he gave the first example of such a number:

= 0.11000100000000000000000100……

(i.e. the nth digit after the decimal point is 1 if n = k! for some k, and 0 otherwise). This number is now known as the Liouville constant.

Only in 1873 was the first ‘non-constructed’ number shown to be transcendental when Charles Hermite proved that e was transcendental. Then, in 1882, Ferdinand von Lindemann proved that π was transcendental.

In fact, proving a number is transcendental is extremely challenging, even though they are known to be very common.

Why are they very common?

The algebraic numbers are countable (the set of algebraic numbers is the countable union of countable sets and so is therefore countable). However, the real numbers are uncountable. Therefore, since every real number is either algebraic or transcendental, the transcendentals must be uncountable. This implies that there are a lot more transcendental numbers than algebraic numbers.

Examples of Transcendental Numbers

  • ea if a is algebraic and non-zero
  • π
  • eπ
  • ab where a,b are algebraic, but a ≠ 0,1
    • in particular, 2^{\sqrt {2}}, the Gelfond-Schenider Constant
  • Continued Fraction Constant{1+{\cfrac {1}{2+{\cfrac {1}{3+{\cfrac {1}{4+{\cfrac {1}{5+{\cfrac {1}{6+\ddots }}}}}}}}}}}

If you want to find out more examples, click here.

 

Would you like to see a blog post specifically on Liouville numbers? M x