Elliptic Curves: The Basics

Working over the rationals (or more precisely any field with characteristic 0) an elliptic curve is a curve given the equation

such that the discriminant, which is 4A3 + 27B2, is non-zero. Equivalently, the polynomial on the right hand side has distinct roots, ensuring that the curve is non-singular. Though we restrict our attention to these non-singular curves we note that if the right hand side is a cubic polynomial, there are only two types of singular curves, corresponding to whether there is a double root (node) or triple root (cusp).

Source: Wolfram Mathworld

Point at Infinity

The point at infinity is an important point that always lies on an elliptic curve. For those who have studied algebraic geometry this is a familiar concept and comes from defining a projective closure of the equation defining the elliptic curve. However, informally it can be described as an idealised limiting point at the ‘end’ of each line.

If you imagine a vertical straight line, which intersects the elliptic curve at most two times.

The point at infinity is the point at which the two ends of this vertical line ‘meet’.

The reason that elliptic curves are amazing objects is because we can use geometry to make the points on the curve a group. Therefore we can use tools from algebraic number theory to study them.

Making Points on an Elliptic Curve into a Group

This is done using the chord and tangent process:

We denote the point at infinity on an elliptic curve E over Q as OE. E meets each line in 3 points, counted with multiplicity. Given two points on E, say P and Q, let R be the third point of intersection of PQ and E. Then P ⊕ Q is the third point of intersection of OER (vertical line through R) and E.

Source: jeremykun.com

If P = Q we take the tangent at P instead of the line PQ.

Then E with the group law on points defined above, denoted by (E, ⊕), is an abelian group:

  • The fact that is abelian is clear by construction
  • Identity: OE – this is why the point at infinity is such an important point and exists on all elliptic curves.
  • Inverses: Given a point P, let S be the point of intersection of the tangent at OE and E. Then let Q be the intersection of PS and E. Then the inverse of P is defined to be Q. Note that if OE is a point of inflection (point of multiplicity 3) then S = OE in the above.
  • Associativity: This is much harder to prove. It can be done by identifying (E, ⊕) with a subgroup of the Picard Group, which related to something called divisors.

Divisors are a tool for keeping track of poles and zeroes. For example, suppose a function g has a zero at a point P of order 3, and a pole at another point Q of order 2, and a pole at O of order 1 (note the number of zeroes and poles are equal, as they must be for a function). Then using divisors, we can say all this concisely as follows:

div g=3P−2Q−O

More precisely, we can define a divisor D to be a ‘formal sum’ of points on E (meaning that we write a sum of points using a + symbol but no actual operation is defined), say

Then the degree of a divisor is the sum of the coefficients.

This set of divisors forms a group, Div(E), generated by the points on E. Immediately we can identify a subgroup of Div(E), namely the divisors of degree zero denoted Div0(E).

We can also define an equivalence relation ~ on divisors: D1, D2 ∈ Div(E) are linearly equivalent, written D1 ~ D2, if exists an f such that div(f) = D1 – D2.

We can now introduce the Picard Group. It is a subgroup of Div(E), defined by quotienting out by this equivalence relation

A subgroup of the Picard group is given by

We’re now ready to go back to talking about elliptic curves. The point of this discussion is that we know (Pic0(E), +) is a group which has the associative property. Furthermore, we can show that we have a bijection between (E, ⊕) and (Pic0(E), +) that preserves the group structure i.e. we have an isomorphism of groups. So, using this isomorphism we can identify the two groups and deduce that (E, ⊕) is also associative.


Say we started looking at points defined over Q (denoted by E(Q)). A natural question is to ask how we know that the addition or inverses of these points remains in Q?

We defined the group law by looking at the intersections of lines and curves. So, working through the algebra, we can get explicit equations for the addition of points and inverses. For example if we have an elliptic curve E over Q and a point P = (x,y) in E(Q), then -P = (x, -y).

These explicit equations are useful because they tell us that the points do indeed remain defined over Q. More precisely, we find that (E(Q), ⊕) is a subgroup of (E, ⊕):

  • The identity OE is in E(Q) by definition
  • (E(Q), ⊕) is closed under addition and has inverses by the explicit formulae
  • Associativity and commutativity is inherited from (E, ⊕).

Note: This in fact holds for any field K, not just Q, but we must be a bit more careful, as the elliptic curve may not be expressible in the nice form y2 = x3 + Ax + B so the formulae are a bit messier. The reason why this is important is that we often want to consider elliptic curves over finite fields, something I will explore in future posts.

M x

Intrinsic Geometry

Today I wanted to discuss the geometry of curves and surfaces.

Curves, Curvature and Normals

First let us consider a curve r(s) which is parameterised by s, the arc length.

Now, t(s) = Screen Shot 2017-02-14 at 8.05.47 AM.png is a unit tangent vector and so t2 = 1, thus t.t = 1. If we differentiate this, we get that t.t‘ = 0, which specifies a direction normal to the curve, provided t‘ is not equal to zero. This is because if the dot product of two vectors is zero, then those two vectors are perpendicular to each other.

Let us define t’ = Kwhere the unit vector n(s) is called the principal normal and K(s) is called the curvature. Note that we can always make K positive by choosing an appropriate direction for n.

Another interesting quantity is the radius of curvature, a, which is given by

a = 1/curvature

Now that we have n and t we can define a new vector x n, which is orthonormal to both t and n. This is called the binormal. Using this, we can then examine the torsion of the curve, which is given by

T(s) = –b’.n

Image result for binormal tangent

Intrinsic Geometry

As the plane is rotated about n we can find a range

Screen Shot 2017-02-14 at 8.16.01 AM.pngwhereScreen Shot 2017-02-14 at 8.16.08 AM.png and Screen Shot 2017-02-14 at 8.16.14 AM.png are the principal curvatures. Then

Screen Shot 2017-02-14 at 8.17.34 AM.png

is called the Gaussian curvature.

Gauss’ Theorema Egregium (which literally translates to ‘Remarkable Theorem’!) says that K is intrinsic to the surface. This means that it can be expressed in terms of lengths, angles, etc. which are measured entirely on the surface!

For example, consider a geodesic triangle on a surface S.

Screen Shot 2017-02-14 at 8.20.37 AM.png

Let θ1, θ2, θ3 be the interior angles. Then the Gauss-Bonnet theorem tells us that

Screen Shot 2017-02-14 at 8.22.10 AM.png

which generalises the angle sum of a triangle to curved space.

Let us check this when S is a sphere of radius a, for which the geodesics are great circles. We can see that Screen Shot 2017-02-14 at 8.16.08 AM.png=Screen Shot 2017-02-14 at 8.16.14 AM.png= 1/a, and so K = 1/a2, a constant. As shown below, we have a family of geodesic triangles D with θ1 = α, θ2 = θ3 = π/2.


Since K is constant over S,

Screen Shot 2017-02-14 at 8.27.09 AM.png

Then θ1 + θ2 + θ3 = π + α, agreeing with the prediction of the theorem.

M x