# Elliptic curve

2010 Mathematics Subject Classification: Primary: 14h57 Secondary: 11Gxx14K15 [MSN][ZBL]

An elliptic curve is a non-singular complete algebraic curve of genus 1. The theory of elliptic curves is the source of a large part of contemporary algebraic geometry. But historically the theory of elliptic curves arose as a part of analysis, as the theory of elliptic integrals and elliptic functions (cf. Elliptic integral; Elliptic function).

Examples. A non-singular plane projective cubic curve; the intersection of two non-singular quadrics in three-dimensional projective space; a two-sheeted covering of the projective line ramified at exactly four points; and also a one-dimensional Abelian variety are elliptic curves.

## The geometry of an elliptic curve.

Let $X$ be an elliptic curve over an algebraically closed field $k$. Then $X$ is biregularly isomorphic to a plane cubic curve (see [Ca], [La2], [Ta]). If $\mathop{\mathrm{char}} k \ne 2,3$, then in the projective plane ${\mathbb P}^2$ there is an affine coordinate system in which the equation of $X$ is in normal Weierstrass form: $$y^2=x^3+ax+b$$ The curve $X$ is non-singular if and only if the polynomial $x^3+ax+b$ does not have multiple zeros, that is, if the discriminant $\Delta = -16(4a^3+27b^2)\ne 0$. In ${\mathbb P}^2$ the curve (1) has a unique point at infinity, which is denoted by $P_0$; $P_0$ is a point of inflection of (1), and the tangent at $P_0$ is the line at infinity. The $j$-invariant of an elliptic curve $X$, $$j(X)=1728\frac{4a^3}{4a^3+27b^2}\in k$$ does not depend on the choice of the coordinate system. Two elliptic curves have the same $j$-invariant if and only if they are biregularly isomorphic. For any $j\in k$ there is an elliptic curve $X$ over $k$ with $j(X)=j$.

## The group structure on an elliptic curve.

Let $P_0\in X$ be a fixed point on an elliptic curve $X$. The mapping $P\to P-P_0$ assigning to a point $P\in X$ the divisor $P-P_0$ on $X$ establishes a one-to-one correspondence between $X$ and the group ${\rm Pic}^0\; X$ of divisor classes of degree $0$ on $X$, that is, the Picard variety of $X$. This correspondence endows $X$ with the structure of an Abelian group that is compatible with the structure of an algebraic variety and that turns $X$ into a one-dimensional Abelian variety $(X,P_0)$; here $P_0$ is the trivial element of the group. This group structure has the following geometric description. Let $X\subset {\mathbb P}^2$ be a smooth plane cubic curve. Then the sum of two points $P$ and $Q$ is defined by the rule $P+Q=P_0\circ (P\circ Q)$, where $P\circ Q$ is the third point of intersection of $X$ with the line passing through $P$ and $Q$. In other words, the sum of three points on $X$ vanishes if and only if the points are collinear.

## An elliptic curve as a one-dimensional Abelian variety.

Let $n_X$ denote the endomorphism of multiplication by $n\in {\mathbb Z}$ in $(X,P_0)$. If $(Y,Q_0)$ is an elliptic curve with distinguished point $Q_0$, then any rational mapping $f:X\to Y$ has the form $f(P) = H(P) + Q_1$, where $Q_1 = f(P_0)\in Y$ and $h:(X,P_0) \to(Y,Q_0)$ is a homomorphism of Abelian varieties. Here $h$ is either a constant mapping at $Q_0$ or is an isogeny, that is, there is a homomorphism of Abelian varieties $g:(Y,Q_0)\to(X,P_0)$ such that $gh=n_X$ and $hg=n_Y$ for some $n$ (see [Ca], [Ha]).

The automorphism group of an elliptic curve $X$ acts transitively on $X$, and its subgroup $G={\rm Aut}(X,P_0)$ of automorphisms leaving $P_0$ fixed is non-trivial and finite. Suppose that ${\rm char}\;k$ is not $2$ or $3$. When $j(X)$ is neither 0 nor $1728$, then $G$ consists of the two elements $1_X$ and $(-1)_X$. The order of $G$ is 4 when $j(X)=1728$ and 6 when $j(X)=0$ (see [Ca], [Ha], [Ta]).

An important invariant of an elliptic curve is the endomorphism ring $R={\rm End}(X,P_0)$ of the Abelian variety $(X,P_0)$. The mapping $n\mapsto n_X$ defines an imbedding of ${\mathbb Z}$ in $R$. If $R\ne {\mathbb Z}$, one says that $X$ is an elliptic curve with complex multiplication. The ring $R$ can be of one of the following types (see [Ca], [La2], [Ta]): i) $R={\mathbb Z}$; ii) $R={\mathbb Z}+f{\mathcal O}\subset {\mathcal O}$, where $\mathcal O$ is the ring of algebraic integers of an imaginary quadratic field $k$ and $f\in {\mathbb N}$; or iii) $R$ is a non-commutative ${\mathbb Z}$-algebra of rank 4 without divisors of zero. In this case $p={\rm char}\; k > 0$ and $R$ is a maximal order in the quaternion algebra over ${\mathbb Q}$ ramified only at $p$ and $\infty$. Such elliptic curves exist for all $p$ and are called supersingular; elliptic curves in characteristic $p$ that are not supersingular are said to be ordinary.

The group $X_n = {\rm Ker}\; n_X$ of points of an elliptic curve $X$ with orders that divide $n$ has the following structure: $X_n\approx ({\mathbb Z}/n{\mathbb Z})^2$ when $(n,{\rm char}\; k)=1$. For ${\rm char}\; k = p >0$ and ordinary elliptic curves $X_p\cong {\mathbb Z}/p{\mathbb Z}$, while for supersingular elliptic curves $X_p\cong \{0\}$. For a prime number $l\ne {\rm char}\; k$ the Tate module $T_l(X)$ is isomorphic to ${\mathbb Z}_l^2$.

## Elliptic curves over non-closed fields.

Let $X$ be an elliptic curve over an arbitrary field $k$. If the set of $k$-rational points $X(k)$ of $X$ is not empty, then $X$ is biregularly isomorphic to a plane cubic curve (1) with $a,b\in k$ (${\rm char}\; k \ne 2,3$). The point at infinity $P_0$ of (1) is defined over $k$. As above, one can introduce a group structure on (1), turning $X$ into a one-dimensional Abelian variety over $k$ and turning the set $X(k)$ into an Abelian group with $P_0$ as trivial element. If $k$ is finitely generated over its prime subfield, then $X(k)$ is a finitely-generated group (the Mordell–Weil theorem).

For any elliptic curve $X$ there is defined the Jacobi variety $J(X)$, which is a one-dimensional Abelian variety over $k$, and $X$ is a principal homogeneous space over $J(X)$. If $X(k)$ is not empty, then the choice of $P_0\in X(k)$ specifies an isomorphism $X\simeq J(X)$ under which $P_0$ becomes the trivial element of $J(X)$. In general, $X$ and $J(X)$ are isomorphic over a finite extension of $k$ (see [Ca], [CaFr], [Ta]).

## Elliptic curves over the field of complex numbers.

An elliptic curve over ${\mathbb C}$ is a compact Riemann surface of genus 1, and vice versa. The group structure turns $X$ into a complex Lie group, which is a one-dimensional complex torus ${\mathbb C}/\Lambda$, where $\Lambda$ is a lattice in the complex plane ${\mathbb C}$. Conversely, any one-dimensional complex torus is an elliptic curve (see [Mu]). From the topological point of view, an elliptic curve is a two-dimensional torus.

The theory of elliptic curves over ${\mathbb C}$ is in essence equivalent to the theory of elliptic functions. An identification of a torus ${\mathbb C}/\Lambda$ with an elliptic curve can be effected as follows. The elliptic functions with a given period lattice $\Lambda$ form a field generated by the Weierstrass $wp$-function (see Weierstrass elliptic functions) and its derivative $\wp'(z)$, which are connected by the relation $$\wp'=4\wp^3 - g_2\wp - g_3$$ The mapping ${\mathbb C}\to {\mathbb P}^2$ (${z} \mapsto (1:\wp({z}):\wp'({z}))$) induces an isomorphism between the torus ${\mathbb C}/\Lambda$ and the elliptic curve $X\subset{\mathbb P^2}$ with equation $y^2=4x^3-g_2x-g_3$. The identification of $X$ given by (1) with the torus ${\mathbb C}/\Lambda$ is effected by curvilinear integrals of the holomorphic form $\omega = dx/y$ and gives an isomorphism $X\simeq J(X)$.

The description of the set of all elliptic curves as tori ${\mathbb C}/\Lambda$ leads to the modular function $J(\tau)$. Two lattices $\Lambda$ and $\Lambda'$ determine isomorphic tori if and only if they are similar, that is, if one is obtained from the other by multiplication by a complex number. Therefore it may be assumed that $\Lambda$ is generated by the numbers 1 and $\tau$ in $H=\{\tau \in {\mathbb C}: {\rm Im}\; \tau > 0$. Two lattices with bases $1,\tau$ and $1,\tau'$ are similar if and only if $\tau'=\gamma(\tau)$ for an element $\gamma$ of the modular group $\Gamma$. The modular function $$J(\tau)=\frac{g_2^3}{g_2^3-27g_3^2}$$ is also called the absolute invariant; $J(\tau)=J(\tau')$ if and only if $\tau'=\gamma(\tau)$ for some $\gamma\in\Gamma$, and the function $J:H/\Gamma\to{\mathbb C}$ produces a one-to-one correspondence between the classes of isomorphic elliptic curves over ${\mathbb C}$ and the complex numbers. If $X={\mathbb C}/\Lambda$, then $j(X)=1728J(\tau)$.

An elliptic curve $X$ has complex multiplication if and only if $\tau$ is an imaginary quadratic irrationality. In this case ${\mathbb R}$ is a subring of finite index in the ring of algebraic integers of the imaginary quadratic field ${\mathbb Q}(\tau)$. Elliptic curves with complex multiplication are closely connected with the class field theory for imaginary quadratic fields (see [CaFr], [La]).

## Arithmetic of elliptic curves.

Let $X$ be an elliptic curve over the finite field $k$ with $q$ elements. The set $X(k)$ is always non-empty and finite. Hence $X$ is endowed with the structure of a one-dimensional Abelian variety over $k$, and $X(k)$ with that of a finite Abelian group. The order $A$ of $X(k)$ satisfies $|q+1-A|\le 2 \sqrt{q}$. The characteristic polynomial of the Frobenius endomorphism acting on the Tate module $T_l(X)$, $l\ne {\rm char}\; k$, is $t^2-(q+1-A)t + q$. Its roots $\alpha$ and $\bar \alpha$ are complex-conjugate algebraic integers of modulus $\sqrt{q}$. For any finite extension $k_n$ of $k$ of degree $n$, the order of $X(k_n)$ is $q^n+1-(\alpha^n+{\bar \alpha}^n)$. The zeta-function of $X$ is $$\frac{(1-q^{-s})(1-q^{1-s})}{1-(q+1-A)q^{-s}+q^{1-2s}}.$$ For any algebraic integer $\alpha$ of modulus $\sqrt{q}$ in some imaginary quadratic field (or in ${\mathbb Q}$) one can find an elliptic curve $X$ over $k$ such that the order of $X(k)$ is $q+1-(\alpha+{\bar\alpha})$.

Let $k$ be the field ${\mathbb Q}_p$ of $p$-adic numbers or a finite algebraic extension of it, let $B$ be the ring of integers of $k$, let $X$ be an elliptic curve over $k$, and suppose that $X(k)$ is non-empty. The group structure turns $X(k)$ into a commutative compact one-dimensional $p$-adic Lie group (cf. Lie group, $p$-adic). The group $X(k)$ is Pontryagin-dual to the Weil–Châtelet group ${\rm WC}(k,X)$. If $j(X)\notin B$, then $X$ is a Tate curve (see [Ca], [Ma]) and there exists a canonical uniformization of $X(k)$ analogous to the case of ${\mathbb C}$.

Let $X$ be an elliptic curve over ${\mathbb Q}$ for which $X({\mathbb Q})$ is not empty. Then $X$ is biregularly isomorphic to the curve (1) with $a,b\in {\mathbb Z}$. Of all curves of the form (1) that are isomorphic to $X$ with integers $a$ and $b$, one chooses the one for which the absolute value of the discriminant $\Delta$ is minimal. The conductor $N$ and the $L$-function $L(X,s)$ of $X$ are defined as formal products of local factors: $$N=\prod f_p,\qquad L(X,s) = \prod L_p(X,s)$$ over all prime numbers $p$ (see [Ca], [Ma], [Ta]). Here $f_p$ is some power of $p$, and $L_p(X,s)$ is a meromorphic function of the complex variable $s$ that has neither a zero nor a pole at $s=1$. To determine the local factors one considers the reduction of $X$ modulo $p$ ($2,\;3$), which is a plane projective curve $X_p$ over the residue class field ${\mathbb Z}/(p)$ and is given in an affine coordinate system by the equation $$y^2=x^3+{\bar\alpha}x+{\bar\beta}\qquad ({\bar\alpha}\equiv\alpha \;{\rm mod}\; p,\; {\bar\beta}\equiv\beta\;{\rm mod}\; p).$$ Let $A_p$ be the number of ${\mathbb Z}/(p)$-points on $X_p$. If $p$ does not divide $\Delta$, then $X_p$ is an elliptic curve over ${\mathbb Z}/(p)$, and one puts $$f_p=1,\qquad L_p(X,s) = \frac{1}{1-(p+1-A_p)p^{-s}+p{1-2s}}.$$ If $p$ divides $\Delta$, then the polynomial $x^2+{\bar a}+{\bar b}$ has a multiple root, and one puts $$L_p(X,s) = \frac{1}{1-(p+1-A_p)p^{-s}},\qquad f_p=p^2 \text{ or } p$$ (depending on whether it is a triple or a double root). The product (2) converges in the right half-plane ${\rm Re}\; s > 3/2$. It has been conjectured that $L(X,s)$ has a meromorphic extension to the whole complex plane and that the function

$$\xi_X(s) = N^{s/2}(2\pi)^{-s}\;\Gamma(s)L(X,s)$$ (where $\Gamma(s)$ is the gamma-function) satisfies the functional equation $\xi_X(s) = W\xi_X(2-s)$ with $W=\pm1$ (see [Ma], [Mu]). This conjecture has been proved for elliptic curves with complex multiplication.

The group $X({\mathbb Q})$ is isomorphic to $F\oplus X({\mathbb Q})_t$, where $X({\mathbb Q})_t$ is a finite Abelian group and $F$ is a free Abelian group of a certain finite rank $r$. $X({\mathbb Q})_t$ is isomorphic to one of the following 15 groups (see [SeDeKu]): ${\mathbb Z}/m{\mathbb Z}$, $1\le m\le 10$ or $m = 12$, and $({\mathbb Z}/2{\mathbb Z})\times ({\mathbb Z}/\nu{\mathbb Z})$, $1\le \nu\le 4$. The number $r$ is called the rank of the elliptic curve over ${\mathbb Q}$, or its ${\mathbb Q}$-rank. Examples are known of elliptic curves over ${\mathbb Q}$ of rank $\ge 12$. There is a conjecture (see [Ca], [Ta]) that over ${\mathbb Q}$ there exist elliptic curves of arbitrary large rank.

In the study of $X({\mathbb Q})$ one uses the Tate height ${\hat h}:X({\mathbb Q})\to {\mathbb R}^+$, which is a non-negative definite quadratic form on $X({\mathbb Q})$ (see [Ca], [Mu], [La], and also Height, in Diophantine geometry). For any $c\in {\mathbb R}^+$ the set $\{P\in X(\mathbb Q) | {\hat h}(P)\le c\}$ is finite. In particular, $\hat h$ vanishes precisely on the torsion subgroup of $X({\mathbb Q})_t$.

An important invariant of an elliptic curve is its Tate–Shafarevich group ${\rm Sha}\;(X)$ (see Weil–Châtelet group). The non-trivial elements of ${\rm Sha}\;(X)$, an elliptic curve without ${\mathbb Q}$-points, provide examples of elliptic curves for which the Hasse principle fails to hold. The group ${\rm Sha}\;(X)$ is periodic and for every $n$ the subgroup of its elements of order dividing $n$ is finite. For a large number of elliptic curves it has been verified that the 2- and $3$-components of ${\rm Sha}$ are finite (see [Ca], [CaFr], [Ma]). There is a conjecture that ${\rm Sha}$ is finite.

A conjecture of Birch and Swinnerton-Dyer asserts (see [Ma], [Ta]) that the order of the zero of the $L$-function $L(X,s)$ at $s=1$ is equal to the ${\mathbb Q}$-rank of $X$. In particular, $L(X,s)$ has a zero at $s=1$ if and only if $X({\mathbb Q})$ is infinite. So far (1984) the conjecture has not been proved for a single elliptic curve, but for elliptic curves with complex multiplication (and $j=1$) it has been established that when $X({\mathbb Q})$ is infinite, then the $L$-function has a zero at $s=1$ (see [CoWi]). The conjecture of Birch and Swinnerton-Dyer gives the principal term of the asymptotic expansion of the $L$-function as $s\to 1$; in it there occur the orders of the groups ${\rm Sha}\;(X)$ and $X({\mathbb Q})_t$ and the determinant of the Tate height [Ca]. It can be restated in terms of the Tamagawa numbers (cf. Tamagawa number, see [Bl]).

There is a conjecture of Weil that an elliptic curve $X$ has a uniformization by modular functions relative to the congruence subgroup $\Gamma_0(N)$ of the modular group $\Gamma$ (see [Ma] and also Zeta-function in algebraic geometry). This conjecture has been proved for elliptic functions with complex multiplication. It is known (see [Be]) that every algebraic curve over $\mathbb Q$ can be uniformized (cf. Uniformization) by modular functions relative to some subgroup of $\Gamma$ of finite index.