Arithmetic Elliptic Curves
Let K be a number field and X a curve; let X(K) denote the set of points
in projective space P2 K lying on X. It is well-known that if the genus g of
X is 0, then X(K) is either empty or infinite, and if it is infinite, then it
can be parametrized. On the other hand, by Faltings’ proof of the Mordell
conjecture, if g ≥ 2 then X(K) is a finite set. In this memo we consider the
case of elliptic curves, i.e. curves of genus g = 1, assumed to be defined over
K, and equipped moreover with a distinguished point “at infinity”, also called
the origin and denoted by O. If X is given by an (affine) Weierstrass equation
y 2 = 4x3 − g2 x − g3 with g2 , g3 ∈ K, then the origin can be identified with the
point (0, 1, 0) in P1 K.
I. The group law on E(K)
Let us now baptize our elliptic curve E. E is assumed to be defined over
a number field K; let us assume as above that we have a Weierstrass equation
y 2 = 4x3 − g2 x − g3 for E, with g2 , g3 ∈ K.
Extending K to C, we know that the set of points E(C) can be made into
an additive group, whose identity is the origin O and such that the inverse of
any other point (x, y, 1) is given by (x, −y, 1). The group law is defined by
(x1 , y1 , 1) + (x2 , y2 , 1) = (x3 , y3 , 1) = (−x1 − x2 + λ2 , λx3 + ν)
where
λ=
if x1 6= x2 , and
λ=
(∗)
y 1 − y2
x1 − x2
12x21 − g2 (L)
2y1
if (x1 , y1 , 1) = (x2 , y2 , 1), while
ν = y1 − λx1 = y2 − λx2 .
Note that if x1 = x2 , then y2 is ±y1 ; if y2 = −y1 (in particular if y2 = y1 = 0),
then (x1 , −y1 , 1) is the inverse of (x1 , y1 , 1), i.e. the sum of the two points is O,
whereas if y1 = y2 6= 0, the addition formula is given in (*).
Using the natural appearance of this group law in the situation of complex
elliptic curves, it is easily proved to be commutative and associative, but these
properties can be proven (much more arduously, for the associativity) directly
on the expressions above. Moreover, the explicit expressions make it clear that
if two points have coordinates in any field, then so does their sum; therefore
this same group law makes the set E(K) into a group for any subfield K of C,
in particular for number fields.
1
II. The theorem of Mordell-Weil: rank of E(K)
In the 1920’s, Mordell determined the structure of the abelian group E(Q)
for any elliptic curve E defined over Q. Any abelian group is isomorphic to
a product of infinite cyclic groups with a finite abelian group; the number of
infinite cyclic factors is called the rank. For an arbitrary abelian group, the rank
can of course be infinite. Mordell showed that this cannot be the case for the
group E(Q) of an elliptic curve defined over Q, and Weil was able to reprove
and generalize Mordell’s theorem to all number fields.
Mordell-Weil theorem. Let E be an elliptic curve defined over a number
field K. Then the abelian group E(K) is finitely generated and in particular has
finite rank.
Mordell’s theorem, the version over Q, is proved by elementary methods,
explicitly exhibiting a finite set of points in E(Q) from which all other points
can be obtained via the addition law. The key ingredients used in the proof are
an upper bound on the height H(P + P0 ) for a fixed point P0 , a lower bound
on the height of H(2P ) (the height of a point P = (x, y, 1) is the height of the
rational number x = m/n, given by max{|m|, |n|}), and the crucial result that
the quotient of E(Q) by 2E(Q) is a finite group.
It is natural to ask whether there is a bound on the rank that an elliptic
curve defined over a given number field K can have. The answer to this question
is not known; applications of methods of Mestre have given rise to date to an
elliptic curve defined over Q of rank 21. Let us also introduce the conjecture of
Birch and Swinnerton-Dyer which predicts the exact value of the rank in terms
of the L-function associated to E. Suppose E is defined over Q and let ∆ be
the discriminant of 4x3 − g2 x − g3 . Let Fp denote the finite field Z/pZ, and for
all p not dividing ∆, set Np to be the number of points on the elliptic curve E
mod p, i.e. in P2 Fp ; this is one more than the number of solutions of the affine
equation y 2 = 4x3 − g2 x − g3 mod p. Let ap = 1 + p − Np . Then we have the
following theorem giving an upper bound on ap ; its proof is elementary.
√
Hasse-Weil Theorem.For all primes p, we have |ap | ≤ 2 p.
Let us now defined the L-function associated to E. For all s ∈ C, consider
the expression 1 − ap p−s + p1−2s . We set
LE (s) =
Y
p6|∆
1
1 − ap
p−s
+
p1−2s
·
Y
p|∆
1−
1
;
+ p p1−2s
a0p p−s
here in the “error term” dealing with the finite number of primes dividing ∆,
we have certain choices of a0p ∈ {−1, 0, 1} and p ∈ {0, 1}. Using the Hasse-Weil
theorem, one can show that this infinite product converges for Re s > 3/2.
Conjecture of Birch-Swinnerton-Dyer. LE (s) can be analytically continued
to the whole complex plane, and the order of its zero at s = 1 is equal to the
rank r of E.
There are some partial results on this conjecture. An elliptic curve is said to
2
P
be modular if an q n is the q-expansion of a modular form, where q = exp(2πiz)
and the an are obtained from the ap by simple multiplicative formulae when n
is not prime. The Taniyama-Shimura conjecture states that all elliptic curves
defined over Q are modular; Wiles has proven this result for all semistable
elliptic curves. Kolyvagin has shown that for any modular elliptic curve E, if
LE (s) does not vanish at s = 0, then there are no points of infinite order on E,
i.e. r = 0.
III. The theorem of Lutz-Nagell: torsion of E(Q)
¿From the previous theorem, we know that the set of points of finite order
in the group E(K) forms a finite, finitely generated abelian group. Considering
the extended set E(C) and directly using the addition law, it is easy to see that
for each odd prime p, there are exactly p2 complex points on E(C) of finite
order p, forming an additive group isomorphic to Z/pZ × Z/pZ, therefore the
group of points of order p in E(K) is at most Z/pZ × Z/pZ, but it may also be
isomorphic to Z/pZ, or just to O. Since for distinct primes p1 , . . . , pr the group
Z/p1 Z × · · · × Z/pr Z is isomorphic to the cyclic group Z/(p1 · · · pr )Z, we see
that the torsion subgroup of E(K) is isomorphic to a product Z/n1 Z × Z/n2 Z.
In the 1930’s Lutz and Nagell gave an algorithm to completely determine
the group of torsion points on E(Q). It is based on the following theorem.
Theorem of Lutz-Nagell. Let E be an elliptic curve determined by a cubic
equation y 2 = 4x3 − g2 x − g3 defined over Q; we may assume g2 and g3 ∈ Z. Let
(x0 , y0 ) be a torsion point satisfying this equation. Then x0 and y0 are integers
and y0 divides ∆, the discriminant of 4x3 − g2 x − g3 .
The proof of this theorem is elementary and consists in showing that no
primes can divide the denominators of x0 and y0 , by a close examination of the
behavior of primes in the denominators under the addition law; the fact that
y0 divides ∆ is easily shown by the following argument. If 2(x0 , y0 ) = (X0 , Y0 )
and (x0 , y0 ) is a torsion point, then so is (X0 , Y0 ), so x0 , y0 and X0 are integers.
The addition formula states that X0 = −2x0 + λ2 where λ = f 0 (x0 )/2y0 , so λ2
and therefore λ are integers, so y0 divides f 0 (x0 ) where f (x) = 4x3 − g2 x − g3 .
We also have y02 = f (x0 ) so y0 divides f (x0 ) as well as f 0 (x0 ), which implies
that y0 divides ∆.
Let us show how to use the Lutz-Nagell theorem to determine all the points
of finite order on E(Q). One first takes all the y0 dividing ∆; from there one
computes the corresponding x0 -values lying on the curve and throws out all
those which are not integers. There are only a finite number of these, say
m. The points (x0 , y0 ) with integer coordinates and y0 dividing ∆ are not all
torsion points, so to remove those which are not, one can compute the multiples
of (x0 , y0 ) up to (m+1); if we reach m+1 without having found the origin, or as
soon as we find a multiple of the point which does not have integer coordinates,
we know that the point is of infinite order.
3
IV. Mazur’s Theorem and Merel’s theorem: the size and structure of
the torsion group of E(K)
Recall that the torsion group of E(K) is isomorphic to a product of two cyclic
groups Z/n1 Z × Z/n2 Z. As we did for the rank r of E(K), we can ask whether
the numbers the numbers n1 and n2 can be arbitrarily large. The answer turns
out to be that these numbers are bounded by an expression involving only the
degree d = [K : Q].
In the case K = Q, we have the following result, proved by Mazur in the
1970’s (it was conjectured by Beppo Levi in 1908).
Mazur’s theorem. When K = Q, the only possibilities for (n1 , n2 ) are (1, m)
for 1 ≤ m ≤ 10 and (2, m) for 1 ≤ m ≤ 4, all of which occur.
Mazur’s techniques were extended by S. Kamienny to number fields of degree
2: he showed that for d = [K : Q] = 2, the only possibilities for (n1 , n2 ) are
(1, m) for 1 ≤ m ≤ 16, (1, 18), (2, 2m) for 1 ≤ m ≤ 6, (3, 3m) for 1 ≤ m ≤ 2,
and (4, 4). No such list has been determined for d ≥ 3. However, using less
explicit methods, Kamienny showed that n1 n2 was bounded by a function of
the degree d when d ≤ 14. The generalization of this result to all d is due to L.
Merel.
Merel’s Theorem. Let d = [K : Q]. Let p be a prime number dividing n1 n2 .
Then p ≤ (1 + 3d/2 )2 .
This result shows that n1 n2 is bounded. A recent result of P. Parent shows
that it is bounded by (1 + 3d )d6 times a constant.
Let’s take a brief look at the methods involved in the proof of Mazur’s result.
Let E be an elliptic curve defined over Q and let Np denote the number of its
solutions mod p for all primes p; set ap = p − Np .
Example. The modular curve X0 (11) is elliptic; its cubic is y 2 + y = x3 −
x2 − 10x − 20. The discriminant ∆ = 115 and we have N2 = N3 = N5 = 5,
N7 = N13 = 10, N17 = 20. Indeed, Np turns out to be divisible by 5 for all
p. Moreover, the curve X0 (11) is known to be modular, so Kolyvagin’s result
holds.
To prove that 11 cannot divide n1 n2 , we suppose that it does. Then there
is a point P of order 11 on E. Write down the system of algebraic equations
explicitly expressing the equation 11P = O. They describe an algebraic curve,
and it turns out to be exactly X0 (11). So the existence of E with P of order
11 on it is equivalent to the existence of a rational point on X0 (11). Except for
the fact that there exist 5 rational points on X0 (11) which do not correspond
to any pair (E, P ), namely O and a point Q of order 5 and its multiples.
We need the following fact: If P is a torsion point of E different from O,
then it reduces to a non-zero torsion point mod p. Let us first suppose that 3
does not divide ∆(E). If P is a point of order 11 on E, it still has
√ order 11 mod
3, so N3 ≤ 11. But by
Hasse-Weil,
we
have
|1
+
3
−
N
|
≤
2
3 which comes
3
√
out to say that 7 ≤ 2 3 which is wrong. Now consider the harder case where 3
divides ∆(E). If we have a point R of X0 (11) corresponding to the pair (E, P )
4
then this point reduces to O mod 3, so by the fact just above, either R = O or R
has infinite order. Now we use the fact that X0 (11) is known to be modular and
Kolyvagin’s result; we compute LX0 (11) (s) at s = 1 and find that it is non-zero,
so the rank of X0 (11) is zero so R = O, so it cannot come from a pair (E, P ).
For primes larger than 11, one can proceed more or less similarly, but since
the X0 (p) are not elliptic curves, the reasoning must be transported onto their
Jacobians.
5