Elliptic Curves

🔢Elliptic Curves Unit 6 – Elliptic Curves: Algebraic Geometry Foundations

Elliptic curves are cubic equations that form abelian groups under a special addition law. They're crucial in cryptography and number theory, with applications in digital signatures and cryptocurrency. Their study combines algebra, geometry, and analysis. The Mordell-Weil theorem and Birch-Swinnerton-Dyer conjecture are key results in elliptic curve theory. Historically rooted in 17th-century mathematics, elliptic curves have evolved into a rich field with connections to modular forms and the proof of Fermat's Last Theorem.

Key Concepts

  • Elliptic curves are cubic equations of the form y2=x3+ax+by^2 = x^3 + ax + b where aa and bb are constants and the discriminant Δ=4a3+27b20\Delta = 4a^3 + 27b^2 \neq 0
  • Elliptic curves form an abelian group under the chord-and-tangent addition law
  • The group law on elliptic curves is geometrically defined using the intersection of lines with the curve
  • Elliptic curves over finite fields have applications in cryptography such as in the Elliptic Curve Digital Signature Algorithm (ECDSA)
  • The Mordell-Weil theorem states that the group of rational points on an elliptic curve is finitely generated
  • The rank of an elliptic curve is the number of independent points of infinite order in the Mordell-Weil group
    • Determining the rank of an elliptic curve is a difficult problem with no known general algorithm
  • The Birch and Swinnerton-Dyer conjecture relates the rank of an elliptic curve to the behavior of its L-function at s=1s=1

Historical Context

  • Elliptic curves were first studied in connection with the problem of computing the arc length of an ellipse in the 17th century
  • In the 19th century, Niels Henrik Abel and Carl Gustav Jacobi discovered the group law on elliptic curves and their connection to elliptic functions
  • In the early 20th century, Henri Poincaré and others developed the geometric approach to elliptic curves and the group law
  • In the 1920s, Louis Mordell proved the finite generation of the group of rational points on an elliptic curve (Mordell-Weil theorem)
  • In the 1960s, Bryan Birch and Peter Swinnerton-Dyer formulated their famous conjecture relating the rank of an elliptic curve to its L-function
  • The use of elliptic curves in cryptography was proposed independently by Neal Koblitz and Victor Miller in 1985
    • This led to the development of elliptic curve cryptography (ECC) and its widespread use in modern cryptographic protocols
  • Andrew Wiles' proof of Fermat's Last Theorem in 1995 used techniques from the theory of elliptic curves and modular forms

Algebraic Geometry Basics

  • Algebraic geometry studies geometric objects defined by polynomial equations
  • Affine varieties are sets of points in affine space that satisfy a system of polynomial equations
    • For example, the curve y2=x3+ax+by^2 = x^3 + ax + b is an affine variety in the affine plane A2\mathbb{A}^2
  • Projective varieties are sets of points in projective space that satisfy a system of homogeneous polynomial equations
    • Projective space adds points at infinity to affine space, allowing for a more uniform treatment of geometric objects
  • The Zariski topology on an affine or projective variety is defined by taking closed sets to be the zero loci of polynomial equations
  • Regular functions on an affine variety are functions that can be expressed as polynomials in the coordinates
  • Rational functions on a variety are ratios of regular functions (polynomials) defined on open subsets of the variety
  • Morphisms between varieties are maps that can be locally expressed as polynomials or rational functions in the coordinates

Defining Elliptic Curves

  • An elliptic curve over a field KK is a smooth, projective curve of genus 1 with a specified base point OO
  • The most common form of an elliptic curve is the Weierstrass equation: y2=x3+ax+by^2 = x^3 + ax + b, where a,bKa, b \in K and the discriminant Δ=4a3+27b20\Delta = 4a^3 + 27b^2 \neq 0
    • The non-vanishing of the discriminant ensures that the curve is smooth (has no cusps or self-intersections)
  • Elliptic curves can also be defined as cubic curves in projective space P2\mathbb{P}^2 with a specified base point O=[0:1:0]O = [0:1:0]
  • The group law on an elliptic curve is defined geometrically using the chord-and-tangent method
    • Three points on the curve sum to zero if and only if they are collinear
    • The negative of a point is its reflection across the xx-axis
  • The group law can also be expressed algebraically using explicit formulas derived from the Weierstrass equation
  • Elliptic curves over the complex numbers C\mathbb{C} can be parametrized by the Weierstrass \wp-function and its derivative

Properties and Structure

  • The set of points on an elliptic curve EE over a field KK, denoted E(K)E(K), forms an abelian group under the chord-and-tangent addition law
    • The identity element is the specified base point OO
    • The inverse of a point P=(x,y)P = (x, y) is the point P=(x,y)-P = (x, -y)
  • The group E(K)E(K) is a finitely generated abelian group by the Mordell-Weil theorem
    • It is isomorphic to ZrE(K)tors\mathbb{Z}^r \oplus E(K)_{\text{tors}}, where rr is the rank and E(K)torsE(K)_{\text{tors}} is the torsion subgroup
  • The torsion subgroup E(K)torsE(K)_{\text{tors}} consists of points of finite order and is always finite
    • For K=QK = \mathbb{Q}, the possible torsion subgroups are classified by Mazur's theorem
  • The rank rr is the number of independent points of infinite order in E(K)E(K)
    • Computing the rank is a difficult problem, and there is no known general algorithm
  • Elliptic curves over finite fields Fq\mathbb{F}_q have a finite number of points, denoted #E(Fq)\#E(\mathbb{F}_q)
    • Hasse's theorem bounds the number of points: #E(Fq)(q+1)2q|\#E(\mathbb{F}_q) - (q+1)| \leq 2\sqrt{q}
  • The endomorphism ring of an elliptic curve over a field KK is the ring of all morphisms from the curve to itself that fix the base point OO

Geometric Interpretation

  • Elliptic curves can be visualized as smooth, symmetric curves in the affine or projective plane
  • The group law has a geometric interpretation using the chord-and-tangent method
    • To add two points PP and QQ, draw a line through PP and QQ (or the tangent line if P=QP = Q) and find the third intersection point RR; then P+Q=RP + Q = -R
  • The base point OO serves as the identity element and is often chosen to be the "point at infinity" in the projective plane
  • Torsion points on an elliptic curve have a geometric interpretation as points of finite order under the group law
    • For example, a point PP of order 2 is a point such that the tangent line at PP intersects the curve at OO
  • The rank of an elliptic curve can be interpreted as the number of independent "holes" or "handles" on the curve when viewed as a topological surface
  • Elliptic curves over the complex numbers C\mathbb{C} can be viewed as complex tori C/Λ\mathbb{C}/\Lambda, where Λ\Lambda is a lattice in the complex plane
    • The group law on the torus corresponds to the addition law on the elliptic curve under the Weierstrass parametrization

Applications in Cryptography

  • Elliptic curve cryptography (ECC) is based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP)
    • Given points PP and QQ on an elliptic curve, it is computationally infeasible to find an integer kk such that Q=kPQ = kP
  • ECC requires smaller key sizes than other public-key cryptosystems (RSA, DSA) for the same level of security
    • This makes ECC well-suited for resource-constrained environments like mobile devices and smart cards
  • The Elliptic Curve Digital Signature Algorithm (ECDSA) is a widely used digital signature scheme based on ECC
    • ECDSA is employed in various protocols, including Bitcoin and Ethereum cryptocurrencies
  • Elliptic curve Diffie-Hellman (ECDH) is a key agreement protocol that allows two parties to establish a shared secret over an insecure channel
  • Supersingular isogeny-based cryptography is a post-quantum cryptographic approach that uses isogenies between supersingular elliptic curves
    • This is believed to be resistant to attacks by quantum computers, unlike ECC based on the ECDLP
  • Pairing-based cryptography uses bilinear pairings on elliptic curves to construct advanced cryptographic primitives
    • Examples include identity-based encryption, attribute-based encryption, and short digital signatures

Advanced Topics and Open Problems

  • The Birch and Swinnerton-Dyer (BSD) conjecture relates the rank of an elliptic curve to the behavior of its L-function at s=1s=1
    • The BSD conjecture is one of the Clay Mathematics Institute's Millennium Prize Problems
  • Elliptic curves over Q\mathbb{Q} can be classified up to isogeny using their j-invariant and conductor
    • The modular curve X0(N)X_0(N) parametrizes isogeny classes of elliptic curves with conductor NN
  • The Langlands program seeks to unify various areas of mathematics, including the theory of elliptic curves and modular forms
    • The Taniyama-Shimura conjecture (now a theorem) states that every elliptic curve over Q\mathbb{Q} is modular, i.e., its L-function coincides with the L-function of a modular form
  • Elliptic curves over number fields and function fields have a rich arithmetic structure and are the subject of active research
  • The Sato-Tate conjecture describes the distribution of the number of points on an elliptic curve over Fp\mathbb{F}_p as pp varies
    • The conjecture was proved for certain classes of elliptic curves by Richard Taylor and others in the early 2000s
  • The ranks of elliptic curves over Q\mathbb{Q} are conjectured to be unbounded, but the largest known rank is 28 (as of 2021)
    • Finding high-rank elliptic curves and understanding the distribution of ranks is an ongoing area of research


© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.

© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.