Reduction of Elliptic Curves Modulo Primes

We have discussed elliptic curves over the rational numbers, the real numbers, and the complex numbers in Elliptic Curves. In this post, we discuss elliptic curves over finite fields of the form $\mathbb{F}_{p}$ , where $p$ is a prime, obtained by “reducing” an elliptic curve over the integers modulo $p$ (see Modular Arithmetic and Quotient Sets).

We recall that in Elliptic Curves we gave the definition of an elliptic curve as a polynomial equation that we may write as

$\displaystyle y^{2}=x^{3}-ax+b$

with $a$ and $b$ satisfying the condition that

$\displaystyle 4a^{3}+27b^{2}\neq 0$ .

Still, we claimed that we will not be able to write the equation of the elliptic curve when the coefficients of the elliptic curve are of characteristic equal to $2$ or $3$ , as is the case for the finite fields $\mathbb{F}_{2}$ or $\mathbb{F}_{3}$ , therefore we will give more general forms for the equation of the elliptic curve later, along with the appropriate conditions. To help us with the latter, we will first look at the case of curves over the real numbers, where we can still make use of the equations above, and see what happens when the conditions on $a$ and $b$ are not satisfied.

Let both $a$ and $b$ both be equal to $0$ , in which case the condition is not satisfied. Then our curve (which is not an elliptic curve) is given by the equation

$\displaystyle y^{2}=x^{3}$

whose graph in the $x$ – $y$ plane is given by the following figure (plotted using the WolframAlpha software):

msp8421ceh7049d511806600001ha509ah5dee52ed

Next let $a=-3$ and $b=2$ . Once again the condition is not satisfied. Our curve is given by

$\displaystyle y^{2}=x^{3}-3x+2$

and whose graph is given by the following figure (again plotted using WolframAlpha):

msp51201b91cb194c07ih2g0000670ibac2gfha7c42

Note also that in both cases, the right hand side of the equations of the curves are polynomials in $x$ with a double or triple root; for $y^{2}=x^{3}$ , the right hand side, $x^{3}$ , has a triple root at $x=0$ , while for $y^{2}=x^{3}-3x+2$ , the right hand side, $x^{3}-3x+2$ , factors into $y^{2}=(x-1)^{2}(x+2)$ and therefore has a double root at $x=1$ .

The two curves, $y^{2}=x^{3}$ and $y^{2}=x^{3}-3x+2$ , are examples of singular curves. It is therefore a requirement for a curve to be an elliptic curve, that it must be nonsingular.

We now introduce the general form of an elliptic curve, applicable even when the coefficients belong to fields of characteristic $2$ or $3$ , along with the general condition for it to be nonsingular. We note that the elliptic curve has a “point at infinity“; in order to make this idea explicit, we make use of the notion of projective space (see Projective Geometry) and write our equation in homogeneous coordinates $X$ , $Y$ , and $Z$ :

$\displaystyle Y^{2}Z+a_{1}XYZ+a_{3}YZ^{2}=X^{3}+a_{2}XZ^{2}+a_{4}X^{2}Z+a_{6}Z^{3}$

This equation is called the long Weierstrass equation. We may also say that it is in long Weierstrass form.

We can now define what it means for a curve to be singular. Let

$\displaystyle F=Y^{2}Z+a_{1}XYZ+a_{3}YZ^{2}-X^{3}-a_{2}XZ^{2}-a_{4}X^{2}Z-a_{6}Z^{3}$

Then a singular point on this curve $F$ is a point with coordinates $a$ , $b$ , and $c$ such that

$\displaystyle \frac{\partial F}{\partial X}(a,b,c)=\frac{\partial F}{\partial Y}(a,b,c)=\frac{\partial F}{\partial Z}(a,b,c)=0$

It might be difficult to think of calculus when we are considering, for example, curves over finite fields, where there are a finite number of points on the curve, so we might instead just think of the partial derivatives of the curve as being obtained “algebraically” using the “power rule” of basic calculus,

$\displaystyle \frac{d(x^{n})}{dx}=nx^{n-1}$

and applying it, along with the usual rules for partial derivatives and constant factors, to every term of the curve. Such is the power of algebraic geometry; it allows us to “import” techniques from calculus and other areas of mathematics which we would not ordinarily think of as being applicable to cases such as curves over finite fields.

If a curve has no singular points, then it is called a nonsingular curve. We may also say that the curve is smooth. In order for a curve written in long Weierstrass form to be an elliptic curve, we require that it be a nonsingular curve as well.

If the coefficients of the curve are not of characteristic equal to $2$ , we can make a projective transformation of variables to write its equation in a simpler form, known as the short Weierstrass equation, or short Weierstrass form:

$Y^{2}Z=X^{3}+a_{2}X^{2}Z+a_{4}XZ^{2}+a_{6}Z^{3}$

In this case the condition for the curve to be nonsingular can be written in the following form:

$\displaystyle -4a_{2}^{3}a_{6}+a_{2}^{2}a_{4}^{2}+18a_{4}a_{2}a_{6}-4a_{4}^{3}-27a_{6}^{2}=0$

The quantity

$\displaystyle D=-4a_{2}^{3}a_{6}+a_{2}^{2}a_{4}^{2}+18a_{4}a_{2}a_{6}-4a_{4}^{3}-27a_{6}^{2}$

is called the discriminant of the curve.

We note now, of course, that the usual expressions for the elliptic curve, in what we call affine coordinates $x$ and $y$ , can be recovered from our expression in terms of homogeneous coordinates $X$ , $Y$ , and $Z$ simply by setting $x=\frac{X}{Z}$ and $y=\frac{Y}{Z}$ . The case $Z=0$ of course corresponds to the “point at infinity”.

We now consider an elliptic curve whose equation has coefficients which are rational numbers. We can make a projective transformation of variables to rewrite the equation into one which has integers as coefficients. Then we can reduce the coefficients modulo a prime $p$ and investigate the points of the elliptic curve considered as having coordinates in the finite field $\mathbb{F}_{p}$ .

It may happen that when we reduce an elliptic curve modulo $p$ , the resulting curve over the finite field $\mathbb{F}_{p}$ is no longer nonsingular. In this case we say that it has bad reduction at $p$ . Consider, for example, the following elliptic curve (written in affine coordinates):

$\displaystyle y^{2}=x^{3}-4x^{2}+16$

Let us reduce this modulo the prime $p=11$ . Then, since $-4\equiv 7 \text{mod }11$ and $16\equiv 5 \text{mod }11$ , we obtain the curve

$\displaystyle y^{2}=x^{3}+7x^{2}+5$

over $\mathbb{F}_{11}$ . The right hand side actually factors into $(x+1)^{2}(x+5)$ over $\mathbb{F}_{11}$ , which means that it has a double root at $x=10$ (which is equivalent to $x=-1$ modulo $11$ ), and has discriminant equal to zero over $\mathbb{F}_{11}$ , hence, this curve over $\mathbb{F}_{11}$ is singular, and the elliptic curve given by $y^{2}=x^{3}+7x^{2}+5$ has bad reduction at $p=11$ . It also has bad reduction at $p=2$ ; in fact, we mentioned earlier that we cannot even write an elliptic curve in the form $y^{2}=x^{3}+a_{2}x^{2}+a_{4}x+a_{6}$ when the field of coefficients have characteristic equal to $2$ . This is because such a curve will always be singular over such a field. The curve $y^{2}=x^{3}+7x^{2}+5$ remains nonsingular over all other primes, however; we also say that the curve has good reduction over all primes $p$ except for $p=2$ and $p=11$ .

In the case that an elliptic curve has bad reduction at $p$ , we say that it has additive reduction if there is only one tangent line at the singular point (we also say that the singular point is a cusp), for example in the case of the curve $y^{2}=x^{3}$ , and we say that it has multiplicative reduction if there are two distinct tangent lines at the singular point (in this case we say that the singular point is a node), for example in the case of the curve $y^{2}=x^{3}-3x+2$ . If the slope of these tangent lines are given by elements of the same field as the coefficients of the curve (in our case rational numbers), we say that it has split multiplicative reduction, otherwise, we say that it has nonsplit multiplicative reduction. We note that since we are working with finite fields, what we describe as “tangent lines” are objects that we must define “algebraically”, as we have done earlier when describing the notion of a curve being singular.

As we have already seen in The Riemann Hypothesis for Curves over Finite Fields, whenever we have a curve over some finite field $\mathbb{F}_{q}$ (where $q=p^{n}$ for some natural number $n$ ), our curve will also have a finite number of points, and these points will have coordinates in $\mathbb{F}_{q}$ . We denote the number of these points by $N_{q}$ . In our case, we are interested in the case $n=1$ , so that $q=p$ . When our elliptic curve has good reduction over $p$ , we define a quantity $a_{p}$ , sometimes called the $p$ -defect, or also known as the trace of Frobenius, as

$\displaystyle a_{p}=p+1-N_{p}$ .

We can now define the Hasse-Weil L-function of an elliptic curve $E$ as follows:

$\displaystyle L_{E}(s)=\prod_{p}L_{p}(s)$

where $p$ runs over all prime numbers, and

$\displaystyle L_{p}(s)=\frac{1}{(1-a_{p}p^{-s}+p^{1-2s})}$ if $E$ has good reduction at $p$

$\displaystyle L_{p}(s)=\frac{1}{(1-p^{-s})}$ if $E$ has split multiplicative reduction at $p$

$\displaystyle L_{p}(s)=\frac{1}{(1+p^{-s})}$ if $E$ has nonsplit multiplicative reduction at $p$

$\displaystyle L_{p}(s)=1$ if $E$ has additive reduction at $p$ .

The Hasse-Weil L-function encodes number-theoretic information related to the elliptic curve, and much of modern mathematical research involves this function. For example, the Birch and Swinnerton-Dyer conjecture says that the rank of the group formed by the rational points of the elliptic curve (see Elliptic Curves), also known as the Mordell-Weil group, is equal to the order of the zero of the Hasse-Weil L-function at $s=1$ , i.e. we have the following Taylor series expansion of the Hasse-Weil L-function at $s=1$ :

$\displaystyle L_{E}(s)=c(s-1)^{r}+\text{higher order terms}$

where $c$ is a constant and $r$ is the rank of the elliptic curve.

Meanwhile, the Shimura-Taniyama-Weil conjecture, now also known as the modularity conjecture, central to Andrew Wiles’s proof of Fermat’s Last Theorem, states that the Hasse-Weil L-function can be expressed as the following series:

$\displaystyle L_{E}(s)=\sum_{n=1}^{\infty}\frac{a_{n}}{n^{s}}$

and the coefficients $a_{n}$ are also the coefficients of the Fourier series expansion of some modular form $f(E,\tau)$ (see The Moduli Space of Elliptic Curves):

$\displaystyle f(E,\tau)=\sum_{n=1}^{\infty}a_{n}e^{2\pi i \tau}$ .

For more on the modularity theorem and Wiles’s proof of Fermat’s Last Theorem, the reader is encouraged to read the award-winning article A Marvelous Proof by Fernando Q. Gouvea, which is freely and legally available online. A link to this article (hosted on the website of the Mathematical Association of America) is provided among the list of references below.

References:

Elliptic Curve on Wikipedia

Hasse-Weil Zeta Function on Wikipedia

Birch and Swinnerton-Dyer Conjecture on Wikipedia

Modularity Theorem on Wikipedia

Wiles’s Proof of Fermat’s Last Theorem on Wikipedia

The Birch and Swinnerton-Dyer Conjecture by Andrew Wiles

A Marvelous Proof by Fernando Q. Gouvea

A Friendly Introduction to Number Theory by Joseph H. Silverman

The Arithmetic of Elliptic Curves by Joseph H. Silverman

Advanced Topics in the Arithmetic of Elliptic Curves by Joseph H. Silverman

Invitation to the Mathematics of Fermat-Wiles by Yves Hellegouarch

A First Course in Modular Forms by Fred Diamond and Jerry Shurman

Theories and Theorems

Math and Physics for Everyone

Reduction of Elliptic Curves Modulo Primes

2 thoughts on “Reduction of Elliptic Curves Modulo Primes”

Leave a comment Cancel reply

Share this:

2 thoughts on “Reduction of Elliptic Curves Modulo Primes”

Leave a comment Cancel reply