We have discussed elliptic curves over the rational numbers, the real numbers, and the complex numbers in Elliptic Curves. In this post, we discuss elliptic curves over finite fields of the form , where is a prime, obtained by “reducing” an elliptic curve over the integers modulo (see Modular Arithmetic and Quotient Sets).

We recall that in Elliptic Curves we gave the definition of an elliptic curve as a polynomial equation that we may write as

with and satisfying the condition that

.

Still, we claimed that we will not be able to write the equation of the elliptic curve when the coefficients of the elliptic curve are of characteristic equal to or , as is the case for the finite fields or , therefore we will give more general forms for the equation of the elliptic curve later, along with the appropriate conditions. To help us with the latter, we will first look at the case of curves over the real numbers, where we can still make use of the equations above, and see what happens when the conditions on and are not satisfied.

Let both and both be equal to , in which case the condition is not satisfied. Then our curve (which is not an elliptic curve) is given by the equation

whose graph in the – plane is given by the following figure (plotted using the WolframAlpha software):

Next let and . Once again the condition is not satisfied. Our curve is given by

and whose graph is given by the following figure (again plotted using WolframAlpha):

Note also that in both cases, the right hand side of the equations of the curves are polynomials in with a double or triple root; for , the right hand side, , has a triple root at , while for , the right hand side, , factors into and therefore has a double root at .

The two curves, and , are examples of **singular curves**. It is therefore a requirement for a curve to be an elliptic curve, that it must be **nonsingular**.

We now introduce the general form of an elliptic curve, applicable even when the coefficients belong to fields of characteristic or , along with the general condition for it to be nonsingular. We note that the elliptic curve has a “**point at infinity**“; in order to make this idea explicit, we make use of the notion of **projective space** (see Projective Geometry) and write our equation in **homogeneous coordinates** , , and :

This equation is called the **long Weierstrass equation**. We may also say that it is in **long Weierstrass form**.

We can now define what it means for a curve to be singular. Let

Then a **singular point** on this curve is a point with coordinates , , and such that

It might be difficult to think of calculus when we are considering, for example, curves over finite fields, where there are a finite number of points on the curve, so we might instead just think of the partial derivatives of the curve as being obtained “algebraically” using the “power rule” of basic calculus,

and applying it, along with the usual rules for partial derivatives and constant factors, to every term of the curve. Such is the power of algebraic geometry; it allows us to “import” techniques from calculus and other areas of mathematics which we would not ordinarily think of as being applicable to cases such as curves over finite fields.

If a curve has no singular points, then it is called a **nonsingular curve**. We may also say that the curve is **smooth**. In order for a curve written in long Weierstrass form to be an elliptic curve, we require that it be a nonsingular curve as well.

If the coefficients of the curve are not of characteristic equal to , we can make a projective transformation of variables to write its equation in a simpler form, known as the **short Weierstrass equation**, or **short Weierstrass form**:

In this case the condition for the curve to be nonsingular can be written in the following form:

The quantity

is called the **discriminant** of the curve.

We note now, of course, that the usual expressions for the elliptic curve, in what we call **affine coordinates** and , can be recovered from our expression in terms of **homogeneous coordinates** , , and simply by setting and . The case of course corresponds to the “point at infinity”.

We now consider an elliptic curve whose equation has coefficients which are rational numbers. We can make a projective transformation of variables to rewrite the equation into one which has integers as coefficients. Then we can reduce the coefficients modulo a prime and investigate the points of the elliptic curve considered as having coordinates in the finite field .

It may happen that when we reduce an elliptic curve modulo , the resulting curve over the finite field is no longer nonsingular. In this case we say that it has **bad reduction** at . Consider, for example, the following elliptic curve (written in affine coordinates):

Let us reduce this modulo the prime . Then, since and , we obtain the curve

over . The right hand side actually factors into over , which means that it has a double root at (which is equivalent to modulo ), and has discriminant equal to zero over , hence, this curve over is singular, and the elliptic curve given by has bad reduction at . It also has bad reduction at ; in fact, we mentioned earlier that we cannot even write an elliptic curve in the form when the field of coefficients have characteristic equal to . This is because such a curve will always be singular over such a field. The curve remains nonsingular over all other primes, however; we also say that the curve has **good reduction** over all primes except for and .

In the case that an elliptic curve has bad reduction at , we say that it has **additive reduction** if there is only one tangent line at the singular point (we also say that the singular point is a **cusp**), for example in the case of the curve , and we say that it has **multiplicative reduction** if there are two distinct tangent lines at the singular point (in this case we say that the singular point is a **node**), for example in the case of the curve . If the slope of these tangent lines are given by elements of the same field as the coefficients of the curve (in our case rational numbers), we say that it has **split multiplicative reduction**, otherwise, we say that it has **nonsplit multiplicative reduction**. We note that since we are working with finite fields, what we describe as “tangent lines” are objects that we must define “algebraically”, as we have done earlier when describing the notion of a curve being singular.

As we have already seen in The Riemann Hypothesis for Curves over Finite Fields, whenever we have a curve over some finite field (where for some natural number ), our curve will also have a finite number of points, and these points will have coordinates in . We denote the number of these points by . In our case, we are interested in the case , so that . When our elliptic curve has good reduction over , we define a quantity , sometimes called the -defect, or also known as the trace of Frobenius, as

.

We can now define the **Hasse-Weil L-function** of an elliptic curve as follows:

where runs over all prime numbers, and

if has good reduction at

if has split multiplicative reduction at

if has nonsplit multiplicative reduction at

if has additive reduction at .

The Hasse-Weil L-function encodes number-theoretic information related to the elliptic curve, and much of modern mathematical research involves this function. For example, the **Birch and Swinnerton-Dyer conjecture** says that the **rank** of the group formed by the rational points of the elliptic curve (see Elliptic Curves), also known as the **Mordell-Weil group**, is equal to the order of the zero of the Hasse-Weil L-function at , i.e. we have the following **Taylor series** expansion of the Hasse-Weil L-function at :

where is a constant and is the rank of the elliptic curve.

Meanwhile, the **Shimura-Taniyama-Weil conjecture**, now also known as the **modularity conjecture**, central to Andrew Wiles’s proof of **Fermat’s Last Theorem**, states that the Hasse-Weil L-function can be expressed as the following series:

and the coefficients are also the coefficients of the **Fourier series** expansion of some **modular form** (see The Moduli Space of Elliptic Curves):

.

For more on the modularity theorem and Wiles’s proof of Fermat’s Last Theorem, the reader is encouraged to read the award-winning article A Marvelous Proof by Fernando Q. Gouvea, which is freely and legally available online. A link to this article (hosted on the website of the Mathematical Association of America) is provided among the list of references below.

References:

Hasse-Weil Zeta Function on Wikipedia

Birch and Swinnerton-Dyer Conjecture on Wikipedia

Modularity Theorem on Wikipedia

Wiles’s Proof of Fermat’s Last Theorem on Wikipedia

The Birch and Swinnerton-Dyer Conjecture by Andrew Wiles

A Marvelous Proof by Fernando Q. Gouvea

A Friendly Introduction to Number Theory by Joseph H. Silverman

The Arithmetic of Elliptic Curves by Joseph H. Silverman

Advanced Topics in the Arithmetic of Elliptic Curves by Joseph H. Silverman

Invitation to the Mathematics of Fermat-Wiles by Yves Hellegouarch

A First Course in Modular Forms by Fred Diamond and Jerry Shurman