In mathematics, elliptic curves are defined by certain cubic (the superscript exponent is three, a.k.a. third degree) equations. They have been used in the proof of Fermat's last theorem and they also find applications in cryptography (for details, see the article elliptic curve cryptography) and integer factorization. These curves are not ellipses: see elliptic integral for the origin of the term.
Elliptic curves are non-singular, meaning they don't have cusps or self-intersections, and a binary operation can be defined for their points in a natural geometric fashion, thus turning the set of points into an abelian group.
Typical elliptic curves over the field of real numbers are given by the equations y2 = x3 − x and y2 = x3 − x + 1.
If the characteristic of K is neither 2 nor 3, then every elliptic curve over K can be written in the form
- y2 = x3 − px − q
where p and q are elements of K such that the right hand side polynomial x3 − px − q does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept.
One typically takes the curve to be the set of all points (x,y) which satisfy the above equation and such that both x and y are elements of the algebraic closure of K. Points of the curve whose coordinates both belong to K are called K-rational points.
By adding a point "at infinity", we obtain the projective version of this curve. If P and Q are two points on the curve, then we can uniquely describe a third point which is the intersection of the curve with the line through P and Q. If the line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the y-axis, we define the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on an elliptic curve.
It is then possible to introduce a group operation, "+", on the curve with the following properties: we consider the point at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points P, Q and R, then we require that P + Q + R = 0 in the group. One can check that this turns the curve into an abelian group, and thus into an abelian variety. It can be shown that the set of K-rational points (including the point at infinity) forms a subgroup of this group. If the curve is denoted by E, then this subgroup is often written as E(K).
The above group can be described algebraically as well as geometrically. Given the curve y2 = x3 - px - q over the field K (whose characteristic we assume to be neither 2 nor 3), and points P = (xP, yP) and Q = (xQ, yQ) on the curve, assume first that xP ≠ xQ. Let s = (yP - yQ)/(xP - xQ); since K is a field, s is well-defined. Then we can define R = P + Q = (xR, yR) by
- xR = s2 - xP - xQ
- yR = - yP + s(xP - xR)
If xP = xQ, then there are two options: if yP = -yQ, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the x-axis. If yP = yQ ≠ 0, then R = P + P = 2P = (xR, yR) is given by
- xR = s2 - 2xP
- yR = - yP + s(xP - xR)
If yP = yQ = 0, then P + P = 0.
The Mordell-Weil theorem states that if the underlying field K is the field of rational numbers (or more generally a number field), then the group of K-rational points is finitely generated. While it is relatively easily to determine the torsion subgroup of E(K), no general algorithm is known to compute its rank. A formula for this rank is given by the Birch and Swinnerton-Dyer conjecture.
The recent proof of Fermat's last theorem proceeded by proving a special case of the deep Taniyama-Shimura conjecture relating elliptic curves over the rationals to modular forms; this conjecture has since been completely proved.
If the underlying field K is the field of complex numbers, then every elliptic curve can be parametrized by a certain elliptic function and its derivative. Specifically, to every elliptic curve E there exists a lattice L and a corresponding Weierstrass elliptic function , such that the map
- φ : C/L → E
is a group isomorphism and an isomorphism of Riemann surfaces. This shows in particular that topologically, E looks like a torus (since C/L is a torus). If the lattice L is related to a lattice cL by multiplication by a non-zero complex number c, then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the j-invariant.
For further developments see arithmetic of abelian varieties.
Elliptic curves over finite fields are used in some cryptographic applications as well as for integer factorization. Typically, the general idea in these applications is that a known algorithm which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. For more see also:
- The Mathematical Atlas: 14H52 Elliptic Curves