next up previous
Next: An Example Over a Up: Lecture 26: The Elliptic Previous: The Point at Infinity

The Group Law is a Group Law

Let $ E$ be an elliptic curve of the form $ y^2 = x^3 +ax+b$ over a field $ K$. Consider the set

$\displaystyle E(K) = \{\O\} \cup \left\{ (x, y)\in K\times K : y^2 = x^3 + ax + b\right\}. $

Recall from the last lecture that there is a natural way to endow the set $ E(K)$ with a group structure. Here's how it works. First, the element $ \O\in E(K)$ is the zero element of the group. Next, suppose $ P$ and $ Q$ are elements of $ E(K)$. Just like we did earlier, let $ R=(x_3,y_3)$ be the third point of intersection of $ E$ and the line determined by $ P$ and $ Q$ (try this with the graphs on pages 1 and 2). Define

$\displaystyle P + Q = (x_3, -y_3). $

(For what goes wrong if you try to define $ P+Q=(x_3,y_3)$, see your homework assignment.) There are various special cases to consider, such as when $ P=Q$ or the third point of intersection is $ \O $, but I will let you read about them in [Kato et al.].

It is not surprising that this binary operation on $ E(K)$ satisfies $ P+Q = Q+P$. Also, the inverse of $ P=(x_1,y_1)$ is $ -P=(x_1,-y_1)$. The only other axiom to check in order to verify that $ +$ gives $ E(K)$ an abelian group structure is the associative law. This is simple but tedious to check using only elementary methods. The right way to prove that the associate law holds is to develop the theory of algebraic curves and define the group law in terms of divisor classes, but this is outside the scope of this course. For fun, we can coerce the amazingly cool (but complicated) computer algebra system MAGMA into verifying the associative law (over  $ \mathbb{Q}$) for us: 

// Define the field K = Q(a,b,x0,x1,x2) 
K<a,b,x0,x1,x2> := FieldOfFractions(PolynomialRing(Rationals(),5));
// Define the polynomial ring R = K[y0,y1,y2]
R<y0,y1,y2> := PolynomialRing(K,3);
// Define a maximal ideal of R:
I := ideal<R | y0^2 - (x0^3+a*x0+b), 
               y1^2 - (x1^3+a*x1+b), 
               y2^2 - (x2^3+a*x2+b)>;
// The quotient L = R/I is a field that contains three 
// distinct "generic" points on E.
L  := quo<R|I>;
// Define the elliptic curve y^2 = x^3 + a*x + b over L.
E  := EllipticCurve([L| a,b]);  
// Let P0, P1, and P2 be three distinct "generic" points on E.
P0 := E![L|x0,y0]; P1 := E![L|x1,y1]; P2 := E![L|x2,y2];
// The algebraic formulas for the group law are built into MAGMA.
lhs := (P0 + P1) + P2;  rhs := P0 + (P1 + P2);
// Verify the associative law.
lhs eq rhs;
true     // Yeah, it works!

next up previous
Next: An Example Over a Up: Lecture 26: The Elliptic Previous: The Point at Infinity
William A Stein 2001-11-16