|
|
| Line 1: |
Line 1: |
| [[Image:EllipticCurveCatalog.svg|right|thumb|392px|A catalog of elliptic curves. Region shown is [−3,3]<sup>2</sup> (For ''a'' = 0 and ''b'' = 0 the function is not smooth and therefore not an elliptic curve.)]]
| | Hai happens when I'm called and I totally dig that status. North Carolina has always been her living place. Office supervising is what i do for a job but soon my wife and I'm going to start my business. To draw 3d graphics precisely what love by doing.<br><br>Also visit my blog [https://qtrial2014.az1.qualtrics.com/SE/?SID=SV_3loc6jN5htnRrVj&Preview=Survey&BrandID=qtrial2014/ Writing] |
| {{Group theory sidebar |Algebraic}}
| |
| | |
| In [[mathematics]], an '''elliptic curve''' ('''EC''') is a [[Nonsingular variety|smooth]], [[Projective variety|projective]] [[algebraic curve]] of [[Genus of an algebraic curve|genus]] one, on which there is a specified point ''O''. An elliptic curve is in fact an [[abelian variety]] – that is, it has a multiplication defined algebraically, with respect to which it is a (necessarily [[commutative]]) [[group (mathematics)|group]] – and ''O'' serves as the identity element. Often the curve itself, without ''O'' specified, is called an elliptic curve.
| |
| | |
| Any elliptic curve can be written as a plane algebraic curve defined by an equation of the form:
| |
| | |
| :<math>y^2 = x^3 + ax + b</math>
| |
| | |
| which is non-singular; that is, its graph has no [[cusp (singularity)|cusps]] or self-intersections. (When the [[characteristic (algebra)|characteristic]] of the [[coefficient field]] is equal to 2 or 3, the above equation is not quite general enough to comprise all non-singular [[cubic plane curve|cubic curves]]; see [[#Elliptic curves over a general field|below]] for a more precise definition.) The point ''O'' is actually the "[[point at infinity]]" in the [[projective plane]].
| |
| | |
| If ''y''<sup>2</sup> = ''P''(''x''), where ''P'' is any polynomial of degree three in ''x'' with no repeated roots, then we obtain a nonsingular plane curve of [[genus (mathematics)|genus]] one, which is thus also an elliptic curve. If ''P'' has degree four and is squarefree this equation again describes a plane curve of genus one; however, it has no natural choice of identity element. More generally, any algebraic curve of genus one, for example from the intersection of two [[quadric|quadric surfaces]] embedded in three-dimensional projective space, is called an elliptic curve, provided that it has at least one [[rational point]].
| |
| | |
| Using the theory of [[elliptic function]]s, it can be shown that elliptic curves defined over the [[complex number]]s correspond to embeddings of the [[torus]] into the [[complex projective plane]]. The torus is also an abelian group, and in fact this correspondence is also a [[group isomorphism]].
| |
| | |
| Elliptic curves are especially important in [[number theory]], and constitute a major area of current research; for example, they were used in the proof, by [[Andrew Wiles]] (assisted by [[Richard Taylor (mathematician)|Richard Taylor]]), of [[Fermat's Last Theorem]]. They also find applications in [[elliptic curve cryptography]] (ECC) and [[integer factorization]].
| |
| | |
| An elliptic curve is ''not'' an [[ellipse]]: see [[elliptic integral]] for the origin of the term. Topologically, an elliptic curve is a [[torus]].
| |
| | |
| ==Elliptic curves over the real numbers==
| |
| [[Image:ECClines-3.svg|frame|right|Graphs of curves ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''x'' and ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''x'' + 1]]
| |
| Although the formal definition of an elliptic curve is fairly technical and requires some background in [[algebraic geometry]], it is possible to describe some features of elliptic curves over the [[real number]]s using only high school [[algebra]] and [[geometry]].
| |
| | |
| In this context, an elliptic curve is a [[plane curve]] defined by an equation of the form
| |
| | |
| :<math>y^2 = x^3 + ax + b</math>
| |
| | |
| where ''a'' and ''b'' are real numbers. This type of equation is called a '''Weierstrass equation'''.
| |
| | |
| The definition of elliptic curve also requires that the curve be [[non-singular]]. Geometrically, this means that the graph has no [[cusp (singularity)|cusps]], self-intersections, or isolated points. Algebraically, this involves calculating the [[discriminant]]
| |
| | |
| : <math>\Delta = -16(4a^3 + 27b^2)</math>
| |
| | |
| The curve is non-singular if and only if the discriminant is not equal to zero. (Although the factor −16 seems irrelevant here, it turns out to be convenient in a more advanced study of elliptic curves.)
| |
| | |
| The (real) graph of a non-singular curve has ''two'' components if its discriminant is positive, and ''one'' component if it is negative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in the second case is −368.
| |
| | |
| ==The group law==
| |
| By adding a "point at infinity", we obtain the projective version of this curve. If ''P'' and ''Q'' are two points on the curve, then we can uniquely describe a third point which is the intersection of the curve with the line through ''P'' and ''Q''. If the line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the ''y''-axis, we define the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on an elliptic curve.
| |
| | |
| <div class="center">
| |
| [[Image:ECClines.svg]]
| |
| </div>
| |
| | |
| It is then possible to introduce a [[group (mathematics)|group operation]], ''+'', on the curve with the following properties: we consider the point at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points ''P'', ''Q'' and ''R'', then we require that ''P'' + ''Q'' + ''R'' = 0 in the group. One can check that this turns the curve into an [[abelian group]], and thus into an [[abelian variety]]. It can be shown that the set of ''K''-[[rational point]]s (including the point at infinity) forms a [[subgroup]] of this group. If the curve is denoted by ''E'', then this subgroup is often written as ''E(K)''.
| |
| | |
| The above group can be described algebraically as well as geometrically. Given the curve ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''px'' − ''q'' over the field ''K'' (whose [[Prime subfield|characteristic]] we assume to be neither 2 nor 3), and points ''P'' = (''x<sub>P</sub>'', ''y<sub>P</sub>'') and ''Q'' = (''x<sub>Q</sub>'', ''y<sub>Q</sub>'') on the curve, assume first that ''x<sub>P</sub>'' ≠ ''x<sub>Q</sub>''. Let ''s'' be the slope of the line containing ''P'' and ''Q''; i.e.,
| |
| | |
| :<math>s = \frac{y_P - y_Q}{x_P - x_Q}</math>
| |
| | |
| Since ''K'' is a field, ''s'' is well-defined. Then we can define ''R'' = ''P'' + ''Q'' = (''x<sub>R</sub>'', ''−y<sub>R</sub>'') by
| |
| | |
| :<math>\begin{align}
| |
| x_R &= s^2 - x_P - x_Q \\
| |
| y_R &= y_P + s(x_R - x_P)
| |
| \end{align}</math>
| |
| | |
| If ''x<sub>P</sub>'' = ''x<sub>Q</sub>'' (third and fourth panes above), then there are two options: if ''y<sub>P</sub>'' = −''y<sub>Q</sub>'', including the case where ''y<sub>P</sub>'' = ''y<sub>Q</sub>'' = 0, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the ''x''-axis. If ''y<sub>P</sub>'' = ''y<sub>Q</sub>'' ≠ 0 (second pane), then ''R'' = ''P'' + ''P'' = 2''P'' = (''x''<sub>''R''</sub>, ''−y''<sub>''R''</sub>) is given by
| |
| | |
| :<math>\begin{align}
| |
| s &= \frac{3{x_P}^2 - p}{2y_P}\\
| |
| x_R &= s^2 - 2x_P\\
| |
| y_R &= y_P + s(x_R - x_P)
| |
| \end{align}</math>
| |
| | |
| ===Associativity===
| |
| | |
| [[File:EllipticGroup.gif|right|EllipticGroup]]
| |
| All of the group laws except associativity follow immediately from the geometrical definition of the group operation. This animation illustrates geometrically the associativity law.
| |
| | |
| Notice that the sum of the three values on any of the six lines is zero. The location of all nine points is determined by the elliptic curve together with the locations of zero, ''a'', ''b'' and ''c''. The central point of the nine lies on the line through ''a'' and ''b + c'', and also on the line through ''a + b'' and ''c''. Associativity of the addition law is equivalent to the fact that the curve passes through the central point in the grid. From this fact, the equality of −(''a'' + (''b'' + ''c'')) and −((''a'' + ''b'') + ''c'') follows.
| |
| | |
| The elliptic curve and the point zero are fixed in this animation while ''a'', ''b'' and ''c'' move independently of each other.
| |
| | |
| ==Elliptic curves over the complex numbers==
| |
| [[Image:Lattice torsion points.svg|right|thumb|300px|An elliptic curve over the complex numbers is obtained as a quotient of the complex plane by a lattice Λ, here spanned by two fundamental periods ω<sub>1</sub> and ω<sub>2</sub>. The four-torsion is also shown, corresponding to the lattice 1/4 Λ containing Λ.]]
| |
| The formulation of elliptic curves as the embedding of a [[torus]] in the [[complex projective plane]] follows naturally from a curious property of [[Weierstrass's elliptic functions]]. These functions and their first derivative are related by the formula
| |
| | |
| :<math>\wp'(z)^2 = 4\wp(z)^3 -g_2\wp(z) - g_3</math>
| |
| | |
| Here, ''g''<sub>2</sub> and ''g''<sub>3</sub> are constants; <math>\wp(z)</math> is the Weierstrass elliptic function and <math>\wp'(z)</math> its derivative. It should be clear that this relation is in the form of an elliptic curve (over the [[complex number]]s). The Weierstrass functions are doubly periodic; that is, they are periodic with respect to a [[fundamental pair of periods|lattice]] Λ; in essence, the Weierstrass functions are naturally defined on a torus ''T'' = '''C'''/Λ. This torus may be embedded in the complex projective plane by means of the map
| |
| | |
| :<math>z \mapsto (1,\wp(z), \wp'(z))</math>
| |
| | |
| This map is a [[group isomorphism]], carrying the natural group structure of the torus into the projective plane. It is also an isomorphism of [[Riemann surface]]s, so topologically, a given elliptic curve looks like a torus. If the lattice Λ is related by multiplication by a non-zero complex number ''c'' to a lattice ''c''Λ, then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the [[j-invariant]].
| |
| | |
| The isomorphism classes can be understood in a simpler way as well. The constants ''g''<sub>2</sub> and ''g''<sub>3</sub>, called the [[j-invariant|modular invariant]]s, are uniquely determined by the lattice, that is, by the structure of the torus. However, the complex numbers form the [[splitting field]] for polynomials with real coefficients, and so the elliptic curve may be written as
| |
| :<math>y^2 = x(x - 1)(x - \lambda)</math>
| |
| | |
| One finds that
| |
| :<math>g_2 = \frac{4^{\frac{1}{3}}}{3} (\lambda^2 - \lambda + 1)</math>
| |
| | |
| and
| |
| :<math>g_3 = \frac{1}{27} (\lambda + 1)(2\lambda^2 - 5\lambda + 2)</math>
| |
| | |
| so that the [[modular discriminant]] is
| |
| :<math>\Delta = g_2^3 - 27g_3^2 = \lambda^2(\lambda - 1)^2</math>
| |
| | |
| Here, λ is sometimes called the [[modular lambda function]].
| |
| | |
| Note that the [[uniformization theorem]] implies that every [[Compact space|compact]] Riemann surface of genus one can be represented as a torus.
| |
| | |
| This also allows an easy understanding of the [[torsion subgroup|torsion points]] on an elliptic curve: if the lattice Λ is spanned by the fundamental periods ω<sub>1</sub> and ω<sub>2</sub>, then the ''n''-torsion points are the (equivalence classes of) points of the form
| |
| :<math> \frac{a}{n} \omega_1 + \frac{b}{n} \omega_2</math>
| |
| | |
| for ''a'' and ''b'' integers in the range from 0 to ''n''−1.
| |
| | |
| Over the complex numbers, every elliptic curve has nine [[inflection point]]s. Every line through two of these points also passes through a third inflection point; the nine points and 12 lines formed in this way form a realization of the [[Hesse configuration]].
| |
| | |
| ==Elliptic curves over the rational numbers==
| |
| A curve ''E'' defined over the field of rational numbers is also defined over the field of real numbers, therefore the law of addition (of points with real coordinates) by the tangent and secant method can be applied to ''E''. The explicit formulae show that the sum of two points ''P'' and ''Q'' with rational coordinates has again rational coordinates, since the line joining ''P'' and ''Q'' has rational coefficients.<!--Il en est de même pour le symétrique par rapport à l'axe des abscisses d'un point à coordonnées rationnelles.--> This way, one shows that the set of rational points of ''E'' forms a subgroup of the group of real points of ''E''. As this group, it is an [[abelian group]], that is, ''P'' + ''Q'' = ''Q'' + ''P''.
| |
| | |
| ===The structure of rational points===
| |
| The most important result is that all points can be constructed by the method of tangents and secants starting with a ''finite'' number of points. More precisely<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=Theorem 4.1}}</ref> the [[Mordell–Weil theorem]] states that the group ''E''('''Q''') is a [[finitely generated group|finitely generated]] (abelian) group. By the [[fundamental theorem of finitely generated abelian groups]] it is therefore a finite direct sum of copies of '''Z''' and finite cyclic groups.
| |
| | |
| The proof of that theorem<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=pp. 199–205}}</ref> rests on two ingredients: first, one shows that for any integer ''m'' > 1, the quotient group ''E''('''Q''')/''mE''('''Q''') is finite (weak Mordell–Weil theorem). Second, introducing a [[height function]] ''h'' on the rational points ''E''('''Q''') defined by ''h''(''P''<sub>0</sub>) = 0 and {{math|''h''(''P'') {{=}} log max(|''p''|, |''q''|)}} if ''P'' (unequal to the point at infinity ''P''<sub>0</sub>) has as abscissa the rational number ''x'' = {{frac|''p''|''q''}} (with [[coprime]] ''p'' and ''q''). This height function ''h'' has the property that ''h''(''mP'') grows roughly like the square of ''m''. Moreover, only finitely many rational points with height smaller than any constant exist on ''E''.
| |
| | |
| The proof of the theorem is thus a variant of the method of [[infinite descent]]<ref>See also J. W. S. Cassels, Mordell's Finite Basis Theorem Revisited, ''Mathematical Proceedings of the Cambridge Philosophical Society'' 100, 3–41 and the comment of A. Weil on the genesis of his work: A. Weil, ''Collected Papers'', vol. 1, 520–521.</ref> and relies on the repeated application of [[Euclidean algorithm|Euclidean division]]s on ''E'': let ''P'' ∈ ''E''('''Q''') be a rational point on the curve, writing ''P'' as the sum 2''P''<sub>1</sub> + ''Q''<sub>1</sub> where ''Q''<sub>1</sub> is a fixed representant of ''P'' in ''E''('''Q''')/2''E''('''Q'''), the height of ''P''<sub>1</sub> is about {{frac|1|4}} of the one of ''P'' (more generally, replacing 2 by any ''m'' > 1, and {{frac|1|4}} by {{frac|1|''m''<sup>2</sup>}}). Redoing the same with ''P''<sub>1</sub>, that is to say ''P''<sub>1</sub> = 2''P''<sub>2</sub> + ''Q''<sub>2</sub>, then ''P''<sub>2</sub> = 2''P''<sub>3</sub> + ''Q''<sub>3</sub>, etc. finally expresses ''P'' as an integral linear combination of points ''Q<sub>i</sub>'' and of points whose height is bounded by a fixed constant chosen in advance: by the weak Mordell–Weil theorem and the second property of the height function ''P'' is thus expressed as an integral linear combination of a finite number of fixed points.
| |
| | |
| So far, the theorem is not effective since there is no known general procedure for determining the representants of ''E''('''Q''')/''mE''('''Q''').
| |
| | |
| The [[Rank of an abelian group|rank]] of ''E''('''Q'''), that is the number of copies of '''Z''' in ''E''('''Q''') or, equivalently, the number of independent points of infinite order, is called the ''rank'' of ''E''. The [[Birch and Swinnerton-Dyer conjecture]] is concerned with determining the rank. One conjectures that it can be arbitrarily large, even if only examples with relatively small rank are known. The elliptic curve with biggest exactly known rank is
| |
| :''y''<sup>2</sup> + ''xy'' = ''x''<sup>3</sup> − {{gaps|26|175|960|092|705|884|096|311|701|787|701|203|903|556|438|969|515}}''x'' + {{gaps|51|069|381|476|131|486|489|742|177|100|373|772|089|779|103|253|890|567|848|326|775|119|094|885|041}}
| |
| | |
| It has rank 18, found by [[Noam Elkies]] in 2006.<ref>{{cite web|url=http://web.math.pmf.unizg.hr/~duje/tors/rankhist.html|title=History of elliptic curves rank records|last=Dujella|first=Andrej|accessdate=3 January 2014}}</ref> Curves of rank at least 28 are known, but their rank is not exactly known.
| |
| | |
| As for the groups constituting the [[torsion subgroup]] of ''E''('''Q'''), the following is known<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=Theorem 7.5}}</ref> the torsion subgroup of ''E''('''Q''') is one of the 15 following groups (a theorem due to [[Barry Mazur]]): '''Z'''/''N'''''Z''' for ''N'' = 1, 2, …, 10, or 12, or '''Z'''/2'''Z''' × '''Z'''/2''N'''''Z''' with ''N'' = 1, 2, 3, 4. Examples for every case are known. Moreover, elliptic curves whose Mordell–Weil groups over '''Q''' have the same torsion groups belong to a parametrized family.<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=Remark 7.8 in Ch. VIII}}</ref>
| |
| | |
| ===The Birch and Swinnerton-Dyer conjecture===
| |
| {{Main|Birch and Swinnerton-Dyer conjecture}}
| |
| The ''Birch and Swinnerton-Dyer conjecture'' (BSD) is one of the [[Millennium problem]]s of the [[Clay Mathematics Institute]]. The conjecture relies on analytic and arithmetic objects defined by the elliptic curve in question.
| |
| | |
| At the analytic side, an important ingredient is a function of a complex variable, ''L'', the [[Hasse–Weil zeta function]] of ''E'' over '''Q'''. This function is a variant of the [[Riemann zeta function]] and [[Dirichlet L-function]]s. It is defined as an [[Euler product]], with one factor for every [[prime number]] ''p''.
| |
| | |
| For a curve ''E'' over '''Q''' given by a minimal equation
| |
| :<math>y^2 + a_1xy + a_3y = x^3 + a_2x^2 + a_4x + a_6</math>
| |
| | |
| with integral coefficients ''a<sub>i</sub>'', reducing the coefficients [[Modular arithmetic|modulo]] ''p'' defines an elliptic curve over the [[finite field]] '''F'''<sub>''p''</sub> (except for a finite number of primes ''p'', where the reduced curve has a [[Mathematical singularity|singularity]] and thus fails to be elliptic, in which case ''E'' is said to be of [[bad reduction]] at ''p'').
| |
| | |
| The zeta function of an elliptic curve over a finite field '''F'''<sub>''p''</sub> is, in some sense, a [[generating function]] assembling the information of the number of points of ''E'' with values in the finite [[field extension]]s of '''F'''<sub>''p''</sub>, '''F'''<sub>''p<sup>n</sup>''</sub>. It is given,<ref>The definition is formal, the exponential of this [[power series]] without constant term denotes the usual development.</ref>
| |
| :<math>Z(E(\mathbf{F}_p)) = \exp \left(\sum \mathrm{card} \left[E({\mathbf F}_{p^n})\right]\frac{T^n}{n}\right)</math>
| |
| | |
| The interior sum of the exponential resembles the development of the [[logarithm]] and, in fact, the so-defined zeta function is a [[rational function]]:
| |
| :<math>Z(E(\mathbf{F}_p)) = \frac{1 - a_pT + pT^2}{(1 - T)(1 - pT)}</math>
| |
| | |
| The Hasse–Weil zeta function of ''E'' over '''Q''' is then defined by collecting this information together, for all primes ''p''. It is defined by
| |
| :<math>L(E(\mathbf{Q}), s) = \prod_p \left(1 - a_p p^{-s} + \varepsilon(p)p^{1 - 2s}\right)^{-1}</math>
| |
| | |
| where ε(''p'') = 1 if ''E'' has good reduction at ''p'' and 0 otherwise (in which case ''a<sub>p</sub>'' is defined differently than above).
| |
| | |
| This product [[absolute convergence|converges]] for Re(''s'') > 3/2 only. Hasse's conjecture affirms that the ''L''-function admits an [[analytic continuation]] to the whole complex plane and satisfies a [[functional equation]] relating, for any ''s'', ''L''(''E'', ''s'') to ''L''(''E'', 2 − ''s''). In 1999 this was shown to be a consequence of the proof of the Shimura–Taniyama–Weil conjecture, which asserts that every elliptic curve over ''Q'' is a [[modular curve]], which implies that its ''L''-function is the ''L''-function of a [[modular form]] whose analytic continuation is known.
| |
| | |
| One can therefore speak about the values of ''L''(''E'', ''s'') at any complex number ''s''. The Birch-Swinnerton-Dyer conjecture relates the arithmetic of the curve to the behavior of its ''L''-function at ''s'' = 1. More precisely, it affirms that the order of the ''L''-function at ''s'' = 1 equals the rank of ''E'' and predicts the [[leading term]] of the Laurent series of ''L''(''E'', ''s'') at that point in terms of several quantities attached to the elliptic curve.
| |
| | |
| Much like the [[Riemann hypothesis]], this conjecture has multiple consequences, including the following two:
| |
| * Let ''n'' be an odd [[square-free]] integer. Assuming the Birch and Swinnerton-Dyer conjecture, ''n'' is the area of a right triangle with rational side lengths (a [[congruent number]]) if and only if the number of triplets of integers (''x'', ''y'', ''z'') satisfying <math>2x^2 + y^2 + 8z^2 = n</math> is twice the number of triples satisfying <math>2x^2 + y^2 + 32z^2 = n</math>. This statement, due to [[Tunnell's theorem|Tunnell]], is related to the fact that ''n'' is a congruent number if and only if the elliptic curve <math>y^2 = x^3 - n^2x</math> has a rational point of infinite order (thus, under the Birch and Swinnerton-Dyer conjecture, its ''L''-function has a zero at 1). The interest in this statement is that the condition is easily verified.<ref>{{Harvard citations|author=Koblitz|year=1993|nb=yes}}</ref>
| |
| *In a different direction, certain analytic methods allow for an estimation of the order of zero in the center of the [[critical strip]] of families of ''L''-functions. Admitting the BSD conjecture, these estimations correspond to information about the rank of families of elliptic curves in question. For example:<ref>D. R. Heath-Brown, The average analytic rank of elliptic curves, ''Duke Mathematical Journal'' 122–3, 591–623 (2004).</ref> suppose the [[generalized Riemann hypothesis]] and the BSD conjecture, the average rank of curves given by <math>y^2=x^3+ax+b</math> is smaller than 2.
| |
| | |
| ===The modularity theorem and its application to Fermat's Last Theorem===
| |
| {{Main|Modularity theorem}}
| |
| The modularity theorem, once known as the Taniyama–Shimura–Weil conjecture, states that every elliptic curve ''E'' over '''Q''' is a [[modular curve]], that is to say, its Hasse–Weil zeta function is the ''L''-function of a [[modular form]] of weight 2 and level ''N'', where ''N'' is the [[Conductor of an abelian variety|conductor]] of ''E'' (an integer divisible by the same prime numbers as the discriminant of ''E'', Δ(''E'').) In other words, if, for Re(''s'') > 3/2, one writes the ''L''-function in the form
| |
| :<math>L(E(\mathbf{Q}), s) = \sum_{n>0}a(n)n^{-s}</math>
| |
| | |
| the expression
| |
| :<math>\sum a(n) q^n, \qquad q = \exp(2 \pi i z)</math>
| |
| | |
| defines a parabolic modular [[newform]] of weight 2 and level ''N''. For prime numbers ℓ not dividing ''N'', the coefficient ''a''(ℓ) of the form equals ℓ – the number of solutions of the minimal equation of the curve modulo ℓ.
| |
| | |
| For example,<ref>For the calculations, see for example D. Zagier, « Modular points, modular curves, modular surfaces and modular forms », ''Lecture Notes in Mathematics'' 1111, Springer, 1985, 225–248.</ref> to the elliptic curve <math>y^2 - y = x^3 -x</math> with discriminant (and conductor) 37, is associated the form
| |
| :<math>f(z) = q - 2q^2 - 3q^3 + 2q^4 - 2q^5 + 6q^6 + \cdots, \qquad q = \exp(2 \pi i z)</math>
| |
| | |
| For prime numbers ℓ distinct of 37, one can verify the property about the coefficients. Thus, for ℓ = 3, the solutions of the equation modulo 3 are (0, 0), (0, 1), (2, 0), (1, 0), (1, 1), (2, 1), as and ''a''(3) = 3 − 6 = −3.
| |
| | |
| The conjecture, going back to the fifties, was completely proven by 1999 using ideas of [[Andrew Wiles]], who proved it in 1994 for a large family of elliptic curves.<ref>A synthetic presentation (in French) of the main ideas can be found in [http://archive.numdam.org/ARCHIVE/SB/SB_1994-1995__37_/SB_1994-1995__37__319_0/SB_1994-1995__37__319_0.pdf this] [[Bourbaki]] article of [[Jean-Pierre Serre]]. For more details see {{Harvard citations |last=Hellegouarch |year=2001 |nb=yes}}</ref>
| |
| | |
| There are several formulations of the conjecture. Showing that they are equivalent is difficult and was a main topic of number theory in the second half of the 20th century. The modularity of an elliptic curve ''E'' of conductor ''N'' can be expressed also by saying that there is a non-constant [[rational map]] defined over '''Q''', from the modular curve ''X''<sub>0</sub>(''N'') to ''E''. In particular, the points of ''E'' can be parametrized by [[modular function]]s.
| |
| | |
| For example, a modular parametrization of the curve <math>y^2 - y = x^3 - x</math> is given by<ref>D. Zagier, « Modular points, modular curves, modular surfaces and modular forms », ''Lecture Notes in Mathematics'' 1111, Springer, 1985, 225–248.</ref>
| |
| | |
| :<math>\begin{align}
| |
| x(z) &= q^{-2} + 2q^{-1} + 5 + 9q + 18q^2 + 29q^3 + \ldots\\
| |
| y(z) &= q^{-3} + 3q^{-2} + 9q^{-1} + 21 + 46q + 92q^2 + \ldots
| |
| \end{align}</math>
| |
| | |
| where, as above, ''q'' = exp(2π''iz''). The functions ''x(z)'' and ''y(z)'' are modular of weight 0 and level 37; in other words they are [[meromorphic]], defined on the [[upper half-plane]] Im(''z'') > 0 and satisfy
| |
| :<math>x\left(\frac{az + b}{cz + d}\right) = x(z)</math>
| |
| | |
| and likewise for ''y(z)'' for all integers ''a, b, c, d'' with ''ad'' − ''bc'' = 1 and 37|''c''.
| |
| | |
| Another formulation depends on the comparison of [[Galois representation]]s attached on the one hand to elliptic curves, and on the other hand to modular forms. The latter formulation has been used in the proof the conjecture. Dealing with the level of the forms (and the connection to the conductor of the curve) is particularly delicate.
| |
| | |
| The most spectacular application of the conjecture is the proof of [[Fermat's Last Theorem]] (FLT). Suppose that for a prime ''p'' > 5, the Fermat equation
| |
| :<math>a^p + b^p = c^p</math>
| |
| | |
| has a solution with non-zero integers, hence a counter-example to FLT. Then the elliptic curve
| |
| :<math>y^2 = x(x - a^p)(x + b^p)</math>
| |
| | |
| of discriminant
| |
| :<math>\Delta = \frac{1}{256}(abc)^{2p}</math>
| |
| | |
| cannot be modular. Thus, the proof of the Taniyama–Shimura–Weil conjecture for this family of elliptic curves (called Hellegouarch–Frey curves) implies FLT. The proof of the link between these two statements, based on an idea of [[Gerhard Frey]] (1985), is difficult and technical. It was established by [[Kenneth Ribet]] in 1987.<ref>See the survey of K. Ribet «From the Taniyama–Shimura conjecture to Fermat's Last Theorem», Annales de la Faculté des sciences de Toulouse 11 (1990), 116–139.</ref>
| |
| | |
| ===Integral points===
| |
| This section is concerned with points ''P'' = (''x'', ''y'') of ''E'' such that ''x'' is an integer.<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=Chapter IX}}</ref> The following theorem is due to [[C. L. Siegel]]: the set of points ''P'' = (''x'', ''y'') of ''E''('''Q''') such that ''x'' is integral is finite. This theorem can be generalized to points whose ''x'' coordinate has a denominator divisible only by a fixed finite set of prime numbers.
| |
| | |
| The theorem can be formulated effectively. For example,<ref>{{Harvard citations|author=Silverman|year=1986|nb=yes|loc=Theorem IX.5.8.}}, due to Baker.</ref> if the Weierstrass equation of ''E'' has integer coefficients bounded by a constant ''H'', the coordinates (''x'', ''y'') of a point of ''E'' with both ''x'' and ''y'' integer satisfy:
| |
| :<math>\max (|x|, |y|) < \exp\left(\left[10^6H\right]^{{10}^6}\right)</math>
| |
| | |
| For example, the equation ''y''<sup>2</sup> = ''x''<sup>3</sup> + 17 has eight integral solutions with ''y'' > 0 :<ref>T. Nagell, ''L'analyse indéterminée de degré supérieur'', Mémorial des sciences mathématiques 39, Paris, Gauthier-Villars, 1929, pp. 56–59.</ref>
| |
| :(''x'',''y'') = (−1,4), (−2,3), (2,5), (4,9), (8,23), (43,282), (52,375), ({{gapnum|5234}},{{gapnum|378661}}).
| |
| | |
| As another example, [[Stella octangula number|Ljunggren's equation]], a curve whose Weierstrass form is ''y''<sup>2</sup> = ''x''<sup>3</sup> − 2''x'', has only four solutions with ''y'' ≥ 0 :<ref>{{citation|url=http://www.warwick.ac.uk/~masgaj/theses/siksek_thesis.pdf|first=Samir|last=Siksek|series=Ph.D. thesis | publisher=University of Exeter |year=1995|title=Descents on Curves of Genus I|pages=16–17}}.</ref>
| |
| :(''x'',''y'') = (0,0), (−1,1), (2, 2), (338,6214).
| |
| | |
| ===Generalization to number fields===
| |
| Many of the preceding results remain valid when the field of definition of ''E'' is a [[number field]], that is to say, a finite [[field extension]] of '''Q'''. In particular, the group ''E(K)'' of ''K''-rational points of an elliptic curve ''E'' defined over ''K'' is finitely generated, which generalizes the Mordell–Weil theorem above. A theorem due to [[Loïc Merel]] shows that for a given integer ''d'', there are ([[up to]] isomorphism) only finitely many groups that can occur as the torsion groups of ''E''(''K'') for an elliptic curve defined over a number field ''K'' of [[degree of a field extension|degree]] ''d''. More precisely,<ref>{{cite journal |first=L. |last=Merel |title=Bornes pour la torsion des courbes elliptiques sur les corps de nombres |journal=[[Inventiones Mathematicae]] |volume=124 |year=1996 |issue=1–3 |pages=437–449 |doi=10.1007/s002220050059 }}</ref> there is a number ''B''(''d'') such that for any elliptic curve ''E'' defined over a number field ''K'' of degree ''d'', any torsion point of ''E''(''K'') is of [[order (group theory)|order]] less than ''B''(''d''). The theorem is effective: for ''d'' > 1, if a torsion point is of order ''p'', with ''p'' prime, then
| |
| :<math>p < d^{3d^2}</math>
| |
| | |
| As for the integral points, Siegel's theorem generalizes to the following: let ''E'' be an elliptic curve defined over a number field ''K'', ''x'' and ''y'' the Weierstrass coordinates. Then the points of ''E(K)'' whose ''x''-coordinate is in the [[ring of integer]]s ''O''<sub>''K''</sub> is finite.
| |
| | |
| The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extended to this more general situation.
| |
| | |
| ==Elliptic curves over a general field==
| |
| Elliptic curves can be defined over any [[field (mathematics)|field]] ''K''; the formal definition of an elliptic curve is a non-singular projective algebraic curve over ''K'' with [[genus (mathematics)|genus]] 1 with a given point defined over ''K''.
| |
| | |
| If the [[characteristic (algebra)|characteristic]] of ''K'' is neither 2 nor 3, then every elliptic curve over ''K'' can be written in the form
| |
| :<math>y^2 = x^3 - px - q</math>
| |
| | |
| where ''p'' and ''q'' are elements of ''K'' such that the right hand side polynomial ''x''<sup>3</sup> − ''px'' − ''q'' does not have any double roots. If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of the form
| |
| :<math>y^2 = 4x^3 + b_2 x^2 + 2b_4 x + b_6</math>
| |
| | |
| for arbitrary constants ''b''<sub>2</sub>, ''b''<sub>4</sub>, ''b''<sub>6</sub> such that the polynomial on the right-hand side has distinct roots (the notation is chosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is
| |
| | |
| :<math>y^2 + a_1 xy + a_3 y = x^3 + a_2 x^2 + a_4 x + a_6</math>
| |
| | |
| provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation would reduce to the previous ones by a suitable change of variables.
| |
| | |
| One typically takes the curve to be the set of all points (''x'',''y'') which satisfy the above equation and such that both ''x'' and ''y'' are elements of the [[algebraic closure]] of ''K''. Points of the curve whose coordinates both belong to ''K'' are called '''''K''-rational points'''.
| |
| | |
| ==Isogeny==
| |
| {{Further|Isogeny}}
| |
| Let ''E'' and ''D'' be elliptic curves over a field ''k''. An ''isogeny'' between ''E'' and ''D'' is a [[finite morphism]] ''f'' : ''E'' → ''D'' of [[Abelian variety|varieties]] that preserves basepoints (in other words, maps the given point on ''E'' to that on ''D'').
| |
| | |
| The two curves are called ''isogenous'' if there is an isogeny between them. This is an [[equivalence relation]], [[symmetric|symmetry]] being due to the existence of the [[dual isogeny]]. Every isogeny is an algebraic [[homomorphism]] and thus induces homomorphisms of the [[Group (mathematics)|groups]] of the elliptic curves for ''k''-valued points.
| |
| | |
| ==Elliptic curves over finite fields==
| |
| {{Further|arithmetic of abelian varieties}}
| |
| | |
| [[File:Elliptic curve y^2=x^3-x on finite field Z 61.PNG|thumb|right|275px|Set of affine points of elliptic curve ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''x'' over finite field '''F'''<sub>61</sub>.]]
| |
| | |
| Let ''K'' = '''F'''<sub>''q''</sub> be the [[finite field]] with ''q'' elements and ''E'' an elliptic curve defined over ''K''. While the precise [[Counting points on elliptic curves|number of rational points of an elliptic curve]] ''E'' over ''K'' is in general rather difficult to compute, [[Hasse's theorem on elliptic curves]] gives us, including the point at infinity, the following estimate:
| |
| :<math>|\mathrm{card} E(K) - (q + 1) | \le 2\sqrt{q}</math>
| |
| | |
| In other words, the number of points of the curve grows roughly as the number of elements in the field. This fact can be understood and proven with the help of some general theory; see [[local zeta function]], [[Étale cohomology]].
| |
| | |
| [[File:Elliptic curve y^2=x^3-x on finite field Z 89.PNG|thumb|left|275px|Set of affine points of elliptic curve ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''x'' over finite field '''F'''<sub>89</sub>.]]
| |
| | |
| The set of points ''E''('''F'''<sub>''q''</sub>) is a finite abelian group. It is always cyclic or the product of two cyclic groups. For example,<ref>See {{Harvard citations|last=Koblitz|year=1994|nb=yes|loc=p. 158}}</ref> the curve defined by
| |
| :<math>y^2 = x^3 - x</math>
| |
| | |
| over '''F'''<sub>71</sub> has 72 points (71 affine points including (0,0) and one [[point at infinity]]) over this field, whose group structure is given by '''Z'''/2'''Z''' × '''Z'''/36'''Z'''. The number of points on a specific curve can be computed with [[Schoof's algorithm]].
| |
| | |
| Studying the curve over the [[field extension]]s of '''F'''<sub>''q''</sub> is facilitated by the introduction of the local zeta function of ''E'' over '''F'''<sub>''q''</sub>, defined by a generating series (also see above)
| |
| :<math>Z(E(K), T) \equiv \exp \left(\sum_{n=1}^{\infty} \mathrm{card} \left[E(K_n)\right] {T^n\over n} \right)</math>
| |
| | |
| where the field ''K<sub>n</sub>'' is the (unique) extension of ''K'' = '''F'''<sub>''q''</sub> of degree ''n'' (that is, '''F'''<sub>''q<sup>n</sup>''</sub>). The zeta function is a rational function in ''T''. There is an integer ''a'' such that
| |
| | |
| :<math>Z(E(K), T) = \frac{1 - aT + qT^2}{(1 - qT)(1 - T)}</math>
| |
| | |
| Moreover,
| |
| | |
| :<math>\begin{align}
| |
| Z \left(E(K), \frac{1}{qT} \right) &= Z(E(K), T)\\
| |
| \left(1 - aT + qT^2 \right) &= (1 - \alpha T)(1 - \beta T)
| |
| \end{align}</math>
| |
| | |
| with complex numbers α, β of [[absolute value]] <math>\scriptstyle \sqrt{q}</math>. This result are a special case of the [[Weil conjectures]]. For example,<ref>{{Harvard citations|last=Koblitz|year=1994|nb=yes|loc=p. 160}}</ref> the zeta function of ''E'' : ''y''<sup>2</sup> + ''y'' = ''x''<sup>3</sup> over the field '''F'''<sub>2</sub> is given by
| |
| :<math>\frac{1 + 2T^2}{(1 - T)(1 - 2T)}</math>
| |
| | |
| this follows from:
| |
| :<math> \left| E(\mathbf{F}_{2^r}) \right| = \begin{cases} 2^r + 1 & r \text{ odd} \\ 2^r + 1 - 2(-2)^{\frac{r}{2}} & r \text{ even} \end{cases} </math>
| |
| | |
| [[File:Elliptic curve y^2=x^3-x on finite field Z 71.PNG|thumb|right|350px|Set of affine points of elliptic curve ''y''<sup>2</sup> = ''x''<sup>3</sup> − ''x'' over finite field '''F'''<sub>71</sub>.]]
| |
| | |
| The [[Sato–Tate conjecture]] is a statement about how the error term <math>\scriptstyle 2\sqrt{q}</math> in Hasse's theorem varies with the different primes ''q'', if you take an elliptic curve E over '''Q''' and reduce it modulo q. It was proven (for almost all such curves) in 2006 due to the results of Taylor, Harris and Shepherd-Barron,<ref>{{cite journal |first=M. |last=Harris |first2=N. |last2=Shepherd-Barron |first3=R. |last3=Taylor |title=A family of Calabi–Yau varieties and potential automorphy |journal=[[Annals of Mathematics]] |volume=171 |issue=2 |pages=779-813|year=2010 |doi=10.4007/annals.2010.171.779 }}</ref> and says that the error terms are equidistributed.
| |
| | |
| Elliptic curves over finite fields are notably applied in [[cryptography]] and for the [[factorization]] of large integers. These algorithms often make use of the group structure on the points of ''E''. Algorithms that are applicable to general groups, for example the group of invertible elements in finite fields, '''F'''*<sub>''q''</sub>, can thus be applied to the group of points on an elliptic curve. For example, the [[discrete logarithm]] is such an algorithm. The interest in this is that choosing an elliptic curve allows for more flexibility than choosing ''q'' (and thus the group of units in '''F'''<sub>''q''</sub>). Also, the group structure of elliptic curves is generally more complicated.
| |
| <!--{{Voir aussi|Factorisation en courbe elliptique de Lenstra|Cryptologie sur les courbes elliptiques|Elliptic curve digital signature algorithm}}-->
| |
| | |
| ==Algorithms that use elliptic curves==
| |
| Elliptic curves over finite fields are used in some [[cryptography|cryptographic]] applications as well as for [[integer factorization]]. Typically, the general idea in these applications is that a known [[algorithm]] which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. For more see also:
| |
| * [[Elliptic curve cryptography]]
| |
| * [[Elliptic curve Diffie–Hellman]]
| |
| * [[Elliptic Curve DSA]]
| |
| * [[EdDSA]]
| |
| * [[Lenstra elliptic curve factorization]]
| |
| * [[Elliptic curve primality proving]]
| |
| | |
| ==Alternative representations of elliptic curves==
| |
| * [[Hessian form of an elliptic curve|Hessian curve]]
| |
| * [[Edwards curve]]
| |
| * [[Twists of curves|Twisted curve]]
| |
| * [[Twisted Hessian curves|Twisted Hessian curve]]
| |
| * [[Twisted Edwards curve]]
| |
| * [[Doubling-oriented Doche–Icart–Kohel curve]]
| |
| * [[Tripling-oriented Doche–Icart–Kohel curve]]
| |
| * [[Jacobian curve]]
| |
| * [[Montgomery curve]]
| |
| | |
| ==See also==
| |
| *[[Riemann–Hurwitz formula]]
| |
| *[[Nagell–Lutz theorem]]
| |
| *[[Arithmetic dynamics]]
| |
| *[[Elliptic surface]]
| |
| *[[Comparison of computer algebra systems]]
| |
| *[[j-line]]
| |
| | |
| ==Notes==
| |
| {{Reflist|30em}}
| |
| | |
| ==References==
| |
| [[Serge Lang]], in the introduction to the book cited below, stated that "It is possible to write endlessly on elliptic curves. (This is not a threat.)" The following short list is thus at best a guide to the vast expository literature available on the theoretical, algorithmic, and cryptographic aspects of elliptic curves.
| |
| * {{cite book
| |
| | author = [[I. Blake]]
| |
| | coauthors = [[G. Seroussi]], [[N. Smart]]
| |
| | year = 2000
| |
| | title = Elliptic Curves in Cryptography
| |
| | series=LMS Lecture Notes
| |
| | publisher = Cambridge University Press
| |
| | isbn=0-521-65374-6
| |
| }}
| |
| * {{cite book
| |
| | author = [[Richard Crandall]]
| |
| | coauthors = [[Carl Pomerance]]
| |
| | year = 2001
| |
| | title = Prime Numbers: A Computational Perspective
| |
| | publisher = Springer-Verlag
| |
| | edition = 1st
| |
| | isbn=0-387-94777-9
| |
| | chapter = Chapter 7: Elliptic Curve Arithmetic
| |
| | pages = 285–352
| |
| }}
| |
| * {{cite book
| |
| | first=John | last=Cremona | authorlink = John Cremona
| |
| | year = 1997 | edition=2nd
| |
| | title = Algorithms for Modular Elliptic Curves
| |
| | publisher = Cambridge University Press
| |
| | url = http://www.warwick.ac.uk/staff/J.E.Cremona//book/fulltext/index.html
| |
| | isbn=0-521-59820-6
| |
| }}
| |
| *{{cite book
| |
| | author = Darrel Hankerson, [[Alfred Menezes]] and [[Scott Vanstone]]
| |
| | year = 2004
| |
| | title = Guide to Elliptic Curve Cryptography
| |
| | publisher = [[Springer Science+Business Media|Springer]]
| |
| | isbn = 0-387-95273-X
| |
| | url = http://www.cacr.math.uwaterloo.ca/ecc/
| |
| }}
| |
| * {{Hardy and Wright}} Chapter XXV
| |
| * {{Cite book | last1=Hellegouarch | first1=Yves | title=Invitation aux mathématiques de Fermat-Wiles | publisher=Dunod | location=Paris | isbn=978-2-10-005508-1 | year=2001 | ref=harv | postscript=<!--None-->}}
| |
| * {{cite book
| |
| | first=Dale | last=Husemöller
| |
| | authorlink=Dale Husemöller
| |
| | year = 2004
| |
| | title = Elliptic Curves
| |
| | edition = 2nd
| |
| | series = Graduate Texts in Mathematics
| |
| | volume=111
| |
| | publisher = Springer
| |
| | isbn=0-387-95490-2
| |
| }}
| |
| * {{cite book
| |
| | author = Kenneth Ireland | authorlink = Kenneth Ireland
| |
| | coauthors = [[Michael I. Rosen]]
| |
| | year = 1998
| |
| | title = A Classical Introduction to Modern Number Theory
| |
| | volume=84 | series=Graduate Texts in Mathematics
| |
| | publisher = Springer
| |
| | edition = 2nd revised
| |
| | chapter = Chapters 18 and 19
| |
| | isbn=0-387-97329-X
| |
| }}
| |
| * {{cite book
| |
| | author = Anthony W. Knapp | authorlink = Anthony W. Knapp
| |
| | year = 1992
| |
| | title = Elliptic Curves
| |
| | series = Math Notes | volume=40
| |
| | publisher = Princeton University Press
| |
| }}
| |
| * {{Cite book
| |
| | author = Koblitz |first=Neal | authorlink = Neal Koblitz
| |
| | year = 1993 | edition=2nd
| |
| | title = Introduction to Elliptic Curves and Modular Forms
| |
| | series = Graduate Texts in Mathematics
| |
| | volume=97
| |
| | publisher = Springer-Verlag
| |
| | isbn=0-387-97966-2
| |
| | ref = harv
| |
| | postscript = <!--None-->
| |
| }}
| |
| * {{Cite book
| |
| | author = Koblitz |first = Neal | authorlink = Neal Koblitz
| |
| | year = 1994
| |
| | title = A Course in Number Theory and Cryptography
| |
| | series = Graduate Texts in Mathematics
| |
| | volume=114
| |
| | publisher = Springer-Verlag
| |
| | edition = 2nd
| |
| | isbn = 0-387-94293-9
| |
| | chapter = Chapter 6
| |
| | ref = harv
| |
| | postscript = <!--None-->
| |
| }}
| |
| * {{cite book | author=Serge Lang | authorlink=Serge Lang | title=Elliptic curves: Diophantine analysis | series=Grundlehren der mathematischen Wissenschaften | volume=231 | publisher=Springer-Verlag | year=1978 | isbn=3-540-08489-4 }}
| |
| * {{cite book|author=Henry McKean | coauthors=Victor Moll
| |
| |title=Elliptic curves: function theory, geometry and arithmetic
| |
| |publisher=Cambridge University Press|isbn=0-521-65817-9|year=1999}}
| |
| * {{cite book | author=Ivan Niven | coauthors=Herbert S. Zuckerman, [[Hugh Montgomery (mathematician)|Hugh Montgomery]] | title=An introduction to the theory of numbers | edition=5th | publisher=John Wiley | year=1991 | isbn=0-471-54600-3 | chapter=Section 5.7}}
| |
| * {{Cite book
| |
| | author = Silverman | first=Joseph H. | authorlink=Joseph H. Silverman
| |
| | year = 1986
| |
| | title = The Arithmetic of Elliptic Curves
| |
| | series = Graduate Texts in Mathematics
| |
| | volume=106
| |
| | publisher = Springer-Verlag
| |
| | isbn=0-387-96203-4
| |
| | ref = harv
| |
| | postscript = <!--None-->
| |
| }}
| |
| * {{cite book
| |
| | author = Joseph H. Silverman | authorlink=Joseph H. Silverman
| |
| | year = 1994
| |
| | title = Advanced Topics in the Arithmetic of Elliptic Curves
| |
| | series = Graduate Texts in Mathematics
| |
| | volume=151
| |
| | publisher = Springer-Verlag
| |
| | isbn=0-387-94328-5
| |
| }}
| |
| * {{cite book
| |
| | author = Joseph H. Silverman | authorlink=Joseph H. Silverman
| |
| | coauthors = [[John Tate]]
| |
| | year = 1992
| |
| | title = Rational Points on Elliptic Curves
| |
| | publisher = Springer-Verlag
| |
| | isbn=0-387-97825-9
| |
| }}
| |
| * {{cite journal | author=John Tate | authorlink=John Tate | title=The arithmetic of elliptic curves | journal=[[Inventiones Mathematicae]] | volume=23 | pages=179–206 | year=1974 | doi=10.1007/BF01389745 | ref=harv | issue=3–4 }}
| |
| * {{cite book
| |
| | author = Lawrence Washington | year = 2003
| |
| | title = Elliptic Curves: Number Theory and Cryptography
| |
| | publisher = Chapman & Hall/CRC
| |
| | isbn=1-58488-365-0
| |
| }}
| |
| | |
| ==External links== | |
| {{commons|Elliptic curve|Elliptic curve}}
| |
| * {{springer|title=Elliptic curve|id=p/e035450}}
| |
| * [http://www.math.niu.edu/~rusin/known-math/index/14H52.html The Mathematical Atlas: 14H52 Elliptic Curves]
| |
| * {{MathWorld | title = Elliptic Curves | urlname = EllipticCurve }}
| |
| * [http://planetmath.org/thearithmeticofellipticcurves The Arithmetic of elliptic curves] from PlanetMath
| |
| * [http://mathdl.maa.org/images/upload_library/22/Polya/07468342.di020792.02p05747.pdf Three Fermat Trails to Elliptic Curves], Ezra Brown, The College Mathematics Journal, Vol. 31 (2000), pp. 162–172, winner of the MAA writing prize the George Pólya Award.
| |
| * [http://www.mathworks.com/matlabcentral/fileexchange/loadFile.do?objectId=300&objectType=File Matlab code for implicit function plotting] – Can be used to plot elliptic curves.
| |
| * [http://sagenb.org/home/pub/1126/ Interactive introduction to elliptic curves and elliptic curve cryptography with SAGE]
| |
| * [http://www.certicom.com/ecc_tutorial/ecc_javaCurve.html Geometric Elliptic Curve Model(Java-Applet drawing curves)]
| |
| * [http://danher6.100webspace.net/ecc#ER_interactivo Interactive elliptic curve over R] and [http://danher6.100webspace.net/ecc#EFp_interactivo over Zp] - Web application that requires HTML5 capable browser.
| |
| | |
| {{Algebraic curves navbox}}
| |
| | |
| {{PlanetMath attribution|id=3206|title=Isogeny}}
| |
| | |
| {{DEFAULTSORT:Elliptic Curve}}
| |
| [[Category:Elliptic curves| ]]
| |
| [[Category:Analytic number theory]]
| |
| [[Category:Group theory]]
| |