Download The Congruent Number Problem and the Birch and Swinnerton

The Congruent Number Problem and the
Birch and Swinnerton-Dyer Conjecture
Florence Walton
MMathPhil
Hilary Term 2015
2
Abstract
This dissertation will consider the congruent number problem (CNP), the
problem of finding a single criterion for determining whether or not a given
natural number is the area of some rational-sided right-angled triangle. The
CNP is intimately tied to elliptic curves, since a rational-sided right-angled
triangle with area N corresponds to a rational point on the elliptic curve
EN : y 2 = x3 − N 2 x. This gives a different approach to solving the CNP,
and one which proves more fruitful. Indeed, this allows us to reduce the
question of whether a given natural number is congruent to one of whether
the algebraic rank of its congruent number elliptic curve is non-zero. This
is significant progress, but we are not able to calculate the algebraic rank of
an elliptic curve in general, so we need another change of approach to solve
the CNP. This is what, if true, the Birch and Swinnerton-Dyer Conjecture
(BSD) provides, since it says that the algebraic rank of an elliptic curve is
equal to its analytic rank. The BSD Conjecture has not yet been proven but,
if it is true, then we have simplified the congruent number problem to one of
calculating the analytic ranks of the elliptic curves EN .
Contents
1 The
1.1
1.2
1.3
1.4
1.5
Congruent Number Problem
The problem . . . . . . . . . . . .
Constructing congruent numbers
A simplification . . . . . . . . . .
Two Theorems and a Conjecture
The plan of attack . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
2 Elliptic Curves
2.1 A group law . . . . . . . . . . . . . . . . . . . .
2.2 The torsion subgroup . . . . . . . . . . . . . . .
2.2.1 Finding the torsion subgroup . . . . . .
2.2.2 The Nagell-Lutz Theorem . . . . . . . .
2.3 Mordell’s Theorem . . . . . . . . . . . . . . . .
2.3.1 Part 1: Height . . . . . . . . . . . . . . .
2.3.2 Part 2: The Weak Mordell-Weil Theorem
2.3.3 Mordell’s Theorem at last . . . . . . . .
2.4 Examples: calculating the algebraic rank . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4
. 5
. 6
. 8
. 9
. 11
.
.
.
.
.
.
.
.
.
15
15
19
20
21
32
32
40
48
51
.
.
.
.
.
.
.
.
.
3 The Birch and Swinnerton-Dyer Conjecture
59
3.1 The L-function . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.2 Congruent Numbers and the BSD Conjecture . . . . . . . . . 62
3
Chapter 1
The Congruent Number
Problem
We shall consider the Congruent Number Problem (CNP), a question of
which natural numbers are areas of right-angled triangles with rational side
lengths. The aim is to find a single criterion for whether or not a given
natural number is such an area (that is, is congruent).
The CNP is one of the oldest unsolved mathematical problems, tracing
back at least to Mohammed Ben Alhocain in a tenth century Arab manuscript
[21]. He wrote that the key goal in the theory of right-angled triangles is to
find a square number that, when a certain number N is either added or
subtracted, still yields square numbers. We can see that this is essentially
the CNP, since it sets up a progression:
2 2
α−β
γ 2 α+β
,
,
,
2
2
2
with common difference N and we can consider N as the area of a rightangled triangle with sides α, β, γ. An elementary change of variables then
allows us to interpret this problem as one of finding a nontrivial rational
solution pair (x, y) to the equation
EN : y 2 = x3 − N 2 x,
the congruent number elliptic curve.
In this dissertation, we shall explore the relationship between congruent numbers and elliptic curves. We begin by defining congruent numbers
and understanding how we can generate them. Although this is a relatively
straightforward question, the reverse process (that is, the process of determining whether or not a given natural number is congruent) is far more
4
1.1. THE PROBLEM
5
complex and will form our focus. Firstly, we find a correspondence between
the lengths α, β of the shorter sides of a right-angled triangle with area N
and a rational solution (x, y) on the elliptic curve EN : y 2 = x3 − N 2 x. So
we focus on rational points on elliptic curves, finding that the group of rational points on a given curve is made up of the points of finite order, which
are relatively straightforward to calculate, and the points of infinite order,
which are less easily found. This is shown in Mordell’s Theorem, which not
only says that the set of rational points on a curve forms a finitely generated
group, but also allows us to identify the group structure, demonstrating the
significance of the algebraic rank. The algebraic rank is a key constant in
our work: indeed, determining whether N is a congruent number is the same
as determining whether the algebraic rank of the corresponding curve EN is
non-zero.
Understanding the algebraic rank of an elliptic curve is a difficult and, in
general, open problem, so we turn to the Birch and Swinnerton-Dyer (BSD)
Conjecture, that the algebraic rank is equal to the analytic rank. This gives
us another way of approaching the problem.
Though no complete proof of the CNP has been given, some solid foundations have been built. In the seventeenth century, Fermat (1640) [8] proved
the first key theorem on this topic, that 1 is not a congruent number. He also
noted that this implied that there are no rational (x, y) with x, y 6= 0 such
that x4 + y 4 = 1, which was perhaps what led him to claim Fermat’s Last
Theorem, that there are no non-trivial integer solutions to xa + y a = z a for
any integer a ≥ 3. More recently, Tian (2012)[21] proved that, for any natural number k ≥ 1, there exist infinitely many square-free congruent numbers
of the form 8n + 5, 8n + 6, 8n + 7 with precisely k distinct odd prime factors,
also giving a method for their construction. Tian’s result goes a certain distance towards proving part of Birch and Swinnerton-Dyer’s prediction that
every integer of the form 8n + 5, 8n + 6 or 8n + 7 is congruent. By Tunnell’s
Theorem (1983) [22] and the BSD Conjecture (1965) [2], we have a single
criterion for determining whether a given natural number N is congruent,
but no proof has yet emerged of the BSD Conjecture. It has become of such
central interest that it was named one of the Clay Mathematics Institute’s
million dollar Millennium Problems [?].
1.1
The problem
We begin by defining congruent numbers and stating the Congruent Number
Problem. We predominantly owe the exposition of this chapter to Coates [5],
Brown [4] and Koblitz [12].
6
CHAPTER 1. THE CONGRUENT NUMBER PROBLEM
Definition 1.1.1. A congruent number is a natural number N which is the
area of a right-angled triangle with rational-length sides.
The congruent number problem is the problem of finding a simple criterion by which to determine whether a given natural number is a congruent
number. Much progress has been made towards understanding what its solution would depend on, but it remains an open problem.
Looking at the problem the other way around, however, soon yields fairly
basic methods for constructing congruent numbers from Pythagorean triples.
1.2
Constructing congruent numbers
Definition 1.2.1. A Pythagorean triple is a triple (α, β, γ), α, β, γ ∈ Q such
that α2 + β 2 = γ 2 .
We use the notation hcf(a, b) for the highest common factor of a and b.
Definition 1.2.2. A primitive Pythagorean triple is a Pythagorean triple
(α, β, γ), such that α, β, γ ∈ Z and hcf(α, β, γ) = 1.
Theorem 1.2.3 (Euclid’s Formula). A triple (α, β, γ) is a primitive Pythagorean
triple if and only if there exist natural numbers, m and n, such that m > n
and α = 2mn, β = m2 − n2 , γ = m2 + n2 .
Proof. We largely follow [23]. The backwards direction is obvious on considering the equation with natural numbers m > n:
α2 + β 2 = (2mn)2 + (m2 − n2 )2 = (m2 + n2 )2 = γ 2 .
For the forwards direction, consider α2 + β 2 = γ 2 . Suppose, for a contradiction, that α and β are both odd. We know that squares modulo 4 are 0 or
1, so that α2 ≡ β 2 ≡ 1 (mod 4) and so γ 2 ≡ 2 (mod 4), which contradicts
squares modulo 4 being 0 or 1. So at least one of α and β must be even.
Supposing both to be even yields 2 | γ, contradicting hcf(α, β, γ) = 1. So
exactly one of α and β is even. Then α2 + β 2 = γ 2 gives γ 2 − β 2 = α2 .
Therefore,
(γ − β)(γ + β) = α2
α
γ+β
=
.
⇒
α
γ−β
1.2. CONSTRUCTING CONGRUENT NUMBERS
Defining
m
n
:=
γ+β
α
(which we can do as
γ+β
α
7
is rational) gives:
γ−β
1
=
α
α
γ−β
=
=
1
γ+β
α
n
.
m
So we can see
β
1 m
n
=
−
α
2 n
m
and thus
γ
β
m
+ =
α α
n
m 2 + n2
γ
⇒ =
α
2mn
and
γ
β
n
− =
α α
m
m2 − n2
β
.
⇒ =
α
2mn
Since α, β, γ are coprime, αγ and αβ are in their lowest terms. Given our
assumption that m
is in its lowest terms, we have that hcf(m, n) = 1. But
n
if m, n were both even,
the numerator would clearly be divisible by 2 and if
m2 +n2
2
both were odd, then 2mn would be a ratio of two odd numbers, and yet
be equal to αγ , where one of γ, α is even. So the right hand sides are in their
lowest terms if and only if one of m, n is odd and the other is even, since
then the numerators are odd.
Thus, we can equate numerators and denominators, giving
β = m2 − n2
α = 2mn
γ = m 2 + n2
where m and n are coprime and one is odd and one even.
8
CHAPTER 1. THE CONGRUENT NUMBER PROBLEM
We can now construct congruent numbers by taking any m, n ∈ N, m > n
and calculating
α = 2mn
β = m2 − n2 ,
which gives, for the area of the triangle
1
N = αβ
2
= mn(m2 − n2 ).
So we can now generate a congruent number from any two integers. For
example, m = 3 and n = 2 yields N = 30 is a congruent number. But
this has brought us no closer to being able to determine, for a given integer,
whether it is congruent. For this, we shall need a different line of attack.
1.3
A simplification
We are helped by the fact that we do not need to check every single integer
to see if it is a congruent number: some sets “go together”, such that we only
need to show one member of the set is congruent to know that all the others
are, without independent verification.
Proposition 1.3.1. There is a right-angled triangle with area N ∈ N and
sides α, β, γ ∈ Q if and only if there exists a right-angled triangle with area
c2 N for c ∈ Z and rational sides (cα, cβ, cγ).
Proof. Given a right-angled triangle, with area N and sides α, β, γ ∈ Q, we
can multiply out by denominators to give a right-angled triangle with integer
sides cα, cβ, cγ and area c2 N where c is the lowest common multiple of the
denominators of α and β.
For the converse, we can reverse this method, taking the right-angled triangle
with integer sides (a, b, d) and area M and finding a right-angled triangle with
and rational sides ( ac , cb , dc ).
area M
c2
The area of the triangle we reach as a result of this backwards direction
may be an integer (and so congruent number), or merely a rational (in which
case we discard it). We know from Proposition 1.3.1 that c2 N is congruent
if and only if N is, that is that we only need to consider congruent numbers
modulo nonzero rational squares (the set of squares of nonzero rational numbers), the set of which we shall denote (Q∗ )2 . So, from now on, it suffices to
consider only square-free congruent numbers.
1.4. TWO THEOREMS AND A CONJECTURE
1.4
9
Two Theorems and a Conjecture
No full solution to the congruent number problem has been found. Here,
we give a brief overview of some historically significant steps towards understanding the CNP. Fermat’s result showed that 1 is not a congruent number
and similar arguments show that 2 and 3 are not congruent numbers. Tunnell’s Theorem gives a partial solution to the congruent number problem and,
if the weak form of the Birch and Swinnerton-Dyer Conjecture is true, then
there is a complete solution. Before we give Fermat’s result, we need the
following:
Lemma 1.4.1. Two positive coprime integers a, b whose product is a perfect
square are each perfect squares.
Proof. Let ab = n2 for some n ∈ N. Then n | n2 , so n | ab. Now let
n := pa11 pa22 ...pakk for distinct primes pi and natural numbers aj . For any pi ,
p2i | n2 and so p2i | ab. This means that we have one of the following cases:
1. p2i | a and p2i - b
2. p2i | b and p2i - a
3. pi | a and pi | b (yields a contradiction by the coprimality assumption).
Now we can see that, for each pi | n, p2i | a or b and, since any c which divides
2ak
1 2a2
ab also divides n2 = p2a
1 p2 ...pk , we have that a and b are perfect squares
(since they are each a product of perfect squares).
Theorem 1.4.2 (Fermat). 1 is not a congruent number.
Proof. We follow Conrad [6]. Suppose, for a contradiction, that there is a
right-angled triangle with area 1. Let the lengths of the sides be αc , βc and γc
for α, β, γ, c ∈ Z+ . Then α2 + β 2 = γ 2 and 21 αβ = c2 . These give
α2 + β 2 = γ 2
αβ = 2c2 .
(1.1)
Suppose, for a contradiction, that there is a solution to (1.1) in the positive
integers. Let h := hcf(α, β) so h | α and h | β. Then h2 | γ 2 and h2 | 2c2 and
so h | γ and h | c. So αh , βh , hγ , hc is another 4-tuple of positive integers with
hcf( αh , βh ) = 1. Therefore, since we are assuming that there is a solution in
positive integers, we have that there is a solution with α and β coprime.
So now we can construct a new 4-tuple of positive integers α0 , β 0 , γ 0 , c0 , satisfying (1.1), such that (α0 , β 0 ) = 1 and 0 < γ 0 < γ. Continually repeating this
10
CHAPTER 1. THE CONGRUENT NUMBER PROBLEM
process we shall reach a contradiction:
Since αβ = 2c2 and α and β are coprime, α and β must be of different parity.
So then γ 2 = α2 + β 2 is odd, so γ is odd. Since α and β are positive and
coprime, with αβ twice a square, one is a square and the other is twice a
square by Proposition 1.4.1. Without loss of generality, α is even and β is
odd. Then
α = 2k 2 , β = l2
for some positive integers k and l and (since β is odd) we know that l is too.
γ−β
.
From the first part of (1.1), we now have 4k 4 +β 2 = γ 2 , yielding k 4 = γ+β
2
2
γ−β
γ+β
Since β and γ are odd and coprime, 2 and 2 are coprime (by Theorem
1.2.3). This means that γ+β
= r4 and γ−β
= s4 for some coprime r, s ∈ Z+ .
2
2
Adding and subtracting these equations gives β = r4 − s4 and γ = r4 + s4 ,
so that l2 = β = (r2 + s2 )(r2 − s2 ). Now since l is odd, any common factor
of (r2 + s2 ) and (r2 − s2 ) would be odd and it would also divide their sum
and difference, 2r2 and 2s2 . Thus it is a factor of hcf(r2 , s2 ), which we know
to be 1. This means that they have no common factor and (r2 + s2 ) and
(r2 − s2 ) are coprime. Since (r2 + s2 )(r2 − s2 ) is an odd square and one of the
factors is positive, the other must be positive and hence a square by Lemma
1.4.1, so that
r2 + s2 = t2
r2 − s2 = u2 ,
(1.2)
where t, u are odd, positive, coprime integers. We have that u2 ≡ 1 (mod 4)
(since u is odd), r2 − s2 ≡ 1 (mod 4), giving that r is odd and s is even (as
r, s coprime). Now, solving for r2 in (1.2), we get
2 2
t+u
t−u
t2 + u2
2
=
+
,
(1.3)
r =
2
2
2
with t±u
∈ Z as t and u are both odd. Equation 1.3 gives a Pythagorean
2
triple: if we set
t+u
2
t
−
u
β0 =
2
0
γ = r,
α0 =
then α02 + β 02 = γ 02 . Since hcf(t, u) = 1, hcf(α0 , β 0 ) = 1 as well. From (1.2),
2
2
2
2
α0 β 0 = t −u
= 2s4 = 2 2s . Taking c0 := 2s ∈ Z, we see that (α0 , β 0 , γ 0 , c0 )
4
provides a new solution to (1.1). As 0 < γ 0 = r ≤ r4 < r4 + s4 = γ, we get a
contradiction by descent.
1.5. THE PLAN OF ATTACK
11
Theorem 1.4.3 (Tunnell’s Theorem [22]). If N is a square-free odd congruent number, then:
#{x, y, z ∈ Z | N = 2x2 + y 2 + 32z 2 } = 12 #{x, y, z ∈ Z | N = 2x2 + y 2 + 8z 2 }.
Similarly, if N is a square-free even congruent number, then:
#{x, y, z ∈ Z | N2 = 4x2 + y 2 + 32z 2 } = 21 #{x, y, z ∈ Z | N = 4x2 + y 2 + 8z 2 }.
The proof of Tunnell’s Theorem involves a careful study of modular forms,
which is beyond the scope of this work.
Conjecture 1 (Birch and Swinnerton-Dyer Conjecture [2]). The algebraic
rank of an elliptic curve is equal to its analytic rank.
Birch and Swinnerton-Dyer developed their conjecture in the 1960s, aided
by machine computation. The proof of this conjecture has still not been given
in its complete form but, if it is true, then the converse of Tunnell’s Theorem
also holds, and a single criterion for congruency of an integer is yielded.
We shall see the relevance of the BSD Conjecture in the next section, when
we show that a natural number N is congruent if and only if the algebraic
rank (a key constant which we shall define in Chapter 2) of the elliptic curve
y 2 = x3 − N 2 x is not equal to zero. Since this is the direction in which we
are heading, we will devote a significant portion of this thesis to giving an
overview of the key properties of elliptic curves.
1.5
The plan of attack
The congruent number problem can be viewed as a problem about an object
which is central to modern number theory, the elliptic curve. This enables us
to attack the problem from a different direction, so we begin by introducing
the properties of elliptic curves with some definitions.
Definition 1.5.1. A curve f (x, y) = 0 is singular at the point P = (x0 , y0 )
= ∂f
= 0.
if f (x0 , y0 ) = ∂f
∂x (x0 ,y0 )
∂y (x0 ,y0 )
Definition 1.5.2. A curve is nonsingular if it is nonsingular at all points.
Otherwise, the curve is singular.
Definition 1.5.3. An elliptic curve over a field F is a nonsingular curve
defined by the equation y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 , with ai ∈ F
together with one special point “at infinity”, O. Any elliptic curve over a
field K with charK 6= 2, 3 can be expressed in Weierstrass Normal Form:
y 2 = x3 + Ax + B,
12
CHAPTER 1. THE CONGRUENT NUMBER PROBLEM
with
A, B ∈ F.
Thus, as we are normally working over Q (since we are focussing on the
link between rational-sided right-angled triangles and elliptic curves), we are
not making any unwarranted assumptions. However, this should be borne in
mind for general results.
We are now ready to proceed.
Proposition 1.5.4. If N is a congruent number, then a rational right-angled
triangle with short sides x,y and area N gives a rational solution (x, y) to the
elliptic curve y 2 = x3 − N 2 x.
Proof. Clearly, N is a congruent number if and only if there exist rational
numbers α, β and γ such that
1
N = αβ
2
2
γ = α2 + β 2 .
(1.4)
(1.5)
Finding the sum and the difference of (1.5) and 4 times (1.4) gives:
(β + α)2 = γ 2 + 4N
(β − α)2 = γ 2 − 4N.
Then multiplying together and dividing by 16 yields:
Setting u =
γ
2
and v =
β 2 − α2
4
β 2 −α2
4
2
=
γ 4
2
− N 2.
gives that
v 2 = u4 − N 2 .
Multiplying by u2 , gives:
(uv)2 = u6 − N 2 u2 .
Now setting x = u2 and y = uv shows that a rational right-angled triangle
with short sides x, y and area N gives a rational solution to y 2 = x3 −N 2 x.
And a partial converse:
1.5. THE PLAN OF ATTACK
13
Theorem 1.5.5. Let (x, y) ∈ Q × Q such that y 2 = x3 − N 2 x and x:
1. has even denominator;
2. is the square of a rational number;
3. has numerator coprime to N .
Then there correspondingly exists a right-angled, rational-sided triangle with
area N .
√
Proof. Let u = x ∈ Q. Set v := uy . Then we have
(x3 − N 2 x)
x
v 2 = x2 − N 2
v 2 + N 2 = x2 .
v2 =
(1.6)
Let t be the denominator of u. We have u2 = x and, by assumption, x has
even denominator, so 2 | t. Now N is an integer and so, by (1.6), v 2 and x2
have the same denominator. Multiplying (1.6) by t4 yields t2 N , t2 v, t2 x as
a Pythagorean triple. The numerator of x has no common factor with N ,
so hcf(t2 N, t2 v, t2 x) = 1. Now applying Theorem 1.2.3 gives the existence of
natural numbers m, n such that t2 N = 2mn, t2 v = m2 −n2 and t2 x = m2 +n2 .
, β = 2n
, γ = 2n yields
Then setting α = 2m
t
t
4 2
(m + n2 )
t2
4
= 2 (t2 x)
t
= 4x
α2 + β 2 =
= (2u)2
= γ 2,
and we see that (α, β, γ) is a Pythagorean triple. The area of the corresponding triangle is
1
1 2m 2n
αβ =
2
2 t t
2mn
= 2
t
= N.
14
CHAPTER 1. THE CONGRUENT NUMBER PROBLEM
We see from the above that a right-angled triangle with rational sides
α, β, γ and area N yields a rational point in the xy-plane (x, y), lying on
the curve y 2 = x3 − N 2 x. Indeed, given the sides α, β, γ of a right-angled
triangle with area N , we can find
2 the corresponding rational point on the
1
2
3
elliptic curve E : y = x − 2 αβ x:
2
γ (β 2 − α2 )γ
(x, y) =
,
.
4
8
Note here that α and β are interchangeable. This makes sense from the
interchangeability of sides of the right-angled triangle, and we can check
that the two different y-coordinates both yield points which lie on the curve,
since the curve is symmetric about the x-axis and the y-coordinates are
merely negatives of each other.
Example 1.5.6. From the (3, 4, 5) triangle, we can see that 6 is a congruent
2
number. This corresponds to
a solution pair on the elliptic curve y =
35
25
3
x − 36x: the points 4 , ± 8 .
Example 1.5.7. There are two different rational-sided right-angled triangles
with area 210: (20, 21, 29) and (12, 35, 37). These correspond to two different
rational point pairs on the elliptic curve y 2 = x3 − 2102 x:
841 1189
,±
4
8
1369 39997
,±
4
8
(x, y) =
and
.
Curves of the form y 2 = x3 − N 2 x are a particular kind of elliptic curve,
so elliptic curves can be used to answer many key questions about congruent
numbers. We shall investigate their key properties in the next chapter.
Chapter 2
Elliptic Curves
Let E be the elliptic curve y 2 = x3 + Ax + B with A, B ∈ Q.
2.1
A group law
We begin with some notation. We use E(Q) to denote the set of points on
the curve E with coordinates in the field Q. This section is mostly based on
Brown [4], Koblitz [12], and Silverman and Tate [17].
Our aim is first to prove:
Proposition 2.1.1. The set of points E(Q) forms an abelian group.
First, we need to define a group operation. Addition of points on elliptic
curves is much more simply explained geometrically, so we initially consider
it in this way. Then we shall derive explicit algebraic formulae for addition.
Method 2.1.2 (Adding points on elliptic curves).
Given two points, P1 and P2 on E, drawing the line passing through both
gives a unique third point of intersection of this line with the curve (note
that the third point may be O), which we call P1 ∗ P2 . If P1 = P2 =: P here,
we draw the tangent to P and then find the other point of intersection with
the curve, P ∗ P . We define O ∗ O := O (since O is taken to be a point of
inflection). Then we define P1 + P2 as the third intersection point of the line
through O and P1 ∗ P2 . This gives P1 + P2 = O ∗ (P1 ∗ P2 ).
15
16
CHAPTER 2. ELLIPTIC CURVES
• P1 ∗ P2
P2
P1
•
•
•P1 + P2
Proposition 2.1.3. If P1 = (x1 , y1 ) and P2 = (x2 , y2 ), then P1 + P2 :=
(x3 , y3 ) = (λ2 − x1 − x2 , λx3 + ν), where
y2 − y1
x2 − x1
ν := y1 − λx1 = y2 − λx2 .
λ :=
Proof. Let P1 := (x1 , y1 ), P2 := (x2 , y2 ), P1 ∗ P2 := (x3 , −y3 ), P1 + P2 :=
(x3 , y3 ) Firstly, we consider the line through P1 and P2 , which has equation
y = λx + y1 − λx1
(note that we could just as easily have used (x2 , y2 ), since we are defining
a straight line through both these points). Now we can find the points of
intersection of the line with the elliptic curve:
x3 + Ax + B = y 2
= (λx + ν)2
= λ2 x2 + ν 2 + 2λνx
⇒ 0 = x3 − λ2 x2 + (A − 2λν)x + (B − ν 2 )
= (x − x1 )(x − x2 )(x − x3 )
2
⇒ −λ = −x1 − x2 − x3
⇒ x3 = λ2 − x1 − x2
y3 = λx3 + ν.
There is a special case of this we note now, when P1 = P2 :
2.1. A GROUP LAW
17
Proposition 2.1.4 (The duplication formula: doubling a point). Let P =
(x1 , y1 ) be a point on an elliptic curve, E. Then 2P = P + P has coordinates
x41 − 2Ax21 − 8Bx1 + A2
4(x31 + Ax1 + B)
−x61 − 5Ax41 − 20Bx31 + 5A2 x21 + 4ABx1 + A3 + 8B 2
y(2P ) =
.
8y13
x(2P ) =
Proof. Let y = λx + ν, with with λ, ν defined as before, define the tangent
to E at P . Then:
dy λ=
dx P
y 2 = f (x)
f 0 (x1 )
⇒λ=
2y1
0
2
f (x1 )
⇒ x(2P ) =
− 2x1 (from previous)
2y1
x4 − 2Ax21 − 8Bx1 + A2
.
= 1
4y12
y(2P ) = λx(2P ) + ν
f 0 (x1 )
=
x(2P ) + ν
2y1
(3x21 + A) (x41 − 2Ax21 − 8Bx1 + A2 )
=
+ν
2y1
4y12
(3x61 − 5Ax41 − 24Bx31 + 3A2 x21 − 2A2 x21 − 8ABx1 + A3 )
f 0 (x1 )
+
y
−
=
x1
1
8y13
2y1
−x61 − 5Ax41 − 20Bx31 + 5A2 x21 + 4ABx1 + A3 + 8B 2
=
.
8y13
Proposition 2.1.5. (E(Q), +) is an abelian group.
Proof. Firstly, we verify commutativity:
Commutativity: For all P, Q ∈ E(Q), P + Q = Q + P
Clearly, P ∗ Q = Q ∗ P , since there is a unique line through P and Q and so
the third point of intersection with the curve is the same in both cases. But
then P + Q is uniquely determined by P ∗ Q, so that P + Q = Q + P .
Next, we verify the group laws:
18
CHAPTER 2. ELLIPTIC CURVES
Binary operation of addition: For all P, Q ∈ E(Q), P + Q ∈ E(Q):
From Proposition 2.1.3, it is clear that if P1 , P2 ∈ E(Q), then P1 +P2 ∈ E(Q).
Associativity: For all P, Q, R ∈ E(Q), P + (Q + R) = (P + Q) + R:
f
P ∗ (Q + R)
P
s
s
P +R
s
s
(P + Q) ∗ R
e
s
Q
d
s
P ∗Q
a
R
s
s
P +Q
b
P ∗R
s
O
s
c
Here the labelled points are those which intersect with the curve E. We
are required to prove that P ∗ (Q + R) = (P + Q) ∗ R. To do this, we
consider the two cubic curves defined respectively by the lines a, b, c and
d, e, f . Now each of these curves shares 8 points with E: O, P, Q, R, P ∗
Q, P + Q, P ∗ R, P + R. Then, by an application of Bézout’s Theorem [1],
the ninth point of intersection must be the same for all three curves. Thus,
P ∗ (Q + R) = (P + Q) ∗ R and so P + (Q + R) = (P + Q) + R.
Identity: There exists I ∈ E(Q) such that for all P ∈ E(Q), P + I = P =
I + P:
Considering the point at infinity, O,
P + O = (P ∗ O) ∗ O
= P.
We can see this since, if P = (x, y) then P ∗O = (x, −y) so (P ∗O)∗O = (x, y).
By commutativity, we have the result.
Inverses: For all P = (x, y), there exists −P = (x, −y) such that P +(−P ) =
O:
We define Q := P ∗ (O ∗ O) and show that Q is the inverse of P , which we
2.2. THE TORSION SUBGROUP
19
shall call −P .
P + Q = O ∗ (P ∗ Q)
= O ∗ (P ∗ (P ∗ (O ∗ O)))
= P.
We can also see this from the picture of the elliptic curve, since there are no
other points of intersection of E and the line through P and −P .
2.2
The torsion subgroup
We begin by investigating the torsion points on an elliptic curve. The algebraic rank of an elliptic curve is key in our quest to solve the congruent
number problem. The algebraic rank is the number of independent nontorsion points and, in order to understand this constant fully, we need to
prove Mordell’s Theorem, which gives the structure of the group of rational
points on the curve. The group is made up of torsion points and points of
infinite order. This section is a compilation of Brown [4], Koblitz [12] and
Silverman and Tate [17].
Definition 2.2.1. The order, m, of a group element, P is the least m ∈ N
such that mP = P + P + ... + P = O (the sum of m P s).
Definition 2.2.2. The torsion points on an elliptic curve are those points
with finite order.
Definition 2.2.3. P has finite order if such an m exists.
We use E(Q)tors to denote the set of all torsion points.
Theorem 2.2.4. The point P = (x, y) on the elliptic curve E, P 6= O, has
order 2 if and only if y = 0.
Proof. We consider points of order 2:
2P
⇐⇒ P
⇐⇒ y
⇐⇒ y 2
⇐⇒ P1
= O, P 6= O
= −P
= −y
=0
= (α1 , 0), P2 = (α2 , 0), P3 = (α3 , 0),
where αi are the roots of the cubic x3 + Ax + B.
20
CHAPTER 2. ELLIPTIC CURVES
Theorem 2.2.5. The point P on E, P 6= O, has order 3 if and only if x is
a root of
ψ3 (x) := 3x4 + 6Ax2 + 12Bx − A2 .
Proof. Considering points of order 3:
3P = O
⇒ 2P = −P
⇒ x(2P ) = x(−P ) = x(P )
⇒ x(2P ) = x(P ).
Conversely,
x(2P ) = x(P )
⇒ 2P = ±P
⇒ either P = O (yielding a contradiction by assumption); or
3P = O.
Therefore, points of order 3 are points satisfying x(2P ) = x(P ).
So, by the Duplication Formula, we set
x4 − 2Ax2 − 8Bx + A2
4(x3 + Ax + B)
⇐⇒ 4x(x3 + Ax + B) = x4 − 2Ax2 − 8Bx + A2
⇐⇒ 4x4 + 4Ax2 + 4Bx = x4 − 2Ax2 − 8Bx + A2
⇐⇒ 3x4 + 2Ax2 − 4Bx + A2 = 0.
x=
2.2.1
Finding the torsion subgroup
Here, we state Mazur’s Theorem to describe the rational torsion points on an
elliptic curve and use the Nagell-Lutz Theorem to find some of these points.
We begin by giving some important invariants of an elliptic curve.
Definition 2.2.6. The discriminant of E, ∆(E) (or just ∆) is
∆(E) = −16(4A3 + 27B 2 ).
Since we shall often want to talk of elliptic curves of this form, we establish
the notation EN to denote the elliptic curve y 2 = x3 − N 2 x.
2.2. THE TORSION SUBGROUP
21
Example 2.2.7. The discriminant of EN is
∆(EN ) = −16(4A3 + 27B 2 )
= −64N 6
Proposition 2.2.8. We have ∆(E) 6= 0 if and only if the roots of f (x) =
x3 + Ax + B are distinct.
Proof. We can factor f over C, into
f (x) = (x − α1 )(x − α2 )(x − α3 ).
Then, by lengthy calculations,
∆ = (α1 − α2 )2 (α1 − α3 )2 (α2 − α3 )2 .
Therefore, we can see that ∆(E) 6= 0 if and only if each of these three factors
is non-zero; that is, if and only if α1 , α2 , α3 are distinct.
Since E being nonsingular is equivalent to E having three distinct roots, E
is nonsingular if and only if ∆(E) 6= 0.
2.2.2
The Nagell-Lutz Theorem
In this subsection, we prove the Nagell-Lutz Theorem, a stronger version of
which will allow us to calculate some of the points of finite order on elliptic
curves. The results are based on Silverman and Tate [17], with examples
from my workings of their exercises and the L-functions and Modular Forms
Database (LMFDB) [14].
Lemma 2.2.9. Given a rational number q and a prime p, we can express q
pν for some integer ν, where hcf(m, n) = hcf(m, p) = hcf(n, p) = 1.
as q = m
n
We do not prove this here, as it is quite intuitive.
Definition 2.2.10. Fixing a prime p, the order of a rational number is the
integer ν in the number’s expression in the form m
pν , where m, n ∈ Z such
n
that m and n are coprime with p, n > 0 and m
is in its lowest terms:
n
ord
m
n
pν = ν.
22
CHAPTER 2. ELLIPTIC CURVES
Proposition 2.2.11. Let p be a fixed prime, let R be the ring of rational
numbers with denominator coprime to p and let E(pν ) be the set of O together
with the rational points (x, y) on E such that the denominator of x is divisible
by p2ν . Then
1. E(p) consists of O and all rational points (x, y) for which one of the
denominators of x and y is divisible by p.
2. For every ν ≥ 1, E(pν ) is a subgroup of E(Q).
3. The map
T :
pν R
E(pν )
−→
E(p2ν )
p3ν R
such that
T : (x, y) 7−→
x
y
is a one-to-one homomorphism. We define T (O) = (0, 0).
Proof. (1) Let us consider a rational point P = (x, y) on E, where p divides
the denominator of x, say
m
npµ
u
y=
,
wpσ
x=
where µ > 0, m, n, u, w, µ, σ ∈ Z and p does not divide m, n, u, w. Using
this in the equation for an elliptic curve and putting things over a common
denominator, we find
m3 + Amn2 p2µ + Bn3 p3µ
u2
=
.
w2 p2σ
n3 p3µ
Now p - u2 and p - w2 , so
ord
u2
w2 p2σ
= −2σ.
Since µ > 0 and p - m, it follows that
p - (m3 + Amn2 p2µ + Bn3 p3µ )
2.2. THE TORSION SUBGROUP
23
and hence
ord
m3 + Amn2 p2µ + Bn3 p3µ
n3 p3µ
= −3µ.
Thus, 2σ = 3µ. In particular, σ > 0, and so p divides the denominator of y.
Further, the relation 2σ = 3µ means that 2 | µ and 3 | σ, so we have µ = 2ν
and σ = 3ν for some integer ν > 0. Thus, if p appears in the denominator
of either x or y, then it is in the denominator of both of them, and in this
case the exact power is p2ν in x and p3ν in y for some positive integer ν > 0.
Thus, we have proved (1).
This suggests define E(pν ) as in the statement of the proposition. In other
words,
E(pν ) = {(x, y) ∈ E(Q) : ord(x) ≤ −2ν and ord(y) ≤ −3ν}.
Obviously, we have inclusions
E(Q) ⊃ E(p) ⊃ E(p2 ) ⊃ E(p3 ) ⊃ ...,
The inclusion of the identity element O in every E(pν ) is by convention.
In order to prove (2), our objective is to show that if (x, y) is a point of finite
order, then x and y are integers. We do this by showing that for every prime
p, p doesn’t divide the denominators of x and y. That is, we want to show
that a point of finite order cannot lie in E(p). We start by proving that each
of the sets E(pν ) is a subgroup of E(Q).
First, we change coordinates and move the point at infinity to a finite place.
The identity element O on our curve is mapped to the origin (0, 0) in the
(t, s) plane and, when y 6= 0:
x
y
1
s= .
y
t=
Then y 2 = x3 + Ax + B becomes s = t3 + Ats2 + Bs3 in the (t, s) plane. In
the (t, s) plane we have all of the points in the old (x, y) plane except for the
points where y = 0.
We can visualise the situation in terms of these two views of the curve. The
view in the (x, y) plane shows everything except O and the points of order
2. Ignoring these exceptions, there is a one-to-one correspondence between
points on the curve in the (x, y) plane and points on the curve in the (t, s)
plane.
24
CHAPTER 2. ELLIPTIC CURVES
y
t
x
s
Further, a line y = λx + ν in the (x, y) plane corresponds to a line in the
(t, s) plane. Namely, if we divide y = λx + ν by νy, we get
λx 1
1
=
+
ν
νy y
λ
1
⇒s=− t+ .
ν
ν
Thus, we can add points in the (t, s) plane by the same procedure as in the
(x, y) plane. We want the explicit formula.
It is convenient to look at the ring of all rational numbers with denominator
coprime to p, which we denote R or Rp . We see that R is a ring because,
if α and β have denominators coprime to p, then the same is true of α ± β
and αβ. We can also describe R by saying that it consists of zero together
with all non-zero rational numbers x such that ord(x) ≥ 0. The ring R is
a certain subring of the field of rational numbers, with unique factorisation
and only one prime, p. The units of R are just the rational numbers of order
zero, that is, numbers with numerator and denominator prime to p.
We now consider the divisibility of our coordinates s, t by powers of p, particularly for points in E(p). Let (x, y) be a rational point of E in the (x, y)
plane lying in E(pν ), so we can write
m
x = 2(ν+i)
np
u
y=
wp3(ν+i)
for some i ≥ 0. Then
x
mw ν+i
=
p
y
nu
1
w
s = = p3(ν+i) .
y
u
t=
2.2. THE TORSION SUBGROUP
25
Thus, our point (t, s) is in E(pν ) if and only if t ∈ pν R and s ∈ p3ν R. This
says that pν divides the numerator of t and p3ν divides the numerator of s.
To prove that the E(pν )’s are subgroups, we have to add points and show that
if a higher power of p divides the t-coordinate of two points, then the same
power of p divides the t-coordinate of their sum. This is simply a question
of noting the formulae.
Let P1 = (t1 , s1 ) and P2 = (t2 , s2 ) be distinct points. If t1 = t2 , then
P1 = −P2 , so P1 + P2 is certainly in E(pν ). Assume now that t1 6= t2 and let
s = αt + β be the line through P1 and P2 . The slope α is given by
α=
s2 − s1
.
t2 − t1
We can rewrite this as follows. The points (t1 , s1 ) and (t2 , s2 ) satisfy the
equation
s = t3 + Ats2 + Bs3 .
Subtracting the equation for P1 from the equation for P2 and factoring gives
s2 − s1 = (t32 − t31 ) + A(t2 s22 − t1 s21 ) + B(s32 − s31 )
= (t32 − t31 ) + A[(t2 − t1 )s22 + t1 (s22 − s21 )] + B(s32 − s31 ).
We can now factor out (s2 − s1 ) and (t2 − t1 ) and express their ratio in terms
of what is left. After some calculation, this yields:
α=
=
s2 − s1
t2 − t1
t22 + t1 t2 + t21 + As22
1 − At1 (s1 + s2 ) − B(s21 + s1 s2 + s22 )
(2.1)
This has given us the 1 in the denominator of α, so that the denominator of
α will be a unit in R.
Similarly, if P1 = P2 , then the slope of the tangent line to E at P1 is
ds
(P1 )
dt
3t21 + As21
=
.
1 − 2At1 s1 − 3Bs21
α=
26
CHAPTER 2. ELLIPTIC CURVES
t
• (t3 , s3 )
(t2 , s2 )
s
•
(t1 , s1 )
•
Now this is the same slope we get by substituting t2 = t1 and s2 = s1
into the right-hand side of (2.1). So we may use (2.1) in all cases.
Let P3 = (t3 , s3 ) be the third point of intersection of the line s = αt + β with
the curve. To get the equation whose roots are t1 , t2 , t3 , we substitute αt + β
for s in the equation of the curve:
αt + β = t3 + At(αt + β)2 + B(αt + β)3 .
Multiplying this out and collecting powers of t gives
0 = (1 + Aα2 + Bα3 )t3 + (2Aαβ + 3Bα2 β)t2 + lower order terms.
The equation has roots t1 , t2 , t3 , so the right hand side equals
c(t − t1 )(t − t2 )(t − t3 ), for some constant c.
Comparing the coefficients of t3 and t2 , we find that the sum of the roots is
t1 + t2 + t3 = −
2Aαβ + 3Bα2 β
.
1 + Aα2 + Bα3
We now have all the formulae we will need except for the trivial one
β = s1 − αt1 ,
saying that the line goes through P1 .
We now have a formula for t3 , so we can find P1 + P2 by drawing the line
through (t3 , s3 ) and (0, 0) and taking the third intersection with the curve.
It is clear from the equation of the curve that if (t, s) is on the curve, then
so is (−t, −s). So this third intersection is (−t3 , −s3 ).
Examining the expression for α, we see that the numerator of α lies in p2ν R,
because t1 , s1 , t2 , s2 ∈ pν R. For the same reason, the quantity −At1 (s2 +
2.2. THE TORSION SUBGROUP
27
s1 ) − B(s22 + s1 s2 + s21 ) is in p2ν R, so the denominator of α is a unit of R (we
now see the relevance of the 1 in the denominator). Thus, α ∈ p2ν R.
Next, since s1 ∈ p3ν R and α ∈ p2ν R and t1 ∈ pν R, the formula β = s1 − αt1
gives that β ∈ p3ν R. We also see that the denominator 1 + Aα2 + Bα3 of
t1 + t2 + t3 is a unit in R. Looking at the expression for t1 + t2 + t3 given
above, we have
t1 + t2 + t3 ∈ p3ν R.
Because t1 , t2 ∈ pν R, it follows that t3 ∈ pν R, and so also −t3 ∈ pν R.
This proves that if the t-coordinates of P1 and P2 lie in pν R then the tcoordinate of P1 + P2 lies in pν R. It is then clear that, if the t-coordinate
of P lies in pν R, the t-coordinate of −P = (−t, −s) also lies in pν R. This
shows that E(pν ) is closed under addition and taking negatives and is hence
a subgroup of E(Q) proving (2).
In fact, we have proven a stronger result, showing that if P1 , P2 ∈ E(pν ),
then
T (P1 ) + T (P2 ) − T (P1 + P2 ) ∈ p3ν R.
We can write this last formula a little more suggestively (noting that, although the + in P1 + P2 is the addition on our cubic curve, the + in
T (P1 ) + T (P2 ) is addition in R, simply addition of rational numbers):
T (P1 + P2 ) ≡ T (P1 ) + T (P2 )
(mod p3ν R).
(3) So the map P 7→ T (P ) is almost a homomorphism from E(pν ) into the
additive group of rational numbers, but for the fact that T (P1 + P2 ) is not
actually equal to T (P1 ) + T (P2 ). However, we do get a homomorphism from
ν
E(pν ) to the quotient group pp3νRR by sending P to T (P ), and the kernel
consists of all points P with T (P ) ∈ p3ν R. Thus, the kernel is just E(p3ν ),
so we finally obtain a one-to-one homomorphism
E(pν )
pν R
−→
E(p2ν )
p3ν R
such that
T : (x, y) 7−→
x
.
y
It is straightforward to see that the quotient group
order p2ν . Thus, the quotient group
some 0 ≤ σ ≤ 2ν.
E(pν )
E(p3ν )
pν R
p3ν R
is a cyclic group of
is a cyclic group of order pσ for
28
CHAPTER 2. ELLIPTIC CURVES
Corollary 2.2.12. Let P = (x, y) ∈ Q × Q with P 6= O be a rational, finite
order point. Then:
1. The subgroup E(p), for any prime p, contains precisely one point of
finite order, O.
2. We have x, y ∈ Z.
Proof. (1): Let P have finite order m. We know P 6= O, so m 6= 1. We take
any prime p and aim to show that P ∈
/ E(p).
So suppose, for a contradiction, that P ∈ E(p). Now P may be contained
in a smaller group E(pν ), but cannot be in every group E(pν ), because x’s
denominator cannot be divisible by arbitrarily large powers of p. So there
is some ν > 0 such that P ∈ E(pν ) but P ∈
/ E(pν+1 ). There are two cases:
p - m and p | m.
We first consider the case in which p - m. We have the congruence
T (P1 + P2 ) ≡ T (P1 ) + T (P2 )
(mod p3ν R).
Repeated application of this yields:
T (mP ) ≡ mT (P )
(mod p3ν R).
Given that mP = O, T (mP ) = T (O) = 0. We also know that m is coprime
with p, so m is a unit in R and 0 ≡ T (P ) (mod p3ν R). Thus, P ∈ E(p3ν ),
which contradicts the assumption that p ∈
/ E(pν+1 ).
We run the case where p | m similarly. We let m = pn and consider the point
P 0 = nP . As P has order m, P 0 clearly has order p. We also have P ∈ E(p)
and E(p) is a subgroup, so P 0 ∈ E(p). We can therefore find some ν 0 > 0 so
0
0
that P 0 ∈ E(pν ) but P 0 ∈
/ E(pν +1 ). So, as in the previous case, this yields
0 = T (O) = T (pP 0 ) ≡ pT (P 0 )
(mod p3ν R).
0
Thus, as in the previous case, T (P 0 ) ≡ 0 (mod p3ν −1 R). This contradicts
0
P0 ∈
/ E(pν +1 ), as 3ν 0 − 1 ≥ ν 0 + 1.
(2): Since P is a point of finite order, P ∈
/ E(p) for all primes p. Therefore,
the denominators of x and y are not divisible by any primes and x, y ∈ Z.
Proposition 2.2.13. Let E : f (x) = x3 + Ax + B be a polynomial. Then
∆(f (x)) is in the ideal of Z[x] generated by f (x) and f 0 (x).
Proof. We have
∆ = −27B 2 − 4A3
= (18Ax − 27B)(x3 + Ax + B) + (−6Ax2 + 9Bx − 4A2 )(3x2 + A)
= (18Ax − 27B)f (x) + (−6Ax2 + 9Bx − 4A2 )f 0 (x).
2.2. THE TORSION SUBGROUP
29
Defining
r(x) := 18Ax − 27B
s(x) := −6Ax2 + 9Bx − 4A2
yields that the discriminant can be written in the form
∆ = r(x)f (x) + s(x)f 0 (x),
where r(x) and s(x) have integer coefficients.
We use this to prove that if a point and its double both have integer
coordinates, then y = 0 or y | ∆:
Proposition 2.2.14. Suppose P = (x, y) is a point on the curve E such that
both P and 2P have integer coordinates. Then either y = 0 or y | ∆.
Proof. Suppose that y 6= 0. Then 2P 6= O. By assumption, x, y, x(2P ), y(2P ) ∈
Z. The duplication formula yields:
2x + x(2P ) = λ2 − A
f 0 (x)
.
λ=
2y
Since x, x(2P ) and A are integers, we can see that λ is as well, so that
2y | f 0 (x) and y | f 0 (x). Now
∆ = r(x)f (x) + s(x)f 0 (x).
The coefficients of r and s are integers and so r and s take integer values
when x is an integer. Therefore, y divides ∆.
This has given us a method to find some of the torsion points on an
elliptic curve, which is summed up in the following versions of the NagellLutz Theorem.
Theorem 2.2.15 (Nagell-Lutz Theorem). Let E be an elliptic curve with
A, B ∈ Z. Let P = (x, y) be a rational point of finite order. Then x, y ∈ Z
and either y = 0, in which case P has order 2, or y | ∆.
Proof. By Corollary 2.2.12, we know that points of finite order have integer
coordinates. If P has order 2, then y = 0, in which case we are done. So
consider the case 2P 6= O. We know 2P has finite order, and so integer
coordinates. Then Proposition 2.2.14completes the proof.
30
CHAPTER 2. ELLIPTIC CURVES
Theorem 2.2.16 (Stronger form of the Nagell-Lutz Theorem). Let E be an
elliptic curve with A, B ∈ Z. Let P = (x, y) be a rational point of finite order
with y 6= 0. Then y 2 | ∆.
Proof. By Theorem 2.2.15, we have that y | ∆. But then, by Proposition
2.2.8, ∆ is a product of squares, so that, for any prime p1 that divides ∆, we
also have p21 | ∆. So, since y | ∆, y 2 | ∆ and we have the result.
Armed with this theorem, we can now find the rational points of finite
order in a finite number of steps. We start by considering the finite number
of y-values such that y 2 | ∆ and substituting each in turn into f (x). Since
f (x) has integer coefficients and leading coefficient 1, any integer root will
divide B. So there are only a finite number of things to check.
Example 2.2.17 (Determining the points of finite order on an elliptic curve).
We consider the curve E : y 2 = x3 − 2. Using the strong form of the NagellLutz theorem, we consider integers y such that y 2 | ∆:
∆ = −16.27B 2
= −16.27.4
= −33 .26 .
(A = 0)
So y = ±1, ±2, ±3, ±4, ±6, ±8, ±12, ±24.
We have one point of order 1: O.
For points of order 2, y = 0, so x3 = 2, which has no integer solutions and
thus there are no points of order 2.
We have:
y = ±1 ⇒x3
y = ±2 ⇒x3
y = ±3 ⇒x3
y = ±4 ⇒x3
y = ±6 ⇒x3
y = ±8 ⇒x3
y = ±12 ⇒x3
y = ±24 ⇒x3
=3
=6
= 11
= 18
= 38
= 66
= 146
= 578.
None of these yield integer points, so there are no more points of finite order
on E.
2.2. THE TORSION SUBGROUP
31
So we can find torsion points for some elliptic curves. Remarkably,
Mazur’s Torsion Theorem (1977) [15] gives the exact possibilities for the
torsion subgroup of an elliptic curve.
Theorem 2.2.18 (Mazur’s Torsion Theorem). E(Q)tors is either:
1. Z/M Z for 1 ≤ M ≤ 10 or M = 12 or
2. Z/2Z × Z/2M Z for 1 ≤ M ≤ 4.
The proof of Mazur’s Theorem involves a study of group schemes and
Néron models. As such, it is far beyond the scope of our work here.
However, we can say something more specific about the torsion subgroup
of EN :
Example 2.2.19. For N a positive square-free integer,
EN (Q)tors = {(0 : 1 : 0), (0 : 0 : 1), (±N : 0 : 1)}
and
EN (Q)tors ∼
= Z/2Z × Z/2Z.
For a proof, see Koblitz [12].
Example 2.2.20. We give an example of each possible torsion subgroup:
Elliptic curve
y 2 = x3 + x + 3
y 2 = x3 − 1
y 2 = x3 + 36
y 2 = x3 − 174987x − 28159866
y 2 = x3 − 27x + 8694
y 2 = x3 − 432x + 8208
y 2 = x3 − 1728x + 19008
y 2 = x3 − 3483x + 121014
y 2 = x3 − 5211x + 319734
y 2 = x3 − 2799387x − 1802779146
y 2 = x3 − 17739x + 1205766
y 2 = x3 − 58347x + 3954150
y 2 = x3 − 157707x + 78888006
y 2 = x3 − 24003x + 1296702
2
y = x3 − 1386747x + 368636886
LMFDB label [14]
1976.a1
144.a3
972.a2
15.a2
15.a7
11.a3
20.a3
26.b2
42.a5
15.a5
54.b2
66.c3
90.c7
30.a6
210.e6
torsion structure
Z
Z/2Z
Z/3Z
Z/2Z × Z/2Z
Z/4Z
Z/5Z
Z/6Z
Z/7Z
Z/8Z
Z/2Z × Z/4Z
Z/9Z
Z/10Z
Z/12Z
Z/2Z × Z/6Z
Z/2Z × Z/8Z
32
2.3
CHAPTER 2. ELLIPTIC CURVES
Mordell’s Theorem
The goal of this section is to prove Mordell’s Theorem:
Theorem 2.3.1 (Mordell’s Theorem). The group E(Q) of rational points on
an elliptic curve is a finitely generated abelian group.
Now we already know that E(Q) is an abelian group from Proposition
2.1.5. The proof that it is finitely generated naturally splits into two parts:
the first is working with a height function on E(Q) (for which we largely owe
the exposition to Silverman and Tate) [17] and the second proving the Weak
Mordell-Weil Theorem (predominantly based on [9]). Once we have reached
the results needed in each of these two areas, we can bring them together in
the final proof.
2.3.1
Part 1: Height
∈ Q, where m
is in lowest terms, is:
Definition 2.3.2. The height of x = m
n
n
m
H(x) = H
n
= max{|m| , |n|} ∈ Z+ .
Proposition 2.3.3. For a fixed constant k ∈ Z+ , the set {x ∈ Q : H(x) < k}
is finite.
Proof. We have:
H(x) = H
m
<k
n
⇒ max{|m| , |n|} < k
⇒ |m| < k and
⇒ |n| < k.
So there are only finitely many possible values of m and n.
Definition 2.3.4. The height of P = (x, y) ∈ E(Q) is H(P ) := H(x).
Definition 2.3.5. The ‘small h’ height of a point P on E is
h(P ) := log H(P ) ∈ R\{0}.
2.3. MORDELL’S THEOREM
33
Definition 2.3.6. The height of O, the point at infinity, is defined as:
H(O) := 1.
Therefore:
h(O) = logH(O)
= log(1)
= 0.
Lemma 2.3.7. For each M ∈ R, {P ∈ E(Q) : h(P ) ≤ M } is finite.
This is clear, since there are only finitely many choices for the x-coordinate
(by Proposition 2.3.3) and there are only two possibilities of y-coordinate for
each x-coordinate.
Proposition 2.3.8. For P = (x, y) ∈ E(Q), x = rm2 and y =
m, n, r ∈ Z such that r > 0 and hcf(m, r) = hcf(n, r) = 1.
n
r3
for some
m
Proof. Firstly, we suppose x = M
and y = Nn in lowest terms such that
M, N > 0. We need to prove that N 2 = M 3 , which we do in two parts:
y 2 = x3 + Ax + B
n2
m3
m
⇒ 2 = 3 +A +B
N
M
M
⇒ M 3 n2 = N 2 m3 + AN 2 M 2 m + BN 2 M 3
N 2 | RHS ⇒ N 2 | M 3 n2
hcf(n, N ) = 1 ⇒ N 2 | M 3 .
(2.2)
For the reverse direction, we have M | N 2 m3 by (2.2). Since hcf(m, M ) = 1,
we get M | N 2 . Substituting back into (2.2), we find
M 2 | N 2 m3 ⇒M | N
⇒M 3 | N 2 m3
⇒M 3 | N 2 .
Therefore M 3 = N 2 . Now we are required to prove that x =
N
We have M | N from the previous. So let r = M
, giving
M3
N2
=
=M
M2
M2
N3
N3
r3 = 3 = 2 = N.
M
N
r2 =
m
r2
and y =
n
.
r3
34
CHAPTER 2. ELLIPTIC CURVES
Proposition 2.3.9. There exists a constant κ > 0, depending on A, B, such
3
that |n| ≤ κH(P ) 2 .
Proof. We start with
m n P = 2 , 3 ⇒ H(P ) = max{|m| , r2 }
r r
⇒ |m| ≤ H(P )
r2 ≤ H(P ).
Now we know that P satisfies the equation of the curve. So, substituting in,
multiplying by r6 and using the triangle inequality yields
y 2 = x3 + Ax + B
m3
m
n2
⇒ 6 = 6 +A 2 +B
r
r
r
2
3
⇒ n = m + Amr4 + Br6
⇒ n2 ≤ m3 + Ar4 m + Br6 ≤ H(P )3 + |A| H(P )3 + |B| H(P )3
p
Let κ = 1 + |A| + |B|
⇒ n2 ≤ κ2 H(P )3
3
⇒ |n| ≤ κH(P ) 2 .
Remark 2.3.10. Let P0 be a fixed rational point on E. For some finite
number of P , we can consider the differences h(P + P0 ) − 2h(P ) and choose
a κ0 larger than the finite number of values yielded. This means that, in
proving the existence of κ0 in the next lemma, it is sufficient to prove that
the inequality holds for all P in some fixed finite set.
Lemma 2.3.11. For any fixed point P ∈ E(Q), there exists a constant κ0
dependent on P0 , A, B such that for all P ∈ E(Q), h(P + P0 ) ≤ 2h(P ) + κ0 .
Proof. We shall prove the statement for P ∈
/ {P0 , −P0 , O} (which is sufficient
by previous remark). This is trivial if P0 = O. So suppose O =
6 P0 = (x0 , y0 ).
Setting P + P0 = (ξ, η) and using the formulae derived in Proposition 2.1.4
y−y0
. Rearranging, multiplying out and
gives ξ + x + x0 = λ2 where λ = x−x
0
2.3. MORDELL’S THEOREM
35
using y 2 − x3 = Ax + B yields:
ξ=
=
=
=
=
=
=
(y − y0 )2
− x − x0
(x − x0 )2
(y − y0 )2 − (x − x0 )2 (x + x0 )
(x − x0 )2
y 2 − 2y0 y + y0 2 − (x2 + x0 2 − 2x0 x)(x + x0 )
x2 − 2x0 x + x0 2
y 2 − 2y0 y + y0 2 − x3 − x0 x2 − x0 2 x − x0 3 + 2x0 x2 + 2x0 2 x
x2 − 2x0 x + x0 2
Ax + B + Ax0 + B − 2y0 y − x0 x2 − x0 2 x + 2x0 x2 + 2x0 2 x
x2 − 2x0 x + x0 2
Ax + Ax0 + 2B − 2y0 y + x0 x2 + x0 2 x
x2 − 2x0 x + x0 2
(−2y0 )y + (x0 )x2 + (A + x0 2 )x + (Ax0 + 2B)
.
x2 + (−2x0 )x + (x0 2 )
The specific constants here are irrelevant, so we just consider the equation
ξ=
c1 y + c2 x 2 + c3 x + c4
.
x 2 + c5 x + c6
We may assume c1 , c2 , c3 , c4 , c5 , c6 ∈ Z: if they are not already, we can achieve
this by multiplying the numerator and denominator of ξ by the lowest common denominator of c1 , c2 , c3 , c4 , c5 , c6 . Substituting in x = rm2 , y = rn3 and
multiplying numerator and denominator by r4 gives:
ξ=
c1 nr + c2 m2 + c3 mr2 + c4 r4
.
m2 + c5 mr2 + c6 r4
Since the numerator and denominator are both integers, this is a rational
number. It may not be in lowest terms but, if not, cancelling will reduce the
36
CHAPTER 2. ELLIPTIC CURVES
height. Therefore,
H(ξ) ≤{c1 nr + c2 m2 + c3 mr2 + c4 r4 , m2 + c5 mr2 + c6 r4 }
⇒ c1 nr + c2 m2 + c3 mr2 + c4 r4 ≤ |c1 nr| + c2 m2 + c3 mr2 + c4 r4 1
r ≤ H(P ) 2 ⇒
1
≤ c1 nH(P ) 2 + c2 m2 + |c3 mH(P )| + c4 H(P )2 3
n ≤ κH(P ) 2 ⇒
≤ c1 κH(P )2 + c2 m2 + |c3 mH(P )| + c4 H(P )2 m ≤ H(P ) ⇒
≤ c1 κH(P )2 + c2 H(P )2 + c3 H(P )2 + c4 H(P )2 ≤(|c1 κ| + |c2 | + |c3 | + |c4 |)H(P )2 .
Similarly
2
m + c5 mr2 + c6 r4 ≤ m2 + c5 mr2 + c6 r4 ≤(1 + |c5 | + |c6 |)H(P )2
⇒ H(P + P0 ) = H(ξ) ≤ max{|c1 κ| + |c2 | + |c3 | + |c4 | , 1 + |c5 | + |c6 |}H(P )2
⇒ h(P + P0 ) ≤2h(P ) + κ0 .
Lemma 2.3.12. Suppose φ(X) and ψ(X) are polynomials with integer coefficients and no common roots, and let d be the maximum of their degrees.
Then:
1. There is an integer R ≥ 1, dependent on φ and ψ, so that for any
m
∈ Q,
n
m
m hcf nd φ
, nd ψ
R
n
n
2. There exist constants κ1 , κ2 , dependent on φ and ψ, so that for any
which is not a root of ψ:
!
m
m
φ m
n
dh
− κ1 ≤ h
≤
dh
+ κ2 .
n
n
ψ m
n
m
n
Proof. (1) Preliminaries:
Note Since φ and ψ have degree at most d, we have nd φ
m
n
, nd ψ
m
n
∈ Z.
2.3. MORDELL’S THEOREM
37
Note We have φ and ψ interchangeable, so we take deg(φ) = d and deg(ψ) =
e ≤ d. So we now have:
m
d
n φ
= a0 md + a1 md−1 n + ... + ad nd
n
m
d
n ψ
= b0 me nd−e + b1 me−1 nd−e+1 + ... + be nd ,
n
with a0 , b0 6= 0.
Notation For brevity, we use:
d
m
d
n
m
Φ(m, n) := n φ
Ψ(m, n) := n ψ
n
.
Given that φ(X), ψ(X) have no common roots, they are coprime in Q[X]. So
they generate the unit ideal and thus we can find polynomials F (X), G(X)
with rational coefficients such that
F (X)φ(X) + G(X)ψ(X) = 1.
(2.3)
Let A be large enough that AF (X) and AG(X) have integer coefficients and
let D be the maximum of the degrees of F and G (bearing in mind that A
into (2.3)
and D are independent of m and n). Now, substituting X = m
n
D+d
and multiplying through by An
yields
m
m
m
m
nD AF
nd φ
+ nD AG
nd ψ
= AnD+d ,
n
n
n
n
so that
h
m i
h
m i
Φ(m, n) + nD AG
Ψ(m, n) = AnD+d .
nD AF
n
n
Now, defining γ := hcf(Φ(m, n), Ψ(m, n)) gives γ | AnD+d , since each of the
quantities in square brackets are integers.
We want to show that γ divides one fixed number which is independent of
n. So we aim to show that γ | AaD+d
, where a0 is the leading coefficient of
0
φ(X). For this, we note that γ divides Φ(m, n) and so also divides
AnD+d−1 Φ(m, n) = Aa0 md nD+d−1 + Aa1 md−1 nD+d + ... + Aad nD+2d−1 .
Every term other than the first on the right hand side contains AnD+d (which
γ divides) as a factor. So γ must divide the first term, Aa0 md nD+d−1 as
38
CHAPTER 2. ELLIPTIC CURVES
well. Therefore, γ | hcf(AnD+d , Aa0 md nD+d−1 ) and, since hcf(m, n) = 1,
γ | Aa0 nD+d−1 . Here, we have multiplied through by a0 and correspondingly
reduced the power of n.
Since γ | Aa0 nD+d−2 Φ(m, n), we can repeat the above argument to show that
γ | Aa0 nD+d−1 . We can now see a pattern and so conclude that γ | AaD+d
.
0
(2) For the upper bound, the proof is similar to that of Lemma 2.3.11.
For the lower bound, we can again exclude a finite set of rational numbers,
with the only necessary adjustment being to the constant κ1 . So we can
is not a root of φ.
assume that the rational number m
n
If r is a non-zero rational number, then directly from the definition, h(r) =
h 1r .
So we want to estimate the height of the rational number
φ m
n
ξ=
ψ m
n
nd φ m
n
= d m
n ψ n
Φ(m, n)
.
=
Ψ(m, n)
So ξ is a quotient of integers and the height H(ξ) is the maximum of the
integers |Φ(m, n)| and |Ψ(m, n)| unless they have common factors.
In (1), we proved that there is an integer R ≥ 1, independent of m and n, so
that hcf(Φ(m, n), Ψ(m, n)) | R. So our possible cancellation is bounded and
we get
1
max {|Φ(m, n)| , |Ψ(m, n)|}
R
n
m m o
1
d
= max nd φ
, n ψ
R
n
n
1 d m d m ≥
n φ
+ n ψ
.
2R
n
n
H(ξ) ≥
The last line uses the basic fact that max{a, b} ≥ 21 (a + b). We want to
d
consider the quotient of H(ξ) and H m
:
n
d m + n ψ
H(ξ)
1 nd φ m
n
n
≥
.
d
2R
max{|m|d , |n|d }
H m
n
m + ψ
1 φ m
n
.
=
m d n
2R
max{ , 1}
n
2.3. MORDELL’S THEOREM
39
From this, it seems we should look at the function f of a real variable t
defined by
|φ(t)| + |ψ(t)|
f (t) =
.
max{|t|d , 1}
As φ has degree d and ψ has degree at most d, f has a nonzero limit as |t|
tends to infinity. This limit is either |a0 | (if ψ has degree less than d) or
|a0 | + |b0 | (if ψ has degree d). So, outside some closed interval, the function
f (t) is bounded away from zero.
Inside a closed interval, on the other hand, we are looking at a continuous
function which never vanishes because (by definition) φ(X) and ψ(X) have no
common zeros. And a continuous function on a compact set (such as a closed
interval) actually assumes its maximum and minimum values. In particular,
since we know that our function is never equal to zero, its minimum value
must be positive, which proves that there is a constant C1 > 0 so that
f (t) > C1 for all real numbers t.
Applying this to the above inequality yields
C1 m d
H
.
H(ξ) ≥
2R
n
The constants C1 and R do not depend on m and n, so taking logarithms
gives
m
− κ1
h(ξ) ≥ dh
n
with κ1 = log 2R
.
C1
Lemma 2.3.13. For all P ∈ E(Q) there is a constant, κ, dependent on
a, b, c, such that h(2P ) ≥ 4h(P ) − κ.
Proof. Just as in the proof of Lemma 2.3.11, we can ignore any finite set of
points, since we can always take κ larger than 4h(P ) for all points in that
finite set. So we ignore the finitely many points satisfying 2P = O.
Let P = (x, y), 2P = (ξ, η) and f (x) := y 2 = x3 + Ax + B, so that
ξ + 2x = λ2
f 0 (x)
.
λ=
2y
Then, if we put everything over a common denominator, we get
(f 0 (x))2 − 8xf (x)
4f (x)
4
x − 2Ax2 − 8Bx + A2
=
.
4x3 + 4Ax + 4B
ξ=
40
CHAPTER 2. ELLIPTIC CURVES
Note that f (x) 6= 0 since 2P 6= O.
Thus, ξ is the quotient of two polynomials in x with integer coefficients. Since
the cubic y 2 = f (x) is non-singular by assumption, f (x) and f 0 (x) have no
common (complex) roots (as f (x) has no repeated roots). So the polynomials
in the numerator and the denominator of ξ also have no common roots.
Since h(P ) = h(x) and h(2P ) = h(ξ), we are required to prove that
h(ξ) ≥ 4h(x) − κ.
So Lemma 2.3.13 reduces to the previous lemma.
2.3.2
Part 2: The Weak Mordell-Weil Theorem
Proving the Weak Mordell-Weil Theorem for all elliptic curves in Weierstrass
Normal Form requires several more technical details. So here we employ the
simplifying assumption that E has at least one rational point of order 2.
Since we are working with Q, we can still apply all the results pertaining to
E(Q) in Lemmas 2.3.7, 2.3.11 and 2.3.13. Clearly, not every elliptic curve of
the form y 2 = x3 + Ax + B has a rational point of order 2, but any elliptic
curve of the form y 2 = x3 +ax2 +bx does, since it has the point (0, 0) of order
2. Thus, we shall temporarily work with this slightly different class of elliptic
curve. Fortunately, the congruent number elliptic curve EN is of this latter
form, so we shall prove Mordell’s Theorem for this class among others. For
the duration of this section, we use upper case letters X, Y, ... for variables
and lower case letters x, y, ... for a point (x, y). Thus, we are looking at a
curve
E 0 : Y 2 = X(X 2 + aX + b)
with a, b ∈ Z and b(a2 − 4b) 6= 0 to ensure non-singularity.
Definition 2.3.14. Let E 0 : Y 2 = X(X 2 + aX + b), where a, b ∈ Z, with
b, a2 − 4b 6= 0 and let E 0 : V 2 = U (U 2 + aU + b), where a = −2a and
b = a2 − 4b. We define φ : E 0 → E 0 and φ̂ : E 0 → E 0 by:
y 2
by
φ(x, y) =
,y − 2
x
x
1 v 2 1
bv
φ̂(u, v) =
,
v− 2
.
4 u
8
u
2.3. MORDELL’S THEOREM
41
Lemma 2.3.15. The maps φ, φ̂ are 2-to-1 homomorphisms, each with kernel
{O, (0, 0)}. Since φ, φ̂ are defined over Q, we also have φ : E 0 (Q) → E 0 (Q)
and φ̂ : E 0 (Q) → E 0 (Q).
Proof. Let P = (x, y) be a point on E 0 , and let P1 = (x, y) + (0, 0) = (x1 , y1 ).
Define T(0,0) by:
T(0,0)
T(0,0) : C → C
: (x, y) 7→ (x, y) + (0, 0) = (x1 , y1 ),
for any elliptic curve C. That is, P 7→ P +(0, 0). We calculate x1 , y1 in terms
of x, y. When (x, y) = (0, 0), we have T(0,0) 7→ O, since (0, 0) is of order 2.
When x 6= 0, we start by finding the line through (0, 0) and (x, y): Y = xy X.
Substituting this into E gives:
y 2
x
X 2 = X(X 2 + aX + b)
y 2 X 2 = x2 X 3 + ax2 X 2 + bx2 X
x(x2 + ax + b)X 2 = x2 X 3 + ax2 X 2 + bx2 X
0 = xX 3 − (x2 + b)X 2 + bxX (since x 6= 0).
So we have X(X − x)(xX − b) = 0. The roots of this cubic are:
X = 0,
X = x,
X=
b
.
x
The line Y = xy X intersects E 0 at (0, 0), (x, y), xb , xby2 (since X = xb gives
Y = xby2 ) and so (x, y) + (0, 0) = xb , − xby2 = (x1 , y1 ), where x1 = xb and
y1 = − xby2 .
We want to construct a 2-to-1 map φ from E 0 to another curve E 0 such that
φ(P + (0, 0)) = φ(P ) for any P . We want expressions in x, y, call them
λ(x, y), µ(x, y), such that P = (x, y) and P + (0, 0) = (x1 , y1 ) map to the
42
CHAPTER 2. ELLIPTIC CURVES
same (λ, µ). So we define
λ : = x + x1 + a
b
=x+ +a
x
2
x(x + ax + b)
=
x2
2
y
= 2
x
y 2
=
;
x
µ : = y + y1
by
= y − 2.
x
Both λ, µ are invariant under T(0,0) . We have a map from E 0 , given by
by
y 2
,y − 2 ,
(x, y) 7→ (λ, µ) =
x
x
which we call φ. We want to find the new curve E 0 which this maps to, so
we look for the equation satisfied by λ and µ:
2
by
2
µ = y− 2
x
2
y
b
=
x−
x
x
2
y 2 b
x−
=
x
x
b2
2
= λ x − 2b + 2
x
b2
2
= λ x + 2b + 2 − 4b
x
!
2
b
=λ
x+
− 4b
x
= λ (λ − a)2 − 4b
= λ(λ2 − 2aλ + a2 − 4b).
So (λ, µ) is a point on the curve E 0 : V 2 = U (U 2 + aU + b), where a = −2a
and b = a2 − 4b. The map φ is a rational map and basic checks show it is a
2.3. MORDELL’S THEOREM
43
homomorphism, with kernel {O, (0, 0)}.
0
We can go through the same motions with E , taking (u, v) 7→
v 2
u
,v −
bv
u2
from E 0 to the curve
Y 2 = X(X 2 − 2aX + a2 − 4b)
= X(X 2 + 4aX + 16b).
That is:
Y2
X X 2 4aX 16b
=
+
+
64
4 16
16
16
2
aX
X X
+
+b
=
4 16
4
!
2
2
Y
X
X
X
⇒
=
+a
+b .
8
4
4
4
So the map φ̂ : (u, v) 7→
1
4
v 2
u
, 18 v −
bv
u2
is a map from E 0 back to E 0 .
The properties are the same as for φ, so that φ̂ is a homomorphism with
kernel {O, (0, 0)}.
For brevity, we introduce the notation G for E 0 (Q) and H for E 0 (Q). We
shall use these two types of notation interchangeably.
Definition 2.3.16. We define the map q : H → Q∗ /(Q∗ )2 by:


when u 6= 0;
u,
q(u, v) = b = a2 − 4b, when u = 0;


1,
when (u, v) = O.
Definition 2.3.17. We define q̂ : G → Q∗ /(Q∗ )2 by:


when x 6= 0;
x,
2
q̂(x, y) = b = a − 4b, when x = 0;


1,
when (x, y) = O.
44
CHAPTER 2. ELLIPTIC CURVES
Lemma 2.3.18. Let (u, v) be a point on E 0 with u 6= 0. Let
1
u + u− 2 v − a
,
x1 =
2
1
y1 = u 2 x1
1
1
u 2 (u + u− 2 v − a)
;
=
2
1
u − u− 2 v − a
x2 =
,
2
1
y2 = −u 2 x1
1
1
−u− 2 (u − u− 2 v − a)
.
=
2
Then φ(x1 , y1 ) = φ(x2 , y2 ) = (u, v).
Proof. We shall see that we can formally invert
(u, v) = φ(x, y)
y 2
by
=
,y − 2 .
x
x
2
1
Since u = xy , we have xy = ±u 2 . Without loss of generality, we say for the
1
moment xy = u 2 . We also have
u
1
− 12
by
y− 2
x
b
=x− ,
x
y 2
u=
x
y2
= 2
x
x(x2 + ax + b)
=
x2
b
=x+a+
x
x
v=
y
and so: u− 2 v +u = 2x+a. Solving for x, y then gives the required preimages.
2.3. MORDELL’S THEOREM
45
Lemma 2.3.19. Let (u, v) ∈ H. Then:
(u, v) ∈ φ(G) ⇐⇒ u ∈ (Q∗ )2 or {u = 0 and a2 − 4b ∈ (Q∗ )2 }.
Proof. Case 1: u 6= 0. From the expressions in Lemma 2.3.18 for (x1 , y1 ), (x2 , y2 )
1
such that φ(x1 , y1 ) = φ(x2 , y2 ) = (u, v), which are in terms of u, v, u 2 , we see
that:
1
(u, v) ∈ φ(G) ⇐⇒ u 2 ∈ Q ⇐⇒ u ∈ (Q∗ )2 .
Case 2: u = 0. The expressions in Lemma 2.3.18 do not apply here. But we
know that φ(α1 , 0) = φ(α2 , 0) = (0, 0), where
√
a2 − 4b
√2
−a − a2 − 4b
α2 =
2
α1 =
−a +
denote the roots of X 2 + aX + b. Hence:
(0, 0) ∈ φ(G) ⇐⇒ α1 or α2 ∈ Q ⇐⇒ a2 − 4b ∈ (Q∗ )2 , as required.
Lemma 2.3.20. The map q : H → Q∗ /(Q∗ )2 from Definition 2.3.16 is a
homomorphism with kernel φ(G) (so that the induced map q : H/φ(G) →
Q∗ /(Q∗ )2 is an injective homomorphism).
Proof. We only show that q(P +Q) = q(P )q(Q) in the typical case when none
of P, Q, P + Q are (0, 0) or O. Let (u1 , v1 ), (u2 , v2 ), (u3 , v3 ) be three points
on H = E 0 (Q) which sum to O (so that (u1 , v1 ) + (u2 , v2 ) = (u3 , −v3 )).
Then these are the three points of intersection between E 0 and some line
defined over Q: V = nU + m, say. Substituting V = nU + m into E 0 gives:
U (U 2 + aU + b) − (nU + m)2 , whose three roots must be u1 , u2 , u3 . That is:
U (U 2 + aU + b) − (nU + m)2 = (U − u1 )(U − u2 )(U − u3 ). Equating constant
terms gives: u1 u2 u3 = m2 = 1 in Q∗ /(Q∗ )2 , and so u1 u2 = u13 = u3 in
Q∗ /(Q∗ )2 . Therefore, by the definition of q we have: q((u1 , v1 ))q((u2 , v2 )) =
q((u3 , −v3 )) = q((u1 , v1 ) + (u2 , v2 )), so that q is a homomorphism.
The fact that ker(q) = φ(G) follows immediately from Lemma 2.3.19.
46
CHAPTER 2. ELLIPTIC CURVES
Lemma 2.3.21. The map q : H → Q∗ /(Q∗ )2 has finite image. Indeed, if
r ∈ Q∗ /(Q∗ )2 is written as a square-free integer, then r ∈ im(q) ⇒ r | b.
Under q, H/φ(G) is isomorphic to the subgroup of Q∗ /(Q∗ )2 consisting of all
square-free integers r | b such that
b
4
2 2
Wr : rl + al m +
m4 = n2 ,
r
for some l, m, n ∈ Z, not all 0, with hcf(l, m) = 1. When this is satisfied,
2
there is a point (u, v) ∈ H such that q(u, v) = r, satisfying u = r ml .
Proof. Let r ∈ Q∗ /(Q∗ )2 such that r ∈ im(q) and r ∈ Z, with r square-free.
The aim is to prove that r | b. Suppose r = q(u, v), where (u, v) ∈ H, which
must exist since r ∈ im(q). Then
r = q(u, v)
=u
≡ u2 + au + b (mod Q∗ /(Q∗ )2 )
(since u(u2 + au + b) = v 2 ). So r, u, u2 + au + b are all the same modulo
squares, meaning we can write:
u2 + au + b = rs2
u = rt2 ,
for some s, t ∈ Q. Hence,
(rt2 )2 + a(rt2 ) + b = rs2 .
Let t =
l
,
m
where l, m ∈ Z and hcf(l, m) = 1. Then we have:
r2 l4 arl2
+ 2 + b = rs2
4
m
m
⇒ r2 l4 + arl2 m2 + bm4 = r(m2 s)2 .
Now, a, b, r, l, m ∈ Z, so r2 l4 + arl2 m2 + bm4 ∈ Z, and the right hand side,
r(m2 s)2 , must be as well. Since r is square-free, we must have m2 s ∈ Z. We
define n := m2 s ∈ Z, so our equation becomes:
r2 l4 + arl2 m2 + bm4 = rn2 ,
(2.4)
for some l, m, n ∈ Z with hcf(l, m) = 1.
Note that dividing both sides by r then yields Wr in the statement of the
2.3. MORDELL’S THEOREM
47
lemma. So we know that r is square-free and we are required to prove that
r | b. It is sufficient to show, for any prime p, that p | r ⇒ p | b.
So we suppose, for some prime p, that p | r and p - b. Then p | r2 l4 , arl2 m2 , rn2
and so, by (2.4), we have that p | bm4 . Thus, p - b gives that p | m. Further, since we now have p | r, m, we know p2 | r2 l4 , arl2 m2 , bm4 . Thus, by
(2.4), p2 | rn2 so, since r is square-free, p | n. Thus, we now have p | r, m, n
and therefore p3 | arl2 m2 , bm4 , rn2 . Then, by (2.4), p3 | r2 l4 and, since r is
square-free, p | l. Thus, a contradiction is reached, since p | l and p | m but
hcf(l, m) = 1.
Therefore, we have that p | r ⇒ p | b for any prime p. Since r is square-free,
r | b.
Lemma 2.3.22. The map q̂ : G → Q∗ /(Q∗ )2 from Definition 2.3.17 has
finite image. Indeed, if r ∈ Q∗ /(Q∗ )2 is written as a square-free integer,
then r ∈ im(q̂) ⇒ r | b. Under q̂, G/φ̂(H) is isomorphic to the subgroup of
Q∗ /(Q∗ )2 consisting of all square-free integers r | b such that
b
4
2 2
Ŵr : rl + al m +
m4 = n2 ,
r
for some l, m, n ∈ Z, not all 0, with hcf(l, m) = 1. When Ŵr , there is a
2
point (x, y) ∈ G such that q̂(x, y) = r, satisfying X = r ml .
Proof. This is proved by exactly the same argument as Lemma 2.3.21.
Lemma 2.3.23. We have that G/φ̂(H) and H/φ(G) are isomorphic to finite
groups.
Proof. This follows directly from Lemma 2.3.21 and Lemma 2.3.22.
Theorem 2.3.24. Both G/φ̂(H) and H/φ(G) are finite.
Proof. This follows immediately from Lemma 2.3.23.
Throughout this section, T refers to the ‘multiplication by 2’ map.
Lemma 2.3.25. The compositions φ̂ ◦ φ and φ ◦ φ̂ are the ‘multiplication by
2’ maps T on E 0 and E 0 respectively.
Proof. If we let
√
a2 − 4b
√2
−a − a2 − 4b
α2 :=
2
α1 :=
−a +
48
CHAPTER 2. ELLIPTIC CURVES
denote the roots of X 2 + aX + b, then φ((α1 , 0)) = φ((α2 , 0)) = (0, 0), so the
kernel of φ̂ ◦ φ consists precisely of the 2-torsion of E 0 : {O, (0, 0), (α1 , 0), (α2 , 0)}.
Now we consider φ̂ ◦ φ:
y 2
by
,y − 2
φ̂ ◦ φ(x, y) = φ̂
x
x



!2
by
by
by b y − x2 
1
 1 y − x2
=
, y − 2 − 2
2 
y
4
8
x
y 2
x
x
which, after lengthy calculations, yields the duplication point for E 0 : y 2 =
x3 + ax2 + bx:
=
x4 − 2bx2 + b2 x4 − 2bx2 + b2
,
4y 2
4y 2
.
We can prove this in just the same way for φ ◦ φ̂.
Theorem 2.3.26 (Weak Mordell-Weil Theorem). The quotient group (E 0 (Q) :
2E 0 (Q)) is finite.
Proof. We know from Theorem 2.3.24 that (G/φ̂(H)) and (H/φ(G)) are finite,
so let (G/φ̂(H)) = {g1 , ..., gk } and (H/φ(G)) = {h1 , ..., hl }. Let g ∈ G. We
can write g as:
g = gi + φ̂(h), for some gi ∈ {g1 , ..., gk }, h ∈ H
= gi + φ̂(hj + φ(g 0 )), for some hj ∈ {h1 , ..., hl }, g 0 ∈ G
= gi + φ̂(hj ) + φ̂(φ(g 0 )) (since φ̂ is a homomorphism)
= gi + φ̂(hj ) + 2g 0 (since φ̂ ◦ φ = T )
= gi + φ̂(hj ) in G/2G.
Hence (E 0 (Q)/2E 0 (Q)) is a subset of {gi + φ̂(hj ) : 1 ≤ i ≤ k, 1 ≤ j ≤ l},
which is finite, and so (E 0 (Q)/2E 0 (Q)) is finite.
2.3.3
Mordell’s Theorem at last
The material in this subsection is owed in parts to Koblitz [12], Brown [4]
and Silverman and Tate [17].
2.3. MORDELL’S THEOREM
49
Theorem 2.3.27. E 0 (Q) is finitely generated.
Proof. We know that E 0 (Q)/2E 0 (Q) is finite by Theorem 2.3.26, so let
E 0 (Q)/2E 0 (Q) = S = {Q1 , ..., Qr } ⊂ E 0 (Q).
Let P be any element of E 0 (Q). Then P = Qi1 , in E 0 (Q)/2E 0 (Q) for some
Qi! ∈ S and so we can write: P = P0 = 2P1 + Qi1 , for some P1 ∈ E 0 (Q).
Inductively, continue to write:
P1 = 2P2 + Qi2 ,
P2 = 2P3 + Qi3 ,
...,
where each Pj ∈ E 0 (Q) and each Qij ∈ S. Now:
1
h(Pj ) ≤ (h(2Pj ) + κ) (Lemma 2.3.13)
4
1
= (h(Pj−1 − Qij ) + κ
4
1
≤ (2h(Pj−1 ) + C10 + κ) (Lemma 2.3.11)
4
where κ00 = max{κ0 (−Q) : Q ∈ S}. So, if h(Pj−1 ) >
(κ00 +κ)
2
then:
1
h(Pj ) < (2h(Pj−1 ) + 2h(Pj−1 )) = h(Pj−1 ).
4
(κ0 +κ)
Imagine h(Pj ) > 02 for all j. Then the sequence h(P0 ), h(P1 ), h(P2 ), ...
would be strictly decreasing, giving infinitely many distinct members of
E 0 (Q) with height ≤ h(P0 ), which would contradict Lemma 2.3.7. This
(κ0 +κ)
contradiction shows that there must exist an n such that h(Pn ) ≤ 02 . So,
we can write
P0 = 2P1 + Qi1
= 2(2P2 + Qi2 ) + Qi1
= ...
and after n steps P0 will be written as a linear combination of Pn and memκ0 +κ
bers of S. Let T = {Q ∈ E 0 (Q) : h(Q) ≤ 02 }. We have shown (since
Pn ∈ T ) that any P0 ∈ E 0 (Q) is a linear combination of members of S ∪ T .
Furthermore, T is finite, by Lemma 2.3.7. In conclusion, E 0 (Q) is generated
by the finite set S ∪ T , and so is finitely generated.
50
CHAPTER 2. ELLIPTIC CURVES
Theorem 2.3.28 (The Fundamental Theorem of finitely generated abelian
groups). Let A be a finitely generated abelian group. Then it is isomorphic
to a group of the form
A∼
= Zm ⊕ Zp1 ν1 ⊕ Zp2 ν2 ⊕ ... ⊕ Zps νs ,
where Z denotes the additive group of integers, Zm denotes the cyclic group
Z
of integers (mod m), the pi are primes and the νj are natural numbers.
mZ
The proof is lengthy and easily found [7], so we do not produce it here.
We now have all the results necessary to prove Mordell’s Theorem.
Theorem 2.3.29 (Mordell’s Theorem). If E 0 : y 2 = x3 +ax2 +bx (a, b ∈ Z) is
an elliptic curve, then the group of rational points E 0 (Q) is a finitely generated
abelian group and E 0 (Q) ∼
= E 0 (Q)tors ⊕ Zr .
Proof. This follows from Theorem 2.3.28, Theorem 2.3.27 and Proposition
2.1.5.
Definition 2.3.30. The algebraic rank of an elliptic curve is the r in
E 0 (Q) ∼
= E 0 (Q)tors ⊕ Zr .
So we can see that the algebraic rank of E 0 is the number of independent
non-torsion points.
Corollary 2.3.31. A natural number N is a congruent number if and only
if the algebraic rank, r, of EN (Q) is non-zero.
Proof. Forwards direction: Recall from Chapter 1 that a right angled triangle
with rational sides and area N corresponds to a rational point on EN with
x-coordinate in (Q∗ )2 . The x-coordinates of the (non-trivial) points of order
2 are 0 and ±N , so there must be a rational point other than those of order
2. By Example 2.2.19, this point has infinite order, so r ≥ 1.
Backwards direction: Suppose P = (x1 , y1 ) is a point of infinite order. The
x-coordinate of 2P ,
x41 + 2N 2 x21 + N 4
4y12
2
2
x1 + N 2
=
2y1
x(2P ) =
is the square of a rational number with even denominator. By Theorem 1.5.5,
2P corresponds to a right-angled triangle with rational sides and area N (by
the correspondence in Theorem 1.2.3.
2.4. EXAMPLES: CALCULATING THE ALGEBRAIC RANK
2.4
51
Examples: calculating the algebraic rank
We have turned the problem of determining if a number is congruent into a
problem about the algebraic rank of an elliptic curve. In general, no algorithm (procedure guaranteed to terminate in a finite number of steps) exists
for computing the algebraic rank, but nevertheless, we can compute it in a
number of examples. Since congruent number curves always fall into this category, we restrict our attention to curves of the form E 0 : y 2 = x3 + bx. This
section relies heavily on Silverman and Tate [17], together with my workings
of their and my examples (sometimes with the aid of SageMathCloud [19]).
We have already shown that the group E 0 (Q) of rational points on the
curve E 0 : y 2 = x3 + bx is a finitely generated abelian group. So, by the
fundamental theorem on abelian groups, E 0 (Q) is isomorphic, as an abstract
group, to a direct sum of infinite cyclic groups and finite cyclic groups of
prime power order. Then, from Theorem 2.3.28, we know that E 0 (Q) looks
like
E 0 (Q) ∼
= Zr ⊕ Zp1 ν1 ⊕ Zp2 ν2 ⊕ ... ⊕ Zpn νn .
This means that there are generators P1 , ..., Pr , Q1 , ..., Qr ∈ E(Q) such that
every P ∈ E 0 (Q) can be written in the form
P = n1 P1 + ... + nr Pr + m1 Q1 + ... + ms Qs ,
for ni , mi ∈ Z. Here the integers ni are uniquely determined by P , whilst
ν
the integers mj are determined mod pj j .
We note that the group E 0 (Q) is finite if and only if it has algebraic rank
r = 0. The subgroup
Zp1 ν1 ⊕ Zp2 ν2 ⊕ ... ⊕ Zpn νn
has order pν11 pν22 ...pνnn and corresponds to the elements of finite order in E 0 (Q).
Clearly, the points P1 , ..., Pr , Q1 , ..., Qs are not unique, but rather there are
many possible choices of generators for E 0 (Q).
The proof of Mordell’s Theorem, in some cases, will allow us to determine
the quotient group E 0 (Q)/2E 0 (Q). The subgroup 2E 0 (Q) is of the form
2E 0 (Q) ∼
= 2Z ⊕ ... ⊕ 2Z ⊕ 2Zp1 ν1 ⊕ 2Zp2 ν2 ⊕ ... ⊕ 2Zpn νn .
So the quotient group has the form
Z
Zp1 ν1
Zpn νn
E 0 (Q) ∼ Z
⊕ ... ⊕
⊕
⊕ ... ⊕
.
=
0
2E (Q)
2Z
2Z 2Zp1 ν1
2Zpn νn
52
Now
CHAPTER 2. ELLIPTIC CURVES
Z
2Z
= Z2 is cyclic of order 2, whereas
(
ν
Zp1 1 ∼ Z2 , if pi = 2;
=
2Zp1 ν1
0,
if pi =
6 2.
Therefore, (E 0 (Q) : 2E 0 (Q)) = 2r+(number of j with pj = 2) .
Now we let E 0 (Q)[2] denote the subgroup of E 0 (Q) of points with order 2. In
order to ascertain what E 0 (Q)[2] looks like, we need to know when
2(n1 P1 + ... + nr Pr + m1 Q1 + ... + ms Qs ) = 0.
ν
This is the case when ni = 0 for each i and 2mj ≡ 0 (mod pj j ). If p is odd
and 2m ≡ 0 (mod pν ), then m ≡ 0 (mod pν ). However, if p = 2 and 2m ≡ 0
(mod pν ), then we only get that m ≡ 0 (mod pν−1 ). So the order of the
subgroup E 0 (Q)[2] is
E 0 (Q)[2] = 2(number of j with pj = 2) .
By combining these two formulae, we obtain
(E 0 (Q) : 2E 0 (Q)) = 2r |E 0 (Q)[2]| .
This formula holds for any finitely generated abelian group of rank r.
Considering the possibilities for |E 0 (Q)[2]| we see that, aside from O, the
points with order 2 are those with y = 0, so we can see from the equation
for the curve that
(
2, if −4b is not a square;
#E 0 (Q)[2] =
4, if −4b is a square.
Now we just need the last step in the proof of Mordell’s Theorem to get a
formula such that we can compute the rank in some cases. We have homomorphisms φ : G → H and φ̂ : H → G such that the composition φ̂ ◦ φ is
multiplication by 2. Therefore,
(G : 2E 0 (Q)) = (G : φ̂ ◦ φ(G)).
We have the inclusion of subgroups G ⊇ φ̂(H) ⊇ 2G and thus
(G : 2G) = (G : φ̂(H))(φ̂(H) : φ̂ ◦ φ(G)).
Our aim is to analyse this last index (φ̂(H) : φ̂(φ(G))). We have that H is an
abelian group and φ(G) is a subgroup of finite index in H. Similarly, φ̂(H)
2.4. EXAMPLES: CALCULATING THE ALGEBRAIC RANK
53
is a subgroup of G. So the index we are looking at is (φ̂(H) : φ̂(φ(G))).
The standard isomorphism theorems from elementary group theory give that
H
φ̂(H) ∼
=
φ̂(φ(G))
φ(G) + ker(φ̂)
∼
=
H
φ(G)
φ(G)+ker(φ̂)
φ(G)
∼
=
H
φ(G)
ker(φ̂)
(ker(φ̂)∩φ(G)
.
Together with the formula for (E 0 (Q) : 2E 0 (Q)) from earlier, this gives
(G : 2G) =
(G : φ̂(H)(H : φ(G))
(ker(φ̂) : ker(φ̂) ∩ φ(G))
.
But we have already found that (0, 0) ∈ φ(E(Q)) if and only if b = −4b is a
square (that is, −b is a square), so
(
2, if b1 is not a square;
(ker(φ̂) : ker(ψ) ∩ φ(E 0 (Q))) =
1, if b1 is not a square.
This yields
2r =
=
(E 0 (Q) : 2E 0 (Q))
#E 0 (Q)[2]
(E 0 (Q) : φ̂(E 0 (Q)))(E 0 (Q) : φ(E 0 (Q))
.
4
So now, to compute this, we recall the method we used to prove the indices
in the numerator are finite. In 2.3.17, there was a homomorphism
q̂ : E 0 (Q) −→
Q∗
,
(Q∗ )2
with q̂((0, 0)) = b (mod (Q∗ )2 ). From earlier working, the kernel of q̂ is equal
to the image φ̂(E 0 (Q)) and so the image of q̂ is isomorphic to
E 0 (Q)
q̂(E 0 (Q)) ∼
=
ker(q̂)
E 0 (Q)
∼
.
=
φ̂(E 0 (Q))
54
CHAPTER 2. ELLIPTIC CURVES
Hence, (E 0 (Q) : φ̂(E 0 (Q))) = #q̂(E 0 (Q)).
∗
Similarly, using the analogous homomorphism q : E 0 (Q) −→ (QQ∗ )2 gives that
(E 0 (Q) : φ(E 0 (Q))) = #q(E 0 (Q)). So we find an alternative formula for the
rank of E 0 (Q):
#q̂(E 0 (Q))#q(E 0 (Q))
2r =
.
4
We can now determine the rank in some cases. In order to determine
the image q̂(E 0 (Q)), we need to find out which rational numbers, modulo
squares, can occur as the x-coordinates of points in E 0 (Q). So we write
m
e2
n
y= 3
e
x=
in lowest terms with e > 0.
If m = 0, then (x, y) = (0, 0) and q̂((0, 0)) = b. Thus b (mod (Q∗ )2 ) is
always in q̂(E 0 (Q)). If −4b is a square, say
−4b = d2 , then E 0 (Q) has two
, 0 . So if −4b = d2 , then q̂(E 0 (Q))
other points of order 2: d2 , 0 and −d
2
±d
contains 2 . Now we look at the points with m, n 6= 0. These points satisfy
n2 = m3 + bme4
= m(m2 + be4 ).
Now m and m2 + be4 are practically coprime. We can see this by considering
the above equation: the square n2 is expressed as a product of two integers.
If m and m2 + be4 were coprime, then each of them would be plus or minus
a square, and so x = em2 would be plus or minus the square of a rational
number. In the general case, let
h := hcf(m, m2 + be4 ).
Then h divides both m and be4 . But m and e are coprime, since x is in
lowest terms by assumption. Therefore, h | b. Since also n2 = m(m2 + be4 ),
we deduce that every prime dividing m appears to an even power except
possibly for the primes dividing b.
So now we let β1 := ± hcf(m, b), where we choose the sign such that mβ1 > 0.
Now we may write
m = β1 m1
b = β1 β2
2.4. EXAMPLES: CALCULATING THE ALGEBRAIC RANK
55
with hcf(m1 , β2 ) = 1 and m1 > 0. Substituting in the equation of the curve
gives
n2 = β1 m1 (β12 m21 + β1 β2 e4 ) = β12 m1 (β1 m21 + β2 e4 ).
Thus, β12 | n2 , so β1 | n and we write n := β1 n1 . Hence,
n21 = m1 (β1 m21 + β2 e4 ).
Since hcf(β2 , m1 ) = hcf(e, m1 ) = 1, we see that m1 and β1 m21 + β2 e4 are
coprime. Their product is a square and m1 > 0, so each of them is a square.
Hence we can factor n1 as n1 = LM so that
L2 = β1 m21 + β2 e4
M 2 = m1 .
Now eliminating m1 gives
L2 = β1 M 4 + β2 e4 ,
which completes our findings. So, given a point (x, y) ∈ E 0 (Q) with y 6= 0,
then it can be put into the form
β1 M 2 β1 LM
(x, y) =
,
.
e2
e3
This means that, modulo squares, the x-coordinate of any point on the curve
is one of the values of β1 . So, since β1 is a divisor of the non-zero integer b,
there are only a finite number of possibilities for β1 . We can now find the
order of q̂(E 0 (Q)). Taking the integer b, we factor it into a product b = β1 β2
in all possible ways and, in each case, we have the equation
L2 = β1 M 4 + β2 e4 ,
treating b, β1 , β2 as fixed and M, e, N as variables. Then q̂(E 0 (Q)) consists
of b (mod Q∗ ) such that the equation has a solution with M 6= 0. Further,
since x and y are in lowest terms, we have that
hcf(M, e) = hcf(L, e)
= hcf(β1 , e)
= 1.
56
CHAPTER 2. ELLIPTIC CURVES
Similarly, by the assumption that hcf(β2 , m1 ) = 1, we have that
hcf(β2 , M ) = hcf(L, M )
= 1.
So any solutions must also satisfy these conditions. If we find such a solution
(L, M, e), this yields a point in E 0 (Q) by the earlier formulae for x and y.
The current issue with this method is that we have no way of determining
whether or not the key equations have solutions, but we compute the rank
in some simpler cases.
We revisit Fermat’s result (Theorem 1.4.2) and show that 1 is not a
congruent number by computing the rank of the elliptic curve y 2 = x3 − x:
Example 2.4.1. Consider E1 : y 2 = x3 − x. So we have E 1 : y 2 = x3 + 4x
and β1 | b ⇒ β1 = ±1:
1. L2 = M 4 − e4
2. L2 = −M 4 + e4
We see that (1) has the solution (L, M, e) = (1, 1, 0) and that (2) has the
solution (L, M, e) = (0, 1, 1). Therefore, #q̂(E1 (Q)) = 2.
Considering E 1 , we have β1 = ±1, ±2, ±4, giving β1 ≡ ±1, ±2 (mod (Q∗ )2 ) :
1. L2 = M 4 + 4e4
2. L2 = −M 4 − 4e4
3. L2 = 2M 4 + 2e4
4. L2 = −2M 4 − 2e4 .
Now (1) has the solution (L, M, e) = (1, 1, 0) and (3) has the solution
(L, M, e) = (2, 1, 1). Further, (2) and (4) clearly have no solutions. Therefore, #q(E 1 (Q)) = 2.
#q̂(E1 (Q))#q(E 1 (Q))
4
=1
r = 0.
2r =
2.4. EXAMPLES: CALCULATING THE ALGEBRAIC RANK
57
Example 2.4.2. Consider E5 : y 2 = x3 − 25x. We have E 5 : y 2 = x3 + 100x
and so β1 = ±1, ±5, ±25. Thus, β1 = ±1, ±5 (mod (Q∗ )2 ).
1. L2 = M 4 − 25e4
2. L2 = −M 4 + 25e4
3. L2 = 5M 4 − 5e4
4. L2 = −5M 4 + 5e4 .
We see the solutions: (1) (L, M, e) = (1, 1, 0), (2) (L, M, e) = (3, 2, 1), (3)
(L, M, e) = (0, 1, 1) and (4) (L, M, e) = (0, 1, 1). Therefore, #q̂(E5 (Q)) = 4.
Considering E 5 , we have that β1 = ±1, ±2, ±4, ±5, ±10, ±20, ±25, ±50, ±100,
giving β1 ≡ ±1, ±2, ±5, ±10 (mod (Q∗ )2 ) :
1. L2 = M 4 + 100e4
2. L2 = −M 4 − 100e4
3. L2 = 2M 4 + 50e4
4. L2 = −2M 4 − 50e4
5. L2 = 5M 4 + 20e4
6. L2 = −5M 4 − 20e4
7. L2 = 10M 4 + 10e4
8. L2 = −10M 4 − 10e4 .
We see that (1) has the solution (L, M, e) = (1, 1, 0) and (5) has the solution
(L, M, e) = (5, 1, 1). Again, (2), (4), (6) and (8) have no solutions.
We consider (3) modulo 5: L2 ≡ 2M 4 . Squares modulo 5 are 0,1,4. So there
are no nontrivial solutions to this equation and so no coprime solutions to
(3).
Instead of directly solving (7), we first observe that q(E 5 (Q)) is a subgroup
of Q∗ /(Q∗ )2 , and we already know that 5 is in the subgroup (the result of
solving (5)) but 2 is not (the result of finding no coprime solutions to (3)),
so these results together give us that 10 is not. Therefore, (7) doesn’t have
solutions.
58
CHAPTER 2. ELLIPTIC CURVES
Therefore, #q(E 5 (Q)) = 2.
#q̂(E5 (Q))#q(E 5 (Q))
4
=2
⇒ r = 1.
2r =
This proves that 5 is congruent, since E5 has non-zero rank.
We begin to see from this method that it is, in general, very difficult to
calculate the algebraic rank of an elliptic curve. So it seems we need a way
of turning the congruent number problem into a problem about something
else.
The Birch and Swinnerton-Dyer Conjecture says that the algebraic rank
of an elliptic curve, r, is the same as the analytic rank, ran (which we define
in the next chapter). So, by the BSD Conjecture, our congruent number
problem is now equivalent to finding a criterion by which we can decide
whether, for a given curve EN , the analytic rank is non-zero. We shall look
at the analytic rank in more detail in the next chapter.
Chapter 3
The Birch and
Swinnerton-Dyer Conjecture
3.1
The L-function
In this section, we describe how to compute the L-function of an elliptic
curve. The exposition is predominantly from Koblitz [12] and Stein [18].
For each prime number p - ∆, the equation E : y 2 = x3 + Ax + B reduces
eFp (sometimes simply denoted E)
e over
modulo p to define an elliptic curve E
the finite field Fp . We can see this since, if p | ∆, then the discriminant is
congruent to 0 in the field Fp and, thus, by Proposition 2.2.8, two of the
roots are the same and we have a singularity.
Definition 3.1.1. If p - ∆, we say the elliptic curve E has good reduction at
p and p is a good prime. If p | ∆, then E has bad reduction at p and p is a
bad prime.
Proposition 3.1.2. The elliptic curve EN is an elliptic curve when reduced
over any field K such that char(K) - 2N .
Proof. For y 2 = x3 −N 2 x, ∆ = −16.4N 6 . Therefore, the only primes dividing
∆ are 2 and any primes dividing N . So p is a prime of good reduction for
EN so long as p - 2N .
We introduce the notation ap to denote the following quantity:
e p ).
ap := p + 1 − #E(F
By a generalisation of Theorem 2.1.5 to E(F ) for any field F , E(Fp ) is
an abelian group. Further, the group is finite, since it is contained in P2 (Fp ),
the set of points in the projective plane.
We let E : y 2 = x3 + Ax + B have roots α1 , α2 , α3 .
59
60CHAPTER 3. THE BIRCH AND SWINNERTON-DYER CONJECTURE
Definition 3.1.3. When all three roots coincide, α1 = α2 = α3 , the singularity at (α1 , 0) is a cusp. When only two of the roots coincide, for example,
if α1 = α2 and α3 6= α1 , then (α1 , 0) is a node.
Definition 3.1.4. p is a prime of additive reduction when the reduction of
E at p has a cusp.
When E has additive reduction, the nonsingular points form a group
isomorphic to (Fp , +) and there is one singular point. Hence, there are p + 1
points in E(Fp ), so
ap = p + 1 − (p + 1) = 0.
Thus, the value ap for an additive reduction is 0.
Definition 3.1.5. p is a prime of multiplicative reduction when the reduction
of E at p has a node. Reductions are split multiplicative if the slopes of
the tangent lines at the singularity are in Fp , and nonsplit multiplicative
otherwise.
When E has split multiplicative reduction at p, there is one singular point
together with the number of elements of a group isomorphic to (F∗p , ×), so
1 + (p − 1) = p points in E(Fp ), giving
ap = p + 1 − p = 1.
When E has non-split multiplicative reduction at p, there is one singular point together with the number of elements of a group isomorphic to
(F∗p2 /F∗p , ×), so p + 2 points in E(Fp ), giving
ap = p + 1 − (p + 2) = −1.
Thus, the value ap for a
(
1,
if
ap =
−1, if
prime of multiplicative reduction is
eFp has split multiplicative reduction;
E
eFp has nonsplit multiplicative reduction.
E
Definition 3.1.6. The L-series of an elliptic curve E is:
Y
Y
1
1
L(E, s) =
−s
−s
1 − ap p
1 − ap p + p1−2s
=
p|∆(E)
∞
X
an
.
ns
n=1
p-∆(E)
3.1. THE L-FUNCTION
61
Definition 3.1.7. The Taylor expansion of a function f(x) about a point a
is an approximation of the function in the locality of that point, defined by:
f (x) ≈ f (a) + f 0 (a)(x − a) +
f 00 (a)(x − a)2 f 000 (a)(x − a)3
+
+ ...
2!
3!
By Hecke, Wiles (2000) [24] et al. (2001) [3], we know L(E, s) has an
analytic continuation to all of C, and so we consider the Taylor expansion at
s = 1.
Definition 3.1.8. The order of vanishing of an L-series is the power of the
variable in the first term in the series whose coefficient is non-zero.
Definition 3.1.9. The analytic rank of E is the order of vanishing of L(E, 1).
Conjecture 2 (Birch and Swinnerton-Dyer Conjecture). The analytic rank
of an elliptic curve is equal to its algebraic rank.
Example 3.1.10. Consider the curve E : y 2 = x3 − x. We have ∆ = 64. So
we see that 2 is the only prime of bad reduction and compute a2 = 0.
eF3 : y 2 ≡ x3 + 2x. We want to find the points on the curve. We know that
E
O is one of the points, and we also have:
x=0⇒y≡0
x = 1 ⇒ y2 ≡ 0
x = 2 ⇒ y 2 ≡ 0.
eF3 (F3 ) = 4 and so
So we have the points O, (0, 0), (1, 0), (2, 0). Thus, #E
a3 = 0.
eF5 : y 2 ≡ x3 − x. We want to find the points on the curve other than O:
E
x=0⇒y=0
x = 1 ⇒ y2 ≡ 0
x = 2 ⇒ y2 ≡ 1
x = 3 ⇒ y2 ≡ 4
x = 4 ⇒ y 2 ≡ 0.
eF5 (F5 ) =
So we have the points O, (0, 0), (1, 0), (2, ±1), (3, ±2), (4, 0). Thus, #E
8 and so a5 = −2.
62CHAPTER 3. THE BIRCH AND SWINNERTON-DYER CONJECTURE
eF7 : y 2 = x3 − x. We know that O is one of the points on the curve, and
E
we also have:
x = 0 ⇒ y2
x = 1 ⇒ y2
x = 2 ⇒ y2
x = 3 ⇒ y2
x = 4 ⇒ y2
x = −2 ⇒ y 2
x = −1 ⇒ y 2
≡0
≡0
≡ 6, which has no solution.
≡ 3, which has no solution.
≡4
≡1
≡0
So O, (0, 0), (1, 0), (4, ±2), (5, ±1), (6, 0) are on the curve. Thus, we have
eF7 (F7 ) = 8 and so a7 = 0. We could continue calculating these points
#E
in finite fields indefinitely but, for our purposes, we stop here. Using Sage,
we generate several more ap values and compute the Taylor expansion of the
L-series around the point s = 1:
0.655514388573030 + 0.447208159472739z − 0.233131198781643z 2 + ....
Therefore, the analytic rank of E is 0. By the deep work of Gross and Zagier
[10], we know this to mean that the algebraic rank is also 0, and thus we
have given a third proof that 1 is not a congruent number.
3.2
Congruent Numbers and the BSD Conjecture
For those elliptic curves for which the BSD Conjecture does hold, it produces
an algorithm to compute the rank of E and the set E(Q). For a curve EN ,
this clearly includes determining whether or not the number N is congruent. Thus, the Birch and Swinnerton-Dyer Conjecture, if true, allows us to
determine whether any given integer N is congruent and the CNP is solved.
We look at some key results toward the CNP beyond Fermat’s initial
progress. This section primarily uses Tian [21] and Zhang [25].
Assuming N to be square-free, a classical calculation of root numbers
shows that the complex L-function of the curve EN has a zero of odd order
at the centre of its critical strip precisely when N lies in one of the residue
classes 5,6 and 7 modulo 8. In particular, the BSD Conjecture predicts that
every positive integer lying in the residue classes 5,6 and 7 modulo 8 should
be a congruent number.
3.2. CONGRUENT NUMBERS AND THE BSD CONJECTURE
63
We summarize the progress that has been made towards the BSD Conjecture’s prediction that every positive integer lying in the residue classes 5,6
and 7 modulo 8 should be a congruent number.
Theorem 3.2.1 (Heegner (1952) [11], Birch-Stephens (1975) [20], Monsky
(1990) [16]). A prime p is congruent if p ≡ 5, 7 (mod 8). The number 2p is
congruent if p ≡ 3 (mod 4).
Heegner was the first to find a method to construct fairly general solutions
to cubic Diophantine equations (1952) [11], which he did for this theorem.
Theorem 3.2.2 (Gross (1985) [22], Monsky (1990) [16], Tian (2012) [21]).
For any positive integer k, and any j ∈ {5, 6, 7}, there are infinitely many
congruent numbers N congruent to j (mod 8) with k odd prime factors.
Tian extended Heegner’s result, aiming to expand Heegner’s construction
of rational points on the curve E (N ) : N y 2 = x3 − x in the case that the
relevant N are primes congruent to 5,7 modulo 8 or twice primes congruent
to 3 modulo 8 to rational points in the case when N has many prime divisors.
E (N ) : N y 2 = x3 − x
(3.1)
Theorem 3.2.3 (Tian). Let k ≥ 0 be an integer and n = p0 p1 ...pk a product
of distinct odd primes with pi ≡ 1 (mod 8) for 0 ≤ i ≤ k. Let N = n or 2n
such that N ≡ 5, 6, 7 (mod 8). Then N is a√congruent number provided that
the ideal class group A of the field K = Q( −2n) satisfies the condition
(
0, if n ≡ ±3 (mod 8);
dimF2 (A[4]/A[2]) =
1, otherwise.
Note that the curve E (N ) is simply our EN in a slightly different form.
Indeed, by multiplying both sides of (3.1) by N 3 and making the substitution
Y := N 2 y and X := N x gives the congruent number elliptic curve
EN : Y 2 = X 3 − N 2 X.
Tian proved his result by showing that any E (N ) satisfying the hypotheses
of the theorem has analytic and algebraic ranks equal to 1.
Corollary 3.2.4. For any given integer k ≥ 0, there are infinitely many
square-free congruent numbers with exactly k + 1 odd prime divisors in each
residue class of 5, 6, 7 (mod 8).
64CHAPTER 3. THE BIRCH AND SWINNERTON-DYER CONJECTURE
Through Gross and Zagier’s (1986) [10], and also Kolyvagin’s (1990) [13]
work, the Birch and Swinnerton-Dyer Conjecture has now been proved for all
elliptic curves of analytic rank less than or equal to 1. Subsequent computer
calculations have been performed to verify the BSD Conjecture for various
finite sets of curves, but no further general progress has been made.
Bibliography
[1] Etienne Bézout, General theory of algebraic equations, Princeton University Press, Princeton, NJ, 2006, Translated from the 1779 French
original by Eric Feron.
[2] B. J. Birch and H. P. F. Swinnerton-Dyer, Notes on elliptic curves. II,
J. Reine Angew. Math. 218 (1965), 79–108.
[3] Christophe Breuil, Brian Conrad, Fred Diamond, and Richard Taylor,
On the modularity of elliptic curves over Q: wild 3-adic exercises, J.
Amer. Math. Soc. 14 (2001), no. 4, 843–939.
[4] Jim Brown, Congruent numbers and elliptic curves, http://www.math.
caltech.edu/~jimlb/congruentnumberslong.pdf, 2007.
[5] John H. Coates, Congruent numbers, Proc. Natl. Acad. Sci. USA 109
(2012), no. 52, 21182–21183.
[6] Keith Conrad, The congruent number problem, http://www.math.
uconn.edu/~kconrad/blurbs/ugradnumthy/congnumber.pdf, 2008.
[7] David S. Dummit and Richard M. Foote, Abstract algebra, third ed.,
John Wiley & Sons, Inc., Hoboken, NJ, 2004.
[8] Pierre Fermat, Œuvres de Pierre Fermat. I, Collection Sciences dans
l’Histoire. [Science in History Collection], Librairie Scientifique et Technique Albert Blanchard, Paris, 1999, La théorie des nombres. [Number
theory], Translated by Paul Tannery, With an introduction and commentary by R. Rashed, Ch. Houzel and G. Christol.
[9] E. V. Flynn, Elliptic curves, http://www0.maths.ox.ac.uk/system/
files/coursematerial/2014/3117/1/lecturenotes.pdf, 2012.
[10] B. Gross and D. Zagier, Heegner points and derivatives of L-series, Invent. Math. 84 (1986), no. 2, 225–320.
65
66
BIBLIOGRAPHY
[11] Kurt Heegner, Diophantische Analysis und Modulfunktionen, Math. Z.
56 (1952), 227–253.
[12] N. Koblitz, Introduction to elliptic curves and modular forms, Graduate
Texts in Mathematics, vol. 97, Springer-Verlag, New York, 1984.
[13] V. Kolyvagin, Euler systems, The Grothendieck Festschrift, Vol. II,
Progr. Math., vol. 87, Birkhäuser Boston, Boston, 1990, pp. 435–483.
[14] The LMFDB Collaboration, The L-functions and modular forms
database, http://www.lmfdb.org, 2015, [Online; accessed 1 March
2015].
[15] B. Mazur, Modular curves and the Eisenstein ideal, Inst. Hautes Études
Sci. Publ. Math. (1977), no. 47, 33–186 (1978).
[16] Paul Monsky, Mock Heegner points and congruent numbers, Math. Z.
204 (1990), no. 1, 45–67.
[17] J.H. Silverman and J. Tate, Rational points on elliptic curves, SpringerVerlag, New York, 1992.
[18] W. A. Stein, The Birch and Swinnerton-Dyer conjecture, a computational approach, 2007, http://wstein.org/edu/2007/spring/bsd/.
[19] W. A.
Stein,
The
http://cloud.sagemath.org.
Sagemath
CloudTM ,
2013,
[20] N. M. Stephens, Congruence properties of congruent numbers, Bull. London Math. Soc. 7 (1975), 182–184.
[21] Ye Tian, Congruent numbers with many prime factors, Proc. Natl. Acad.
Sci. USA 109 (2012), no. 52, 21256–21258.
[22] J. B. Tunnell, A classical Diophantine problem and modular forms of
weight 3/2, Invent. Math. 72 (1983), no. 2, 323–334.
[23] Wikipedia, Pythagorean triple — wikipedia, the free encyclopedia, 2015,
[Online; accessed 9-March-2015].
[24] Andrew Wiles, Modular elliptic curves and Fermat’s last theorem, Ann.
of Math. (2) 141 (1995), no. 3, 443–551.
[25] Shou-Wu Zhang, Congruent numbers and Heegner points, Asia Pac.
Math. Newsl. 3 (2013), no. 2, 12–15.