Elliptic curve

From Wikipedia, the free encyclopedia

Not to be confused with Ellipse.

A catalog of elliptic curves. Region shown is [−3,3] 2 (For (a, b) = (0, 0) the function is not smooth and therefore not
an elliptic curve.)

Algebraic structure → Group theory

Group theory

Basic notions[show]

Finite groups[show]

 Discrete groups

 Lattices

[show]
 Topological / Lie groups[show]

Algebraic groups[hide]
 Linear algebraic group
 Reductive group
 Elliptic curve
 Abelian variety

 v
 t
 e

In mathematics, an elliptic curve is a plane algebraic curve defined by an equation of the form

that is non-singular; that is, it has no cusps or self-intersections. (When

the characteristic of the coefficient field is equal to 2 or 3, the above
equation is not quite general enough to comprise all non-singular cubic
curves; see below for a more precise definition.)
Formally, an elliptic curve is a smooth, projective, algebraic
curve of genus one, on which there is a specified point O. An elliptic
curve is in fact an abelian variety – that is, it has a multiplication
defined algebraically, with respect to which it is an abelian group –
and O serves as the identity element. Often the curve itself,
without Ospecified, is called an elliptic curve. The point O is actually
the "point at infinity" in the projective plane.
If y2 = P(x), where P is any polynomial of degree three in x with no
repeated roots, then we obtain a nonsingular plane curve of genus one,
which is thus an elliptic curve. If P has degree four and is square-
free this equation again describes a plane curve of genus one; however,
it has no natural choice of identity element. More generally, any
algebraic curve of genus one, for example from the intersection of
two quadric surfaces embedded in three-dimensional projective space,
is called an elliptic curve, provided that it has at least one rational
point to act as the identity.
Using the theory of elliptic functions, it can be shown that elliptic
curves defined over the complex numberscorrespond to embeddings of
the torus into the complex projective plane. The torus is also an abelian
group, and in fact this correspondence is also a group isomorphism.
Elliptic curves are especially important in number theory, and
constitute a major area of current research; for example, they were
used in the proof, by Andrew Wiles, of Fermat's Last Theorem. They
also find applications in elliptic curve cryptography(ECC) and integer
factorization.
An elliptic curve is not an ellipse: see elliptic integral for the origin of
the term. Topologically, a complex elliptic curve is a torus.

Contents
[hide]
 1Elliptic curves over the real numbers
 2The group law
 3Elliptic curves over the complex numbers
 4Elliptic curves over the rational numbers
o 4.1The structure of rational points
o 4.2The Birch and Swinnerton-Dyer conjecture
o 4.3The modularity theorem and its application to Fermat's Last
Theorem
o 4.4Integral points
o 4.5Generalization to number fields
 5Elliptic curves over a general field
 6Isogeny
 7Elliptic curves over finite fields
 8Applications
 9Algorithms that use elliptic curves
 10Alternative representations of elliptic curves
 11See also
 12Notes
 13References
 14External links

Elliptic curves over the real numbers[edit]

Graphs of curves y2 = x3 − x and y2 = x3 − x + 1

Although the formal definition of an elliptic curve is fairly technical

and requires some background in algebraic geometry, it is possible to
describe some features of elliptic curves over the real numbers using
only introductory algebra and geometry.
In this context, an elliptic curve is a plane curve defined by an equation
of the form

where a and b are real numbers. This type of equation is called

a Weierstrass equation.
The definition of elliptic curve also requires that the curve be non-
singular. Geometrically, this means that the graph has no cusps,
self-intersections, or isolated points. Algebraically, this holds if
and only if the discriminant
is not equal to zero. (Although the factor −16 is irrelevant to
whether or not the curve is non-singular, this definition of the
discriminant is useful in a more advanced study of elliptic
curves.)
The (real) graph of a non-singular curve has two components
if its discriminant is positive, and one component if it is
negative. For example, in the graphs shown in figure to the
right, the discriminant in the first case is 64, and in the second
case is −368.

The group law[edit]

When working in the projective plane, we can define a group
structure on any smooth cubic curve. In Weierstrass normal
form, such a curve will have an additional point at infinity, O,
at the homogeneous coordinates [0:1:0] which serves as the
identity of the group.
Since the curve is symmetrical about the x-axis, given any
point P, we can take −P to be the point opposite it. We take
−O to be just O.
If P and Q are two points on the curve, then we can uniquely
describe a third point, P + Q, in the following way. First,
draw the line that intersects P and Q. This will generally
intersect the cubic at a third point, R. We then take P + Q to
be −R, the point opposite R.
This definition for addition works except in a few special
cases related to the point at infinity and intersection
multiplicity. The first is when one of the points is O. Here, we
define P + O = P = O + P, making O the identity of the group.
Next, if P and Q are opposites of each other, we
define P + Q = O. Lastly, if P = Q we only have one point,
thus we can't define the line between them. In this case, we
use the tangent line to the curve at this point as our line. In
most cases, the tangent will intersect a second point R and we
can take its opposite. However, if P happens to be
an inflection point (a point where the concavity of the curve
changes), we take R to be P itself and P + P is simply the
point opposite itself.
For a cubic curve not in Weierstrass normal form, we can still
define a group structure by designating one of its nine
inflection points as the identity O. In the projective plane,
each line will intersect a cubic at three points when
accounting for multiplicity. For a point P, −P is defined as the
unique third point on the line passing through O and P. Then,
for any Pand Q, P + Q is defined as −R where R is the unique
third point on the line containing P and Q.
Let K be a field over which the curve is defined (i.e., the
coefficients of the defining equation or equations of the curve
are in K) and denote the curve by E. Then the K-rational
pointsof E are the points on E whose coordinates all lie in K,
including the point at infinity. The set of K-rational points is
denoted by E(K). It, too, forms a group, because properties of
polynomial equations show that if P is in E(K), then −P is
also in E(K), and if two of P, Q, and R are in E(K), then so is
the third. Additionally, if K is a subfield of L, then E(K) is
a subgroup of E(L).
The above group can be described algebraically as well as
geometrically. Given the curve y2 = x3 + ax + b over the
field K (whose characteristic we assume to be neither 2 nor
3), and points P = (xP, yP) and Q = (xQ, yQ) on the curve,
assume first that xP ≠ xQ (first pane below). Let s be the slope
of the line containing P and Q; i.e.,

Since K is a field, s is well-defined. Then we can

define R = (xR, yR) = −(P + Q) by

If xP = xQ, then there are two options: if yP =

−yQ (third and fourth panes below), including the
case where yP = yQ = 0 (fourth pane), then the sum is
defined as 0; thus, the inverse of each point on the
curve is found by reflecting it across the x-axis.
If yP = yQ ≠ 0, then Q = P and R = (xR, yR) = −(P + P)
= −2P = -2Q (second pane below with P shown
for R) is given by

Elliptic curves over the

complex numbers[edit]
 An elliptic curve over the complex numbers is
obtained as a quotient of the complex plane by a
lattice Λ, here spanned by two fundamental
periods ω1 and ω2. The four-torsion is also
shown, corresponding to the lattice 1/4 Λ
containing Λ.

The formulation of elliptic curves as the

embedding of a torus in the complex projective
plane follows naturally from a curious property
of Weierstrass's elliptic functions. These
functions and their first derivative are related by
the formula

Here, g2 and g3 are constants; is the

Weierstrass elliptic function and its

derivative. It should be clear that this
relation is in the form of an elliptic curve
(over the complex numbers). The
Weierstrass functions are doubly periodic;
that is, they are periodic with respect to
a lattice Λ; in essence, the Weierstrass
functions are naturally defined on a
torus T = C/Λ. This torus may be
embedded in the complex projective plane
by means of the map
This map is a group isomorphism of
the torus (considered with its natural
group structure) with the chord-and-
tangent group law on the cubic curve
which is the image of this map. It is
also an isomorphism of Riemann
surfaces from the torus to the cubic
curve, so topologically, an elliptic
curve is a torus. If the lattice Λ is
related by multiplication by a non-zero
complex number c to a lattice cΛ, then
the corresponding curves are
isomorphic. Isomorphism classes of
elliptic curves are specified by the j-
invariant.
The isomorphism classes can be
understood in a simpler way as well.
The constants g2 and g3, called
the modular invariants, are uniquely
determined by the lattice, that is, by
the structure of the torus. However, the
complex numbers form the splitting
field for polynomials with real
coefficients, and so the elliptic curve
may be written as

One finds that

and

so that the modular

discriminant is

Here, λ is sometimes
called the modular
lambda function.
Note that
the uniformization
theorem implies that
every compact Riem
ann surface of genus
one can be
represented as a
torus.
This also allows an
easy understanding
of the torsion
points on an elliptic
curve: if the lattice
Λ is spanned by the
fundamental periods
ω1 and ω2, then
the n-torsion points
are the (equivalence
classes of) points of
the form

for a and b integ

ers in the range
from 0 to n−1.
Over the
complex
numbers, every
elliptic curve
has
nine inflection
points. Every
line through two
of these points
also passes
through a third
inflection point;
the nine points
and 12 lines
formed in this
way form a
realization of
the Hesse
configuration.

Elliptic
curves
over the
rational
numbers[
edit]
A
curve E defined
over the field of
rational
numbers is also
defined over the
field of real
numbers.
Therefore, the
law of addition
(of points with
real
coordinates) by
the tangent and
secant method
can be applied
to E. The
explicit
formulae show
that the sum of
two
points P and Q
with rational
coordinates has
again rational
coordinates,
since the line
joining Pand Q
has rational
coefficients.
This way, one
shows that the
set of rational
points
of E forms a
subgroup of the
group of real
points of E. As
this group, it is
an abelian
group, that
is, P + Q = Q +
P.
The
structure of
rational
points[edit]
The most
important result
is that all points
can be
constructed by
the method of
tangents and
secants starting
with
a finite number
of points. More
precisely[1] the
Mordell–Weil
theorem states
that the
group E(Q) is
a finitely
generated (abeli
an) group. By
the fundamental
theorem of
finitely
generated
abelian
groups it is
therefore a
finite direct sum
of copies
of Z and finite
cyclic groups.
The proof of
that
theorem[2] rests
on two
ingredients:
first, one shows
that for any
integer m > 1,
the quotient
group E(Q)/mE(
Q) is finite
(weak Mordell–
Weil theorem).
Second,
introducing
a height
function h on
the rational
points E(Q)
defined by h(P0)
= 0 and h(P) =
log max(|p|,
|q|) if P (unequ
al to the point at
infinity P0) has
as abscissa the
rational
number x = p/q
(with coprime p
and q). This
height
function h has
the property
that h(mP)
grows roughly
like the square
of m. Moreover,
only finitely
many rational
points with
height smaller
than any
constant exist
on E.
The proof of the
theorem is thus
a variant of the
method
of infinite
descent[3] and
relies on the
repeated
application
of Euclidean
divisions on E:
let P ∈ E(Q) be
a rational point
on the curve,
writing P as the
sum
2P1 + Q1 where
Q1 is a fixed
representant
of P in E(Q)/2E
(Q), the height
of P1 is
about 1/4 of the
one of P (more
generally,
replacing 2 by
any m > 1,
and 1/4 by 1/m2 ).
Redoing the
same with P1,
that is to
say P1 =
2P2 + Q2,
then P2 =
2P3 + Q3, etc.
finally
expresses P as
an integral
linear
combination of
points Qi and of
points whose
height is
bounded by a
fixed constant
chosen in
advance: by the
weak Mordell–
Weil theorem
and the second
property of the
height
function P is
thus expressed
as an integral
linear
combination of
 a finite number
of fixed points.
So far, the
theorem is not
effective since
there is no
known general
procedure for
determining the
representants
of E(Q)/mE(Q).
The rank of E(Q
), that is the
number of
copies
of Z in E(Q) or,
equivalently,
the number of
independent
points of
infinite order, is
called
the rank of E.
The Birch and
Swinnerton-
Dyer
conjecture is
concerned with
determining the
rank. One
conjectures that
it can be
arbitrarily large,
even if only
examples with
relatively small
rank are known.
The elliptic
curve with
biggest exactly
known rank is
y2 + xy + y = x3 − x2 + 313680158123380651333185652922065907
92820353345x + 302038802698566087335643188429543498624
522041683874493555186062568159847
It has rank
19, found
by Noam
Elkies in
2009.[4] Cur
ves of rank
at least 28
are known,
but their
rank is not
exactly
known.
As for the
groups
constituting
the torsion
subgroup of
E(Q), the
following is
known:[5] th
e torsion
subgroup
of E(Q) is
one of the
15
following
groups (a
theorem du
e to Barry
Mazur): Z/
NZ for N =
1, 2, ..., 10,
or 12,
or Z/2Z ×
Z/2NZ with
N = 1, 2, 3,
4.
Examples
for every
case are
known.
Moreover,
elliptic
curves
whose
Mordell–
Weil
groups
over Q hav
e the same
torsion
groups
belong to a
parametrize
d family.[6]
The
Birch
and
Swinnert
on-Dyer
conjectu
re[edit]
Main
article: Bir
ch and
Swinnerton
-Dyer
conjecture
The Birch
and
Swinnerton
-Dyer
conjecture (
BSD) is
one of
the Millenn
ium
problems of
the Clay
Mathematic
s Institute.
The
conjecture
relies on
analytic
and
arithmetic
objects
defined by
the elliptic
curve in
question.
At the
analytic
side, an
important
ingredient
is a
function of
a complex
variable, L,
the Hasse–
Weil zeta
function of
E over Q.
This
function is
a variant of
the Rieman
n zeta
functionand
Dirichlet
L-
functions.
It is defined
as an Euler
product,
with one
factor for
every prime
number p.
For a
curve E ove
r Q given
by a
minimal
equation

with
integra
l
coeffic
ients ai
,
reduci
ng the
coeffic
ients m
odulo
p defin
es an
elliptic
curve
over
the fini
te
field Fp
(excep
t for a
finite
numbe
r of
primes
p,
where
the
reduce
d curve
has
a singu
larity a
nd thus
fails to
be
elliptic
, in
which
case E
is said
to be
of bad
reducti
on at p
).
The
zeta
functio
n of an
elliptic
curve
over a
finite
field Fp
is, in
some
sense,
a gener
ating
functio
n asse
mbling
the
inform
ation
of the
numbe
r of
points
of E wi
th
values
in the
finite fi
eld
extensi
ons of
Fp, Fp .
n

It is
given,[7
]

Th
e
int
eri
or
su
m
of
th
e
ex
po
ne
nti
al
re
se
m
bl
es
th
e
de
ve
lo
p
m
en
t
of
th
el
og
ari
th
m
an
d,
in
fa
ct,
th
e
so
-
de
fin
ed
ze
ta
fu
nc
tio
n
is
ar
ati
on
al
fu
nc
tio
n:

T
h
e

H
a
s
s
e
–
W
e
i
l
z
e
t
a
f
u
n
c
t
i
o
n

o
f

o
v
e
r

i
s
t
h
e
n
d
e
f
i
n
e
d
b
y
c
o
l
l
e
c
t
i
n
g
t
h
i
s
i
n
f
o
r
m
a
t
i
o
n
t
o
g
e
t
h
e
r
,
f
o
r
a
l
l
p
r
i
m
e
s

p
.
I
t
i
s
d
e
f
i
n
e
d
b
y

w
h
e
r
e
ε
(
p
)
=
1
i
f

h
a
s
g
o
o
d
r
e
d
u
c
t
i
o
n
a
t

a
n
d
0
o
t
h
e
r
w
i
s
e
(
i
n
w
h
i
c
h
c
a
s
e
a
p

i
s
d
e
f
i
n
e
d
d
i
f
f
e
r
e
n
t
l
y
t
h
a
n
a
b
o
v
e
)
.
T
h
i
s
p
r
o
d
u
c
t

c
o
n
v
e
r
g
e
s

f
o
r
R
e
(
s
)
>
3
/
2
o
n
l
y
.
H
a
s
s
e
'
s
c
o
n
j
e
c
t
u
r
e
a
f
f
i
r
m
s
t
h
a
t
t
h
e

L
-
f
u
n
c
t
i
o
n
a
d
m
i
t
s
a
n

a
n
a
l
y
t
i
c
c
o
n
t
i
n
u
a
t
i
o
n

t
o
t
h
e
w
h
o
l
e
c
o
m
p
l
e
x
p
l
a
n
e
a
n
d
s
a
t
i
s
f
i
e
s
a

f
u
n
c
t
i
o
n
a
l
e
q
u
a
t
i
o
n

r
e
l
a
t
i
n
g
,
f
o
r
a
n
y

s
,

L
(
E
,

s
)
t
o
L
(
E
,
2
−

s
)
.
I
n
1
9
9
9
t
h
i
s
w
a
s
s
h
o
w
n
t
o
b
e
a
c
o
n
s
e
q
u
e
n
c
e
o
f
t
h
e
p
r
o
o
f
o
f
t
h
e
S
h
i
m
u
r
a
–
T
a
n
i
y
a
m
a
–
W
e
i
l
c
o
n
j
e
c
t
u
r
e
,
w
h
i
c
h
a
s
s
e
r
t
s
t
h
a
t
e
v
e
r
y
e
l
l
i
p
t
i
c
c
u
r
v
e
o
v
e
r

i
s
a

m
o
d
u
l
a
r
c
u
r
v
e
,
w
h
i
c
h
i
m
p
l
i
e
s
t
h
a
t
i
t
s

L
-
f
u
n
c
t
i
o
n
i
s
t
h
e

L
-
f
u
n
c
t
i
o
n
o
f
a

m
o
d
u
l
a
r
f
o
r
m

w
h
o
s
e
a
n
a
l
y
t
i
c
c
o
n
t
i
n
u
a
t
i
o
n
i
s
k
n
o
w
n
.
O
n
e
c
a
n
t
h
e
r
e
f
o
r
e
s
p
e
a
k
a
b
o
u
t
t
h
e
v
a
l
u
e
s
o
f

L
(
E
,

s
)
a
t
a
n
y
c
o
m
p
l
e
x
n
u
m
b
e
r

s
.
T
h
e
B
i
r
c
h
–
S
w
i
n
n
e
r
t
o
n
-
D
y
e
r
c
o
n
j
e
c
t
u
r
e
r
e
l
a
t
e
s
t
h
e
a
r
i
t
h
m
e
t
i
c
o
f
t
h
e
c
u
r
v
e
t
o
t
h
e
b
e
h
a
v
i
o
r
o
f
i
t
s

L
-
f
u
n
c
t
i
o
n
a
t

=
1
.
M
o
r
e
p
r
e
c
i
s
e
l
y
,
i
t
a
f
f
i
r
m
s
t
h
a
t
t
h
e
o
r
d
e
r
o
f
t
h
e

L
-
f
u
n
c
t
i
o
n
a
t

=
1
e
q
u
a
l
s
t
h
e
r
a
n
k
o
f

a
n
d
p
r
e
d
i
c
t
s
t
h
e
l
e
a
d
i
n
g
t
e
r
m
o
f
t
h
e
L
a
u
r
e
n
t
s
e
r
i
e
s
o
f

L
(
E
,

s
)
a
t
t
h
a
t
p
o
i
n
t
i
n
t
e
r
m
s
o
f
s
e
v
e
r
a
l
q
u
a
n
t
i
t
i
e
s
a
t
t
a
c
h
e
d
t
o
t
h
e
e
l
l
i
p
t
i
c
c
u
r
v
e
.
M
u
c
h
l
i
k
e
t
h
e

R
i
e
m
a
n
n
h
y
p
o
t
h
e
s
i
s
,
t
h
i
s
c
o
n
j
e
c
t
u
r
e
h
a
s
m
u
l
t
i
p
l
e
c
o
n
s
e
q
u
e
n
c
e
s
,
i
n
c
l
u
d
i
n
g
t
h
e
f
o
l
l
o
w
i
n
g
t
w
o
:

 L
e
t

b
e
a
n
o
d
d

s
q
u
a
r
e
-
f
r
e
e
i
n
t
e
g
e
r
.
A
s
s
u
m
i
n
g
t
h
e
B
i
r
c
h
a
n
d
S
w
i
n
n
e
r
t
o
n
-
D
y
e
r
c
o
n
j
e
c
t
u
r
e
,

i
s
t
h
e
a
r
e
a
o
f
a
r
i
g
h
t
t
r
i
a
n
g
l
e
w
i
t
h
r
a
t
i
o
n
a
l
s
i
d
e
l
e
n
g
t
h
s
(
a

c
o
n
g
r
u
e
n
t
n
u
m
b
e
r
)
i
f
a
n
d
o
n
l
y
i
f
t
h
e
n
u
m
b
e
r
o
f
t
r
i
p
l
e
t
s
o
f
i
n
t
e
g
e
r
s
(
x
,

y
,

z
)
s
a
t
i
s
f
y
i
n
g

i
s
t
w
i
c
e
t
h
e
n
u
m
b
e
r
o
f
t
r
i
p
l
e
s
s
a
t
i
s
f
y
i
n
g

.
T
h
i
s
s
t
a
t
e
m
e
n
t
,
d
u
e
t
o

T
u
n
n
e
l
l
,
i
s
r
e
l
a
t
e
d
t
o
t
h
e
f
a
c
t
t
h
a
t

i
s
a
c
o
n
g
r
u
e
n
t
n
u
m
b
e
r
i
f
a
n
d
o
n
l
y
i
f
t
h
e
e
l
l
i
p
t
i
c
c
u
r
v
e

h
a
s
a
r
a
t
i
o
n
a
l
p
o
i
n
t
o
f
i
n
f
i
n
i
t
e
o
r
d
e
r
(
t
h
u
s
,
u
n
d
e
r
t
h
e
B
i
r
c
h
a
n
d
S
w
i
n
n
e
r
t
o
n
-
D
y
e
r
c
o
n
j
e
c
t
u
r
e
,
i
t
s

L
-
f
u
n
c
t
i
o
n
h
a
s
a
z
e
r
o
a
t
1
)
.
T
h
e
i
n
t
e
r
e
s
t
i
n
t
h
i
s
s
t
a
t
e
m
e
n
t
i
s
t
h
a
t
t
h
e
c
o
n
d
i
 t
i
o
n
i
s
e
a
s
i
l
y
v
e
r
i
f
i
e
d
.
[
8
]

 I
n
a
d
i
f
f
e
r
e
n
t
d
i
r
e
c
t
i
o
n
,
c
e
r
t
a
i
n
a
n
a
l
y
t
i
c
m
e
t
h
o
d
s
a
l
l
o
w
f
o
r
a
n
e
s
t
i
m
a
t
i
o
n
o
f
t
h
e
o
r
d
e
r
o
f
z
e
r
o
i
n
t
h
e
c
e
n
t
e
r
o
f
t
h
e

c
r
i
t
i
c
a
l
s
t
r
i
p

o
f
f
a
m
i
l
i
e
s
o
f

L
-
f
u
n
c
t
i
o
n
s
.
A
d
m
i
t
t
i
n
g
t
h
e
B
S
D
c
o
n
j
e
c
t
u
r
e
,
t
h
e
s
e
e
s
t
i
m
a
t
i
o
n
s
c
o
r
r
e
s
p
o
n
d
t
o
i
n
f
o
r
m
a
t
i
o
n
a
b
o
u
t
t
h
e
r
a
n
k
o
f
f
a
m
i
l
i
e
s
o
f
e
l
l
i
p
t
i
c
c
u
r
v
e
s
i
n
q
u
e
s
t
i
o
n
.
F
o
r
e
x
a
m
p
l
e
:
[
9
]

s
u
p
p
o
s
e
t
h
e

g
e
n
e
r
a
l
i
z
e
d
R
i
e
m
a
n
n
h
y
p
o
t
h
e
s
i
s

a
n
d
t
h
e
B
S
D
c
o
n
j
e
c
 t
u
r
e
,
t
h
e
a
v
e
r
a
g
e
r
a
n
k
o
f
c
u
r
v
e
s
g
i
v
e
n
b
y

i
s
s
m
a
l
l
e
r
t
h
a
n
2
.
T
h
e
m
o
d
u
l
a
r
i
t
y
t
h
e
o
r
e
m
a
n
d
i
t
s
a
p
p
l
i
c
a
t
i
o
n
t
o
F
e
r
m
a
t
'
s
L
a
s
t
T
h
e
o
r
e
m
[
e
d
i
t
]
M
a
i
n
a
r
t
i
c
l
e
:

M
o
d
u
l
a
r
i
t
y
t
h
e
o
r
e
m
T
h
e
m
o
d
u
l
a
r
i
t
y
t
h
e
o
r
e
m
,
o
n
c
e
k
n
o
w
n
a
s
t
h
e
T
a
n
i
y
a
m
a
–
S
h
i
m
u
r
a
–
W
e
i
l
c
o
n
j
e
c
t
u
r
e
,
s
t
a
t
e
s
t
h
a
t
e
v
e
r
y
e
l
l
i
p
t
i
c
c
u
r
v
e

o
v
e
r

i
s
a

m
o
d
u
l
a
r
c
u
r
v
e
,
t
h
a
t
i
s
t
o
s
a
y
,
i
t
s
H
a
s
s
e
–
W
e
i
l
z
e
t
a
f
u
n
c
t
i
o
n
i
s
t
h
e

L
-
f
u
n
c
t
i
o
n
o
f
a

m
o
d
u
l
a
r
f
o
r
m

o
f
w
e
i
g
h
t
2
a
n
d
l
e
v
e
l

N
,
w
h
e
r
e

i
s
t
h
e

c
o
n
d
u
c
t
o
r

o
f

E
(
a
n
i
n
t
e
g
e
r
d
i
v
i
s
i
b
l
e
b
y
t
h
e
s
a
m
e
p
r
i
m
e
n
u
m
b
e
r
s
a
s
t
h
e
d
i
s
c
r
i
m
i
n
a
n
t
o
f

E
,
Δ
(
E
)
.
)
I
n
o
t
h
e
r
w
o
r
d
s
,
i
f
,
f
o
r
R
e
(
s
)
>
3
/
2
,
o
n
e
w
r
i
t
e
s
t
h
e

L
-
f
u
n
c
t
i
o
n
i
n
t
h
e
f
o
r
m

t
h
e
e
x
p
r
e
s
s
i
o
n

d
e
f
i
n
e
s
a
p
a
r
a
b
o
l
i
c
m
o
d
u
l
a
r

n
e
w
f
o
r
m

o
f
w
e
i
g
h
t
2
a
n
d
l
e
v
e
l

N
.
F
o
r
p
r
i
m
e
n
u
m
b
e
r
s
ℓ
n
o
t
d
i
v
i
d
i
n
g
N
,
t
h
e
c
o
e
f
f
i
c
i
e
n
t

a
(
ℓ
)
o
f
t
h
e
f
o
r
m
e
q
u
a
l
s
ℓ
–
t
h
e
n
u
m
b
e
r
o
f
s
o
l
u
t
i
o
n
s
o
f
t
h
e
m
i
n
i
m
a
l
e
q
u
a
t
i
o
n
o
f
t
h
e
c
u
r
v
e
m
o
d
u
l
o
ℓ
.
F
o
r
e
x
a
m
p
l
e
,
[
1
0
]

t
o
t
h
e
e
l
l
i
p
t
i
c
c
u
r
v
e

w
i
t
h
d
i
s
c
r
i
m
i
n
a
n
t
(
a
n
d
c
o
n
d
u
c
t
o
r
)
3
7
,
i
s
a
s
s
o
c
i
a
t
e
d
t
h
e
f
o
r
m
(x,y) = (−1,4), (−2,3), (2,5), (4,9), (8,23), (43,282), (52,375),
(5234, 378661).
(x,y) = (0,0), (−1,1), (2, 2), (338,6214).
 [hide]

Topics in algebraic curves

nts determine a conic

ve line

l normal curve

n sphere

cubic

 Elliptic function

Analytic Elliptic integral

theory Fundamental pair of periods

 Modular form

Arithmetic Counting points on elliptic curves

theory Division polynomials

  Hasse's theorem on elliptic curves

 Mazur's torsion theorem

 Modular elliptic curve

 Modularity theorem

 Mordell–Weil theorem

 Nagell–Lutz theorem

 Supersingular elliptic curve

 Schoof's algorithm

 Schoof–Elkies–Atkin algorithm

 Elliptic curve cryptography

pplications
 Elliptic curve primality

chis theorem

's theorem

's automorphisms theorem

surface

liptic curve

theorem

s theorem

nt

Bacharach theorem

ection

s paradox

lane curve

curve

degree formula

s sixteenth problem

s conjecture on curves

formula

plane curve

ne curve

heorem

curve

urface

ct Riemann surface
d'enfant
ntial of the first kind

uartic

n's existence theorem

n–Roch theorem

üller space

heorem

rve

rve

completion

 Abel–Jacobi map

 Brill–Noether theory

 Clifford's theorem on special divisors

Divisors on Gonality of an algebraic curve

curves Jacobian variety

 Riemann–Roch theorem

 Weierstrass point

 Weil reciprocity law

 ELSV formula

 Gromov–Witten invariant

Moduli Hodge bundle

 Moduli of algebraic curves

 Stable curve

 Hasse–Witt matrix

 Riemann–Hurwitz formula
Morphisms
 Prym variety

 Weber's theorem

 Acnode

 Crunode

Singularities Cusp

 Delta invariant

 Tacnode

 Birkhoff–Grothendieck theorem

ctor bundles Stable vector bundle

 Vector bundles on algebraic curves
4487-2