стр. 1(всего 3)СОДЕРЖАНИЕ >>
Chapter 8
Elliptic Curves over Q

As we saw in Chapter 1, elliptic curves over Q represent an interesting class of
Diophantine equations. In the present chapter, we study the group structure
of the set of rational points of an elliptic curve E deп¬Ѓned over Q. First, we
show how the torsion points can be found quite easily. Then we prove the
Mordell-Weil theorem, which says that E(Q) is a п¬Ѓnitely generated abelian
group. As weвЂ™ll see in Section 8.6, the method of proof has its origins in
FermatвЂ™s method of inп¬Ѓnite descent. Finally, we reinterpret the descent calcu-
lations in terms of Galois cohomology and deп¬Ѓne the Shafarevich-Tate group.

8.1 The Torsion Subgroup. The Lutz-Nagell The-
orem
The torsion subgroup of E(Q) is easy to calculate. In this section weвЂ™ll give
examples of how this can be done. The crucial step is the following theorem,
which was used in Chapter 5 to study anomalous curves. For convenience, we
repeat some of the notation introduced there.
Let a/b = 0 be a rational number, where a, b are relatively prime integers.
Write a/b = pr a1 /b1 with p a1 b1 . Deп¬Ѓne the p-adic valuation to be

vp (a/b) = r.

For example, v2 (7/40) = в€’3, v5 (50/3) = 2, and v7 (1/2) = 0. Deп¬Ѓne vp (0) =
+в€ћ (so vp (0) > n for every integer n).
Let E be an elliptic curve over Z given by y 2 = x3 + Ax + B. Let r в‰Ґ 1 be
an integer. Deп¬Ѓne

Er = {(x, y) в€€ E(Q) | vp (x) в‰¤ в€’2r, vp (y) в‰¤ в€’3r} в€Є {в€ћ}.

These are the points such that x has at least p2r in its denominator and y
has at least p3r in its denominator. These should be thought of as the points
that are close to в€ћ mod powers of p (that is, p-adically close to в€ћ).

199

В© 2008 by Taylor & Francis Group, LLC
200 CHAPTER 8 ELLIPTIC CURVES OVER Q

THEOREM 8.1
Let E be given by y 2 = x3 + Ax + B with A, B в€€ Z. Let p be a prime and let
r be a positive integer. Then

1. Er is a subgroup of E(Q).

2. If (x, y) в€€ E(Q), then vp (x) < 0 if and only if vp (y) < 0. In this case,
there exists an integer r в‰Ґ 1 such that vp (x) = в€’2r and vp (y) = в€’3r.

3. The map

О»r : Er /E5r в†’ Zp4r
(x, y) в†’ pв€’r x/y (mod p4r )
в€ћв†’0

is an injective homomorphism (where Zp4r is a group under addition).

4. If (x, y) в€€ Er but (x, y) в€€ Er+1 , then О»r (x, y) в‰Ў 0 (mod p).

REMARK 8.2 The map О»r should be regarded as a logarithm for the
group Er /E5r since it changes the law of composition in the group to addition
in Zp4r , just as the classical logarithm changes the composition law in the
multiplicative group of positive real numbers to addition in R.

PROOF The denominator of x3 + Ax + B equals the denominator of y 2 .
It is easy to see that the denominator of y is divisible by p if and only if
the denominator of x is divisible by p. If pj , with j > 0, is the exact power
of p dividing the denominator of y, then p2j is the exact power of p in the
denominator of y 2 . Similarly, if pk , with k > 0, is the exact power of p dividing
the denominator of x, then denominator of x3 + Ax + B is exactly divisible
by p3k . Therefore, 2j = 3k. It follows that there exists r with j = 3r and
k = 2r. This proves (2). Also, we see that

{(x, y) в€€ Er | vp (x) = в€’2r, vp (y) = в€’3r} = {(x, y) в€€ Er | vp (x/y) = r}

is the set of points in Er not in Er+1 . This proves (4). Moreover, if О»r (x, y) в‰Ў
0 (mod p4r ), then vp (x/y) в‰Ґ 5r, so (x, y) в€€ E5r . This proves that О»r is
injective (as soon as we prove it is a homomorphism).
Let
x 1
t= , s= .
y y
Dividing the equation y 2 = x3 + Ax + B by y 3 yields
3 2 3
x x 1
1 1
= +A +B ,
y y y y y

В© 2008 by Taylor & Francis Group, LLC
201
SECTION 8.1 THE TORSION SUBGROUP. THE LUTZ-NAGELL THEOREM

which can be written as

s = t3 + Ats2 + Bs3 .

In the following, it will be convenient to write pj |z for a rational number
z when pj divides the numerator of z. Similarly, weвЂ™ll write z в‰Ў 0 (mod pj )
in this case. These extended notions of divisibility and congruence satisfy
properties similar to those for the usual notions.

LEMMA 8.3
(x, y) в€€ Er if and only if p3r |s. If p3r |s, then pr |t.

PROOF If (x, y) в€€ Er , then p3r divides the denominator of y, so p3r
divides the numerator of s = 1/y. Conversely, suppose p3r |s. Then p3r
divides the denominator of y. Part (2) of the theorem shows that p2r divides
the denominator of x. Therefore, (x, y) в€€ Er .
If p3r |s, then the exact power of p dividing the denominator of y is p3k ,
with k в‰Ґ r. Part (2) of the theorem implies that the exact power of p dividing
t = x/y is pk . Since k в‰Ґ r, we have pr |t.

We now continue with the proof of Theorem 8.1. Let О»r be as in the
statement of the theorem. Note that

О»r (в€’(x, y)) = О»r (x, в€’y) = в€’pв€’r x/y = в€’О»r (x, y).

We now claim that if P1 + P2 + P3 = в€ћ then

О»r (P1 ) + О»r (P2 ) + О»r (P3 ) в‰Ў 0 (mod p4r ).

The proof will also show that if P1 , P2 в€€ Er , then P3 в€€ Er (hence Er is a
subgroup). Therefore,

О»r (P1 + P2 ) = О»r (в€’P3 ) = в€’О»r (P3 ) = О»r (P1 ) + О»r (P2 ),

so О»r is a homomorphism.
Recall that three points add to в€ћ if and only if they are collinear (Exercise
2.6). To prove the claim, let P1 , P2 , P3 lie on the line

ax + by + d = 0

and assume that P1 , P2 в€€ Er . Dividing by y yields the s, t line

at + b + ds = 0.

Let Pi denote the point Pi written in terms of the s, t coordinates. In other
words, if
Pi = (xi , yi ),

В© 2008 by Taylor & Francis Group, LLC
202 CHAPTER 8 ELLIPTIC CURVES OVER Q

then
Pi = (si , ti )
with
si = 1/yi , ti = xi /yi .
The points P1 , P2 , P3 lie on the line at + b + ds = 0.
Since P1 , P2 в€€ Er , Lemma 8.3 implies that

p3r |si , pr |ti , for i = 1, 2.

As discussed in Section 2.4, at a п¬Ѓnite point (x, y), the order of intersection
of the line ax+by +d = 0 and the curve y 2 = x3 +Ax+B can be calculated by
using projective coordinates and considering the line aX + bY + dZ = 0 and
the curve ZY 2 = X 3 + AXZ 2 + BZ 3 . In this case, x = X/Z and y = Y /Z.
If we start with a line at + b + ds = 0 and the curve s = t3 + Ats2 + Bs3 ,
we can homogenize to get aT + bU + dS = 0 and SU 2 = T 3 + AT S 2 + BS 3 .
In this case, we have t = T /U and s = S/U . If we let Z = S, Y = U , X = T ,
we п¬Ѓnd that we are working with the same line and curve as above. A point
(x, y) corresponds to

t = T /U = X/Y = x/y and s = S/U = Z/Y = 1/y.

Since orders of intersection can be calculated using the projective models, it
follows that the order of intersection of the line ax + by + d = 0 with the curve
y 2 = x3 + Ax + B at (x, y) is the same as the order of intersection of the line
at + b + ds = 0 with the curve s = t3 + Ats2 + Bs3 at (s, t) = (1/y, x/y).
For example, the line and curve are tangent in the variables x, y if and only if
they are tangent in the variables t, s. This allows us to do the elliptic curve
group calculations using t, s instead of x, y.

LEMMA 8.4
A line t = c, where c в€€ Q is a constant with c в‰Ў 0 (mod p), intersects the
curve s = t3 + As2 t + Bs3 in at most one point (s, t) with s в‰Ў 0 (mod p).
This line is not tangent at such a point of intersection.

PROOF Suppose we have two values of s, call them s1 , s2 with s1 в‰Ў s2 в‰Ў 0
(mod p). Suppose s1 в‰Ў s2 (mod pk ) for some k в‰Ґ 1. Write si = psi . Then
2 2 2 2
s1 в‰Ў s2 (mod pkв€’1 ), so s1 в‰Ў s2 (mod pkв€’1 ), so s2 = p2 s1 в‰Ў p2 s2 = s2
1 2
(mod pk+1 ). Similarly, s3 в‰Ў s3 (mod pk+2 ). Therefore,
1 2

s1 = c3 + Acs2 + Bs3 в‰Ў c3 + Acs2 + Bs3 = s2 (mod pk+1 ).
1 1 2 2

By induction, we have s1 в‰Ў s2 (mod pk ) for all k. It follows that s1 = s2 , so
there is at most one point of intersection with s в‰Ў 0 (mod p).

В© 2008 by Taylor & Francis Group, LLC
203
SECTION 8.1 THE TORSION SUBGROUP. THE LUTZ-NAGELL THEOREM

The slope of the tangent line to the curve can be found by implicit diп¬Ђer-
entiation:
ds ds ds
= 3t2 + As2 + 2Ast + 3Bs2 ,
dt dt dt
so
3t2 + As2
ds
= .
1 в€’ 2Ast в€’ 3Bs2
dt
If the line t = c is tangent to the curve at (s, t), then 1 в€’ 2Ast в€’ 3Bs2 = 0.
But s в‰Ў t в‰Ў 0 (mod p) implies that

1 в€’ 2Ast в€’ 3Bs2 в‰Ў 1 в‰Ў 0 (mod p).

Therefore, t = c is not tangent to the curve.

If d = 0, then our line is of the form in the lemma. But it passes through
the points P1 and P2 , so we must have P1 = P2 , and the line is tangent to the
curve. Changing back to x, y coordinates, we obtain P1 = P2 . The deп¬Ѓnition
of the group law says that since the points P1 and P2 are equal, the line
ax + by + d = 0 is tangent at (x, y). As pointed out above, this means that
at + b + ds = 0 is tangent at (s, t). The lemma says that this cannot happen.
Therefore, d = 0.
Dividing by d, we obtain
s = О±t + ОІ
for some О±, ОІ в€€ Q. Then P1 , P2 , P3 lie on the line s = О±t + ОІ.

LEMMA 8.5

t2 + t1 t2 + t2 + As2
2 1 2
2 + s s + s2 ) .
О±=
1 в€’ A(s1 + s2 )t1 в€’ B(s2 12 1

If t1 = t2 , then О± = (s2 в€’s1 )/(t2 в€’t1 ). Since si = t3 +As2 ti +Bs3 ,
PROOF i i i
we have

(s2 в€’ s1 ) 1 в€’ A(s1 + s2 )t1 в€’ B(s2 + s1 s2 + s2 )
2 1
= (s2 в€’ s1 ) в€’ A(s2 в€’ s2 )t1 в€’ B(s3 в€’ s3 )
2 1 2 1
= (s2 в€’ As2 t2 в€’ Bs2 ) в€’ (s1 в€’ As1 t1 в€’ Bs3 ) + As2 (t2 в€’ t1 )
2 3 2
1 2
= t3 в€’ t3 + As2 (t2 в€’ t1 )
2 1 2
= (t2 в€’ t1 )(t2 + t1 t2 + t2 + As2 ).
2
1 2

This proves that (s2 в€’ s1 )/(t2 в€’ t1 ) equals the expression in the lemma.
Now suppose that t1 = t2 . Since a line t = c with c в‰Ў 0 (mod p) intersects
the curve s = t3 + As2 t + Bs3 in only one point with s в‰Ў 0 (mod p) by
Lemma 8.4, the points (s1 , t1 ) and (s2 , t2 ) must be equal. The line s = О±t + ОІ

В© 2008 by Taylor & Francis Group, LLC
204 CHAPTER 8 ELLIPTIC CURVES OVER Q

is therefore the tangent line at this point, and the slope is computed by implicit
diп¬Ђerentiation of s = t3 + Ats2 + Bs3 :
ds ds ds
= 3t2 + As2 + 2Ast + 3Bs2 .
dt dt dt
Solving for ds/dt yields the expression in the statement of the lemma when
t1 = t2 = t and s1 = s2 = s.

Since s1 в‰Ў s2 в‰Ў 0 (mod p), we п¬Ѓnd that the denominator

1 в€’ A(s1 + s2 )t1 в€’ B(s2 + s1 s2 + s2 ) в‰Ў 1 (mod p).
2 1

Since pr |ti , we have

t2 + t1 t2 + t2 + As2 в‰Ў 0 (mod p2r ).
2 1 2

Therefore, О± в‰Ў 0 (mod p2r ). Since p3r |si , we have

(mod p3r ).
ОІ = si в€’ О±ti в‰Ў 0

The point P3 is the third point of intersection of the line s = О±t + ОІ with
s = t3 + As2 t + Bs3 . Therefore, we need to solve for t:

О±t + ОІ = t3 + A(О±t + ОІ)2 t + B(О±t + ОІ)3 .

This can be rearranged to obtain
2AО±ОІ + 3BО±2 ОІ 2
0 = t3 + t + В·В·В· .
1 + BО±3 + AО±2
The sum of the three roots is the negative of the coeп¬ѓcient of t2 , so
2AО±ОІ + 3BО±2 ОІ
t 1 + t2 + t3 = в€’
1 + BО±3 + AО±2
в‰Ў 0 (mod p5r ).

The last congruence holds because p2r |О± and p3r |ОІ. Since t1 в‰Ў t2 в‰Ў 0
(mod pr ), we have t3 в‰Ў 0 (mod pr ). Therefore, s3 = О±t3 + ОІ в‰Ў 0 (mod p3r ).
By Lemma 8.3, P3 в€€ Er . Moreover,

О»r (P1 ) + О»r (P2 ) + О»r (P3 ) в‰Ў pв€’r (t1 + t2 + t3 ) в‰Ў 0 (mod p4r ).

Therefore, О»r is a homomorphism. This completes the proof of Theorem 8.1.

COROLLARY 8.6
Let the notations be as in Theorem 8.1. If n > 1 and n is not a power of p,
then E1 contains no points of exact order n. (See also Theorem 8.9.)

В© 2008 by Taylor & Francis Group, LLC
205
SECTION 8.1 THE TORSION SUBGROUP. THE LUTZ-NAGELL THEOREM

PROOF Suppose P в€€ E1 has order n. Since n is not a power of p, we
may multiply P by the largest power of p dividing n and obtain a point, not
equal to в€ћ, of order prime to p. Therefore, we may assume that P has order
n with p n. Let r be the largest integer such that P в€€ Er . Then

(mod p4r ).
nО»r (P ) = О»r (nP ) = О»r (в€ћ) в‰Ў 0

Since p n, we have О»r (P ) в‰Ў 0 (mod p4r ), so P в€€ E5r . Since 5r > r, this
contradicts the choice of r. Therefore, P does not exist.

The following theorem was proved independently by Lutz and Nagell in the
1930s. Quite often it allows a quick determination of the torsion points on an
elliptic curve over Q. See Section 9.6 for another method.

THEOREM 8.7 (Lutz-Nagell)
Let E be given by y 2 = x3 + Ax + B with A, B в€€ Z. Let P = (x, y) в€€ E(Q).
Suppose P has п¬Ѓnite order. Then x, y в€€ Z. If y = 0 then

y 2 |4A3 + 27B 2 .

PROOF Suppose x or y is not in Z. Then there is some prime p dividing
the denominator of one of them. By part (2) of Theorem 8.1, P в€€ Er for
some r в‰Ґ 1. Let be a prime dividing the order n of P . Then Q = (n/ )P
has order . By Corollary 8.6, = p. Choose j such that Q в€€ Ej , Q в€€ Ej+1 .
Then О»j (Q) в‰Ў 0 (mod p), and

pО»j (Q) = О»j (pQ) в‰Ў 0 (mod p4j ).

Therefore,
О»j (Q) в‰Ў 0 (mod p4jв€’1 ).
This contradicts the fact that О»j (Q) в‰Ў 0 (mod p). It follows that x, y в€€ Z.
Assume y = 0. Then 2P = (x2 , y2 ) = в€ћ. Since 2P has п¬Ѓnite order,
x2 , y2 в€€ Z. By Theorem 3.6,

x4 в€’ 2Ax2 в€’ 8Bx + A2
x2 = .
4y 2
Since x2 в€€ Z, this implies that

y 2 |x4 в€’ 2Ax2 в€’ 8Bx + A2 .

A straightforward calculation shows that

(3x2 + 4A)(x4 в€’ 2Ax2 в€’ 8Bx + A2 ) в€’ (3x3 в€’ 5Ax в€’ 27B)(x3 + Ax + B)
= 4A3 + 27B 2 .

В© 2008 by Taylor & Francis Group, LLC
206 CHAPTER 8 ELLIPTIC CURVES OVER Q

Since y 2 = x3 + Ax + B, we see that y 2 divides both terms on the left.
Therefore, y 2 |4A3 + 27B 2 .

COROLLARY 8.8
Let E be an elliptic curve over Q. Then the torsion subgroup of E(Q) is
п¬Ѓnite.

PROOF A suitable change of variables puts the equation for E into Weier-
strass form with integer coeп¬ѓcients. Theorem 8.7 now shows that there are
only п¬Ѓnitely many possibilities for the torsion points.

Example 8.1
Let E be given by y 2 = x3 + 4. Then 4A3 + 27B 2 = 432. Let P = (x, y) be a
point of п¬Ѓnite order in E(Q). Since 0 = x3 + 4 has no rational solutions, we
have y = 0. Therefore, y 2 |432, so

y = В±1, В±2, В±3, В±4, В±6, В±12.

Only y = В±2 yields a rational value of x, so the only possible torsion points are
(0, 2) and (0, в€’2). A quick calculation shows that 3(0, В±2) = в€ћ. Therefore,
the torsion subgroup of E(Q) is cyclic of order 3.

Example 8.2
Let E be given by y 2 = x3 + 8. Then 4A3 + 27B 2 = 1728. If y = 0, then
x = в€’2. The point (в€’2, 0) has order 2. If y = 0, then y 2 |1728, which means
that y|24. Trying the various possibilities, we п¬Ѓnd the points (1, В±3) and
(2, В±4). However,

2(1, 3) = (в€’7/4, в€’13/8) and 2(2, 4) = (в€’7/4, 13/8).

Since these points do not have integer coordinates, they cannot have п¬Ѓnite
order. Therefore, (1, 3) and (2, 4) cannot have п¬Ѓnite order. It follows that the
torsion subgroup of E(Q) is {в€ћ, (в€’2, 0)}. (Remark: The fact that 2(1, 3) =
в€’2(2, 4) leads us to suspect, and easily verify, that (1, 3) + (2, 4) = (в€’2, 0).)

Suppose we use the Lutz-Nagell theorem and obtain a possible torsion point
P . How do we decide whether or not itвЂ™s a torsion point? In the previous
example, we multiplied P by an integer and obtained a nontorsion point.
Therefore, P was not a torsion point. In general, the Lutz-Nagell theorem
explicitly gives a п¬Ѓnite list of possibilities for torsion points. If P is a torsion
point, then, for every n, the point nP must either be в€ћ or be on that list.
Since there are only п¬Ѓnitely many points on the list, either weвЂ™ll have nP = mP
for some m = n, in which case P is torsion and (n в€’ m)P = в€ћ, or some

В© 2008 by Taylor & Francis Group, LLC
207
SECTION 8.1 THE TORSION SUBGROUP. THE LUTZ-NAGELL THEOREM

multiple nP is not on the list and P is not torsion. Alternatively, we can use
MazurвЂ™s theorem (Theorem 8.11 below), which says that the order of a torsion
point in E(Q) is at most 12. Therefore, if nP = в€ћ for all n в‰¤ 12, then P is
not torsion. Consequently, it is usually not hard to check each possibility in
the Lutz-Nagell theorem and see which ones yield torsion points. However,
sometimes the discriminant is hard to factor, and sometimes it contains many
factors. In this case, another algorithm can be used. See Section 9.6.
Another technique that helps us determine the torsion subgroup involves
reduction mod primes. The main result needed is the following.

THEOREM 8.9
Let E be an elliptic curve given by y 2 = x3 + Ax + B with A, B в€€ Z. Let p
be an odd prime and assume p 4A3 + 27B 2 . Let

ПЃp : E(Q) в†’ E(Fp )

be the reduction mod p map. If P в€€ E(Q) has п¬Ѓnite order and ПЃp (P ) = в€ћ,
then P = в€ћ.

REMARK 8.10 In general, reduction mod a prime ideal containing p is
injective on the prime-to-p torsion in E(Q). This is similar to the situation
in algebraic number theory, where reduction mod a prime ideal containing p
is injective on roots of unity of order prime to p (see ).

PROOF By Theorem 8.7, all of the torsion points (other than в€ћ) have
integral coordinates, so they reduce to well-deп¬Ѓned п¬Ѓnite points mod p. In
particular, в€ћ is the only point that reduces to в€ћ.

Example 8.3
LetвЂ™s use Theorem 8.9 to п¬Ѓnd the torsion on y 2 = x3 + 8. We have 4A3 +
27B 2 = 1728 = 26 В· 33 , so we cannot use the primes 2, 3. The reduction
mod 5 has 6 points, so Theorem 8.9 implies that the torsion in E(Q) has
order dividing 6. The reduction mod 7 has 12 points, so the torsion has order
dividing 12, which gives no new information. The reduction mod 11 has 12
points, so we again get no new information. However, the reduction mod 13
has 16 points, so the torsion in E(Q) has order dividing 16. It follows that
the torsion group has order dividing 2. Since (в€’2, 0) is a point of order 2, the
torsion has order exactly 2. This is of course the same result that we obtained
earlier using the Lutz-Nagell theorem.

Example 8.4
In the preceding example, the Lutz-Nagell theorem was perhaps at least as
fast as Theorem 8.9 in determining the order of the torsion subgroup. This is

В© 2008 by Taylor & Francis Group, LLC
208 CHAPTER 8 ELLIPTIC CURVES OVER Q

not always the case. Let E be given by y 2 = x3 + 18x + 72. Then
4A3 + 27B 2 = 163296 = 25 В· 36 В· 7.
The Lutz-Nagell theorem would require us to check all y with y 2 |163296, which
amounts to checking all y|108 = 22 В· 33 . Instead, the reduction mod 5 has 5
points and the reduction mod 11 has 8 points. It follows that the torsion
subgroup of E(Q) is trivial.

Finally, we mention a deep result of Mazur, which we will not prove (see
).

THEOREM 8.11
Let E be an elliptic curve deп¬Ѓned over Q. Then the torsion subgroup of E(Q)
is one of the following:
Zn with 1 в‰¤ n в‰¤ 10 or n = 12,
Z2 вЉ• Z2n with 1 в‰¤ n в‰¤ 4.

REMARK 8.12 For each of the groups in the theorem, there are inп¬Ѓnitely
many elliptic curves E (with distinct j-invariants) having that group as the
torsion subgroup of E(Q). See Exercise 8.1 for examples of each possibility.

8.2 Descent and the Weak Mordell-Weil Theo-
rem
We start with an example that has its origins in the work of Fermat (see
Section 8.6).

Example 8.5
LetвЂ™s look at rational points on the curve E given by
y 2 = x(x в€’ 2)(x + 2).
If y = 0, we have x = 0, В±2. Therefore, assume y = 0. Since the product of
x, x в€’ 2, and x + 2 is a square, intuition suggests that each of these factors
should, in some sense, be close to being a square. Write
x = au2
x в€’ 2 = bv 2
x + 2 = cw2

В© 2008 by Taylor & Francis Group, LLC
209
SECTION 8.2 DESCENT AND THE WEAK MORDELL-WEIL THEOREM

with rational numbers a, b, c, u, v, w. Then y 2 = abc(uvw)2 , so

abc is a square.

By adjusting u, v, w, we may assume that a, b, c are squarefree integers. In
fact, we claim that
a, b, c в€€ {В±1, В±2}.
Suppose that p is an odd prime dividing a. Since a is squarefree, p2 a, so
the exact power pk dividing x = au2 has k odd. If k < 0, then pk is the
exact power of p in the denominator of x В± 2, so p3k is the power of p in the
denominator of y 2 = x(x в€’ 2)(x + 2). Since 3k is odd and y 2 is a square, this
is impossible. If k > 0 then x в‰Ў 0 (mod p), so x В± 2 в‰Ў 0 (mod p). Therefore,
pk is the power of p dividing y 2 . Since k is odd, this is impossible. Therefore,
p a. Similarly, no odd prime divides b or c. Therefore, each of a, b, c is, up
to sign, a power of 2. Since they are squarefree, this proves the claim.
The procedure we are following is called descent, or, more precisely, a
2-descent. Suppose x is a rational number with at most N digits in its
numerator and denominator. Then u, v, w should have at most N/2 digits
(approximately) in their numerators and denominators. Therefore, if we are
searching for points (x, y), we can instead search for smaller numbers u, v, w.
This method was developed by Fermat. See Section 8.6.
We have four choices for a and four choices for b. Since a and b together
determine c (because abc is a square), there are 16 possible combinations for
a, b, c. We can eliminate some of them quickly. Since x(xв€’1)(x+2) = y 2 > 0,
we have cw2 = x + 2 > 0, so c > 0. Since abc > 0, it follows that a and b
must have the same sign. We are now down to 8 possible combinations.
LetвЂ™s consider (a, b, c) = (1, 2, 2). We have

x = u2 , x в€’ 2 = 2v 2 , x + 2 = 2w2

with rational numbers u, v, w. Therefore,

u2 в€’ 2v 2 = 2, u2 в€’ 2w2 = в€’2.

If v has 2 in its denominator, then 2v 2 has an odd power of 2 in its denomi-
nator. But u2 has an even power of 2 in its denominator, so u2 в€’ 2v 2 cannot
be an integer. This contradiction shows that v and u have odd denominators.
Therefore, we may consider u, v mod powers of 2. Since 2|u2 , we have 2|u,
hence 4|u2 . Therefore, в€’2v 2 в‰Ў 2 (mod 4), which implies that 2 v. Similarly,
в€’2w2 в‰Ў в€’2 (mod 4), so 2 w. It follows that v 2 в‰Ў w2 в‰Ў 1 (mod 8), so

2 в‰Ў u2 в€’ 2v 2 в‰Ў u2 в€’ 2 в‰Ў u2 в€’ 2w2 в‰Ў в€’2 (mod 8),

which is a contradiction. It follows that (a, b, c) = (1, 2, 2) is impossible.
Similar considerations eliminate the combinations (в€’1, в€’1, 1), (2, 1, 2), and

В© 2008 by Taylor & Francis Group, LLC
210 CHAPTER 8 ELLIPTIC CURVES OVER Q

(в€’2, в€’2, 1) for (a, b, c) (later, weвЂ™ll see a faster way to eliminate them). Only
the combinations

(a, b, c) = (1, 1, 1), (в€’1, в€’2, 2), (2, 2, 1), (в€’2, в€’1, 2)

remain. As weвЂ™ll see below, these four combinations correspond to the four

в€ћ, (0, 0), (2, 0), (в€’2, 0)

(this requires some explanation, which will be given later). As weвЂ™ll see later,
the fact that we eliminated all combinations except those coming from known
points implies that we have found all points, except possibly points of odd
order, on the curve. The Lutz-Nagell theorem, or reduction mod 5 and 7
(see Theorem 8.9), shows that there are no nontrivial points of odd order.
Therefore, we have found all rational points on E:

E(Q) = {в€ћ, (0, 0), (2, 0), (в€’2, 0)}.

The calculations of the example generalize to elliptic curves E of the form

y 2 = (x в€’ e1 )(x в€’ e2 )(x в€’ e3 )

with e1 , e2 , e3 в€€ Z and ei = ej when i = j. In fact, they extend to even more
general situations. If ei в€€ Q but ei в€€ Z, then a change of variables transforms
the equation to one with ei в€€ Z, so this situation gives nothing new. However,
if ei в€€ Q, the method still applies. In order to keep the discussion elementary,
weвЂ™ll not consider this case, though weвЂ™ll say a few things about it later.
Assuming that x, y в€€ Q, write

x в€’ e1 = au2
x в€’ e2 = bv 2
x в€’ e3 = cw2

with rational numbers a, b, c, u, v, w. Then y 2 = abc(uvw)2 , so

abc is a square.

By adjusting u, v, w, we may assume that a, b, c are squarefree integers.

PROPOSITION 8.13
Let
S = {p | p is prime and p|(e1 в€’ e2 )(e1 в€’ e3 )(e2 в€’ e3 )}.
If p is a prime and p|abc, then p в€€ S.

В© 2008 by Taylor & Francis Group, LLC
211
SECTION 8.2 DESCENT AND THE WEAK MORDELL-WEIL THEOREM

PROOF Suppose p|a. Then pk , with k odd, is the exact power of p dividing
x в€’ e1 . If k < 0, then pk is the power of p in the denominator of x в€’ e2 and
x в€’ e3 . Therefore, p3k is the power of p in the denominator of y 2 , which is
impossible. Therefore k > 0. This means that x в‰Ў e1 (mod p). Also, x has
no p in its denominator, so the same is true of bv 2 = x в€’ e2 and cw2 = x в€’ e3 .
Moreover, bv 2 в‰Ў e1 в€’ e2 and cw2 в‰Ў e1 в€’ e3 (mod p). If p в€€ S, then the power
of p in
y 2 = (au2 )(bv 2 )(cw2 )
is pk p0 p0 = pk . Since k is odd, this is impossible. Therefore, p в€€ S.

Since S is a п¬Ѓnite set, there are only п¬Ѓnitely many combinations (a, b, c)
that are possible. The following theorem shows that the set of combinations
that actually come from points (x, y) has a group structure modulo squares.
2
Let QГ— /QГ— denote the group of rational numbers modulo squares. This
means that we regard two nonzero rational numbers x1 , x2 as equivalent if the
2
ratio x1 /x2 is the square of a rational number. Every element of QГ— /QГ—
can be represented by В±1 times a (possibly empty) product of distinct primes.
Note that if x в€’ e1 = au2 , then x в€’ e1 is equivalent to a mod squares. There-
fore, the map П† in the following theorem maps a point (x, y) в€€ E to the
corresponding triple (a, b, c).

THEOREM 8.14
Let E be given by y 2 = (x в€’ e1 )(x в€’ e2 )(x в€’ e3 ) with e1 , e2 , e3 в€€ Z. The map
2 2 2
П† : E(Q) в†’ (QГ— /QГ— ) вЉ• (QГ— /QГ— ) вЉ• (QГ— /QГ— )
deп¬Ѓned by
(x, y) в†’ (x в€’ e1 , x в€’ e2 , x в€’ e3 ) when y = 0
в€ћ в†’ (1, 1, 1)
(e1 , 0) в†’ ((e1 в€’ e2 )(e1 в€’ e3 ), e1 в€’ e2 , e1 в€’ e3 )
(e2 , 0) в†’ (e2 в€’ e1 , (e2 в€’ e1 )(e2 в€’ e3 ), e2 в€’ e3 )
(e3 , 0) в†’ (e3 в€’ e1 , e3 в€’ e2 , (e3 в€’ e1 )(e3 в€’ e2 ))
is a homomorphism. The kernel of П† is 2E(Q).

PROOF First, we show that П† is a homomorphism. Suppose Pi = (xi , yi ),
i = 1, 2, 3, are points lying on the line y = ax + b. Assume for the moment
that yi = 0. The polynomial
(x в€’ e1 )(x в€’ e2 )(x в€’ e3 ) в€’ (ax + b)2
has leading coeп¬ѓcient 1 and has roots x1 , x2 , x3 (with the correct multiplici-
ties). Therefore,
(x в€’ e1 )(x в€’ e2 )(x в€’ e3 ) в€’ (ax + b)2 = (x в€’ x1 )(x в€’ x2 )(x в€’ x3 ).

В© 2008 by Taylor & Francis Group, LLC
212 CHAPTER 8 ELLIPTIC CURVES OVER Q

Evaluating at ei yields
2
(x1 в€’ ei )(x2 в€’ ei )(x3 в€’ ei ) = (aei + b)2 в€€ QГ— .

Since this is true for each i,
2 2 2
П†(P1 )П†(P2 )П†(P3 ) = 1 в€€ QГ— /QГ— вЉ• QГ— /QГ— вЉ• QГ— /QГ—

(that is, the product is a square, hence is equivalent to 1 mod squares). Since
any number z is congruent to its multiplicative inverse mod squares (that is,
z equals 1/z times a square),

П†(P3 )в€’1 = П†(P3 ) = П†(в€’P3 ).

Therefore,
П†(P1 )П†(P2 ) = П†(в€’P3 ) = П†(P1 + P2 ).

To show that П† is a homomorphism, it remains to check what happens when
one or both of P1 , P2 is a point of order 1 or 2. The case where a point Pi is of
order 1 (that is, Pi = в€ћ) is trivial. If both P1 and P2 have order 2, a case by
case check shows that П†(P1 + P2 ) = П†(P1 )П†(P2 ). Finally, suppose that P1 has
order 2 and P2 has y2 = 0. LetвЂ™s assume P1 = (e1 , 0). The other possibilities
are similar. Since the values of П† are triples, let П†1 , П†2 , П†3 denote the three
components of П† (so П† = (П†1 , П†2 , П†3 )). The proof given above shows that

П†i (P1 )П†i (P2 ) = П†i (P1 + P2 )

for i = 2, 3. So it remains to consider П†1 .
By inspection, П†1 (P )П†2 (P )П†3 (P ) = 1 for all P . Since П†i (P1 )П†i (P2 ) =
П†i (P1 + P2 ) for i = 2, 3, the relation holds for i = 1, too. Therefore, П† is a
homomorphism.
Putting everything together, we see that П† is a homomorphism.
To prove the second half of the theorem, we need to show that if x в€’ ei is
a square for all i, then (x, y) = 2P for some point P в€€ E(Q). Let
2
x в€’ ei = vi , i = 1, 2, 3.

For simplicity, weвЂ™ll assume that e1 + e2 + e3 = 0, which means that the
equation for our elliptic curve has the form y 2 = x3 +Ax+B. (If e1 +e2 +e3 =
0, the coeп¬ѓcient of x2 is nonzero. A simple change of variables yields the
present case.) Let
f (T ) = u0 + u1 T + u2 T 2

satisfy
f (ei ) = vi , i = 1, 2, 3.

В© 2008 by Taylor & Francis Group, LLC
213
SECTION 8.2 DESCENT AND THE WEAK MORDELL-WEIL THEOREM

Such an f exists since there is a unique quadratic polynomial whose graph
passes through any three points that have distinct x-coordinates. In fact
1
(T в€’ e2 )(T в€’ e3 )
f (T ) = v1
(e1 в€’ e2 )(e1 в€’ e3 )
1
(T в€’ e1 )(T в€’ e3 )
+ v2
(e2 в€’ e1 )(e2 в€’ e3 )
1
(T в€’ e1 )(T в€’ e2 ).
+ v3
(e3 в€’ e1 )(e3 в€’ e2 )

Let g(T ) = x в€’ T в€’ f (T )2 . Then g(ei ) = 0 for all i, so

T 3 + AT + B = (T в€’ e1 )(T в€’ e2 )(T в€’ e3 ) divides g(T ).

Therefore, g(T ) в‰Ў 0 (mod T 3 + AT + B), so

x в€’ T в‰Ў (u0 + u1 T + u2 T 2 )2 (mod T 3 + AT + B).

(We say that two polynomials P1 , P2 are congruent mod P3 if P1 в€’ P2 is a
multiple of P3 .) This congruence for x в€’ T can be thought of as a way of
simultaneously capturing the information that x в€’ ei is a square for all i.
Mod T 3 + AT + B, we have

T 3 в‰Ў в€’AT в€’ B, T 4 в‰Ў T В· T 3 в‰Ў в€’AT 2 в€’ BT.

Therefore,

x в€’ T в‰Ў (u0 + u1 T + u2 T 2 )2
в‰Ў u2 + 2u0 u1 T + (u2 + 2u0 u2 )T 2 + 2u1 u2 T 3 + u2 T 4
0 1 2
в‰Ў (u2 в€’ 2Bu1 u2 ) + (2u0 u1 в€’ 2Au1 u2 в€’ Bu2 )T
0 2
2 2 2
+(u1 + 2u0 u2 в€’ Au2 )T .

If two polynomials P1 and P2 of degree at most two are congruent mod a
polynomial of degree three, then their diп¬Ђerence P1 в€’ P2 is a polynomial of
degree at most two that is divisible by a polynomial of degree three. This can
only happen if P1 = P2 . In our case, this means that

x = u2 в€’ 2Bu1 u2 (8.1)
0
в€’1 = 2u0 u1 в€’ 2Au1 u2 в€’ Bu2 (8.2)
2
0 = u2 + 2u0 u2 в€’ Au2 . (8.3)
1 2

If u2 = 0 then (8.3) implies that also u1 = 0. Then f (T ) is constant, so
v1 = v2 = v3 . This means that e1 = e2 = e3 , contradiction. Therefore,
u2 = 0. Multiply (8.3) by u1 /u3 and multiply (8.2) by 1/u2 , then subtract to
2 2
obtain
2 3
1 u1 u1
= +A + B.
u2 u2 u2

В© 2008 by Taylor & Francis Group, LLC
214 CHAPTER 8 ELLIPTIC CURVES OVER Q

Let
u1 1
x1 = , y1 = ,
u2 u2
so (x1 , y1 ) в€€ E(Q). We claim that 2(x1 , y1 ) = В±(x, y).
Equation 8.3 implies that
Au2 в€’ u2 A в€’ x2
2 1 1
u0 = = .
2u2 2y1
Substituting this into (8.1) yields

x4 в€’ 2Ax2 в€’ 8Bx1 + A2
x= 1 1
.
2
4y1
This is the x-coordinate of 2(x1 , y1 ) (see Theorem 3.6). The y-coordinate is
determined up to sign by the x-coordinate, so 2(x1 , y1 ) = (x, В±y) = В±(x, y).
It follows that (x, y) = 2(x1 , y1 ) or 2(x1 , в€’y1 ). In particular, (x, y) в€€ 2E(Q).

Example 8.6
We continue with Example 8.5. For the curve y 2 = x(x в€’ 2)(x + 2), we have

П†(0, 0) = (в€’1, в€’2, 2),
П†(в€ћ) = (1, 1, 1),
П†(в€’2, 0) = (в€’2, в€’1, 2)
П†(2, 0) = (2, 2, 1),

(we used the fact that 4 and 1 are equivalent mod squares to replace 4 by 1).
We eliminated the triple (a, b, c) = (1, 2, 2) by working mod powers of 2. We
now show how to eliminate (в€’1, в€’1, 1), (2, 1, 2), (в€’2, в€’2, 1). Suppose there is
a point P with П†(P ) = (в€’1, в€’1, 1). Then

П†(P + (0, 0)) = П†(P )П†(0, 0) = (в€’1, в€’1, 1)(в€’1, в€’2, 2) = (1, 2, 2).

But we showed that (1, 2, 2) does not come from a point in E(Q). Therefore,
P does not exist. The two other triples are eliminated similarly.

Theorem 8.14 has a very important corollary.

THEOREM 8.15 (Weak Mordell-Weil Theorem)
Let E be an elliptic curve deп¬Ѓned over Q. Then

E(Q)/2E(Q)

is п¬Ѓnite.

PROOF We give the proof in the case that e1 , e2 , e3 в€€ Q. As remarked
earlier, we may assume that e1 , e2 , e3 в€€ Z. The map П† in Theorem 8.14 gives

В© 2008 by Taylor & Francis Group, LLC
215
SECTION 8.3 HEIGHTS AND THE MORDELL-WEIL THEOREM

an injection
2 2 2
E(Q)/2E(Q) в†’ (QГ— /QГ— ) вЉ• (QГ— /QГ— ) вЉ• (QГ— /QГ— ).

Proposition 8.13 says that if (a, b, c) (where a, b, c are chosen to be squarefree
integers) is in the image of П†, then a, b, c are products of primes in the set S
of Proposition 8.13. Since S is п¬Ѓnite, there are only п¬Ѓnitely many such a, b, c
mod squares. Therefore, the image of П† is п¬Ѓnite. This proves the theorem.

REMARK 8.16 (for those who know some algebraic number theory) Let
K/Q be a п¬Ѓnite extension. The theorem can be extended to say that if E
is an elliptic curve over K then E(K)/2E(K) is п¬Ѓnite. If we assume that
x3 + Ax + B = (x в€’ e1 )(x в€’ e2 )(x в€’ e3 ) with all ei в€€ K, then the proof is the
same except that the image of П† is contained in
2 2 2
(K Г— /K Г— ) вЉ• (K Г— /K Г— ) вЉ• (K Г— /K Г— ).

Let OK be the ring of algebraic integers of K. To make things simpler, we
invert some elements in order to obtain a unique factorization domain. Take
a nonzero element from an integral ideal in each ideal class of OK and let M
be the multiplicative subset generated by these elements. Then M в€’1 OK is a
principal ideal domain, hence a unique factorization domain. The analogue of
Proposition 8.13 says that the primes of M в€’1 OK dividing a, b, c also divide
(e1 в€’ e2 )(e1 в€’ e3 )(e2 в€’ e3 ). Let S вЉ‚ M в€’1 OK be the set of prime divisors of
(e1 в€’ e2 )(e1 в€’ e3 )(e2 в€’ e3 ). Then the image of П† is contained in the group
generated by S and the units of M в€’1 OK . Since the class number of K is
п¬Ѓnite, M is п¬Ѓnitely generated. A generalization of the Dirichlet unit theorem
(often called the S-unit theorem) says that the units of M в€’1 OK are a п¬Ѓnitely
generated group. Therefore, the image of П† is a п¬Ѓnitely generated abelian
group of exponent 2, hence is п¬Ѓnite. This proves that E(K)/2E(K) is п¬Ѓnite.

8.3 Heights and the Mordell-Weil Theorem
The purpose of this section is to change the weak Mordell-Weil theorem
into the Mordell-Weil theorem. This result was proved by Mordell in 1922 for
elliptic curves deп¬Ѓned over Q. It was greatly generalized in 1928 by Weil in
his thesis, where he proved the result not only for elliptic curves over number
п¬Ѓelds (that is, п¬Ѓnite extensions of Q) but also for abelian varieties (higher-
dimensional analogues of elliptic curves).

В© 2008 by Taylor & Francis Group, LLC
216 CHAPTER 8 ELLIPTIC CURVES OVER Q

THEOREM 8.17 (Mordell-Weil)
Let E be an elliptic curve deп¬Ѓned over Q. Then E(Q) is a п¬Ѓnitely generated
abelian group.

The theorem says that there is a п¬Ѓnite set of points on E from which all
other points can be obtained by repeatedly drawing tangent lines and lines
through points, as in the deп¬Ѓnition of the group law. The proof will be given
below. Since we proved the weak Mordell-Weil theorem only in the case that
E вЉ† E(Q), we obtain the theorem only for this case. However, the weak
Mordell-Weil theorem is true in general, and the proof of the passage from
the weak result to the strong result holds in general.
From the weak Mordell-Weil theorem, we know that E(Q)/2E(Q) is п¬Ѓ-
nite. This alone is not enough to deduce the stronger result. For example,
R/2R = 0, hence is п¬Ѓnite, even though R is not п¬Ѓnitely generated. In our
case, suppose we have points R1 , . . . , Rn representing the п¬Ѓnitely many cosets
in E(Q)/2E(Q). Let P в€€ E(Q) be an arbitrary point. We can write

P = Ri + 2P1

for some i and some point P1 . Then we write

P1 = Rj + 2P2 ,

etc. If we can prove the process stops, then we can put things back together
and obtain the theorem. The theory of heights will show that the points
P1 , P2 , . . . are getting smaller, in some sense, so the process will eventually
yield a point Pk that lies in some п¬Ѓnite set of small points. These points, along
with the Ri , yield the generators of E(Q). We make these ideas more precise
after Theorem 8.18 below. Note that sometimes the points Ri by themselves
do not suп¬ѓce to generate E(Q). See Exercise 8.7.
Let a/b be a rational number, where a, b are integers with gcd(a, b) = 1.
Deп¬Ѓne
H(a/b) = Max(|a|, |b|)
and
h(a/b) = log H(a/b).
The function h is called the (logarithmic) height function. It is closely
related to the number of digits required to write the rational number a/b.
Note that, given a constant c, there are only п¬Ѓnitely many rational numbers
x with h(x) в‰¤ c.
Now let E be an elliptic curve over Q and let (x, y) в€€ E(Q). Deп¬Ѓne

h(x, y) = h(x), h(в€ћ) = 0, H(x, y) = H(x), H(в€ћ) = 1.

It might seem strange using only the x-coordinate. Instead, we could use
the y-coordinate. Since the square of the denominator of the y-coordinate is

В© 2008 by Taylor & Francis Group, LLC
217
SECTION 8.3 HEIGHTS AND THE MORDELL-WEIL THEOREM

the cube of the denominator of the x-coordinate (when the coeп¬ѓcients A, B
of E are integers), it can be shown that this would change the function h
approximately by a factor of 3/2. This would cause no substantial change in
Л†
the theory. In fact, the canonical height h, which will be introduced shortly,
1
is deп¬Ѓned using a limit of values of 2 h. It could also be deп¬Ѓned as a limit of
values of 1/3 of the height of the y-coordinate. These yield the same canonical
height function. See [109, Lemma 6.3]. The numbers 2 and 3 are the orders
of the poles of the functions x and y on E (see Section 11.1).
Л†
It is convenient to replace h with a function h that has slightly better
Л†
properties. The function h is called the canonical height.

THEOREM 8.18
Let E be an elliptic curve deп¬Ѓned over Q. There is a function
Л†
h : E(Q) в†’ Rв‰Ґ0

with the following properties:
Л†
1. h(P ) в‰Ґ 0 for all P в€€ E(Q).

2. There is a constant c0 such that | 1 h(P ) в€’ h(P )| в‰¤ c0 for all P .
Л†
2

3. Given a constant c, there are only п¬Ѓnitely many points P в€€ E(Q) with
Л†
h(P ) в‰¤ c.

4. h(mP ) = m2 h(P ) for all integers m and all P .
Л† Л†

Л† Л† Л† Л†
5. h(P + Q) + h(P в€’ Q) = 2h(P ) + 2h(Q) for all P, Q.
Л†
6. h(P ) = 0 if and only if P is a torsion point.

Property (5) is often called the parallelogram law because if the origin
0 and vectors P, Q, P + Q (ordinary vector addition) are the vertices of a
parallelogram, then the sum of the squares of the lengths of the diagonals
equals the sum of the squares of the lengths of the four sides:

||P + Q||2 + ||P в€’ Q||2 = 2||P ||2 + 2||Q||2 .

The proof of Theorem 8.18 will occupy most of the rest of this section. First,
letвЂ™s use the theorem to deduce the Mordell-Weil theorem.
Proof of the Mordell-Weil theorem: Let R1 , . . . , Rn be representatives for
E(Q)/2E(Q). Let
Л†
c = Maxi {h(Ri )}
Л†
and let Q1 , . . . , Qm be the set of points with h(Qi ) в‰¤ c. This is a п¬Ѓnite set by
Theorem 8.18. Let G be the subgroup of E(Q) generated by

R1 , . . . , Rn , Q1 , . . . , Qm .

В© 2008 by Taylor & Francis Group, LLC
218 CHAPTER 8 ELLIPTIC CURVES OVER Q

We claim that G = E(Q). Suppose not. Let P в€€ E(Q) be an element not
in G. Since, for a point P , there are only п¬Ѓnitely many points of height less
than P , we may change P to one of these, if necessary, and assume P has the
smallest height among points not in G. We may write

P в€’ Ri = 2P1

for some i and some P1 . By Theorem 8.18,
Л† Л† Л†
4h(P1 ) = h(2P1 ) = h(P в€’ Ri )
Л† Л† Л†
= 2h(P ) + 2h(Ri ) в€’ h(P + Ri )
Л†
в‰¤ 2h(P ) + 2c + 0
Л† Л† Л†
< 2h(P ) + 2h(P ) = 4h(P )
Л†
(since c < h(P ), because P = Qj ). Therefore,
Л† Л†
h(P1 ) < h(P ).

Since P had the smallest height for points not in G, we must have P1 в€€ G.
Therefore,
P = Ri + 2P1 в€€ G.
This contradiction proves that E(Q) = G. This completes the proof of the
Mordell-Weil theorem.
It remains to prove Theorem 8.18. The key step is the following.

PROPOSITION 8.19
There exists a constant c1 such that

|h(P + Q) + h(P в€’ Q) в€’ 2h(P ) в€’ 2h(Q)| в‰¤ c1

for all P, Q в€€ E(Q).

The proof is rather technical, so we postpone it in order to complete the
proof of Theorem 8.18.
Proof of Theorem 8.18:
Proof of parts (1) and (2): Letting Q = P in Proposition 8.19, we obtain

|h(2P ) в€’ 4h(P )| в‰¤ c1 (8.4)

for all P . Deп¬Ѓne
1 1
lim n h(2n P ).
Л†
h(P ) =
2 nв†’в€ћ 4
We need to prove the limit exists. We have
в€ћ
1 1
lim n h(2n P ) = h(P ) + (h(2j P ) в€’ 4h(2jв€’1 P )). (8.5)
4j
nв†’в€ћ 4
j=1

В© 2008 by Taylor & Francis Group, LLC
219
SECTION 8.3 HEIGHTS AND THE MORDELL-WEIL THEOREM

By (8.4),
1 c1
(h(2j P ) в€’ 4h(2jв€’1 P )) в‰¤ j ,
4j 4
Л†
so the inп¬Ѓnite sum converges. Therefore, h(P ) exists. Since
в€ћ
c1 c1
=,
4j 3
j=1

we obtain |h(P )в€’ 1 h(P )| в‰¤ c1 /6. It is clear from the deп¬Ѓnitions that h(P ) в‰Ґ 0
Л† Л†
2
for all P .
Proof of part (3): If h(P ) в‰¤ c, then h(P ) в‰¤ 2c + c3 . There are only п¬Ѓnitely
Л† 1

many P satisfying this inequality.
Proof of part (5): We have
1 c1
|h(2n P + 2n Q) + h(2n P в€’ 2n Q) в€’ 2h(2n P ) в€’ 2h(2n Q)| в‰¤ n .
4n 4
Letting n в†’ в€ћ yields the result.
Proof of part (4): Since the height depends only on the x-coordinate,
Л† Л†
h(в€’P ) = h(P ). Therefore, we may assume m в‰Ґ 0. The cases m = 0, 1
are trivial. Letting Q = P in part (5) yields the case m = 2. Assume that we
know the result for m в€’ 1 and m. Then
Л† Л† Л† Л†
h((m + 1)P ) = в€’h((m в€’ 1)P ) + 2h(mP ) + 2h(P ) (by part (5))
= в€’(m в€’ 1)2 + 2m2 + 2 h(P )
Л†
= (m + 1)2 h(P ).
Л†

By induction, the result is true for all m.
Proof of part (6): If mP = в€ћ, then m2 h(P ) = h(mP ) = h(в€ћ) = 0, so
Л† Л† Л†
h(P ) = 0. Conversely, if h(P ) = 0, then h(mP ) = m2 h(P ) = 0 for all m.
Л† Л† Л† Л†
Since there are only п¬Ѓnitely many points of height 0, the set of multiples
of P is п¬Ѓnite. Therefore, P is a torsion point. This completes the proof of
Theorem 8.18.
Proof of Proposition 8.19. It remains to prove Proposition 8.19. It can be
restated as saying that there exist constants c , c such that
2h(P ) + 2h(Q) в€’ c в‰¤ h(P + Q) + h(P в€’ Q) (8.6)
h(P + Q) + h(P в€’ Q) в‰¤ 2h(P ) + 2h(Q) + c (8.7)
for all P, Q. These two inequalities will be proved separately. WeвЂ™ll start with
the second one.
Let the elliptic curve E be given by y 2 = x3 + Ax + B with A, B в€€ Z. Let
a1 a2
P = ( , y1 ), Q = ( , y2 ),
b1 b2
a3 a4
P в€’ Q = ( , y4 )
P + Q = ( , y3 ),
b3 b4

В© 2008 by Taylor & Francis Group, LLC
220 CHAPTER 8 ELLIPTIC CURVES OVER Q

be points on E, where yi в€€ Q and ai , bi are integers with gcd(ai , bi ) = 1. Let

g1 = 2(a1 b2 + a2 b1 )(Ab1 b2 + a1 a2 ) + 4Bb2 b2
12
2
g2 = (a1 a2 в€’ Ab1 b2 ) в€’ 4B(a1 b2 + a2 b1 )b1 b2
g3 = (a1 b2 в€’ a2 b1 )2 .

Then a short calculation shows that
a3 a4 g1 a3 a4 g2
+ =, =.
b3 b4 g3 b3 b4 g3

LEMMA 8.20
Let c1 , c2 , d1 , d2 в€€ Z. Then

Max(|c1 |, |d1 |) В· Max(|c2 |, |d2 |) в‰¤ 2Max(|c1 c2 |, |c1 d2 + c2 d1 |, |d1 d2 |).

PROOF Without loss of generality, we may assume that |c1 | в‰¤ |d1 | (other-
wise, switch c1 , d1 ). Let L denote the left side of the inequality of the lemma
and let R denote the right side. There are three cases to consider.
1. If |c2 | в‰¤ |d2 |, then L = |d1 d2 | and 2|d1 d2 | в‰¤ R, so L в‰¤ R.
2. If |c2 | в‰Ґ |d2 | в‰Ґ (1/2)|c2 |, then L = |d1 c2 | and

R в‰Ґ 2|d1 d2 | в‰Ґ |d1 c2 | в‰Ґ L.

3. If |d2 | в‰¤ (1/2)|c2 |, then L = |d1 c2 | and

R в‰Ґ 2|c1 d2 + c2 d1 |
в‰Ґ 2(|c2 d1 | в€’ |c1 d2 |)
в‰Ґ 2(|c2 d1 | в€’ |d1 |(1/2)|c2 |)
= |c2 d1 | = L.

This completes the proof of the lemma.

LEMMA 8.21
Let c1 , c2 , d1 , d2 в€€ Z with gcd(ci , di ) = 1 for i = 1, 2. Then

gcd(c1 c2 , c1 d2 + c2 d1 , d1 d2 ) = 1.

PROOF Let d = gcd(c1 d2 + c2 d1 , d1 d2 ). Suppose p is a prime such that
p|c1 and p|d. Then p d1 since gcd(c1 , d1 ) = 1. Since p|d1 d2 , we have p|d2 .
Therefore, p c2 . Therefore, p|c1 d2 and p c2 d1 , so p c1 d2 + c2 d1 . Therefore
p d, contradiction. Similarly, there is no prime dividing both c2 and d. It

В© 2008 by Taylor & Francis Group, LLC
221
SECTION 8.3 HEIGHTS AND THE MORDELL-WEIL THEOREM

follows that there is no prime dividing c1 c2 and d, so the gcd in the lemma is
1.

We can apply the lemmas to a3 , a4 , b3 , b4 . Since gcd(a3 , b3 ) = 1 and
gcd(a4 , b4 ) = 1, we have

gcd(a3 a4 , a3 b4 + a4 b3 , b3 b4 ) = 1.

Therefore, there exist integers x, y, z such that

a3 a4 x + (a3 b4 + a4 b3 )y + b3 b4 z = 1.

Since

g3 (a3 b4 + a4 b3 ) = g1 (b3 b4 ) and g3 (a3 a4 ) = g2 (b3 b4 ), (8.8)

we have

g3 = g3 (a3 a4 )x + g3 (a3 b4 + a4 b3 )y + g3 (b3 b4 )z
= g2 (b3 b4 )x + g1 (b3 b4 )y + g3 (b3 b4 )z.

Therefore, b3 b4 |g3 , so
|b3 b4 | в‰¤ |g3 |.
Similarly,
|a3 a4 | в‰¤ |g2 |.
Equation 8.8 and the fact that |b3 b4 | в‰¤ |g3 | imply that

|a3 b4 + a4 b3 | в‰¤ |g1 |.

In terms of the nonlogarithmic height H, these inequalities say that

H(P + Q) В· H(P в€’ Q) = Max(|a3 |, |b3 |) В· Max(|a4 |, |b4 |)
в‰¤ 2Max(|a3 a4 |, |a3 b4 + a4 b3 |, |b3 b4 |)
в‰¤ 2Max(|g2 |, |g1 |, |g3 |).

Let H1 = Max(|a1 |, |b1 |) and H2 = Max(|a2 |, |b2 |). Then

|g1 | = |2(a1 b2 + a2 b1 )(Ab1 b2 + a1 a2 ) + 4Bb2 b2 |
12
22
в‰¤ 2(H1 H2 + H2 H1 )(|A|H1 H2 + H1 H2 ) + 4|B|H1 H2
22
в‰¤ 4(|A| + 1 + |B|)H1 H2 .

Similarly,

|g2 | в‰¤ ((1 + |A|)2 + 8|B|)H1 H2 ,
22 22
|g3 | в‰¤ 4H1 H2 .

Therefore,

H(P + Q) В· H(P в€’ Q) в‰¤ CH1 H2 = CH(P )2 H(Q)2
22

В© 2008 by Taylor & Francis Group, LLC
222 CHAPTER 8 ELLIPTIC CURVES OVER Q

for some constant C. Taking logs yields

h(P + Q) + h(P в€’ Q) в‰¤ 2h(P ) + 2h(Q) + c (8.9)

for some constant c .
We now need to prove the inequality in (8.6). First weвЂ™ll prove an inequality
between h(R) and h(2R) for points R.

LEMMA 8.22
Let R в€€ E(Q). There exists a constant C2 , independent of R, such that

4h(R) в‰¤ h(2R) + C2 .

PROOF Let
a
R = ( , y)
b
with y в€€ Q and a, b в€€ Z with gcd(a, b) = 1. Let

h1 = a4 в€’ 2Aa2 b2 в€’ 8Bab3 + A2 b4
h2 = (4b)(a3 + Aab2 + Bb3 )
в€† = 4A3 + 27B 2 .

By Lemma 3.8, there exist homogeneous polynomials r1 , r2 , s1 , s2 в€€ Z[a, b] of
degree 3 (the coeп¬ѓcients depend on A, B) such that

4в€†b7 = r1 h1 + r2 h2 (8.10)
4в€†a7 = s1 h1 + s2 h2 . (8.11)

For a homogeneous polynomial

p(x, y) = c0 x3 + c1 x2 y + c2 xy 2 + c3 y 3 ,

we have
|p(a, b)| в‰¤ (|c0 | + |c1 | + |c2 | + |c3 |)Max(|a|, |b|)3 .
Suppose |b| в‰Ґ |a|. It follows that

|4в€†||b|7 в‰¤ |r1 (a, b)||h1 | + |r2 (a, b)||h2 |
в‰¤ C1 |b|3 Max(|h1 |, |h2 |),

for some constant C1 independent of R. Therefore,

|4в€†||b|4 в‰¤ C1 Max(|h1 |, |h2 |).

Let d = gcd(h1 , h2 ). Then (8.10) and (8.11) imply that

d | 4в€†b7 and d | 4в€†a7 .

В© 2008 by Taylor & Francis Group, LLC
223
SECTION 8.4 EXAMPLES

Since gcd(a, b) = 1, we have d|4в€†, so d в‰¤ |4в€†|. Since

|h1 | |h2 |
H(2R) = Max , ,
d d

we have

|4в€†|H(R)4 = |4в€†||b|4
в‰¤ C1 Max(|h1 |, |h2 |)
|h1 | |h2 |
в‰¤ C1 |4в€†| Max( , )
d d
в‰¤ C1 |4в€†|H(2R).

Dividing by |4в€†| and taking logs yields

4h(R) в‰¤ h(2R) + C2

for some constant C2 , independent of R.
The case where |a| в‰Ґ |b| is similar. This completes the proof of Lemma 8.22.

Changing P to P + Q and Q to P в€’ Q in (8.9) yields

h(2P ) + h(2Q) в‰¤ 2h(P + Q) + 2h(P в€’ Q) + c .

By Lemma 8.22,

4h(P ) + 4h(Q) в€’ 2C2 в‰¤ h(2P ) + h(2Q).

Therefore,
2h(P ) + 2h(Q) в€’ c в‰¤ h(P + Q) + h(P в€’ Q)
for some constant c . This completes the proof of Proposition 8.19.

8.4 Examples
The Mordell-Weil theorem says that if E is an elliptic curve deп¬Ѓned over
Q, then E(Q) is a п¬Ѓnitely generated abelian group. The structure theorem
for such groups (see Appendix B) says that

T вЉ• Zr ,
E(Q)

where T is a п¬Ѓnite group (the torsion subgroup) and r в‰Ґ 0 is an integer,
 стр. 1(всего 3)СОДЕРЖАНИЕ >>