<< стр. 2(всего 3)СОДЕРЖАНИЕ >>
called the rank of E(Q). In Section 8.1, we showed how to compute T .

В© 2008 by Taylor & Francis Group, LLC
224 CHAPTER 8 ELLIPTIC CURVES OVER Q

The integer r is harder to compute. In this section, we show how to use the
methods of the previous sections to compute r in some cases. In Section 8.8,
weвЂ™ll give an example that shows why the computation of r is sometimes
diп¬ѓcult.

Example 8.7
Let E be the curve
y 2 = x3 в€’ 4x.
In Section 8.2, we showed that

E(Q)/2E(Q) = {в€ћ, (0, 0), (2, 0), (в€’2, 0)}

(more precisely, the points on the right are representatives for the cosets on
the left). Moreover, an easy calculation using the Lutz-Nagell theorem shows
that the torsion subgroup of E(Q) is

T = E.

T вЉ• Zr , so
From Theorem 8.15, we have E(Q)

(T /2T ) вЉ• Zr = T вЉ• Zr .
E(Q)/2E(Q) 2 2

Since E(Q)/2E(Q) has order 4, we must have r = 0. Therefore,

E(Q) = E = {в€ћ, (0, 0), (2, 0), (в€’2, 0)}.

Example 8.8
Let E be the curve
y 2 = x3 в€’ 25x.
This curve E appeared in Chapter 1, where we found the points

(0, 0), (5, 0), (в€’5, 0), (в€’4, 6).

We also calculated the point

412 в€’62279
2(в€’4, 6) = ( , ).
122 1728
Since 2(в€’4, 6) does not have integer coordinates, (в€’4, 6) cannot be a torsion
point, by Theorem 8.7. In fact, a calculation using the Lutz-Nagell theorem
shows that the torsion subgroup is

T = {в€ћ, (0, 0), (5, 0), (в€’5, 0)} Z2 вЉ• Z2 .

В© 2008 by Taylor & Francis Group, LLC
225
SECTION 8.4 EXAMPLES

We claim that
Z2 вЉ• Z2 вЉ• Z.
E(Q)
We know that the rank r is at least 1, because there is a point (в€’4, 6) of
inп¬Ѓnite order. The problem is to show that the rank is exactly 1.
Consider the map
2 2 2
П† : E(Q) в†’ (QГ— /QГ— ) вЉ• (QГ— /QГ— ) вЉ• (QГ— /QГ— )

of Theorem 8.14 deп¬Ѓned by

(x, y) в†’ (x, x в€’ 5, x + 5)

when y = 0. Therefore,

П†(в€’4, 6) = (в€’1, в€’1, 1),

where we have used the fact that в€’4 and в€’9 are equivalent to в€’1 mod squares.
Also, from Theorem 8.14,

П†(в€ћ) = (1, 1, 1)
П†(0, 0) = (в€’1, в€’5, 5)
П†(5, 0) = (5, 2, 10)
П†(в€’5, 0) = (в€’5, в€’10, 2).

Since П† is a homomorphism, we immediately п¬Ѓnd that П†(в€’4, 6) times any of
these triples is in the image of П†, so

(1, 5, 5), (в€’5, в€’2, 10), (5, 10, 2)

correspond to points.
If we write

x = au2
x в€’ 5 = bv 2
x + 5 = cw2 ,

we have П†(x, y) = (a, b, c). From Proposition 8.13, we may assume

a, b, c в€€ {В±1, В±2, В±5, В±10}.

Also, abc is a square, so c is determined by a, b. Therefore, weвЂ™ll often ignore
c and concentrate on the possibilities for a, b. There are 64 possible pairs a, b.
So far, we have 8 pairs that correspond to points. LetвЂ™s record them in a list,
which weвЂ™ll refer to as L in the following:

L = {(1, 1), (1, 5), (в€’1, в€’1), (в€’1, в€’5), (5, 2), (5, 10), (в€’5, в€’2), (в€’5, в€’10)}.

В© 2008 by Taylor & Francis Group, LLC
226 CHAPTER 8 ELLIPTIC CURVES OVER Q

Our job is to eliminate the remaining 56 possibilities.
Observe that

x в€’ 5 = bv 2 < x = au2 < x + 5 = cw2 .

If a < 0, then b < 0. If a > 0 then c > 0, hence b > 0 since abc is a square.
Therefore, a and b have the same sign. This leaves 32 possible pairs a, b.
We now consider, and eliminate, three special pairs a, b. The fact that
П† is a homomorphism will then suп¬ѓce to eliminate all but the eight pairs
corresponding to known points.
(a,b)=(2,1). We have

x = 2u2
x в€’ 5 = v2
x + 5 = 2w2 .

Therefore,
2u2 в€’ v 2 = 5, 2w2 в€’ 2u2 = 5.
If one of u or v has an even denominator, then so does the other. However,
2u2 has an odd power of 2 in its denominator, while v 2 has an even power
of 2 in its denominator. Therefore, 2u2 в€’ v 2 is not an integer, contradiction.
It follows that u, v have odd denominators, so we may work with them mod
powers of 2. Since v 2 в‰Ў в€’5 (mod 2), we must have v odd. Therefore, v 2 в‰Ў 1
(mod 8), so
2u2 в‰Ў 6 (mod 8).
This implies that u2 в‰Ў 3 (mod 4), which is impossible. Therefore, the pair
(a, b) = (2, 1) is eliminated.
(a,b)=(5,1). We have

x = 5u2
x в€’ 5 = v2
x + 5 = 5w2 .

Therefore,
5u2 в€’ v 2 = 5, 5w2 в€’ 5u2 = 5.
If the denominator of one of u or v is divisible by 5, then so is the other.
But 5u2 then has an odd power of 5 in its denominator, while v 2 has an even
power of 5 in its denominator. This is impossible, so the denominators of
both u and v are not divisible by 5. Since w2 в€’ u2 = 1, the same holds for w.
Therefore, we can work with u, v, w mod 5. We have v в‰Ў 0 (mod 5), so we
can write v = 5v1 . Then
u2 в€’ 5v1 = 1,
2

so u2 в‰Ў 1 (mod 5). Therefore, w2 = 1 + u2 в‰Ў 2 (mod 5). This is impossible.
Therefore, the pair (a, b) = (5, 1) is eliminated.

В© 2008 by Taylor & Francis Group, LLC
227
SECTION 8.4 EXAMPLES

(a,b)=(10, 1). We have

x = 10u2
x в€’ 5 = v2
x + 5 = 10w2 .

Therefore,
10u2 в€’ v 2 = 5, 10w2 в€’ 10u2 = 5.

As before, the denominators of u, v, w are not divisible by 5. Write v = 5v1 .
Then 2u2 в€’ 5v1 = 1, so 2u2 в‰Ў 1 (mod 5). This is impossible, so the pair
2

(a, b) = (10, 1) is eliminated.
The pairs (a, 1) with a < 0 are eliminated since a, b must have the same
sign. Therefore, (1, 1) = П†(в€ћ) is the only pair of the form (a, 1) corresponding
to a point.
Let (a, b) be any pair. There is a point P with П†(P ) = (a , b) on the list L
for some a . If there is a point Q with П†(Q) = (a, b), then

П†(P в€’ Q) = (a , b)(a, b)в€’1 = (a , 1)

for some a . We showed that (a , 1) is not in the image of П† when a = 1.
Therefore, a = 1, so a = a and (a, b) = (a , b) = П†(P ). Consequently, the
only pairs in the image of П† are those on the list L.
As stated above, the torsion subgroup of E(Q) is E, so

Z2 вЉ• Z2 вЉ• Zr
E(Q)/2E(Q) 2

for some r. Since the image of П† has order 8 and the kernel of П† is 2E(Q),
the order of E(Q)/2E(Q) is 8. Therefore, r = 1. This implies that

Z2 вЉ• Z2 вЉ• Z.
E(Q)

Note that we have also proved that E and (в€’4, 6) generate a subgroup of
E(Q) of odd index. It can be shown that they actually generate the whole
group. This would require making the constants in the proof of Theorem 8.17
more explicit, then п¬Ѓnding all points with heights less than an explicit bound
to obtain a generating set.

Silverman  proved the following.

THEOREM 8.23
Let E be deп¬Ѓned over Q by the equation

y 2 = x3 + Ax + B

В© 2008 by Taylor & Francis Group, LLC
228 CHAPTER 8 ELLIPTIC CURVES OVER Q

with A, B в€€ Z. Then
1 1 1
Л†
в€’ h(j) в€’ h(в€†) в€’ 0.973 в‰¤ h(P ) в€’ h(P )
8 12 2
1 1
в‰¤ h(j) + h(в€†) + 1.07
12 12
for all P в€€ E(Q). Here в€† = в€’16(4A3 + 27B 2 ) and j = в€’1728(4A)3 /в€†.

For the curve y 2 = x3 в€’ 25x, we have в€† = 106 and j = 1728. Therefore,
1
Л†
в€’3.057 < h(P ) в€’ h(P ) < 2.843
2
for all P в€€ E(Q). The points (0, 0), (5, 0), (в€’5, 0), (в€’4, 6) generate the group
E(Q)/2E(Q). The п¬Ѓrst three of these points have canonical height 0 since
they are torsion points. The point (в€’4, 6) has canonical height 0.94974 . . .
(this can be calculated using the series (8.5)). The proof of Theorem 8.17
shows that the points with canonical height at most 0.94974 . . . generate
E(Q). Theorem 8.23 says that such points have noncanonical height h(P ) <
8.02. Since e8.02 в‰€ 3041, the nonlogarithmic height of the x-coordinate is at
most 3041. Therefore, we need to п¬Ѓnd all points (x, y) в€€ E(Q) such that
a
with Max(|a|, |b|) в‰¤ 3041.
x=
b
It is possible to п¬Ѓnd all such points using a computer. The fact that the
denominator of x must be a perfect square can be used to speed up the
search. We п¬Ѓnd the points
(0, 0), (в€’5, 0), (5, 0), (в€’4, 6)
(45, в€’300) = (в€’5, 0) + (в€’4, 6)
(25/4, 75/8) = (0, 0) + (в€’4, 6)
(в€’5/9, в€’100/27) = (5, 0) + (в€’4, 6)
(1681/144, в€’62279/1728) = 2(в€’4, 6)
and the negatives of these points. Since these points generate E(Q), we
conclude that (0, 0), (5, 0), (в€’5, 0), (в€’4, 6) generate E(Q).

REMARK 8.24 In Chapter 1, we needed to п¬Ѓnd an x such that x, x в€’ 5,
and x + 5 were all squares. We did this by starting with the point (в€’4, 6) and
п¬Ѓnding the other point of intersection of the tangent line with the curve. In
eп¬Ђect, we computed
412 в€’62279
2(в€’4, 6) = ( 2 , )
12 1728
and miraculously obtained x = 412 /122 with the desired property. We now
see that this can be explained by the fact that П† is a homomorphism. Since

В© 2008 by Taylor & Francis Group, LLC
229
SECTION 8.4 EXAMPLES

П†(2P ) = (1, 1, 1) for any point P , we always obtain an x such that x, x в€’ 5,
and x+5 are squares when we double a point on the curve y 2 = x(xв€’5)(x+5).

Example 8.9
One use of descent is to п¬Ѓnd points on elliptic curves. The idea is that in the
equations
x в€’ e1 = au2
x в€’ e2 = bv 2
x в€’ e3 = cw2 ,
the numerators and denominators of u, v, w are generally smaller than those
of x. Therefore, an exhaustive search for u, v, w is faster than searching for x
directly. For example, suppose we are looking for points on
y 2 = x3 в€’ 36x.
One of the triples that we encounter is (a, b, c) = (3, 6, 2). This gives the
equations
x = 3u2
x в€’ 6 = 6v 2
x + 6 = 2w2 .
These can be written as
3u2 в€’ 6v 2 = 6, 2w2 в€’ 3u2 = 6,
which simplify to
u2 в€’ 2v 2 = 2, 2w2 в€’ 3u2 = 6.
A quick search through small values of u yields (u, v, w) = (2, 1, 3). This gives
(x, y) = (12, 36).
Note that the value of u is smaller than x. Of course, we are lucky in this
example since the value of u turned out to be integral. Otherwise, we would
have had to search through values of u with small numerator and small de-
nominator.
The curve y 2 = x3 в€’36x can be transformed to the curve y 2 = x(x+1)(2x+
1)/6 that we met in Chapter 1 (see Exercise 1.5). The point (1/2, 1/2) on
that curve corresponds to the point (12, 36) that we found here.

Example 8.10
The elliptic curves that we have seen up to now have had small generators
for their Mordell-Weil groups. However, frequently the generators of Mordell-
Weil groups have very large heights. For example, the Mordell-Weil group of

В© 2008 by Taylor & Francis Group, LLC
230 CHAPTER 8 ELLIPTIC CURVES OVER Q

the elliptic curve (see )
y 2 = x3 в€’ 59643
over Q is inп¬Ѓnite cyclic, generated by
62511752209 15629405421521177
,
9922500 31255875000
(there are much larger examples, but the margin is not large enough to contain
them). This curve can be transformed to the curve u3 + v 3 = 94 by the
techniques of Section 2.5.2.

8.5 The Height Pairing
Suppose we have points P1 , . . . , Pr that we want to prove are independent.
How do we do it?

THEOREM 8.25
Л†
Let E be an elliptic curve deп¬Ѓned over Q and let h be the canonical height
function. For P, Q в€€ E(Q), deп¬Ѓne the height pairing
Л† Л† Л†
P, Q = h(P + Q) в€’ h(P ) в€’ h(Q).
Then , is bilinear in each variable. If P1 , . . . , Pr are points in E(Q), and
the r Г— r determinant
det( Pi , Pj ) = 0,
then P1 , . . . , Pr are independent (that is, if there are integers ai such that
a1 P1 + В· В· В· + ar Pr = в€ћ, then ai = 0 for all i).

PROOF The second part of the theorem is true for any bilinear pairing.
LetвЂ™s assume for the moment that the pairing is bilinear and prove the second
part. Suppose a1 P1 + В· В· В· + ar Pr = в€ћ, and ar = 0, for example. Then ar
times the last row of the matrix Pi , Pj is a linear combination of the п¬Ѓrst
r в€’ 1 rows. Therefore, the determinant vanishes. This contradiction proves
that the points must be independent.
The proof of bilinearity is harder. Since the pairing is symmetric (that is,
P, Q = Q, P ), it suп¬ѓces to prove bilinearity in the п¬Ѓrst variable:
P + Q, R = P, R + Q, R .
Recall the parallelogram law:
Л† Л† Л† Л†
h(S + T ) + h(S в€’ T ) = 2h(S) + 2h(T ).

В© 2008 by Taylor & Francis Group, LLC
231
SECTION 8.6 FERMATвЂ™S INFINITE DESCENT

Successively letting (S, T ) = (P + Q, R), (P, Q в€’ R), (P + R, Q), and (Q, R)
yields the following equations:

Л† Л† Л† Л†
h(P + Q + R) + h(P + Q в€’ R) = 2h(P + Q) + 2h(R)
Л† Л† Л† Л†
2h(P ) + 2h(Q в€’ R) = h(P + Q в€’ R) + h(P в€’ Q + R)
Л† Л† Л† Л†
h(P + R + Q) + h(P + R в€’ Q) = 2h(P + R) + 2h(Q)
Л† Л† Л† Л†
4h(Q) + 4h(R) = 2h(Q + R) + 2h(Q в€’ R).

Adding together all of these equations yields

Л† Л† Л†
2 h(P + Q + R) в€’ h(P + Q) в€’ h(R)
Л† Л† Л† Л† Л† Л†
= 2 h(P + R) в€’ h(P ) в€’ h(R) + h(Q + R) в€’ h(Q) в€’ h(R) .

Dividing by 2 and using the deп¬Ѓnition of the pairing yields the result.

Example 8.11
Let E be given by y 2 = x3 + 73. Let P = (2, 9) and Q = (3, 10). Then

P, P = 0.9239 . . .
P, Q = в€’0.9770 . . .
Q, Q = 1.9927 . . . .

Since
0.9239 в€’0.9770
= 0.8865 В· В· В· = 0,
det
в€’0.9770 1.9927

the points P and Q are independent on E.

8.6 FermatвЂ™s Inп¬Ѓnite Descent
The methods in this chapter have their origins in FermatвЂ™s method of
inп¬Ѓnite descent. In the present section, weвЂ™ll give an example of FermatвЂ™s
method and show how it relates to the calculations we have been doing.
Consider the equation

a4 + b4 = c2 . (8.12)

The goal is to show that it has no solutions in nonzero integers a, b, c. Recall
the parameterization of Pythagorean triples:

В© 2008 by Taylor & Francis Group, LLC
232 CHAPTER 8 ELLIPTIC CURVES OVER Q

PROPOSITION 8.26
Suppose x, y, z are relatively prime positive integers such that

x2 + y 2 = z 2 .

Then one of x, y is even. Suppose it is x. Then there exist positive integers
m, n such that

y = m2 в€’ n2 , z = m2 + n2 .
x = 2mn,

Moreover, gcd(m, n) = 1 and m в‰Ў n (mod 2).

This result is proved in most elementary number theory texts. Alternatively,
see Exercise 2.21.
Suppose now that there are nonzero integers a, b, c satisfying (8.12). We
may assume a, b, c are positive and relatively prime. Proposition 8.26 implies
we may assume that a is even and that there exist integers m, n with

a2 = 2mn, b2 = m2 в€’ n2 , c = m2 + n2 .

If n is odd, then m is even, which implies that b2 в‰Ў в€’1 (mod 4). This is
impossible, so n is even and m is odd. Write n = 2q for some integer q. We
then have
(a/2)2 = mq.
Since gcd(m, n) = 1, we also have gcd(m, q) = 1. Since m, q are relatively
prime and their product is a square, it follows easily from looking at the prime
factorizations of m, q that both m and q must be squares:

m = t2 , q = u2

for some positive integers t, u. Therefore, we have

b2 = m2 в€’ n2 = t4 в€’ 4u4 .

This may be rewritten as
(2u2 )2 + b2 = t4 .
Since m is odd, t is odd. Since gcd(m, q) = 1, we also have gcd(t, u) = 1.
Therefore, gcd(t, 2u2 ) = 1. Proposition 8.26 implies that

2u2 = 2vw, b = v 2 в€’ w2 , t2 = v 2 + w 2

with gcd(v, w) = 1. Since the product vw is a square, it follows that both v
and w are squares:
v = r 2 , w = s2 .
Therefore, t2 = v 2 + w2 becomes

t2 = r4 + s4 .

В© 2008 by Taylor & Francis Group, LLC
233
SECTION 8.6 FERMATвЂ™S INFINITE DESCENT

This is the same equation we started with. Since

0 < t в‰¤ t4 = m2 < c, (8.13)

we have proved that for every triple (a, b, c) with a4 + b4 = c2 , there is another
solution (r, s, t) with 0 < t < c. We therefore have an inп¬Ѓnitely descending
sequence c > t > . . . of positive integers. This is impossible. Therefore, there
is no solution (a, b, c).
Observe that m2 > n2 , so c < 2m2 = 2t4 . Combining this with (8.13) yields

t4 < c < 2t4 .

This implies that the logarithmic height of t is approximately one fourth the
logarithmic height of c. Recall that the canonical height of 2P is four times
the height of P . Therefore, we suspect that FermatвЂ™s procedure amounts to
halving a point on an elliptic curve. WeвЂ™ll show that this is the case.
We showed in Section 2.5.3 that the transformation
4(z + 1)
2(z + 1)
, y=
x=
w2 w3
maps the curve
C : w2 = z 4 + 1
to the curve
E : y 2 = x3 в€’ 4x.
a4 + b4 = c2 ,
then the point
ac
(z, w) = ( , 2 )
bb
lies on C. It maps to a point (x, y) on E, with
c
2( + 1) 2(c + b2 )
2
x= b =
(a/b)2 a2
2(t4 + 4r4 s4 + (r4 в€’ s4 )2 )
=
(2rst)2
2
t
= .
rs
This implies that
2
t2 в€’ 2r2 s2 r2 в€’ s2
xв€’2 = =
(rs)2 rs
2
t2 + 2r2 s2 r2 + s2
x+2 = = .
(rs)2 rs

В© 2008 by Taylor & Francis Group, LLC
234 CHAPTER 8 ELLIPTIC CURVES OVER Q

Let П† be the map in Theorem 8.14. Since x, x в€’ 2, x + 2 are squares, П†(x, y) =
1. Theorem 8.14 implies that

(x, y) = 2P

for some point P в€€ E(Q).
LetвЂ™s п¬Ѓnd P . We follow the procedure used to prove Theorem 8.14. In the
notation of the proof of Theorem 8.14, the polynomial

r2 в€’ t 2
s
t
в€’ T+ T
f (T ) =
rs rs 4rs
satisп¬Ѓes
r2 в€’ s2 r2 + s2
t
f (0) = , f (2) = , f (в€’2) = .
rs rs rs
The formulas from the proof of Theorem 8.14 say that the point (x1 , y1 ) with

в€’2s2
в€’s/2r
x1 = =2
(r2 в€’ t)/4rs r в€’t
4rs
y1 = 2
r в€’t
satisп¬Ѓes 2(x1 , y1 ) = (x, y).
The transformation
2x3
2x
w = в€’1 + 2
z= ,
y y
maps E to C. The point (x1 , y1 ) maps to
2x1 s
=в€’
z1 =
y1 r
2x3 s4
w1 = в€’1 + 21 = в€’1 в€’ 2 2
r (r в€’ t)
y1
r4 + s4 в€’ r2 t t2 в€’ r 2 t
=в€’ 2 2 =в€’ 2 2
r (r в€’ t) r (r в€’ t)
t
= 2.
r
We have
2 4
в€’s
t
= + 1.
r2 r
Therefore, the solution (r, в€’s, t) corresponds to a point P on E such that 2P
corresponds to (a, b, c). FermatвЂ™s procedure, therefore, can be interpreted as
starting with a point on an elliptic curve and halving it. The height decreases
by a factor of 4. The procedure cannot continue forever, so we must conclude

В© 2008 by Taylor & Francis Group, LLC
235
SECTION 8.6 FERMATвЂ™S INFINITE DESCENT

On y 2 = x3 в€’4x, the points of order 2 played a role in the descent procedure
in Section 8.2. We showed that the image of the map П† was equal to the image
of E under П†. If we start with a possible point P в€€ E(Q), then П†(P ) = П†(T )
for some T в€€ E. Therefore, P в€’ T = 2Q for some Q в€€ E(Q). In FermatвЂ™s
method, the points of order 2 appear more subtly. If (x, y) on E corresponds
to the solution a, b, c of a4 + b4 = c2 , then a calculation shows that

(x, y) + (0, 0) в†ђв†’ в€’a, b, в€’c
(x, y) + (2, 0) в†ђв†’ в€’b, a, c
(x, y) + (в€’2, 0) в†ђв†’ b, a, в€’c.

Since we assumed that a was even and b was odd, we removed the solutions
В±b, a, в€“c from consideration. The solution в€’a, b, в€’c was implicitly removed
by the equation c = m2 + n2 , which required c to be positive. Therefore,
the choices that were made, which seemed fairly natural and innocent, were
exactly those that caused П†(P ) to be trivial and thus allowed us to halve the
point.
Finally, we note that in the descent procedure for E in Section 8.2, we elim-
inated many possibilities by congruences mod powers of 2. The considerations
also appear in FermatвЂ™s method, for example, in the argument that n is even.
In FermatвЂ™s descent, the equation

b2 = t4 в€’ 4u4

appears in an intermediate stage. This means we are working with the point
(w, z) = (u/t, b/t2 ) on the curve

C : w2 = в€’4z 4 + 1.

The transformation (see Theorem 2.17)

2(z + 1) 4(z + 1)
x= , y=
w2 w3
maps C to the elliptic curve
2 3
E :y = x + 16x .

There is a map П€ : E в†’ E given by

y 2 y(x2 + 4)
(x , y ) = П€(x, y) = , .
x2 x2

There is also a map П€ : E в†’ E given by
2 2
y (x в€’ 16)
y
(x, y) = П€ (x , y ) = , .
4x 2 8x 2

В© 2008 by Taylor & Francis Group, LLC
236 CHAPTER 8 ELLIPTIC CURVES OVER Q

It can be shown that П€ в—¦ П€ is multiplication by 2 on E. FermatвЂ™s descent
procedure can be analyzed in terms of the maps П€ and П€ .
More generally, if E is an elliptic curve given by y 2 = x3 + Cx2 + Ax and E
2 3 2
is given by y = x в€’ 2Cx + (C 2 в€’ 4A)x , then there are maps П€ : E в†’ E
given by

y 2 y(x2 в€’ A)
П€(0, 0) = П€(в€ћ) = в€ћ,
(x , y ) = П€(x, y) = , ,
x2 x2

and П€ : E в†’ E given by
2 2
y (x в€’ C 2 + 4A)
y
П€ (0, 0) = П€ (в€ћ) = в€ћ.
(x, y) = П€ (x , y ) = , ,
4x 2 8x 2

The composition П€ в—¦ П€ is multiplication by 2 on E. It is possible to do
descent and prove the Mordell-Weil theorem using the maps П€ and П€ . This
is a more powerful method than the one we have used since it requires only
one two-torsion to be rational, rather than all three. For details, see ,
.
The maps П€ and П€ can be shown to be homomorphisms between E(Q) and
E (Q) and are described by rational functions. In general, for elliptic curves
E1 and E2 over a п¬Ѓeld K, a homomorphism from E1 (K) to E2 (K) that is
given by rational functions is called an isogeny.

8.7 2-Selmer Groups; Shafarevich-Tate Groups
an elliptic curve E deп¬Ѓned over Q by

y 2 = (x в€’ e1 )(x в€’ e2 )(x в€’ e3 )

with all ei в€€ Z. This leads to equations

x в€’ e1 = au2
x в€’ e2 = bv 2
x в€’ e3 = cw2 .

au2 в€’ bv 2 = e2 в€’ e1 , au2 в€’ cw2 = e3 в€’ e1 .

This deп¬Ѓnes a curve Ca,b,c in u, v, w. In fact, it is the intersection of two
quadratic surfaces. If it has a rational point, then it can be changed to an

В© 2008 by Taylor & Francis Group, LLC
237
SECTION 8.7 2-SELMER GROUPS; SHAFAREVICH-TATE GROUPS

elliptic curve, as in Section 2.5.4. A lengthy calculation, using the formulas of
Theorem 2.17, shows that this elliptic curve is the original curve E. If Ca,b,c
does not have any rational points, then the triple (a, b, c) is eliminated.
The problem is how to decide which curves Ca,b,c have rational points. In
the examples of Section 8.2, we used considerations of sign and congruences
mod powers of 2 and 5. These can be interpreted as showing that the curves
Ca,b,c that are being eliminated have no real points, no 2-adic points, or no
5-adic points (for a summary of the relevant properties of p-adic numbers, see
Appendix A). For example, when we used inequalities to eliminate the triple
(a, b, c) = (в€’1, 1, в€’1) for the curve y 2 = x(x в€’ 2)(x + 2), we were showing that
the curve
Cв€’1,1,в€’1 : в€’u2 в€’ v 2 = 2, в€’u2 + w2 = в€’2
has no real points. When we eliminated (a, b, c) = (1, 2, 2), we used congru-
ences mod powers of 2. This meant that

C1,2,2 : u2 в€’ 2v 2 = 2, u2 в€’ 2w2 = в€’2

The 2-Selmer group S2 is deп¬Ѓned to be the set of (a, b, c) such that Ca,b,c
has a real point and has p-adic points for all p. For notational convenience,
the real numbers are sometimes called the в€ћ-adics Qв€ћ . Instead of saying
that something holds for the reals and for all the p-adics Qp , we say that it
holds for Qp for all p в‰¤ в€ћ. Therefore,

S2 = {(a, b, c) | Ca,b,c (Qp ) is nonempty for all p в‰¤ в€ћ}.

Therefore, S2 is the set of (a, b, c) that cannot be eliminated by sign or congru-
ence considerations. It is a group under multiplication mod squares. Namely,
we regard
2 2 2
S2 вЉ‚ (QГ— /QГ— ) вЉ• (QГ— /QГ— ) вЉ• (QГ— /QГ— ).
The prime divisors of a, b, c divide (e1 в€’ e2 )(e1 в€’ e3 )(e2 в€’ e3 ), which implies
that S2 is a п¬Ѓnite group.
The descent map П† gives a map

П† : E(Q)/2E(Q) в†’ S2 .

The 2-torsion in the Shafarevich-Tate group is the cokernel of this map:

= S2 /Im П†.
2

The symbol is the Cyrillic letter вЂњsha,вЂќ which is the п¬Ѓrst letter of вЂњShafare-
vichвЂќ (in Cyrillic). WeвЂ™ll deп¬Ѓne the full group in Section 8.9. The group
2 represents those triples (a, b, c) such that Ca,b,c has a p-adic point for all
p в‰¤ в€ћ, but has no rational point. If 2 = 1, then it is much more diп¬ѓcult
to п¬Ѓnd the points on the elliptic curve E. If (a, b, c) represents a nontrivial

В© 2008 by Taylor & Francis Group, LLC
238 CHAPTER 8 ELLIPTIC CURVES OVER Q

element of , then it is usually diп¬ѓcult to show that Ca,b,c does not have
rational points.
Suppose we have an elliptic curve on which we want to п¬Ѓnd rational points.
If we do a 2-descent, then we encounter curves Ca,b,c . If we search for points
on a curve Ca,b,c and also try congruence conditions, both with no success,
then perhaps (a, b, c) represents a nontrivial element of 2 . Or we might
need to search longer for points. It is diп¬ѓcult to decide which is the case.
Fortunately for Fermat, the curves on which he did 2-descents had trivial
2.

The possible nontriviality of the group 2 means that we do not have a
general procedure for п¬Ѓnding the rank of the group E(Q). The group S2 can
be computed exactly and allows us to obtain an upper bound for the rank.
But we do not know how much of S2 is the image of П† and how much consists
of triples (a, b, c) representing elements of a possibly nontrivial 2 . Since
the generators of E(Q) can sometimes have very large height, it is sometimes
quite diп¬ѓcult to п¬Ѓnd points representing elements of the image of П†. Without
this information, we donвЂ™t know that the triple is actually in the image.
The Shafarevich-Tate group is often called the Tate-Shafarevich group
comes after
in English and the Shafarevich-Tate group in Russian. Since
T in the Cyrillic alphabet, these names for the group, in each language, are
the reverse of the standard practice in mathematics, which is to put names
was given to the group by Cassels (see
in alphabetical order. The symbol
[23, p. 109]).

REMARK 8.27 The Hasse-Minkowski theorem (see ) states that a

n n
Q(x1 , . . . , xn ) = aij xi xj
i=1 j=1

with aij в€€ Q represents 0 nontrivially over Q (that is, Q(x1 , . . . , xn ) = 0 for
some (0, . . . , 0) = (x1 , . . . , xn ) в€€ Qn ) if and only if it represents 0 nontrivially
in Qp for all p в‰¤ в€ћ. This is an example of a local-global principle.
For a general algebraic variety over Q (for example, an algebraic curve), we
can ask whether the local-global principle holds. Namely, if the variety has a
p-adic point for all p в‰¤ в€ћ, does it have a rational point? Since it is fairly easy
to determine when a variety has p-adic points, and most varieties fail to have
p-adic points for at most a п¬Ѓnite set of p, this would make it easy to decide
when a variety has rational points. However, the local-global principle fails in
many cases. In Section 8.8, weвЂ™ll give an example of a curve, one that arises in
a descent on an elliptic curve, for which the local-global principle fails.

В© 2008 by Taylor & Francis Group, LLC
239
SECTION 8.8 A NONTRIVIAL SHAFAREVICH-TATE GROUP

8.8 A Nontrivial Shafarevich-Tate Group
Let E be the elliptic curve over Q given by
y 2 = x(x в€’ 2p)(x + 2p),
where p is a prime. If we do a 2-descent on E, we encounter the equations
x = u2
x в€’ 2p = pv 2
x + 2p = pw2 .
These yield the curve deп¬Ѓned by the intersection of two quadratic surfaces:
C1,p,p : u2 в€’ pv 2 = 2p, u2 в€’ pw2 = в€’2p. (8.14)

THEOREM 8.28
If p в‰Ў 9 (mod 16), then C1,p,p has q-adic points for all primes q в‰¤ в€ћ, but
has no rational points.

PROOF First, weвЂ™ll show that there are no rational points. Suppose there
is a rational point (u, v, w). We may assume that u, v, w > 0. If p divides
the denominator of v, then an odd power of p is in the denominator of pv 2
and an even power of p is in the denominator of u2 , so u2 в€’ pv 2 cannot be
an integer, contradiction. Therefore, u, v, and hence also w have no p in their
denominators. It follows easily that the denominators of u, v, w are equal.
Since u2 = 2p + pv 2 , we have u в‰Ў 0 (mod p). Write
pr s t
u= , v= , w= ,
e e e
with positive integers r, s, t, e and with
gcd(r, e) = gcd(s, e) = gcd(t, e) = 1.
The equations for C1,p,p become
pr2 в€’ s2 = 2e2 , pr2 в€’ t2 = в€’2e2 .
Subtracting yields
s2 + 4e2 = t2 .
If s is even, then pr2 = s2 + 2e2 is even, so r is even. Then 2e2 = pr2 в€’
s2 в‰Ў 0 (mod 4), which implies that e is even. This contradicts the fact that
gcd(s, e) = 1. Therefore, s is odd, so
gcd(s, 2e) = 1.

В© 2008 by Taylor & Francis Group, LLC
240 CHAPTER 8 ELLIPTIC CURVES OVER Q

By Proposition 8.26, there exist integers m, n with gcd(m, n) = 1 such that

s = m2 в€’ n2 , t = m2 + n2 .
2e = 2mn,

Therefore,

pr2 = s2 + 2e2 = (m2 в€’ n2 )2 + 2(mn)2 = m4 + n4 .

Let q be a prime dividing r. Proposition 8.26 says that m в‰Ў n (mod 2), which
implies that pr2 must be odd. Therefore, q = 2. Since gcd(m, n) = 1, at least
one of m, n is not divisible by q. It follows that both m, n are not divisible by
q, since m4 + n4 в‰Ў 0 (mod q). Therefore,

(m/n)4 в‰Ў в€’1 (mod q).

It follows that m/n has order 8 in FГ— , so q в‰Ў 1 (mod 8). Since r is a positive
q
integer and all prime factors of r are 1 mod 8, we obtain

rв‰Ў1 (mod 8).

Therefore, r2 в‰Ў 1 (mod 16), so

m4 + n4 = pr2 в‰Ў 9 (mod 16).

But, for an arbitrary integer j, we have j 4 в‰Ў 0, 1 (mod 16). Therefore,

m4 + n4 в‰Ў 0, 1, 2 (mod 16),

so pr2 = m4 +n4 . This contradiction proves that C1,p,p has no rational points.
We now need to show that C1,p,p has q-adic points for all primes q в‰¤ в€ћ.
The proof breaks into four cases: q = в€ћ, q = 2, q = p, and all other q.
The case of the reals is easy. Let u be large enough that u2 > 2p. Then
choose v, w satisfying (8.14).
For q = 2, write

u = 1/2, v = v1 /2, w = w1 /2.

The equations for C1,p,p become
2 2
1 в€’ pv1 = 8p, 1 в€’ pw1 = в€’8p.

We need to solve
2 2
v1 = (1 в€’ 8p)/p, w1 = (1 + 8p)/p

(1 В± 8p)/p в‰Ў 1 (mod 8),
and since any number congruent to 1 mod 8 has a 2-adic square root (see
Appendix A), v1 , w1 exist. Therefore, C1,p,p has a 2-adic point.

В© 2008 by Taylor & Francis Group, LLC
241
SECTION 8.8 A NONTRIVIAL SHAFAREVICH-TATE GROUP

Now letвЂ™s consider q = p. Since p в‰Ў 1 (mod 4), there is a square root of в€’1
mod p. Since p в‰Ў 1 (mod 8), there is a square root of в€’2 mod p. Therefore,
both 2 and в€’2 have square roots mod p. HenselвЂ™s lemma (see Appendix A)
implies that both 2 and в€’2 have square roots in the p-adics. Let
в€љ
в€љ
u = 0, v = в€’2, w = 2.

Then u, v, w is a p-adic point on C1,p,p .
Finally, we need to consider q = 2, p, в€ћ. From a more advanced standpoint,
we could say that the curve C1,p,p is a curve of genus 1 and that HasseвЂ™s
theorem holds for such curves. If we use the estimates from HasseвЂ™s theorem,
then we immediately п¬Ѓnd that C1,p,p has points mod q for all q (except maybe
for a few small q, since we are not looking at the points at inп¬Ѓnity on C1,p,p ).
However, we have only proved HasseвЂ™s theorem for elliptic curves, rather than
for arbitrary genus 1 curves. In the following, weвЂ™ll use HasseвЂ™s theorem only
for elliptic curves and show that C1,p,p has points mod q. HenselвЂ™s lemma
then will imply that there is a q-adic point.
Subtracting the two equations deп¬Ѓning C1,p,p allows us to put the equations
into a more convenient form:

w2 в€’ v 2 = 4, u2 в€’ pv 2 = 2p. (8.15)

Suppose we have a solution (u0 , v0 , w0 ) mod q. It is impossible for both u0
and w0 to be 0 mod q.
Suppose u0 в‰Ў 0 (mod q). Then w0 в‰Ў 0 (mod q). Also, v0 в‰Ў 0 (mod q).
2
Let u = 0. Since в€’pv0 в‰Ў 2p (mod q), HenselвЂ™s lemma says that there exists
v в‰Ў v0 (mod q) in the q-adics such that в€’pv 2 = 2p. Applying HenselвЂ™s lemma
again gives the existence of w в‰Ў w0 satisfying w2 в€’v 2 = 4. Therefore, we have
found a q-adic point. Similarly, if w0 в‰Ў 0 (mod q), there is a q-adic point.
Finally, suppose u0 в‰Ў 0 (mod q) and w0 в‰Ў 0 (mod q). Choose any v в‰Ў v0
(mod q). Now use HenselвЂ™s lemma to п¬Ѓnd u, w. This yields a q-adic point.
It remains to show that there is a point mod q. Let n be a quadratic
nonresidue mod q. Then every element of FГ— is either of the form u2 or nu2 .
q
Consider the curve

C : w2 в€’ v 2 = 4, nu2 в€’ pv 2 = 2p.

Let N be the number of points mod q on C1,p,p and let N be the number of
points mod q on C . (We are not counting points at inп¬Ѓnity.)

LEMMA 8.29
N + N = 2(q в€’ 1).

Let x в‰Ў 0 (mod q). Solving
PROOF

w + v в‰Ў x, w в€’ v в‰Ў 4/x (mod q)

В© 2008 by Taylor & Francis Group, LLC
242 CHAPTER 8 ELLIPTIC CURVES OVER Q

yields a pair (v, w) for each x. There are q в€’ 1 choices for x, hence there are
q в€’ 1 pairs (v, w) satisfying w2 в€’ v 2 = 4. Let (v, w) be such a pair. Consider
the congruences

u2 в‰Ў 2p + pv 2 (mod q) and nu2 в‰Ў 2p + pv 2 (mod q).

If 2p + pv 2 в‰Ў 0 (mod q), then exactly one of these has a solution, and it has
2 solutions. If 2p + pv 2 в‰Ў 0 (mod q), then both congruences have 1 solution.
Therefore, each of the q в€’ 1 pairs (v, w) contributes 2 to the sum N + N , so
N + N = 2(q в€’ 1).

The strategy now is the following. If N > 0, weвЂ™re done. If N > 0,
then C can be transformed into an elliptic curve with approximately N
points. HasseвЂ™s theorem then gives a bound on N , which will show that
N = 2(q в€’ 1) в€’ N > 0, so there must be points on C1,p,p .

LEMMA 8.30
If q в‰Ґ 11, then N > 0.

PROOF If N = 0 then N = 2(q в€’1) > 0, by Lemma 8.29. In Section 2.5.4,
a point and obtain an elliptic curve. Therefore, we can transform C to
в€љ
an elliptic curve E . By HasseвЂ™s theorem, E has less than q + 1 + 2 q
points. We need to check that every point on C gives a point on E . In the
parameterization

2 + 2t2
4t
v= , w= (8.16)
1 в€’ t2 1 в€’ t2

of w2 в€’ v 2 = 4, the value t = в€ћ corresponds to (v, w) = (0, в€’2). All of
the other points (v, w) correspond to п¬Ѓnite values of t. No (п¬Ѓnite) pair (v, w)
corresponds to t = В±1 (the lines through (0, 2) of slope t = В±1 are parallel to
the asymptotes of the hyperbola). Substituting the parameterization (8.16)
into nu2 в€’ pv 2 = 2p yields the curve
2p 4
u2 = (t + 6t2 + 1),
Q: 1
n
where u1 = (1 в€’ t2 )u. A point on C with (v, w) = (0, в€’2) yields a п¬Ѓnite
point on the quartic curve Q . Since C has 2(q в€’ 1) > 1 points mod q, there
is at least one п¬Ѓnite point on Q . Section 2.5.3 describes how to change Q
to an elliptic curve E (the case where Q is singular does not occur since Q
is easily shown to be nonsingular mod q when q = 2, p). Every point mod q
on Q (including those at inп¬Ѓnity, if they are deп¬Ѓned over Fq ) yields a point
(possibly в€ћ) on E (points at inп¬Ѓnity on Q yield points of order 2 on E ).

В© 2008 by Taylor & Francis Group, LLC
243
SECTION 8.8 A NONTRIVIAL SHAFAREVICH-TATE GROUP

Therefore, the number of points on C is less than or equal to the number of
points on E . By HasseвЂ™s theorem,
в€љ
2(q в€’ 1) = N в‰¤ q + 1 + 2 q.

This may be rearranged to obtain
в€љ
( q в€’ 1)2 в‰¤ 4,

which yields q в‰¤ 9. Therefore, if q в‰Ґ 11, we must have N = 0.

It remains to treat the cases q = 3, 5, 7. First, suppose p is a square mod
q. There are no points on C1,p,p with coordinates in F3 , for example, so we
introduce denominators. LetвЂ™s try

u = u1 /q, v = 1/q, w = w1 /q.

Then we want to solve

w1 = 1 + 4q 2 ,
2
u2 = p + 2pq 2 .
1

Since p is assumed to be a square mod q, HenselвЂ™s lemma implies that there
are q-adic solutions u1 , w1 .
Now suppose that p is not a square mod q. Divide the second equation in
(8.15) by p to obtain

12
w2 в€’ v 2 = 4, u в€’ v 2 = 2.
p

Let n be any п¬Ѓxed quadratic nonresidue mod q, and write 1/p в‰Ў nx2 (mod q).
Letting u1 = xu, we obtain

w2 в€’ v 2 = 4, nu2 в€’ v 2 = 2.
1

For q = 3 and q = 5, we may take n = 2 and obtain

w2 в€’ v 2 в‰Ў 4, 2u2 в€’ v 2 в‰Ў 2 (mod q).
1

This has the solution (u1 , v, w) = (1, 0, 2). As above, HenselвЂ™s lemma yields a
For q = 7, take n = 3 to obtain

w2 в€’ v 2 в‰Ў 4, 3u2 в€’ v 2 в‰Ў 2 (mod 7).
1

This has the solution (u1 , v, w) = (3, 2, 1), which yields a 7-adic solution.
Therefore, we have shown that there is a q-adic solution for all q в‰¤ в€ћ. This
completes the proof of Theorem 8.28.

В© 2008 by Taylor & Francis Group, LLC
244 CHAPTER 8 ELLIPTIC CURVES OVER Q

8.9 Galois Cohomology
In this section, we give the deп¬Ѓnition of the full Shafarevich-Tate group.
This requires reinterpreting and generalizing the descent calculations in terms
of Galois cohomology. Fortunately, we only need the п¬Ѓrst two cohomology
groups, and they can be deп¬Ѓned in concrete terms.
Let G be a group and let M be an additive abelian group on which G acts.
This means that each g в€€ G gives a automorphism g : M в†’ M . Moreover,

(g1 g2 )(m) = g1 (g2 (m))

for all m в€€ M and all g1 , g2 в€€ G. We call such an M a G-module. One
possibility is that g is the identity map for all g в€€ G. In this case, we say that
the action of G is trivial.
If G is a topological group, and M has a topology, then we require that the
action of G on M be continuous. We also require all maps to be continuous.
In the cases below where the groups have topologies, this will always be the
case, so we will not discuss this point further.
A homomorphism П† : M1 в†’ M2 of G-modules is a homomorphism of
abelian groups that is compatible with the action of G:

П†(gm1 ) = g П†(m1 )

for all g в€€ G and all m1 в€€ M1 . Note that П†(m1 ) is an element of M2 , so
g П†(m1 ) is the action of g on an element of M2 . An exact sequence

0 в†’ M 1 в†’ M2 в†’ M3 в†’ 0

is a short way of writing that the map from M1 to M2 is injective, the map from
M2 to M3 is surjective, and the image of M1 в†’ M2 is the kernel of M2 в†’ M3 .
The most common situation is when M1 вЉ† M2 and M3 = M2 /M1 .
More generally, a sequence of abelian groups and homomorphisms

В·В·В· в†’ A в†’ B в†’ C в†’ В·В·В·

is said to be exact at B if the image of A в†’ B is the kernel of B в†’ C. Such
a sequence is said to be exact if it is exact at each group in the sequence.
Deп¬Ѓne the zeroth cohomology group to be

H 0 (G, M ) = M G = {m в€€ M | gm = m for all g в€€ G}.

For example, if G acts trivially, then H 0 (G, M ) = M .
Deп¬Ѓne the cocycles

Z(G, M ) =
{ maps f : G в†’ M | f (g1 g2 ) = f (g1 ) + g1 f (g2 ) for all g1 , g2 в€€ G}.

В© 2008 by Taylor & Francis Group, LLC
245
SECTION 8.9 GALOIS COHOMOLOGY

The maps f are (continuous) maps of sets that are required to satisfy the
given condition. Note that g1 f (g2 ) means that we evaluate f (g2 ) and obtain
an element of M , then act on this element of M by the automorphism g1 .
The set Z is sometimes called the set of twisted homomorphisms from G
to M . It is a group under addition of maps.
We note one important case. If G acts trivially on M , then

Z(G, M ) = Hom(G, M )

is the set of group homomorphisms from G to M .
There is an easy way to construct elements of Z(G, M ). Let m be a п¬Ѓxed
element of M and deп¬Ѓne
fm (g) = gm в€’ m.
Then fm gives a map from G to M . Since

fm (g1 g2 ) = g1 (g2 m) в€’ m
= g1 m в€’ m + g1 (g2 m в€’ m)
= fm (g1 ) + g1 fm (g2 ),

we have fm в€€ Z(G, M ). Let

B(G, M ) = {fm | m в€€ M }.

Then B(G, M ) вЉ† Z(G, M ) is called the set of coboundaries. Deп¬Ѓne the
п¬Ѓrst cohomology group

H 1 (G, M ) = Z/B.

In the important special case where G acts trivially, B(G, M ) = 0 since
gm в€’ m = 0 for all g, m. Therefore

H 1 (G, M ) = Hom(G, M )

is simply the set of group homomorphisms from G to M .
A homomorphism П† : M1 в†’ M2 of G-modules induces a map

П†в€— : H j (G, M1 ) в†’ H j (G, M2 )

of cohomology groups for j = 0, 1. For H 0 , this is simply the restriction of П†
G
to M1 . Note that if gm1 = m1 , then g П†(m1 ) = П†(gm1 ) = П†(m1 ), so П† maps
M1 into M2 . For H 1 , we obtain П†в€— by taking an element f в€€ Z and deп¬Ѓning
G G

(П†в€— (f ))(g) = П†(f (g)).

It is easy to see that this induces a map on cohomology groups.
The main property we need is the following.

В© 2008 by Taylor & Francis Group, LLC
246 CHAPTER 8 ELLIPTIC CURVES OVER Q

PROPOSITION 8.31
An exact sequence
0 в†’ M1 в†’ M2 в†’ M3 в†’ 0
of G-modules induces a long exact sequence

0 в†’ H 0 (G, M1 ) в†’ H 0 (G, M2 ) в†’ H 0 (G, M3 )
в†’ H 1 (G, M1 ) в†’ H 1 (G, M2 ) в†’ H 1 (G, M3 )

of cohomology groups.

For a proof, see any book on group cohomology, for example , ,
or . The hardest part of the proposition is the existence of the map from
H 0 (G, M3 ) to H 1 (G, M1 ).
Suppose now that we have an elliptic curve deп¬Ѓned over Q. Let n be
a positive integer. Multiplication by n gives an endomorphism of E. By
Theorem 2.22, it is surjective from E(Q) в†’ E(Q), since Q is algebraically
closed. Therefore, we have an exact sequence
n
0 в†’ E[n] в†’ E(Q) в†’ E(Q) в†’ 0. (8.17)

Let
G = Gal(Q/Q)
be the Galois group of Q/Q. The reader who doesnвЂ™t know what this group
looks like should not worry. No one does. Much of modern number theory
can be interpreted as trying to understand the structure of this group. The
one property we need at the moment is that

H 0 (G, E(Q)) = E(Q)G = E(Q).

Applying Proposition 8.31 to the exact sequence (8.17) yields the long exact
sequence
n
0 в†’ E(Q)[n] в†’ E(Q) в†’ E(Q)
n
в†’ H 1 (G, E[n]) в†’ H 1 (G, E(Q)) в†’ H 1 (G, E(Q)).

This induces the short exact sequence

0 в†’ E(Q)/nE(Q) в†’ H 1 (G, E[n]) в†’ H 1 (G, E(Q))[n] в†’ 0, (8.18)

where we have written A[n] for the n-torsion in an abelian group A. This
sequence is similar to the sequence

0 в†’ E(Q)/2E(Q) в†’ S2 в†’ в†’0
2

that we met in Section 8.7. In the remainder of this section, weвЂ™ll show how the
two sequences relate when n = 2 and also consider the situation for arbitrary
n.

В© 2008 by Taylor & Francis Group, LLC
247
SECTION 8.9 GALOIS COHOMOLOGY

First, we give a way to construct elements of H 1 (G, E(Q)). Let C be a
curve deп¬Ѓned over Q such that C is isomorphic to E over Q. This means that
there is a map П† : E в†’ C given by rational functions with coeп¬ѓcients in Q
and an inverse function П†в€’1 : C в†’ E also given by rational functions with
coeп¬ѓcients in Q. Let g в€€ G, and let П†g denote the map obtained by applying
g to the coeп¬ѓcients of the rational functions deп¬Ѓning П†. Since C is deп¬Ѓned
over Q, the map П†g maps E to gC = C. Note that

g(П†(P )) = (П†g )(gP ) (8.19)

for all P в€€ E(Q), since the expression g(П†(P )) means we apply g to ev-
erything, while П†g means applying g to the coeп¬ѓcients of П† and gP means
applying g to P .
We have to be a little careful when applying g1 g2 . The rule is

П†g1 g2 = (П†g2 )g1 ,

since applying g1 g2 to the coeп¬ѓcients of П† means п¬Ѓrst applying g2 , then ap-
plying g1 to the result.
We say that a map П† is deп¬Ѓned over Q if П†g (P ) = П†(P ) for all P в€€ E(Q)
and all g в€€ G (this is equivalent to saying that the coeп¬ѓcients of the rational
functions deп¬Ѓning П† can be taken to be in Q, though proving this requires
results such as HilbertвЂ™s Theorem 90).
The map П†в€’1 П†g gives a map from E to E. We assume the following:
Assumption: Assume that there is a point Tg в€€ E(Q) such that

П†в€’1 (П†g (P )) = P + Tg (8.20)

for all P в€€ E(Q). Equation (8.20) can be rewritten as

П†g (P ) = П†(P + Tg ) (8.21)

for all P в€€ E(Q). If we let P = (П†g )в€’1 (Q) for a point Q в€€ C(Q), then the
assumption becomes

П†в€’1 (Q) = (П†g )в€’1 (Q) + Tg , (8.22)

which says that П†в€’1 and (П†g )в€’1 diп¬Ђer by a translation. WeвЂ™ll give an example
of such a map П† below.

LEMMA 8.32
Deп¬Ѓne П„П† : G в†’ E(Q) by П„П† (g) = Tg . Then П„П† в€€ Z(G, E(Q)).

В© 2008 by Taylor & Francis Group, LLC
248 CHAPTER 8 ELLIPTIC CURVES OVER Q

PROOF
в€’1 в€’1
g1 П†(P + Tg1 g2 ) = g1 П†g1 g2 (P )
в€’1
= П†g2 (g1 P ) (by (8.19))
в€’1
= П†(g1 P + Tg2 ) (by (8.21))
в€’1
= g1 П†g1 (P + g1 Tg2 ) (by (8.19))
в€’1
= g1 П†(P + g1 Tg2 + Tg1 ) (by (8.21)).
Applying g1 then П†в€’1 yields
T g 1 g 2 = g1 T g 2 + T g 1 .

This is the desired relation.

Suppose we have curves Ci and maps П†i : E в†’ Ci , for i = 1, 2, as above.
We say that the pairs (C1 , П†1 ) and (C2 , П†2 ) are equivalent if there is a map
Оё : C1 в†’ C2 deп¬Ѓned over Q and a point P0 в€€ E(Q) such that
П†в€’1 ОёП†1 (P ) = P + P0 (8.23)
2

for all P в€€ E(Q). In other words, if we identify C1 and C2 with E via П†1 and
П†2 , then Оё is simply translation by P0 .

PROPOSITION 8.33
The pairs (C1 , П†1 ) and (C2 , П†2 ) are equivalent if and only if the cocycles П„П†1
and П„П†2 diп¬Ђer by a coboundary. This means that there is a point P1 в€€ E(Q)
such that
П„П†1 (g) в€’ П„П†2 (g) = gP1 в€’ P1
for all g в€€ G.

i
PROOF For i = 1, 2, denote П„П†i (g) = Tg , so

П†g (P ) = П†i (P + Tg )
i
(8.24)
i

for all P в€€ E(Q). Suppose the pairs (C1 , П†1 ) and (C2 , П†2 ) are equivalent, so
there exists Оё : C1 в†’ C2 and P0 as above. For any P в€€ E(Q), we have
P + Tg + P0 = П†в€’1 ОёП†1 (P + Tg )
1 1
(by (8.23))
2
= П†в€’1 ОёП†g (P ) (by (8.24))
2 1
 << стр. 2(всего 3)СОДЕРЖАНИЕ >>