Loading...

Summer Research Fellowship Programme of India's Science Academies

Pell's equation and Rational points on elliptic curve

Sreejani Chaudhury

University of Hyderabad, Prof. C.R.Rao Road, Gachibowli, Hyderabad, Telangana 500064

Dr. Anirban Mukhopadhyay

The Institute of Mathematical Sciences, IV cross road, CIT campus, Taramani, Chennai, Tamil Nadu 600113

Abstract

In the quest of solving a problem of finding natural numbers which are simultaneously triangular and square, we landed in the field of Pell's Equations and its different types. Closer investigations lead to interesting observation regarding its nature and solutions. Elementary modifications in coefficients resulted in a few more observations. Then, we looked into Negative Pell's Equations. At one point, from finding the integral solution for a generalized Diophantine biquadratic equation, we shifted our interest to rational solutions for such equations. Thus, we ended up in cultivating rational points on unit circle, which eventually was reduced to geometry of cubic curves. We introduced the idea of projective geometry, with constant comparison between points on Euclidean (affine) plane and projective plane. We tried constructing a group out of the rational points on the cubic curve, defining composition as group operation. It is assigned the nature of an additive group. Next, we tried addressing Mordell’s theorem (naively). For this, we reduced generalized cubic curves to Weierstrass Normal form. Explicit formulae for group laws were also cultivated with the help of examples of elliptic curves.

Keywords: Negative Pell’s equation, projective geometry, Mordell’s theorem, Weierstrass Normal form, elliptic curve

INTRODUCTION

Background

Like Diophantine equations, one of its special type, namely Pell's equation, has also been of great interest to mathematicians around the globe since long. It is heard that Euler, after a recursory reading of Wallis's Opera Mathematica, mistakenly attributed the first serious study of non-trivial solutions of such equations to John Pell. However there is no evidence that Pell, professor of University of Amsterdam, had ever considered solving such equations; while many other noted mathematicians like Fermat, Archimedes, Theon of Smyrna, Diophantus, Brahmagupta, Bhaskaracharya is found to have put immense effort and interest in developing the theory for such equations, for integral solutions of the variables. The standard form of the Pell-equation is x2    dy2  =  1x^2\;-\;dy^2\;=\;1 where dd is a square free natural number. We aim to find the solution for xx and yy in Z\mathbb{Z}; when it is of the form x2    dy2  =  ax^2\;-\;dy^2\;=\;a​, it is called Pell-type equation.

Rationale

Investigations regarding the solutions and solvability of Pell and Pell-type equation lead us to look into rational solution for different equation by a geometric approach. It involves finding of rational points on a particular curve, integers being a very tiny part of it. This extension was further carried forward to a special form of curves called 'Elliptic Curves'. Astonishing facts were observed during the study which has far reaching impact in the fields of Diophantine equations, Cryptography, Factoring, Primality testing, and Public-key cryptosystems.

Statement of the Problem

We initially started with an elementary problem in number theory which goes like:

The first two numbers that are both triangular and square simultaneously are 1 and 36. Find the next one and, if possible the one after that. Can you figure out an efficient way to find triangular-square numbers? Do you think that there are infinitely many such numbers?

Addressing the problem:

We know, the triangular numbers can be represented as n(n+1)2\frac{n(n+1)}2 and the square number as m2m^2, for some n,mNn,m\in\mathbb{N}

According to the condition,

n(n+1)2  =  m2\frac{n(n+1)}2\;=\;m^2
n(n+1)  =  2  m2n(n+1)\;=\;2\;m^2

Now, without loss of generality, we may consider nn to be odd i.e. n  =  2k1,  kNn\;=\;2k-1,\;k\in\mathbb{N}

Putting in equation ​Equation 2​, we get,

(2k1)(2k)  =  2m2(2k-1)(2k)\;=\;2m^2
k(2k1)  =m2k(2k-1)\;=m^2

Now, if the product of two distinct coprime positive integers is a perfect square then each of them individually should be perfect squares. Hence, let   k=x12\;k=x_1^2and (2k1)  =  x22(2k-1)\;=\;x_2^2 we get,

2x12    1  =  x222x_1^2\;-\;1\;=\;x_2^2
2x12    x22  =  12x_1^2\;-\;x_2^2\;=\;1

This is of the form 2y2    x2  =  12y^2\;-\;x^2\;=\;1. Thus, it got reduced to our Pell's Equation.

Objective

  • To study Pellian equations
  • To study rational points of known order on non-singular elliptic curve

PELL'S EQUATIONS

The equation of the form x2  dy2  =  1  x^2\;-dy^2\;=\;1\; is called a Pell's Equation.

Why does the definition of Pell's equation assume d to be square-free?

Suppose, d is a square number, i.e. let d=c2d=c^2 , cZc \in \mathbb{Z}. Thus the equation can be factorized
as (x+cy)(xcy)=1(x+cy)(x-cy)=1 but this is impossible for integral x and y, as two integers
multiplied cannot give 1, if not each equal to 1.

Since, we are unable to find a factorization in Z\mathbb{Z} , we would look for a factor in Z[d]\mathbb{Z}[\sqrt{d}] where d is non-zero square-free integer.

Our equation can be factorised as (x+yd)(xyd)=1(x+y\sqrt{d})(x-y\sqrt{d})=1. The set of numbers of the
form (x+yd)(x+y\sqrt{d})with x,yZx,y \in \mathbb{Z}, in denoted as Z[d]\mathbb{Z}[\sqrt{d}]. In fact, (Z[d],+,.)(\mathbb{Z}[\sqrt{d}], +, .) forms a ring.

We know, the conjugate the conjugate elements of an algebraic element α\alpha , over a field extension Z\mathbb{Z}, are the roots of the minimal polynomial mZ,α(x)m_{\mathbb{Z},\alpha}(x) of α\alpha over Z    mZ,α(α)=0\mathbb{Z} \implies m_{\mathbb{Z},\alpha}(\alpha) =0. If z=x+ydz= x+y\sqrt{d}, then its conjugate is defined and denoted as z=xyd\overline z = x- y\sqrt{d} , and its norm as N(z)=zz=x2dy2ZN(z)=z\overline z = x^2 -dy^2 \in \mathbb{Z}.

The norm and conjugates are multiplicative in  Z \mathbb{Z} , i.e.,

  • N(z1z2)=N(z1)N(z2)N(z_1z_2)=N(z_1)N(z_2)
  • z1z2=z1z2\overline{z_1z_2}=\overline z_1 \overline z_2

Solution to Pell's Equation

Let us denote the Pell's equation as N(z)=1N(z)=1 with minimal solution as (u0,v0)(u_0,v_0). Minimal solution is trivially (1,0) in such cases.

Theorem.

Given d>0, the equation

u2dy2=1u^2-dy^2=1

has infinitely many solutions in positive integers.

The general solution is given by (un,vn)n0(u_n,v_n)_{n\geq0} ,

un+1=u1un+dv1vnu_{n+1}= u_1u_n+dv_1v_n
vn+1=unv1+u1vnv_{n+1}=u_nv_1+u_1v_n

where (u1,v1) (u_1,v_1) is its least non-trivial solution.

Proof.

Existence of fundamental solution (u1,v1)(u_1,v_1): ​​

Let, c1>0,c1Zc_1>0, c_1 \in \mathbb{Z} , we have to show that   t1,w11\exists\; t_1,w_1 \geq 1 such that ​

t1w1d<1c1,w1c1|t_1− w_1\sqrt{d}|< \frac{1}{c_1},w_1\leq c_1

Considering, lk=[kd+1],  k=0,,c1l_k=\left[k\sqrt {d}+1\right],\;k=0,\dots,c_1 yields 0lkkd1,  k=0,,c10\leq l_k-k\sqrt d\leq1,\;k=0,\dots,c_1 and, since, d\sqrt d is an irrational number, lk'  lk" whenever k'k" . As there are c1c_1 intervals in (p1c1,pc1),p=1,...,c1,c1+1(\frac{p-1}{c_1}, \frac{p}{c_1}), p=1, ... , c_1, c_1 +1 numbers of the form lkkd,k=1,...,c1l_k - k\sqrt{d}, k=1, ... , c_1, by Pigeonhole Principle, there exists i,j,p{0,1,2,...,c1},ij,p0i,j,p \in \{0,1,2,..., c_1\},i \neq j, p \neq 0 such that

p1c1liidpc1\frac{p-1}{c_1} \leq l_i- i\sqrt{d} \leq \frac{p}{c_1}
p1c1ljjdpc1\frac{p-1}{c_1} \leq l_j- j\sqrt{d} \leq \frac{p}{c_1}

Since the inequality leads to (lilj)(ji)d<1c1\left|(l_i-l_j)-(j-i)\sqrt d\right|<\frac1{c_1}, and putting (lilj)=t1  and  ji=w1\left|(l_i-l_j)\right|=t_1\;\mathrm{and}\;\left|j-i\right|={\mathrm w}_1 . So, we get the previous expression t1w1d<1c1|t_1− w_1\sqrt{d}|< \frac{1}{c_1} and w1c1w_1 \leq c_1. Now multiplying this inequality by t1+w1d<2w1d+1|t_1+w_1\sqrt{d}| < 2w_1\sqrt{d}+1 we get,

t12w12d<2w1c1d+1c1<2d+1\left|t_1^2-w_1^2d\right|<2\frac{w_1}{c_1}\sqrt d+\frac1{c_1}<2\sqrt d+1

Choosing a positive integer c2>c1c_2>c_1 such that t1w1d>1c2\left|t_1-w_1d\right|>\frac1{c_2} , we obtain positive integers t2,  c2t_2,\;c_2 with the properties

t22w22d<2d+1\left|t_2^2-w_2^2d\right|<2\sqrt d+1

and

t1t2+w1w20\left|t_1-t_2\right|+\left|w_1-w_2\right|\neq0

By continuing this procedure, we find a sequence of distinct pairs (tn,wn)n1(t_n,w_n)_{n\geq1} satisfying the inequalities

tn2wn2d<2d+1    for  nZ+\left|t_n^2-w_n^2d\right|<2\sqrt d+1\;\;\mathrm{for}\;n\in\mathbb{Z}^+

Thus the interval (2d1,2d+1)(-2d-1,2d+1) contains a non-zero integer k such that there exists a subsequence of (tn,wn)n1(t_n,w_n)_{n\geq1} satisfying the equation t2w2d=kt^2-w^2d=k. This subsequence contains at least two pairs of (tp,wp),  (tq,wq)(t_p,w_p),\;(t_q,w_q) for which tptq(modk)t_p\equiv t_q(mod\left|k\right|)

wpwq(modk)w_p\equiv w_q(mod\left|k\right|), and tpwqtqwp0t_pw_q-t_qw_p\neq0, otherwise tp=tqt_p=t_qand wp=wqw_p=w_q , in contradiction with tptq+wpwq0\left|t_p-t_q\right|+\left|w_p-w_q\right|\neq0, refer ​Equation 11​.​

Let t0=tptqdwpwqt_0=t_pt_q-dw_pw_q and w0=tpwqtqwpw_0=t_pw_q-t_qw_p then t02w02d=k2t_0^2-w_0^2d=k^2

On the other hand, as the solutions of Pell's equation ​Equation 7 are of the form ​Equation 15​, we can approximate the value of d\sqrt{d}, d being square-free. If (uk,vk)(u_k,v_k) is one of the solutions of ​Equation 7​ for some kNk \in \mathbb{N}, then

The pair (u,v)(u,v) where u=t0ku=\frac{t_0}{\left|k\right|} and v=w0kv=\frac{w_0}{\left|k\right|} are non-trivial solution to Pell equation​​.

Let (u1,v1)(u_1,v_1) be the least such solution with u (and implicitly v) minimal. Now we show that the pair (un,vn)(u_n,v_n) defined by ​​Equation 7​ satisfies Pell's equation ​​Equation 7​​ by principle of mathematical induction on n. If (u1,v1)(u_1,v_1) is a solution to the equation ​​Equation 7​​, then (un,vn)(u_n,v_n) is also a solution for n>1,nNn >1, n\in \mathbb{N}. We proceed with assumption (un,vn)(u_n,v_n) is a solution, need to show for n+1.​ ​

u2n+1dv2n+1=(u1un+dv1vn)2d(v1un+vnu1)2{u^2}_{n+1}-d{v^2}_{n+1}=(u_1u_n+dv_1v_n)^2-d(v_1u_n+v_nu_1)^2
=(u12dv12)(un2dvn2)  =  1=(u_1^2-dv_1^2)(u_n^2-dv_n^2)\;=\;1

i.e. the pair (un+1,vn+1)(u_{n+1},v_{n+1}) is also a solution to the Pell's equation.

Thus, for all positive integer n,

un+vnd=(u1+v1d)nu_n+v_n\sqrt d=(u_1+v_1\sqrt d)^n

​Equation 17​​ also yields the trivial solution (u0,v0)=(1,0)(u_0,v_0)=(1,0)

Let zn=un  +vnd=  (u1+v1d)nz_n=u_{n\;}+v_n\sqrt d=\;(u_1+v_1\sqrt d)^n and note that z0<z1<z2<<zn<z_0<z_1<z_2<\dots<z_n<\dots

We will prove now that all solutions to the ​​ are of the form un+vnd=(u1+v1d)nu_n+v_n\sqrt d=(u_1+v_1\sqrt d)^n. Indeed, if the ​​had a solution (u,v)(u,v) such that u+vdu+v\sqrt d is not of the form of ​​Equation 15​​ then zm<z<zm+1z^m<z<z^{m+1} for some integer m.

Then 1<  (u+vd)(umvmd)<(u1+v1d)1<\;(u+v\sqrt d)(u_m-v_m\sqrt d)<(u_1+v_1\sqrt d) and therefore 1<  (uumdvvm)  +(umvuvm)d<(u1+v1d)1<\;(uu_m-dvv_m)\;+(u_mv-uv_m)\sqrt d<(u_1+v_1\sqrt d).

On the other hand, (uumdvvm)2d(umvuvm)2=(u2dv2)(um2dvm2)=1(uu_m-dvv_m)^2-d(u_mv-uv_m)^2=(u^2-dv^2)(u_m^2-dv_m^2)=1, i.e., (uumdvvm  ,  umvuvm)(uu_m-dvv_{m\;},\;u_mv-uv_m)is a solution of ​​ smaller than (u1,v1)(u_1,v_1) in contradiction with the assumption that (u1,v1)(u_1,v_1) is the minimal non-trivial solution.(q.e.d)

Remarks

The ​​Equation 8​​ and ​​can be expressed in matrix form as the following:

(un+1vn+1)&ThickSpace;&ThickSpace;=(u1dv1v1u1)(unvn)\begin{pmatrix}u_{n+1}\\v_{n+1}\end{pmatrix}\;\;=\begin{pmatrix}u_1&amp;dv_1\\v_1&amp;u_1\end{pmatrix}\begin{pmatrix}u_n\\v_n\end{pmatrix}

where (unvn)=(u1dv1v1u1)n(u0v0)\begin{pmatrix}u_n\\v_n\end{pmatrix}=\begin{pmatrix}u_1&dv_1\\v_1&u_1\end{pmatrix}^n\begin{pmatrix}u_0\\v_0\end{pmatrix}.

If we take (u1dv1v1u1)=(anbncndn)\begin{pmatrix}u_1&amp;dv_1\\v_1&amp;u_1\end{pmatrix}=\begin{pmatrix}a_n&amp;b_n\\c_n&amp;d_n\end{pmatrix} then it is understood that an,bn,cn,dn are linear combination of λ1n, λ2n where λ1,λ2 are the eigenvalues of the matrix (u1dv1v1u1)\begin{pmatrix}u_1&amp;dv_1\\v_1&amp;u_1\end{pmatrix}.

un=(u1+dv1)n&ThickSpace;+(u1dv1)n2u_n=\frac{(u_1+\sqrt dv_1)^n\;+(u_1-\sqrt dv_1)^n}2

and

vn=(u1+dv1)n(u1dv2)n2dv_n=\frac{(u_1+\sqrt dv_1)^n-(u_1-\sqrt dv_2)^n}{2\sqrt d}

On the other hand, as the solutions of Pell's equation ​Equation 7 are of the form ​Equation 15​, we can approximate the value of d\sqrt{d}, d being square-free. If (uk,vk)(u_k,v_k) is one of the solutions of ​Equation 7​ for some kNk \in \mathbb{N}, then

uk    vkd  =1uk+vkdu_k\;-\;v_k\sqrt d\;=\frac1{u_k+v_k\sqrt d}

Thus, it follows that

ukvkd  =  1vk(uk+vkd)<1vn2d<1vn2\frac{u_k}{v_k}-\sqrt d\;=\;\frac1{v_k(u_k+v_k\sqrt d)}<\frac1{v_n^2 \sqrt d}<\frac1{v_n^2}

Thus, we may also write

limk  ukvk=d\lim_{k\rightarrow\infty}\;\frac{u_k}{v_k}=\sqrt d

In other words, the fraction ukvk\frac{u_k}{v_k} approximates to d\sqrt d with an error term less than 1vk2\frac1{v_k^2}.

Equation of type ax2-by2=1

Considering a general equation of the form

ax2-by2=1

where a,b. If =4ab>0, then we may reduce it to Pellian equation by continued fraction method. Detailed discussion on this method can be found in ​Andreescu, et al, 2015​.

Observation:

If ab=k2ab=k^2 , where k is an integer greater than 1, then the ​Equation 22​ does not have solutions in positive integers.

Prof. Assume that ​​Equation 22​​ has a solution (x, y), where x, y are positive integers. Then ax2by2=1ax^2-by^2=1 , and clearly a and b are relatively prime. From the condition ab=k2ab=k^2 it follows that a=k12a=k_1^2and b=k22b=k_2^2 for some positive integer k1k_1and k2k_2. The

relation k12x2k22y2&ThickSpace;&ThickSpace;=&ThickSpace;1k_1^2x^2-k_2^2y^{2\;}\;=\;1 can be written as (k1x+k2y)(k1xk2y)=1(k_1x+k_2y)(k_1x-k_2y)=1. This is not possible simultaneously for positive integral x,y,k1,k2 as atleast one term in the expression should be less than 1.

From this, we may easiely deduce the Pell's Resolvent for equations of the form of ​Equation 22​, as

u2abv2=1u^2-abv^2=1

Suppose, the ​​Equation 22​​ has solution in positive integers, then by the afore mentioned procedure, the general solution (xn,yn)n0(x_n,y_n)_{n\geq0} in terms of smallest solution (x0,y0)(x_0,y_0) , is given as

xn=x0un+by0vnx_n=x_0u_n+by_0v_n

and

yn=y0un+ax0vny_n=y_0u_n+ax_0v_n

where (un,vn)n0(u_n,v_n)_{n\geq0} is the general solution to the Pell's Resolvent.

An easy cross-verification would be the following:

ax2by2=a(x0un+by0vn)2  b(y0un+ax0vn)2  =  (ax02by02)(un2abvn2)=1.1=1ax^2-by^2\\=a(x_0u_n+by_0v_n)^2-\;b(y_0u_n+ax_0v_n)^{2\;}\\=\;(ax_0^2-by_0^2)(u_n^2-abv_n^2)\\=1.1\\=1

Remarks:

(1) Relation between the fundamental solution (u1,v1)(u_1,v_1) of Pell's Resolvent and the smallest solution (x0,y0)(x_0,y_0) to ​Equation 22​ , will be

u1±v1ab  =  (x0±y0ab)2u_1\pm v_1\sqrt{ab}\;=\;(x_0\pm y_0\sqrt{ab})^2

(2) Comparing ​​​ Equation 20 & 21​​ and ​ Equation 27 & 28​​, we get

xn=12a[(x0a+y0b)2n+1  +  (x0ay0b)2n+1]x_n=\frac1{2\sqrt a}\left[(x_0\sqrt a+y_0\sqrt b)^{2n+1}\;+\;(x_0\sqrt a-y_0\sqrt b)^{2n+1}\right]

and

yn=12b[(x0a+y0b)2n+1(x0ay0b)2n+1]y_n=\frac1{2\sqrt b}\left[(x_0\sqrt a+y_0\sqrt b)^{2n+1}-(x_0\sqrt a-y_0\sqrt b)^{2n+1}\right]

(3) Matrix form of the solution is the following:

(xnyn)=(x0by0y0ax0)(unvn)=(x0by0y0ax0)(u1abv1v1u1)n(u0v0)\begin{pmatrix}x_n\\y_n\end{pmatrix}=\begin{pmatrix}x_0&amp;by_0\\y_0&amp;ax_0\end{pmatrix}\begin{pmatrix}u_n\\v_n\end{pmatrix}=\begin{pmatrix}x_0&amp;by_0\\y_0&amp;ax_0\end{pmatrix}\begin{pmatrix}u_1&amp;abv_1\\v_1&amp;u_1\end{pmatrix}^n\begin{pmatrix}u_0\\v_0\end{pmatrix}

(4) The next result is further generalisation:

If 1<a<b1<a<b are integers such that ab is square-free, then at most one of the two equations ax2by2=±1ax^2-by^2=\pm1 is solvable. Elaborate discussion can be found in ​Nagell, et al, 1954​.

Algebraic property of the Solution to Equation ax2by2=1ax^2-by^2=1:

Defining F(xn,yn):=(x0a+y0b)  2=(ax02+by02)  +  2x0y0abF(x_n,y_n):=(x_0\sqrt a+y_0\sqrt b)^{\;2}=(ax_0^2+by_0^2)\;+\;2x_0y_0\sqrt{ab} for a solution (xna+ynb)(x_{n}\sqrt a+y_n\sqrt b)of ​Equation 22​ , then the following holds:

Properties:

  • F(x,y)=F(x,y)F(-x,-y)=F(x,y)
  • F(x,y)=F(x,y)F(x,-y)=F\overline{(x,y)} , the conjugate of F(x,y)
  • F((x,y).(r,s))=F(x,y).(r,s)2F((x,y).(r,s))=F(x,y).(r,s)^2 or F((x,y).(r,s))=F(x,y).(r+sab)2F((x,y).(r,s))=F(x,y).(r+s\sqrt{ab})^2

The Negative Pell's Equation

Unlike the equation x2dy2=1x^2-dy^2=1 which is usually solvable for square-free d, the equation

x2dy2=1x^2-dy^2=-1

is solvable only for some particular values of d.

In Olds, et al, 2009, it is explicitly shown that if r is the period of the expansion of d\sqrt d in continued fractions, then, if r is even, the ​Equation 31​ has no solution. If r is odd, then x=hnr1x=h_{nr-1}and y=knr1y=k_{nr-1} give all positive solutions to ​Equation 31​ for n=1,3,5,...

Equations of the form ​Equation 31​ are called Negative Pell's Equation.

The solution in general and in matrix representation can be found as before.

Theorem

Let p be a prime ≥ 3. The Negative Pell’s Equation

x2py2=1x^2-py^2=-1

is solvable in positive integers if and only if p1(mod  4)p\equiv1(mod\;4).

Proof. Let us suppose that the ​Equation 32​ is solvable. Then there are positive integers u,v such that u2pv2=1u^2-pv^2=-1​i.e., u2(1)=pv2u^2-(-1)=pv^2. Reading this equation modulo p, we get u2(1)0(mod  p)    1u2(mod  p)u^2-(-1)\equiv{0 (\mod p)} \implies -1 \equiv{u^2 (\mod p)}.

Considering (ap)\left(\frac ap\right) be the Legendre symbol, by definition we know,

(1p)={+1 ,p1(mod  4)1 ,p3(mod  4)( \frac{1}{p} )=\left\{\begin{array}{c}+1{\ }, p\equiv{1 (\mod 4)}\\ -1 {\ }, p\equiv{3 (\mod 4)}\end{array}\right.

Then, by Quadratic Reciprocity, we have (1p)=+1\left( \frac {-1}{p} \right)=+1 . Hence, (1p)=(1)p12    p1(mod  4)\left(\frac{-1}p\right)=(-1)\frac{p-1}2 \implies p\equiv1(mod\;4).

Let (u0,v0)(u_0,v_0) be the fundamental solution to the Pell’s resolvent u2pv2=1u^2-pv^2=1.

Then u021=pv02u_0^2-1=pv_0^2, and u0u_0 cannot be even, for in this case we should have 1p(mod  4){-1}\equiv p(mod\;4).

Hence u0u_0is odd and the numbers u01u_0 -1and u0+1u_0+1 have the greatest common divisor 2.

Therefore u0±1=2α2u_0\pm1=2 \alpha ^2and u01=2pβ2u_0\mp1=2p\beta^2, where α and β are positive integers such that v0=2αβv_0=2\alpha\beta.

By elimination of u0u_0 we get ±1=α2pβ2\pm1= \alpha^2-p\beta^2. Since β<v0\beta<v_0 , we cannot have the upper sign.

Thus, 1=α2pβ2{-1}=\alpha^2-p\beta^2 proves the theorem.​(q.e.d)

RATIONAL POINTS ON ELLIPTIC CURVES

The Diophantine quadratic equation

ax2+bxy+cy2+dx+ey+f=0ax^2+bxy+cy^2+dx+ey+f=0

with integral coefficients a, b, c, d, e, f reduces in its main case to a Pell-type equation. The general method of reduction is the following:

The ​​Equation 34​​ represents a conic in the Cartesian plane, therefore solving ​​Equation 34​​ in integers means finding all lattice points situated on this conic. We will solve the ​​Equation 34​​ by reducing the general equation of the conic to its canonical form. We introduce the discriminant of the ​​Equation 34​​ by Δ=b24ac\Delta=b^2-4ac. When Δ<0\Delta<0, the conic defined by ​​Equation 34​​ is an ellipse and in this case the given equation has only a finite number of solutions. If Δ = 0, then the conic given is a parabola. If 2aebd=02ae − bd = 0, then the ​​Equation 34​becomes (2ax+by+d)2=d24af(2ax+by+d)^2=d^2-4af and it is not difficult to solve. In the case 2aebd02ae-bd\neq0, by performing the substitutions X=2ax+by+dX= 2ax+by+d and Y=(4ae2bd)y+4afd2Y=(4ae-2bd)y+4af-d^2, the ​​Equation 34​​ reduces to X2+Y=0X^2+Y=0 which is also easy to solve. The most interesting case is Δ>0\Delta>0, when the conic defined by ​​Equation 34​​ is a hyperbola. Using a sequence of substitutions, the ​​Equation 34​​ reduces to general Pell-type Equation:

X2dY2=NX^2-dY^2=N

We say that the conic curve given by ​Equation 34​ is rational if the coefficients are rationals instead of integers. Similarly, a point in the X-Y plane is called a rational point if both its coordinates (x,y)(x,y) are rational numbers; a line a rational line if the equation of the line can be written with rational numbers; that is, if its equation is ax+by+c=0ax+by+c=0 with a,b,c rational.

  • Now what about the intersection of a rational line with a rational conic? Will it be true that the points of intersection are rational. Using analytic geometry to find the coordinates of these points, a quadratic equation for the x-coordinate of the intersection can be obtained. In such case, the quadratic equation will have rational coefficients. In other words, the two points of intersection will be rational if and only if the roots of that quadratic equation are rational; in general, they might be quadratic irrationalities.
  • Let us suppose that one of the rational point O on our rational conic is known to us, then can we get all of them very simply? More generally, on a given rational conic whether there are any rational points? One solution is just to draw some rational line and project the conic onto the line from this point O. (Projection is by the tangent line to the conic at O.) A line meets a conic in two points, so for every point P on the conic, there will be a point Q on the line, and vice verse. We get a one-to-one correspondence between the points on the conic and points on the line. Now, the rational points on the line are easily described in terms of rational values of some parameter.

Let us exercise it for a unit circle with the equation x2+y2=1x^2+y^2=1. We choose the point (-1,0) and project it onto the y-axis and let (0,t) be a point on the circle. The equation of the line joining (-1,0) and (0,t) will be y=t(x+1)y=t(x+1) . So, the point of intersection (x,y) will be given as 1x2=y2=t2(1+x2)1-x^2=y^2=t^2(1+x^2)​.

rat poi1.png
    Rational Parametrization and one-one correspondence

    Solving x and y in terms of t, we get, the familiar rational parametrization of the circle as

    x=1t21+t2x=\frac {1-t^2}{1+t^2}
    y=2t1+t2y=\frac {2t} {1+t^2}

    We now extend this to cubics.

    Let ax3+bx2y+cxy2+dy3+ex2+fxy+gy2+hx+iy+j=0ax^3+bx^2y+cxy^2+dy^3+ex^2+fxy+gy^2+hx+iy+j=0 be the equation of a general cubic. We say that a cubic is rational if the coefficients of its equation are rational numbers. We cannot use the geometric principle that worked so well for conics because a line generally meets a cubic in three points. And if we have one rational point, we cannot project the cubic onto a line, because each point on the line would then correspond to two points on the curve.

    But there is a geometric principle we can use. If we can find two rational points on the curve, then we can generally find a third one. Namely, draw the line connecting the two points you have found. This will be a rational line, and it meets the cubic in one more point. To find three intersections of a rational line with a rational cubic, we find that we come out with a cubic equation with rational coefficients. If two of the roots are rational, the third must also be so.

    Geometrically, we can define some composition laws: Starting with two points P and Q, we draw the line through P and Q and let P * Q denote the third point of intersection of the line with the cubic. Even if we only have one rational point P, we can still generally get another. By drawing the tangent line to the cubic at P, we are essentially drawing the line through P and P. The tangent line meets the cubic twice at P, and the same argument will show that the third intersection point is rational. Then we can join these new points up and get more points. So if we start with a few rational points, then by drawing lines, we generally get lots of others.

    rat poi2.png
      Composition of points on cubic

      Mordell's Theorem

      If a non-singular plane cubic curve has a rational point, then the group of rational points is finitely generated.

      In order to prove the above theorem, we would require some more insights into the geometry of curves. In general, two cubic curves meet in nine points. Stating Bezout's theorem naively,

      • Let C, C1, and C2 be three cubic curves. Suppose С goes through eight of the nine intersection points of C1 and C2. Then С goes through the ninth intersection point.

      Let F1(x,y) = 0 and F2(x,y) = 0 be the cubic equations giving C1 and C2. We can then find cubics going through the eight points by taking linear combinations λ1F1+λ2F2\lambda_1F_1+\lambda_2F_2. Because the cubics going through the eight points form a one dimensional family, and because the set of cubics λ1F1+λ2F2\lambda_1F_1+\lambda_2F_2 is a one dimensional family, we see that the cubic С has an equation λ1F1+λ2F2=0\lambda_1F_1+\lambda_2F_2=0 for a suitable choice of λ1,λ2\lambda_1,\lambda_2. Now about the ninth point - Since that ninth point is on both C1and C2, we know that F1(x,y) and F2(x,y) both vanish at that point. It follows that λ1F1+λ2F2\lambda_1F_1+\lambda_2F_2 also vanishes there, and this means that С also contains that point.

      Reformulating Mordell's theorem, if we have any two rational points on a rational cubic, say P and Q, then we can draw the line joining P to Q, obtaining the third point which we denoted P * Q. The set of all rational points on the cubic can be considered and assigned a law of composition. Cultivating upon the algebraic structure of the set along with the composition laws whether a group or not, we define the identity O as the zero element. (We will denote the group law by "+" because it is going to be a commutative nature.) The rule is as follows:

      To add P and Q, take the third intersection point P*Q, join it to O, and then take the third intersection point to be P + Q. Thus by definition, P + Q = O*(P*Q).

      rat poi3.png
      Group Law on cubic
        rat poi4.png
        Verifying O is the zero element
          • What is the negative of the point Q?

          The negative of Q is the reflected point; i.e.if Q=(x,y) then —Q=(x,—y). To verify the negative, let us add Q and —Q. To do this we take the third intersection of the line through Q and —Q, which is S; and then join S to О and take the third intersection point S * O. But the line through S and O, because it is tangent to the cubic at O, meets the cubic once at S and twice at O. So the third intersection is the second time it meets O. Therefore, Q+(—Q) = O.

          rat poi5.png
            Negative of a point

            To prove the associativity: Let P, Q, R be three points on the curve. We want to prove that (P + Q)+R = P + (Q + R). To get P+Q, we form P*Q and take the third intersection of the line connecting it to O. To add P+Q to R, we draw the line from R through P+Q, and that meets the curve at (P + Q) * R. To get (P + Q)+ R, we would have to join (P + Q) * R to О and take the third intersection. To show (P + Q) + R = P + (Q + R), it will be enough to show that (P + Q) * R = P * (Q + R). We show it pictorially.

            rat poi6.png
              Verifying Associative law

              Thus, we have successfully formed a group structure on the set of rational points. Now we would reduce it to Weierstrass Normal Form. On other words, we need to show that every cubic is birationally equivalent to a cubic of this type. Using a little bit of projective geometry, we consider a rational point О on C, and Z = 0 to be the tangent line to С at O. This tangent line intersects С at one other point, and we take the X = 0 axis to be tangent to С at this new point. Finally, we choose Y = 0 to be any line (other than Z = 0) which goes through 0. After choosing axes in this fashion, if we consider x=XZx=\frac {X}{Z} and y=YZy=\frac {Y}{Z}, then we get some linear conditions on the form the equation will take in these coordinates. This is called a projective transformation.

              Skipping the algebra, we get to the end equation given as:

              xy2+(ax+b)y=cx2+dx+exy^2+(ax+b)y=cx^2+dx+e
              (xy)2+(ax+b)xy=cx3+dxy+ex(xy)^2+(ax+b)xy=cx^3+dxy+ex

              Calling the variable xy as y, we get,

              y2+(ax+b)y=cubic in xy^2+(ax+b)y=cubic  in  x

              Replacing y(ax+b)2y-\frac{(ax+b)}{2} another linear transformation which amounts to completing the square on the left-hand side of the equation, we obtain y2=cubic  in  xy^2=cubic\; in\; x. So we do finally get an equation in Weierstrass form. To get rid of the x2x^2 term in the cubic, replace x by x — α\alpha for an appropriate choice of α\alpha.

              A cubic equation in normal form looks like

              y2=ax3+bx2+cx+dy^2=ax^3+bx^2+cx+d

              Assuming that the (complex) roots of f(x) are distinct, such a curve is called an elliptic curve. (More generally, any curve birationally equivalent to such a curve is called an elliptic curve.)

              Now we are going to look deeper into the explicit formula of group laws.

              Homogenising the cubic equation y2=x3+ax2+bx+cy^2=x^3+ax^2+bx+c as x=XZx=\frac {X}{Z} and y=YZy=\frac{Y}{Z} yielding Y2Z=X3+aX2Z+bXZ2+cZ3Y^2Z= X^3+ aX^2Z+bXZ^2+cZ^3

              • How do we add two points P and Q on a cubic equation in Weierstrass form? First we draw the line through P and Q and find the third intersection point P * Q. Then we draw the line through P * Q and 0, which is just the vertical line through P*Q. A cubic curve in Weierstrass form is symmetric about the x axis, so to find P + Q, we just take P * Q and reflect it about the x axis. This procedure is illustrated in the following figure-
              rat poi7.png
                Adding points to Weierstrass cubic

                Explicit formulae for group addition operation

                Let, P1(x1,y1),P2(x2,y2)   P_1\equiv(x_1,y_1), P_2\equiv(x_2,y_2)\;  then,   P1P2(x3,y3) P1+P2=(x3,y3)\; P_1*P_2 \equiv (x_3,y_3) \\ P_1+P_2=(x_3,-y_3). This is how we quantitively find the points. But, in order to prove Mordell's theorem, we would need some more rigor!

                Heights and descents

                Defining height of a rational point x=mnx=\frac m n reduced to its lowest terms, as

                H(x)=H(mn)=max{m,n}H(x)=H(\frac mn)=max\{\left|m\right|,\left|n\right|\}

                Thus, height of any rational number is a positive integer, with the following property:

                Finiteness property of heights. The set of all rational numbers whose height is less than a fixed positive integer is a finite set.

                Suppose, y2=f(x)=x3+ax2+bx+cy^2=f(x)=x^3+ax^2+bx+c be the non-singular cubic curve C with integer coefficient a,b,c; and if P=(x,y) is a rational point on the curve, then we defined height of P as simply the height of its x-coordinate

                H(P)=H(x)=H(mn)=max{m,n}H(P)=H(x)=H(\frac mn)=max\{\left|m\right|,\left|n\right|\}

                The property H(P+Q)=H(P)H(Q)H(P+Q)=H(P)H(Q) shows that the height has somewhat multiplicative structure. But, as we have always wanted to have an additive structure, we reduce H to "small h", which is defined as h(P)=log  H(P)h(P)=log\;H(P). Parallely, h is always a non-negative real number.

                Note: "h" of rational points on curve C follow finiteness property; i.e. if M be a postive number, then the set {PC(Q):h(P)M}{PC(Q):h(P)M} is a finite set. Again, H(O)= 1 is defined this way.

                Our ultimate aim is to show that the group of rational points C(Q)C\left(\mathbb{Q}\right) is finitely generated. We would need following four lemmata for the finite generation argument:

                • Lemma I . For every real number M, the set {PC(Q):h(P)M}\{P\in C(\mathbb{Q}):h(P)\leq M\} is finte set.
                • Lemma II. Let P0 be a fixed rational point on C. There exists a constant K0 depending on P0 and on a,b,c so that h(P+P0)    2h(P)+K0    PC(Q)h(P+P_0)\;\leq\;2h(P)+K_0\;\forall\;P\in C(\mathbb{Q}) .
                • Lemma III. There is a constant K depending on a,b,c such that h(2P)2h(P)K    PC(Q)h(2P)\geq2h(P)-K\; \forall\; P\in C(\mathbb {Q}).
                • Lemma IV. The index (C(Q):2C(Q))(C(\mathbb{Q}) : 2C(\mathbb{Q})) is finite.

                Lemma I is well-explained already. Now, suppose, we are given an commutative group T , written additively, and a height function h as

                h:T    [0,)h:T\;\rightarrow\; [0,\infin)

                from T to non-negative real integers. Now we state that T should be finitely generated. This statement along with the lemmata is called the Descent Theorem, where T is C(Q)C(\mathbb {Q}) .

                The Height of P+P0

                We first make a remark that, for a rational point P(x,y) on the curve C, then x and y can be expressed as:

                x=me2x=\frac {m} {e^2}
                y=ne3y=\frac {n} {e^3}

                for integers m,n,e>0 and (m,e)=(n,e)=1. Let us take x=mMx=\frac m M and y=nNy=\frac n N in lowest term with M>0 and N>0. Putting in curve, we get,

                n2N2=m3M3+am2M2+bmM+c\frac {n^2} {N^2} = \frac {m^3}{M^3} + a \frac {m^2}{M^2}+ b \frac {m}{M} +c
                M3n2=N2m3+aN2m2+bN2m+cN2M^3n^2 =N^2m^3+aN^2m^2+bN^2m+cN^2

                Since, N2N^2