MENS T A T A G I MOLEM

U N IS IV S E EN RS IC ITAS WARW

Modular curves and surjectivity of Galois representations attached to elliptic curves over Q

MSc Thesis

by

Lambros Mavrides

Supervisors: Dr. Martin Bright Dr. David Loeffler

MATHEMATICS INSTITUTE

SEPTEMBER 2011

Acknowledgements

I was graced to have two wonderful supervisors for this dissertation, Dr. Martin Bright and Dr. David Loeffler, to whom I express my deep gratitude. Dr. David Loeffler suggested the topic of this dissertation and drew my attention to the paper “Elliptic curves with 3-adic Galois representation surjective mod 3 but not mod 9” of Professor Noam D. Elkies. He has spent several hours explaining this densely written paper and he was always there when help was needed. Dr. Martin Bright has also offered excellent assistance and has devoted a great deal of time helping me, especially in the second half of the period spent on this dissertation. He has taught me how to think geometrically, providing numerous astonishing insights. He has also offered great assistance in programming in the computer package MAGMA. My gratitude to my two supervisors is two-fold; Dr. Martin Bright was responsible for teaching me Galois theory through a third year module bearing the same title and hence responsible in me developing an early interest in the arithmetic aspects of mathematics. Dr. David Loeffler was the lecturer of the course Modular Forms, where I got baptised in the world of modularity and automorphy. Both of them are amazing lecturers. I am grateful to the authors of the book “A First Course in Modular Forms”, Professor Fred Diamond and Professor Jerry Shurman. Their excellent book was the cornerstone in learning the theory of modular curves and without it, my task would have been notoriously difficult. Many thanks go to my friends and colleagues Kostas, Martha, Michael, Sam and Stephanos for many helpful discussions and assistance. I would also like to thank Thekla for all her love and support throughout the Warwick era. Last but not least, I would like to thank my parents Phedias and Chryso for their unconditional love and their full support in following my dreams. “There are five elementary arithmetical operations: addition, subtraction, multiplication, division and modular forms.” - Martin Eichler Contents

1 Introduction 1

2 Modular curves 5 2.1 Modular curves as Riemann surfaces ...... 8 2.1.1 Topology and a complex structure on X(Γ) ...... 8 2.1.2 The Riemann-Hurwitz formula and the genus of X(Γ) . . . . 9 2.1.3 Example: The modular curve X(1) ...... 11 2.1.4 Example: Elliptic curves as Riemann surfaces ...... 12 2.2 Modular curves as algebraic curves ...... 14 2.2.1 Valuations ...... 14 2.2.2 Divisors ...... 16 2.2.3 The Weil pairing ...... 19 2.3 Modular curves as moduli spaces ...... 21 2.3.1 Example 1.1 revisited: X(1) as a moduli space ...... 22 2.3.2 The main theorem ...... 23

3 Galois representations attached to elliptic curves over Q 29 3.1 The l-adic representation ...... 29 3.2 Galois theory of number fields ...... 33 3.3 Galois theory of Q¯ /Q ...... 36 3.4 A taste of modularity ...... 38

4 Surjectivity of Galois representations of elliptic curves over Q 41 4.1 The group G ...... 42 4.2 The modular curve X(9)/G ...... 43 4.3 The group G0 ...... 44 4.4 The cusps of X(9)/G ...... 45 4.5 The field of definition of the cusps of X(9)/G ...... 52 4.6 The genus of X(9)/G ...... 54

Chapter 0. CONTENTS iv CONTENTS

4.7 Modular units and Siegel functions ...... 56 4.8 A rational structure of X(9)/G ...... 59 4.9 The universal elliptic curve and an alternative approach ...... 62

5 Conclusion 64

6 Appendix 66 6.1 Code ...... 66

6.2 The reduction map SL2(Z) → SL2(Z/NZ) is surjective ...... 80

Chapter 0. CONTENTS

Chapter 1

Introduction

This dissertation has stemmed out of the need to understand the paper “Elliptic curves with 3-adic Galois representation surjective mod 3 but not mod 9”, by Noam D. Elkies [Elkies]. It is of expository nature and is divided into two parts; the first part includes material from the theory of modular curves and Galois representations attached to elliptic curves and is based on the book “An introduction to the theory of modular forms”, by Fred Diamond and Jerry Shurman [Dia & Shur]. The second part aims to answer the question which elliptic curves defined over Q have 3-adic Galois representation surjective mod 3 but not mod 9, using the above paper as well as explaining an alternative approach. In this essay we start with (chapter 2, section 1) an introduction to the theory of modular forms and present the modular curve X(Γ) as the space of orbits of the action of a congruence subgroup Γ on the upper half plane together with the set of cusps of Γ. We then move on to give a topology on X(Γ) that makes it a connected, compact, Hausdorff, second countable topological space. We naturally progress to define charts on X(Γ) and give it a complex structure so that it becomes a compact, connected Riemann surface. We then come across a way of reading off the “number of holes” (also known as the genus) of X(Γ) and have a first glimpse of the archetypical example of a modular curve, that is X(1). We also define a complex elliptic curve as a Riemann surface, with this case the number of holes always being equal to 1. In section 2 of chapter 2, we quote Serre’s GAGA which guarantees for any compact, connected Riemann surface R the existence of polynomial equations over C such that R can be written as the zero locus of these polynomials. It turns out that the resulting projective algebraic variety is smooth and 1-dimensional, i.e. a smooth, projective algebraic curve. As a result any modular curve or complex

Chapter 1. Introduction 2 elliptic curve can be viewed as a smooth, projective algebraic curve. This opens up the way for the use of algebraic geometry in our study. In section 2.2 we explore some algebro-geometric tools being used in the study of algebraic curves that we will make use of throughout this essay (such as valuations, divisors, the Riemann-Roch theorem, etc.). This route we have chosen is though quite restrictive since we are bound to work with algebraic varieties defined over a subfield of C. We can open up the way to allow for varieties over an arbitrary field (even over those fields that cannot be embedded in C, such as finite fields) by redefining a modular curve as a smooth, projective algebraic curve that satisfies certain properties (this is normally done via its function field, however it is beyond the scope of this essay since we will only be interested in modular curves defined over subfields of C) and an elliptic curve over a field K as a genus 1, smooth, projective algebraic curve over K together with a K-rational point (this definition of elliptic curve we are going to see in more detail since it is needed for the purpose of this essay). We conclude section 2.2 with the study of the Weil pairing which turns out to be a fundamental tool in the study of Galois representations attached to elliptic curves. The third section of chapter 2 is devoted to the study of the remarkable property of modular curves being moduli spaces to isomorphism classes of elliptic curves satisfying certain properties. This is essentially motivated by the archetypical example of X(1) that parametrizes isomorphism classes of complex elliptic curves. In the main theorem we make this idea more explicit; we give a description of the parametrized set of isomorphism classes of elliptic curves over C for the case of the modular curves X(N), X1(N), X0(N). Chapter 3 is devoted to the study of Galois representations attached to el- liptic curves over Q. In particular, we study the action of the absolute Galois group n n of Q on the Z/l Z-module E[l ] of an elliptic curve E/Q and how this action is compatible with the multiplication-by-l map. This action gives the mod ln l-adic n representation with image in GL2(Z/l Z) and passing to the inverse limit we obtain the l-adic Galois representation with image in GL2(Zl). The second topic we choose to study in this chapter is the Galois theory of number fields and its generalization to the pro-finite absolute Galois group of Q. This theory is one of the basic tools that allows one to extract arithmetic information encapsulated by the l-adic Galois representation attached to an elliptic curve. In the last section of chapter 3, we see the theory explored in the previous section in action. In fact we see even more; we view how the modularity theorem gives a link between the arithmetic information extracted from the l-adic Galois representation of an elliptic curve over Q with the arithmetic information encoded in a certain modular form.

Chapter 1. Introduction 3

In chapter 4 we answer the following question (following Elkies’ work in [Elkies]); which elliptic curves defined over Q have 3-adic Galois representation surjective mod 3 but not mod 9? This set of elliptic curves would essentially be empty if the prime 3 was replaced by any other prime l ≥ 5. This follows from a theorem proved by Serre in his book “Abelian l-adic representations and elliptic curves” [Serre 2]. However this fails for the case of the primes 2 and 3 (the case of the prime 2 is treated in the paper [Dokchitser]). Indeed there are elliptic curves defined over Q withρ ¯3,E mod 3 surjective andρ ¯3,E mod 9 not; an example is the elliptic curve y2 = x3 − 27x − 42. Elkies (and so do we) uses the theory of modular curves as moduli spaces to classify all elliptic curves with the required property.

He does this by finding a lift of SL2(Z/3Z) in SL2(Z/9Z) (that he calls G), that is a proper subgroup of and unique up to conjugation. In fact with the aid of the computer package GAP we find that up to conjugacy, no other proper subgroup of SL2(Z/9Z) surjects on SL2(Z/3Z). As a result, if an elliptic curve E/Q has the above property then the image ofρ ¯3,E mod 9 in SL2(Z/9Z) must be a conjugate of G. The modular curve that parametrizes such elliptic curves is the curve X(9)/G. However, X(9)/G is not a priori defined over Q as an algebraic curve and so we ˜ 0 0 are forced to consider the modular curve X(9)/G . G is a subgroup of GL2(Z/9Z) 0 ˜ 0 ∗ 0 satisfying G = G ∩ SL2(Z/9Z) and X(9)/G equals to [(Z/9Z) : det(G )] copies 0 of X(9)/G. X˜(9)/G now has a natural structure over Q. Moreover, in our case we are lucky since there is a plethora of subgroups of the form G0 that also satisfy 0 ∼ ∗ 0 det(G ) = (Z/9Z) and hence give X˜(9)/G = X(9)/G. We then move on to study X(9)/G as a Riemann surface; we compute its cusps, elliptic points and genus. It turns out that X(9)/G has genus 0 and thus it is analytically isomorphic to 1 . By finding a -rational divisor of odd degree on PC Q X(9)/G and quoting a theorem of Max Noether we also conclude that X(9)/G is algebraically isomorphic over to 1 . It also turns out that the field of definition Q PQ −1 of the cusps of X(9)/G is not the field Q but K := Q(ζ +ζ ), for ζ a primitive 9-th root of unity, which makes the computation of the above algebraic isomorphism a harder task. The first step in computing this isomorphism is to find a function F defined on X(9)/G that gives an isomorphism with 1 . We do this by choosing a PC modular unit, i.e. a function that its divisor is supported at the cusps of X(9)/G. But since the cusps of X(9)/G are defined over the field K then so are the coefficients of F . So we then find an automorphism A of 1 with coefficients in K that changes PC the structure of 1 by sending the image of the cusps of X(9)/G under F to a Q PC Gal(K/Q)-orbit in K. As a result, the j-function as a function of F is not defined −1 over Q, but f := j ◦ A as a function of x := A ◦ F is. In fact, we compute that

Chapter 1. Introduction 4 f(x) is a rational function of degree 27 and this is the algebraic isomorphism we are after. In the last section of chapter 4, we give an alternative approach to the problem that is more algorithmic in nature. Unfortunately this alternative approach is far from being an effective algorithm (essentially we cannot prove that it terminates, so technically speaking it is not an algorithm at all), which gives another justification of the need of Elkies’ work to solve this problem.

Chapter 1. Introduction Chapter 2

Modular curves

We begin our study of modular curves by reviewing some elementary theory of modular forms. Let H = {z ∈ C : Im(z) > 0} denote the upper half plane in C. Then we have that the modular group SL2(Z) acts on H from the left as follows; ! a b aτ+b take g = ∈ SL2(Z) and τ ∈ H, then g · τ := . Notice that c d cτ+d

aτ + b cτ¯ + d 1 Im(g · τ) = Im · = Im(ac|τ|2 + adτ + bcτ¯ + bd) cτ + d cτ¯ + d |cτ + d|2

1 1 = (ad − bc)Im(τ) = Im(τ) > 0. |cτ + d|2 |cτ + d|2 Hence g · τ ∈ H and indeed one can easily check that the rest of the axioms for an ! −1 0 action hold. Notice here that the element ∈ SL2(Z) acts trivially and 0 −1 as a result it is natural to consider the quotient PSL2(Z) := SL2(Z)/{±Id} which acts faithfully on H. Now define the subgroup Γ(N) of SL2(Z) for an integer N by ( ! ! ! ) a b a b 1 0 Γ(N) := ∈ SL2(Z): ≡ mod N . c d c d 0 1

We say that a subgroup Γ ≤ SL2(Z) is a congruence subgroup when Γ(N) ⊆ Γ for some N ∈ N. It is easy to see that if Γ is a congruence subgroup then it is of finite index since Γ(N) is the kernel of the natural reduction map SL2(Z) → SL2(Z/NZ) and SL2(Z/NZ) is finite (but there are finite index subgroups of SL2(Z) that are not congruence subgroups; this is the so called “The congruence subgroup problem”).

Chapter 2. Modular curves 6

Two important congruence subgroups are the following: ( ! ! ! ) a b a b a¯ ¯b Γ0(N) := ∈ SL2(Z): ≡ mod N c d c d 0 d¯

( ! ! ! ) a b a b 1 ¯b Γ1(N) := ∈ SL2(Z): ≡ mod N . c d c d 0 1

Note that we have an inclusion of groups Γ(N) ≤ Γ1(N) ≤ Γ0(N). ! 1 a b SL2(Z) also acts on P = Q∪{∞} from the left as follows; let g = ∈ Q c d u u u a v +b a u SL2(Z), ∈ Q. Then g·( ) := u and g·∞ := . Moreover, we define g·( ) = ∞ v v c v +d c v u when c + d = 0. As in the case of the action of SL2(Z) on H, we have that v ! −1 0 acts trivially and PSL2(Z) acts faithfully. Furthermore, one can in fact 0 −1 show that SL ( ) acts transitively on 1 and for Γ a congruence subgroup, the set 2 Z PQ of orbits is finite. Hence we define the set of cusps of Γ to be the finite set of orbits of the left action of Γ on 1 ,Γ \ ( ∪ {∞}). PQ Q In general, the set of orbits of the action of a congruence subgroup Γ ≤ SL2(Z) on H is called the modular curve Y (Γ).

Definition 2.1 - The modular curve Y (Γ)

Y (Γ) := Γ \ H = {Γτ : τ ∈ H}.

A priori this set has no structure. However, as we will see later, a modular curve can be given a nice topology (which is Hausdorff, second countable) and a Riemann surface structure. In particular, we will also see that a modular curve being a Riemann surface, is also an algebraic curve. The modular curves corresponding to the congruence subgroups Γ(N), Γ1(N), Γ0(N) are denoted by Y (N), Y1(N), Y0(N). In particular notice that we get surjections Y (N)  Y1(N)  Y0(N) given by Γ(N)τ 7→ Γ1(N)τ 7→ Γ0(N)τ. One of the main important properties of a modular curve is that it serves as a moduli space to isomorphism classes of elliptic curves satisfying certain properties. This will be discussed more extensively in section 2.3, however it is worth noting here that the above surjections suggest that as we move up the surjections we get a finer parametrization (more properties) of isomorphism classes of elliptic curves. The modular curves Y (Γ) can be compactified by adding the set of cusps of Γ and form a compact modular curve denoted by X(Γ).

Chapter 2. Modular curves 7

Definition 2.2 The modular curve X(Γ)

∗ X(Γ) := Y (Γ) ∪ Γ \ (Q ∪ {∞}) = Γ \ H ,

∗ for H = H ∪ Q ∪ {∞}.

In particular X(Γ) is a compact Riemann surface (section 2.1) and hence we can use the theory of compact Riemann surfaces (eg. Riemann-Hurwitz formula, Riemann- Roch theorem) to extract a lot of information regarding X(Γ). Similarly, we write

X(N), X1(N), X0(N), for the compactified modular curves corresponding to the congruence subgroups Γ(N), Γ1(N), Γ0(N). Meromorphic functions defined on the modular curve X(Γ) are called mod- ular functions (of level Γ and weight 0). Unwinding this definition we see that for a function f to be defined on X(Γ), f needs to be constant on the set of orbits of ∗ Γ acting on H . (Note that everything we define here can be defined for an arbi- trary finite index subgroup Γ ≤ SL2(Z)). A generalization of these sort of functions are the modular functions of level Γ and weight k. These functions are still ∗ meromorphic functions H → C, but now we introduce a factor of automorphy, ! a b ∗ ∗ j(γ, τ); if γ = ∈ Γ, τ ∈ H , then a meromorphic function f : H → C is a c d modular function of weight k and level Γ if it satisfies f(γ · τ) = j(γ, τ)kf(τ), where j(γ, τ) = cτ + d. So modular functions of weight k > 0, are no longer functions defined on X(Γ). An important class of modular functions of level Γ and weight k is the class of modular forms. A modular form of level Γ and weight k, is a holomorphic ∗ modular function H → C of level Γ and weight k. We denote this space by Mk(Γ). One can in fact show that this is a finite dimensional C-vector space and deduce some explicit dimension formulae with respect to the topology of the modular curve X(Γ)

(for example, see [Dia & Shur], Theorem 3.5.1). Mk(Γ) has an equally important subspace of functions, called cusp forms; a modular form f is a cusp form if f | 1 ≡ 0. PQ The subspace of cusp forms is denoted by Sk(Γ). As a last comment here, we remark that we cannot have a non-constant modular form defined on X(Γ) (i.e. of level Γ and weight 0). To see this, notice that if f : X(Γ) → C would be a non-constant modular form, then as we will see later, X(Γ) is a compact Riemann surface and so f can be extended as a map f : X(Γ) → 1 of Riemann surfaces. But since f is PC holomorphic, its image omits ∞ and hence it is a proper subset of 1 . Also, open PC mapping theorem implies that the image of f is open. But the compactness of X(Γ) implies that its image under f in the Hausdorff space 1 is closed, contradicting the PC

Chapter 2. Modular curves 8 2.1. MODULAR CURVES AS RIEMANN SURFACES fact that 1 is connected. So we conclude that no such f can exist. PC

2.1 Modular curves as Riemann surfaces

2.1.1 Topology and a complex structure on X(Γ)

In this section we first discuss how we can give a nice Hausdorff, second countable topology on X(Γ) that makes it a compact, connected topological space. The naive ∗ approach would be to equip H with the Euclidean topology. As pointed out in [Dia & Shur] 2.4, this topology contains too many points of 1 to be Hausdorff. PQ ∗ Instead, we take as a base of our topology on H the sets of the form {g(UM ∪

{∞})}M>0,g∈SL2(Z), where UM := {τ ∈ H : Im(τ) > M}, together with the open subsets of H with respect to the Euclidean topology. Then for a congruence subgroup ∗ Γ ≤ SL2(Z), we equip Γ \ H with the quotient topology corresponding to the ∗ ∗ ∗ projection map π : H → Γ \ H . Then X(Γ) = Γ \ H with this topology is Hausdorff, connected, second countable and compact (for a proof of this see for example [Dia & Shur], Proposition 2.4.2). ∗ The next step is to give Γ \ H a complex structure. For a congruence ¯ subgroup Γ ≤ SL2(Z), let us denote by Γ the projective image of Γ, i.e. the image of Γ under the projection map SL2(Z)  PSL2(Z), which equals to Γ/{Γ ∩ ±Id.}. Then for points π(τ) ∈ Y (Γ), where τ ∈ H and τ has trivial stabilizer in Γ,¯ any point in the fibre π−1(π(τ)) has multiplicity 1. Hence π is locally injective. Since Γ acts properly discontinuously on H (for a proof of this, see for instance [Dia & Shur], Proposition 2.1.1), we can find a neighbourhood U of τ in H such that for any γ ∈ Γ, γU ∩ U = ∅. Therefore π |U : U → π(U) is a continuous bijection and being an open map makes it a homeomorphism. However, the points in H which have non-trivial stabilizer in Γ¯ pose a prob- lem. These points are called the elliptic points for Γ. If τ is such a point, then there are points in the fibre π−1(π(τ)) where the multiplicity is greater than 1 and π can no longer be locally injective. To measure this discrepancy we introduce the notion of the period of τ ∈ H, denoted by nΓ(τ) and defined as follows; let us call Γ even when −Id. ∈ Γ and odd otherwise. Then

( 1 2 | StabΓ(τ) |, if StabΓ¯(τ) is even nΓ(τ) :=| StabΓ¯(τ) |= | StabΓ(τ) |, if StabΓ¯(τ) is odd

Then the elliptic points for Γ are the points with nΓ(τ) > 1. It is worth noting here −1 that nΓ(τ) = ngΓg−1 (gτ) for g ∈ SL2(Z) and hence any point in the fibre π (π(τ))

Chapter 2. Modular curves 9 2.1. MODULAR CURVES AS RIEMANN SURFACES has the same period.

As in the previous case of points τ ∈ H with nΓ(τ) = 1, since Γ acts properly discontinuously on H, if τ ∈ H is arbitrary then there exists a neighbourhood U ⊂ H such that if γ ∈ Γ and γU ∩ U 6= ∅ then γ ∈ StabΓ¯(τ). Consequently, such a neighbourhood has no elliptic points except possibly τ. So for any τ ∈ H (elliptic or not), take such a neighbourhood U ⊂ H and define a chart about π(τ) as follows: ! 1 −τ Consider the transformations δτ := ∈ GL2(C) (where GL2(C) is viewed 1 −τ¯ n (τ) as a linear fractional transformation H → C) and ρτ (z) := z Γ defined on C. Set Uτ := π(U) (where π : H → Γ\H) and define ψτ : U → V to be the composite n (τ) ψτ (z) = ρτ ◦ δτ (z) = (δτ · z) Γ , V := ψτ (U). Then take φτ : Uτ → V given by

φτ ◦ π = ψ and finally take the chart to be the pair (Uτ , φτ ). In [Dia & Shur] 2.2, the authors check that indeed the charts {(Uτ , φτ )}τ∈H are compatible. It now remains to find charts for the set of cusps of X(Γ). As in the case of elliptic points, we want to attach to each cusp c ∈ Γ \ 1 a discrepancy-measuring PQ number called the width of the cusp c, denoted by hΓ(c) (the width of a cusp measures how much the “behaviour” of the cusp deviates from that of the single cusp 1 of X(1)). The width of a cusp c ∈ Γ\P is defined as follows; consider the stabilizer Q ( ! ) 1 a b of the point ∞ ∈ P in SL2(Z) given by P∞ := ∈ SL2(Z): c = 0 and Q c d take g ∈ SL2(Z) with g · ∞ = c (such g exists since as noted previously SL2(Z) acts transitively on 1 ). Then let Γ := (g−1Γg) ∩ P and define h (c) := [P¯ : Γ¯ ]. PQ c ∞ Γ ∞ c One can easily check that hΓ(c) is independent of the choice of g ∈ SL2(Z). Take 2πiz −1 h (c) an open set of the form U := g(U2 ∪ {∞}) and write δc := g , ρc(z) := e Γ . Let 2πiδc·z h (c) ψc : U → V be the composite ρc ◦ δc(z) = e Γ , where V = Imψc. Then a chart ∗ ∗ about π(U) =: Uc (π : H → Γ\H ) is defined by φc : Uc → V , where φc ◦ π = ψc. As in the case of elliptic points, the authors in [Dia & Shur] 2.4, check explicitly the compatibility of the charts as well as with the rest of the charts that we have already defined for X(Γ).

2.1.2 The Riemann-Hurwitz formula and the genus of X(Γ)

We begin this section by examining more closely the local structure of the natural surjective map f : X(Γ1)  X(Γ2)

Γ1τ 7→ Γ2τ

Chapter 2. Modular curves 10 2.1. MODULAR CURVES AS RIEMANN SURFACES

for Γ1 ⊂ Γ2 congruence subgroups of SL2(Z). This type of map is a holomorphic map of Riemann surfaces and in particular the map X(Γ1)  X(1) gives a very nice formula for computing the genus of X(Γ1). Let us commence with the study −1 of the degree of f, which is by definition the size of the fibre f (Γ2τ), counting multiplicities. Notice that since Γ1, Γ2 are both congruence subgroups, the index

[Γ2 :Γ1] is finite. In particular, write {Γ1γj : j = 1, ..., n} for coset representatives −1 of Γ1 \ Γ2. We would like to say that f (Γ2τ) = {Γ1γjτ : j = 1, ..., n}, but this is not always true since X(Γ) = X(Γ),¯ for any congruence subgroup Γ. So to fix this ¯ ¯ ¯ 0 0 we need to consider the cosets of Γ1 \ Γ2. Write {Γ1γj : j = 1, ..., n } for the coset −1 0 0 ¯ ¯ representatives. Then f (Γ2τ) = {Γ1γjτ : j = 1, ..., n }. Thus deg(f) = [Γ2 : Γ1]. It is easy to observe that since Γ1 ⊂ Γ2, the only case in which [Γ¯2 : Γ¯1] 6= [Γ2 :Γ1] is 1 the case where Γ2 is even and Γ1 is odd, in which case it actually equals to 2 [Γ2 :Γ1]. We next want to study how does f ramify. Given x ∈ X(Γ1), we write ex for the ramification index of f at x. Now suppose that τ ∈ H. Comparing charts about the points Γ1τ and f(Γ1τ), one sees that eΓ1τ = [StabΓ¯2 (τ) : StabΓ¯1 (τ)] = nΓ2 (τ) 1 . Similarly, if c ∈ P , comparing charts about Γ1c and f(Γ1c) gives nΓ1 (τ) Q

[P¯ : Γ¯ ] h (c) e = [Γ¯ : Γ¯ ] = ∞ 1,c = Γ1 . Γ1c 2,c 1,c ¯ ¯ [P∞ : Γ2,c] hΓ2 (c)

An important tool in the study of Riemann surfaces that relates the genus of X(Γ1) and X(Γ2) with the degree of f and the ramification indices ex is the Riemann-Hurwitz formula:

X 2gX(Γ1) − 2 = d(2gX(Γ2)) + (ex − 1). x∈X(Γ1)

Here gX(Γ) denotes the genus of X(Γ) and d the degree of f. Notice that since the set of ramification points of a non-constant holomorphic function f on a connected Riemann surface is a discrete subset and since we are dealing with compact Riemann surfaces, the set of ramification points is finite and hence the sum in Riemann- Hurwitz formula is finite. Considering the map X(Γ)  X(1), we get a vey useful genus formula for X(Γ):

Theorem 2.3 Let Γ ≤ SL2(Z) be a congruence subgroup and X(Γ)  X(1) the natural projection map of degree d. Then write 2 and 3 for the number of elliptic points of period 2 and 3 in X(Γ) and ∞ the number of cusps of X(Γ). Then

d    g = 1 + − 2 − 3 − ∞ . X(Γ) 12 4 3 2

Chapter 2. Modular curves 11 2.1. MODULAR CURVES AS RIEMANN SURFACES

Proof : This is Theorem 3.1.1 in [Dia & Shur].  ∗ ¯ It is worth noting here that since X(1) = SL2(Z) \ H , d = [PSL2(Z): Γ], the so called projective index of Γ that we denote by dΓ.

2.1.3 Example: The modular curve X(1)

X(1) is the compactified modular curve corresponding to the projective modular 1 group PSL2(Z). Since PSL2(Z) acts transitively on P , X(1) has only one cusp. Q ! ! 0 −1 1 1 Moreover, PSL2(Z) is generated by the elements S := and T := 1 0 0 1 ([Serre 1], Chapter VII). Note that geometrically the action of S on H is a reflection about the imaginary axis followed by inversion in the unit circle. The action of T is a translation by 1. A fundamental domain for the action of PSL2(Z) on H is −1 1 the region D := {z ∈ H : 2 ≤ Re(z) ≤ 2 , |z| ≥ 1} and if z ∈ D, g ∈ PSL2(Z), g · z ∈ D then either g = 1 or z ∈ ∂D (for a justification of this, see for instance [Serre 1], Chapter VII, Theorem 1). Hence identifying the boundary points of D to a single point and adding the cusp as a point at ∞ gives topologically a sphere (the identification space is homeomorphic to C and together with the point at infinity it is homeomorphic to a sphere). As we saw before, one is able to define a complex structure on X(1) and make it a Riemann surface, though extra care needs to be 2πi taken at the elliptic points i, e 3 , that have a non-trivial stabilizer in PSL2(Z) and at the cusp (or the point at ∞). As a Riemann surface X(1) is the Riemann sphere, 1 . PC In order to determine the function field C(X(1)), we first need to find the meromorphic functions on 1 . In particular, since we allow for functions f : 1 → PC PC C to have poles, we can extend them to holomorphic maps between Riemann surfaces, f˜ : 1 → 1 . From Riemann surfaces theory, we have that any such map f˜ is PC PC ˜ p(z) ˜ a rational function of the form f(z) = q(z) , for polynomials p, q and if f is non- constant, then it is surjective. Thus the function field ( 1 ) is generated by a single C PC transcendental function, i.e. ( 1 ) = (z), for z transcendental. Since X(1) is C PC C analytically isomorphic to 1 (since the two spaces are homeomorphic), we conclude PC that C(X(1)) is also generated by a single transcendental function. So now it remains to find a generator of C(X(1)). Consider the discriminant function ∆ : H → C, 3 2 given by ∆(τ) = g2(τ) − 27g3(τ) , where g2(τ) = 60G4(Λτ ), g3(τ) = 140G6(Λτ ) P 1 and Λτ = Z + τZ, Gk(Λ) = λ∈Λ λk the weight k homogeneous Eisenstein series. In particular, the weight k Eisenstein series are modular forms of level SL2(Z) (see 3 3 for instance [Serre 1], Chapter VII, Proposition 4). Since g2(τ) = (60G4(Λτ ))

Chapter 2. Modular curves 12 2.1. MODULAR CURVES AS RIEMANN SURFACES

2 2 and g3(τ) = (140G6(Λτ )) are both modular forms of weight 12, we have that ∆ is a modular form of weight 12 and same level. In particular one can check ([Silverman 2], Chapter 1, Proposition 7.4) that ∆ takes the value 0 at the cusp

∞ and hence ∆ ∈ S12(SL2(Z)). Now we can consider the function j : H → C, 3 1728g2(τ) 3 given by j(τ) := ∆(τ) . In this case we can see that both g2 and ∆ are of weight 12, so j is of weight 0 and therefore SL2(Z)-invariant. This means that we can consider j as a function on X(1). Moreover, j(τ) has a q-expansion of the 1 2πiτ form j(τ) = q + 744 + 196884q + ..., where q = e (for a justification of this, see[Silverman 2], Chapter 1, Remark 7.4.1). As a result, j(τ) has a simple pole at the cusp ∞. Thus j : X(1) → 1 is a locally injective, surjective map of Riemann PC surfaces that serves as an analytic isomorphism X(1) =∼ 1 . As a result, we can PC take j to be the generator of the function field of X(1).

2.1.4 Example: Elliptic curves as Riemann surfaces

Given a rank 2 lattice Λ = ω + ω ⊂ (for ω , ω ∈ ∗ and Im( ω2 ) > 0), the 1Z 2Z C 1 2 C ω1 Weierstrass ℘- function given by

℘Λ : C/Λ → C such that 1 X  1 1  ℘ (z) := + − Λ z2 (z − λ)2 λ2 λ∈Λ\{0}

0 P 1 0 2 together with its derivative, ℘Λ(z) = −2 λ∈Λ (z−λ)3 , satisfy the relation (℘Λ(z)) = 3 4(℘Λ(z )) − g2(Λ)℘Λ(z) − g3(Λ) (for a proof of this see [Dia & Shur], Proposition 1.4.1). Moreover, the identification space C/Λ with the quotient topology is a torus. Additionally it can be equipped with a complex structure; given a point z ∈ C/Λ, take a neighbourhood Uz ⊂ C/Λ small enough such that the projection map π : C → C/Λ is a homeomorphism when restricted to a connected component of Vz := −1 −1 π (Uz) and its image. Then the pair (Uz, π |Uz ) is a coordinate chart about z and one can easily check that these charts give a Riemann surface structure. In particular we have the following theorem which gives an embedding /Λ ,→ 1 : C PC

Chapter 2. Modular curves 13 2.1. MODULAR CURVES AS RIEMANN SURFACES

Theorem 2.4 The map F : /Λ → 2 given by C PC  h i ℘ (z): ℘0 (z) : 1 , z∈ / Λ  Λ Λ F : z 7→ h i  0 : 1 : 0 , z ∈ Λ

2 is holomorphic and bijects with E(C) the plane curve given in affine form by y = 3 4x − g2(Λ)x − g3(Λ).

Proof : This is Theorem 6.14 in [Knapp]. 

0 A priori, E(C) need not be non-singular. However, ℘Λ(z) is easily seen to be an 0 0 odd function. Hence ℘Λ(−z) = −℘Λ(z) and at the points where −z ≡ z mod Λ, 0 0 0 we have −℘Λ(z) = ℘Λ(z) and z is a zero of ℘Λ(z). But −z ≡ z mod Λ ⇐⇒ 1 w1 w2 w1+w2 0 2 z ∈ 2 Λ ⇐⇒ z ∈ { 2 , 2 , 2 } . So at the half lattice points, (℘Λ(z)) = 3 3 4℘Λ(z) − g2(Λ)℘Λ(z) − g3(Λ) = 0, i.e. ℘Λ(zi) are the roots of 4x − g2(Λ)x − g3(Λ) w1 w2 w1+w2 (for z1 := 2 , z2 := 2 , z3 := 2 ). Notice that ℘Λ(z) can be extended to a degree 2 holomorphic map between compact Riemann surfaces ℘ : /Λ → 1 . In Λ C PC 0 0 particular, ℘Λ ramifies at z ∈ C/Λ ⇐⇒ ℘Λ(z) = 0. But ℘Λ(zi) = 0 and therefore at zi, ℘Λ is a 2-to-1 map. This implies that ℘Λ(zi) 6= ℘Λ(zj), for i 6= j and thus the 3 polynomial 4x − g2(Λ)x − g3(Λ) has no repeated roots. As a result, the plane curve E(C) is non-singular. The converse also holds:

2 3 Proposition 2.5 Given a non-singular plane curve defined by y = 4x − a2x − a3, there exists a lattice Λ such that a2 = g2(Λ), a3 = g3(Λ).

Proof : This is Proposition 1.4.3 in [Dia & Shur]. 

So we define an elliptic curve over C to be any non-singular plane curve given 2 3 in affine form by y = 4x − a2x − a3, with a point at infinity (notice that an affine change of coordinates of the form y 7→ 2y0, gives the Weierstrass equation of an elliptic curve). As a consequence, any genus 1, compact Riemann surface is an elliptic curve over C and any elliptic curve over C is a compact Riemann surface of genus 1.

Chapter 2. Modular curves 14 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

2.2 Modular curves as algebraic curves

This section is devoted to the study of some important concepts and tools of al- gebraic curves. We refer to a smooth 1-dimensional projective algebraic variety as an algebraic curve. Serre’s GAGA states that the category of compact Rie- mann surfaces is equivalent to the category of algebraic curves over C. As we have seen, modular curves and elliptic curves are Riemann surfaces and hence by Serre’s GAGA, they are algebraic curves over C. So initially we can write them as 1- dimensional projective algebraic varieties over C. However, this does not give us the freedom of defining modular curves or elliptic curves over an arbitrary field that does not have an embedding in C. The main difference between the two worlds of algebraic curves and Riemann surfaces is that the former can be defined over an arbitrary field, whereas the latter is always modelled in C (notice the analogue between Lie groups and algebraic groups; the former is defined over fields of characteristic 0 such as R or C, whereas the latter is defined over an arbitrary field of any characteristic and thus one needs to redefine everything in the language of algebraic geometry). This is why we need to develop machinery that will be able to imitate the Riemann surface setting algebraically. This will give us the freedom to work with fields of any characteristic and not just the complex numbers.

2.2.1 Valuations

We begin with the study of the algebraic analogue of the order of vanishing for meromorphic functions of a Riemann surface, that is valuations. Suppose C is an algebraic curve over a field K. Then for a point P ∈ C we can associate to it a subring of K¯ (C) (the function field of C over the algebraic closure of K), denoted ¯ f by OP (C), called the local ring of C over K at P, defined by OP (C) := { g ∈ K¯ (C): g(P ) 6= 0}. Then this ring has an ideal mP (C) := {F ∈ OP (C): F (P ) = 0}.

This ideal is in fact maximal in OP (C) since the evaluation map OP (C) → K¯ given f f(P ) by g 7→ g(P ) is obviously a surjective ring homomorphism that has kernel mP (C). ∼ Hence OP (C)/mP (C) = K¯ and mP (C) is a maximal ideal. In fact, we can say even more about OP (C) and its maximal ideal mP ; since an element F ∈ OP (C) is not a unit ⇐⇒ F ∈ mP , mP = { non-units of OP (C)} and every proper ideal of OP (C) is contained in mP . Thus OP (C) has a unique maximal ideal mP and it is therefore a local ring. Moreover, since we insist that our algebraic curve C is smooth, the ring

OP (C) is a discrete valuation ring (see [Silverman 1], II , Proposition 1.1), which is equivalent to saying that mP is a principal ideal and OP (C) is Noetherian and

Chapter 2. Modular curves 15 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

local. A generator t of mP is called a uniformizer (or local parameter) at P . This whole setup now allows us to define a family of discrete valuations on ¯ ¯ the function field K(C), i.e. for P ∈ C a map vP : K(C) → Z ∪ {∞} satisfying the following: For any F,G ∈ K¯ (C)∗

• vP (FG) = vP (F ) + vP (G)

• vP (F + G) ≥ min{vP (F ), vP (G)}, with equality ⇐⇒ vP (F ) 6= vP (G)

Let F ∈ OP (C)\{0} and t a uniformizer at P . Then mP = hti and either F is a unit or not. If F is a non-unit then F ∈ mP and F = tF1 for some F1 ∈ OP (C) \{0}.

We can proceed with the same argument for F1, that is F1 is either a unit or not.

If not, then F1 = tF2 for some F2 ∈ OP (C) \{0}. Iterating, this process needs to terminate since OP (C) is Noetherian and hF i ( hF1i ( hF2i ( ... is an ascending e 0 0 chain of ideals. Hence we may write F = t P F for some unit F ∈ OP (C) and this e e0 expression is unique. Indeed, if t P u1 = t P u2 for units u1, u2 ∈ OP (C) and without 0 0 eP −e 0 loss of generality eP ≥ eP , then u2 = t P u1 which implies that eP = eP and u1 = u2. So we have a map vP : OP (C) → N ∪ {∞} defined by

( e 0 eP ,F = t P F vP : F 7→ ∞,F = 0

We extend vP on K¯ (C) as follows:

¯ vP : K(C) → Z ∪ {∞}

f  v := v (f) − v (g). P g P P Building on our Riemann surface analogue, we can now extend a rational f ¯ f 1 function g ∈ K(C) to a function g : C → PK¯ as follows: Let P ∈ C. Then

 f  0, if vP ( ) > 0 f  g (P ) := ∞, if v ( f ) < 0 g P g  f(P ) f  g(P ) , if vP ( g ) = 0

Chapter 2. Modular curves 16 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

2.2.2 Divisors

Let C be an algebraic curve over a field K. Then a divisor of C (over K¯ ) is a P formal sum P ∈C(K¯ ) nP (P ), where nP ∈ Z and nP = 0 for all but finitely many ¯ P P ∈ C(K). The degree of a divisor P ∈C(K¯ ) nP (P ), is defined as the integer P P ∈C(K¯ ) nP . The free Abelian group    X ¯  DivK¯ (C) := nP (P ): nP ∈ Z, nP = 0, for all but finitely many P ∈ C(K) P ∈C(K¯ )  is called the divisor group of C. It is easy to see that the map deg : DivK¯ (C) → Z 0 is a group homomorphism. Hence the set of degree 0 divisors, denoted by DivK¯ (C) ¯ ∗ is a subgroup of DivK¯ (C). If f ∈ K(C) is a non-zero element of the function P field of C, then its divisor is defined by (f) := P ∈C(K¯ ) vP (f)(P ). Divisors of the form (f), for f ∈ K¯ (C)∗ are called principal divisors. In a more general setting, if f : X → Y is a non-constant map between algebraic curves, P ∈ X and t ∈ Of(P )(Y ) a uniformizer at f(P ), then we define the ramification index of f at P to be the valuation at P of the pull-back of t under f, i.e. eP (f) := ∗ vP (f t). Then notice that eP (f) ≥ 1 and we say f is unramified at P when eP (f) = 1. Now take any Q ∈ Y ; we define the degree of the map f to be P P ∈f −1(Q) eP (f) and one can show (essentially because we insist that our algebraic curve C is projective) that this is independent of the choice of the point Q and thus well defined (see [Hartshorne], II, Proposition 6.9). Now going back to the case where f ∈ K¯ (C)∗, as in the case of Riemann surfaces theory, one can show that (f) = P P P ∈f −1(0) eP (f)(P )− P ∈f −1(∞) eP (f)(P ). As a result, taking degrees, we get that P P deg(f) = P ∈f −1(0) eP (f) − P ∈f −1(∞) eP (f) =degf−degf = 0. Therefore, we l 0 have that the set of principal divisors, denoted by DivK¯ (C) is a subset of DivK¯ (C). ∗ In fact, since valuations satisfy vP (fg) = vP (f) + vP (g) for f, g ∈ K¯ (C) , we have 1 l that (fg) = (f) + (g) and ( f ) = −(f). Hence DivK¯ (C), is in fact a subgroup of 0 DivK¯ (C). A consequence of this is that we can take their quotient and form a very important group, called the (degree 0) Picard group of C. We denote this group 0 by PicK¯ (C), which is also called the divisor class group. We now move on to give an ordering on the set of divisors of C: Let D = P P ∈C nP (P ) ∈ Div(C) be an arbitrary divisor of C. Then we say D is an effective divisor and denote it by D ≥ 0, when nP ≥ 0, for all P ∈ C. Moreover, we can now attach to D an important K¯ -vector space, defined by L(D) := {f ∈ K¯ (C)∗ : (f) + D ≥ 0}. We denote the dimension of this vector space by l(D). One of the most important tools used in the study of algebraic curves is the so called Riemann-

Chapter 2. Modular curves 17 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

Roch theorem, that states an expression of l(D) in terms of the (algebraic) genus of

C, the degree of D and l(KC − D). KC is the so called canonical divisor, which is the divisor of a differential of C. It is beyond the scope of this essay to give an exposition of the construction of differentials on algebraic curves, for reference see for instance [Silverman 1], II, §4. Instead we will just assume that a canonical divisor always exists for an algebraic curve C and any two canonical divisors are l linearly equivalent in the quotient DivK¯ (C)/DivK¯ (C), the class of which is called the canonical class. Thus, l(KC ) is independent of the choice of a differential of C. So we are now ready to state the theorem: Theorem 2.6 Riemann- Roch: Let C be an algebraic curve over a field K. Then there is an integer g ≥ 0, called the genus of C such that for every divi- sor D ∈DivK¯ (C), l(D) − l(KC − D) = degD + 1 − g

Proof : [Hartshorne], IV, Theorem 1.3. 

Notice here that we defined the genus of an algebraic curve to be this integer such that the above equality holds. When an algebraic curve C is defined over C, then this integer is equal to the genus of C as a Riemann surface. We have only seen how to define elliptic curves over C. The way we define an elliptic curve over an arbitrary field is as follows: An elliptic curve over a field K is a pair (E, 0E), where E is a curve of genus 1 defined over K and 0E ∈ E(K). A priori, it is not so clear how this definition is related to the definition of an elliptic curve over C. However, the following lemma gives that the two definitions agree when K = C and hence this new definition generalizes the previous one: Lemma 2.7 If C is a genus 1 algebraic curve defined over a field K with a K- 2 2 rational point P , then we have an embedding C,→ PK¯ , given by y + a1xy + a3y = 3 2 x + a2x + a4x + a6.

Proof : This is essentially Riemann-Roch at its best. Let P be a K-rational point in C. Then Riemann-Roch theorem states that l(D) − l(KC − D) =degD − g + 1.

However, we have that degKC = 2g − 2 = 0 ([Silverman 1], II, Corollary 5.5). Thus for t = 1, .., 6 , degKC −t(P ) < 0. If f ∈ L(KC −t(P )) is non-zero, then by definition

(f) + KC − t(P ) ≥ 0. But taking degrees, we have that deg(f) + KC − t(P ) = deg(f)+degKC −t(P ) < 0 which is a contradiction. Hence l(KC −t(P )) = 0. So for t = 1, ..., 6, Riemann-Roch reduces to l(D) =degD − g + 1 =degD − 1 + 1 =degD and l(t(P )) = t. Moreover, notice the inclusion L(P ) ⊆ L(2(P )) ⊆ ... ⊆ L(6(P )). Explicitly, we have that

Chapter 2. Modular curves 18 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

• L(P ) = h1i, since L(P ) is 1-dimensional and includes the constant functions

• L(2(P )) = h1, xi and the function x has a double pole at P

• L(3(P )) = h1, x, yi and the function y has a pole of order 3 at P

• L(4(P )) = h1, x, y, x2i, since the function x2 has a pole of order 4 at P

• L(5(P )) = h1, x, y, x2, xyi, since the function xy has a pole of order 5 at P

• L(6(P )) = h1, x, y, x2, xy, x3i, since the function x3 has a pole of order 6 at P

However notice that the function y2 has a pole of order 6 at P and hence it is an 0 0 ¯ element of L(6(P )). Therefore there exists elements a1, ..., a6 ∈ K not all zero, such 2 0 0 0 3 0 2 0 0 that y + a1xy + a2y = a3x + a4x + a5x + a6. Under a change of variables the 2 3 2 relation can be rewritten as y + a1xy + a3y = x + a2x + a4x + a6, for some a1, ..., a4, a6 ∈ K. As a result, L(3(P )) defines an embedding

2 C,→ PK¯

P 7→ [1 : x(P ): y(P )]

2 3 2 given by y + a1xy + a3y = x + a2x + a4x + a6. 

If the characteristic of K is different from 2, then we can complete the square and 2 3 2 under a change of variables reduce the equation y +a1xy+a3y = x +a2x +a4x+a6 2 3 2 to y = x + b1x + b2x + b3. In addition, if characteristic of K is different from 2 1 and 3 then we can make a further change of variable x 7→ x+ 3 b1 to get the equation y2 = x3 + Ax + B. Defining an elliptic curve as an abstract algebraic curve, as it was stated at the beginning of this section, allows us to define it over arbitrary fields such as a finite field. In particular it allows us to reduce an elliptic curve defined over Q modulo a prime p of good reduction (i.e. p - 2∆, ∆ the discriminant of E) and get ¯ ¯ a reduced elliptic curve E/Fp. We can then count the number of points #E(Fp) ¯ and define a number ap(E) := p + 1 − #E(Fp). This integer ap(E) is called the trace of the Frobenius at p and the choice of this name will become apparent in section 3.4, Theorem 3.9. Until now, we have defined the whole setup over the algebraic closure of the field over which our algebraic curve is defined. It is important to see what happens when we restrict ourselves to divisors defined over the base field we are working with (where we assume the base field to be perfect). First we say what does it mean for a divisor to be defined over the base field: Let C/K be an algebraic curve and

Chapter 2. Modular curves 19 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

P take D = P ∈C nP (P ) ∈ DivK¯ (C). Then D is defined over K when it is fixed by ¯ ¯ σ P σ the action of Gal(K/K), i.e. for any σ ∈ Gal(K/K), D = P ∈C nP (P ) = D. We denote by DivK (C) the free Abelian subgroup of DivK¯ (C) that consists of divisors on C defined over K. We then have the following important proposition:

Proposition 2.8 Let C/K be an algebraic curve and D ∈ DivK (C). Then L(D) has a basis that consists of functions in K(C).

Proof : [Silverman 1], II, Proposition 5.8.  ¯ ∗ This theorem essentially implies that the vector spaces LK¯ (D) := {f ∈ K(C) : ∗ (f) + D ≥ 0} and LK (D) := {f ∈ K(C) :(f) + D ≥ 0} defined over K¯ and K respectively have the same dimensions. Hence the Riemann-Roch theorem still works even when we are considering divisors D defined over the base field K, with ∗ associated vector spaces LK (D) := {f ∈ K(C) :(f) + D ≥ 0}.

2.2.3 The Weil pairing

In this section we briefly discuss an important map, called the Weil pairing. This is a bilinear map E[N] × E[N] → µN , µN the group of N-th roots of unity that satisfies properties of an inner product. It will provide a very useful tool throughout this essay. We first give a theorem that will help us in the construction of the Weil pairing. Let h : X → Y be a non-constant morphism between algebraic curves. Then we can define forward and reverse maps on the (degree 0) Picard groups of X and Y as follows: 0 0 P P h∗ : PicK¯ (X) → PicK¯ (Y ), h∗([ P nP (P )]) := [ P nP (h(P ))] and ∗ 0 0 ∗ P P P h : PicK¯ (Y ) → PicK¯ (X), h ([ Q nQ(Q)]) := [ Q nQ P ∈h−1(Q) eP (h)(P )]. Considering the case where C is an elliptic curve E, we have the following powerful theorem:

Theorem 2.9 The map ¯ DivK¯ (E) → E(K) X X nP (P ) 7→ [np]P

(where [nP ] is the multiplication by nP map in End(E)), induces an isomorphism 0 ∼ ¯ P P P PicK¯ (E) = E(K). Moreover nP (P ) is principal ⇐⇒ nP = 0 and [nP ]P = 0E.

Proof : [Dia & Shur], Theorem 7.3.3. 

Chapter 2. Modular curves 20 2.2. MODULAR CURVES AS ALGEBRAIC CURVES

Let us fix a field K of characteristic 0 and denote by µN the group of N-th roots of unity in K¯ . Let E denote an elliptic curve over K and E[N] := {P ∈ K¯ :

[N]P = 0E} the N-torsion subgroup of E. The structure theorem of Abelian groups ∼ and the separability of the multiplication by N map give E[N] = Z/NZ × Z/NZ. Take two points P,Q ∈ E[N], not necessarily distinct. Notice that since [N]P = 0E, then [N]P +[N]0E = 0E and we can invoke Theorem 2.9; there exists f ∈ K¯ (E) with divisor (f) = N(P ) − N(0E). Moreover, the map [N]: E(K¯ ) → E(K¯ ) is unramified (this is [Silverman 1], III, Theorem 4.10(c)) and thus pulling back the divisor of f by ∗ P P [N] gives [N] (f) = N −1 (R) − N −1 (S) = (f ◦ [N]). Elements R∈[N] (P ) S∈[N] (0E ) of the fibre [N]−1(P ) have the property that they live in the kernel of the [N 2] −1 2 −1 map. Hence [N] (P ) ⊆ E[N ] and [N] (0E) = E[N]. In particular, fixing an element R ∈ [N]−1(P ), the map E[N] → [N]−1(P ) given by S → R + S is a ∗ P bijection. So we can rewrite [N] (f) = N S∈E[N](R + S) − (S). Moreover the P 2 divisor α = S∈E[N](R + S) − (S) has degree 0 and since #E[N] = N , we have P 2 that S∈E[N] R + S − S = [N ]R = 0E. Invoking Theorem 2.9 again, there exists g ∈ K¯ (E) such that (g) = α. Therefore N(g) = (gN ) = Nα = [N]∗(f) = (f ◦ [N]) and possibly after rescaling g if necessary, f ◦ [N] = gN . But notice that from this deduction it follows that gN is constant. Indeed fixing some point x ∈ E(K¯ ), g(x + Q)N = f([N]x + [N]Q) = f([N]x) = g(x)N . Consequently, the function g(x+Q) ¯ g(x+Q) N g(x+Q)N g(x) ∈ K(E) satisfies ( g(x) ) = g(x)N = 1, i.e. it is an Nth root of unity in K¯ (E) (the group of which we denote by µN ).

Definition 2.10 - Weil pairing The Weil pairing of two points P,Q ∈ E[N] is the function

g(x + Q) e (Q, P ) := ∈ µ N g(x) N for any point x ∈ E(K¯ ).

We deduce some important properties:

Chapter 2. Modular curves 21 2.3. MODULAR CURVES AS MODULI SPACES

Proposition 2.11 The Weil pairing is:

1. Bilinear: eN (Q1 + Q2,P ) = eN (Q1,P )eN (Q2,P ) ;

−1 2. Alternating: eN (Q, Q) = 1, eN (Q, P ) = eN (P,Q) ;

3. Non-degenerate: If eN (Q, P ) = 1 for all Q ∈ E[N], then P = 0E ;

σ σ σ 4. Galois equivariant: eN (Q ,P ) = eN (Q, P ) , for all σ ∈ Gal(K/K¯ ) ;

5. Invariant under isomorphisms of elliptic curves

Proof : [Dia & Shur], Proposition 7.4.1. 

Hence we have a map eN : E[N] × E[N] → µN that is bilinear and non-degenerate. In particular we have the following lemma:

Lemma 2.12 Given an elliptic curve E over a field K we have that the Weil pairing is surjective and K(E[N]) ⊇ µN (where µN is the group of N-th roots of unity).

Proof : The image of eN on the product E[N] × E[N] is a subgroup of µN , i.e. it is the group of N 0-th roots of unity, for some N 0 | N. So for any points P,Q ∈ E[N], N 0 0 0 eN (Q, P ) = 1 = eN (Q, N P ) = eN (N Q, P ). So fixing P and varying Q in E[N], 0 by the non-degeneracy of eN we see that N P = 0E. But P was arbitrary and since E[N] contains points of order N, we conclude that we must have N 0 = N. This proves eN is surjective. For the second part of the theorem we make use of the Galois equivariance property of the Weil pairing. Consider P,Q ∈ E[N] which have coordinates in K(E[N]). Then for any σ ∈ Gal(K/K¯ (E[N])), P,Q are fixed by the action of σ σ σ σ and thus eN (P ,Q ) = eN (P,Q) = eN (P,Q). As a result, eN (P,Q) ∈ µN is also fixed by σ and since eN is surjective, we have that µN ⊆ K(E[N]). 

2.3 Modular curves as moduli spaces

We begin our study of this section by revisiting our archetypical example of X(1) and demonstrating how it can serve as a moduli space to the set Ell(C), the set of isomorphism classes of elliptic curves over C. This example also provides moti- vation as follows; since orbits of the action of SL2(Z) on H correspond to isomor- phism classes of elliptic curves over C, then one would expect that the inclusion Γ(N) ⊆ Γ1(N) ⊆ Γ0(N) ⊆ SL2(Z) would imply that orbits under these congruence subgroups would correspond to finer parametrizations of elliptic curves over C.

Chapter 2. Modular curves 22 2.3. MODULAR CURVES AS MODULI SPACES

2.3.1 Example 1.1 revisited: X(1) as a moduli space

2 3 Let us denote by Ell(C) the set of elliptic curves over C of the form y = 4x +Ax+B. 2 3 2 3 We define two elliptic curves y = 4x + A1x + B1, y = 4x + A2x + B2 over a ∗ 4 field K to be isomorphic over K when there exists α ∈ K such that α A1 = A2 6 2 3 and α B1 = B2. The isomorphism is given by the morphism (x, y) 7→ (α x, α y). Given E ∈ Ell(C), there exists a rank 2 lattice Λ ⊂ C such that C/Λ corresponds to E under the map F of Theorem 2.4 (this is guaranteed by Proposition 2.5). 0 0 Moreover, suppose E is another element of Ell(C) with corresponding lattice Λ . 0 To ask whether E and E are isomorphic over C is equivalent to ask whether there ∗ 0 0 exists α ∈ C such that Λ = αΛ (in this case Λ and Λ are said to be homothetic). 0 2 3 0 0 To see this, notice that E is given in affine form by y = 4x − g2(Λ ) − g3(Λ ). 4 But g (Λ0) = g (αΛ) = 60G (αΛ) = 60 P 1 = 60 P 1 = 60 P α = 2 2 4 λ∈αΛ λ4 λ∈Λ 1 λ4 λ∈Λ λ4 α4 4 0 6 2 3 0 0 α g2(Λ). Similarly g3(Λ ) = g3(αΛ) = α g3(Λ). Thus y = 4x − g2(Λ ) − g3(Λ ) = 3 4 6 2 3 4x −α g2(Λ)−α g3(Λ) and y = 4x −g2(Λ)−g3(Λ) is the affine form of E. Hence 0 E and E are isomorphic over C. So we can now restrict our attention to rank 2 lattices in C up to homothety. A canonical form of this would be the lattice Λτ = Z + τZ; given Λ = ω1Z + ω2Z we take the homothetic lattice 1 Λ = + ω2 (recall that Λ is a rank 2 lattice and ω 6= ω1 Z ω1 Z 1 0). A Z-basis of Λτ is given by {1, τ}. Any other basis is given by a transformation ! a b under a matrix G := ∈ GL2(Z). Since we ask for the basis of our lattice to c d live in the upper half plane H, we insist that the determinant of the matrix is +1, i.e. ! ! ! a b 1 a + bτ G ∈ SL2(Z). Also, another basis of Λτ would be = and in c d τ c + dτ fact all basis of Λτ are given by the set {(a + bτ, c + dτ): a, b, c, d ∈ Z, ad − bc = 1}. a+bτ So Λτ = (a + bτ)Z + (c + dτ)Z which is homothetic to Z + c+dτ Z (c + dτ 6= 0, otherwise if c = 0, then d = 0 which is a contradiction. If d = 0 then c = 0 which is ! −c a+bτ a b also a contradiction. If both c, d 6= 0, then τ = ∈/ H). But = ·τ and d c+dτ c d ! a b as a result Λτ and Λγ·τ (for γ = ) are homothetic. In particular this also c d 0 shows that if τ and τ are in the same SL2(Z) orbit, then Λτ and Λτ 0 are homothetic and therefore the elliptic curves Eτ and Eτ 0 are isomorphic. Conversely, if we are ∼ 0 given that Eτ = Eτ 0 , for corresponding lattices Λτ = Z + τZ,Λτ 0 = Z + τ Z, then ∗ 0 there exists α ∈ C such that α(Z + τZ) = αZ + ατZ = Z + τ Z. So there exists a ! ! ! ! a b a b τ 0 ατ change of basis matrix γ = ∈ SL2(Z), with = . This c d c d 1 α

Chapter 2. Modular curves 23 2.3. MODULAR CURVES AS MODULI SPACES

0 0 ατ aτ 0+b implies that α = cτ + d and ατ = aτ + b, thus α = cτ 0+d = τ. In other words, γ · τ 0 = τ.

To conclude, the orbits of the action of SL2(Z) on H correspond bijectively to isomorphism classes of elliptic curves over C. Since we are interested in the compactified modular curve X(1) = SL2(Z)\H ∪ {∞} we identify the cusp ∞ with a generalised elliptic curve of level 1 structure. As a final remark, observe that since the points of X(1) correspond to isomorphism classes of elliptic curves over C, we 2 3 ∗ can attach to an isomorphism class {E : y = 4x − g2(αΛ)x − g3(αΛ) : α ∈ C } an 3 1728g2(τ) invariant called the j-invariant which is the value of the function j(τ) = ∆(τ) (recall that the j-function is SL2(Z) invariant - see example 2.1.3) for Λ = Z + τZ being the lattice corresponding to the above isomorphism class.

2.3.2 The main theorem

The first notion we need to consider is the notion of an isogeny. As we have seen in Theorem 2.4 and Proposition 2.5, an elliptic curve over C corresponds to a rank 2 lattice Λ ⊂ C, which is in fact a subgroup of the additive group C. Given two elliptic curves E1/C,E2/C with corresponding lattices Λ1, Λ2, an isogeny between them is a non-zero holomorphic homomorphism φ : C/Λ1 → C/Λ2. The following lemma gives structural information of an isogeny:

∗ Lemma 2.13 Suppose φ : C/Λ1 → C/Λ2 is an isogeny. Then there exists α ∈ C such that φ(z + Λ1) = αz + Λ2.

Proof : This is Proposition 1.3.2 and Corollary 1.3.3 in [Dia & Shur]. 

So two elliptic curves E1/C,E2/C are isomorphic over C when there exists an isogeny φ : C/Λ1 → C/Λ2 that is an isomorphism. What we next consider is the notion of a modular pair of level N. We define a modular pair of level N to be the pair (E,EN ) where E/C is an elliptic curve and EN is some data of the N-torsion 0 0 subgroup E[N]. We will refer to two modular pairs (E,EN ), (E ,EN ) as being isomorphic when there exists an isogeny φ : E → E0 that is an isomorphism, taking 0 EN to EN . In the case of X(1), SL2(Z) is a large arithmetic group and hence its action on H identifies too many points. As a result, the quotient X(1) is not fine enough to distinguish between elliptic curves with different torsion data. However, if we consider a smaller congruence subgroup Γ of SL2(Z), the resulting identification space Y (Γ) is finer and more interesting. Before we move on to the main theorem that will give us a moduli inter- pretation of the modular curves Y0(N),Y1(N),Y (N), let us first investigate how

Chapter 2. Modular curves 24 2.3. MODULAR CURVES AS MODULI SPACES

the N-torsion subgroup E[N] of an elliptic curve E/C with corresponding lattice Λ = ω1Z + ω2Z, sits in the torus C/Λ. Suppose P ∈ E[N] with corresponding point on C/Λ, z + Λ (recall from Theorem 2.4 the bijection F : C/Λ → E(C)). Then

[N]P = 0E ⇐⇒ N(z + Λ) = Λ

⇐⇒ Nz ∈ Λ ω ω ⇐⇒ z ∈ 1 + 2 . N Z N Z

ω1 ω2 Hence E[N] corresponds to the subgroup ( N Z + N Z) + Λ ⊆ C/Λ. In particular, ω1 ω2 if C is a subgroup of E[N], then C corresponds to a subgroup of ( N Z + N Z) + Λ. We are now ready to move on to the main theorem of this section that describes the parametrized spaces for the modular curves Y0(N),Y1(N),Y (N) (this is Theorem 1.5.1 in [Dia & Shur]):

Theorem 2.14 Let N be a positive integer, τ ∈ H and Eτ the elliptic curve over C corresponding to the lattice Λτ = Z + τZ. Then we have the following:

1. The moduli space for Y0(N) is the set of modular pairs

1 S (N) := {(E , + Λ ): τ ∈ }. 0 τ N Z τ H

1 1 In particular, two pairs (Eτ , N Z + Λτ ) and (Eτ 0 , N Z + Λτ 0 ) are isomorphic if 0 and only if Γ0(N)τ = Γ0(N)τ . Thus there is a bijection ψ0 : S0(N) −→ Y0(N) 1 given by (Eτ , N Z + Λτ ) 7→ Γ0(N)τ.

2. The moduli space for Y1(N) is the set of modular pairs

1 S (N) := {(E , + Λ ): τ ∈ }. 1 τ N τ H

1 1 Two pairs (Eτ , N + Λτ ) and (Eτ 0 , N + Λτ 0 ) are isomorphic if and only if 0 Γ1(N)τ = Γ1(N)τ . So there is a bijection ψ1 : S1(N) −→ Y1(N) given by 1 (Eτ , N + Λτ ) 7→ Γ1(N)τ. 3. The moduli space for Y (N) is the set of modular pairs

τ 1 S(N) := {(E , ( + Λ , + Λ )) : τ ∈ }. τ N τ N τ H

τ 1 τ 0 1 Moreover, the pairs (Eτ , ( N + Λτ , N + Λτ )) and (Eτ 0 , ( N + Λτ 0 , N + Λτ 0 )) are isomorphic if and only if Γ(N)τ = Γ(N)τ 0 and thus there is a bijection τ 1 ψ : S(N) −→ Y (N), (Eτ , ( N + Λτ , N + Λτ )) 7→ Γ(N)τ.

Chapter 2. Modular curves 25 2.3. MODULAR CURVES AS MODULI SPACES

We summarize the content of this theorem:

• Y0(N) parametrizes modular pairs (E/C,C), where C is a cyclic subgroup of E[N] of order N.

• Y1(N) parametrizes modular pairs (E/C,Q), where Q is a point in E[N] of order N.

• Suppose (P,Q) is a Z/NZ-basis of E[N]. Recall that the Weil pairing eN (P,Q) has image in the group of N-th roots of unity in C, that we denote by µN . 2πik So eN (P,Q) = e N for some k ∈ Z and under normalization we may take k = 1. Then Y (N) parametrizes modular pairs (E/C, (P,Q)) where (P,Q) is 2πi a Z/NZ-basis of E[N] with eN (P,Q) = e N .

The proof of the theorem is in [Dia & Shur], Theorem 1.5.1. However, since the techniques employed are important, we reproduce it here:

Proof of Theorem 2.14:

1. Take any modular pair (E,C) where E/C is an elliptic curve and C a cyclic subgroup of E[N] of order N. Then E corresponds to a rank 2 lattice Λ = ω1Z+ω2Z and C to a sublattice Λ0 = cω1+dω2 , for some c, d ∈ . But 1 Λ = + ω1 =: N Z Z ω2 Z ω2 Z Λ , where τ := ω1 ∈ and 1 Λ0 = cτ+d =: Λ0 . Then the elliptic curve E τ ω2 H ω2 N Z τ τ corresponding to Λτ is isomorphic to E over C, since Λ and Λτ are homothetic (see cτ+d section 2.3.1). However, since N has order equal to N in the torus C/Λτ , we have that gcd(c, d, N) = 1. Hence by Euclid’s algorithm there exists k, a, b ∈ Z such that   a b   ad − bc − kN = 1. But then the matrix   has determinant 1 mod N and c d   a¯ ¯b   thus reduces to   ∈ SL2(Z/NZ) mod N. c¯ d¯

Since the map SL2(Z) → SL2(Z/NZ) mod N is surjective (see Lemma 6.1),     a¯ ¯b a0 b0     we may lift the matrix   ∈ SL2(Z/NZ) to γ :=   ∈ SL2(Z). How- c¯ d¯ c0 d0 0 cτ+d ever, since Λτ = N Z and in the torus C/Λτ we are interested in the points with

Chapter 2. Modular curves 26 2.3. MODULAR CURVES AS MODULI SPACES

  a b   c, d mod N, we may take without loss of generality γ =   ∈ SL2(Z). Let c d τ 0 := γ · τ and consider

Λτ = Z + τZ = (aτ + b)Z + (cτ + d)Z (under change of basis) aτ+b = (cτ + d)( cτ+d Z + Z)

= (cτ + d)(γ · τZ + Z) = (cτ + d)Λτ 0 .

As a result, Λτ 0 is homothetic to Λτ and Eτ 0 is isomorphic to Eτ . We also have that

0 cτ+d 1 0 0 1 Λτ = N Z = (cτ + d) N Z = (cτ + d)Λτ 0 (where we define Λτ 0 := N Z). Thus the 1 modular pair (E,C) is isomorphic to (Eτ 0 , N Z + Λτ 0 ). 1 1 0 Now suppose we have 2 pairs (Eτ , Z+Λτ ) and (Eτ 0 , Z+Λτ 0 ), with τ, τ ∈ N  N a b 0   H in the same Γ0(N)-orbit, i.e. γ · τ = τ for some γ =   ∈ Γ0(N). Then as c d 1 before, (cτ +d)Λτ 0 = Λτ and Eτ is isomorphic to Eτ 0 . Moreover, (cτ +d)( N Z+Λτ 0 ) = cτ+d d N Z+Λτ = N Z+Λτ , since c ≡ 0 mod N. But since h :=gcd(d, N) = 1 (otherwise d if h > 1, then h |detγ and detγ is not a unit in Z/NZ), N Z + Λτ is an order 1 N subgroup of Eτ [N] isomorphic to N Z + Λτ . Hence the two modular pairs are isomorphic.

1 Conversely, suppose we have two isomorphic modular pairs (Eτ , N Z + Λτ ), 1 ∗ (Eτ 0 , N Z + Λτ 0 ). Then the lattices Λτ , Λτ 0 are homothetic and there exists α ∈ C 0 1 α such that αΛτ = αZ + ατZ = Λτ 0 = Z + τ Z and α( Z + Λτ ) = Z + Λτ 0 = N  N a b 1 + Λ 0 . So there exists a change of basis matrix γ =   ∈ SL ( ) such that N Z τ   2 Z c d       τ 0 aτ 0 + b ατ       0 γ   =   =  . Thus α = cτ + d. Replacing this into the equation 1 cτ 0 + d α α 1 cτ 0+d 1 Z + Λτ 0 = Z + Λτ 0 , gives Z + Λτ 0 = Z + Λτ 0 . This implies that c ≡ 0 N N N N     aτ 0 + b ατ     mod N and gcd(d, N) = 1 =⇒ γ ∈ Γ0(N). From   =   we get that cτ 0 + d α aτ 0+b 0 0 cτ 0+d = τ, i.e. γ · τ = τ and τ, τ are in the same Γ0(N)-orbit.

Chapter 2. Modular curves 27 2.3. MODULAR CURVES AS MODULI SPACES

2. This is exactly as in case (1), though extra care needs to be taken for   a b   d ≡ 1 mod N (for γ =   ∈ Γ1(N)). c d 3. Take a modular pair (E, (P,Q)) where E/C is an elliptic curve and P,Q 2πi generators of E[N] with Weil pairing e N . Let Λ = ω1Z + ω2Z be the lattice

aω1+bω2 cω1+dω2 corresponding to E, P = N + Λ, Q = N + Λ (for some integers a, b, c, d).

Then as in case (1), Λ is homothetic to the lattice Λτ and E is isomorphic to Eτ

(for τ = ω1 ). Under this isomorphism we have that P,Q get mapped to the points ω2 aτ+b cτ+d Pτ = N + Λτ and Qτ = N + Λτ respectively. Moreover isomorphisms of elliptic 2πi curves preserve the Weil pairing (see Proposition 2.11) and hence eN (Pτ ,Qτ ) = e N . But aτ+b cτ+d eN (Pτ ,Qτ ) = eN ( N , N ) aτ cτ aτ d b cτ b d = eN ( N , N )eN ( N , N )eN ( N , N )eN ( N , N ) τ 1 ad τ 1 −bc = eN ( N , N ) eN ( N , N ) 2πi τ 1 ad−bc ( N )(ad−bc) = eN ( N , N ) = e .     a b a¯ ¯b     Thus ad−bc ≡ 1 mod N and the matrix   reduces to   ∈ SL2(Z/NZ) c d c¯ d¯   a¯ ¯b   mod N. As in case (1), we can take without loss of generality the lift of   to c¯ d¯   a b   0 be γ :=   in SL2(Z) and define τ := γ · τ. Then as before, Λτ = (cτ + d)Λτ 0 . c d   τ   Hence Eτ 0 is isomorphic to Eτ . Moreover letting α := cτ + d, we get that γ   = 1     aτ + b ατ 0 0 aτ+b τ 0 τ 0   =   and ατ = aτ +b. So P = +Λ = α +αΛ 0 = α( +Λ 0 )     τ N τ N τ N τ cτ + d α α 1 and Qτ = N + Λτ = α( N + Λτ ). As a result the modular pair (E, (P,Q)) is τ 0 1 isomorphic to (Eτ 0 , ( N + Λτ 0 , N + Λτ 0 )).

Chapter 2. Modular curves 28 2.3. MODULAR CURVES AS MODULI SPACES

τ 1 τ 0 Now suppose for two arbitrary pairs (Eτ , ( + Λτ , + Λτ )), (Eτ 0 , ( + N N  N a b 1 0 Λ 0 , +Λ 0 )), τ and τ are in the same Γ(N)-orbit. Then there exists γ =   ∈ τ N τ   c d 0 ∼ 1 Γ(N) such that γ·τ = τ . So (cτ+d)Λτ 0 = Λτ and Eτ = Eτ 0 . Also (cτ+d)( N +Λτ 0 ) = cτ+d 1 τ 0 aτ+b N +Λτ = N +Λτ , since c ≡ 0, d ≡ 1 mod N and (cτ +d)( N +Λτ 0 ) = N +Λτ = τ N + Λτ , since a ≡ 1, b ≡ 0 mod N. τ 1 τ 0 1 Conversely, suppose (Eτ , ( N + Λτ , N + Λτ )), (Eτ 0 , ( N + Λτ 0 , N + Λτ 0 )) are ∗ τ τ 0 isomorphic. Then there exists α ∈ C such that αΛτ = Λτ 0 and α( +Λτ ) = +Λτ 0 , N  N a b 1 1 α( + Λ ) = + Λ 0 . We have a change of basis matrix γ =   ∈ SL ( ) N τ N τ   2 Z c d       τ 0 aτ 0 + b ατ       0 0 such that γ   =   =   =⇒ α = cτ + d and ατ = aτ + b. 1 cτ 0 + d α ατ aτ 0+b τ 0 Replacing into the previous equations gives N +Λτ 0 = N +Λτ 0 = N +Λτ 0 , which α cτ 0+d 1 implies that a ≡ 1, b ≡ 0 mod N and N + Λτ 0 = N + Λτ 0 = N + Λτ 0 and in turn 0 aτ 0+b gives that c ≡ 0, d ≡ 1 mod N. Therefore γ ∈ Γ(N). But γ · τ = cτ 0+d = τ and 0 hence τ, τ are in the same Γ(N)-orbit. 

Chapter 2. Modular curves Chapter 3

Galois representations attached to elliptic curves over Q

In this section we study the so called l-adic representation attached to an elliptic curve E over Q. This representation essentially arises from the action of Gal(Q¯ /Q) on the torsion subgroups of E. These representations are ubiquitous in modern number theory since they can give a great deal of arithmetic information of an elliptic curve. Similarly, we have l-adic representations attached to modular curves given by the action of Gal(Q¯ /Q) on the torsion subgroups of the degree zero Picard group of modular curves. The study of the connection between these two classes of l-adic representations has been extremely fruitful. A classical example of the crucial role of these representations is the proof of Fermat’s last theorem.

3.1 The l-adic representation

We start by reviewing how does the absolute Galois group Gal(Q¯ /Q) acts on the Q¯ points of an algebraic curve defined over Q. Throughout this chapter we will ¯ denote by GQ the Galois group Gal(Q/Q). Suppose C/Q is a (smooth, projective) ¯ algebraic curve and (x, y) ∈ C(Q) in some affine chart. Then for σ ∈ GQ, we set (x, y)σ := (xσ, yσ). To deduce that this gives an action we need to check that σ σ (x , y ) ∈ C(Q), since the rest of the axioms of an action follow trivially. Indeed, if C = V (f , ..., f ) ⊆ 2 in some affine chart (where f , ..., f ∈ [x, y]), then writing 1 s AQ 1 s Q f = P a xjyk, we see that f σ(x, y) = (P a xjyk)σ = P aσ (xj)σ(yk)σ = i j,k∈N jk i j,k jk j,k jk P σ j σ k σ σ ¯ σ j,k ajk(x ) (y ) = fi(x , y ). Hence if (x, y) ∈ C(Q), then fi (x, y) = 0 = σ σ fi(x , y ). But this holds for any i ∈ {1, ..., s}. Thus for any polynomial f = Ps σ σ Ps σ σ σ σ Ps σ σ i=1 gifi ∈ hf1, ..., fsi, f(x , y ) = i=1 gi(x , y )fi(x , y ) = i=1 gi (x, y)fi (x, y) =

Chapter 3. Galois representations attached to elliptic curves over Q 30 3.1. THE L-ADIC REPRESENTATION

σ σ 0. So we conclude that (x , y ) ∈ C(Q¯ ). Since we have defined an elliptic curve E/Q to be a genus 1 algebraic curve over Q with a Q-rational point (that we call the point at infinity), we have that ¯ GQ acts on E(Q). Recall that we have defined the N-torsion points of E/Q as ¯ the subgroup E[N] = {P ∈ E(Q):[N]P = 0E}. This set is in fact the kernel of the multiplication by N map. By the separability of the map [N], we have that #E[N] = deg[N] = N 2 and by the structure theorem of Abelian groups, ∼ E[N] = Z/NZ × Z/NZ. So E[N] is a Z/NZ-module. To fix such an isomorphism, one needs to fix a basis of E[N]. Our next task is to show that GQ acts on E[N].

To see this, we first need to prove that the action of GQ respects the group law of the elliptic curve. Recall that the group law on an elliptic curve is defined via the so called “chord-tangent” construction; suppose we choose an affine chart not including the point at infinity. If P,Q ∈ E(Q¯ ) and L is a line passing through the two points then by Bezo´ut’stheorem, L intersects E at a third point R0. Then one defines P + Q := R, where R is the point of intersection of the vertical line through 0 R with E. So if in this affine chart L is given by ax + by = c (for a, b ∈ Q¯ ), then Lσ is given by aσ(xσ) + bσ(yσ) = cσ which is still a line. This line passes through P σ and Qσ and following through the definition of the group law we see that indeed σ σ σ P + Q = R . Thus the action of GQ indeed respects the group law. Consequently σ σ if P ∈ E[N] then [N]P = 0E and acting by σ ∈ GQ gives [N]P = 0E = 0E σ (0E = 0E since an elliptic curve has only one point at infinity, which is preserved).

So GQ acts on E[N].

In fact we see that the action of GQ on E[N] is far from being faithful and factors through the Galois group Gal(Q(E[N])/Q). So picking a basis P,Q of E[N] we have a representationρ ¯E,N : GQ → Gal(Q(E[N])/Q) ,→ GL2(Z/NZ) and can write down matrices explicitly as follows; let σ ∈ Gal(Q(E[N])/Q), then ! σ σ a b P = aP + cQ, Q = bP + dQ andρ ¯E,N (σ) = ∈ GL2(Z/NZ). c d From now on we shift from an arbitrary integer N (in order to follow the standard notation in the literature) and fix a prime l. We have seen that GQ has an action on E[N] for an arbitrary N ∈ N and so we can consider torsion subgroups of powers of l, E[ln]. For any element P ∈ E[ln], we have that [l]P ∈ E[ln−1] and so we have a map [l]: E[ln] → E[ln−1]. Moreover the sequence (E[ln], [l]) defines an inverse limit [l] [l] [l] E[l] ←− E[l2] ←− E[l3] ←− ...

Chapter 3. Galois representations attached to elliptic curves over Q 31 3.1. THE L-ADIC REPRESENTATION and we define this inverse limit to be the l-adic Tate module of E, denoted by

Ta (E) := lim E[ln]. l ←− n

n We also have another inverse system defined by the pairs (Z/l Z, [l]), where [l]: n n−1 Z/l Z → Z/l Z. Taking the inverse limit of this sequence we get the ring of l-adic integers := lim /ln . Now for any a ∈ /ln , P ∈ E[ln] =∼ /ln × /ln , Zl ←−n Z Z Z Z Z Z Z Z we have that [l](aP ) = a[l]P and so we have a commutative diagram

[l] E[ln] > E[ln−1]

a a ∨ ∨ [l] E[ln] > E[ln−1]

Therefore Tal(E) is a Zl-module. We also have that the action of GQ commutes n σ σ with the multiplication by l map; for any σ ∈ GQ, P ∈ E[l ], ([l]P ) = [l]P (since the action of GQ respects the group law of E). Thus we have another commutative diagram

[l] E[ln] > E[ln−1]

σ σ ∨ ∨ [l] E[ln] > E[ln−1] and Tal(E) is also a GQ-module. This action gives the l-adic representation of

GQ attached to an elliptic curve over Q,

ρl,E : GQ → GL2(Zl).

Given the l-adic representation ρl,E of GQ attached to E/Q, we can com- n pose it with the reduction mod l map (for some positive integer n), GL2(Zl) → n n GL2(Z/l Z) and get the mod l representation

n n ρ¯l,E : GQ → Gal(Q(E[l ])/Q) ,→ GL2(Z/l Z).

Chapter 3. Galois representations attached to elliptic curves over Q 32 3.1. THE L-ADIC REPRESENTATION

n So the determinant of a matrix with respect toρ ¯l,E mod l gives a map

n n ∗ det : GQ → Gal(Q(E[l ])/Q) → (Z/l Z) ,

n ρ¯l,E n det n ∗ which is the composite Gal(Q(E[l ])/Q) −→ GL2(Z/l Z) −→ (Z/l Z) . Since n Q(E[l ]) ⊇ µln (see Lemma 2.12), we have a character

n n ∗ χ¯ : GQ → Gal(Q(E[l ])/Q) → (Z/l Z) ,

n called the cyclotomic character mod l given by the action of GQ on µln (the n n group of l roots of unity in Q¯ ) that factors through Gal(Q(E[l ])/Q). Any gen- n n erator ζ of µln is a primitive l -th root of unity. Hence for σ ∈ Gal(Q(E[l ])/Q), ζσ = ζχ(σ), where ζχ(σ) is another primitive ln-th root of unity (since the action n n of Gal(Q(E[l ])/Q) sends a primitive l -th root of unity to another one) and thus n ∗ χ¯(σ) ∈ (Z/l Z) . We then have the following lemma:

Lemma 3.1 The cyclotomic character χ¯ is in fact the determinant map det(¯ρl,E).

n n σ Proof : Let P,Q ∈ E[l ] be a basis and σ ∈ Gal(Q(E[l ])/Q). Then write P = σ n aP + bQ, Q = cP + dQ (a, b, c, d ∈ Z), for the action of Gal(Q(E[l ])/Q) on the ! n a c basis of E[l ]. This givesρ ¯l,E(σ) = and det(¯ρl,E(σ)) = ad − bc. Applying b d the Weil pairing to their images we have that

σ σ eN (P ,Q ) = eN (aP + bQ, cP + dQ) a b = eN (P, cP + dQ) eN (Q, cP + dQ) ac ad bc bd = eN (P,P ) eN (P,Q) eN (Q, P ) eN (Q, Q) ad −bc = eN (P,Q) eN (P,Q) ad−bc = eN (P,Q) , i.e.

σ σ det(¯ρl,E (σ)) eN (P ,Q ) = eN (P,Q) .

σ σ σ But the Weil pairing is Galois equivariant and hence eN (P ,Q ) = eN (P,Q) = χ(σ) eN (P,Q) which givesχ ¯(σ) = det(¯ρl,E(σ)). 

n As a consequence of this, if we replace Q with a field K that contains µl , then n n n n ρ¯l,E mod l has image in SL2(Z/l Z) since the action of Gal(K(E[l ])/K) on µl is trivial.

What we further notice is that the action of GQ on µln in fact commutes with l the multiplication by l map ζ 7→ ζ , for ζ ∈ µln . Moreover, if ζ is primitive in µln ,

Chapter 3. Galois representations attached to elliptic curves over Q 33 3.2. GALOIS THEORY OF NUMBER FIELDS

l then ζ is primitive in µln−1 . Fixing a generator of µln gives an isomorphism with n Z/l Z and so the ring of l-adic integers Zl is a GQ-module, giving the cyclotomic character χ : G → ∗, (where ∗ = lim ( /ln )∗). Therefore we conclude that Q Zl Zl ←−n Z Z the two maps, the cyclotomic character and the determinant map with respect to the above actions, are equal.

3.2 Galois theory of number fields

In this section we review some of the basic material regarding the Galois theory of number fields, since this theory is naturally related to the l-adic representation of GQ. The reason behind this is that, as we have already seen, one can get a representation of the absolute Galois group of Q, by considering its action on the l-adic Tate module of an elliptic curve E/Q. But the Tate module is defined as n the inverse limit of the l torsion subgroups of E and the action of GQ on each term of a sequence of the Tate module factors through the Galois number fields n Q(E[l ])/Q. So let us start by fixing a Galois number field K/Q with Galois group G := Gal(K/Q). Take p ∈ Z prime. Then we have that the ideal (p) in OK , the ring of integers of K, decomposes into a product of prime ideals of OK , that we say that that they lie over p. Moreover the image of a prime ideal ℘ ∈ OK under σ ∈ G, is again a prime ideal. In addition we have that σ acts transitively on prime ideals of 0 OK lying over p, i.e. for any ℘, ℘ ∈ OK lying over p, there exists an element σ ∈ G such that ℘σ = ℘0. To see this, suppose ℘ and ℘0 are two distinct prime ideals lying 0 over p ∈ Z. Let x ∈ OK such that x ≡ 0 mod ℘ and x 6≡ 0 mod ℘ (the existence of such an element is guaranteed by the Chinese remainder theorem). Then the element y := Q xσ ∈ ℘ ∩ O (since the element y is fixed by the action σ∈Gal(K/Q) Q 0 0 of Gal(K/Q)). But ℘ ∩ OQ = ℘ ∩ Z = p ∈ ℘ . Since ℘ is a prime ideal, it follows σ 0 that there exists an element σ ∈ Gal(K/Q) such that x ≡ 0 mod ℘ . This in turn implies that x ≡ 0 mod ℘0σ−1 and since we have chosen x ≡ 0 mod ℘, ℘0σ−1 = ℘ or ℘σ = ℘0. As a result, it follows that if

e1 eg pOK = ℘1 ...℘g then ei = ej =: e for any i, j ∈ {1, ..., g}. We call this number e the ramification index of p. What we notice here is that since OK is a Dedekind domain, OK /℘i is a finite field for any prime ideal ℘i lying over p. Therefore OK /℘i is isomorphic to

Fpf , for some f ∈ N that we call the degree of inertia. One can also view OK /℘i as a vector space over Z/pZ. Then this vector space has dimension equal to f. We call the quotient OK /℘i the residue field.

Chapter 3. Galois representations attached to elliptic curves over Q 34 3.2. GALOIS THEORY OF NUMBER FIELDS

Let us denote by n the degree of the extension K/Q. Then one has that n = efg. We say that a prime p

• splits in OK if g > 1

• ramifies in OK if e > 1

• remains inert in OK if g = e = 1

Another result that we have from algebraic number theory is that a prime p ramifies in OK if and only if p divides the discriminant of K/Q (this is in [Neukirch], Chapter 3, Corollary 2.12). Hence it follows that only finitely many primes ramify in OK . To be able to make use of the full force of the following machinery we have developed we also need the following two constructions. Suppose we have the same setting as e1 eg before, i.e. pOK = ℘1 ...℘g and let us fix a prime ideal ℘ lying over p. Then we define the following:

Definition 3.2 The decomposition group of the prime ideal ℘ is defined to be the subgroup of the Galois group Gal(K/Q), which fixes the prime ideal ℘ as a set. Explicitly, σ D℘ := {σ ∈ Gal(K/Q): ℘ = ℘}.

In fact, this group has order equal to ef. This is because the Orbit-Stabilizer theorem gives that the order of Gal(K/Q) equals to the product of the size of the orbit of the action of this group on ℘ with the size of its stabilizer. The latter of the two is the order of D℘ and since the action is transitive, |Gal(K/Q)| = n = |D℘|g. But we also have that n = efg and so |D℘| = ef. Now notice that if we take σ ∈ D℘ σ σ and x + ℘ ∈ OK /℘, then (x + ℘) = x + ℘. Thus D℘ is acting on the residue field

OK /℘. The kernel of this action is defined to be the set of elements σ ∈ D℘ such σ that for any x + ℘ ∈ OK /℘,(x + ℘) = x + ℘. This gives a normal subgroup of D℘, that we call the inertia group.

Definition 3.3 The inertia group of the prime ideal ℘, is the subgroup of D℘ defined by

σ I℘ := {σ ∈ D℘ :(x + ℘) = x + ℘, for all x + ℘ ∈ OK /℘}

∼ Shifting our attention now back to the residue field OK /℘ = Fpf , we have that Gal((OK /℘)/Fp) is cyclic and generated by the Frobenius automorphism σp : p ∼ x 7→ x . The punchline of this machinery lies in the isomorphism D℘/I℘ = ˘ Gal((OK /℘)/Fp) = hσpi and the theorem of Cebotarev that we will soon state

Chapter 3. Galois representations attached to elliptic curves over Q 35 3.2. GALOIS THEORY OF NUMBER FIELDS

explicitly. We also remark that since |Gal((OK /℘)/Fp)| = f and |D℘/I℘| = ef/|I℘|, the order of the inertia group of ℘ equals to e.

Definition 3.4 Any lift of σp to a generator of D℘/I℘ is called a Frobenius ele- ment at ℘ and denoted by Frob℘.

Since Frob℘ ∈ Gal(K/Q) is the lift in the quotient D℘/I℘, then it is unique up to inertia, i.e. it is a coset in D℘/I℘. However, in the case when p is unramified,

|I℘| = e = 1, I℘ is trivial and Frob℘ is no longer a coset and does not depend on inertia.

Theorem 3.5 Cebotarev’s˘ density theorem (weak form): Let K/Q be a Ga- lois number field. Then every element of Gal(K/Q) takes the form Frob℘ for in- finitely many prime ideals ℘ of OK .

Proof : This is a consequence of [Neukirch], §3, Theorem 13.4. 

Thus any element of Gal(K/Q) is equal to Frob℘ for some prime ideal ℘ of OK , up to conjugacy. Now if ℘i, ℘j are two prime ideals lying over p, the following lemma gives a way of relating the decomposition and inertia groups as well as the Frobenius elements at the two prime ideals:

Proposition 3.6 For any σ ∈ Gal(K/Q) we have the following relations:

−1 σ D℘σ = D℘σ

−1 σ I℘σ = I℘σ

−1 σ Frob℘σ = Frob℘σ

σ τ σ στσ−1 −1 Proof : τ ∈ D℘σ ⇐⇒ (℘ ) = ℘ ⇐⇒ ℘ = ℘ ⇐⇒ στσ ∈ D℘. So −1 −1 D℘σ = σ D℘σ and similarly I℘σ = σ I℘σ. As a result, it follows that if Frob℘σ −1 −1 is a lift of σp ∈ Gal((OK /℘)/Fp) in D℘σ /I℘σ = σ (D℘/I℘)σ then σFrob℘σ σ is a −1 lift of σp in D℘/I℘, i.e. σFrob℘σ σ = Frob℘. 

This gives us a well-defined notion of ramification of the extension K/Q at a prime −1 p ∈ Z in the following sense; for a prime ideal ℘ lying over p, since σ I℘σ = I℘σ we have that |I℘| = |I℘σ |. Thus I℘ is trivial if and only if I℘σ is trivial. But Gal(K/Q) acts transitively on the prime ideals lying over p and hence we say that the extension

K/Q is unramified at p when I℘ is trivial for any prime ideal ℘ lying over p.

Chapter 3. Galois representations attached to elliptic curves over Q 36 3.3. GALOIS THEORY OF Q¯ /Q

3.3 Galois theory of Q¯ /Q

In the previous section we have developed the machinery that gives a nice link between the Galois group of a number field and the arithmetic of this field. In this section we study how this machinery can carry over to the case of the field extension Q¯ /Q which is of course not a finite extension. As a result, it does not belong to the case of number fields and the classical Galois theory of number fields here breaks down. There is a nice way to extend this theory of Galois number fields to the infinite case, which is based on choosing an appropriate topology for the infinite

Galois group GQ. In particular, the topology chosen here is the so called Krull topology. What is fundamental to the construction of this topology is to observe that fixing a Galois number field K the homomorphism GQ → Gal(K/Q) given by restricting the action to the field K, has kernel the normal subgroup M(K) := {σ ∈

GQ : σ |K = 1}. Then the corresponding cosets of the quotient GQ/M(K) are sets of the form Uσ(K) = {στ : τ ∈ M(K)}, where σ ∈ GQ. We choose as a basis for the Krull topology on GQ the sets of the form Uσ(K), for σ ∈ GQ and K a Galois number field.

The next step in our construction is a categorical description of GQ. In particular, for any Galois number fields K,K0 ordered by inclusion, i.e. K ⊂ K0, one associates their corresponding Galois groups. Then there is a surjective homo- 0 morphism φK0,K : Gal(K /Q) → Gal(K/Q). Moreover if K ⊂ L ⊂ M, then the homomorphism φM,K factors through φM,L ◦φL,K . Hence this setup actually defines an inverse system and taking the inverse limit over all Galois number fields we have that GQ is a pro-finite group

G = lim Gal(K/ ). Q ←− Q K

GQ equipped with the Krull topology satisfies the following Galois correspondence: The map N 7→ Gal(Q¯ /N) gives a 1 to 1 inclusion reversing correspondence between subextensions N/Q and closed subgroups of GQ. Conversely, the map

H H 7→ Q¯ gives an inverse correspondence to the previous map, where H is a closed subgroup ¯ H of GQ and Q denotes its fixed field.

Chapter 3. Galois representations attached to elliptic curves over Q 37 3.3. GALOIS THEORY OF Q¯ /Q

Now the main definitions of the previous section carry over to the case of ¯ GQ. The “ring of integers” of Q is now the ring of algebraic integers over Q which we denote by Z¯. Since Z¯ is not a Dedekind domain, we cannot expect to have the factorisation of a prime p ∈ Z into finitely many prime ideals of Z¯. However we can always pick a prime ideal ℘ ⊂ Z¯ lying over p, which is equivalent to a compatible system of primes lying over p in all number fields. As in the case of Galois number

fields, we define the decomposition group of ℘ as the subgroup of GQ that fixes ℘ σ ¯ ∼ ¯ as a set, D℘ := {σ ∈ GQ : ℘ = ℘}. Thus D℘ has an action on Z/℘ = Fp defined σ σ ¯ by (x + ℘) = x + ℘, for σ ∈ D℘ and x + ℘ ∈ Z/℘. The inertia group of ℘ σ is similarly defined to be the kernel of this action, I℘ := {σ ∈ D℘ :(x + ℘) = ¯ ∼ ¯ ¯ ¯ x + ℘, for all x + ℘ ∈ Fp}. So D℘/I℘ = Gal((Z/℘)/Fp) = Gal(Fp/Fp). Gal(Fp/Fp) p contains Frobenius automorphisms of the form σp : x 7→ x and any lift of σp to an element of D℘/I℘ is called the absolute Frobenius element at ℘ (or simply the Frobenius element at ℘ for simplicity) which again depends as a coset on I℘. Similarly as in the case of Galois number fields, we have the following relations: For any σ ∈ GQ, −1 σ D℘σ = D℘σ

−1 σ I℘σ = I℘σ

−1 σ Frob℘σ = Frob℘σ .

This analogue from Galois number fields carries over to the case of GQ because GQ acts transitively on the prime ideals lying over p in Z¯. Cebotarev’s˘ density theorem generalizes to the case of GQ as well with respect to the Krull topology:

Theorem 3.7 Cebotarev’s˘ density theorem: For each prime p ∈ Z choose a ¯ prime ideal ℘ ⊂ Z lying over p and an absolute Frobenius element at ℘, Frob℘.

Then the set {Frob℘}p, prime is a dense subset of GQ.

Proof : See [Neukirch], §3, Theorem 13.4. 

Moving our attention back to the l-adic representation ρl,E attached to an elliptic curve E/Q, given any prime p 6= l, we say that ρl,E is unramified at p when the inertia subgroup I℘ of any prime ideal ℘ lying over p acts trivially on Tal(E). −1 Notice that the definition is well defined because of the property I℘σ = σ I℘σ for

σ ∈ GQ and since GQ acts transitively on the prime ideals over p, any prime ideal over p is conjugate to ℘.

Chapter 3. Galois representations attached to elliptic curves over Q 38 3.4. A TASTE OF MODULARITY

3.4 A taste of modularity

In this section we show how does a number being attached to an elliptic curve E/Q called its conductor can serve as the tipping point of another bridge between the two worlds of elliptic curves and modular curves (other than the one of modular curves as moduli spaces of elliptic curves). So far, we have seen how does GQ acts on the Tate module Tal(E) of an elliptic curve E/Q. We have also seen that Tal(E) is a Zl-module. In fact one can do even better and turn Tal(E) into a 2- dimensional vector space over Ql (the field of fractions of Zl) by taking the tensor product Vl := Tal(E) ⊗Zl Ql, which is still a GQ-module. hence we get an extended representation ∼ ρl,E : GQ → Aut(Vl) = GL2(Ql).

At a prime p 6= l, we can take an ideal ℘ ⊂ Z¯ lying over p and consider the action I℘ of I℘ on Vl. Write Vl for the vector subspace fixed by the action of I℘ and define

I℘ tamep := 2 − dim(Vl ).

The next part we want to define is slightly more technical; let ℘0 be an ideal of Q(E[l]) lying over p and consider the higher ramification groups of Gal(Q(E[l])/Q) given by

σ 0 i+1 Gi := {σ ∈ Gal(Q(E[l])/Q): x ≡ x mod(℘ ) for all x ∈ OQ(E[l])}.

Then define ∞ X dim(E[l]/E[l]Gi ) wild := , p [G : G ] i=1 0 i G where E[l] i is the submodule fixed by the action of Gi on E[l] and G0 actually equals to I℘0 . Notice here that the above sum is in fact a finite sum since for large G enough i, Gi is trivial and dim(E[l]/E[l] i ) is eventually 0. Finally, set

ep := tamep + wildp.

If at a prime p, E/Q has good reduction then the N´eron-Ogg-Shafarevich criterion (see for example [Silverman 1], §7, Theorem 7.1) gives that ρl,E is unramified at p and so the action of I℘ is trivial. Hence tamep = wildp = 0. The conductor of the elliptic curve E/Q is defined as the product

Y ep NE := p . p

Chapter 3. Galois representations attached to elliptic curves over Q 39 3.4. A TASTE OF MODULARITY

One notices that since E/Q has bad reduction at a finite set of primes, by the above discussion, finitely many terms that are not equal to 1 appear in the above product and thus NE is a finite product. In the celebrated paper [B C D T], the authors prove that any elliptic curve E/Q is modular, the so called Modularity theorem. This is one of the most remarkable results in the mathematics of the 20-th century. A special case of it for the class of semistable elliptic curves was originally proved by Andrew Wiles and opened the way for the proof of Fermat’s last theorem. One interpretation of the Modularity theorem is the following ([Dia & Shur], Theorem 7.7.2):

Theorem 3.8 Let E/Q be an elliptic curve, with conductor NE. Then there exists a surjective morphism over Q between the algebraic curves X0(NE)/Q to E/Q.

Now that we have the notion of the conductor of an elliptic curve in hand, we state another important theorem that gives a more hands-on description of how the absolute Frobenius elements of GQ act on Tal(E).

Theorem 3.9 Let l be a rational prime and E/Q an elliptic curve with conductor NE. Then the Galois representation ρl,E is unramified at every prime p - lNE. For any such p let ℘ ⊂ Z¯ be a prime ideal lying over p. Then

det ρl,E(Frob℘) = p

tr ρl,E(Frob℘) = ap(E) ¯ where ap(E) = p + 1 − #E(Fp) as defined in section 2.2.2 and tr denotes the trace. 2 Thus the characteristic equation of ρl,E(Frob℘) is x − ap(E)x + p.

Proof : This is [Dia & Shur], Theorem 9.4.1. 

What there is to observe here is that det ρl,E(Frob℘) and tr ρl,E(Frob℘) in fact do not depend on the choice of a prime ideal ℘ ⊂ Z¯ lying over p. The reason behind this is essentially the fact that ρl,E is unramified at every prime p - lNE and so the action of the inertia subgroup for any prime ideal lying over p is trivial. Also, by −1 the properties of the trace and σ Frob℘σ = Frob℘σ we have that tr ρl,E(Frob℘σ ) = −1 tr ρl,E(σ Frob℘σ) = tr ρl,E(Frob℘). As a result, in this situation we omit the choice of a prime ideal ℘ lying over p and write det ρl,E(Frobp) and tr ρl,E(Frobp) instead. Another incarnation of the Modularity theorem states that given an ellip- tic curve E/Q of conductor NE, there exists a normalised new eigenform f = P∞ n n=1 anq of weight 2 and level Γ0(NE) such that tr ρl,E(Frobp) = ap (this is

Chapter 3. Galois representations attached to elliptic curves over Q 40 3.4. A TASTE OF MODULARITY in [Dia & Shur], Theorem 8.8.1). As an example, let’s consider the elliptic curve 2 3 2 E/Q : y + y = x − x − 10x − 20. This is a curve of conductor 11 obtained from Cremona’s tables of elliptic curves with conductor up to 10000. The computations in this example were done in SAGE and an attachment of the code can be found in Appendix - section 6.1, code 1 and 2. Considering the 3-adic representation attached to E, ρ3,E, we compute the trace of the Frobenius at primes p - 33 up to 50. We also consider the space of the cusp forms of weight 2 and level Γ0(11). It turns out that P∞ n this space is 1-dimensional and has a basis vector the cusp form f = n=1 anq whose q-expansion up to the q50 term can be found in Appendix - section 6.1, code 1. The results are summarised in the following table:

Prime p tr ρ3,E(Frobp) ap 2 7 7 5 1 1 7 7 7 13 4 4 17 7 7 19 0 0 23 8 8 29 0 0 31 7 7 37 3 3 41 1 1 43 3 3 47 8 8

Chapter 3. Galois representations attached to elliptic curves over Q Chapter 4

Surjectivity of Galois representations of elliptic curves over Q

Recall, from the previous section, that given an elliptic curve E over Q, we can always associate a representation of the Galois group GQ, using the action of GQ on the l-adic Tate module of E. A natural question would be whether this represen- tation, ρl,E : GQ → GL2(Zl), is surjective. To make the question more precise, one could ask for which elliptic curve E over a field K and for which integer l ∈ Z the representation ρl,E is surjective. This question is in general hard to answer (see for example [Greicius] for the general case). However, the case where E is defined over Q is very well understood and the aim of this section is to provide a satisfactory answer.

In [Serre 2], Serre observes a property SL2(Zl) has, which will be the main tool used in answering this question. Explicitly, Serre states it as a lemma:

Lemma 4.1 Let X be a closed subgroup of SL2(Zl) whose image under the reduction mod l map in SL2(Z/lZ) is surjective. Assume l ≥ 5. Then X = SL2(Zl).

Proof : [Serre 2], IV, 3.4, Lemma 3. 

n As we have seen in Lemma 3.1, for an elliptic curve E/Q and σ ∈ Gal(Q(E[l ])/Q), n n ∗ det(¯ρl,E(σ)) = χ(σ), where χ : Gal(Q(E[l ])/Q) → (Z/l Z) is the cyclotomic n character. However, we have also seen that Q(E[l ]) ⊇ µln (see Lemma 2.12) and Q does not contain any elements of µln apart from 1 or ±1 if l is odd or even respectively. Hence χ is surjective mod ln and the determinant map is surjective. If

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 42 4.1. THE GROUP G

n n the image ofρ ¯l,E mod l contains SL2(Z/l Z) and an element of every determinant n n mod l , then it must contain all the elements of GL2(Z/l Z). Therefore we conclude n n n n that ifρ ¯l,E : Gal(Q(E[l ])/Q) → GL2(Z/l Z) mod l is surjective on SL2(Z/l Z), n then it is surjective on GL2(Z/l Z). ¯ Now if ρl,E : Gal(Q/Q) → GL2(Zl) is surjective mod l thenρ ¯l,E is surjective on SL2(Z/lZ). Above lemma implies that for l ≥ 5, ρl,E is surjective on SL2(Zl) and by previous observation, ρl,E is surjective on GL2(Zl). However, for l < 5, the above phenomenon no longer occurs. In [Serre 2],IV, 3.4, Exercise 3, Serre gives a recipe on how to construct a lift G of SL2(Z/3Z) in SL2(Z/9Z), such that G is a proper subgroup of SL2(Z/9Z). This suggests the existence of elliptic curves with ¯ image ofρ ¯3,E(Gal(Q/Q)) mod 9 in SL2(Z/9Z) equal to G. These elliptic curves will be then surjective mod 3 and not mod 9 making ρ3,E not surjective. Elkies (in [Elkies]) uses the theory of modular curves and their property that they serve as moduli spaces to classify all elliptic curves with the above property. In this section we give an overview of Elkies approach and fill in some details omitted in [Elkies].

4.1 The group G

The group SL2(Z/3Z), which has order 24, is generated by the elements S := ! ! 0 1 1 1 and T := (notice that here, in order to keep up with Elkies no- −1 0 0 1 tation, S is the transpose of the matrix we called S in section 2.1.3). The relations that they satisfy are the following: S2 = −1, (ST )3 = T 3 = 1 (notice the misprint in [Elkies]). A computation using the computer package GAP (see Appendix - section

6.1, code 3), shows that SL2(Z/9Z) has 3 conjugacy classes of maximal subgroups, of which only 1 of them has order 24. In fact, this subgroup indeed reduces to

SL2(Z/3Z) mod 3. This is the group G we are searching for. As Elkies notes, to lift SL2(Z/3Z) to a subgroup G of SL2(Z/9Z) it is enough to lift S, T to matrices S,˜ T˜ modulo 9 satisfying the relations S2 = −1, (ST )3 = T 3 = 1. Moreover, Elkies claims that there are 27 such lifts all conjugate in the ! 0 4 automorphism group of the modular curve X(9). We choose S˜ = and 2 0 ! 4 1 T˜ = (notice here that S˜ is the transpose of Elkies S˜, since the latter does −3 4 not satisfy the desired relations). In turn we set G = hS,˜ T˜i.

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 43 4.2. THE MODULAR CURVE X(9)/G

4.2 The modular curve X(9)/G

As we saw in section 2.3, modular curves can serve as a moduli space for isomorphism classes of elliptic curves with some extra properties. We start with the modular curve X(9) which parametrizes modular pairs (E, (P,Q)) where P,Q are generators of 2πi E[9] satisfying e9(P,Q) = e 9 . The cusps of Γ(9) correspond to generalized elliptic curves with level 9 structure. Roughly speaking, these are pairs of generators of the ∼ group (Z/9Z) × µ9. Picking a generator of µ9 gives an isomorphism (Z/9Z) × µ9 = 2 (Z/9Z) and hence we have an obvious action of GL2(Z/9Z). For the purpose of this essay, these generalized elliptic curves serve no purpose and thus we say no more about them. However, the cusps of Γ(9) do have a significant role and we will study them in detail in succeeding sections. Notice that fixing a basis P,Q ∈ E[9] gives ∼ an isomorphism E[9] = Z/9Z × Z/9Z. Now it is clear that GL2(Z/9Z) has a natural action on E[9]. We also have an action of GL2(Z/9Z) on the group of 9-th roots det(g) of unity, µ9, via the determinant map; for g ∈ GL2(Z/9Z), ζ ∈ µ9, g · ζ := ζ . As a result, restricting this action to the subgroup SL2(Z/9Z), the action is trivial and therefore SL2(Z/9Z) respects the Weil pairing. In particular, we get an action of SL2(Z/9Z) on Y (9)(C). Since G ⊂ SL2(Z/9Z), G also acts on Y (9)(C). In particular, we view a G-orbit as the pair (E/C, { equivalence class of (P,Q) mod G}). G also has an action on the cusps of X(9)(C) (see section 4.4). The next step is that we want to make sense of a G-orbit to be “defined over a field extension K/Q”, where K contains µ9. We say that a G-orbit (E,[P,Q] mod G) is defined over K if

1. the elliptic curve E is defined over K

2. for any σ ∈ Gal(K(E[9])/K), (P,Q)σ ∈ [P,Q] mod G.

Hence (E,[P,Q] mod G) is defined over K if and only if E is defined over K and for any σ ∈ Gal(K(E[9])/K) there exists an element g ∈ G such that P σ = g · P and σ Q = g · Q. But then this implies thatρ ¯3,E(σ) mod 9 ∈ G. Therefore, we conclude that an orbit (E,[P,Q] mod G) is defined over K if and only if E is defined over K and the image of Gal(K/K¯ (ζ9)) on 9-torsion in basis given by P,Q is contained in G. As we saw in section 3.1, Lemma 3.1, if an elliptic curve E is defined over a field K which contains µl, thenρ ¯l,E mod l has image contained in SL(Z/lZ). ¯ Since we are interested in elliptic curves over Q, ρl,E(Gal(Q/Q)) ⊆ SL(Zl) can no longer be guaranteed. So instead of using the group G we consider a subgroup 0 0 G ⊆ GL2(Z/9Z) satisfying G ∩ SL2(Z/9Z) = G and elliptic curves over Q with

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 44 4.3. THE GROUP G0

0 ρ¯3,E ⊆ G mod 9. Recall that the action of GL2(Z/9Z) on the 9-th roots of unity ∗ is via the determinant map. Since det(GL2(Z/9Z)) ⊆ (Z/9Z) , GL2(Z/9Z) also acts on the primitive 9-th roots of unity. But the action of GL2(Z/9Z) on 9-torsion no longer preserves the Weil pairing and as a result we are forced to consider the ˜ ∗ disconnected modular curve X(9)(C) = {(E, P, Q, ζ): e9(P,Q) = ζ, ζ ∈ µ9} ∪ ∗ ∗ {(c, ζ): c ∈ C(X(9)), ζ ∈ µ9} (where µ9 denotes the primitive 9-th roots of unity). In fact, X˜(9)(C) is equal to 6 copies of X(9)(C), the number of primitive 9-th roots ˜ of unity. Then we have an action of GL2(Z/9Z) on X(9)(C) defined as follows; for detg g ∈ GL2(Z/9Z), g · (E, P, Q, ζ) = (g · (E,P,Q), ζ ) (the action g · (E,P,Q) is the same as in the case of SL2(Z/9Z) acting on Y (9)). It is worth noting here that ˜ SL2(Z/9Z) stabilizes the components of X(9)(C) and hence when we restrict its action to each component, the orbits remain the same as in the case of the action of SL2(Z/9Z) on Y (9).

4.3 The group G0

As pointed out in previous section, our next task now is to find a group G0 ⊆ 0 GL2(Z/9Z) satisfying G = G ∩ SL2(Z/9Z). Let s denote the index of the subgroup 0 ∗ 0 det(G ) in the group (Z/9Z) , which is the number of orbits of the action of G on the 0 primitive 9-th roots of unity. Then we see that X˜(9)(C)/G = s copies of X(9)/G. In particular, if we insist that our choice of the group G0 makes the determinant 0 ∗ 0 map G /G → (Z/9Z) an isomorphism, then s = 1 and X˜(9)/G = X(9)/G. What 0 would also follow is that G is normal in G , since SL2(Z/9Z) C GL2(Z/9Z) (being 0 the kernel of the determinant map) and G ⊆ SL2(Z/9Z), G ⊆ GL2(Z/9Z). In our case we can find a group G0 that makes the determinant map G0/G → ∗ (Z/9Z) an isomorphism and for which we have s = 1. The way we construct 0 0 ∗ this group G is using the determinant map G /G → (Z/9Z) to lift elements in ∗ GL2(Z/9Z) that normalize G. As suggested by Elkies, for the squares of (Z/9Z) = {−4, −2, −1, 1, 2, 4} we use invertible multiples of the identity. The squares of ! ∗ 4 0 (Z/9Z) are the elements {−2, 1, 4} for which we choose the matrices , 0 4 ! ! 1 0 2 0 and respectively. Notice that the matrices we’ve chosen are el- 0 1 0 2 ements of the center of GL2(Z/9Z) and hence normalize G. For −1, take the ! −1 0 matrix for which one can check explicitly that it does normalize G. 0 1

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 45 4.4. THE CUSPS OF X(9)/G

! ! ! −1 0 4 0 −4 0 Thus for the element 2, we take · = and for −4, take 0 1 0 4 0 4 ! ! ! −1 0 2 0 −2 0 · = . Then the coset representatives for G0/G are 0 1 0 2 0 2

( ! ! ! ! ! !) 1 0 2 0 4 0 −1 0 −4 0 −2 0 , , , , , . 0 1 0 2 0 4 0 1 0 4 0 2

One can check explicitly that G0/G is indeed a group and the determinant map 0 ∗ G /G → (Z/9Z) is well defined on classes. In particular, we can easily see that the ∼ ∗ map is an isomorphism. It is worth noting here, that since Gal(Q(ζ)/Q) = (Z/9Z) , 0 ∼ we have an isomorphism G /G = Gal(Q(ζ)/Q). As pointed out by Elkies, we now 0 have a model X˜(9)/G of X(9)/G over Q, which means we can ask for points on ˜ 0 0 X(9)/G (Q) that correspond to elliptic curves E/Q, withρ ¯3,E equal to G mod 9.

4.4 The cusps of X(9)/G

In this section we investigate the cusps of X(9)/G in a two step process: we first find the cusps of X(9), i.e. the set of orbits of the action of Γ(9) on 1 (that we denote PQ by C(Γ(9))) and then the orbits of the action of G on C(Γ(9)). A priori, it is not clear how does G act on C(Γ(9)). The following lemma ([Dia & Shur], Proposition 3.8.3) gives an explicit description of elements of C(Γ(9)) as pairs of integers mod 9 satisfying a certain condition.

0 Lemma 4.2 Let s = a , s0 = a ∈ 1 in lowest terms. Then c c0 PQ ! ! a0 a Γ(N)s0 = Γ(N)s ⇐⇒ = ±γ for some γ ∈ Γ(N) c0 c ! ! a0 a ⇐⇒ = ± mod N. c0 c

  w x 0   Proof : Suppose s = γ · s for some γ ∈ Γ(N). Write γ =  . Then if y z

0 a 0 0 0 a w c +x a wa+xc −(wa+xc) (−w)a+(−x)c s, s 6= ∞, s = γ · s ⇐⇒ 0 = a ⇐⇒ 0 = = = . c y c +z c ya+zc −(ya+zc) (−y)a+(−z)c Notice that gcd(wa + xc, ya + zc) = 1 since both the numerator and denominator

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 46 4.4. THE CUSPS OF X(9)/G

  0 0 a linearly combine back to a and c under γ−1. Hence a = wa+xc ⇐⇒   = c0 ya+zc   c0           wa + xc a a0 (−w)a + (−x)c a             = γ   or   =   = −γ  . ya + zc c c0 (−y)a + (−z)c c In the case where c = 0, s = ∞ we have

 

0 w x a =   · ∞ = w = −w ⇐⇒ a0 = w, c0 = y c0   y −y y z

(since gcd(w, y) = 1, otherwise 1 < gcd(w, y) | det(γ) which is a contradiction)             a0 a0 x 1 a0 a0 x 1             ⇐⇒   =     or   = −     c0 c0 z 0 c0 c0 z 0

(where we take a = 1 so that gcd(a, 0) = 1)     a0 1     ⇐⇒   = ±γ   . c0 0

Similarly if c0 = 0, s0 = ∞, a0 = 1, we have

  w x ∞ =   · a = wa+xc ⇐⇒ ya + zc = 0   c ya+zc y z             1 w x a 1 w x a             ⇐⇒   =     or   = −     0 y z c 0 y z c     1 a     ⇐⇒   = ±γ   . 0 c

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 47 4.4. THE CUSPS OF X(9)/G

      a0 a w x       Now suppose   = ±γ  , where γ =   ∈ Γ(N), i.e. w, z ≡ 1 mod N c0 c y z       a0 wa + xc a       and x, y ≡ 0 mod N. So   = ±   = ±   mod N. c0 ya + zc c     a0 a     Conversely suppose   = ±   mod N. Then there exists integers c0 c         a b 1 a a0         b, d such that γ :=   ∈ SL2(Z). We have that γ   =   =   c d 0 c c0       a a0 1 −1   −1     mod N. This implies that γ   = γ   =   mod N (†). Write c c0 0     αN + 1 1       =   mod N. Since gcd(αN + 1, βN) = 1, using Euclid’s algorithm βN 0 we can find integers A, B such that A(αN + 1) + BβN = 1 and (−αA)(αN + 1) +   αN + 1 xN 0   (−αB)(βN) = −α. Let y := −αA, x := −αB and γ :=  . We βN 1 + yN have that detγ0 = (αN + 1)(yN + 1) − βxN 2 = ((αN + 1)y − βxN)N + αN + 1 =     1 αN + 1 0 0     −αN + αN + 1 = 1 and hence γ ∈ Γ(N). Moreover, γ   =   0 βN         αN + 1 1 a0 1 0−1     −1     and (γ)   =  . We had that (†) γ   =   mod N βN 0 c0 0         αN + 1 a0 αN + 1 1   0 −1 −1   0 −1     =   which implies that (γ ) γ   = (γ )   =  . Fi- βN c0 βN 0     a0 a 0 −1 −1     nally applying γ gives γ(γ ) γ   =  . Notice that Γ(N) is the kernel of c0 c the reduction mod N map SL2(Z) → SL2(Z/NZ) which implies that Γ(N)CSL2(Z) and thus δ := γ(γ0)−1γ−1 ∈ Γ(N) gives s0 = δ · s.



Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 48 4.4. THE CUSPS OF X(9)/G

! a 2 Since there are a lot of lifts of ± mod N in Z and we insist on the ones c 0! a 0 0 a0 of the form such that gcd(a , c ) = 1 (since we want 0 to be in lowest terms) c0 c we make use of the following lemma: ! a 2 Lemma 4.3 Define an element ∈ Z as primitive when gcd(a, c) = 1 and c ! ! ! a¯ a a¯ 2 denote by := mod N. Then has a primitive lift in Z if and only if c¯ c c¯ gcd(a, c, N) = 1.

0! ! a 2 a¯ 0 0 0 0 Proof : If ∈ Z is a primitive lift of , then a =a ¯ + t N, c =c ¯+ k N, for c0 c¯ 0 0 0 0 integers t , k . Moreover, a =a ¯ + tN, c =c ¯+ kN, for t, k ∈ Z. Since gcd(a , c ) = 1, we can find integers x, y such that xa0 + yc0 = 1. But a0 = a + (t0 − t)N and c0 = c + (k0 − k)N. Therefore x(a + (t0 − t)N) + y(c + (k0 − k)N) = 1. Rearranging this gives xa+yc+N(x(t0−t)+y(k0−k)) = 1 and hence gcd(a, c, N) = 1. Conversely, if gcd(a, c, N) = 1, then there exists x, y, z ∈ Z such that xa + yc + zN = 1. So ! a −y the matrix given by has determinant congruent to 1 mod N, as a result c x its reduction mod N lives in SL2(Z/NZ). Using the fact that the reduction mod N map SL2(Z) → SL2(Z/NZ) is surjective (see Lemma 6.1), we can find a lift A := 0 0! ! a −y a¯ −y¯ 0 0 0 0 ∈ SL2(Z) of ∈ SL2(Z/NZ). But then det(A) = x a + y c = 1 c0 x0 c¯ x¯ 0 0 and thus gcd(a , c ) = 1. 

We are now in good shape finding the cusps of Γ(9). We first list all the pairs ! a 2 ∈ Z with a, c ∈ {0, 1, ..., 8} and gcd(a, c, 9) = 1; c

( ! ) ( ! ) a a : a ∈ {1, 2, 4, 5, 7, 8}, c ∈ {0, 3, 6} ∪ : a ∈ {0, 1, ..., 8}, c ∈ {1, 2, 4, 5, 7, 8} . c c

Notice that we have 72 elements in total. Next we collect them in pairs of the form ! a ± mod 9; c

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 49 4.4. THE CUSPS OF X(9)/G

! ! ! 1 2 4 ± , ± , ± 0 0 0 ! a ± : a ∈ {0, 1, ..., 8}, c ∈ {1, 2, 4} c ! a ± : a ∈ {1, 2, 4, 5, 7, 8}. 3 This gives 36 pairs, half of the 72 elements of the previous step. For each of these 0! a 2 pairs we then find a good lift ∈ Z (whose existence is now guaranteed by the c0 0 above lemma) satisfying gcd(a0, c0) = 1 and corresponding to the cusp a ∈ 1 ; c0 PQ

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 50 4.4. THE CUSPS OF X(9)/G

! ! a a ± mod 9 Lift Cusp ± mod 9 Lift Cusp c c ! ! ! ! 1 1 6 6 ± ∞ ± 6 0 0 2 11 11 ! ! ! ! 2 2 7 7 ± 2 ± 7 0 9 9 2 2 2 ! ! ! ! 4 4 8 8 ± 4 ± 8 0 9 9 2 11 11 ! ! ! ! 0 0 1 1 ± 0 ± 1 1 1 3 3 3 ! ! ! ! 1 1 2 2 ± 1 ± 2 1 1 3 3 3 ! ! ! ! 2 2 4 4 ± 2 ± 4 1 1 3 3 3 ! ! ! ! 3 3 5 5 ± 3 ± 5 1 1 3 3 3 ! ! ! ! 4 4 7 7 ± 4 ± 7 1 1 3 3 3 ! ! ! ! 5 5 8 8 ± 5 ± 8 1 1 3 3 3 ! ! ! ! 6 6 0 9 ± 6 ± 9 1 1 4 4 4 ! ! ! ! 7 7 1 1 ± 7 ± 1 1 1 4 4 4 ! ! ! ! 8 8 2 11 ± 8 ± 11 1 1 4 4 4 ! ! ! ! 0 9 3 3 ± 9 ± 3 2 2 2 4 4 4 ! ! ! ! 1 1 4 4 ± 1 ± 4 2 2 2 4 13 13 ! ! ! ! 2 2 5 5 ± 2 ± 5 2 11 11 4 4 4 ! ! ! ! 3 3 6 6 ± 3 ± 6 2 2 2 4 13 13 ! ! ! ! 4 4 7 7 ± 4 ± 7 2 11 11 4 4 4 continued on next page

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 51 4.4. THE CUSPS OF X(9)/G

continued from previous page ! ! a a ± mod 9 Lift Cusp ± mod 9 Lift Cusp c c ! ! ! ! 5 5 8 8 ± 5 ± 8 2 2 2 4 13 13

Since we have found a bijection between the cusps of Γ(9) and elements of ( ! ) a the set ± mod 9 , the action of G ⊆ SL2(Z/9Z) is the one given by matrix c multiplication on the elements of the second set. In particular, it turns out that this action has 3 set of orbits which are summarized in the following table:

Orbit of 0 under G Orbit of 1 under G Orbit of ∞ under G ! ! ! a a a ± mod 9 C(Γ(9)) ± mod 9 C(Γ(9)) ± mod 9 C(Γ(9)) c c c ! ! ! 4 2 1 ± 4 ± 2 ± ∞ 0 9 0 9 0 ! ! ! 0 1 2 ± 0 ± 1 ± 2 1 1 1 ! ! ! 1 4 3 ± 1 ± 4 ± 3 2 2 1 1 ! ! ! 2 5 6 ± 2 ± 5 ± 6 2 11 1 1 ! ! ! 7 8 7 ± 7 ± 8 ± 7 2 2 1 1 ! ! ! 8 3 0 ± 8 ± 3 ± 9 2 11 2 2 2 2 ! ! ! 2 4 4 ± 2 ± 4 ± 4 3 3 2 11 3 3 ! ! ! 7 5 5 ± 7 ± 5 ± 5 3 3 2 2 3 3 ! ! ! 1 6 2 ± 1 ± 6 ± 11 4 4 2 11 4 4 ! ! ! 3 1 4 ± 3 ± 1 ± 4 4 4 3 3 4 13 continued on next page

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 52 4.5. THE FIELD OF DEFINITION OF THE CUSPS OF X(9)/G

continued from previous page Orbit of 0 under G Orbit of 1 under G Orbit of ∞ under G ! ! ! a a a ± mod 9 C(Γ(9)) ± mod 9 C(Γ(9)) ± mod 9 C(Γ(9)) c c c ! ! ! 6 8 5 ± 6 ± 8 ± 5 4 13 3 3 4 4 ! ! ! 8 0 7 ± 8 ± 9 ± 7 4 13 4 4 4 4

We conclude that X(9)/G has 3 cusps, of which we choose representatives {0, 1, ∞}.

4.5 The field of definition of the cusps of X(9)/G

What we want to understand now is how the absolute Galois group of Q acts on the cusps of X(9)/G. In particular we want to consider the model of X(9)/G over Q, given by X˜(9)/G0. This will give us an indication of whether the cusps are indeed defined over Q or not (i.e. whether the corresponding generalised elliptic curves are defined over Q or not). Recall that we gave a description of X˜(9) as the set {(E, P, Q, ζ): e9(P,Q) = ζ}, where ζ is a primitive 9-th root of unity, E/C an elliptic curve and P,Q generators of E[9]. Given an element (E, P, Q, ζ) ∈ X˜(9), ∗ a 2πi a 2πi take a ∈ (Z/9Z) such that ζ = e 9 . This gives e9(P,Q) = e9(P, aQ) = e 9 2πia and we identify (E, P, Q, ζ) with the pair (τ, e 9 ) where E/C corresponds to the 1 τ ˜ lattice Λ = Z + τZ and 9 , 9 get mapped to P, aQ. So we can rewrite X(9) as ∗ ∗ the set {(τ, ζ): τ ∈ X(9), ζ ∈ µ9} (where µ9 denotes the set of primitive 9-th ˜ roots of unity). Then the action of GL2(Z/9Z) on the new realisation of X(9) is ! 0 detγ 0 1 0 given as follows; for γ ∈ GL2(Z/9Z), γ ·(τ, ζ) := (γ ·τ, ζ ), where γ = γ , 0 a −1 0 0 a = (detγ) (notice here that detγ = a detγ = 1 and hence γ ∈ SL2(Z/9Z) giving an action on the elements of X(9)). The action on the cusps is similarly given by γ · (c, ζ) := (γ · c, ζdetγ), where c ∈ C(X(9)) are being considered as elements of 2 (Z/9Z) (see Lemma 4.2). Notice that again the stabilizer of each component of ˜ X(9) is given by SL2(Z/9Z) and thus the orbits are preserved. ˜ ∗ Now that we can realise X(9) as the set {(τ, ζ): τ ∈ X(9), ζ ∈ µ9}, we can ˜ ∗ view the cusps of X(9) as the set {(c, ζ): c ∈ C(X(9)), ζ ∈ µ9}. Then we have an action of Gal(Q¯ /Q) on C(X˜(9)) defined by σ ∈ Gal(Q¯ /Q), (c, ζ) ∈ C(X˜(9)),

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 53 4.5. THE FIELD OF DEFINITION OF THE CUSPS OF X(9)/G

σ σ (c, ζ) := (c, ζ ) and as a consequence the action factors through Gal(Q(ζ)/Q). However, the G0-orbits of C(X˜(9)) are not Galois invariant under this action of 0 Gal(Q¯ /Q); given σ ∈ Gal(Q¯ /Q), (c, ζ) a representative of a G -orbit of C(X˜(9)), we have that (c, ζ)σ = (c, ζσ). We can find an element γ ∈ G0 such that (ζσ)detγ = ζ 0 ∗ 0 (since det : G /G → (Z/9Z) is an isomorphism), but we can’t always find γ ∈ G such that γ · c = c and (ζσ)detγ = ζ. Hence(c, ζ) and (c, ζ)σ are not always in the same G0-orbit. As a result, the cusps of X˜(9)/G0 and therefore of X(9)/G are not Q-rational. In our attempt to find the field of definition of the cusps of X˜(9)/G0, we 0 observe the following; for the cusp ∞ ∈ C(X˜(9)/G ), if σ ∈ Gal(Q(ζ)/Q) maps (∞, ζ) 7→ (∞, ζa), then (∞, ζ) and (∞, ζa) are in the same G0-orbit if and only ! a b if there exists a matrix g = ∈ G0 such that g · (∞, ζ) = (∞, ζa) ⇐⇒ c d ! detg a 1 2 (g · ∞, ζ ) = (∞, ζ ). Recall that ∞ corresponds to the pair ± ∈ (Z/9Z) . 0 ! ! ! ! a b ±1 a 1 Thus, (g · ∞, ζdetg) = (∞, ζa) ⇐⇒ = ± = ± and detg = c d 0 c 0 ! ±1 b a ⇐⇒ g = and a = detg = ±1. Using GAP (see Appendix - section 0 1 ! ! a b ±1 0 6.1, code 4) we find that the only matrices in G of the form are . 0 1 0 1 ∗ The determinants of these matrices are ±1 ∈ (Z/9Z) and under the isomorphism ∗ ∼ (Z/9Z) = Gal(Q(ζ)/Q), they correspond to the automorphisms ζ 7→ ζ and ζ 7→ −1 ζ . The fixed field of the subgroup of these two automorphisms in Gal(Q(ζ)/Q) is −1 −1 3 3 −1 3 the field K := Q(ζ + ζ ). Notice that (ζ + ζ ) = ζ + 3(ζ + ζ ) − ζ − 1 (since 6 6 3 −1 3 −1 the minimal polynomial of ζ is Φ9(x) = x +x +1). So (ζ +ζ ) = 3(ζ +ζ )−1 and ζ +ζ−1 satisfies the polynomial x3 −3x+1 which is easily seen to be irreducible over Q and consequently it is the minimal polynomial. Therefore K/Q is a degree 3 extension. We conclude that the cusp ∞ is defined over K and the other two cusps of X˜(9)/G0 (and hence of X(9)/G) are the conjugates of the cusp ∞ under the action of Gal(K/Q). As pointed out by Elkies, the fact that the cusps are not defined over Q will make the case of finding rational functions on X(9)/G trickier, since these will no longer have coefficients in Q, but in K.

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 54 4.6. THE GENUS OF X(9)/G

4.6 The genus of X(9)/G

So far, we have only seen a moduli description of X(9)/G. Recall that we viewed a point on X(9)/G as the modular pair (E/C, { equivalence class of (P,Q) mod G}) with e9(P,Q) = ζ9. However, it is also useful (for example in computing the genus of X(9)/G) to see how does X(9)/G looks like as a Riemann surface. So we are looking for a congruence subgroup Γ such that X(9)/G = X(Γ). Let

ΓG := {g ∈ SL2(Z): g ∈ G mod 9}. Notice that Γ(9) ⊆ ΓG and as a result, ΓG is a congruence subgroup.

Claim: X(9)/G = X(ΓG).

Proof : To prove this, we show that the two modular curves give the same moduli space. We follow the same line of argument as in the proof of Theorem 2.14. Take a modular pair (E/C, {equivalence class of (P,Q) mod G}) with e9(P,Q) = ζ9. Then as pointed out in the proof of Proposition 2.5, E corresponds to a lattice Λ and is homothetic to Λτ for some τ ∈ H. Moreover, in the proof of Theorem 2.14 we saw that the modular pair (E, (P,Q)) (where (P,Q) are representatives of the τ 0 1 equivalence class) is isomorphic to (Eτ 0 , ( 9 + Λτ 0 , 9 + Λτ 0 )) and the Weil pairing is τ 1 τ 0 1 preserved. Take two arbitrary pairs (Eτ , ( + Λτ , + Λτ )), (Eτ 0 , ( + Λτ 0 , + Λτ 0 )) 9 9 9 9! 0 a b and suppose τ and τ are in the same ΓG-orbit. So there exists γ = ∈ ΓG c d 0 0 ∼ such that γ·τ = τ . Therefore (cτ +d)τ = aτ +b,(cτ +d)Λτ 0 = Λτ and Eτ = Eτ 0 (see 1 the proof of Theorem 2.14 for the omitted details). Moreover, (cτ + d)( 9 + Λτ 0 ) = cτ+d τ 0 aτ+b 2 +Λτ and (cτ +d)( +Λτ 0 ) = +Λτ Choosing an isomorphism with (Z/9Z) , 9 9 9 ! τ 1 a b + Λτ 7→ (1, 0), + Λτ 7→ (0, 1) we have that for γ = ∈ ΓG (denote by 9 9 c d ! a¯ ¯b γ¯ = its image mod 9 which lies in G), c¯ d¯

aτ¯ + ¯b (1, 0)¯γ = (¯a, ¯b) 7→ + Λ 9 τ

cτ¯ + d¯ (0, 1)¯γ = (¯c, d¯) 7→ + Λ . 9 τ τ 1 aτ¯ +¯b cτ¯ +d¯ τ 1 Henceγ ¯ :( 9 + Λτ , 9 + Λτ ) 7→ ( 9 + Λτ , 9 + Λτ ) and (Eτ , ( 9 + Λτ , 9 + Λτ )), aτ¯ +¯b cτ¯ +d¯ (Eτ , ( 9 + Λτ , 9 + Λτ )) are in the same G-orbit. As a result, the modular pairs τ 1 τ 0 1 (Eτ , ( 9 + Λτ , 9 + Λτ ) mod G) and (Eτ 0 , ( 9 + Λτ 0 , 9 + Λτ 0 ) mod G) are isomorphic. τ 1 τ 0 1 Conversely, suppose (Eτ , ( 9 +Λτ , 9 +Λτ ) mod G), (Eτ 0 , ( 9 +Λτ 0 , 9 +Λτ 0 ) mod G)

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 55 4.6. THE GENUS OF X(9)/G

∗ τ 0 are isomorphic. Then there exists α ∈ C such that αΛτ 0 = Λτ and α( + Λτ 0 ) = ! 9 aτ+b 1 cτ+d a b + Λτ , α( + Λτ 0 ) = + Λτ , for ∈ G (here we use the same iso- 9 9 9 c d ! w x morphism as before). We have a change of basis matrix γ = ∈ SL2(Z) y z ! ! ! τ wτ + x ατ 0 such that γ = = =⇒ α = yτ + z and ατ 0 = wτ + x. 1 yτ + z α ατ 0 aτ+b wτ+x Replacing into the previous equations gives + Λτ = + Λτ = + Λτ and 9 9 ! 9 α cτ 0+d yτ+z a b + Λτ = + Λτ = + Λτ . This implies that γ ≡ mod 9 and thus 9 9 9 c d wτ+x 0 0 γ ∈ ΓG. But γ · τ = yτ+z = τ and hence τ, τ are in the same ΓG-orbit.  We would now like to compute the genus of X(9)/G as a Riemann surface,

dΓG 2 3 ∞ using the genus formula gX(ΓG) = 1 + 12 − 4 − 3 − 2 . This involves computing the following unknowns; dΓG which is the projective index of ΓG, 2, 3 and ∞ which are the elliptic points of period 2 and 3 in X(ΓG) and the number of cusps of

X(ΓG). We have already computed the last unknown in the list and we have found that ∞ = 3. Unfortunately, the computations regarding the rest of the unknowns are very large to be done by hand and we use the aid of the computer program SAGE to compute them. The code can be found in Appendix - section 6.1, code

5. It turns out that the projective index of X(ΓG) is 27 and X(ΓG) has 3 elliptic points of period 2 and 3 of period 3. Plugging these into the formula gives

27 3 3 3 g = 1 + − − − = 0. X(ΓG) 12 4 3 2

Consequently, X(ΓG) is a genus 0, compact Riemann surface. By the classification of compact Riemann surfaces, X(ΓG) is analytically isomorphic to the Riemann sphere 1 . PC However, in our case we are interested in the Q-structure of X(9)/G. In 0 section 4.3, we have found a Q-model of X(9)/G, namely X˜(9)/G . In general though, a projective non-singular algebraic curve C defined over Q of genus 0, need not be algebraically isomorphic over with 1 . As an example, consider the Q PQ projective subvariety of 2 , given by C := {[x : y : z] ∈ 1 : x2+y2+2z2 = 0}. Then √ PQ √ PQ the map [x : y] → [ 2(x2 − y2) : 2 2xy : i(x2 + y2)] gives an algebraic isomorphism √ of C with 1 over (i, 2). It is clear that the equation x2 + y2 + 2z2 = 0 has PQ Q no solution over R and hence no solution over Q. As a result C has no Q-rational points and therefore no algebraic isomorphism of C with 1 over can exist. A PQ Q theorem that gives a sufficient condition for an algebraic curve of genus 0 defined

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 56 4.7. MODULAR UNITS AND SIEGEL FUNCTIONS over to be algebraically isomorphic to 1 states the following: Q PQ

Theorem 4.4 Max Noether: If C/Q is a genus 0 projective non-singular alge- braic curve that has a -rational divisor of odd degree, then C =∼ 1 . Q PQ

Proof : Let D be a divisor of C of odd degree, say 2n + 1, defined over Q. Then denote, as usual, by KC a canonical divisor of C defined over Q. We have that deg(KC ) = 2genus(C) − 2 = −2 ([Silverman 1], II, Corollary 5.5(b)) and as a result, 0 0 the divisor D := D + nKC has degree 1. In particular, D is fixed by the action of Gal(Q¯ /Q) and thus it is defined over Q. Riemann-Roch theorem states that 0 0 0 0 l(D ) − l(KC − D ) = deg(D ) − genus(C) + 1 = 1 − 0 + 1 = 2. Hence l(D ) ≥ 2. 0 Since L(D ) has a basis of functions in Q(C) (see Proposition 2.8), we can take f ∈ 0 0 0 0 Q(C)∩L(D ), which has (f)+D ≥ 0 and deg((f)+D ) = deg(f)+degD = 0+1 = 1. But an effective divisor of degree 1 is necessarily a point, i.e. (f) + D0 =: (P ) is a 0 Q-rational point on C. Similarly, as in the case of D , Riemann-Roch gives l(P ) ≥ 2 and consequently L(P ) has a non-constant element g ∈ Q(C) that has a simple pole at P (and is in fact locally injective) and can serve as an isomorphism C =∼ 1 (by PQ projecting about the point P via g). 

The natural cover X(ΓG) → X(1) is of degree 27 which is odd (the index [SL2(Z):ΓG] is equal to 27; see Appendix - section 6.1, code 5 for the computation). Hence the preimage of the cusp ∞ of X(1) under the natural cover is a Q-rational divisor of odd degree. Therefore, Theorem 4.4 now tells us that indeed X(ΓG) is algebraically isomorphic to 1 . This is indeed great news since we now stand a PQ chance of finding this isomorphism, that will allows us to read off the Q-rational points of X(9)/G.

4.7 Modular units and Siegel functions

Definition 4.5 -A modular unit on a modular curve X(Γ) is a modular function (i.e. an element of its function field) whose divisor is supported at the cusps of X(Γ).

2 2πiτ 2πiz Definition 4.6 - Let a = (a1, a2) ∈ Z , qτ = e , qz = e . Then the Siegel function corresponding to the vector a is defined to be the function on given by 1 H a1−1 n 2 B2(a1) 2πia ∞ n q 2 1 g (τ) := −q e 2 2 (1−q ) Q (1−q q )(1− τ ), where B (x) = x −x+ a τ z n=1 τ z qz 2 6 is the second Bernoulli polynomial.

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 57 4.7. MODULAR UNITS AND SIEGEL FUNCTIONS

We can also express a Siegel function as a product of Klein forms

∞ 1 a (a −1) πia2(a1−1) 2 1 1 Y n n −1 n −2 k(a1,a2)(τ) := e qτ (1 − qz) (1 − qτ qz)(1 − qτ qz )(1 − qτ ) n=1

1 1 1 12 Q∞ n 2 and ∆ 12 = 2πiqz n=1(1 − qz ) . In particular, we have ga(τ) = ka(τ)∆ 12 (see [Kub & Lang] p.29, for a proof of this). We know that ∆(τ) is a modular form of level SL2(Z) (and thus of level Γ(N), for all N ≥ 1) and weight 12. It follows that 1 ∆(τ) 12 is also of level SL2(Z) and weight 1 . The Siegel functions satisfy some nice properties that serve for our purpose, that is:

2 Theorem 4.7 Assume that a ∈ Z has denominator dividing N. Then the Siegel 12N function ga is a modular function of level SL2(Z) and ga is of level Γ(N). Fur- thermore, ga has no zeroes or poles on H and hence its divisor is supported at the cusps (i.e. it is a modular unit).

Proof : This is [Kub & Lang], Chapter 2, Theorem 1.2. 

As a result, we can think of the Siegel functions as generalizations of the modular form ∆ which is also a modular unit, with a simple zero at the cusp ∞ of X(1). 12N For our purpose though, ga is quite restrictive since the theorem requires that a = (a1, a2) has a2 | N. To be more precise, since the cusps of X(9) correspond bijectively to ±(a, b) mod 9, such that a, b are coprime (see Lemma 4.3), we need to find a modular function of level Γ(9) that is also a modular unit, such that the restriction a2 | N is no longer there. For this, we make use of the following theorem:

Q m(r) Theorem 4.8 A product f = r kr of Klein forms is modular of level Γ(N) ⇐⇒ the family {m(r)} satisfies the following “quadratic” relations: P 2 P 2 P N odd: m(r)r1 ≡ m(r)r2 ≡ m(r)r1r2 ≡ 0 mod N P 2 P 2 P N even: m(r)r1 ≡ m(r)r2 ≡ 0 mod 2N and m(r)r1r2 ≡ 0 mod N

Proof : This is [Kub & Lang], Chapter 3, Theorem 4.1. 

Since we want to keep the property of Siegel functions being modular units, we m(r) m(r) m(r) 2 consider the product F := Q g = Q k ∆ 12 such that P m(r)a ≡ r (ar,br) r (ar,br) r P 2 P m(r)br ≡ m(r)arbr ≡ 0 mod 9, which is a modular unit on X(9). To see that

F is indeed a modular unit, consider the fact that the divisor of each of g(ar,br) is supported at the cusps. Hence so is for their products. Moreover,the above theorem

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 58 4.7. MODULAR UNITS AND SIEGEL FUNCTIONS

tells us that Q km(r) is of level Γ(9) and since ∆ is of level Γ(9), it follows that so r (ar,br) is F .

The next task is to find the set (ar, br) and corresponding m(r) ∈ Z that satisfy the quadratic relations. Elkies chooses one of the three orbits of the action of G on the cusps of X(9) and takes {(ar, br)} corresponding to the 12 cusps in the orbit. Moreover, this choice with m(r) = 1 for any r, indeed satisfies the quadratic relations. In addition, we have that g and g 0 0 are scalar multiples of (−ar,−br) (ar,br) 0 0 g(ar,br), where (ar, br) ≡ (ar, br) mod 9. Since the action of G on (ar, br) corre- sponding to the 12 cusps just permutes the elements, we have that the divisor of F is invariant under G. To check that F actually defines a function on X(9)/G, we need to check that F is in fact G invariant, i.e. F (gτ) = F (τ), for all g ∈ G, τ ∈ X(9). Since X(9)/G is of genus 0 and its function field is generated by a single transcendental function, we may as well pick F as this element. Hence there exists a homomor- ∗ phism χ : G → C such that F (gτ) = χ(g)F (τ), for any g ∈ G, τ ∈ X(9). Then Elkies claims that χ is trivial. To see this, take g = T˜, a 3-cycle in G and sup- pose χ(T˜) = 1. Then we have that (S˜T˜)3 = 1 implies (S˜T˜)2 = T˜−1S˜−1. So χ((S˜T˜)2) = χ(S˜T˜S˜T˜) = χ(S˜)2χ(T˜)2 = χ(S˜)2. But since (S˜T˜)2 = T˜−1S˜−1, this equals χ(T˜−1S˜−1) = χ(T˜)−1χ(S˜)−1 = χ(S˜)−1 and therefore χ(S˜)3 = 1 = χ(S˜3). However we know that S˜4 = I and thus χ(S˜4) = 1 = χ(S˜3)χ(S˜) = χ(S˜). We conclude that χ(S˜) = 1. If χ is not trivial, choose an element τ in the preimage of a fixed point on X(9) of T˜. Then since χ(T˜) 6= 1 and F (T˜ · τ) = χ(T˜)F (τ) = F (τ), we have that F (τ) = 0, which contradicts the fact that the divisor of F is supported at the cusps. As a result, χ is trivial and F (g · τ) = F (τ), i.e. F is a function on X(9)/G. To take into account the fact that the description of the cusps of X(9) that 2 2πiτ we have, live in (Z/9Z) , we let q9 := e 9 to be the local parameter and normalize b a 2πi n 9n F by setting qz := ζ q9 (where ζ = e 9 ). Hence qτ = q9 and the term having the 2 2 1 9 ( a − a + 1 ) 1 a 9 2 a 2 92 9 6 2 ( 9 −a+ 6 ) Bernoulli polynomial as an index now equals qτ B2( 9 ) = q9 = q9 . 1 a2 9 Putting α = 2 ( 9 − a + 6 ) (notice the misprint in [Elkies], p.4, paragraph 1, line 3), we have that

∞ α b a Y b 9n+a −b 9n−a g(a,b)(τ) = q9 (1 − ζ q9 ) (1 − ζ q9 )(1 − ζ q9 ) n=1

(in [Elkies], p.4, paragraph 1, line 2, this is the function denoted by s(a, b)).

We now move on to compute the q9-expansions of F about the 3 cusps ∞, 0, 1 of X(9)/G (denoted by F∞, F0, F1 respectively). This computation can be found

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 59 4.8. A RATIONAL STRUCTURE OF X(9)/G in Appendix - section 6.1, code 6 (lines 1-13). The results are the following:

−1 2 3 4 5 F∞ = q − 1 + c2q + c4q + (c1 + 2)q + c2q + O(q )

2 3 4 5 6 7 F0 = q + c1q + 2q + (c1 − c4 + 1)q + (c1 − c4 + 2)q + (−2c4 + 1)q + O(q )

2 3 4 5 6 F1 = 1+(−c1 +1)q +(−c1 +1)q −c2q +(c1 +2(c2 −1))q +(c1 +2c2 −1)q +O(q )

We notice that our result differs from the q9 expansion of F at ∞ in [Elkies] up to an automorphism σ ∈ Gal(K/Q) whose orbit on the triples c1, c2, c4 (where i −i ci := ζ + ζ ) is given by c1 7→ c4, c2 7→ c1, c4 7→ c2. We would then like to find the fractional linear transformations sending F∞ to F0 and F1 and consequently read the values of F at the two other cusps. So we write wF∞+x for this transformation and ∞ yF∞+z compute the values of w, x, y, z when the fractional linear transformation equals F0 and F1. The computation (in Appendix - section 6.1, code 6 (lines 14-34)) returns F = c4 and F = F∞+1−c1 . In particular, we see that the value of F at the 0 c4F∞+1 1 F∞ cusp 0 is −1 = c − 1 and at the cusp 1 is 0 (and of course at the cusp ∞, the c4 1 value of F is ∞). These values also indicate that F is not a Q-rational function on X(9)/G.

4.8 A rational structure of X(9)/G

As pointed out in sections 4.5 and 4.7, the rational function F : X(9)/G−→˜ 1 PC −1 has coefficients in K = Q(ζ + ζ ). However, we are interested in an isomorphism X(9)/G−→˜ 1 over . To solve this, we need to find a fractional linear transforma- PC Q tion A of 1 with coefficients in K, for which x = A ◦ F will be an automorphism of PC 1 changing the -structure such that j : X(1)−→ ˜ 1 is now rational in the variable PC Q PC x. To summarize, we need the following commutative diagram:

∗ H

∨ ∼ ∼ ∗ = 1 = 1 Γ¯G \ > > H F PC A PC

f ∨ ∨ ∼ ∗ = 1 PSL2( ) \ > Z H j PC

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 60 4.8. A RATIONAL STRUCTURE OF X(9)/G

If we regard j as a rational function of F , then it follows that j must have its poles at the values of F at the cusps, each with multiplicity 9 since the q9 expansion −9 9 of j looks like j = q9 + 744 + 196884q9 + ... (see Appendix - section 6.1, code 6 (lines 35-41)). Thus j as a rational function of F looks like

g(F ) j(F ) = 9 9 . F (F − (c1 − 1))

As a result, we now need to find g(F ). We do that by computing the q9 expansion 9 9 at ∞ of g = F (F −(c1 −1)) j and then find how does g(F ) looks like by comparing P∞ n 27 the q9 expansions of g = n=−27 cnq9 and b0 + b1F∞ + ... + b27F∞ . Observe 27 here that we stop at the coefficient of F∞ , since the local index of g(F ) equals g(F )−1(∞) = 3 · 9 = 27. The above expression gives a system of equations

27 b0,0 + b1,0a−27(F∞) + ... + b27,0a−27(F∞ ) = c−27 27 b0,1 + b1,1a−26(F∞) + ... + b27,1a−26(F∞ ) = c−26 ·· ·· ·· 27 b0,27 + b1,27a0(F∞) + ... + b27,27a0(F∞ ) = c0

i i (where ak(F∞) denotes the k-th coefficient of F∞ for some integer i). Solving this system for the unknowns b0, ..., b27 (see Appendix - section 6.1, code 6 (lines 42-45)) 27 we find that g(F ) = b0 + b1F∞ + ... + b27F∞ is a polynomial in F of degree 27 over g(F ) the field K. So writing j(F ) = 9 9 we have a rational function of degree F (F −(c1−1)) 27 in F that is defined over K. The last step is to find the linear fractional transformation A : 1 → 1 . As PC PC pointed out, F takes the values ∞, c1 − 1 and 0 at the cusps ∞, 0 and 1. Thus we would like A to send these values to the triple c1, c2, c4 which is a Gal(K/Q)-orbit in K. To summarize, we want the following:

Cusps of X(9)/G 1 1 PC PC FA

{∞, 0, 1} 7→ {∞, 0, c1 − 1} 7→ {c1, c2, c4} mapped in such a way such that the composite A ◦ F is Gal(K/Q)-equivariant.

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 61 4.8. A RATIONAL STRUCTURE OF X(9)/G

We choose the map ∞ 7→ c1

A : 0 7→ c4

c1 − 1 7→ c2

x ws+x w+ s To compute A, we write A(s) = = z . We want A(0) = c4, A(∞) = c1 and ys+z y+ s A(c1 − 1) = c2, which give the following equations: x = c ⇒ x − c z = 0 (4.1) z 4 4 w = c ⇒ w − c y = 0 (4.2) y 1 1

w(c1 − 1) + x = c2 ⇒ w(c1 − 1) + x − c2(c1 − 1)y − c2z = 0 (4.3) y(c1 − 1) + z In a - section 6.1, code 6 (lines 46-55), we compute that

5 2 5 2 (−ζ − ζ + ζ)t + ζ + ζ − ζ + 1 c1t + 1 − c1 A = 5 4 2 = . t + 2ζ − ζ + 3ζ − 3ζ + 3 t − 2c1 + c2 + 3

g(t) 1 1 We are now in a very strong position, since we may compose 9 9 : → t (t−(c1−1)) PC PC with the inverse automorphism A−1 : 1 → 1 and get the function PC PC

g(t) −1 1 1 f := 9 9 ◦ A : PC → PC. t (t − (c1 − 1))

g(t) −1 g(F ) Then f as a function of x := A◦F equals to 9 9 ◦A (A(F )) = 9 9 = t (t−(c1−1)) F (F −(c1−1)) j(F ) and indeed f is defined over Q. We compute this explicitly in Appendix - sec- tion 6.1, code 6 (lines 56-57);

−37 · 5 · 212(x − 2)3x3(x3 − 12 x2 + 6 x − 1 )(x6 − 21 x5 + 177 x4 − 187 x3 + 105 x2 − 15 x + 1 )3 f(x) = 5 5 5 4 16 16 16 8 4 . (x3 − 3x + 1)9

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 4.9. THE UNIVERSAL ELLIPTIC CURVE AND AN ALTERNATIVE 62 APPROACH

4.9 The universal elliptic curve and an alternative ap- proach

As we saw in section 4.8 the function f(x): X(9)/G =∼ 1 → 1 is -rational and PC PC Q is equal to the j-function applied to the projection map X(9)/G → X(1). Hence we can write down explicitly the equations of the elliptic curves over Q parametrized by X(9)/G using the universal elliptic curve:

27f(x) 27f(x) E : y2 = 4z3 − z − . f(x) f(x) − 1728 f(x) − 1728

This elliptic curve has j-invariant equal to f(x). So if we restrict f(x): 1 → 1 , PQ PQ then we get that the elliptic curve Ef(x) is defined over Q. Moreover, any elliptic curve E/Q that has ρ3,E surjective mod 3 and not mod 9 is isomorphic to an elliptic curve of the form E for some x ∈ 1 . f(x) PQ So we now have an explicit description of the elliptic curves over Q satisfying the above condition. However, given an elliptic curve E/Q, how can one decide whether ρ3,E is surjective mod 3 and not mod 9? The first thing we could do is to compute its j-invariant and check whether this value lies in the image of the function f(x), for some x ∈ 1 . However, this is a hard task since f(x) is a rational PQ function in x of degree 27. Elkies in his paper determines all non-zero integral values of f(x) (that we also obtain in Appendix - section 6.1, code 6 (line 58) for different values of x since Elkies uses a different set of representatives for the cusps of X(9)/G when he writes down the function f(x)). In fact, he proves that the following table contains all of the integral values of f(x): (In this table we denote by a vector 2 3 2 [a1, a2, a3, a4, a6] the elliptic curve E : y + a1xy + a3y = x + a2x + a4x + a6 and

NE its conductor)

x j = f(x) E NE ∞ 4374 [0, 0, 0, −27 − 42] 2335 −2 419904 [0, 0, 0, −162, 792] 2835 0 −44789760 [0, 0, 1, −135, −604] 3552 −1 5 5 2 15786448344 [0, 0, 0, −5427, 153882] 2 3 2 24992518538304 [0, 0, 0, −201042, 34695912] 2835172 −3 3 5 2 2 −92515041526500 [0, 0, 0, −1126035, 459913278] 2 3 19 −1 5 2 2 3 −70043919611288518656 [0, 0, 1, −1127379978, −14569799990728] 3 97 101

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q 4.9. THE UNIVERSAL ELLIPTIC CURVE AND AN ALTERNATIVE 63 APPROACH

An alternative approach to this question comes from the fact that at primes p - 3NE, tr ρ3,E(Frobp) = ap(E) and det ρ3,E(Frobp) = p (see Theorem 3.9) and the following result:

Theorem 4.9 Jordan’s theorem: Suppose A is a finite group and B a subgroup of A such that every element of A is conjugate to an element of B. Then B = A.

Proof : Since every element of A is conjugate to an element of B, we can write −1 A = ∪g∈Ag Bg. In fact, since the action of conjugation is a group automorphism, −1 we can do even better and write A = ∪g∈B\Ag Bg, for g now being a coset of B\A. But then we have that |g−1Bg| = |B| and hence |A| = |B\A||g−1Bg|. However, the −1 sets {g Bg}g∈B\A have non-empty intersection because they all contain the identity element. Thus the only way the above equation can hold is when |B\A| = 1 and B = A. 

So to test whether a subgroup A is contained in the image ofρ ¯3,E, it suffices to compute the traces of all the elements of A (denote this set by trA) and check whether tr ρ3,E(Frobp) mod 9 surjects on trA for different primes p - 3NE such thatρ ¯3,E(Frobp) mod 9 is an element of A (where in the case of A = SL2(Z/9Z), det ρ3,E(Frobp) ≡ 1 mod 9). If it does, then since every element of A is conjugate to an element with trace in the set trA, we can conclude using the above theorem that

ρ¯3,E mod 9 surjects on A. Of course this does not account for an effective algorithm since we cannot prove that it terminates at a certain prime.

Chapter 4. Surjectivity of Galois representations of elliptic curves over Q Chapter 5

Conclusion

In this essay we have been successful with the objective been set at the beginning; that is to give a clear exposition of the densely written paper of Elkies [Elkies], expanding on the major tools being used. One of the main reasons this paper has driven the need to do as such, is a possible error in the function

37(x2 − 1)3(x6 + 3x5 + 6x4 + x3 − 3x2 + 12x + 16)3(2x3 + 3x2 − 3x − 5) f(x) = − . (x3 − 3x − 1)9

Due to the nature of this paper, spotting where a possible error has occurred was quite not possible. Hence we decided to recalculate everything step by step from the beginning and give a new equation of f(x), that is

−37 · 5 · 212(x − 2)3x3(x3 − 12 x2 + 6 x − 1 )(x6 − 21 x5 + 177 x4 − 187 x3 + 105 x2 − 15 x + 1 )3 f(x) = 5 5 5 4 16 16 16 8 4 . (x3 − 3x + 1)9

As a result, even in the case where we have performed an error in our calculations, spotting the error is now a much easier task. It has been mentioned in chapter 1 that the case of the surjectivity of 2-adic Galois representations attached to elliptic curves over Q, has been studied in the paper [Dokchitser]. However, the methods being used there are quite different from Elkies’ methods; in particular the theory of modular curves is not being used at all and no explicit parametrization via the j-invariant exists. As a result, a natural development of this essay would be to use Elkies’ methods and modular curves to

find an explicit parametrization of elliptic curves over Q that satisfyρ ¯2,E surjective mod 2 and not mod 4, or even the case whereρ ¯2,E is surjective mod 4 and not mod 8. This would involve finding maximal proper subgroups (call such a subgroup G)

of SL2(Z/4Z) that surject on SL2(Z/2Z) (or maximal subgroups of SL2(Z/8Z) that

Chapter 5. Conclusion 65

surject on SL2(Z/4Z)) and investigating the modular curve X(2)/G. Essentially this would require easier calculations than the X(9)/G case, however one could run into several problems such as the group G not being unique up to conjugacy (in which case one would need to consider the modular curves X(2)/G for any such G up to conjugacy) or even that X(2)/G may not have a model over Q. It is however a fun problem that due to lack of time we did not include in this dissertation. Another possible development of this essay would have been to investigate the surjectivity of Galois representations attached to elliptic curves over number fields. This is however, a much harder problem (see for example [Greicius])

Chapter 5. Conclusion Chapter 6

Appendix

6.1 Code

In this section we give the code we have used for computations on a computer. The computer programs used are namely SAGE, MAGMA and GAP.

1. // This code written in SAGE computes the first 50 terms of // the q-expansion of the basis vector of the 1-dimensional

// space of cusp forms S2(Γ0(11))

S = CuspForms(Gamma0(11),2); S; Cuspidal subspace of dimension 1 of Modular Forms space of dimension 2 for Congruence Subgroup Gamma0(11) of weight 2 over Rational Field

f=S.basis()[0];

f.q expansion(50); q - 2*q^2 - q^3 + 2*q^4 + q^5 + 2*q^6 - 2*q^7 - 2*q^9 - 2*q^10 + q^11 - 2*q^12 + 4*q^13 + 4*q^14 - q^15 - 4*q^16 - 2*q^17 + 4*q^18 + 2*q^20 + 2*q^21 - 2*q^22 - q^23 - 4*q^25 - 8*q^26 + 5*q^27 - 4*q^28 + 2*q^30 + 7*q^31 + 8*q^32 - q^33 + 4*q^34 - 2*q^35 - 4*q^36 + 3*q^37 - 4*q^39 - 8*q^41 - 4*q^42 - 6*q^43 + 2*q^44 - 2*q^45 + 2*q^46 + 8*q^47 + 4*q^48 - 3*q^49 + O(q^50)

2. // This code written in SAGE computes the trace of the 2 3 2 // Frobenius of the elliptic curve E/Q : y + y = x − x − 10x − 20 // of conductor 11 at primes up to 50

Chapter 6. Appendix 67 6.1. CODE

// Access Cremona’s database of elliptic curves with conductor // up to 10000 using the variable c c = CremonaDatabase(); c; Cremona’s database of elliptic curves

// List all elliptic curves in the database of conductor 11 c.allcurves(11); {’a1’: [[0, -1, 1, -10, -20], 0, 5], ’a3’: [[0, -1, 1, 0, 0], 0, 5], ’a2’: [[0, -1, 1, -7820, -263580], 0, 1]}

// List all primes up to 50 and assign to the variable a n=1; a=[]; while n<50 : if (n in Primes()) : a.append(n); n=n+1; a; [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47]

// Compute the trace of the Frobenius of the elliptic curve // ’a1’: [0, -1, 1, -10, -20] of conductor 11 at each prime // in the list a b=[]; i=0; n=a[0]; for n in a : n=a[i] ; if (n <> 3) & (n <> 11): E = EllipticCurve(GF(n), [0, -1, 1, -10, -20]) ; t = E.trace of frobenius(); b.append(t % 9) ; i=i+1 ; b ; [7, 1, 7, 4, 7, 0, 8, 0, 7, 3, 1, 3, 8]

3. // This code written in GAP computes the maximal subgroups // of SL2(Z/9Z), their orders, // as well as the order of their image in SL2(Z/3Z)

// Assign to the variable A the group SL2(Z/9Z) A:= SL(2,ZmodnZ(9)); SL(2,Z/9Z)

Chapter 6. Appendix 68 6.1. CODE

// Compute the conjugacy classes of // the maximal subgroups of A ConjugacyClassesMaximalSubgroups( A ); [ Group([ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 4, 9 ) ], [ ZmodnZObj( 1, 9), ZmodnZObj( 2, 9 ) ] ], [ [ ZmodnZObj( 3, 9 ), ZmodnZObj( 8, 9 ) ], [ ZmodnZObj( 1, 9), ZmodnZObj( 6, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 7, 9 ) ] ] ])^G, Group([ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 7, 9 ) ], [ ZmodnZObj( 6, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 7, 9 ) ] ] ])^G, Group([ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 7, 9 ) ], [ ZmodnZObj( 6, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 4, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 2, 9 ) ] ], [ [ ZmodnZObj( 3, 9 ), ZmodnZObj( 8, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ] ])^G ]

// Assign to variables G1, G2, G3 the first, second and third // conjugacy class of maximal subgroup of A

Chapter 6. Appendix 69 6.1. CODE

G1:= Group( [ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 4, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 2, 9 ) ] ], [ [ ZmodnZObj( 3, 9 ), ZmodnZObj( 8, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 7, 9 ) ] ] ]);

G2:= Group([ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 7, 9 ) ], [ ZmodnZObj( 6, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 3, 9 ) ], [ ZmodnZObj( 3, 9 ), ZmodnZObj( 7, 9 ) ] ] ]);

G3:= Group([ [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 7, 9 ) ], [ ZmodnZObj( 6, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 7, 9 ), ZmodnZObj( 4, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 2, 9 ) ] ], [ [ ZmodnZObj( 3, 9 ), ZmodnZObj( 8, 9 ) ], [ ZmodnZObj( 1, 9 ), ZmodnZObj( 6, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 8, 9 ) ] ] ]);

// Compute the order of G1, G2, G3 Order(G1); 216

Chapter 6. Appendix 70 6.1. CODE

Order(G2); 162

Order(G3); 24

// Assign to the variable B the group SL2(Z/3Z) B:= SL(2,ZmodnZ(3)); SL(2,3)

// Assign to the variables H1, H2, H3 the images of the groups // G1, G2, G3 in SL2(Z/3Z) H1:= Subgroup(B,[[[ ZmodnZObj( 1, 3 ), ZmodnZObj( 1, 3 ) ], [ ZmodnZObj( 1, 3 ), ZmodnZObj( -1, 3 ) ] ], [ [ ZmodnZObj( 0, 3 ), ZmodnZObj( -1, 3 ) ], [ ZmodnZObj( 1, 3 ), ZmodnZObj( 0, 3 ) ] ], [ [ ZmodnZObj( -1, 3 ), ZmodnZObj( 0, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( -1, 3 ) ] ], [ [ ZmodnZObj( 1, 3 ), ZmodnZObj( 0, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( 1, 3 ) ]]] );

H2:= Subgroup(B,[[[ ZmodnZObj( 1, 3 ), ZmodnZObj( 1, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( 1, 3 ) ] ], [ [ ZmodnZObj( -1, 3 ), ZmodnZObj( 0, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( -1, 3 ) ] ], [ [ ZmodnZObj( 1, 3 ), ZmodnZObj( 0, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( 1, 3 ) ]]] );

H3:= Subgroup(B,[[[ ZmodnZObj( 1, 3 ), ZmodnZObj( 1, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( 1, 3 ) ] ], [ [ ZmodnZObj( 1, 3 ), ZmodnZObj( 1, 3 ) ], [ ZmodnZObj( 1, 3 ), ZmodnZObj( -1, 3 ) ] ], [ [ ZmodnZObj( 0, 3 ), ZmodnZObj( -1, 3 ) ], [ ZmodnZObj( 1, 3 ), ZmodnZObj( 0, 3 ) ] ], [ [ ZmodnZObj( -1, 3 ), ZmodnZObj( 0, 3 ) ], [ ZmodnZObj( 0, 3 ), ZmodnZObj( -1, 3 ) ]]] );

Chapter 6. Appendix 71 6.1. CODE

// Compute the order of the groups H1, H2, H3 Order(H1); 8

Order(H2); 6

Order(H3); 24

4. // This code written in GAP constructs the group G0 ! a b // and lists its elements of the form 0 1

// Assign to the variable A the group GL2(Z/9Z) A:=GL(2, ZmodnZ(9)); GL(2,Z/9Z)

// Construct the group G0 G’:= Subgroup(A, [ [ [ ZmodnZObj( 0, 9 ), ZmodnZObj( 4, 9 ) ], [ ZmodnZObj( 2, 9 ), ZmodnZObj( 0, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 1, 9 ) ], [ ZmodnZObj( -3, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 2, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 2, 9 ) ] ], [ [ ZmodnZObj( 4, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( -1, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( -4, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 4, 9 ) ] ], [ [ ZmodnZObj( -2, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 2, 9 ) ] ]]); G’;

Chapter 6. Appendix 72 6.1. CODE

! a b // Return a list of elements of the form 0 1 // in the group G0 alpha:=[]; i:=0; while i in [0..8] do j:=0; while j in [0..8] do if [ [ ZmodnZObj( i, 9 ), ZmodnZObj( j, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ] in G’ then Add(alpha,[ [ ZmodnZObj( i, 9 ), ZmodnZObj( j, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ] ); fi; j:= j+1 ; od; i:= i+1 ; od; alpha; [ [ [ ZmodnZObj( 1, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ], [ [ ZmodnZObj( 8, 9 ), ZmodnZObj( 0, 9 ) ], [ ZmodnZObj( 0, 9 ), ZmodnZObj( 1, 9 ) ] ] ]

5. // This code written in SAGE constructs the

// congruence subgroup ΓG // via a description of the permutations // L=[1, 1, 0, 1] and R=[1, 0, 1, 1] // acting by right multiplication on the set // of cosets G \ SL2(Z) // and computes its projective index as well as // the number of elliptic points of periods 2 and 3 // (Note that SAGE at the current time has no other way of // constructing an arbitrary congruence subgroup other

// than Γ0(N), Γ1(N), Γ(N))

// Assign to the variable G the symmetric group on 27 letters G = SymmetricGroup(27);

// Write L and R as permutations in G

Chapter 6. Appendix 73 6.1. CODE

L= G("(1,10,25,12,22,15,26,14,5) (2,4,16,18,21,27,20,9,8) (3,7,19,17,6,13,24,23,11)"); L; (1,10,25,12,22,15,26,14,5)(2,4,16,18,21,27,20,9,8) (3,7,19,17,6,13,24,23,11)

R= G("(1,7,8,19,27,20,17,18,6) (2,10,22,23,15,5,16,21,9) (3,4,13,26,14,24,11,25,12)"); R; (1,7,8,19,27,20,17,18,6)(2,10,22,23,15,5,16,21,9) (3,4,13,26,14,24,11,25,12)

// Construct ΓG GammaG= ArithmeticSubgroup Permutation(L, R); GammaG ; Arithmetic subgroup corresponding to permutations L=(1,10,25,12,22,15,26,14,5)(2,4,16,18,21,27,20,9,8) (3,7,19,17,6,13,24,23,11), R=(1,7,8,19,27,20,17,18,6)(2,10,22,23,15,5,16,21,9) (3,4,13,26,14,24,11,25,12)

// Test whether Γ(9) is a subgroup of ΓG Gamma(9).is subgroup(GammaG) ; True

// Compute the projective index of ΓG GammaG.projective index() ; 27

// Compute the number of elliptic points of ΓG of period 2 GammaG.nu2() ; 3

// Compute the number of elliptic points of ΓG of period 3 GammaG.nu3() ; 3

6. // This code written in MAGMA carries out the computations // needed in sections 4.7 and 4.8. // We use line numbering and reference where needed in the // context with the appropriate line numbering

Chapter 6. Appendix 74 6.1. CODE

// Define the cyclotomic field K in the variable z // by adjoining a 9-th root of unity to the rationals 1) K:= CyclotomicField(9);

// Define the Laurent series ring R with coefficients in the 50 // field K with precision up to the term q9 2) R:=LaurentSeriesRing(K,50);

// Assign to the variable alpha the function in the 1 a // variable a that computes the Bernoulli polynomial 2 B2( 9 ) 3) alpha := func< a,b | 1/2*((a^2)/9 - a + 9/6) >;

// Assign to the variable r the function in variables a,b that // computes the product of the first 11 terms in the infinite α // product of the function ga,b(τ) ommiting the first term q9 4) r := func;

// The q9-expansion of F at the cusp infinity, F∞ 5) F1:=q^(alpha(1,0)+alpha(2,1)+alpha(3,1)+alpha(6,1)+alpha(7,1)+alpha(0,2) + alpha(4,3)+alpha(5,3)+alpha(2,4)+alpha(4,4)+alpha(5,4)+alpha(7,4)) *r(1,0)*r(2,1)*r(3,1)*r(6,1)*r(7,1)*r(0,2)*r(4,3)*r(5,3)*r(2,4)*r(4,4) *r(5,4)*r(7,4); 6) F1/:= LeadingCoefficient(F1);

// The q9-expansion of F at the cusp 0, F0 7) F2:=q^(alpha(0,1)+alpha(4,0)+alpha(1,2)+alpha(2,2)+alpha(7,2)+alpha(8,2) +alpha(2,3) + alpha(7,3)+alpha(1,4)+alpha(3,4)+alpha(6,4)+alpha(8,4)) *r(0,1)*r(4,0)*r(1,2)*r(2,2)*r(7,2)*r(8,2)*r(2,3)*r(7,3)*r(1,4)*r(3,4) *r(6,4)*r(8,4); 8) F2/:= LeadingCoefficient(F2);

// The q-expansion of F at the cusp 1, F1 9) F3:=q^(alpha(2,0)+alpha(1,1)+alpha(4,1)+alpha(5,1)+alpha(8,1)+alpha(3,2) +alpha(4,2)+alpha(5,2)+alpha(6,2)+alpha(1,3)+alpha(8,3)+alpha(0,4)) *r(2,0)*r(1,1)*r(4,1)*r(5,1)*r(8,1)*r(3,2)*r(4,2)*r(5,2)*r(6,2)*r(1,3)

Chapter 6. Appendix 75 6.1. CODE

*r(8,3)*r(0,4); 10) F3/:= LeadingCoefficient(F3);

−1 // Check that F∞, F0 and F1 have coefficients in Q(ζ + ζ ) 11) L:=sub; 12) RR:=LaurentSeriesRing(L,50); 13) F1 in RR; F2 in RR; F3 in RR;

// The following code is to compute the fractional linear transformations

// sending F∞ to F0 and F1

// Define the function field Kwxyz of K in the variables w,x,y,z 14) Kwxyz := FunctionField(K,4);

// Assign to RR in variable qq the // Laurent Series over Kwxyz with precision of 4 terms 15) RR := LaurentSeriesRing(Kwxyz,4);

// Assign to the variable FF the fractional linear transformation

// in variables w,x,y,z and F∞ 4 // that returns the q9 expansion of FF up to the term q9 16) FF := (w * RR!F1 + x) / (y * RR!F1 + z);

// Define the function findratlin in the variable F that computes // the values of the variables w,x,y,z when F is assigned // to F 0 or F 1 17) findratlin := function(F) // Define the projective space P 3 Q(ζ9) 18) P3 := ProjectiveSpace(K,3); // List the difference of the coefficients of the function 3 // FF and F up to the term q9 19) coeffs := [ Coefficient(FF,i) - Coefficient(F,i) : i in [0..3] ]; // Define the scheme in P 3 that is defined as the Q(ζ9) // zero locus of the numerators of // the entries of the list coeffs 20) X := Scheme(P3, [ Numerator(c) : c in coeffs] );

Chapter 6. Appendix 76 6.1. CODE

// Define the scheme in P 3 that is defined as the Q(ζ9) // zero locus of the denominators of // the entries of the list coeffs 21) Y := Scheme(P3, [ Denominator(c) : c in coeffs] ); // Find the set-theoretic difference of the two sets X and // Y and reassign to the variable X 22) X := Difference(X,Y); // Check that the scheme X is 0 dimensional 23) assert Dimension(X) eq 0; // Find the set of rational points of X that do not belong // to Y and assign to the variable pts 24) pts := { P : P in RationalPoints(X) | P notin Y }; // Check that the set pts has cardinality 1 25) assert # pts eq 1; // Assign to the variable P the unique element of the set pts 26) P := Rep(pts); // The function findratlin outputs a matrix with entries // the coordinates of the variable P in the field Q(ζ9) // The entries (ai,j) of this matrix correspond to

// a1,1 = w, a1,2 = x, a2,1 = y, a2,2 = z 27) return Matrix(K, [[P[1],P[2]],[P[3],P[4]]]); 28) end function;

// Evaluate the function findratlin in F0 29) M2:=findratlin(F2); M2;

// Evaluate the function findratlin in F1 30) M3:=findratlin(F3); M3;

// Compute the value of F at the cusp 0 and check that −1 // it lies in the field Q(ζ + ζ ) 31) x2 := -M2[2,2]/M2[2,1]; 32) x2 in L;

// Compute the value of F at the cusp 1 and check that −1 // it lies in the field Q(ζ + ζ ) 33) x3 := -M3[2,2]/M3[2,1];

Chapter 6. Appendix 77 6.1. CODE

34) x2 in L;

// The following code is to compute the q9 expansion of // the j-function

// Compute the space of modular forms of level 1 and // weight 4 and 6, with precision of 50 terms 35) M4:=ModularForms(1,4); SetPrecision(M4,50); 36) M6:=ModularForms(1,6); SetPrecision(M6,50);

// Compute the basis of M4 and M6 which are

// the Eisenstein series E4 and E6 37) E4:=Basis(M4)[1]; E6:=Basis(M6)[1];

// Define the Laurent series ring S with coefficients in the // rationals with precision up to the term q50 38) S:=LaurentSeriesRing(Rationals(),50);

// Define the Eisenstein series E4 and E6 as elements of S 39) E4:= S!PowerSeries(E4); E6:= S!PowerSeries(E6);

// Compute the q-expansion of the j-function 40) j := 1728*(E4^3) / (E4^3 - E6^2);

// Compute the q9-expansion of the j-function 41) j := Evaluate(j, q^9);

// The following code computes the function g(F ) // as a polynomial in F of degree 27 with −1 // coefficients in the field Q(ζ + ζ )

−1 // Define the function g which is defined over Q(ζ + ζ ) 42) g := (F1 - x2)^9 * (F1 - x3)^9 * j;

j−1 // Define the 28×28 matrix with entries (a−28+i(F∞) )i,j (See section 4.8)

Chapter 6. Appendix 78 6.1. CODE

43) M := Matrix([[ Coefficient(F1^j, i) : i in [-27..0] ] : j in [0..27] ]);

// Define the 28×1 vector with entries (c−28+i)i,1 (See section 4.8) 44) v := Vector([ Coefficient(g, i) : i in [-27..0]]);

// Solve the system Mx=v, where x is the 28 × 1 vector

// with entries (bi−1)i,1, which are // the coefficients of the polynomial g(F ) 45) x := Solution(M,v);

// Define the function field of Q(ζ9) 46) := FunctionField(K);

// Assign to variable g the polynomial g(F ) 47) g := & +[ x[j+1] * t^j : j in [0..27] ];

g(t) // Define the function ff := 9 9 t (t−(c1−1)) 48) ff := g / ((t-x2)^9 * (t-x3)^9);

// This part of the code computes the // fractional linear transformation A

// Define the cyclotomic field K in the variable z // by adjoining a 9-th root of unity to the rationals 49) K := CyclotomicField(9);

// Define the Galois orbit in Q(ζ), c1, c2, c4 in the field K 50) c1 := K!(z + 1/z); c2 := K!(z^2 + 1/z^2); c4 := K!(z^4 + 1/z^4);

// Define the projective space P 3 in the variables w,x,y,z Q(ζ9) 51) P3 := ProjectiveSpace(K,3);

// Define the scheme in P3 that is defined as the // zero locus of the equations 4.1,4.2,4.3 in section 4.8 52) X := Scheme(P3, [x - c4*z, w - c1*y, w*(c1-1)+x-c2*(c1-1)*y-c2*z ]);

Chapter 6. Appendix 79 6.1. CODE

// Check that X has dimension 0 53) assert Dimension(X) eq 0;

// Assign to P=(w,x,y,z) the unique rational point of X 54) P := Rep(RationalPoints(X));

// Compute the function A 55) A:= (P[1]*t+P[2])/(P[3]*t+P[4]);

// Compute A−1 56) A inverse := (P[4]*t - P[2]) / (-P[3]*t + P[1]);

// Compute the function f := ff ◦ A−1 and // assign it to the variable f 57) f := Evaluate(ff,A inverse); f;

// Compute the integral values of f(x) a // for values of x = b such that // a ∈ {−20, ..., 20}, b ∈ {1, ..., 20} 58) { j : a in [-20..20], b in [1..20] | Denominator(j) eq 1 where j is Evaluate(ff,a/b) };

Chapter 6. Appendix 80 6.2. THE REDUCTION MAP SL2(Z) → SL2(Z/NZ) IS SURJECTIVE

6.2 The reduction map SL2(Z) → SL2(Z/NZ) is surjec- tive

Lemma 6.1 The reduction mod N map SL2(Z) → SL2(Z/NZ) is surjective.

! a b Proof : Let ∈ SL2(Z/NZ). Then ad − bc ≡ 1 mod N and if fc = fd ≡ 0 c d mod N for some f ∈ Z/NZ, then f(ad−bc) = f ≡ 0 mod N. Hence c, d are coprime 2 mod N. Next we show that the pair (c, d) has a lift (c0, d0) ∈ Z such that c0, d0 are coprime. Take an arbitrary lift c1 of c0 and d0 in Z. Without loss of generality we may assume that d0 6= 0 (by adding a multiple of N). If p is a prime dividing d0 then p does not divide both c1 and N since otherwise c, d would not be coprime N mod N (just take f = p in previous argument which gives f 6≡ 0 mod N). ( 0, if p - c1 Define cp := c1 + tpN, where tp := 1, otherwise Then p does not divide cp and by the Chinese remainder theorem we can find a t ∈ Z such that t ≡ tp mod p, for every prime p dividing d0. Put c0 := c + tN. Then 2 (c0, d0) is a coprime pair in Z that reduces to (c, d) mod N. ! a + xN b + yN We can now consider the matrix , where x, y ∈ Z are c0 d0 chosen as follows; the determinant of this matrix equals (ad0 − bc0) + N(xd0 − yc0).

Since c0, d0 are coprime, we can find integers x0, y0 such that x0d0 − y0c0 = 1 and

N(x0d0 − y0c0) = N. But ad0 − bc0 ≡ 1 mod N and thus ad0 − bc0 = 1 + wN for some w ∈ Z. However, wN = N(wx0d0 − wy0c0) and letting x := wx0, y := wy0, we have that (ad0 − bc0) + N(xd0 − yc0) = 1 + wN − wN = 1. So the matrix ! ! a + xN b + yN a b lives in SL2(Z) and reduces to ∈ SL2(Z/NZ).  c0 d0 c d

Chapter 6. Appendix Bibliography

[B C D T] Christophe Breuil, Brian Conrad, Fred Diamond and Richard Taylor. On the modularity of elliptic curves over Q: wild 3-adic exercises. J. Amer. Math. Soc. 14 (2001), no. 4, 843–939 (electronic).

[Dia & Shur] F. Diamond & J. Shurman. A first course in modular forms. Vol. 228. Graduate Texts in Mathematics. Springer, New York, 2005.

[Dokchitser] Tim and Vladimir Dokchitser. Surjectivity of mod 2n representations of elliptic curves. arXiv:1104.5031v1 [math.NT] 26 Apr 2011.

[Elkies] Noam D. Elkies. Elliptic curves with 3-adic Galois representation surjective mod 3 but not mod 9. arXiv:math/0612734v1 [math.NT] 23 Dec 2006.

[Greicius] Aaron Greicius, Elliptic curves with surjective global Galois repre- sentation, Ph.D. thesis, University of California, Berkeley, 2007.

[Hartshorne] Robin Hartshorne. Algebraic Geometry. Vol.52. Graduate Texts in Mathematics. Springer-Verlag, 1977.

[Knapp] Anthony W. Knapp. Elliptic curves. Mathematical Notes 40. Prince- ton University Press. Princeton, New Jersey, 1992.

[Kub & Lang] Daniel S. Kubert, Serge Lang. Modular units. Vol.244. A Series of Comprehensive Studies in Mathematics. Springer-Verlag, New York, 1981.

[Neukirch] J¨urgen Neukirch. Algebraic Number Theory. English translation. Vol.322. Springer-Verlag, Berlin, Heidelberg, 1999.

[Serre 1] Jean-Pierre Serre. A course in arithmetic. Vol.7. Graduate Texts in Mathematics. Springer-Verlag, 1973.

Chapter 6. BIBLIOGRAPHY 82 BIBLIOGRAPHY

[Serre 2] Jean-Pierre Serre. Abelian l-Adic Representations and Elliptic curves. Wellesley, Mass.: A.K. Peters, 1997.

[Silverman 1] Joseph H. Silverman. The Arithmetic of Elliptic Curves. Vol.106. Graduate Texts in Mathematics. Springer-Verlag, 1986.

[Silverman 2] Joseph H. Silverman. Advanced topics in the Arithmetic of Elliptic Curves. Vol.151. Graduate Texts in Mathematics. Springer-Verlag, 1994.

Chapter 6. BIBLIOGRAPHY