sign in sign up
<<
Home , Weil conjectures

1 Elliptic Curves Over Finite Fields 1.1 Introduction Definition 1.1. Elliptic curves can be defined over any field K; the formal definition of an is a non- singular (no cusps, self-intersections, or isolated points) projective over K with genus 1 with a given point defined over K. If the characteristic of K is neither 2 or 3, then every elliptic curve over K can be written in the form

y2 = x3 − px − q where p,q ∈ K such that the RHS does not have any double roots. If the characteristic of K is 3, then the most general equation is of the form

2 3 2 y = 4x + b2x + 2b4x + b6 such that RHS has distinct roots.

In characteristic 2, the most general equation is of the form

2 3 2 y + a1xy + a3y = x + a2x + a4x + a6 provided that the variety it defines is non-singular. Definition 1.2. A is a point whose coordinates lie in K. W denote the set of rational points as E(K) and this set forms a group.

1.2 Isogenies

Definition 1.3. A non-constant morphism φ : E1 → E2 between elliptic curves such that φ(O) = O is called an isogeny. Let φ : E1 → E2 be an isogeny. Then there is a unique isogeny φˆ : E2 → E1 satisfying φˆ ◦ φ = [degφ]. φˆ is called the dual of φ. Remark. In the above statement, [n] denotes the isogeny which adds n times.

q q If E is defined over Fq and πq,E : E → E is the Frobenius morphism (x,y) 7−→ (x ,y ), then E(Fq) = ker(1 − πq,E ). As we noted, an isogeny has finite kernel.

Lemma 1.1. Let E1 and E2 be isogenous elliptic curves defined over Fq. Then #E1(Fq) = #E2(Fq).

Proof. Any isogeny φ : E1 → E2 commutes with the Frobenius map on E1 and E2. Now, φ is surjective. So we have −1 y ∈ E2(Fq) ⇔ πq,E2 (φ(x)) = φ(x) ⇔ x ∈ ker((1 − πq,E2 )φ). Now, each φ (y) has degsep φ elements. Thus, #E2(Fq) = ker((1−πq,E2 )φ)/degsep φ = #ker(φ(1−πq,E2 ))/degsep φ = #ker(φ(1−πq,E1 ))/degsep φ = degsep(1− φq,E1 ) = #E1(Fq). Recall the following useful facts on degrees and dual maps

(i) φ\+ ψ = φˆ + ψˆ (ii) [nˆ] = [n] (iii) deg[n] = n2 (iv) degφˆ = degφ

(v) φˆ = φ (vi) deg(−φ) = deg(φ)

(vii) d(φ,ψ) := deg(φ + ψ) − degφ − degψ is symmetric, bilinear on Hom(E1,E2), where Ei is an elliptic curve. (viii) degφ > 0 for any isogeny φ 1.3 for Elliptic Curves

For an elliptic curve E defined over a finite field Fq, the most obvious parameter is the number of points in E(Fq). Theorem 1.1. (Riemann hypothesis for elliptic curves (Hasse, 1934)) Let E be an elliptic curve defined over Fq. Then

n n/2 |#E(Fqn ) − 1 − q | 6 2q ∀n > 1

πq q Proof. Choose a Weierstrass equation with coefficients in Fq. Since Gal(Fq/Fq) is topologically generated by x 7−→ x , n a point P of E(Fq) lies in E(Fq) if and only if πq,E (P) = P. Thus P ∈ E(Fqn ) if and only if πq,E (P) = P, i.e., n n E(Fqn ) = ker(1−πq,E ). Now 1−πq,E is a separable morphism (since its differential is the identity). Thus, #E(Fqn ) = n deg(1−πq,E ). We noted that, for any two elliptic curves over a field, the function d : Hom(E1,E2)×Hom(E1,E2) → Z, (φ,ψ) 7−→ deg(φ +ψ)−degφ −degψ is a positive definite bilinear form. By the Cauchy-Schwarz inequality, we get

n n q n |deg(1 − πq,E ) − deg1 − degπq,E | 6 2 deg1degπq,E i.e.

n n/2 |#E(Fqn ) − 1 − q | 6 2q

1.4 The Weil

Let Kn = Fqn . If V is a , we want to keep account of #V(Kn). We can do this by using the zeta function of V and it is defined as the formal power series ! ∞ T n Z(V/K1 : T) = exp ∑ #V(Kn) n=1 n Note that 1 dn #V(K ) = logZ(V/K ,T)| n (n − 1)! dT n 1 T=0 T n The reason for defining the zeta function in this manner is that the series ∑n>1 #V(Kn) n often looks like the log of a of T.

Let V be any smooth projective variety of dimension n, defined over K1 = Fq. Then: • Rationality

Z(V/K1;T) ∈ Q(T) • Functional conjecture There exists an integer χ such that

 1  Z V/K ; = ±qnχ/2T χ Z(V/K ;T) 1 qnT 1

• Factorization There exists a factorization

P (T)P (T)···P (T) Z = 1 3 2n−1 P0(T)P2(T)···P2n−2(T)P2n(T) n with P0(T) = 1 − T, P2n(T) = 1 − q T, each Pi(T) ∈ Z[T] and

 1   −1 bi Pi = P n−i(T) qnT 2 Tqn−i/2

where bi = degPi = degP2n−i • Riemann hypothesis −i/2 Each root of Pi(T) satisfies |α| = q

The conjecture was proven in its entirety by the efforts of Weil, Dwork, M. Artin, Grothendieck, Lubkin, Deligne, Laumon. But the first case for elliptic curves was solved by Hasse in 1934 before the conjectures were formulated in this generality by Weil in 1949. Weil pointed out that if one had a suitable theory for abstract varieties analogous to the usual cohomology for varieties over C, the standard properties of the cohomology would imply all the conjectures. For instance, the functional equation would follow from Poincare´ duality property. Such a cohomology is the etale´ cohomology.

1.5 Tate Modules and the Weil Pairing

Let E be an elliptic curve defined over Fq. Suppose l is a prime not dividing q. We know that the l−division points of n d n n n E, i.e., E[l ] = ker[l ] is Z/l × Z/l . [l] E[ln] E[ln+1] −→ E[ln] T (E) = E[ln] The inverse limit of the groups with respect to the maps is the Tate module l ←−lim . E[ln] /ln− T (E) (= /ln)− Since each is naturally a Z module, it can be checked that l is a Zl ←−limZ module. It is a free Zl−module of rank 2. Any isogeny φ : E1 → E2 induces a Zl−module homomorphism φl : Tl(E1) → Tl(E2). In particular, we have a repre- sentation End(E) → M2(Zl),φ 7−→ φl if l - q. n Note that End(E) ,→ End(Tl(E)) is injective because if φl = 0 then φ is 0 on E[l ] for large n, i.e., φ = O. Finally, let us recall the Weil pairing. This is a non-degenerate, bilinear, alternating pairing

d e T (E) × T (E) → T ( ) = n ∼ : l l l µ ←−lim µl = Zl It has the important property that e(φx,y) = e(x,φˆy). Remark. For any general curves C,D, and a nonconstant morphism φ : C → D, recall that φ ∗ : Div(D) → Div(C) is a homomorphism defined by

(P) 7−→ ∑ eφ (Q)(Q) Q∈φ −1(P) where eφ (Q) is the ramification index at Q. For C = D an elliptic curve, all the eφ (Q) = deginsep φ. For a general C and D, ordP( f ◦ φ) = eφ (Q)ordφ(P)( f ) for every nonconstant rational function on D.

1.6 Weil Conjectures for Elliptic Curves

Lemma 1.2. Let φ ∈ End(E) and l - q be a prime. Then,

detφl = degφ

traceφl = 1 + degφ − deg(1 − φ)

In particular, detφl,traceφl are independent of l, and are integers.

Proof. Let (v1,v2) be a Zl− basis of Tl(E) and write  a b  φ = l c d with respect to this basis. We now use the Weil pairing e which is bilinear and alternating

degφ e(v1,v2) = e(deg(φ)v1,v2)

= e((φˆ)l(φ)l)v1,v2)

= e(φlv1,φlv2)

= e(av1 + cv2,bv1 + dv2) ad−bc = e(v1,v2)

detφl = e(v1,v2)

Since e is nondegenerate, we have that degφ = degφl. Finally,

traceφl = 1 + detφl − det(Id − φl) = 1 + degφ − deg(1 − φ)

n To prove the Weil conjectures for E, we have to compute #E(Kn), where Kn = Fqn . Now #E(Kn) = deg(1−φ ) where φ = πq,E is the Frobenius isogeny. A consequence of the lemma is the fact that the characteristic polynomial of φl has coefficients in Z when l 6= charFq. m Write det(Id · T − φl) = (T − α)(T − β) for α,β ∈ C. Moreover, for all n ∈ Q, we get m  1 1 det Id − φ = det(mId − nφ ) = deg(m − nφ) > 0 n l n2 l n2 n n n This implies α = β. Note by triangularizing, that detId · T − φl ) = (T − α )(T − β ), we get n n n 1/2 Theorem 1.2. For all n > 1, #E(Kn) = 1 − α − α + q where |α| = q . In particular, 1 − aT + qT 2 Z(E/K ;T) = 1 (1 − T)(1 − qT) 2 1 where a ∈ Z and 1 − aT + qT = (1 − αT)(1 − αT). Further, Z(E/K1; qT ) = Z(E/K1;T). Proof. We have that

n #E(Kn) = deg(1 − φ ) n = det(1 − φl ) = 1 − αn − αn + qn √ and |α| = q. Hence

T n logZ(E/K ;T) = (1 − αn − αn + qn) 1 ∑ n n>1 T n (αT)n (αT)n (qT)n = − − + ∑ n ∑ n ∑ n ∑ n (1 − αT)(1 − αT) = log (1 − T)(1 − qT)

P1 2 The functional equation is obvious from the expression. The factorization Z = is with P1(T) = 1 − aT + qT , so P0P2   P (T) P 1 = 1 √ 1 qT (−1/T q)2 −s Remark. Putting ζE/Fq (s) = Z(E/K1;q ), one has

1 − aq−s + q1−2s ζ (s) = = ζ (1 − s) E/Fq (1 − q−s)(1 − q1−s) E/Fq

Note that the Riemann hypothesis for Z(E/K1;T) is equivalent to the fact that the zeros of ζE/Fq (s) are on the line 1 Re(s) = 2 .

1.7 Supersingularity Supersingular curves are a special class of elliptic curves which arise naturally. One of the most useful properties they have, as we shall prove, is that their definition forces them to be defines over a small finite field and, over any field, there are only finitely many elliptic curves isogenous to a supersingular one. Before defining supersingularity, let us recall that an elliptic curve E is said to have complex multiplication if End(E) 6= Z. Let us recall the following result on End(E) Proposition 1.1. (i) End(E) has no zero divisors. (ii) End(E) is torsion free.

(iii) End(E) is either Z, or an order in an imaginary quadratic field, or an order in a quaternion division algebra over Q. Definition 1.4. An elliptic curve E defined over a field of characteristic p > 0 is said to be supersingular if E[p] = O. The following characterization of supersingular elliptic curves is very useful Proposition 1.2. Let K be a perfect field of characteristic p > 0. Then the following statements are equivalent: (a) E is singular

(b) [p] : E → E is purely inseparable and j(E) ∈ Fp2 r (c)E [p ] = O for some r > 1 r (d)E [p ] = O for all r > 1

(e) EndK(E) is an order in a quaternion division algebra over Q. Remark. By the above proposition, up to isomorphism, there are only finitely many elliptic curves isogenous to a supersingular curve. For p = 2, Y 2 +Y = X3 is the unique supersingular curve. For p > 2, we have the following theorem:

1.8 Structure of E(Fq)

Theorem 1.3. A group G of order N = q + 1 − m is isomorphic to E(Fq) for some elliptic curve E over Fq if one of the following holds: √ ∼ (i) (q,m) = 1, |m| 6 2 q, and G = Z/A × Z/B where B|(A,m − 2) √ √ (ii) q is a square, m = ±2 q, and G =∼ (Z/A)2 where A = q ∓ 1 √ (iii) q is a square, p ≡ 1 mod 3, m = ± q, and G is cyclic √ (iv) q is not a square, p = 2 or 3, m = ± pq, and G is cyclic (v) q is not a square, p 6≡ 3 mod 4, m = 0, and G is cyclic or q is a square, p 6≡ 1 mod 4, m = 0, and G is cyclic ∼ q+1 (vi) q is not a square, p ≡ 3 mod 4, m = 0, and G is either cyclic or G = Z/M × Z/2 where M = 2