The Kummer Pairing

Alexander J. Barrios Purdue University 12 September 2013

Preliminaries

∗ Theorem 1 (Artin). Let ψ1, ψ2, . . . , ψn be distinct group homomorphisms from a group G into K , where K is a field. Then the group homomorphisms are linearly independent over K. Theorem 2 (Hilbert’s Theorem 90). Let E/F be a cyclic extension of degree n with G = Gal (E/F ) = hσi. Then (a) for β ∈ E, N(β) = 1 if and only if there exist α ∈ E∗ such that β = α/σ(α) (b) for β ∈ E, Tr(β) = 0 if and only if there exist a ∈ E such that β = α − σ(α).

α Proof. (a)(⇐=) Suppose β = σ(α) . Then

N(a) N(β) = = 1 N(σ(α))

since N(α) = N(σ(α)). 2 Qn−2 j n−1 (=⇒) Suppose that N(β) = 1. Since IdK∗ , βσ, βσ(β) σ ,..., j=1 σ (β) σ are all distinct group homomorphisms from K∗ to K∗, we have that

n−2 2 Y j n−1 χ = IdK∗ +βσ + βσ(β) σ + ··· + σ (β) σ j=0

is a map which is not identically 0 by Artin’s Theorem. So there exist a nonzero θ ∈ K∗ such that α = χ(θ) 6= 0. Now consider,

n−2 Y σ(α) = σ(χ(θ)) = σ(θ) + σ(β) σ2(θ) + σ(β) σ2(β) σ3 + ··· + σj+1(β) σn(θ) j=0 n−2 n−1 Y Y = σ(θ) + σ(β) σ2(θ) + σ(β) σ2(β) σ3 + ··· + σj(β) σn−1(θ) + σj(β) θ. j=1 j=1

1 PRELIMINARIES

Now consider,

n−2 n−1 Y Y βσ(α) = βσ(θ) + βσ(β) σ2(θ) + βσ(β) σ2(β) σ3 + ··· + β σj(β) σn−1(θ) + β σj(β) θ j=1 j=1 n−2 Y = βσ(θ) + βσ(β) σ2(θ) + βσ(β) σ2(β) σ3 + ··· + σj(β) σn−1(θ) + N(β) θ j=0 n−2 Y = θ + βσ(θ) + βσ(β) σ2(θ) + βσ(β) σ2(β) σ3 + ··· + σj(β) σn−1(θ) j=0 = α

α and so β = σ(α) . (b)(⇐=) Suppose β = α − σ(α). Then

Tr(β) = Tr(α − σ(α)) = Tr(α) p − Tr(σ(α)) = 0

since Tr(α) p = Tr(σ(α)). (=⇒) Now suppose Tr(β) = 0. By Artin’s Theorem we have that

n−2 X χ = βσ + (β + σ(β)) σ2 + ··· + σj(β) σn−1 j=0

∗ ∗ 1 is not identically zero on K . So there exist θ ∈ K with Tr(θ) 6= 0 and χ(θ) 6= 0. Set α = Tr(θ) χ(θ). Then

 n−2  1 X σ(α) = σ(β) σ(θ) + σ(β) + σ2(β)
σ2(θ) + ··· + σj+1(β) σn(θ) σ(Tr(θ))   j=0

 n−1  1 X = σ(β) σ(θ) + σ(β) + σ2(β)
σ2(θ) + ··· + σj(β) θ . Tr(θ)   j=1

So we get that

 n−2  1 X α − σ(α) = βσ(θ) + (β + σ(β)) σ2(θ) + ··· + σj(β) σn−1(θ) Tr(θ)   j=0

 n−1 n−1  1 X X − σ(β) σ(θ) + σ(β) + σ2(β)
σ2(θ) + ··· + σj(β) σn−1(θ) + σj(β) θ Tr(θ)   j=1 j=1

 n−1  1 X = σ(θ)(β − σ(β)) + σ2(θ) β − σ2(β)
+ ··· + σn−1(θ) β − σn−1(β)
− σj(β) θ Tr(θ)   j=1 1 = (β Tr(θ)) Tr(θ) and so β = α − σ(α).

2 PRELIMINARIES

Remark Part (a) and (b) above are called the multiplicative form of Hilbert’s 90th and the additive form of Hilbert’s 90th, respectively.

Proposition 3. Let F be a field and n be a natural number not dividing char F = p if p > 0. Suppose ζn is a primitive nth root of unity lying in F . (a) If E/F is cyclic of degree n, then there exist α ∈ E such that E = F (α) and α satisfies Xn − a = 0 for some a ∈ F . (b) If α is a root of Xn − a where a ∈ F , then F (α) is cyclic over F of order d, where d|n and αd ∈ F . Proof. (a) Let ζ be a primitive n-th root of unity in F. Let G = Gal (E/F ) = hσi, since E/F is cyclic. n Since N ζ−1
= ζ−1
= 1, we have by Hilbert’s 90th Theorem that there exist α ∈ E∗ such that −1 α 2 2 ζ = σ(α) ⇐⇒ σ(α) = ζα. Since ζ ∈ F , we have that σ(ζ) = ζ and so σ (α) = σ(ζ) σ(α) = ζ α and this in turn implies that for j ∈ {1, . . . , n}, we have σj(α) = σjα. In particular, each ζjα is a conjugate of α over F , and so [F (α): F ] ≥ n. Since [E : F ] = n and F (α) ⊂ K, we conclude that E = F (α). Moreover, σ(αn) = σ(α)n = (ζα)n = αn and therefore αn is fixed by σ, i.e., αn ∈ F . Let a = αn, then X − a is a minimal polynomial for α over F . (b) Conversely, let a ∈ F and α be a root of Xn − a. Then each αζj for j ∈ {1, . . . , n} is also a root Xn − a. Therefore all roots lie in F (α) and hence F (α) /F is Galois. Let G = Gal (F (α) /F ) . If σ ∈ G, n then σ(α) is also a root of X − a. Thus σ(α) = ωσα where ωσ is an n-th root of unity. In particular, the map σ 7−→ ωσ is an injective group homomorphism of G into µn. Since µn is cyclic, we have that G must by cyclic of order d where d|n. If hσi = G, then ωσ is a primitive d-th root of unity and we get

d
d d d σ α = σ(α) = (ωσα) = α , which implies that αd ∈ F , as claimed. Theorem 4 (Artin-Schreier). Let F be a field of characteristic p > 0. (a) Let E/F be cyclic of order p. Then there exists α ∈ E such that E = F (α) and α satisfies Xp−X−a = 0 for some a ∈ F . (b) Conversely, given a ∈ F , the polynomial f(X) = Xp − X − a either has one root in F , in which case all its roots are in F , or it is irreducible. In this latter case, if α is a root then F (α) is cyclic of degree p over F . Proof. (a) Suppose that E/F is cyclic of order p and let G = Gal (E/F ) = hσi. Since Tr(−1) = p (−1), we have by Hilbert’s 90th Theorem that there exist α ∈ E so that σ(α) = α + 1. In particular, σ2(α) = σ(α)+1 = α+2 and in general we have σj(α) = α+j for j ∈ {1, . . . p}. Therefore α has p distinct conjugates and so [F (α): F ] ≥ p. But by assumption [E : F ] = p which forces E = F (α) since F (α) ⊂ E. Note that

σ(αp − α) = σ(αp) − σ(α) = σ(α)p − σ(α) = (α + 1)p − (α + 1) = αp + 1 − α − 1 = αp − α, thus αp −α is fixed by G and hence αp −α ∈ F . Now take a = αp −α and therefore α satisfies Xp −X −a = 0. (b) Now let a ∈ F and consider the polynomial f(X) = Xp − X − a. Suppose α is a root of f(X). Then α + j for j ∈ {1, . . . , p} are also roots of f(X) since

(α + j)p − (α + j) − a = αp + jp − α − j − a = αp − α − a = 0.

In particular, f(X) has p distinct roots. If some root α lies in F , it follows that every root is in F . So suppose that no root α lies in F . We claim that f(X) is an irreducible polynomial. Suppose on the contrary that it is reducible over F , then f(X) = g(X) h(X) for some g(X) , h(X) ∈ F [X] with their degrees being strictly less than p. If α is a root of f, then p−1 Y f(X) = (X − α − j) . j=0

3 ABELIAN KUMMER THEORY

It follows that both f and g are products of certain distinct integers j. That is, there exist I,J ⊂ {0, . . . , p − 1} such that I ∩ K = ∅ and I ∪ J = {0, . . . , p − 1} and Y Y g(X) = (X − α − i) and h(X) = (X − α − k) . i∈I k∈K

Pd l P Let d = deg g and write g(X) = l=0 glX . Then gd−1 = i∈I − (α + i) by the theory on symmetric polynomials. Since |I| = d, we have that gd−1 = −dα + m for some m ∈ Fp. Since d 6= 0 and gd−1 ∈ F , it follows that α ∈ F , which is a contradiction and therefore f is irreducible. Moreover, each root of f then lies in F (α) and so F (α) /F is Galois. Let G = Gal (F (α) /F ). Then there exist σ ∈ G such that σ(α) = α + 1. But this implies that σj(α) = α + j for each j ∈ {0, . . . , p − 1}. Since each α + j is a distinct root of f(X), we conclude that G is cyclic and it is generated by σ, as desired.

Abelian Kummer Theory

Definition A group G is said to be exponent m > 0 if σm = 1 for each σ ∈ G.

Let µm denote the group of m-th roots of unity. Throughout this section we will assume that m - char F = p if p > 0. We will also assume that µm ⊂ F and we denote by F¯, a fixed algebraic closure of F . Set F ∗m = {am ∈ F ∗ | a ∈ F }. ∗ 1/m
∗ Let a ∈ F and consider F a . This is well-defined since µm ⊂ F implies that for any α, β ∈ F¯ satisfying αm = βm = a, F (α) = F (β). Now let B be a subgroup of F ∗ containing F ∗m. We denote 1/m
1/m
∗m by KB = F B the compositum of all F a as a ranges over B. In particular, if B = F , then KB = F .

Notation 5. By A ⊂G B we mean that A is a subgroup of B.

Lemma 6. Let F be a field, m a natural number prime to char F = p if p > 0, and suppose µm ⊂ F . ∗ ∗m 1/m
Let B ⊂G F such that B contains F and let KB = F B . Then the extension KB/F is Galois and G = Gal (KB/F ) is abelian and of exponent m.

m Proof. Let a ∈ B and let α be a m-th root of a. Then X − a ∈ F [X] splits into linear factors in KB, and thus KB is Galois over F since this holds for each a ∈ B.

∗ ∗m Definition If B is a subgroup of F containing F , we call its associated field extension KB/F a Kummer m-extension.

∗ ∗m Definition Let B ⊂G F such that F ⊂ B. The Kummer pairing is defined as σ(α) κ : Gal (K /F ) × B −→ µ where κ(σ, a) = ω = where αm = a. B m σ α

Theorem 7. Let F be a field, m a natural number prime to char F = p if p > 0, and suppose µm ⊂ F . Let ∗ ∗m 1/m
B ⊂G F such that B contains F and let KB = F B . Then (a) The Kummer pairing κ is a well-defined bilinear map; (b) The kernel on the left is 1; (c) The kernel on the right is F ∗m. Moreover, the Kummer pairing induces a perfect bilinear pairing

∗m κ : G × B/F −→ µm.

4 ABELIAN KUMMER THEORY

m m Proof. (a) Let α = β = a. Then there is some ζ ∈ µm such that β = αζ. It follows that

σ(β) σ(αζ) ζσ(α) σ(α) = = = β αζ ζα α and so κ is independent of the m-th root of a. Moreover, the σ 7−→ κ(σ, a) is a homomorphism for each a ∈ B, since for σ, τ ∈ G, we have that

στ(α) σ(ζ α) ζ ζ α ζ α ζ α σ(α) τ(α) κ(στ, a) = = τ = σ τ = σ τ = = κ(σ, a) κ(τ, a) α α α α α α α and a 7−→ κ(σ, a) is a homomorphism since a, b ∈ B with αm = a and βm = b, we have

σ(αβ) σ(α) σ(β) κ(σ, ab) = = = κ(σ, a) κ(σ, b) , αβ α β thus κ is bilinear. m (b) Let σ ∈ G and suppose κ(σ, a) = 1 for each a ∈ B. Then for every generator α of KB with α = a σ(α) we have that α = 1, i.e., σ(α) = α. Hence σ induces the identity on KB and we conclude that the kernel on the left is 1. 1/m
(c) Let a ∈ B and suppose κ(σ, a) = 1 for each σ ∈ G. Consider the subfield F a of KB. If a1/m is not in F , then there exist an automorphism of F a1/m
/F which is not the identity. Extending this automorphism to KB, we have that its extension by construction is not 1, and therefore κ(a, σ) 6= 1 if a1/m 6∈ F . If a1/m ∈ F , then σa1/m
= a1/m and so we conclude that the kernel on the right consists of F ∗m.

Theorem 8. Let F be a field, m a natural number prime to char F = p if p > 0, and suppose µm ⊂ F . Let ∗ ∗m 1/m
B ⊂G F such that B contains F and let KB = F B . Then ∗ ∗m (a) The map B 7−→ KB gives a bijection of the set of subgroups of F containing F and the abelian extensions of k of order m. ∗m (b) The extension is KB/F is finite if and only if (B : F ) is finite. Moreover, if this is the case we ∗m ∼ ∗m have that B/F = Hom (G, µm) and [KB : F ] = (B : F ).

∗ ∗m  1/m  1/m Proof. (a) Let B1,B2 be subgroups of F that contain F . If B1 ⊂ B2, then F B1 ⊂ F B2 .  1/m  1/m 1/m
Conversely, assume that F B1 ⊂ F B2 . We claim that B1 ⊂ B2. Let b ∈ B1. Then F b ⊂  1/m  1/m ∗m F B2 and it is a finite generated subextension of F B2 . WLOG, suppose B2/F is finitely ∗ generated and therefore finite. Let B3 = hB2, bi. Then B3 is a finitely generated subgroup of F and in  1/m  1/m ∗m ∗m particular, K B2 = K B3 .Moreover, (B2 : F ) = (B3 : F ) and so B2 = B3 which gives us that B1 ⊂ B2. We conclude that we have an injection of our set of groups B into the set of abelian extensions of F of exponent m. Now suppose that E is an abelian extension of F of exponent m. Any finite subextension is a composite of cyclic extensions of exponent m because any finite abelian group is a product of cyclic groups. In particular, it has only a finite number of intermediate fields. But we have seen that every cyclic extension can be obtained ∗ D ∗mE by adjoining a family of m-th roots of unity, say {bj}j∈J with each bj ∈ F . Let B = {bj}j∈J ,F . If b0 = bam with a, b ∈ F , then F b1/m
= F b01/m
and so F B1/m
= E.

3 ∗3 1/3 Example Let E be the splitting field of X − a with a 6∈ Q . Then ζ3, a ∈ E. Let F = Q (ζ3) where ζ3 is a primitive 3-rd root of unity. We have that F ⊂F E. Note that L/F is Galois with group Z3, and therefore it is abelian of exponent 3, therefore it is a Kummer 3-extension.

5 ELLIPTIC CURVES

Example As an example consider E = Q(ζ7) where ζ7 is a primitive 7-th root of unity. Let F = Q(2 Re ζ7). One can show 2 Re ζ7 has minimal polynomial

3 2 mF (x) = x + x − 2x − 1

and using Cardano’s formula one can attain an exact value for 2 Re ζ7. Moreover, [F : Q] = 3 and F/Q is Galois since mF (x) splits into linear factors over F . That is, F is abelian of exponent 3. However 1/3
1/3
3 Q(2 Re ζ7) 6= Q a for any a ∈ Q. This follows since if Q(2 Re ζ7) = Q a for some a ∈ Q, then X − a must split into linear factors over Q(2 Re ζ7). This in turn implies that ζ3 ∈ Q(2 Re ζ7), which implies that Q(2 Re ζ7) 6⊂ R, a contradiction. This shows why it is essential that we make the assumption that the field contain the m-th roots of unity.

We now extend the theory to abelian extensions of exponent p equal to the characteristic of F . We will only prove the results for extensions of exponent p. However, the case of exponent pn for n > 1 is due to Ernst Witt Let F be a field of characteristic p. Let P : F → F by P(a) = ap − a for a ∈ F . Note that P is an additive homomorphism. In what follows, P (F ) := F p will be the analogue of F ∗m above. For a ∈ F , we set P−1 (a) to be a root of the polynomial Xp − X − a. Let B be an additive subgroup of F containing F p. −1
−1 We define KB = F P B to be the field obtained by adjoining P (a) to F for each a ∈ B. Then we have results analogous to the above: Let F be a field of characteristic p

p −1
Lemma 9. Let F be a field of characteristic p. Let B ⊂G F such that B contains F and let KB = F P B . Then the extension KB/F is Galois and G = Gal (KB/F ) is abelian and of exponent p.

∗ p Definition If B is a subgroup of F containing F , we call its associated field extension KB/F a Kummer p-extension.

p Definition Let B ⊂G F such that F ⊂ B. The (additive) Kummer pairing is defined as

κ : G × B −→ Z/pZ where κ+(σ, a) = σ(α) − α where P (α) = a.

p Theorem 10. Let F be a field of characteristic p. Let B ⊂G F such that B contains F and let KB = F P−1B
. Then (a) The Kummer pairing κ+ is a well-defined bilinear map; (b) The kernel on the left is 1; (c) The kernel on the right is F p. Moreover, the Kummer pairing induces a perfect bilinear pairing

p κ+ : G × B/F −→ Z/pZ.

Elliptic Curves

We shall now construct the Kummer pairing in the context of elliptic curves. Let E/K be an elliptic curve over K. Let E(K) denote the group of K-rational points on the elliptic curve E. Let m ≥ 2. In this section we will assume that the m-torsion subgroup E [m] = {P ∈ E | [m] P = O} ⊂ E(K). By mE(K) = {mP | P ∈ E(K)}.

Definition The Kummer pairing is defined as
κe : E(K) × Gal K/K¯ −→ E [m] where κ(P, σ) = σ(Q) − Q where [m] Q = P.

6 ELLIPTIC CURVES

Theorem 11. Let E/K be an elliptic curve with group E(K) and suppose that E [m] ⊂ E(K). (a) The Kummer pairing κe is a well-defined bilinear map; (b) The kernel of κe on the left is mE(K);
 −1  (c) The kernel of κe on the right is Gal K/L¯ where L = K [m] E(K) is the compositum of all fields K(Q) as Q ranges over the points EK¯
satisfying [m] Q ∈ E(K). Hence the Kummer pairing induces a perfect bilinear pairing
κe : E(K) /mE(K) × Gal K/K¯ −→ E [m] where L is the field given in (d). Proof. (a) We first show that κ(P, σ) ∈ E [m]. Note that [m] κ(P, σ) = [m] σ(Q) − [m] Q = σ(P ) − P = O since P ∈ E (K). If P = [m] Q and P = [m] R, then R = Q + T for some T ∈ E [m] and therefore σ(Q + T ) − (Q + T ) = σ(Q) + σ(T ) − Q − T = σ(Q) − Q since E [m] ⊂ E (K) and so σ fixes T . If we consider the isogeny [m]: E → E where P 7−→ [m] P , then we have that the Weil pairing reduces to em : E [m] × E [m] → µm. We have seen that the Weil pairing is bilinear, non-degenerate, and Galois invariant. With this in mind we show:

Corollary 12. There exist points S, T ∈ E [m] such that em(S, T ) is a primitive m-th root of unity. In particular, if E [m] ⊂ E(K), then µm ⊂ K.

Proof. We have that em (E [m] × E [m]) ⊂ µm is a subgroup. Let’s say it is equal to µd where d|n. Then

d 1 = em (S, T ) = em ([d] S, T ) for each S, T ∈ E [m] . ∼ Since em is non-degenerate, we have that [d] S = O. But then d = m since E [m] = Z/mZ × Z/mZ. ∗ If E [m] ⊂ E (K), then the Galois invariance of the Weil-pairing implies that em(S, T ) ∈ K for each ∗ S, T ∈ E [m]. Hence µm ⊂ K .

Since µm ⊂ K, we can consider the Kummer pairing κ. We have that

∗ ∗m κ : Gal (L/K) × K /K −→ µm is a perfect pairing and so we have an isomorphism ∗ ∗m ¯

δκ : K /K −→g Hom Gal K/K , µm where δκ(a)(σ) = κ(σ, a) . Similarly, we have that the following isomorphism from the Kummer pairing on elliptic curves: ¯

δE : E(K) /mE(K) −→g Hom Gal K/K ,E [m] where δE(P )(σ) = κe(σ, P ) . Theorem 13. There is a bilinear pairing b : E (K) /mE (K) × E [m] −→ K∗/K∗m satisfying em(δE(P ) ,T ) = δκ(b(P,T )) . The pairing is nondegenerate on the left.

7 REFERENCES REFERENCES

References

[Lan02] Serge Lang. Algebra, volume 211 of Graduate Texts in Mathematics. Springer-Verlag, New York, third edition, 2002. [Sil09] Joseph H. Silverman. The arithmetic of elliptic curves, volume 106 of Graduate Texts in Mathemat- ics. Springer, Dordrecht, second edition, 2009.

8