Jcou

Diophantine Equations and Integral Points on
Elliptic Curves (formerly Rational Points on

Elliptic Curves)
Jonathan Reynolds
June 21, 2010
Abstract
These are lecture notes for a course taught at Utrecht University
in the Spring of 2010. Most of the material is taken from [1].
Contents
1 Introduction 2
2 Diophantine Equations of Degree 1 2
3 Some Algebraic Number Theory 5
4 Diophantine Equations of Degree 2 8
5 Some Properties of Curves 13
6 Properties of the Weierstrass Equation 19
7 The Torsion Subgroup 24
8 Mordells Theorem 30
8.1 Congruent Numbers . . . . . . . . . . . . . . . . . . . . . . . 35
8.2 Example of how to determine the rank . . . . . . . . . . . . . 36
9 Putting Everything Together 38
9.1 The Fermat Quartics U
4
+V
4
= cW
4
. . . . . . . . . . . . . . 40
1
1 Introduction
The book for this course is [1] (see References at the end of the document).
Only parts of the book will be covered and there will be material in the
lectures which is not in the book!
Denition 1.1. An equation for which we seek integer solutions is called
Diophantine.
The most famous such equation is probably the one in Pythagoras the-
orem. We shall see how to parameterize the solutions of equations like this
and ones with dierent exponents. When solving Diophantine equations in
two variables we are nding integral points on curves. We shall pay spe-
cial attention to elliptic curves. Elliptic curves are of great importance in
mathematics; they were used in the proof of Fermats last theorem, gave
rise to the Birch and Swinnerton-Dyer conjecture and have applications in
Cryptography.
2 Diophantine Equations of Degree 1
The degree of a Diophantine equation is the largest exponent which appears.
For example, the Diophantine equation x
2
+y
2
= z
2
has degree 2. For now,
we shall study equations in up to three variables (x, y, z). The simplest of
all Diophantine equations are equations of degree 1.
Let a, b, c, d be any non-zero integers. Clearly, ax = b has a solution
with x an integer if and only if a divides b. (Recall the meaning of if
and only if). Using the Euclidean algorithm, we can nd x
0
, y
0
Z with
ax
0
+by
0
= gcd(a, b).
Theorem 2.1 (Euclidean Algorithm). Let r
0
= [a[, r
1
= [b[ and apply the
division algorithm repeatedly to obtain remainders r
2
, r
3
, , r
n
, r
n+1
dened
successively by the relations
[a[ = bq
1
+r
2
;
[b[ = r
2
q
2
+r
3
;
.
.
.
r
n2
= r
n1
q
n1
+r
n
;
r
n1
= r
n
q
n
+r
n+1
.
Then r
n
, the last nonzero remainder in this process, is gcd(a, b). Note that
r
2
and every successive r
n
can be written in terms of a, b and the q
i
. Doing
this, the last equation gives x
0
, y
0
Z with ax
0
+by
0
= gcd(a, b).
2
Example 2.2. Let a = 1890 and b = 826. Applying the Euclidean algorithm,
1890 = 826 2 + 238;
826 = 238 3 + 112;
238 = 112 2 + 14;
112 = 8 14.
So gcd(1890, 826) = 14 and, working back,
14 = 238 112 2 = 238 (826 283 3) 2 = 1890 7 826 16.
We will not bother proving the Euclidean algorithm, but if you would like
to see a proof then look at the rst Chapter of [2].
We call one solution (x
0
, y
0
) to a Diophantine equation a particular solu-
tion. If c divides gcd(a, b) then the Diophantine equation ax + by = c has a
particular solution (Exercise 2.6.2).
Proposition 2.3. Suppose that gcd(a, b) divides c and let (x
0
, y
0
) be a par-
ticular solution, then ax +by = c with x, y Z if and only if
x = x
0
+
kb
gcd(a, b)
and y = y
0
ka
gcd(a, b)
(1)
for some integer k.
Proof. Note that ax
0
+by
0
= c.
= If x = x
0
+
kb
gcd(a,b)
and y = y
0
ka
gcd(a,b)
for some integer k then
ax +by = a
_
x
0
+
kb
gcd(a, b)
_
+b
_
y
0
ka
gcd(a, b)
_
= c.
= Suppose that ax +by = c for some integers x, y. Subtracting equations,
a(x x
0
) +b(y y
0
) = 0 =
b
gcd(a, b)
(y y
0
) =
a
gcd(a, b)
(x x
0
).
Now
b
gcd(a,b)
divides the right hand side but is coprime with
a
gcd(a,b)
so must
divide x x
0
. Hence x x
0
=
kb
gcd(a,b)
for some integer k. Substituting this
in gives the formula for y.
We call (1) the general solution of the Diophantine equation ax+by = c.
Proposition 2.4. The Diophantine equation ax+by +cz = d has a solution
if and only if gcd(a, b, c) divides d.
3
Proof. = If ax +by +cz = d with x, y, z Z then gcd(a, b, c) divides the
left hand side so must also divide d.
= Suppose that gcd(a, b, c) divides d. Using the Euclidean algorithm
we can nd an integers x
0
, y
0
with ax
0
+by
0
= gcd(a, b). Similarly, there exist
integers w
0
, z
0
with gcd(a, b)w
0
+cz
0
= d (because gcd((a, b), c) = gcd(a, b, c)
divides d). Now observe that
d = gcd(a, b)w
0
+cz
0
= (ax
0
+by
0
)w
0
+cz
0
= a(x
0
w
0
) +b(y
0
w
0
) +cz
0
.
Thus we get a solution to the original equation.
Proposition 2.5. Suppose that gcd(a, b, c) divides d and that (x
0
, y
0
, z
0
) is
a particular solution to the Diophantine equation ax+by +cz = d. Then the
general solution is
x = x
0
+
mb
gcd(a, b)

lc
gcd(a, c)
,
y = y
0
+
kc
gcd(b, c)

ma
gcd(a, b)
,
z = z
0
+
la
gcd(a, c)

kb
gcd(b, c)
;
for any integers k, l and m.
Exercises 2.6. 1. Use the Euclidean algorithm to nd a particular solu-
tion to the Diophantine equation 1880x + 870y = 10.
2. Show that if gcd(a, b) divides c then we can nd a particular solution
to the Diophantine equation ax +by = c.
3. Give expressions only in terms of a one variable k which generate all
of the integer solutions to 1880x + 870y = 10.
4. Does the Diophantine equation 100x + 20y + 5z = 17 have a solution?
Justify your answer.
5. Find a solution to the Diophantine equation 6x + 15y + 10z = 2 and
state the general solution.
6. Find a solution to the Diophantine equation 3x + 3y + 5z = 10 and
state the general solution. Hard: Show that in this case we actually
only need two variables in the general solution.
4
3 Some Algebraic Number Theory
We can nd general solutions to some famous Diophantine equations using
some some facts from Algebraic Number Theory. Recall that the integers Z
are an example of a Ring. We have been using the fact that the ring Z is a
Euclidean domain.
Denition 3.1. A Euclidean norm on a ring R is a function N : R N
such that
1. For all a, b R with b ,= 0, N(a) N(ab).
2. For all a, b R with b ,= 0, there exists q, r R such that a = bq + r
and N(r) < N(b).
A ring R is a Euclidean domain if there exists a Euclidean norm on R.
In order to show that Z is a Euclidean domain we can dene N : Z N
by N(a) = [a[.
Example 3.2. There are important extensions of Z, such as the ring of
Gaussian integers Z[i] = x + iy : x, y Z, where as usual i
2
= 1. In
order to show that this is a Euclidean domain consider the norm function
N : Z[i] N dened by N(x + iy) = x
2
+ y
2
. We need to check that the
conditions in Denition 3.1 are satised. For the rst note that for non-zero
b Z[i], N(b) 1 and N(ab) = N(a)N(b) (Exercise 3.9.5) . For the second,
a
b
=
a
b
[b[
2
=
a
b
N(b)
where
b is the complex conjugate and [b[ is the absolute value of b. If N(b) = 1

then a/b Z[i] so take q = a
b and r = 0. Otherwise N(b) 2. Write

a
b
N(b)
=
s +it
m
where m is coprime with gcd(s, t). Note that s/m = [s/m] s/m, where
[s/m] is the closest integer to s/m and s/m 0.5 is rational. Let q =
[s/m] + [t/m]i and r = b(s/m t/mi). Note that, since Z[i] is a ring,
r = a bq Z[i]. Also N(s/m t/mi) 0.5
2
+ 0.5
2
= 0.5 < 1.
Knowing that a ring is a Euclidean domain is very important since then
it is also a unique factorization domain. Primes p
1
, p
2
in a Euclidean domian
R are the same if p
1
= up
2
for some unit u R.
5
Theorem 3.3 (Fundamental theorem of arithmetic). Every non-zero integer
n can be written uniquely as n = p
a
1
1
p
a
r
r
, where the primes p
1
, , p
r
are
distinct and a
1
a
r
are positive integers.
Theorem 3.4. Let R be a Euclidean domain. Every non-zero a R can be
written uniquely as a = p
a
1
1
p
a
r
r
, where p
1
, , p
r
are distinct primes of R
and a
1
a
r
are positive integers.
Again, for the integers Z this is something we have been using in Section
2. The proof of Theorem 3.4 in general is beyond the scope of a third year
course. However, we may prove it later for the quadratic rings (such as Z[i])
which we are going to use it for. Theorem 3.4 mentions units and primes of
a Euclidean domain; so we need a way of determining these.
Proposition 3.5. Let R be a ring and N : R N a Euclidean norm such
that N(ab) = N(a)N(b) for all a, b R. Then
u R is a unit = N(u) = 1;
if N(p) is a prime (integer) then p R is divisible by only one element
of norm greater than 1.
Proof. Let e be the multiplicative identity of the ring and note that N(e) =
N(e e) = N(e)
2
so we must have N(e) = 1. Recall the denition of a unit
in a ring: u R is an unit there exists u R with u u = e. But
u u = 1 = N(u)N( u) = 1 = N(u) = N( u) = 1.
Suppose that N(p) is a prime integer and p = ab, where a, b R have
norm greater than 1. Then N(p) = N(a)N(b) is composite (contradiction).
Note that the statement in Proposition 3.5 does NOT say that if p R
is prime then N(p) is prime, so it does not completely determine the primes
of rings such as Z[i] like it does for the units (see Exercise 3.9.1). However,
the following result allows us to describe the primes of Z[i].
Proposition 3.6 (Fermats two squares theorem). A prime p Z with p 1
mod 4 can be represented as p = a
2
+b
2
for some a, b Z.
The proof of Fermats two squares theorem using Wilsons theorem is
very long so we shall skip it for now.
Proposition 3.7. If a prime p Z can be represented as p = a
2
+ b
2
for
a, b Z, then this representation is unique.
6
Proof. Suppose that p = a
2
1
+ b
2
1
= a
2
2
+ b
2
2
, where a
1
, b
1
, a
2
, b
2
Z and
(a
1
, b
1
) ,= (a
2
, b
2
). Then p = (a
1
+ b
1
i)(a
1
b
1
i) = (a
2
+ b
2
i)(a
2
b
2
i). So
p Z Z[i] has two dierent factorizations in Z[i]. But this contradicts the
fact that Z[i] is a unique factorization domain.
Corollary 3.8. The Gaussian integer 1 +i is prime.
For each odd prime p Z which can be represented as p = a
2
+ b
2
for
a, b Z, there are two primes a +ib and a ib of Z[i].
Each prime p Z with p 3 mod 4 is also a prime in Z[i].
Any prime of Z[i] is one of these primes multiplied by a unit.
Note that 1 i and 1 + i are the same prime in Z[i] (since 1 + i =
i(1i)) and always remember that the ring of Gaussian integers is a unique
factorization domain.
Exercises 3.9. 1. Let N : Z[i] N be given by N(x + iy) = x
2
+ y
2
.
Prove that u Z[i] is a unit if and only if N(u) = 1. List all of the
units of Z[i]. Justify your answer.
2. Suppose that a, b Z[i] are coprime and ab = c
2
for some c Z[i]. Use
Theorem 3.4 to show that a = ud
2
, for some d Z[i] and unit u. Use
the previous exercise to show that we can take u = 1 or u = i.
3. Use the Euclidean algorithm in Z[i] to nd gcd(2+3i, 2i) and gcd(17
17i, 3 + 5i).
4. Factorize 7 i, 49 +63i, 2 +3i, 2 i, 17 17i and 3 +5i into primes in
Z[i]. In particular, verify your answer to the previous exercise.
5. Let d be an integer and Q(
d) = x + y
d : x, y Q. Dene a
function N : Q(
d) Q by N(x + y
d) = x
2
dy
2
. Prove that for
all a, b Q(
d), N(ab) = N(a)N(b).

6. Let R be the ring Z[
2] =
_
x +y
2 : x, y Z
_
. Dene N : R
N by N(x + y
2) = x
2
+ 2y
2
. Prove that R is a Euclidean domain
with respect to N. (Hint: follow the proof in Example 3.2). Prove that
3 +
2 is a prime in R. Prove that the units of R are 1.

7. Let R be the ring Z[
2] =
_
x +y
2 : x, y Z
_
. Dene N : R N
by N(x +y
2) = [x
2
2y
2
[. Prove that R is a Euclidean domain with
respect to N. (Hint: follow the proof in Example 3.2). Prove that
3 +
2 is a prime in R. Find a unit u of R which is not 1. Is u

2
a
unit? Is u
3
a unit? Prove that there are innitely many units in R.
7
8. Factorize 2 in Z[i]. Show that (1 i) is equal to (1 + i) multiplied by
a unit in Z[i].
9. Assuming Fermats two squares theorem, prove Corollary 3.8. (Hint1:
The norm of a prime in Z[i] is either a prime or composite integer.)
(Hint2: A prime in Z is either 2 or 1 or 3 mod 4.)
4 Diophantine Equations of Degree 2
We can nd general solutions to some famous Diophantine equations using
the results from 3. Two integers x, y are said to have opposite parity if one
is even any the other is odd.
Proposition 4.1. The general integral solution to the Pythagorean equation
x
2
+y
2
= z
2
with gcd(x, y) = 1 is given by x = s
2
t
2
, y = 2st, z = (s
2
+t
2
),
where s, t are coprime integers of opposite parity.
Proof. Suppose that x
2
+y
2
= z
2
, where x, y, z Z and gcd(x, y) = 1.
We rst show that z is odd. If x, y are of opposite parity then x
2
+y
2
is
odd. Since they are coprime, x and y can not both be even. If they are both
odd then x
2
+y
2
2 mod 4 but z
2
4 mod 4, so this case is impossible.
Next we show that x + iy and x iy are coprime in Z[i]. Factorizing
over Z[i] gives (x + yi)(x yi) = z
2
. If a prime in Z[i] divides x + yi and
x yi then it divides (x + yi) + (x yi) = 2x. It can not divide 2 since it
divides z and z is odd. If it divides x then it divides x (x yi) = yi, but
gcd(x, yi) = 1 so this case is impossible.
Since x + iy, x iy are coprime in Z[i] and (x + iy)(x iy) = z
2
, we
must have that x +iy is a square or i times a square in Z[i] (Exercise 3.9.2).
The latter case is left as an exercise. So put x + iy = (s + it)
2
for some
s, t Z. Comparing real and imaginary parts gives x = s
2
t
2
and y = 2st.
Substituting in z
2
= x
2
+ y
2
= (s
2
+ t
2
)
2
. Since x, y are coprime, s, t must
be coprime. Since z is odd, s and t must have opposite parity.
Proposition 4.2. The general to the Diophantine equation x
2
+ 2y
2
= z
2
with gcd(x, y) = 1 is given by x = (s
2
2t
2
), y = 2st, z = (s
2
+ 2t
2
),
where s, t are coprime integers and the signs are independent.
Proof. Note that Z[2] is a Euclidean Domain (Exercise 3.9.6), and so a
unique factorization domain (Theorem 3.4). Factorizing over Z[
2] gives
(x +
2y)(x
2y) = z
2
. Since z is odd, (x +
2y), (x
2y) are
coprime in Z[
2]. Since the only units are 1, we must have x +
2y =
(s +
2t)
2
for some integers s, t. Comparing real and imaginary parts
8
gives x = (s
2
2t
2
) and y = 2st. Substituting in x
2
+ 2y
2
and swapping
s with s gives the required solution. Since x, y are coprime, s, t must be
coprime.
Proposition 4.3. The general to the Diophantine equation x
2
2y
2
= z
2
with gcd(x, y) = 1 is given by x = (s
2
+ 2t
2
), y = 2st, z = (s
2
2t
2
),
where s, t are coprime integers and the signs are independent.
Proof. Exercise 4.11.2.
Consider now the Diophantine equation x
2
+py
2
= z
2
. It is a generaliza-
tion of the equations solved above. We can see that it always has a particular
solution (1, 0, 1) but how can we nd the general solution? The methods we
have used so far do not apply since in general we do not know if we are fac-
torizing in a Euclidean Domain. (In fact, there are only a few primes which
do give a Euclidean Domain.) We need some more mathematics!
Let

Q denote the algebraic closure of Q (in other words,

Q is the eld of
algebraic numbers). An n-tuple (x
1
, . . . , x
n
) of elements of

Q is non-zero if
one of the x
i
is non-zero. Given such a nonzero n-tuple, dene
[x
1
, , x
n
] =
_
(x
1
, , x
n
) :

Q is non-zero
_
.
Denition 4.4. Projective n-space (over Q) is the set
P
n
(
Q) = [x
1
, . . . , x
n+1
] : (x
1
, . . . , x
n+1
) is non-zero.
Denition 4.5. A polynomial f Q[x
1
, , x
n
] is homogeneous of degree
d if f(x
1
, , x
n
) =
d
f(x
1
, , x
n
) for all

Q.
Let X be the column matrix (x
1
, . . . , x
n
) and Q be the matrix with
non-zero integers a
1
, . . . , a
n
along its diagonal and zeros elsewhere. Then
X
t
QX = a
1
x
2
1
+ . . . + a
n
x
2
n
(where X
t
is the transpose of X). Recall that
GL
n
(Q) is the set of invertible n n matrices with entries in Q.
Proposition 4.6. Let X
0
= (x
1
, , x
n
) be a non-zero solution to the Dio-
phantine equation f(x
1
, , x
n
) = X
t
QX = 0.
1. The general solution X to the equation in rational numbers such that
X
t
QX
0
,= 0 is given by X = d((R
t
QR)X
0
2(R
t
QX
0
)R), where R
Q
n
is a vector of parameters such that R
t
QX
0
,= 0, and d Q
.
2. In addition, if we choose a matrix M GL
n
(Q) whose last column is
equal to X
0
, we may assume that R is a Z-linear combination of the
rst n 1 columns of M, with the gcd of the coecients equal to 1.
9
Proof. Since f is homogeneous, we consider non-zero solutions of f = 0 as
elements of the projective space P
n1
(Q). The parametric equation of a
general line passing through X
0
is X = uX
0
+ vR with [u, v] P
1
(Q), for
some xed R P
n1
(Q) not equal (projectively) to X
0
. Let us nd the
values (u, v) for which such an X is a solution of our equation. We write
0 = X
t
QX = u
2
X
t
0
QX
0
+ 2uvR
t
QX
0
+v
2
R
t
QR = v(2uR
t
QX
0
+vR
t
QR).
Note that X
t
QX
0
= uX
t
0
QX
0
+vR
t
QX
0
= 0 vR
t
QX
0
= 0. So we may
assume that v ,= 0 and choose [u, v] = [R
t
QR, 2R
t
QX
0
]. Since we have
considered X as an element of the projective space, to obtain all solutions
we must multiply by an arbitrary non-zero d Q, proving 1.
Since X
0
is non-zero, there exists a matrix M GL
n
(Q) whose last
column M
n
is equal to X
0
. Put S = M
1
R = (y
1
, y
n
)
t
. Then R = MS =
1jn
y
j
M
j
= T +y
n
X
0
and, substituting in,
(R
t
QR)X
0
2(R
t
QX
0
)R = (T
t
QT + 2y
n
T
t
QX
0
)X
0
2(T
t
QX
0
)(T +y
n
X
0
)
= (T
t
QT)X
0
2(T
t
QX
0
)T,
proving that we can replace R by T. Note that T is a linear combination
of the rst n 1 columns of M. Furthermore, if u is the unique positive
rational number such that the y
i
/u for 1 i n1 are integers with global
gcd equal to 1, we may replace T by T/u and d by du
2
, proving 2.
Lemma 4.7. Let Q be a nonsingular 33 real symmetric matrix (equal to its
transpose), and let X
0
be a non-zero real vector such that X
t
0
QX
0
= 0. For
X R
3
, X
t
QX = X
t
QX
0
= 0 is equivalent to X = X
0
for some R.
Proof. By diagonalizing Q, we may assume that Q is a diagonal matrix with
real non-zero diagonal entries a, b, c. Thus X
t
QX = X
t
QX
0
= 0 is equivalent
to ax
2
+ by
2
+ cz
2
= axx
0
+ byy
0
+ czz
0
= 0. Since X
0
is non-zero, z =
(axx
0
+byy
0
)/(cz
0
); hence
0 = X
t
QX = (ax
2
+by
2
)cz
2
0
+ (axx
0
+byy
0
)
2
= (axx
0
+byy
0
)
2
(ax
2
+by
2
)(ax
2
0
+by
2
0
)
= ab(xy
0
yx
0
)
2
.
So xy
0
= yx
0
(which implies x = x
0
) and
cz
0
(zx
0
xz
0
) = x
0
(axx
0
+byy
0
) +x(ax
2
0
+by
2
0
) = by
0
(xy
0
yx
0
) = 0,
which completes the proof that X and X
0
are proportional.
10
Proposition 4.8. Let X
0
= (x
0
, y
0
, z
0
) be a nontrivial solution of the Dio-
phantine equation f(x, y, z) = X
t
QX = 0 and let M be a matrix in GL
3
(Q)
whose last column M
3
is equal to X
0
. The general rational solution X to the
equation is given by X = d((R
t
QR)X
0
2(R
t
QX
0
)R), where R = sM
1
+tM
2
,
s and t are coprime integers, and d Q.
Proof. This is Proposition 4.6 for the solutions with X
t
QX
0
,= 0. So assume
that X
t
QX
0
= 0. By Lemma 4.7, X is a multiple of X
0
. Since Q is invertible
and X
0
,= 0, we have QX
0
,= 0. It follows that the subspace
R Q
3
: R
t
QX
0
= 0
has dimension 2. We want to choose a linear combination R of M
1
and M
2
that belongs to V but is not proportional to X
0
. Since, M GL
3
(Q), no
nonzero linear combination of M
1
and M
2
is proportional to M
3
= X
0
. Fur-
thermore, for R = sM
1
+tM
2
the equation R
t
QX
0
= 0 becomes sM
t
1
QX
0
+
tM
t
2
QX
0
= 0. If, for instance, M
t
1
QX
0
= 0, we can choose R = M
1
. Oth-
erwise, we choose s
1
= M
t
2
QX
0
, t
1
= M
t
1
QX
0
, and set s = s
1
/ gcd(s
1
, t
1
),
t = t
1
/ gcd(s
1
, t
1
). Now X = d((R
t
QR)X
0
2(R
t
QX
0
)R) = d(R
t
QR)X
0
.
By Lemma 4.7, R
t
QR ,= 0 so by choosing a suitable value of d Q we can
obtain any multiple of X
0
.
Corollary 4.9. Let (x
0
, y
0
, z
0
) be a particular solution of ax
2
+ by
2
= cz
2
with z
0
,= 0. The general solution in rational numbers to the equation is
given by
x = d(x
0
(as
2
bt
2
) + 2y
0
bst);
y = d(2x
0
ast y
0
(as
2
bt
2
));
z = dz
0
(as
2
+bt
2
),
where s and t are coprime integers and d is any rational number.
Proof. We apply Proposition 4.8 to the particular solution (x
0
, y
0
, z
0
) and
choose
M =
_
_
1 0 x
0
0 1 y
0
0 0 z
0
_
_
.
Then R = sM
1
+ tM
2
=
_
s t 0
_
t
. Now we just have to compute
(R
t
QR)X
0
2(R
t
QX
0
)R. This is
(as
2
+bt
2
)
_
_
x
0
y
0
z
0
_
_
2(asx
0
bty
0
)
_
_
s
t
0
_
_
,
which gives the required formulas.
11
Corollary 4.10. Let p N be an odd prime. The general solution of the
Diophantine equation x
2
+py
2
= z
2
with x and y coprime is either
1. x = (s
2
pt
2
), y = 2st, z = (s
2
+ pt
2
), where s and t are coprime
integers of opposite parity such that p s; or
2.
x = ((p 1)(s
2
+t
2
)/2 + (p + 1)st)
y = s
2
t
2
,
z = ((p + 1)(s
2
+t
2
)/2 + (p 1)st),
where s and t are coprime integers of opposite parity such that p (st).
In the above, the signs are independent.
Proof. Using Corollary 4.9 with the particular solution (1, 0, 1) gives
x = d(s
2
pt
2
),
y = d(2st),
z = d(s
2
+pt
2
),
where s and t are coprime integers and d Q.
First assume that p s. Since we want solutions in integers, the denomi-
nator of d (written in lowest terms) divides s
2
pt
2
and s
2
+ pt
2
so divides
2s
2
so divides 2. Since x and y are coprime, the numerator of d is 1. If the
denominator of d is 1 then s, t must have opposite parity and we get the rst
Parameterization. Otherwise s and t have same parity so are both odd. Set
s
1
= (s +t)/2 and t
1
= (t s)/2, which are coprime of opposite parity such
that p (s
1
t
1
). Then
x = d((p 1)(s
2
1
+t
2
1
) + 2(p + 1)s
1
t
1
),
y = 2d(s
2
1
t
2
1
),
z = d((p + 1)(s
2
1
+t
2
1
) + 2(p 1)s
1
t
1
).
We must have d = 1/2, giving the second parametrization.
If p [ s then p s so by exchanging s/p and t and changing d into d/p we
reduce to the preceding case, up to the sign of x, which plays no role.
Exercises 4.11. 1. Do the i times a square case in the proof of Proposi-
tion 4.1. (Hint: note that x and y can be swapped).
2. Using the fact the any unit of Z[
2] is (1 +
2)
k
for some k Z,
prove Proposition 4.3.
12
3. Using the fact the any unit of Z[
2] is (1 +
2)
k
for some k Z,
nd the general solution of the Diophantine equation x
2
2y
2
= z
2
.
4. Let p N be prime. Find the general solution of the Diophantine
equation x
2
py
2
= z
2
with x and y coprime.
5. Suppose x
2
+y
2
= z
2
in integers with xyz ,= 0. Prove that
(a) x or y is divisible by 4;
(b) x or y is divisible by 3;
(c) x, y or z is divisible by 5.
(Hint: it helps to use congruences). If x is odd, are there innitely
many solutions with x prime?
6. Find the general solution to the Diophantine equation
x
4
+ 10x
2
y
2
+ 25y
4
= z
4
,
where x and y are coprime with x even.
7. Assuming that Corollary 4.9 is true for Q(i), nd the general solution
to x
2
+y
2
+z
2
= 0 with x, y, z Z[i] and x, y coprime.
8. Using the particular solution (1, 0, 1) nd the general solution to the
Diophantine equation x
2
+Ny
2
= z
2
in the cases
(a) N is odd;
(b) N 2 mod 4;
(c) 4 [ N with ord
2
(N) even;
(d) 4 [ N with ord
2
(N) odd.
9. Consider the parametrization given in Corollary 4.9. Which values of
s, t, d give the solutions (x
0
, y
0
, z
0
) and (x
0
, y
0
, z
0
)? Find the values
for s, t, d which correspond to the point (x
0
, y
0
, z
0
) itself.
5 Some Properties of Curves
Recall that in Denition 4.4 we dened projective 3-space
P
2
(
Q) = [x
1
, x
2
, x
3
] : (x
1
, x
2
, x
3
) is non-zero .
13
For a eld k we denote by k[X, Y, Z] the ring of polynomials in three variables
with coecients k. Given a non-zero polynomial F Q[X, Y, Z], denote by
(F) the set FG : G Q[X, Y, Z] of all its multiples. Given a homoge-
neous (Denition 4.5) polynomial F Q[X, Y, Z] which is irreducible over
Q[X, Y, Z], the set

V
(F)
= P P
2
(
Q) : g(P) = 0 for all homogeneous g (F)

forms a curve. We say the curve is dened over Q since F is. The set of
rational points of V
(F)
is the set
V
(F)
(Q) = V
(F)
P
2
(Q).
We now look at a very important polynomial which, as we will see, denes
an elliptic curve.
Proposition 5.1. The polynomial
F = Y
2
Z +a
1
XY Z +a
3
Y Z
2
X
3
a
2
X
2
Z a
4
XZ
2
a
6
Z
3
Q[X, Y, Z]
is irreducible over

Q[X, Y, Z].
Proof. Let P(X, Z) = X
3
+ a
2
X
2
Z + a
4
XZ
2
+ a
6
Z
3
Since F is homoge-
neous of degree 3 it would have to factor into a degree 1 multiplied by a
degree 2 polynomial. So assume that there exists a homogeneous quadratic
polynomial Q(X, Y, Z)

Q[X, Y, Z] such that
Y
2
Z +a
1
XY Z +a
3
Y Z
2
P(x, z) = (AX +BY +CZ)Q(X, Y, Z),
where [A, B, C] P
2
(
Q). Looking at the coecient of X

3
we see that A ,= 0.
We will get a contradiction by showing that not every point on the line
AX + BY + CZ = 0 can lie on F = 0. Dividing the line by A, we may
assume that A = 1 and replace X by BY +CZ. So
Y
2
Z +a
1
(BY +CZ)Y Z +a
3
Y Z
2
P(BY +CZ, Z) = 0
Looking now at the coecient of Y
3
we see that B = 0. So there remains
Y
2
Z + (a
1
C +a
3
)Y Z
2
P(Cz, z) = 0, which gives a contradiction since the
coecient of Y
2
Z is equal to 1.
Example 5.2. Let F be as in Proposition 5.1 or F = X
n
+Y
n
Z
n
(n N,
n 1). Then F is homogeneous and irreducible over

Q[X, Y, Z]. The set
P P
2
: F(P) = 0 forms a curve (dened over Q). The rational points on
the curve are given by P P
2
(Q) : F(P) = 0.
14
Denition 5.3. Let C be a curve given by F(X, Y, Z) = 0. If
F
X
(P) =
F
Y
(P) =
F
Z
(P) = 0
then the point P C is singular. Otherwise, P is non-singular. If C con-
tains a singular point then V is singular. Otherwise, C is non-singular (or
smooth).
For any given curve there exists a very important integer, depending on
the degree of generating polynomial F, called the genus of the curve.
Denition 5.4. Let C be a curve given by F(X, Y, Z) = 0 for some homo-
geneous irreducible polynomial F

Q[X, Y, Z]. If C is non-singular then the
genus of C equals
(deg F 1)(deg F 2)
2
.
The rst curve in Example 5.2 (X
n
+Y
n
= Z
n
) has genus (n1)(n2)/2.
The curves we have been dealing with in previous sections have genus 0. We
have seen that they either have no rational points or innitely many and can
be parameterized using a particular solution. But what happens when the
degree (and so the genus) increases?
Denition 5.5. An elliptic curve dened over Q is smooth curve of genus
1 dened over Q which has a rational point O P
2
(Q).
Theorem 5.6 (Mordell, 1922). The set of rational points on an elliptic curve
dened over Q forms a nitely generated abelian group.
Note, in particular, an elliptic curve can have nitely many or innitely
many rational points.
Theorem 5.7 (Siegel, 1929). There are nitely many points [x, y, 1] on an
elliptic curve dened over Q with x, y Z.
Theorem 5.8 (Faltings, 1987). A curve dened over Q of genus greater
than 1 has only nitely many rational points.
These are very powerful theorems but are not always eective (there is
not always a way of nding the generators, the integral points or the rational
points). We will not prove these (very hard) theorems in general but we
will look instead at curves where they are eective. Note that by Faltings
theorem, for each xed n > 2 the curve given by X
n
+Y
n
= Z
n
has nitely
many rational points. However, it was not until 1996 that Wiles completed
15
the proof that for any n > 2 the curve has no rational points with XY Z ,= 0
(Fermats last theorem). So being able to nd rational points (or being able
to show that there are none) is very important and, for higher genus curves,
can be very dicult!
Proposition 5.9. Let E be a curve given by F = 0, where F is
Y
2
Z +a
1
XY Z +a
3
Y Z
2
X
3
a
2
X
2
Z a
4
XZ
2
a
6
Z
3
Q[X, Y, Z]
1. Then E is an elliptic curve if and only if
E
,= 0, where
E
can be
determined explicitly and depends only on the coecients of F.
2. Let C be any elliptic curve dened over Q given by G(U, V, W) = 0
and having rational point O. Write x = X/Z, y = Y/Z and u = U/Z,
v = V/Z. There exists an elliptic curve E as above so that x, y are
rational functions of u, v (so they are of the form A[u, v]/B[u, v], where
A[u, v], B[u, v] Q[u, v] with B[u, v] ,= 0). Moreover, we can nd such
functions which give a bijection form C(Q) to E(Q) and which map O
to [0, 1, 0].
Remark 5.10. In Proposition 5.9, the equation F = 0 which C maps to is
called a Weierstrass equation for C and x, y are called Weierstrass coordi-
nate functions for C. Any two pairs (x, y), (x
, y
) of Weierstrass coordinate
functions for C are related by a linear change of variables
x = u
2
x
+r
y = u
3
y
+su
2
x
+t
with u, r, s, t Q, u ,= 0.
The proof of number 1 in the Proposition 5.9 is Exercise 5.15.1 and we
shall now do number 2 (a remarkable converse) explicitly in some cases.
Example 5.11. Consider the general Fermat cubic equation U
3
+ V
3
=
cW
3
with c ,= 0. This gives a genus 1 curve C and has a rational point
O = [1, 1, 0]; so denes an elliptic curve. Let E : Y
2
Z = X
3
432c
2
Z
6
.
Write x = X/Z, y = Y/Z and u = U/W, v = V/W. Then
x =
12c
u +v
, y =
36c(v u)
u +v
, u =
36c y
6x
, v =
y + 36c
6x
denes a bijection between C(Q) and E(Q) mapping O to [0, 1, 0].
16
It is quite easy to check that the expressions for x, y, u, v in Example 5.11
do lie on the corresponding curves but we will look now at how the formulas
are obtained. Let G(U, V, W) = U
3
+V
3
cW
3
. The equation of the tangent
L
0
at P
0
is
G
U
(P
0
)U +
G
V
(P
0
)V +
G
W
(P
0
)W = 0.
For the example, L
0
: U +V = 0. We make a transformation which takes L
0
to innity and P
0
to [0, 1, 0]. For example, [X, Y, Z] = [W, V, U + V ]. Then
[U, V, W] = [Y +Z, Y, X] and substituting in G = 0 gives
3Y
2
Z 3Y Z
2
= cX
3
Z
3
.
Multiplying by 1728c
2
and setting Y
1
= 72cY , X
1
= 12cX,
Y
2
1
Z 72cY
1
Z
2
= X
3
1
1728c
2
Z
3
which can by transformed into the simple Weierstrass form in the example
(see the rst exercise for this section). In this case the transformation is
Y
2
= Y
1
36cZ, obtaining nally Y
2
2
Z = X
3
1
432c
2
Z
3
.
In Exercise 1 for this section you will see that a general Weierstrass equa-
tion can be transformed into the form Y
2
Z
deg f2
= f(X, Z), where f(X, Z)
is a cubic homogeneous polynomial. Moreover, the Weierstrass equation de-
nes an elliptic curve if and only if f(X, Y ) has distinct roots. However,
when we increase the degree we can allow f to have repeated roots and still
get an elliptic curve. In fact, if deg f > 3 then the curve always has a singu-
lar point [0, 1, 0]. We can not use Denition 5.4 to nd its genus but there
is a denition of genus for all curves and, in general, singularities lower the
genus.
Denition 5.12. Consider the curve C : Y
2
Z
deg f2
= f(X, Z), where
f(X, Z) is homogeneous. Suppose that f(X, Z) has m distinct roots. The
genus g of the curve C is given by
g =
_
1
2
(m1) if m is odd
1
2
(m2) otherwise.
So if f has distinct roots and deg f = 4 then C : Y
2
Z
deg f2
= f(X, Z)
has genus 1. The rational point [0, 1, 0] is singular but, remarkably, as long
as the leading coecient of f is a square then there is also a transformation
into Weierstrass form.
Proposition 5.13. Let f(X, Z) = a
2
X
4
+ bX
3
Z + cX
2
Z
2
+ dXZ
3
+ eZ
4
have distinct roots with a ,= 0. Consider the curve C : Y
2
Z
2
= f(X, Z). Set
(a
1
, a
2
, a
3
, a
4
, a
6
) =
_
b
a
,
b
2
4a
2
c
4a
2
, 2ad, 4a
2
e, (b
2
4a
2
c)e
_
17
and let E be an elliptic curve given by a Weierstrass equation with these
coecients. Put u = X/Z and v = Y/Z. Then
x = 2a(au
2
v) +bu, y = u
_
4a
3
u
2
+ 2abu 4a
2
v
b
2
4a
2
c
2a
_
are Weierstrass coordinate functions, mapping to E, with inverses
u =
y
2a(x +c) b
2
/(2a)
, v = au
2
+
b
2a
u
x
2a
.
Example 5.14. Consider the Diophantine equation X
2
+ Y
4
= 2Z
4
. This
is not homogeneous so does not dene a curve. However, using Proposition
5.13 we can convert to a Weierstrass equation as follows. Put y = X/Z
2
and
x = Y/Z then y
2
= x
4
+2, which has point (1, 1). We set x = x
1
+1 so that
y
2
= x
4
1
4x
3
1
6x
2
1
4x
1
+ 1 with the point (0, 1). Setting y
1
= y/x
2
1
and
x
2
= 1/x
1
we obtain y
2
1
= x
4
2
4x
3
2
6x
2
2
4x
2
1. The leading term in x
4
2
is a square so we can use Proposition 5.13 to obtain a Weierstrass equation.
So if we can describe all of the rational points on the elliptic curve given by
this Weierstrass equation then we will be able to describe the solutions to
the original Diophantine equation.
In Denition 5.12, if f has distinct roots and deg f > 4 then g > 1 and
C is called a hyperelliptic curve.
Exercises 5.15. 1. Consider the curve E given by F(X, Y, Z) = 0, where
F = Y
2
Z+a
1
XY Z+a
3
Y Z
2
X
3
a
2
X
2
Za
4
XZ
2
a
6
Z
3
Q[X, Y, Z].
(a) Prove that F is homogeneous of degree 3.
(b) Prove that the point [0, 1, 0] is non-singular.
(c) Calculate F/Y .
(d) Let x = X/Z. By completing the square, nd an expression for y
and b
2
, b4, b
6
Q so that y
2
= 4x
3
+b
2
x
2
+ 2b
4
x +b
6
.
(e) Prove that E is singular if and only if 4x
3
+ b
2
x
2
+ 2b
4
x + b
6
has
a repeated root (Hint: Factorize over

Q and dierentiate).
(f) Why can E have at most one singularity?
(g) Make the substitution x = x
1
(b
2
/12) to get rid of the x
2
term
in the cubic.
(h) Using that the discriminant of a cubic x
3
+px +q is 4p
3
27q
2
,
calculate a quantity
E
(called the discriminant of E) such that
E is an elliptic curve if and only if
E
,= 0. Note that
E
depends
only on the coecients of F.
18
(i) When F = Y
2
Z +XY Z +Y Z
2
X
3
+X
2
Z 4XZ
2
6Z
3
is E
an elliptic curve?
2. Let n 1 be an integer and C be the curve dened over Q given by
aX
2n
+bY
2n
cZ
2n
= 0, where abc ,= 0.
(a) Prove that C is non-singlar.
(b) For which values of n is C(Q) nite?
3. Prove that F = X
3
+Y
3
Z
3
is irreducible over

Q[X, Y, Z].
4. Let a, b, c be non-zero rational numbers, and assume that there exists a
rational point [U
0
, V
0
, W
0
] on the curve C : aU
3
+bV
3
+cW
3
= 0 Find
Weierstrass coordinate functions x, y for C so that y
2
= x
3
432(abc)
2
.
5. Consider the curve C : Y
2
Z
deg f2
= f(X, Z), where f(X, Z) is homo-
geneous and deg f > 3. Prove that the point [0, 1, 0] is singular.
6 Properties of the Weierstrass Equation
In the last section it was shown how Diophantine equations of degree 3 and
4 can be converted into Weierstrass equations. In particular, there always
is an explicit bijection between the rational points on an elliptic curve and
the rational solutions to a Weierstrass equation (Proposition 5.9). It was
also mentioned that rational points from group, but it is not at all obvious
why. So in this section we shall study the rational points on a Weierstrass
equation and describe the group law.
Let (E, O) be an elliptic curve dened over Q with Weierstrass coordinate
functions x, y. Then for all P E(Q) with P ,= O we have
y(P)
2
+a
1
x(P)y(P) +a
3
y(P) = x(P)
3
+a
2
x(P)
2
+a
4
x(P) +a
6
, (2)
where a
1
, , a
6
Q and
E
,= 0 (see Proposition 5.9).
Denition 6.1. For non-zero a Q let ord
p
(a) denote the exponent of the
prime p in the factorization of a. (E.g. ord
2
(20) = 2, ord
3
(4/3) = 1 etc.)
It is usual to set ord
p
(0) = .
Lemma 6.2. Let P E(Q) with P ,= 0 and x(P)y(P) ,= 0. Suppose that
the coecients of the Weierstrass equation for E satisfy ord
p
(a
i
) 0. If
ord
p
(x(P)) < 0 or ord
p
(y(P)) < 0 then 3 ord
p
(x(P)) = 2 ord
p
(y(P)).
19
Proof. Note that for all non-zero a, b Q, ord
p
(a+b) minord
p
(a), ord
p
(b)
(Exercise 6.13.1). If ord
p
(x(P)) < 0 and 2 ord
p
(y(P)) > 3 ord
p
(x(P)),
then the valuation of every term in (2) is greater than 3 ord
p
(x(P)). But
ord
p
(x(P)
3
) = 3 ord
p
(x(P)) (contradiction). So if ord
p
(x(P)) < 0 then
2 ord
p
(y(P)) 3 ord
p
(x(P)) (and so ord
p
(y(P)) < 0). Similarly if ord
p
(y(P)) <
0 then 3 ord
p
(x(P)) 2 ord
p
(y(P)) (and so ord
p
(x(P)) < 0). Thus, in either
case we must have equality.
Corollary 6.3. Suppose that the Weierstrass equation for E has integer
coecients then for any P E(Q) with P ,= O and x(P)y(P) ,= 0,
(x(P), y(P)) =
_
A
P
B
2
P
,
C
P
B
3
P
_
where A
P
, B
P
, C
P
are integers with gcd(A
P
C
P
, B
P
) = 1.
Proof. By Lemma 6.2, ord
p
(x(P)) < 0 if and only if ord
p
(y(P)) < 0. More-
over if p is a prime occurring in the denominator then 3 ord
p
(x(P)) = 2 ord
p
(y(P));
so 2 divides ord
p
(x(P)) and 3 divides ord
p
(y(P)).
By making a transformation x
= u
2
x, y
= u
3
y we can always nd a
Weierstrass equation for E with integral coecients; since then
y
2
+ua
1
x
+u
3
a
3
y
= x
3
+u
2
a
2
x
2
+u
4
a
4
x
+u
6
a
6
and we can choose u Z to be divisible by the primes in the denominators
of the a
i
. However, x
(P) may be integral when x(P) is not so it becomes

harder to nd the integral points.
Denition 6.4. Let S be a xed nite set of primes. The set
Z
S
:= a Q : ord
p
(a) 0 for all primes p / S
is the ring of S-integers.
Example 6.5. Let S = 3, 7. Then 3
n
7
m
b : n, m, b Z is the ring of
S-integers.
Theorem 6.6 (Siegel-Mahler, 1934). Let S be a xed nite set of primes.
There are nitely many P E(Q) with x(P) Z
S
.
Note that when S is the empty set this is just Siegels theorem.
Theorem 6.7 (Siegel, 1929). Let C be a given constant. There are nitely
many P E(Q) with A
P
C or B
P
C.
20
Note that taking C = 1 gives that there nitely many integral points.
Except [0, 1, 0], all the rational points on the Weierstrass equation for E
correspond to rational points on a 2-dimensional graph in R
2
given by
(2y +a
1
x +a
3
)
2
= f(x), (3)
where f(x) Q[x] is a cubic polynomial with distinct roots (see Exercise
5.15.1). Hence the graph is symmetric around the line 2y + a
1
x + a
3
= 0.
If
E
> 0 then all three roots e
1
< e
2
< e
3
are real and the graph has
two connected components: A compact component e
1
x e
2
called the
egg because of its shape and a non-compact component x e
3
. If
E
< 0
then there is a single real root, say e
3
, and the graph has a single connected
component x e
3
.
Denition 6.8 (The Group Law). The point [0, 1, 0] on the Weierstrass
equation for E is the identity. In order to add two points P
1
= [x
1
, y
1
, 1] and
P
2
= [x
2
, y
2
, 1] we rst form the line in 2-dimensional space through (x
1
, y
1
)
and (x
2
, y
2
) or the tangent line at (x
1
, y
1
) when P
1
= P
2
. Then consider the
third point of intersection denoted by P
1
P
2
= (x
3
, y
3
) and dene P
1
+ P
2
to
be [x
3
, (y
3
+a
1
x
3
+a
3
), 1].
Proposition 6.9. The addition law described in Denition 6.8 along with
the set of rational points on the Weierstrass equation for E forms a group.
Proof. The inverse of a point P
1
= [x
1
, y
1
, 1] is P
1
= [x
1
, (y
1
+a
1
x
1
+a
3
), 1].
We shall prove closure (P
1
+P
2
is a rational point whenever P
1
, P
2
are). For
associativity do Exercise 6.13.3 and Exercise 6.13.8.
Case 1. Assume that x
1
,= x
2
. Then P
1
,= P
2
and the line through (x
1
, y
1
)
and (x
2
, y
2
) has equation y = x +, where = (y
1
y
2
)/(x
1
x
2
).
Case 2. Assume that x
1
= x
2
and P
1
,= P
2
. Then the line through (x
1
, y
1
)
and (x
2
, y
2
) is the vertical line x = x
1
and P
2
= P
1
so P
1
+P
2
= [0, 1, 0].
Case 3. Finally, if P
1
= P
2
then the tangent line to (x
1
, y
1
) has the
equation y = x +, where
=
f
(x
1
) a
1
y
1
2y
1
+a
1
x
1
+a
3
since dierentiating (3) implicitly gives (2y +a
1
x +a
3
)y
= f
(x) a
1
y.
To nd the third point of intersection (x
3
, y
3
) substitute y = x + into
the Weierstrass equation. Then
(x +)
2
+a
1
x(x +) +a
3
(x +) = x
3
+a
2
x
2
+a
4
x +a
6
21
so
x
3
+ (a
2
2
a
1
)x
2
+ (a
4
2 a
1
a
3
)x + (a
6
2
a
3
) = 0.
The three roots of this cubic equation are x
1
, x
2
and x
3
so the coecient of
x
2
must equal (x
1
+x
2
+x
3
). Thus
x
3
=
_

2
+a
1
a
2
x
1
x
2
Case 1
2
+a
1
a
2
2x
1
Case 3
and y
3
is given by y
3
= x
3
+. Hence for P
1
,= P
2
,
P
1
+P
2
= [x
3
, y
3
a
1
x
3
a
3
, 1]
lies on the Weierstrass equation and has rational coordinates.
In the proof of Proposition 6.9 we found the formulas for addition, which
we can use to add any points on an elliptic curve (not just rational ones).
However, it is important to note that the coordinates of the sum of two points
always lie in the same eld as the coordinates of the points (closure).
Theorem 6.10 (Addition Formulas). Suppose that P
1
, P
2
E are not equal
to O. Put (x(P
1
), y(P
1
)) = (x
1
, y
1
) and (x(P
2
), y(P
2
)) = (x
2
, y
2
). The addi-
tion formula for P
1
,= P
2
is
x(P
1
+P
2
) =
_
y
2
y
1
x
2
x
1
_
2
+a
1
_
y
2
y
1
x
2
x
1
_
a
2
x
1
x
2
.
The duplication formula for P
1
,= P
1
is
x(2P
1
) =
x
4
1
b
4
x
2
1
2b
6
x
1
b
8
4x
3
1
+b
2
x
2
1
+ 2b
4
x
1
+b
6
;
where b
2
= a
2
1
+ 4a
2
, b
4
= 2a
4
+a
1
a
3
, b
6
= a
2
3
+ 4a
6
and b
8
= a
2
1
a
6
+ 4a
2
a
6
a
1
a
3
a
4
+a
2
a
2
3
a
2
4
.
Note that the roots e
i
of the polynomial f(x) = 4x
3
+ b
2
x
2
+ 2b
4
x + b
6
in (3) give the coordinates of the points P ,= O with 2P = O (the points of
order 2). For m N we write mP for P + +P (m times).
Denition 6.11. The set E[m] = P E : mP = O is the set of m-torsion
points. If P E[m] for some m then P is a torsion point. Otherwise P is
a non-torsion point.
22
Letting e be a root of f(x) and making the transformation x
e
= x e,
v = y +
a
1
2
x +
a
3
2
we get the Weierstrass equation
E
e
: v
2
= x
3
e
+A
e
x
2
e
+B
e
x
e
,
where A
e
= 3e +
b
2
4
and B
e
= 3t
2
+
b
2
2
t +
b4
2
. Let k = Q(e) and let k
be the
non-zero elements of this eld. Also let k
/k
2
be the (multiplicative) group
of cosets. That is,
k
/k
2
= ak
2
: a k
,
where ak
2
is the set ab
2
: b k
.
Theorem 6.12. Dene a map : E
e
(k) k
/k
2
by
(P) = x
e
k
2
, if x
e
(P) ,= 0,
([0, 0, 1]) = B
e
k
2
,
([0, 1, 0]) = k
2
.
Then is a group homomorphism.
Proof. Let P
1
, P
2
, P
3
E
e
(k) be such that P
1
+P
2
= P
3
. We need to show
that (P
1
+P
2
) = (P
1
)(P
2
). This is equivalent to (P
3
) = (P
1
)(P
2
). If
any of the points are zero then the result follows easily from the denition of
(note that inverses have the same x-coordinate). Otherwise, they lie on a
line v = qx
e
+r where q, r k. Substituting in the equation for E
e
, we have
x
e
(x
2
e
+A
e
x
e
+B
e
) (qx
e
+r)
2
= (x
e
x
e
(P
1
))(x
e
x
e
(P
2
))(x
e
x
e
(P
3
))
Comparing coecients gives
x
e
(P
1
)x
e
(P
2
)x
e
(P
3
) = r
2
and
x
e
(P
1
)x
e
(P
2
) = B
e
2rq x
e
(P
3
)(x
e
(P
1
) +x
e
(P
2
)).
Hence if x
e
(P
1
)x
e
(P
2
)x
e
(P
3
) ,= 0, then from the rst equation (P
3
) =
(P
1
)(P
2
). If x
e
(P
3
) = 0, then r = 0 and from the second equation
(P
1
)(P
2
) = B
e
(k
)
2
. The case x
e
(P
1
)x
e
(P
2
) = 0 is similar.
Exercises 6.13. 1. Prove that for all non-zero a, b Q, ord
p
(ab) =
ord
p
(a) + ord
p
(b) and ord
p
(a +b) minord
p
(a), ord
p
(b).
2. Let D Z be non-zero. Consider the equation u
3
+ v
3
= D with
u, v Q. Write u = U/W, where U, W are coprime integers.
23
(a) Prove that v = V/W, where V, W are coprime integers.
(b) Using results from the lecture notes, show that there are nitely
many solutions with W prime. You should make it clear which
results you use.
3. Draw the graph of a Weierstrass equation and mark three points P, Q
and R. Now show, using Denition 6.8, that (P +Q)+R = P +(Q+R).
4. Let (E, O) be an elliptic curve with rational Weierstrass coordinate
functions x, y satisfying y
2
+y = x
3
7x+6. Given that (x(P
1
), y(P
1
)) =
(1, 0) and (x(P
2
), y(P
2
)) = (2, 0) nd P
1
+P
2
.
5. Let (E, O) be an elliptic curve with rational Weierstrass coordinate
functions x, y satisfying y
2
= x
3
2. Given that x(P) = 3 nd 2P.
6. Let (E, O) be an elliptic curve dened over Q.
(a) Prove that the set of rational m-torsion points forms a group.
(b) Prove that set of rational torsion points forms a group.
7. Let (E, O) be an elliptic curve dened over Q with
E
> 0. Sup-
pose that P E(Q) is non-torsion point having Weierstrass coordinate
x(P) lying on the egg. Prove that x(nP) is on the egg for all odd n.
(Hint: use Theorem 6.12 and you may assume that the transformation
(x, y) (x
e
, v) gives a homomorphism E E
e
.)
8. Using the addition formula, verify the associative law
P + (Q+R) = (P +Q) +R
on a Weierstrass equation in the case where Q ,= R, P ,= Q, P ,= Q+R
and P +Q ,= R. Now be impressed that it is true.
7 The Torsion Subgroup
Recall the denition of a torsion point (Denition 6.11). Note that if an
elliptic curve dened over Q has a rational non-torsion point then there are
innitely many rational points. In this section we will see that there are
nitely many rational torsion points and give a way to nd them.
Denition 7.1. Let (E, O) be an elliptic curve dened over Q. If P E(Q)
is a torsion point then the minimum positive integer m for which mP = O
is called the order of P. Otherwise, P has innite order.
24
Theorem 7.2 (Nagell, Lutz). Let (E, O) be an elliptic curve dened over Q
and
y
2
= x
3
+ax
2
+bx +c = f(x)
a Weierstrass equation for E with a, b, c Z. (Recall that we can always
nd such an equation.) If T ,= O is a rational torsion point then either
y(T) = 0 (so T has order 2), or
x(T), y(T) Z and y(T)
2
divides D = (4a
3
ca
2
b
2
18abc+4b
3
+27c
2
)
(the discriminant of f).
Before we begin the proof of the Nagell-Lutz theorem lets look at what
it gives us.
Corollary 7.3. Let (E, O) be an elliptic dened over Q. Then P E(Q) is
a non-torsion point if and only if there exists m such that x(mP) / Z, where
x is as in Theorem 7.2.
Proof. If x(mP) is non-integral then y(mP) is non-integral (see Lemma 6.2)
so by the Nagell-Lutz theorem P cannot be a torsion point. Conversely,
suppose that P is a non-torsion point. Then all of the (innitely many)
points in mP : m 1 are distinct. By Siegels theorem (Theorem 6.7),
there are only nitely many integral points so x(mP) / Z for some m.
Note that a point satisfying the hypothesis of the NagellLutz theorem is
not necessarily a torsion point. For example, the point P with x(P) = 1
and y(P) = 1 on y
2
= x
3
2x satises the conditions but is non-torsion since
x(2P) = 9/4 in not an integer.
Corollary 7.4. Let (E, O) be as in Theorem 7.2 but suppose that the polyno-
mial f(x) has a root e Z. Set x
e
= xe, A
e
= 3e+a and B
e
= 3e
2
+2ae+b.
If T ,= O is a rational torsion point then either
y(T) = 0 (so T has order 2), or
x(T) Z, x
e
(T) divides B
e
and x
e
(T) +A
e
+ (B
e
/x
e
(T)) is a square.
Proof. The statement concerning points of order 2 is clear, so assume that
T is not of order 2. We have y
2
= x
3
e
+ A
e
x
2
e
+ B
e
x
e
. Using the duplication
formula,
x
e
(2T) =
(B
e
x
e
(T)
2
)
2
4x
e
(T)(x
e
(T)
2
+A
e
x
e
(T) +B
e
)
.
25
By the Nagell-Lutz theorem this must be an integer. Let d = gcd(B
e
, x
e
(T)),
B
1
= B
e
/d, x
1
= x
e
(T)/d. Then gcd(B
1
, x
1
) = 1 and
x
e
(2T) =
(B
1
dx
2
1
)
2
4x
1
(dx
2
1
+A
e
x
1
+B
1
)
Z.
In particular, x
1
[ B
2
1
and since x
1
and b
1
are coprime we have x
e
(T) = d
so x
e
(T) [ B
e
. Thus
_
y(T)
x
e
(T)
_
2
= x
e
(T) +A
e
+
B
e
x
e
(T)
Z.
Let (E, O) be as in Theorem 7.2 and let l be a prime number such that
l
E
= 16D (where D is the discriminant of f). We can reduce the
Weierstrass equation for E modulo l and get an elliptic curve

E dened over
F
l
(note that
E
,= 0 modulo l) and a group of points

E(F
l
), where F
l
is the
nite eld of integers modulo l.
Corollary 7.5. The rational torsion group E
tor
(Q) is isomorphic to a sub-
group of

E(F
l
), and in particular the order of it divides [
E(F
l
)[.
Proof. The map reduction modulo l fromE
tor
(Q) to

E(F
l
) (given by [X, Y, Z]
[

X,

Y ,

Z]) is a homomorphism. By the Nagell-lutz theorem all the points in
E
tor
(Q) dierent from the identity O have integral coordinates; so the kernel
of the map is O and thus it is injective.
So for instance if we nd two suitable values of l for which the cardinalities
[
E(F
l
)[ are coprime, we immediately know that E
tors
(Q) contains only the
identity. To give an application of this we will rst need some results from
basic number theory.
Lemma 7.6. The Legendre symbol
_
a
p
_
is dened for any integer a and
positive odd prime p by
_
a
p
_
=
_
_
_
0 if p [ a
1 if p a and there exists x Z with x
2
a mod p
1 otherwise.
This is multiplicative, that is
_
ab
p
_
=
_
a
p
__
b
p
_
.
Lemma 7.7. When l varies among all primes congruent to 3 modulo 4 and
not diving d Z, the gcd of l + 1 is equal to 4
26
Proof. Assume the contrary, and let p be a common prime divisor of all
such (l + 1)/4. Assume rst that p ,= 3. By Dirichlets theorem on primes
in arithmetic progression, since gcd(4p, 3) = 1 we can nd innitely many
primes l such that l = 4kp + 3, and in particular one such that l d. But
then (l + 1)/4 = kp + 1 must be divisible by p, which is impossible. If
p = 3 we consider instead the arithmetic progression 4kp 5 to obtain a
contradiction.
Corollary 7.8. Let d be a nonzero integer and (E, O) an elliptic curve de-
ned over Q.
1. If E has a Weierstrass equation y
2
= x
3
dx then
(a) E
tors
(Q

= Z/2Z Z/2Z if and only if d has the form d = m
2
;
(b) E
tors
(Q)

= Z/4Z if and only if d has the form d = 4m
4
;
(c) E
tors
(Q)

= Z/2Z otherwise.
2. If E has a Weierstrass equation y
2
= x
3
+d then
(a) E
tors
(Q)

= Z/2Z if and only if d is a cube and not a sixth power;
(b) E
tors
(Q)

= Z/3Z if and only if d is of the form 432m
6
or a
square and not a sixth power;
(c) E
tors
(Q)

= Z/6Z if and only if d is a sixth power;
(d) E
tors
(Q) = O otherwise.
Proof. 1. We note that
E
= 64d
3
. Let l 3 mod 4 be a prime not
diving d. Using Lemma 7.6 we have
_
(x)
3
d(x)
l
_
=
_
(x
3
dx)
p
_
=
_
1
l
__
x
3
dx
p
_
.
Since
_
1
l
_
= 1, it follows that for each x F
l
either x
3
dx = 0 or exactly
one of x
3
dx, (x
3
dx) is a quadratic residue modulo l. If k denotes the
number of roots of x
3
dx = 0 in F
l
, it follows that, counting the identity,
we have [
E(F
l
)[ = 1 +k +l k = l + 1. Lemma 7.7 says that when l varies
among all primes congruent to 3 modulo 4 and not dividing d, the gcd of
l + 1 is equal to 4.
It thus follows from Corollary 7.5 that [E
tors
(Q)[ [ 4. Since [0, 0, 1] is
evidently a rational point of order 2, we have E
tors
(Q)

= Z/2Z, Z/2ZZ/2Z,
or Z/4Z. Since points order 2 are of the form (x, 0), it follows that E
tors

=
Z/2ZZ/2Z i x
2
d = 0 has two rational roots, hence i d is a square. Also
27
P is a point of order 4 i 2P has zero y-coordinate. Using the duplication
formula shows that this happens i x(P)
2
+d = 0 or x(P)
4
6dx(P)
2
+d
2
= 0.
This last case is impossible since it implies that the quadratic X
2
6X+1 = 0
has a rational root x(P)
2
/d. Thus d = x(P)
2
, x(P), y(P) Z and y(P)
2
=
x(P)
3
dx(P) = 2x(P)
3
; therefore 2x(P) is a square so x(P) = 2m
2
for
some m and d = 4m
4
as claimed.
2. The discriminant of E is equal to 432d
2
, and we choose primes
l 5 mod 6 not dividing d. The map x x
3
from F
l
F
l
is a bijection
(Exercise 7.10.4) so for each y F
l
there exists exactly one x F
l
with
y
2
d = x
3
. Thus [
E(F
l
)[ = l +1. Similarly to Lemma 7.7, [E
tor
(Q)[ divides
6. So any point in E
tor
(Q) order has their order dividing 6 and there can be
at most one rational point of any given nite order. There exists a rational
point of order 2 if and only if d is a cube. A point P has order 3 if and only if
2P = P. Using the duplication formula, this occurs i x(P)(x(P)
3
+4d) =
0. Hence, either x(P) = 0 so d is a square; or x(P)
3
= 4d so we can write
x(P) = 2x
1
giving d = 2x
3
1
and y
2
= x
3
+ d = 6x
3
1
. So 6x
1
is a square and
writing x
1
= 6m
2
gives d = 432m
6
. Finally, E
tors
(Q) has a point of order
6 i it has a point of order 2 and a point of order 3.
Corollary 7.9. Let a, b, c be non-zero rational numbers, and assume that
there exists a rational point [U
0
, V
0
, W
0
] on the curve C : aU
3
+bV
3
+cW
3
= 0.
If C(Q) is nite then one of b/a, c/a, c/b is the cube of a rational number.
Proof Sketch, for full details see 8.1.15 in [1]. Note that C is an elliptic curve
and it has a Weierstrass equation y
2
= x
3
432(abc)
2
. This transformation
is an isomorphism so if [C(Q)[ = k then C
tors
= k.
Case 1: abc is neither a cube or twice a cube. By Corollary 7.8 (2), k = 1.
By computing the intersection of the tangent to the cubic at [U
0
, V
0
, W
0
] with
the cubic we get a point
[U
0
(bV
3
0
cW
3
0
), V
0
(cW
3
0
aU
2
0
, W
0
(aU
3
0
bV
3
0
)],
which, since k = 1, must equal [U
0
, V
0
, W
0
]. This leads to the claim
Case 2: abc is a cube or twice a cube. This can be done using only
elementary observations about ord
p
(a), ord
p
(b) and ord
p
(c).
Proof Sketch of Theorem 7.2. The statement concerning points of order 2 is
clear, so assume that T is not of order 2. The proof that x(T), y(T) Z
given in [1] uses formal groups which shall not be covered in this course; the
interested student is referred to 8.1.10 and 7.3 of that book. The remaining
statement is proven as follows. We have that 2T is also a torsion point
28
dierent from O so x(2T), y(2T) Z. By the duplication formula,
x(2T) =
_
3x(T)
2
+ 2ax(T) +b
2y(T)
_
2
2x(T) a.
Since x(2T) Z, y(T) divides 3x(T)
2
+ 2ax(T) +b = f
(x(T)). Now we use

the identity
(27f(x) (4a
3
18ab + 54c))f(x) (f
(x) a
2
+ 3b)f
(x)
2
= D.
Since y(T) = f(x(T))
2
and y(T)[f
(x(T)) it follows that y(T)

2
[D.
Exercises 7.10. 1. You are given a Weierstrass equation for an elliptic
curve dened over Q and the coordinates of a point P E(Q). In each
case nd the order of P E(Q). Justify your answer.
y
2
= x
3
+ 256, x(P) = 0, y(P) = 16.
y
2
= x
3
+ (1/4)x, x(P) = 1/2, y(P) = 1/2.
y
2
= x
3
43x + 166, x(P) = 3, y(P) = 8.
y
2
= x
3
(1/3)x + (19/108), x(P) = 1/3, y(P) = 1/2.
2. Let y
2
= x
3
2 be a Weierstrass equation for an elliptic curve E dened
over Q. Reducing modulo 7, nd the order of [3, 5, 1]

E(F
7
). What
is the order of the group

E(F
7
)?
3. Let y
2
= x
3
36x be a Weierstrass equation for an elliptic curve E
dened over Q. Find
the points of order 2;
the real points of order 3 (hint: nd P with x(P) = x(2P));
the order and structure of E
tors
(Q).
4. Let p be an odd prime and l be a prime with l 5 mod 6. Given that
_
1
p
_
=
_
1 if p 1 mod 4
1 if p 3 mod 4
and
_
3
p
_
=
_
1 if p 1 or 11 mod 12
1 if p 5 or 7 mod 12
,
prove that the map x x
3
from F
l
F
l
is a bijection.
5. Suppose that e and d are coprime integers which are not cubes. Prove
that an elliptic curve (E, O) dened over Q with a Weierstrass equation
y
2
= x
3
432(ed(e d))
2
always has a rational non-torsion point but E
tors
= O.
29
8 Mordells Theorem
Let (E, O) be an elliptic curve dened over Q. We learnt in Section 7, that
the torsion subgroup E
tors
(Q) is nite. In general, the whole group E(Q) is
not nite but
Theorem 8.1 (Mordell). E(Q) is nitely generated.
Since the group is abelian, it follows from Mordells theorem that E(Q)

=
T Z
r
, where T is the nite torsion subgroup. We can nd dierent (nite)
sets which generate E(Q) but the cardinality of these sets always stays the
same. Given a set of generators, the number of non-torsion points in the
set, denoted r, is known as the rank of the elliptic curve. This is extremely
dicult to compute in complete generality (no algorithm is known); trying
to do so leads to something called the Birch and Swinnerton-Dyer conjecture
which, to many, is the most beautiful and important conjecture in the whole
of number theory, and probably in the whole of mathematics.
We shall prove Mordells theorem when E has a rational 2-torsion point.
The general case is similar but requires us to work over a larger number eld.
Lemma 8.2. Let A and B be abelian groups written additively, and let :
A B and

: B A be group homomorphisms. If the indexes [B : (A)]
and [A :

(B)] are nite then [A :

(A)] divides [A :

(B)][B : (A)].
Proof. Since

(B) is a subgroup of A and

((A)) is a subgroup of

(B) we
have [A :

(A)] = [A :

(B)][
(B) :

((A)] (Exercise 8.15.2). Also the
map

easily gives a surjection B/(A)

(B)/
((A)) so [
(B) :

((A)]
divides [B : (A)].
Lemma 8.3. The group E(Q)/2E(Q) is nite. Moreover its cardinality
divides a power of 2, where the power can be explicitly determined and depends
only on the coecients of a Weierstrass equation for E.
Proof. Recall from Section 6 that if E has a rational 2-torsion point (e, 0)
then it has a Weierstrass equation y
2
= x
3
+ax
2
+bx for some integers a and
b. Put d = a
2
4b and let

E be an elliptic dened over Q with a Weierstrass
equation y
2
= x
3
2a x
2
+d x. The map : E

E given by
=
_
y
2
x
2
,
y(x
2
b)
x
2
, 1
_
is a homomorphism (see Exercise 3). Similarly, also is the map

:

E E
given by
=
_
y
2
4 x
2
,
y( x
2
d)
8 x
2
, 1
_
.
30
Moreover,

(P) = 2P for all P E and

(

P) = 2

P for all

P

E
(Exercise). So, by Lemma 8.2 it is enough to show that E(Q)/
(

E(Q)) and
E(Q)/(E(Q)) are nite. Recall that by Theorem 6.12 there is a homomor-

phism : E(Q) Q
/Q
2
dened by
(P) = x(P)Q
2
, if x(P) ,= 0,
([0, 0, 1]) = bQ
2
,
([0, 1, 0]) = Q
2
.
But P

(

E(Q)) i P = [0, 1, 0] or x(P) Q
2
(Exercise). Thus, ker =
(

E(Q)) and so, by the rst isomorphism theorem, E(Q)/
(

E(Q))

= Im.
Lemma 8.4. Any element of Im is of the form d
Q
2
, where d
divides b.
Proof. If P = [0, 1, 0] or [0, 0, 1] then it follows from the denition of .
Otherwise, recall (Lemma 6.2) that x(P) = A
P
/B
2
P
and y(P) = C
P
/B
3
P
,
where A
P
C
P
and B
P
are coprime. Substituting into the Weierstrass equation,
C
2
P
= A
3
P
+aA
2
P
B
2
P
+bA
P
B
4
P
= A
P
(A
2
P
+aA
P
B
2
P
+bB
4
P
).
If A
2
P
+ aA
P
B
2
P
+ bB
4
P
= 0 then A
P
(A
P
+ aB
2
P
) = bB
4
P
so A
P
divides b.
Otherwise the gcd of the two factors divides b so A
P
is d
multiplied by a
square, where d
divides b.
In particular [E(Q) :

(

E(Q)] divides 2
t+1
, where t is the number of
distinct prime divisors of b. Similarly (by interchanging E and

E above)
[

E(Q) : (E(Q))] divides 2
s+1
, where s is the number of distinct prime
divisors of d. Thus, from Lemma 8.2 it follows that E(Q)/2E(Q) is nite
and its cardinality divides 2
s+t+2
.
By using the notion of height we will next see that the elements in
E(Q)/2E(Q) can be used nd a set which generates E(Q). Recall that a
non-zero P E(Q) has x(P) = A
P
/B
2
P
where A
P
and B
P
are coprime.
Denition 8.5. The naive height of a non-zero P E(Q) is
h
x
(P) = log max[A
P
[, B
2
P
.
Set h
x
(O) = 0. The canonical height of P E(Q) is
h(P) = lim
m
h
x
(mP)
m
2
.
Proposition 8.6. For any P E(Q), the limit

h(P) exists.
31
1. For any constant C, P E(Q) :

h(P) C is a nite set.
2. For any P, Q E(Q),

h(P +Q) +

h(P Q) = 2
h(P) + 2
h(Q).
We shall use the above facts about height as tools to give a
Proof of Mordells Theorem. Assume that E(Q)/mE(Q) is nite for some m
(e.g. for m = 2 as in Lemma 8.3). We shall use 1 of Proposition 8.6. Choose
a (nite) set representatives P
1
, . . . , P
[E(Q):mE(Q)]
E(Q) of the elements of
E(Q)/mE(Q) and let B = max
h(P
i
) : i = 1 . . . [E(Q) : mE(Q)]. Then
we claim that S = P E(Q) :

h(P) B generates E(Q). Assume (for a
proof by contradiction) that the subgroup H generated by S is not equal to
E(Q), and let Q
1
E(Q) H. Let Q be the point in
P E(Q) H :

h(P)

h(Q
1
)
with smallest height. We have Q = P
i
+ mR for some i 1 . . . [E(Q) :
mE(Q)] and R E(Q). Since P
i
S H and by denition Q / H
we must have R / H. We will now get a contradiction by showing that
h(P
i
) > B. Using 8.6 2 and 8.15.6,
h(P
i
) =
1
2
(
h(Q+P
i
) +

h(QP
i
))
h(Q)
=
1
2
(
h(Q+P
i
) +

h(mR))
h(Q)
1
2
h(mR)
h(Q) =
m
2
2
h(R)
h(Q)
2
h(R)
h(Q)

h(Q) > B
since Q / S H.
It should be stressed that Mordells theorem (only) tells us that there is
a nite set of rational points which generates E(Q) and, in particular, that
the rank is nite. In the proof above we did not give a bound for the rank
or give a way to explicitly nd some generators. Nevertheless, in order to
make sure we understand these concepts clearly, we shall now look at some
complete examples.
Example 8.7. Suppose that (E, O) has a Weierstrass equation y
2
= x
3
25x.
We already know that E
tors
(Q) = (0, 0), (0, 5), (0, 5) (Proposition 7.8).
But (0, 0) + (5, 0) = (5, 0) so E
tors
= (0, 0), (5, 0)) = n
1
(0, 0) + n
2
(5, 0) :
n
1
, n
2
Z (it is easy to check that (0, 0) is not a multiple of (5, 0)). It turns
32
out that the group E(Q) has rank 1 and we can take (4, 6) as a non-torsion
generator. Thus,
E(Q) = (0, 0), (5, 0), (4, 6))
= n
1
(0, 0) +n
2
(5, 0) +n
3
(4, 6) : n
1
, n
2
, n
3
Z.
2
= x
3
41
2
x. Then E
tors
(Q) =< (0, 0), (41, 0) >, E(Q) has rank 2 and
E(Q) = (0, 0), (41, 0), (9, 120), (841, 24360)) .
2
= x
3
2.
Then E
tors
(Q) = O (Proposition 7.8) but E(Q) has a non-torsion rational
point (3, 5). It turns out that the group E(Q) has rank 1; so since there is no
rational point P with 0 <

h(P) <

h(3, 5), E(Q) = (3, 5)). So any rational
point on E is a multiple of (3, 5).
John Cremona has been able to compute the rank and a generating set for
all elliptic curves up to a certain (increasing) bound of complexity (e.g. the
coecients of the Weierstrass equation should not be too large, but that is not
necessarily a restriction). This data can be loaded into computer programs
such as PARI/GP (http://pari.math.u-bordeaux.fr/) and in practice
mathematicians often refer to this data. (Note that to get the data for Pari
you need to download a package and put it in the right directory.) Other
programs include SAGE (free, http://www.sagemath.org/) and MAGMA
(not free, http://magma.maths.usyd.edu.au/magma/).
It is not known if elliptic curves of arbitrarily large rank exist. The
current record is an example of elliptic curve with rank 28, found by
Elkies in 2006. The highest rank of an elliptic curve which is known exactly
(not only a lower bound for rank) is equal to 19, and it was found by Elkies
in 2009. http://web.math.hr/
~
duje/tors/rankhist.html
In order to bound the rank of an elliptic curve, and maybe to compute it
exactly, we need some kind of formula for it. The proof of Mordells theorem
came down to showing that the image of the homomorphism is nite, in
particular it was shown that [(E(Q))[[ (

E(Q))[ was bounded by 2
s+t+2
.
Using some algebraic techniques we will next see that this quantity can also
be written in terms of the rank r, giving us a formula.
Proposition 8.10. We have the equality [(E(Q))[[ (

E(Q))[ = 2
r+2
.
Proof. As an abstract abelian group, we have E(Q)

= E
tors
(Q) Z
r
, hence
E(Q)/2E(Q)

= E
tors
(Q)/2E
tors
(Q) (Z/2Z)
r
.
33
Let A be a nite abelian group. The doubling map A A is a homomor-
phism with kernel A[2] (the 2-torsion points) and image 2A. So, by the rst
isomorphism theorem, A/A[2]

= 2A. So, using Lagranges theorem,
[A[
[A[2][
= [2A[ =
[A[
[2A[
= [A[2][ = [A/2A[ = [A[2][.
In our case, with A = E
tors
(Q), [E
tors
(Q)/2E
tors
(Q)[ = [E
tors
(Q)[2][, the
number of rational 2-torsion points, is equal to 2
1+
, where = 0 or 1 ac-
cording to whether a
2
4b is a square or not. Thus [E(Q)/2E(Q[ = 2
r+1+
.
On the other hand, let us consider the homomorphisms : E(Q)

E(Q)
and

:

E(Q) E(Q). By Exercise 8.15.2,
[E(Q)/2E(Q)[ = [E(Q) :

(

E(Q))][
(

E(Q)) :

((E(Q))]
We showed in the proof of Mordells theorem that [E(Q) :

(

E(Q))] =
[(E(Q))[ so it remains to examine the second index. For any homomor-
phism

: A ? and subgroup B of nite index in an abelian group A,
(A)
(B)
=
A
B + ker

=
A/B
(B + ker

)/B
=
A/B
ker

/(ker

B)
(here

(A)
(B)
means the set of cosets

(A)/
(B)). (Exercise: think about why

these are all isomorphic.) So, since A/B and ker

/(ker

B) are nite
groups, Lagranges theorem gives
[
(A) :

(B)] =
[A : B]
[ker

: ker

B]
.
Take A =

E(Q) and B = (E(Q)). Note that we showed in the proof of
Mordells theorem that A/B

= Im is nite. There are two elements [0, 1, 0]
and [0, 0, 1] in ker

(see Exercise 8.15.3). Also, [0, 0, 1] B = (E(Q)) if
and only if d is a square (Exercise 8.15.4). So, using the -notation above, it
follows that
[
(

E(Q)) :

((E(Q))] =
[

E(Q) : (E(Q))]
2
1
=
(

E(Q))
2
1
.
Putting everything together gives the required formula
[(E(Q))[[ (

E(Q))[ = 2
r+2
.
34
8.1 Congruent Numbers
Here we look at an application of Mordells theorem to a classical question
about triangles. A congruent number is an integer n that is the area of a
right triangle with rational sides (i.e., a Pythagorean triangle). Since an area
is homogeneous of degree 2, it is clear that we can assume without loss of
generality that n is squarefree. For instance, from the well-known (3, 4, 5)
triangle we deduce that n = 6 is a congruent number. Several problems can
be asked about congruent numbers, but the most important are the following:
give a criterion for determining whether a given number n is congruent; if
it is, determine a corresponding Pythagorean triangle. Both problems are
dicult, and we will say a little of what is known about both.
Proposition 8.11. An integer n is a congruent number if and only if there
exists a rational non-torsion point on an elliptic curve (E
n
, 0) dened over
Q with a Weierstrass equation y
2
= x
3
n
2
x.
More explicitly (note that by Corollary 7.8 a non-zero P E
n
(Q) is
non-torsion if and only if y(P) ,= 0),
Proposition 8.12. If (a, b, c) is a Pythagorean triangle of area n, then (a(a
c)/2, a
2
(a c)/2) and (b(b c)/2, b
2
(b c)/2) lie on the Weierstrass for
E
n
. Conversely, a rational solution (x, y) to the Weierstrass for E
n
with
y ,= 0 gives rise to a Pythagorean triangle (a, b, c) of area n with a = [y/x[,
b = 2n[x/y[ and c = (x
2
+n
2
)/[y[.
Proof. The proof consists of simple verications: if for example x = a(a
c)/2, y = (b(b c)/2, b
2
(b c)/2), and n = ab/2 is the area of the triangle,
x(x
2
n
2
) = a
a +c
2
a
2
(a +c)
2
a
2
b
2
4
=
a
3
(a +c)
8
(a
2
+ 2ac +c
2
b
2
)
=
a
4
(a +c)
2
4
= y
2
.
The rest is left as an (easy) exercise.
By Proposition 8.11, n is a congruent number if and only if E
n
(Q) has non-
zero rank. The Birch and Swinnerton-Dyer conjecture says that the rank r
should be equal to the order of vanishing at s = 1 of a certain natural analytic
L-function attached to the elliptic curve; so, in particular, if L(1) = 0 then
r > 0. The problem is that, except in certain cases, it is impossible to prove
that a certain analytic function vanishes exactly at a given point. There
is one important special case for which it does give a result. Like most L-
functions, the L-function of an elliptic curve satises a functional equation,
35
specically of the form (2 s) = (s), where (s) is equal to L(s) times
a suitable non-zero factor, and = 1. Thus when = 1 we know that
L(1) = 0 and so r > 0. It turns out that = 1 if and only if n 5, 6 or 7
mod 8. So we have
Conjecture 8.13. Any square-free integer congruent to 5, 6 or 7 mod 8 is
a congruent number.
8.2 Example of how to determine the rank
Note that I expect your own solutions to contain the same amount of expla-
nation and not use the discussion below to cut corners.
Let (E, O) be an elliptic curve dened over Q having a Weierstrass equa-
tion y
2
= x
3
+ax
2
+bx with a, b E(Q). By Proposition 8.10, [(E(Q))[[ (

E(Q))[ =
2
r+2
where r is the rank,

E : y
2
= x
3
2a x
2
+ (a
2
4b) x and : E(Q)
Q
/Q
2
is given by
(P) = x(P)Q
2
, if x(P) ,= 0,
([0, 0, 1]) = bQ
2
,
([0, 1, 0]) = Q
2
(Similarly for :

E(Q) Q
/Q
2
). So we need to think about the how big
[ (

E(Q))[ and [(E(Q))[ can be. By Lemma 8.4, any element of (E(Q)) is
of the form d
Q
2
where d
divides b. Similarly, any element of (

E(Q)) is of
the form d
Q
2
where d
divides a
2
4b. Depending on the specic situation,
there may be ways of further restricting which values d
can take.
Example 8.14. If a = 0 and b > 0 then looking at the Weierstrass equation
for E we see that Q
2
can not belong to (E(Q)) (you should say why).
Suppose that d
Q
2
belongs to (E(Q)). Then there exists P E(Q)
with x(P) = d
A
2
/B
2
,= 0 and y(P) = C/B
3
where (d
AC, B) = 1 (assuming
that P ,= [0, 1, 0]). Assume also that x(P) ,= 0. Substituting in we get
C
2
= d
A
2
(d
2
A
4
+d
aA
2
B
2
+bB
4
)
Since d
is square free, d
2
A
4
+d
aA
2
B
2
+bB
4
= d
C
2
. So, in particular,if
d
3
(A
2
)
2
+d
2
a(A
2
B
2
) +d
b(B
2
)
2
is negative then d
Q
2
cannot belong to (E(Q)).
Exercises 8.15. 1. Prove that a quadratic with real coecients, negative
leading term and negative discriminant is negative at all real values.
36
2. Prove that if H is a subgroup of a group G and K is a subgroup of H,
then [G : K] = [G : H][H : K].
3. The purpose of this exercise is to learn about maps between curves.
Let E[X, Y, Z] and

E[

X,

Y ,

Z] represent Weierstrass equations for two
elliptic curves dened over Q. Maps : E

E are of the form =
[f
0
, f
1
, f
2
], where f
0
, f
1
, f
2
Q(E) (these are rational functions in vari-
ables X, Y, Z related by E[X, Y, Z]) and (P) = [f
0
(P), f
1
(P), f
2
(P)]
E for every P E at which they are dened. The map is dened

at P E if there is a function g Q(X, Y, Z) such that each gf
i
is
dened at P.
Although it might not look it, prove that in the proof on Lemma
8.3 is dened at [0, 0, 1] and [0, 1, 0] (remember to work projec-
tively, write x = X/Z and y = Y/Z). Evaluate at these points.
If the map is dened at every point it is called a morphism. A
morphism (between elliptic curves) satisfying ([0, 1, 0]) = [0, 1, 0] is
called an isogeny. Remarkably, any isogeny is a homomorphism.
4. Let be as in the proof of Lemma 8.3. Let P E(Q) be non-zero with
x(P) ,= 0.
(a) Prove that

(P) = 2P.
(b) Prove that the points on Q

E with

(Q) = P have
x(Q) = 2x(P) +a 2
y(P)
_
x(P)
, and y(Q) = 2
_
x(P) x(Q).
(c) Prove that [0, 0, 1] (E(Q)) if and only if d is a square.
5. Prove that T E(Q) is a torsion point if and only if

h(T) = 0.
6. Using 1 of Proposition 8.6, prove by induction that

h(mP) = m
2
h(P).
7. Let p > 0 be a prime and a 0 an integer, and (E, O) have a Weier-
strass equation y
2
= x
3
p
a
x. Prove that E(Q) has rank r 2.
8. Prove that if (E, O) has a Weierstrass equation y
2
= x
3
1 then E(Q)
has rank 0.
9. Prove that if (E, O) has a Weierstrass equation y
2
= x
3
+ 5x
2
+ 13x
then E(Q) has rank 1.
10. Construct two dierent Pythagorean triangles with area 5.
37
9 Putting Everything Together
Here we will use all what we have learnt to solve some Diophantine equations.
Recall that the map : E(Q) Q
/Q
2
(called the 2-descent map) in
Section 8 plays a big part in determining the group of rational points on an
elliptic curve; we will make good use of this map below.
As usual, let a, b, c Q be non-zero. Consider the equation

C : aU
4
+
bV
4
+cW
2
= 0. This is not homogeneous so does NOT dene a curve. Recall
that in Denition 4.4 we dened projective 3-space
P
2
(
Q) = [x
1
, x
2
, x
3
] : (x
1
, x
2
, x
3
) is non-zero.
But F = aU
4
+bV
4
+cW
2
is homogeneous up to a twist. So given a non-zero
tuple (x
1
, x
2
, x
3
) dene

[x
1
, x
2
, x
3
] = (x
1
, x
2
,
2
x
3
) :

Q is non-zero,
P
2
(
Q) =

[x
1
, x
2
, x
3
] : (x
1
, x
2
, x
3
) is non-zero
and

C = P

P
2
(
Q) : F(P) = 0.
Proposition 9.1. Let

C : aU
4
+ bV
4
+ cW
2
= 0. Let (E, O) be an elliptic
curve dened over Q with a Weierstrass equation Y
2
Z = X
3
+abc
2
XZ
2
(note
that this is written projectively). Dene a map :

C E by
= [bcUV
2
, bc
2
V W, U
3
].
Then
1. if (b/c) is not a square then the map is two-to-one with P E(Q)
having preimages Q
1
, Q
2
=

[U(Q
1
), V (Q
1
), W(Q
1
)];
2.

C(Q) ,= if and only if (P) = (b/c)Q
/Q
2
for some P E(Q).
Proof. 1. Suppose that (Q
1
) = (Q
2
) with U(Q
2
) ,= 0 (since (b/c) is not
a square) then
U(Q
1
)V (Q
1
)
2
=
U(Q
2
)V (Q
2
)
2
V (Q
1
)W(Q
1
) =
V (Q
2
)W(Q
2
)
U(Q
1
)
3
=
U(Q
2
)
3
.
for some
. Thus
= (U(Q
1
)/U(Q
2
))
3
is a cube. Set = U(Q
1
)/U(Q
2
)
then U(Q
1
) = U(Q
2
), U(Q
2
)V (Q
1
)
2
=
3
U(Q
2
)V (Q
2
)
2
so V (Q
1
)
2
=
2
V (Q
2
)
2
= V (Q
1
) = V (Q
2
) and V (Q
1
)W(Q
1
) =
(V (Q
1
)/)W(Q
2
)
so W(Q
1
) =
2
W(Q
2
).
38
2. Recall that : E(Q) Q
/Q
2
is dened by
(P) = x(P)Q
2
, if x(P) ,= 0,
([0, 0, 1]) = abQ
2
,
([0, 1, 0]) = Q
2
.
= Suppose that Q

C(Q) (i.e.

C(Q) ,= ). If U(Q) = 0 then
V (Q)W(Q) ,= 0, (Q) = [0, 1, 0] and b/c = W(Q)
2
/V (Q)
4
is a square so
((Q)) = (b/c)Q
/Q
2
. If U(Q) ,= 0 then (Q) ,= [0, 1, 0] and
x((Q)) = bc
U(Q)V (Q)
2
U(Q)
3
= bc
V (Q)
2
U(Q)
2
=
b
c
c
2
V (Q)
2
U(Q)
2
If V (Q) = 0 then (Q) = [0, 0, 1] and U(Q)W(Q) ,= 0 so
a = c
W(Q)
2
U(Q)
4
=
1
c
c
2
W(Q)
2
U(Q)
4
.
Thus, in all cases, ((Q)) = (b/c)Q
/Q
2
.
= Suppose that (P) = (b/c)Q
/Q
2
for some P E(Q). If P ,=
[0, 1, 0] and x(P) ,= 0 then bcx(P) =
2
so bcX(P) = Z(P)
2
for some
Q
. Set Q = [cZ(P), cX(P), cY (P)Z(P)] then Q

C(Q). If
P = [0, 1, 0] then b/c is a square and Q = [0, 1,
_
b/c]

C(Q). If
P = [0, 1, 0] then a/c is a square and Q = [1, 0,
_
a/c]

C(Q).
Next we look at the equation

C : aU
6
+ bV
3
+ cW
2
= 0. Again, to
distinguish between genuinely dierent solutions we work in twisted projec-
tive space. This time, with F = aU
6
+ bV
3
+ cW
2
, given a non-zero tuple
(x
1
, x
2
, x
3
) dene

[x
1
, x
2
, x
3
] = (x
1
,
2
x
2
,
3
x
3
) :

Q is non-zero,
P
2
(
Q) =

[x
1
, x
2
, x
3
] : (x
1
, x
2
, x
3
) is non-zero
and

C = P

P
2
(
Q) : F(P) = 0.
Proposition 9.2. Let

C : aU
6
+ bV
3
+ cW
2
= 0. Let (E, O) be an elliptic
curve dened over Q with a Weierstrass equation Y
2
Z = X
3
ab
2
c
3
Z
3
.
Dene a map :

C E by = [bcUV, bc
2
W, U
3
].
1. The map gives a bijection

C(Q) E(Q).
2. In particular,

C(Q) is innite if and only if E(Q) has non-zero rank.
39
Proof. 1. It is easy to check that if Q

C then (Q) E. Surjectivity:
if P E(Q) with P ,= O set Q = [bcZ(P), bcX(P)Z(P), b
2
cY (P)Z(P)
2
]
(note that Z(P) ,= 0) and if P = O set Q = [0, bc, b
2
c]; then (Q) = P.
Injectivity: If (Q
1
) = (Q
2
) then [bcU(Q
1
)V (Q
1
), bc
2
W(Q
1
), U(Q
1
)
3
] =
[bcU(Q
2
)V (Q
2
), bc
2
W(Q
2
), U(Q
2
)
3
] so
U(Q
1
)
3
=
U(Q
2
)
3
W(Q
1
) =
W(Q
2
)
U(Q
1
)V (Q
1
) =
U(Q
2
)V (Q
2
);
so
=
3
is a cube and U(Q
1
) = U(Q
2
), W(Q
1
) =
3
W(Q
2
) and
U(Q
1
)V (Q
1
) =
3
(U(Q
1
)/)V (Q
2
) =
2
U(Q
1
)V (Q
2
).
2. Now we know that

C(Q) and E(Q) are bijective, they have the same
cardinality. But E(Q) innite if and only if it has non-zero rank.
9.1 The Fermat Quartics U
4
+V
4
= cW
4
Let c be a 4th power-free (positive) integer and let C
c
denote the curve given
by U
4
+V
4
= cW
4
. The claim that C
1
(Q) = [0, 1, 1], [1, 0, 1] is Fermats
Last Theorem for 4th powers. Fermat did actually give a proof of his famous
theorem in this case; in fact, he proved something a bit stronger. He assumed
that there is a solution and so there must be a smallest one (e.g. one for
which [W[ is smallest); he then got a contradiction by constructing a smaller
solution. This gave rise to a method now know as descent. Indeed, the proof
of Mordells theorem in Section is done by descent using the machinery of
heights, and the map , which plays such a crucial stole, is known as the
2-descent map (it is possible to do higher descents, see [1]).
Proposition 9.3 (Fermat). The Diophantine equation x
4
+ y
4
= z
2
has no
solutions with xyz ,= 0. (In particular, C
1
(Q) = [0, 1, 1], [1, 0, 1].)
Proof. Assume that the equation has such a solution; then it has a solution
with x, y and z coprime. Taking congruences modulo 8 we see that z is odd.
Without loss of generality suppose that x is odd and y is even. By Proposition
4.1 there exist coprime s and t of opposite parity such that x
2
= s
2
t
2
,
y
2
= 2st and z = (s
2
+t
2
). Applying this again to x
2
= s
2
t
2
, there exist
coprime u and v of opposite parity such that x = (u
2
v
2
), s = (u
2
+v
2
)
and t = 2uv. Since y
2
= 2st, s and t have the same sign and we may
assume that they are both positive (otherwise replace (s, t) with (s, t)).
Similarly, assume that u and v are both positive. Substituting in for s, t
gives (y/2)
2
= uv(u
2
+ v
2
). Since (u, v) = 1 the three factors on the right
are coprime and nonnegative, so each one is a square. Write u = u
2
1
, v = v
2
1
,
40
u
2
+v
2
= w
2
then u
4
1
+v
4
1
= w
2
. This is the same as the initial equation with
[w[ < [z[. Thus, if we start with a solution with the smallest nonzero value
of [z[ we obtain a strictly smaller one, a contradiction that shows that there
cannot be any such solution.
Using the same method of descent,
Proposition 9.4. The Diophantine equation x
4
+ 2y
4
= z
2
has no solution
with y ,= 0.
Proof. Assume that the equation has such a solution; then it has a solution
with x, y and z coprime. By Proposition 4.2, there exist coprime integers s
and t with s odd such that x
2
= (s
2
2t
2
) and y
2
= 2st. It follows that
s = u
2
and t = 2v
2
with u odd and coprime to v, so x
2
= (u
4
8v
4
).
If the sign was minus, we would have x
2
+ u
4
= 8v
4
and, since u and x are
odd, x
2
+ u
4
2 mod 8 (a contradiction). Thus x
2
+ 8v
4
= u
4
. Applying
Proposition 4.2 again, there exist coprime a, b with 2v
2
= 2ab and u
2
=
a
2
+ 2b
2
. It follows that a = c
2
, b = d
2
and so c
4
+ 2d
4
= u
2
. This is the
original equation with [u[ < [z[, which by descent is a contradiction.
Proposition 9.5. C
2
(Q) = [1, 1, 1].
Proof. Let

C : U
4
+V
4
2W
2
= 0 and let (E, O) be an elliptic curve dened
over Q with a Weierstrass equation Y
2
Z = X
3
+4XZ
2
. By Proposition 9.1,
there is a map :

C E given by
= [bcUV
2
, bc
2
V W, U
3
].
Assume that the rank of E(Q) is zero (we will prove this below). Then by
Corollary 7.8 and Theorem 7.2 we know that E(Q) = E
tors
Q = (2, 4)),
where (2, 4) has order 4. But [0, 1, 0] / (

C(Q)) (since 2 is not a square)
and [0, 0, 1] / (

C(Q)). So by Proposition 9.1,

C(Q) has 4 points (including
both preimages). Since every point in C
2
(Q) gives a point in

C(Q) there
must only be the 4 obvious points.
It remains to prove that E(Q) has rank 0. By Proposition 8.10, 2
r+2
=
[ Im[[ Im [ where

E : y
2
= x
3
16 x and : E(Q) Q
/Q
2
is the
2-descent map. We can actually assume that

E : y
2
= x
3
x since the
Weierstrass equations are isomorphic (do a transformation x
1
= 2
2
x, y
1
=
2
3
y). By Lemma 8.4 any element of Im is of the form d
Q
2
, where d
divides
4. These elements correspond to the existence of P E(Q) with x(P) =
d
A
2
/B
2
(remember that the denominator of the x-coordinate is always a
square). Looking at y
2
= x
3
+ 4x we see that it is impossible for d
to be
negative, thus [ Im[ 2. Similarly, [ Im [ 2 so 2
r+2
4 = r = 0.
41
Now assume that c 3 and write u = U/W and v = V/W. Consider two
elliptic curves with Weierstrass equations E
c
: y
2
= x
3
cx and F
c
: y
2
=
x
3
+c
2
x. Dene maps : C
c
E
c
and : C
c
F
c
by
= [u
2
, uv
2
, 1] and =
_
cu
2
v
2
,
c
2
u
v
3
, 1
_
.
Proposition 9.6. Let c 3 be a 4th power-free integer. If either E
c
(Q) or
F
c
(Q) has rank 0 then C
c
(Q) = .
Proof. If C
c
(Q) contains a point then that point will map to one of the nitely
many (since the rank is zero) points in E
c
(Q) or F
c
(Q). So it is enough to
show that no torsion point in E
c
(Q) or F
c
(Q) has a rational preimage. Note
rstly that (0, 0) / (C
c
(Q)) since if (Q) = (0, 0) then u(Q) = 0 and c
would have to be a 4th power. Similarly (0, 0) / (C
c
(Q)). By Corollary
7.8, there can be other torsion points only if c (for E
c
) or c
2
(for F
c
) is
equal to m
2
or to 4m
4
.
Consider rst E
c
. Since c > 0 we can not have c = 4m
4
. If c = m
2
then
E
c
(Q) contains 2-torsion points (m, 0) and (m, 0). If (Q) = (m, 0) then
u(Q) = 0 or v(Q) = 0, which is impossible since c is not a 4th power.
Finally consider F
c
. We can not have c
2
= m
2
. If c = 2m
2
then F
c
(Q)
contains torsion points (2m
2
, 4m
3
) of order 4. If (Q) = (2m
2
, 4m
3
) then
2m
2
= 2m
2
u(Q)
2
/v(Q)
2
and 4m
3
= 4m
4
u(Q)/v(Q)
3
so u(Q) = v(Q),
but then u(Q)
4
= m
2
so m is a square which, since m > 1 when c > 2,
again contradicts that c is 4th power free.
Since C
c
has genus 3 we know by Faltings theorem that C
c
(Q) is nite
for any given c Q
. So when there do exist solutions to our Fermat quar-

tic, for instance when c = 1, 2, or 17, we can ask for all the solutions.
We have been able to prove above that C
1
(Q) = [0, 1, 1], [1, 0, 1] and
C
2
(Q) = [1, 1, 1]. On the other hand, it is much more dicult to prove
that C
17
(Q) = [1, 2, 1]. This problem was posed by J.-P. Serre as the
simplest unknown case of the Fermat quartic equations, and also because it
was known that the standard methods failed on this curve. It was solved only
in 1999 by Flynn and Wetherell using covering techniques, and their proof
is far from easy. Bremner and Morton found the rst value of c for which
C
c
(Q) is non-empty and has no integral points (points Q with u(Q) Z).
This value is c = 5906. Something which I am personally interested in is
whether there exists such a value of c which is prime.
Exercises 9.7. 1. Let

C and E be as in Proposition 9.1. Prove that
C(Q) is innite if and only if (P) = (b/c)Q
/Q
2
for some non-
torsion P E(Q).
42
2. Let

C : 2U
4
+ V
4
+ W
2
= 0. Is

C(Q) innite? Justify your answer.
Show that there are nitely many Q C(Q) with U(Q), V (Q), W(Q)
Z and [U(Q)[ < 10
1000000
.
3. Let

C and E be as in Proposition 9.2. If E(Q) has rank zero when
does

C(Q) have more than one point?
4. Prove that 1 is not a congruent number.
References
[1] H. Cohen, Number Theory: Volume I: Tools and Diophantine Equations
(Springer Graduate Texts in Mathematics 239, 2007).
[2] T. A. Apostol, Introduction to Analytic Number Theory (Springer Under-
graduate Texts in Mathematics, 1998).
43

Jcou

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Jcou

Uploaded by

Copyright:

Available Formats

Diophantine Equations and Integral Points on

Elliptic Curves (formerly Rational Points on

b is the complex conjugate and [b[ is the absolute value of b. If N(b) = 1

b and r = 0. Otherwise N(b) 2. Write

d), N(ab) = N(a)N(b).

2 is a prime in R. Prove that the units of R are 1.

2 is a prime in R. Find a unit u of R which is not 1. Is u

2]. Since the only units are 1, we must have x +

Q[X, Y, Z], the set

Q) : g(P) = 0 for all homogeneous g (F)

Q). Looking at the coecient of X

(P) may be integral when x(P) is not so it becomes

(x(T)). Now we use

(x(T)) it follows that y(T)

E(Q)/(E(Q)) are nite. Recall that by Theorem 6.12 there is a homomor-

(B)). (Exercise: think about why

divides b. Similarly, any element of (

E for every P E at which they are dened. The map is dened

. Set Q = [cZ(P), cX(P), cY (P)Z(P)] then Q

. So when there do exist solutions to our Fermat quar-

C(Q) is innite if and only if (P) = (b/c)Q

You might also like