de Gruyter Studies in Mathematics 31 Editors: Carlos Kenig · Andrew Ranicki · Michael Röckner de Gruyter Studies in Mathematics 1 Riemannian Geometry, 2nd rev. ed., Wilhelm P.A.Klingenberg 2 Semimartingales, Michel Me´tivier 3 Holomorphic Functions of Several Variables, Ludger Kaup and Burchard Kaup 4 Spaces of Measures, Corneliu Constantinescu 5 Knots, 2nd rev. and ext. ed., Gerhard Burde and Heiner Zieschang 6 Ergodic Theorems, Ulrich Krengel 7 Mathematical Theory of Statistics, Helmut Strasser 8 Transformation Groups, Tammo tom Dieck 9 Gibbs Measures and Phase Transitions, Hans-Otto Georgii 10 Analyticity in Infinite Dimensional Spaces, Michel Herve´ 11 Elementary Geometry in Hyperbolic Space, Werner Fenchel 12 Transcendental Numbers, Andrei B. Shidlovskii 13 Ordinary Differential Equations, Herbert Amann 14 Dirichlet Forms and Analysis on Wiener Space, Nicolas Bouleau and Francis Hirsch 15 Nevanlinna Theory and Complex Differential Equations, Ilpo Laine 16 Rational Iteration, Norbert Steinmetz 17 Korovkin-typeApproximationTheoryanditsApplications,FrancescoAltomare and Michele Campiti 18 Quantum Invariants of Knots and 3-Manifolds, Vladimir G. Turaev 19 Dirichlet Forms and Symmetric Markov Processes, Masatoshi Fukushima, Yoichi Oshima and Masayoshi Takeda 20 Harmonic Analysis of Probability Measures on Hypergroups, Walter R.Bloom and Herbert Heyer 21 Potential Theory on Infinite-Dimensional Abelian Groups, Alexander Bendikov 22 Methods of Noncommutative Analysis, Vladimir E. Nazaikinskii, Victor E. Shatalov and Boris Yu. Sternin 23 Probability Theory, Heinz Bauer 24 Variational Methods for Potential Operator Equations, Jan Chabrowski 25 The Structure of Compact Groups, Karl H. Hofmann and Sidney A. Morris 26 Measure and Integration Theory, Heinz Bauer 27 Stochastic Finance, Hans Föllmer and Alexander Schied 28 Painleve´ Differential Equations in the Complex Plane, Valerii I. Gromak, Ilpo Laine and Shun Shimomura 29 Discontinuous Groups of Isometries in the Hyperbolic Plane, Werner Fenchel and Jakob Nielsen 30 The Reidemeister Torsion of 3-Manifolds, Liviu I. Nicolaescu Susanne Schmitt · Horst G. Zimmer Elliptic Curves A Computational Approach With an Appendix by Attila Pethö ≥ Walter de Gruyter Berlin · New York Authors SusanneSchmitt HorstGünterZimmer Max-Planck-InstitutfürInformatik(MPII) FachbereichMathematik(Bau27.1) AlgorithmsandComplexityGroup(AG1) UniversitätdesSaarlandes Stuhlsatzenhausweg85 Postfach151150 66123Saarbrücken 66041Saarbrücken Germany Germany E-Mail:[email protected] E-Mail:[email protected] SeriesEditors CarlosE.Kenig AndrewRanicki MichaelRöckner DepartmentofMathematics DepartmentofMathematics FakultätfürMathematik UniversityofChicago UniversityofEdinburgh UniversitätBielefeld 5734UniversityAve MayfieldRoad Universitätsstraße25 Chicago,IL60637 EdinburghEH93JZ 33615Bielefeld USA Scotland Germany MathematicsSubjectClassification2000:11-01,14-01;11G05,11G07,11-04,11G20,11G40,11G50, 14-04,14H52 Keywords:ellipticcurves,Weierstrassfunction,height,torsion-group,rank,Mordell(cid:3)Weilgroup,algo- rithms,cryptography (cid:1)(cid:1) Printedonacid-freepaperwhichfallswithintheguidelinesoftheANSI toensurepermanenceanddurability. LibraryofCongress(cid:3)Cataloging-in-PublicationData Schmitt,Susanne. Ellipticcurves:acomputationalapproach/SusanneSchmitt,Horst G.Zimmer;withanappendixbyAttilaPethö. p. cm.(cid:3)(DeGruyterstudiesinmathematics;31) Includesbibliographicalreferencesandindex. ISBN3-11-016808-1(acid-freepaper) 1.Curves,Elliptic. I.Zimmer,HorstG. II.Title. III.Series. QA567.2.E44S35 2003 516.3152(cid:3)dc21 2002041531 ISBN3-11-016808-1 BibliographicinformationpublishedbyDieDeutscheBibliothek DieDeutscheBibliothekliststhispublicationintheDeutscheNationalbibliografie; detailedbibliographicdataisavailableintheInternetat(cid:1)http://dnb.ddb.de(cid:2). (cid:1)Copyright2003byWalterdeGruyterGmbH&Co.KG,10785Berlin,Germany. Allrightsreserved,includingthoseoftranslationintoforeignlanguages.Nopartofthisbookmaybe reproducedinanyformorbyanymeans,electronicormechanical,includingphotocopy,recording,or anyinformationstorageandretrievalsystem,withoutpermissioninwritingfromthepublisher. PrintedinGermany. Coverdesign:RudolfHübler,Berlin. Typesetusingtheauthors’TEXfiles:I.Zimmermann,Freiburg. Printingandbinding:Hubert&Co.GmbH&Co.KG,Göttingen. Preface Thepurposeofthepresenttextistogiveanelementaryintroductiontothearithmetic ofellipticcurvesovernumberfieldsfromacomputationalpointofview. Thetextis thereforeequippedwiththecorrespondingalgorithms. Manyexamplesand,ofcourse, someexercisesareadded. Inallthoseregardswemakeextensiveuseoftheavailability ofcomputers. Thearithmeticofellipticcurvescanbecomealmostarbitrarilysophisticated. That iswhyanelementaryintroductionrequiresacertainrestrictionontheselectionoftopics treated. However,themostimportanttopicsaredealtwithinthebook. Theyinclude thedeterminationoftorsiongroups,computationsconcerningtheMordell–Weilgroup, especiallyconcerningtherankandabasisofthatgroup,heightcalculations,andthe determinationofintegraland,moregenerally,S-integralpoints. Toavoidoverlapping we occasionally, instead of giving proofs, cite the books [204], [207] of Silverman. For some more exercises, we also refer to the books of Silverman which contain a lotofexercisesrelatedtothepresenttextaswell. Weshouldalsomentionthatthere aresomesurveyarticlesonthistopic,forinstancethoseofFrey[69],Stroeker[216], Zagier[245]andthesecondauthor[254],[255] Elliptic curves admit many applications, in pure mathematics and in computer science. TheyplayanimportantroleintheproofbyFaltingsofMordell’sconjecture andintheproofbyWilesofFermat’slasttheoremontheonehand,andtheyareused e.g. forfactoringintegers,derivingpropertiesofprimenumbers,andincryptography on the other (see Jacobson, Menezes, Stein [104]). Thus cryptography enters the pictureheretoo. Oneaimofthebookisalsotoinformaboutresultsobtainedintheresearchgroup of the second author. Specifically, the research group was developing the computer algebra system SIMATH.This system will be further developed from the year 2002 onbyKenNakamulaandhisgroupinTokyoandbyothers. TheSIMATHpackagefocusesonellipticcurves. Thereforeitplaysanimportant part in the book: The algorithms are implemented in SIMATH and the examples are produced by SIMATH. Of course, among other things, SIMATH contains all the elementary algorithms used in the book. More about SIMATH can be found on http://diana.math.uni-sb.de/˜simath/. Ellipticcurvesareaspecialcaseofdiophantineequations. Itisthereforeinorder to briefly consider in an appendix how to solve general diophantine equations. The LLL-algorithm plays an essential role here. In addition, lower bounds for linear forms in logarithms are important. Finally, the p-adic methods used are outlined in AppendixA. Wehopethatthetextwillbereadbymathematiciansaswellascomputerscientists, andscientistsfromindustry. Inviewoftheapplicationsincryptography,itisespecially vi Preface importantforcomputerscientiststoknowsomeelementsofthearithmeticofelliptic curves. Thebibliographydoesnotcompriseallthebooksorpapersrelevanttothefieldof ellipticcurvesbecauseitwasnearlyimpossibleinviewofitsextend. TheauthorswishtoexpresstheirheartfeltthankstoF.LemmermeyerfromtheUni- versity of San Marcos, and M. Kida from the University of Electro-Communication Chofu, Tokyo, for their detailed and helpful reading of the manuscript. F. Lem- mermeyer and M. Kida also made a number of suggestions for improvements and extensions. Manyofthemcouldbeincorporatedinthetext. A. Petho˝ has not only writtenAppendixA but also essentially contributed to the manuscript. Therefore,thanksareduetohimtoo. Last but not least we thank Dr. M. Karbe from the de Gruyter Verlag for his permanentengagementforthemanuscriptandforhispatiencewiththeauthors. Saarbrücken,September2003 SusanneSchmitt Horst-GünterZimmer Contents Preface v 1 Ellipticcurves 1 1.1 Normalforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Theadditionlaw . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3 Multiplicationformulas . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.4 Factorizationandprimalitytest . . . . . . . . . . . . . . . . . . . . . 24 1.5 Isogeniesandendomorphismsofellipticcurves . . . . . . . . . . . . 27 1.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2 Ellipticcurvesoverthecomplexnumbers 33 2.1 Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.2 Weierstraß℘-function. . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.3 Periodsofellipticcurves . . . . . . . . . . . . . . . . . . . . . . . . 52 2.4 Complexmultiplication . . . . . . . . . . . . . . . . . . . . . . . . . 55 2.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3 Ellipticcurvesoverfinitefields 63 3.1 Frobeniusendomorphismandsupersingularcurves . . . . . . . . . . 63 3.2 Computingthenumberofpoints . . . . . . . . . . . . . . . . . . . . 65 3.3 Constructionofellipticcurveswithgivengrouporder . . . . . . . . . 74 3.4 Ellipticcurvesincryptography . . . . . . . . . . . . . . . . . . . . . 79 3.5 Thediscretelogarithmproblemonellipticcurves . . . . . . . . . . . 83 3.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4 Ellipticcurvesoverlocalfields 87 4.1 Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.2 Thefiltration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 4.3 ThetheoremofNagell,Lutz,andCassels . . . . . . . . . . . . . . . 98 4.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 5 TheMordell–Weiltheoremandheights 103 5.1 TheoremofMordellandWeil. . . . . . . . . . . . . . . . . . . . . . 103 5.2 Heights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.3 Computationoftheheights . . . . . . . . . . . . . . . . . . . . . . . 128 5.4 Pointsofboundedheight . . . . . . . . . . . . . . . . . . . . . . . . 133 5.5 Thedifferencesbetweentheheights . . . . . . . . . . . . . . . . . . 136 5.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 viii Contents 6 Torsiongroup 147 6.1 Structureofthetorsiongroup . . . . . . . . . . . . . . . . . . . . . . 147 6.2 Ellipticcurveswithintegralj-invariant . . . . . . . . . . . . . . . . 151 6.3 ThetheoremofNagell,Lutz,andCassels . . . . . . . . . . . . . . . 177 6.4 Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 6.5 Computationofthetorsiongroup . . . . . . . . . . . . . . . . . . . . 185 6.6 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 6.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 7 Therank 198 7.1 L-series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 7.2 ThecoefficientsoftheL-series . . . . . . . . . . . . . . . . . . . . . 202 7.3 ContinuationoftheL-series . . . . . . . . . . . . . . . . . . . . . . 207 7.4 Conjecturesconcerningtherank . . . . . . . . . . . . . . . . . . . . 214 7.5 TheSelmerandtheTate–Shafarevichgroup . . . . . . . . . . . . . . 216 7.6 2-descent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 7.7 Therankinfieldextensions . . . . . . . . . . . . . . . . . . . . . . . 233 7.8 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 8 Basis 242 8.1 Linearlyindependentpoints . . . . . . . . . . . . . . . . . . . . . . 242 8.2 Computationofabasis . . . . . . . . . . . . . . . . . . . . . . . . . 247 8.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 8.4 Heegnerpointmethod. . . . . . . . . . . . . . . . . . . . . . . . . . 254 8.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 9 S-integralpoints 263 9.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 9.2 Ellipticlogarithms . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 9.3 S-integralpointsoverQ. . . . . . . . . . . . . . . . . . . . . . . . . 272 9.4 Proofofthetheorem . . . . . . . . . . . . . . . . . . . . . . . . . . 278 9.5 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 9.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 A Algorithmictheoryofdiophantineequations 294 A.1 Hilbert’s10th problem . . . . . . . . . . . . . . . . . . . . . . . . . 294 A.2 IntroductiontoBaker’smethod . . . . . . . . . . . . . . . . . . . . . 295 A.3 S-unitequations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 A.4 Thueequations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 A.5 Smallcollectionofotherresults . . . . . . . . . . . . . . . . . . . . 305 A.6 Lowerboundsforlinearformsinlogarithms . . . . . . . . . . . . . . 308 A.7 LLL-algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 A.8 Reductionofthelargebound . . . . . . . . . . . . . . . . . . . . . . 311 Contents ix B Multiquadraticnumberfields 316 B.1 MultiquadraticfieldsandGaloisgroups . . . . . . . . . . . . . . . . 316 B.2 Discriminants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 B.3 IntegralBases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 B.4 DecompositionLaw . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 B.5 Biquadraticnumberfields . . . . . . . . . . . . . . . . . . . . . . . . 330 B.6 Totallyrealandtotallycomplexbiquadraticfields . . . . . . . . . . . 341 B.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Bibliography 351 Index 365