an explicit proof of the weak finite basis theorem and...

AN EXPLICIT PROOF OF THE WEAK FINITE BASIS

THEOREM AND APPLICATIONS TO COMPUTING

RANKS OF ELLIPTIC CURVES

APPROVED BY SUPERVISING COMMITTEE:

Eduardo Duenez, Ph.D., Chair

Dmitry Gokhman, Ph.D.

Jose Iovino, Ph.D.

Accepted:

Dean, Graduate School

AN EXPLICIT PROOF OF THE WEAK FINITE BASIS

THEOREM AND APPLICATIONS TO COMPUTING

RANKS OF ELLIPTIC CURVES

by

Zachery A. Sharon, B.S.

THESISPresented to the Graduate Faculty of

The University of Texas at San AntonioIn Partial FulfillmentOf the Requirements

For the Degree of

MASTER OF SCIENCE IN MATHEMATICS

THE UNIVERSITY OF TEXAS AT SAN ANTONIOCollege of Sciences

Department of MathematicsAugust 2011

ACKNOWLEDGEMENTS

I would first like to thank my thesis supervisor, Dr. Eduardo Duenez, for introducing me

to the topic of elliptic curves and suggesting that I study the problem of computing ranks.

Our many discussions about background material, as well as his guidance in working out

the details of the proof and his advice on writing style, have been immeasurably helpful. I

also want to acknowledge his contribution in pointing out the isomorphism in Lemma 3.18,

which lead to a set of interlocking exact sequences we use in Chapters 3 and 4.

My thanks also go to Dr. Jose Iovino and Dr. Dmitry Gokhman for serving on the thesis

committee and reviewing my thesis before final submission. In particular, Dr. Iovino took the

time to go over the paper very carefully and made many recommendations on improving the

overall quality of the paper as a piece of academic writing. I want to also thank Louis Bilicich

and Carrie Burns for reviewing the paper for grammar, punctuation, and style. Although

he did not help with my thesis in any direct way, I feel a great deal of gratitude toward

Dr. Manuel Berriozabal for his long-standing encouragement and support. More generally,

my thanks go to the entire mathematics department at UTSA and to the mathematics

department at Reed College, where I gained a background that has served me well at UTSA.

Credit also goes to the developers of SAGE [S+11] and the PARI Group [The11] for the

software that I used for some of the calculations. The other components of SAGE that I

used are mwrank [Cre], Singular [W. 11], FLINT [Har], MPFR [FHL+07], and ginac [gin].

August 2011

ii

AN EXPLICIT PROOF OF THE WEAK FINITE BASIS

THEOREM AND APPLICATIONS TO COMPUTING

RANKS OF ELLIPTIC CURVES

Zachery A. Sharon, M.S.The University of Texas at San Antonio, 2011

Supervising Professor: Eduardo Duenez, Ph.D.

Let E be an elliptic curve defined over the field Q of rational numbers, and let G be

the group E(Q) of rational points of E . The classical proof of Mordell’s Weak Finite Basis

Theorem shows that G/2G is finite by embedding it in a certain finite group H whose genesis

is algebraic number-theoretical. Assuming that G has trivial 2-torsion, we provide an explicit

parametrization of H. This parametrization yields an upper bound for the rank of G as well

as a heuristic algorithm to determine the exact rank. We offer some examples to illustrate

the use and limitations of this approach.

iii

TABLE OF CONTENTS

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1 Some Algebraic Background 4

1.1 Algebraic Field Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Algebraic Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.2.1 Rings and Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.2.2 Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.2.3 Dirichlet’s Units Theorem . . . . . . . . . . . . . . . . . . . . . . . . 12

1.3 Norms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2 Elliptic Curves Background 17

2.1 Projective Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.2 Rational Points on Elliptic Curves . . . . . . . . . . . . . . . . . . . . . . . . 21

3 The Weak Finite Basis Theorem 27

3.1 The Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.2 A Useful Homomorphism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.3 Proof of the Weak Finite Basis Theorem . . . . . . . . . . . . . . . . . . . . 36

3.4 An Algebraic Interlude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.5 Transition to Linear Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.5.1 Parametrizing R∗�/R∗2 . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.5.2 Parametrizing (ID ∩ PI2)/I2D . . . . . . . . . . . . . . . . . . . . . . 50

3.5.3 Parametrizing (ID ∩ PsnI2)/I2D . . . . . . . . . . . . . . . . . . . . . 51

3.5.4 Parametrizing H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4 A Heuristic Algorithm 53

4.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.2 The Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.3 Two Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

iv

Introduction

Elliptic curves have long been a rich area of study since they sit at the intersection of a

number of mathematical fields. As such, the problem of classifying the group of rational

points on an elliptic curve defined over the field Q of rational numbers is an involved one.

(By rational point we mean a point whose coordinates are defined over the field Q of rational

numbers.) The Mordell Finite Basis Theorem states that the group of rational points on

an elliptic curve defined over the rationals is finitely generated. The standard proof of the

theorem has two components: the Weak Finite Basis Theorem, and a descent argument

using heights of points on the curve. We will focus on the former, which states the following:

Theorem (Mordell’s Weak Finite Basis Theorem). Let G be the (abelian) group of rational

points on an elliptic curve E defined over the field Q, and let 2G denote the subgroup of

double-points. Then the quotient group G/2G is finite.

This paper has two goals. First, we will give an explicit proof of Mordell’s Weak Finite

Basis Theorem in the generic case when G[2], the group of 2-torsion points of G, is trivial.

Second, we will use the machinery of that proof to develop a heuristic algorithm for comput-

ing ranks of elliptic curves. Mordell proved his Finite Basis Theorem in 1922 [Mor22], and

in 1928, Weil [Wei28] extended it to elliptic curves defined over arbitrary number fields and

jacobians of curves of higher genus. In 1929, Weil [Wei29] published a simplified proof of

Mordell’s Weak Finite Basis Theorem. We will not address the ideas in Weil’s 1928 paper,

but we will follow in part the method given in his 1929 paper. One of the main benefits of

our approach and scope is that the entire proof is explicit and elementary relative to some

of the literature on the topic, making it more accessible to readers who have not previously

studied elliptic curves. A great deal has been written on this topic; however, the thesis relies

primarily on the exposition of J.W.S. Cassels [Cas91] and that of J. Silverman and J. Tate

[ST92].

1

We will assume that the reader has had at least a one-semester course in graduate algebra.

For the convenience of the reader whose background does not include algebraic number

theory, algebraic field extensions, projective geometry, or elliptic curves, the first two chapters

contain surveys in those topics. The reader who is familiar with those topics may safely skip

directly to Chapter 3.

The third chapter contains the main proofs, and largely follows the classical proof of the

Weak Finite Basis Theorem up to a certain ideal factorization, when we adopt a more ab-

stract view. The classical proof is often presented in a way that emphasizes the arithmetic

of the groups involved; however, we will use an approach that emphasizes the homomor-

phisms between the groups. In particular, we will clarify the proof by arranging the relevant

groups and homomorphisms into exact sequences. The main contributions of this paper are

the more abstract approach taken and the specific exact sequences used. Not only will key

elements in the proof that the rank is finite become clearer, but the exact sequences allow

us to estimate the rank of a given curve.

In the fourth chapter we will use the results of Chapter 3 to establish an upper bound

for the rank of the curve. We will further give a heuristic algorithm for obtaining a lower

bound and lowering the upper bound. In some cases, this may yield the exact rank. We

will briefly consider the computational limitations of the algorithm; there are also some

algebraic limitations that are beyond the scope of the paper (see section 23 of [Cas91]). The

chapter closes with two examples that illustrate the use and limitations of this approach.

The computational applications contained in the last chapter are a work in progress. The

scant number of examples provided is a reflection of the need to meet academic deadlines

rather than of limitations in our approach. (In the future, we will develop a polished SAGE

function for computing the ranks of a large number of curves.)

We must point out that current algorithms to compute ranks of elliptic curves (including

in particular those algorithms used by pari, SAGE and magma) are far more sophisticated

than our approach in chapter 4. However, without relying on tools beyond the scope of this

2

thesis, our methods obtain as much information about the rank as seems possible from just

a careful dissection of the proof of the Weak Finite Basis Theorem.

3

Chapter 1: Some Algebraic Background

This chapter will give an overview of the field theory needed to understand the proofs given

in the main chapter. It is assumed that the reader is familiar with groups, rings, and fields,

and with the associated structures such as homomorphisms, subgroups, subrings, subfields,

quotients, exact sequences, etc. What is not assumed is knowledge of field extensions and

the connections between rings and number theory. The reader who is familiar with these

topics may still want to at least skim these sections as we will in some cases use nonstandard

notation or terminology.

In the interest of brevity, and because these results are standard, no proofs are given.

However, references to proofs are given for those who wish to see them, and these results

should be present in any standard book on Galois theory or the theory of algebraic numbers.

The wordings of some definitions and theorems are taken directly from the works cited.

1.1 Algebraic Field Extensions

Definition 1.1. A field extension is a monomorphism K → L, where K and L are fields.

This is denoted L/K, and we will not usually refer to the monomorphism explicitly.

Definition 1.2. Let K be a field, and X a non-empty subset of K. Then the subfield of K

generated by X is the intersection of all subfields of K that contain X.

Definition 1.3. Let L/K be a field extension and X a non-empty subset of L. Then the

subfield of L generated by K ∪X is written K(X) and is said to be obtained by adjoining

X to K.

4

Definition 1.4. A simple extension is an extension L/K such that L = K(α) for some

α ∈ L.

Definition 1.5. Let L/K be a field extension. α ∈ L is called algebraic over K if there

is some nonzero polynomial p over K such that p(α) = 0. L/K is called algebraic if every

element of L is algebraic over K.

Definition 1.6. Let L/K be a field extension, and suppose that α ∈ L is algebraic over K.

Then the minimum polynomial of α over K is the unique monic polynomial m over K of

smallest degree such that m(α) = 0.

Definition 1.7. The degree [L : K] of a field extension L/K is the dimension of L taken as

a K-module.

Proposition 1.8. If K ⊂ L ⊂M , are fields, then [M : K] = [M : L][L : K].

Proof. See Theorem 4.2 on page 45 of [Ste90].

Proposition 1.9. Let K(α)/K be a simple algebraic extension. Then [K(α) : K] = degm,

where m is the minimum polynomial of α.

Proof. See Proposition 4.3 on page 47 of [Ste90].

Definition 1.10. A finite extension is one whose degree is finite.

Proposition 1.11. L/K is a finite extension if and only if L is algebraic over K and there

exist α1, . . . , αn ∈ L such that L = K(α1, . . . , αn).

Proof. See Lemma 4.4 on page 48 of [Ste90].

Definition 1.12. Let K be a field, and let f be a polynomial over K. We say that f splits

over K if it can be written as a product of linear factors

f(x) = κ(x− α1) · · · (x− αn),

5

where κ, α1, . . . , αn ∈ K.

Definition 1.13. The field Σ is a splitting field for the polynomial f over the field K if

1. K ⊂ Σ,

2. f splits over Σ, and

3. If K ⊂ Σ′ ⊂ Σ and f splits over Σ′, then Σ′ = Σ.

Σ is the smallest extension of K in which f splits.

Definition 1.14. The field Σ is a splitting field for a set P of polynomials over the field K

if

1. K ⊂ Σ,

2. each f ∈ P splits over Σ, and

3. Σ is the smallest such field.

Proposition 1.15. Condition 2 in the previous definition is equivalent to Σ = K(σ1, . . . , σn)

where σ1, . . . , σn are the zeros of f in Σ.

Proof. See Theorem 3.5 on page 37 of [Ste90].

Proposition 1.16. For a field K and a polynomial f over K, there exists a splitting field

for f over K.

Proof. See Theorem 8.1 on page 78 of [Ste90].

Definition 1.17. An extension L/K is normal if every irreducible polynomial over K that

has a zero in L splits in L.

Proposition 1.18. An extension L/K is normal if and only if L is a splitting field for some

polynomial over K.

6

Proof. See Theorem 8.4 on page 82 of [Ste90].

Definition 1.19. An irreducible polynomial over a field K is separable over K if it has no

multiple zeros in a splitting field.

Definition 1.20. An arbitrary polynomial over a field K is separable if each of its irreducible

factors is separable over K. An algebraic element of K is called separable over K if its

minimum polynomial is separable over K. An algebraic extension L/K is called separable if

every element of L is separable over K.

Definition 1.21. Let L/K be an algebraic extension. The normal closure of L/K is the

extension N of L such that

1. N/K is normal, and

2. If L ⊂M ⊂ N and M/K is normal, then M = N .

In other words, N is the smallest extension of L that is normal over K.

Proposition 1.22. Let L/K be a finite separable extension. The splitting field for the set

of minimum polynomials of elements of L coincides with the normal closure of L/K.

Proof. See Theorem 8.17 on page 490 of [Jac09].

Corollary 1.23. Let K(α)/K be a finite separable extension. The splitting field for the

minimum polynomial of α coincides with the normal closure of K(α)/K.

Remark 1.24. In fact, the normal closure of L/K can alternately (and equivalently) be

defined as the splitting field of the minimum polynomials of the elements of L.

Definition 1.25. Let L/K be any extension. A K-monomorphism of L to some extension

L′ of K is a field monomorphism ϕ of L to L′ such that ϕ(k) = k for all k ∈ K. (Recall that

all field homomorphisms are injective.) A K-automophism of L is a K-monomorphism from

L to itself.

7

Proposition 1.26. Let L/K be a finite separable extension of degree n. Then there are

precisely n distinct K-monomorphisms of L into a normal closure N (and hence into any

given normal extension M of K containing L).

Proof. See Theorem 10.6 on page 100 of [Ste90] or Theorem 11 on page 404 of [BSG66].

Proposition 1.27. If L/K is a finite normal separable extension, then the set of all K-

automorphisms of L forms a group under composition.

Proof. See Theorem 7.1 on page 72 of [Ste90].

Definition 1.28. A finite normal separable extension is called a Galois extension. The

Galois group Gal(L/K) of the Galois extension L/K is the group of all K-automorphisms

of L under composition.

1.2 Algebraic Numbers

1.2.1 Rings and Fields

Definition 1.29. A complex number α will be called algebraic over Q if it satisfies some

nonzero polynomial with coefficients in Q.

Proposition 1.30. The set A of all algebraic numbers is a subfield of C.

Proof. See page 39 of [ST79].

Definition 1.31. A subfield K ⊂ A is called a number field if [K : Q] is finite (that is, if

K is a finite dimensional Q-module).

For the rest of section 1.2, K will denote a number field.

Definition 1.32. Let R ⊂ R′ be rings with (identical) unity and such that R′ is commu-

tative. An element of R′ is said to be integral over R if it satisfies some monic nonzero

polynomial with coefficients in R.

8

Definition 1.33. A complex number θ is called an algebraic integer if θ is integral over Z.

Proposition 1.34. Let R,R′ be as in the Definition 1.32. The set of all elements of R′ that

are integral over R is a subring of R′ containing R.

Proof. See the corollary on page 5 of [Jan73].

Corollary 1.35. The set B of all algebraic integers is a subring of A.

Remark 1.36. Since any polynomial equation p(x) = 0 with coefficients in Q can be made

into one with coefficients in Z by clearing denominators, the only distinction between Defi-

nitions 1.29 and 1.33 is the condition that the polynomial be monic.

Definition 1.37. Let R be a ring with field of fractions K, and let L/K be a finite extension.

The integral closure of R in L is the set of all elements of L that are integral over R. R is

called integrally closed if it is identical to its integral closure.

Definition 1.38. Let K be a finite extension of Q. Let OK denote the integral closure of

Z in K; that is, OK = K ∩B.

1.2.2 Ideals

Let R be a ring with field of fractions K.

Definition 1.39. A fractional ideal of R (or of K) is a finitely generated R-submodule of

K. Fractional ideals of R will sometimes be referred to simply as ideals, and “ordinary”

ideals of R (that is, ideals of R that are subrings of R) will be called integral ideals.

Remark 1.40. For a fractional ideal a of R, there is some ξ ∈ R such that ξa is an integral

ideal of R.

Definition 1.41. For fractional ideals a, b of R, we say that a | b if there is some ideal c of

K such that b = ac.

9

Proposition 1.42. For fractional ideals a, b of R, a | b if and only if b ⊂ a.

Proof. See Proposition 5.6 on page 121 of [ST79]. The proof there is applied to the case

where R = OK for some number field K, but the proof is exactly the same for the general

case.

Definition 1.43. An integral ideal p of R with p 6= R is called prime if p | ab implies p | a

or p | b for any two integral ideals a, b of R.

Definition 1.44. An integral domain is a commutative ring with unity that has no zero

divisors.

Definition 1.45. A Noetherian ring is a ring in which every (non-empty) set of ideals has

a maximal element (ordered by inclusion).

Definition 1.46. A Dedekind domain (or Dedekind ring) is an (integrally closed) Noetherian

integral domain such that every nonzero prime ideal is maximal.

Remark 1.47. There are other, equivalent, definitions, but this one will suffice.

Proposition 1.48. Let R be a ring with field of fractions K, and let L/K be a finite

extension. If R is a Dedekind ring, then the integral closure of R in L is a Dedekind ring.

Proof. See Theorem 6.1 on page 23 of [Jan73] or Theorem 10.7 on page 633 of [Jac09].

Corollary 1.49. OK is a Dedekind ring.

Proof. This comes from Proposition 1.48.

From now on, we will only be concerned with the ring of integers OK in a finite (algebraic)

extension K/Q.

Corollary 1.50. For a prime ideal p ∈ OK, the quotient ring OK/p is a finite field called

the residue field.

10

Proof. This follows directly from Proposition 1.49.

Definition 1.51. A fractional ideal a is called principal if a = αOK for some α ∈ K. P

will denote the set of nonzero principal fractional ideals.

Proposition 1.52. The set I of all fractional ideals is an abelian group under multiplication

with

a−1 := {α ∈ K | αa ⊂ OK}

and OK as the identity element.

Proof. See Theorem 5.4 on page 117 of [ST79].

Proposition 1.53. For a finite extension K/Q, P is a (normal) subgroup of I.

Proof. Obvious.

Definition 1.54. The class-group C of a finite extension K/Q is defined by C := I/P .

Theorem 1.55 (Finiteness of the class-group). Let K/Q be a finite extension. Then C is

finite abelian.

Proof. See Theorem 11.10 on page 56 of [Jan73] or Theorem 9.7 on page 171 of [ST79]. The

proof is an application of Minkowski’s “geometry of numbers”, most notably Minkowski’s

lattice theorem. See the references for details.

Proposition 1.56. Prime factorization of fractional ideals of OK is unique, up to the order

of the factors.

Proof. See Theorem 5.5 on page 117 of [ST79].

11

Definition 1.57. A (discrete) valuation on a field K is map ν : K → Z ∪∞ such that for

all α, β ∈ K,

ν(αβ) = ν(α) + ν(β)

ν(α + β) ≥ min(ν(α), ν(β))

ν(α) =∞ if and only if α = 0

Definition 1.58. For an algebraic number α ∈ K and a prime ideal p ⊂ OK , let νp(α)

denote the exponent of p in the factorization of αOK .

Proposition 1.59. For a prime ideal p of K, νp is a (discrete) valuation called the (discrete)

p-adic valuation of K.

Proof. This follows easily from unique factorization of ideals and the definition.

Proposition 1.60. Let p be a prime ideal of OK. Fix a polynomial p(X1, . . . , Xn) ∈

O[X1, . . . , Xn], and let p(X1, . . . , Xn) ∈ (OK/p)[X1, . . . , Xn] denote the reduced polynomial.

For any α1, . . . , αn ∈ OK, let αi = αi mod p. If p(α1, . . . , αn) = 0, then p(α1, . . . , αn) = 0.

Proof. Trivial.

1.2.3 Dirichlet’s Units Theorem

Theorem 1.61 (The Structure Theorem for Finitely Generated Abelian Groups, invariant

factors decomposition). If G is a finitely generated abelian group, then there exist integers

r, d1, . . . , dn such that

G ' Zr × Zd1 × · · · × Zdn ,

where 1 < d1 | d2 | · · · | dn, and Zi denotes Z/iZ.

Proof. See page 181 of [Jac74].

12

Corollary 1.62 (The Structure Theorem for Finitely Generated Abelian Groups). If G is

a finitely generated abelian group, then

G ' Zr × Zpe11× · · · × Zpenn

for some integer r ≥ 0, non-distinct primes pi and integer exponents ei, and Zi denotes

Z/iZ.

Proof. We will defer the proof until Chapter 3, where we will prove a slight rephrasing (which

is equivalent).

Definition 1.63. Let K be a number field of degree n. By Proposition 1.26, there are n

Q-monomorphisms of K into C, call them σ1, . . . , σn. If σi(K) ⊂ R, then σi is called real ;

otherwise, it is called complex.

Remark 1.64. If σi is complex, then there is some (distinct) σj such that σi = σj (complex

conjugation), hence complex Q-monomorphisms come in pairs. Therefore n = s + 2t where

s and t are the numbers of real monomorphisms and complex pairs, respectively.

Theorem 1.65 (Dirichlet’s Units Theorem). The group of units O∗K is a finitely generated

(abelian) group of rank s + t− 1, whose torsion subgroup is the group WK of roots of unity

in K.

Proof. See Theorem 11.19 on page 61 of [Jan73] or Theorem 12.6 on page 227 of [ST79]. As

with the finiteness of the class-group, the proof of this is largely an application of Minkowski’s

“geometry of numbers”.

Corollary 1.66. Let OK denote the ring of integers in an algebraic number field K. Then,

O∗K/(O∗K)2 is finite.

13

Proof. By Dirichlet’s Units Theorem and the Structure Theorem for Finitely Generated

Abelian Groups,

O∗K∼= WK × Zs+t−1. (1.1)

Thus we also have

(O∗K)2 ∼= W 2K × (2Z)s+t−1 (1.2)

and therefore

O∗K/(O∗K)2 ∼= WK/W

2K × (Z/2Z)s+t−1. (1.3)

Since s+ t− 1 is finite, and WK is finite, O∗K/(O∗K)2 is finite.

Proposition 1.67. If K is a degree 3 extension of Q, then O∗K/(O∗K)2 ' Fs+t2 .

Notice that this means that O∗K/(O∗K)2 is always a finite dimensional vector space. This

characterization of O∗K/(O∗K)2 will prove very helpful in a later chapter.

Proof. Suppose [K : Q] = 3. Then 1 ≤ s ≤ 3, that is, there is a real Q-monomorphism of K,

call it σ. Since σ(K) ⊂ R, the roots of unity in σ(K) are ±1. Since σ is a monomorphism,

WK ' {±1}, so W 2K is trivial; hence WK/W

2K ' {±1} ' Z/2Z. Thus

O∗K/(O∗K)2 ∼= Z/2Z× (Z/2Z)s+t−1 = Fs+t2 .

1.3 Norms

Definition 1.68. Let L/K be a finite separable extension of degree n. Then, viewing L as

an n-dimensional K-module, for any α ∈ L, the map ξ 7→ αξ is a K-linear mapping. Fix a

basis β1, . . . , βn for L/K; then there is a unique matrix (aij) ∈ Matn(K) such that

αβi =n∑j=1

aijβj.

14

We define the norm of α by

NLK(α) = det(aij),

which is invariant under a change of basis and thus determined only by α and L/K.

Proposition 1.69. Let L/K be an extension of dimension n. Then for all α, β ∈ L a ∈ K,

NLK(αβ) = NL

K(α)NLK(β), and

NLK(aα) = anNL

K(α).

Proof. See 5.1 on page 19 of [Jan73].

Remark 1.70. For a ∈ K, NLK(a) = anNL

K(1L) = an. For α ∈ L − K, computing norms

from the definition alone is less straightforward, so we have the following proposition.

Proposition 1.71. Let L/K be a finite separable extension of degree n with normal closure

N . By Proposition 1.26, there are precisely n K-monomorphisms of L into N ; call them

σ1, . . . , σn. For α ∈ L, NLK(α) = σ1(α) · · ·σn(α).

Proof. See Theorem 7 on page 401 and Corollary 1 on page 404 of [BSG66].

Definition 1.72. Let R be a Dedekind ring with quotient field K, and let L/K be a finite

separable extension of K, with R′ the integral closure of R in L. Let a be an integral ideal

in R′. The norm NLK(a) of a is the ideal in R generated by all NL

K(a) with a ∈ a. Extend

this definition to fractional ideals by NLK(a) = NL

K(ξ−1b) = NLK(ξ−1)NL

K(b), where ξa = b is

an integral ideal.

Definition 1.73. In the case of R = Z, given an integral ideal a in OL, NLQ(a) = mZ for

some positive integer m. Define the absolute norm of a by N(a) = m. Extend this definition

to fractional ideals by N(a) = N(ξ−1b) = NLQ(ξ−1) N(b), where ξa = b is an integral ideal.

15

Proposition 1.74. Let L/Q be a finite extension and a ⊂ OL an integral ideal. Then

N(a) = |OL/a|.

Proof. See Proposition 8.6 on page 37 of [Jan73].

Proposition 1.75. Let L/Q be a finite extension and α ∈ L. Then N(αOL) =∣∣NL

Q(α)∣∣.

Proof. See Corollary 5.9 on page 126 of [ST79].

16

Chapter 2: Elliptic Curves Background

This chapter will provide a foundation in the arithmetic of points on elliptic curves defined

over the field Q of rational numbers. It is assumed that the reader is familiar with poly-

nomials and Cartesian geometry, but not much else is required. The reader who is familiar

with these topics may still want to at least skim these sections as we may in some cases use

nonstandard notation or terminology.

As in the previous chapter, in most cases references are given instead of proofs. The

wordings of some definitions and theorems are taken directly from the works cited.

2.1 Projective Curves

This section will include some informal discussion, and in some cases proofs will not be given.

For a more formal (and detailed) discussion, see Appendix A of [ST92].

Let F be a field with characteristic 0, say Q or R or C. Characteristic 0 is not really

necessary for the immediately following theory, but it is what will be assumed in the next

chapter, so we may as well adopt it now.

Definition 2.1. n-dimensional affine space is defined by An = {(x1, . . . , xn) : xi ∈ F}.

Definition 2.2. Define an equivalence relation on points in An by (x1, . . . , xn) ∼n (x′1, . . . , x′n)

if and only if there is some t ∈ A − 0 such that (x′1, . . . , x′n) = (tx1, . . . , txn). Then define

projective n-space by

Pn = (An+1 − 0)/ ∼n+1 .

17

Proposition 2.3. P2 = A2 ∪ P1.

Proof. See page 223 of [ST92] and the remark below.

Definition 2.4. The point (a, b, c) ∈ A3− 0 lies in the equivalence class [a : b : c], and a, b, c

will be called homogeneous coordinates for the point [a : b : c] ∈ P2.

Remark 2.5. An idea from the proof of Proposition 2.3 will be useful in the next section.

A point [a : b : c] with c 6= 0 can also be written [a/c : b/c : 1], and it can then be identified

with the affine point (a/c, b/c) ∈ A2. The set of all such points is called the affine part of P2

(with respect to Z, so called since we are choosing to identify the line Z = 0 with P1). The

point [a : b : 0] corresponds to a point of P1; the set of all such points is called the projective

part of P2.

Here are two (very) intuitive ways to think of this:

1. Remember that the real projective plane is defined by P2 = (A3 − 0)/ ∼3, which

resembles, but is not the same as, the 2-sphere sitting in R3. When we choose a line at

infinity, we are choosing a way to slice the 2-sphere open and lay it down “flat,” giving us a

real affine 2-space.

2. If we want to cordon off a piece of projective space that resembles affine space so that

we have a more familiar setting, we must specify the part that will be thought as “far away”

or “at infinity.”

We can choose any line in P2 to identify with P1, but choosing the line Z = 0 will be useful

later, as we will see.

Definition 2.6. An (affine) algebraic curve in A2 is the set of all ordered pairs of real

numbers that satisfy a polynomial equation in two variables f(x, y) = 0, with coefficients in

F.

Definition 2.7. A homogeneous polynomial in three variables is a polynomial f(X, Y, Z)

such that f(tX, tY, tZ) = tdf(X, Y, Z) for some integer d > 0, which is called the degree of

18

the polynomial. A projective curve in P2 is the set of solutions to a polynomial equation

F (X, Y, Z) = 0, where F is a non-constant homogeneous polynomial with coefficients in

F. The homogeneity requirement on F is needed since we are dealing with homogeneous

coordinates. That is, since [a : b : c] = [ta : tb : tc] for t 6= 0, and we are interested in

zero-sets of polynomials, we must deal only with polynomials such that F (a, b, c) = 0 if and

only if F (ta, tb, tc) = 0.

Fix some projective curve C defined by a homogeneous polynomial F (X, Y, Z) with degree

d. Fix [a : b : c] ∈ C with c 6= 0. Then

0 =1

cdF (a, b, c) = F (a/c, b/c, 1).

Note that [a : b : c] = [a/c : b/c : 1]. If we define a new polynomial in two variables by

f(x, y) = F (x, y, 1),

then the algebraic curve defined by f is the affine part of C, where Z = 0 is the line at infinity.

This process, which is referred to as dehomogenization with respect to Z, can also be reversed.

Given a degree d polynomial in 2 variables f(x, y) =∑aijx

iyj, the homogenization of f is

given by

F (X, Y, Z) =∑i,j

aijXiY jZd−i−j.

Further discussion of this can be found on pages 226–228 of [ST92] or in [Shu]. For the

rest of this section, we will use lowercase letters for affine variables and uppercase letters for

projective variables.

Let C be a projective curve given by a homogeneous polynomial F (X, Y, Z). Then since

C[X, Y, Z] is a unique factorization domain, there is a unique factorization of F (X, Y, Z)

19

into irreducible homogeneous polynomials

F (X, Y, Z) = p1(X, Y, Z) · · · pn(X, Y, Z).

The polynomials pi(X, Y, Z) are called the irreducible components of F (X, Y, Z). A curve C

is called irreducible if it has only one such component, and two curves C1, C2 are said to have

no common component if their irreducible components are distinct.

Theorem 2.8 (Bezout). Two projective plane curves with no common components and with

degrees d1 and d2 intersect at d1d2 points with complex coordinates when counting multiplic-

ities.

Proof. See page 242 of [ST92].

Definition 2.9. A projective curve C is called rational if it is the set of zeros of a homoge-

neous polynomial having rational coefficients.

Definition 2.10. Let C be a rational projective curve given by F (X, Y, Z) = 0, a homo-

geneous polynomial with rational coefficients. The set of rational points on C is the set of

points on C that have rational coordinates:

C(Q) = {[a : b : c] ∈ P2 : F (a, b, c) = 0 and a, b, c ∈ Q}.

Definition 2.11. Let C be an algebraic curve defined by f(x, y) = 0. A point P ∈ C is

called singular if

(∇f)(P ) = 0,

where the gradient is defined in terms of formal differentiation of polynomials. Otherwise,

P is called non-singular. An algebraic curve is called non-singular (or smooth) if all of its

points are non-singular.

20

Definition 2.12. Let C be a projective curve defined by a homogeneous polynomial equation

F (X, Y, Z) = 0. C is called non-singular if each of its three dehomogenizations are non-

singular. Equivalently, a curve is non-singular if one of its dehomogenizations is non-singular

and ∇F is nonzero at the resulting points at infinity.

2.2 Rational Points on Elliptic Curves

Formally defining elliptic curves involves the mention of genus, and a definition of genus

would take us too far afield. The interested reader should consult any book on algebraic

geometry, for example [Har77].

Definition 2.13. An elliptic curve E is a smooth genus 1 curve with a specified rational

point.

Remark 2.14. We will only be concerned with elliptic curves defined over the field Q of

rational numbers.

Consider a projective curve C given by a degree 3 homogeneous polynomial equation of

the form

0 = F (X, Y, Z) = X3 + AXZ2 +BZ3 − Y 2Z

for some rational numbers A,B. We will describe the conditions under which a polynomial

equation of this form describes an elliptic curve. (Since we are ignoring genus, we will only

consider smoothness and the specified rational point.)

Fix some rational integer C. Then by the change of variables

X ′ = C2X, Y ′ = C3Y, Z ′ = Z,

21

we obtain a new form for the equation that defines E :

0 = F (X, Y, Z)⇔ 0 = C6F (X, Y, Z)

⇔ 0 = C6X3 + C6AXZ2 + C6BZ3 − C6Y 2Z

⇔ 0 = X ′3 + C4AX ′Z ′2 + C6BZ ′3 − Y ′2Z ′

By choosing C large enough, C4A and C6B are rational integers. Therefore, we can assume

this projective curve is defined by a polynomial with rational integer coefficients. This will

give the curve a discriminant, which we need next.

The dehomogenization with respect to Z of

F (X, Y, Z) = X3 + AXZ2 +BZ3 − Y 2Z

is given by

f(x, y) = x3 + Ax+B − y2.

By definition, f(x, y) = x3 +Ax+B − y2 is non-singular at all points where the gradient is

nonzero. Let g(x) = x3 + Ax+B, with discriminant D = −4A2 − 27B2. Then

(∇f)(x, y) = 0⇔ (3x2 + A,−2y) = (0, 0)

⇔ g′(x) = 0 and g(x) = 0

⇔ g has a double root

⇔ −4A2 − 27B2 = 0.

Let [a : b : c] be a point on the line (at infinity) Z = 0. Then c = 0, and by substituting

into 0 = X3 +AXZ2 +BZ3 − Y 2Z, we find that a = 0. Thus [0 : 1 : 0] is the only point at

22

infinity on C, and we will denote it by O. Also note that O is non-singular since

(∇F (X, Y, Z))((0 : t : 0)) = (3(0)2 + A(0)2, 2(1)(0), 2A(0)(0) + 3B(0)2 − (t)2) = (0, 0,−t2)

for all t ∈ F− 0. This could also be shown by dehomogenizing F (Z, Y, Z) with respect to Y

and showing that (0, 0) is a non-singular point of the affine curve f(x, z) = 0.

By definition, C is rational, and, as we have shown, C is smooth and has a rational point.

Thus, so long as A,B ∈ Z and D = −4A2 − 27B2 6= 0, such a projective curve is an elliptic

curve.

Definition 2.15. An elliptic curve E given by a polynomial of the form X3 +AXZ2 +BZ3−

Y 2Z (A,B ∈ Z) is said to be in Weierstrass canonical form.

Definition 2.16. We define a binary operation on E(Q) as follows. For P,Q ∈ E(Q), let R

denote the third point of intersection of the line L through P and Q with E (which exists and

is unique by Bezout’s Theorem). R must be a rational point since both E and L are defined

over Q. Let S denote the (rational) third point of intersection of E and the line through R

and O. Then we say P +Q = S. If P , Q are distinct from each other and from O, then this

is easy to interpret. If either P = Q or P = O, then one need only remember that the line

going through P twice is the line tangent to E at P , and a line that goes through O and at

least one other rational point is a vertical line.

Remark 2.17. As we said before, O is the only intersection between E(Q) and the line at

infinity P1; thus this intersection has multiplicity 3. Therefore the group operation can be

summarized by: for P,Q,R ∈ E(Q), P +Q+R = O if and only if P,Q,R are collinear.

The group law for affine points can also be given algebraically. Fix two rational points

P1 = (x1, y1), P2 = (x2, y2). If (x1, y1) = (x2,−y2), then P1 = −P2, so P1 + P2 = O. In any

23

other case,

P1 + P2 = (x3, y3) = (λ2 − x1 − x2, λx3 + ν)

λ =

y2 − y1

x2 − x1

if P1 6= P2,

3x21 + A

2y1

if P1 = P2,

ν = y1 − λx1 = y2 − λx2

It is easily seen from these formulae that the sum of two (affine) rational points is again

rational. O is the neutral element.

Notation 2.18. Given a point P on an elliptic curve, we will denote P +P by 2P and also

make the following natural generalization:

nP := P + P + · · ·+ P︸ ︷︷ ︸n summands

.

Similarly,

−nP := −P − P − · · · − P︸ ︷︷ ︸n summands

.

Theorem 2.19. Let E be an elliptic curve. E(Q) is an abelian group under the binary

operation in the previous definition.

Proof. See section 7 of [Cas91]. Most of the proof is straightforward; the only difficulty is

proof of associativity.

Definition 2.20. We will say that two elliptic curves E , E ′ are birationally equivalent if there

is an invertible projective transformation from E(Q) to E ′(Q).

Theorem 2.21. Let E be an elliptic curve. E is birationally equivalent to another elliptic

curve E ′ in Weierstrass canonical form.

24

The basic idea of the proof can be found on page 33 of [Cas91], and we quote it here (note

that C refers to the Weierstrass canonical form):

“More precisely, the curve is equivalent to C and the equivalence takes thespecified rational point O on it to the point at infinity on C.

Proof for the Cognoscenti. By the Riemann-Roch theorem, the set of functionson the curve with at worst a pole of order 2 at O has dimension 2. Let a basisbe 1, ξ. Similarly the set of functions with at worst a triple pole is of dimension3 at O, with basis say 1, ξ, η. Then the functions

η2, ηξ, η, ξ3, ξ2, ξ, 1

all have at worst a pole of order 6. By the Riemann-Roch theorem, there mustbe a linear relation between the 7 listed functions. The relation must involveboth ξ3 and η2. A transformation

ξ → c1ξ + c2

η → c3η + c4ξ + c5

reduces the relation toη2 = ξ3 + Aξ +B

for some A,B.”

Remark 2.22. The reader who wants to see a more detailed proof should refer to [Shu];

those who want further details on the Riemann-Roch theorem should be able to find them

in any book on algebraic geometry, for example [Har77].

Theorem 2.23 (Mordell-Weil Finite Basis Theorem). For an elliptic curve E, E(Q) is

finitely generated.

A proof of this can be found in section 17 of [Cas91], but there are a few things that

should be said here. There are two main components to the proof. The first is the Weak

Finite Basis Theorem, and the second is a descent argument using heights of points on a

curve (see Chapter 3 of [ST92] for more discussion on heights). The descent argument is

a modern refinement of Fermat’s method of infinite descent, which he used to disprove the

25

existence of rational points on certain affine curves. This paper focuses on the Weak Finite

Basis Theorem since that is where we will find a mechanism for computing the rank of a

curve, as opposed to simply showing it exists. As a bonus, this is also where the proof in

[Cas91] skips a lot of details that we will not.

Corollary 2.24. For an elliptic curve E,

E(Q) ' Zr × Zpe11× · · · × Zpenn

for some integer r ≥ 0, non-distinct primes pi and integer exponents ei, and Zi denotes

Z/iZ.

Proof. This follows directly from the Structure Theorem for Finitely Generated Abelian

Groups.

Definition 2.25. Given an elliptic curve E , the rank of the elliptic curve is the rank of E(Q)

(the number of generators for the torsion-free part of the group).

26

Chapter 3: The Weak Finite Basis Theorem

This marks the beginning of the actual work of the thesis, and the reader should be aware

that the first three sections are based on the classical proof. Beginning with Section 4, we

will present new ideas alluded to in the introduction.

In this chapter, we will not need to refer to homogeneous coordinates, and we will use

uppercase letters X, Y for affine variables. We will use lowercase letters x, y to refer to fixed

affine coordinates of points.

3.1 The Setting

Let

E : Y 2 = F (X) := X3 + AX +B A,B ∈ Z (3.1)

give the affine part of an elliptic curve in Weierstrass form with the point at infinity O. Since

E is smooth, the right-hand side has distinct roots; thus

F (X) = X3 + AX +B =3∏j=1

(X − θj)

with θi 6= θj for i 6= j, and

D = −4A3 − 27B2 6= 0.

We will assume that F (X) is irreducible over Q. Denote the group of rational points E(Q)

by G and the subgroup of double points by 2G = {P ∈ G : P = 2P ′ for some P ′ ∈ G}.

27

Remark 3.1. In this paper we will restrict ourselves to the case in which F (X) is irreducible;

in other words, the group G[2] of 2-torsion points of G is trivial. We do this not because

the reducible case is difficult (in fact it is easier), but because we are only interested in

the irreducible case. A proof of the reducible case can be found in [ST92], and a proof

that includes both can be found in [Cas91]. Furthermore, the purpose of this paper is the

development of a heuristic algorithm for computing ranks of elliptic curves. For the reducible

case, one can be found in [ST92].

Theorem 3.2 (Weak Finite Basis Theorem).

G/2G is finite.

To prove this, we will divide the work into several lemmas and propositions, but before

we do that, we need some preliminary tools and notation.

Since θj is algebraic of degree 3 over Q,

Q[θj] = Q + Qθj + Qθ2j j = 1, 2, 3,

and since F (X) is irreducible over Q,

Q[θj] = Q(θj) j = 1, 2, 3.

Notation 3.3. Θ := (θ1, θ2, θ3) and R := Q[Θ] ⊂ Q(θ1)×Q(θ2)×Q(θ3).

In order to identity R with a subset of the Cartesian product, we must do the same with Q

by identifying a ∈ Q with (a, a, a). (The triplet notation will be more convenient at times.)

We use the letter R since in general Q[Θ] need not be a field, but only a ring. The present

assumption that F (X) is irreducible over Q implies R is a field (isomorphic to Q[X]/(F (X))

28

and also to Q(θj) for j = 1, 2, 3). Since F (X) has distinct roots, R is a separable extension

of Q. Normality is not guaranteed, but we will not need it.

Notation 3.4. Except for Θ = (θ1, θ2, θ3), elements of R that are not in Q will be denoted

by lowercase Greek letters.

For each α ∈ R, there exists a polynomial p(X) ∈ Q[X] such that α = p(Θ) = (p(θ1), p(θ2), p(θ3)).

Since Θ is of degree 3, the polynomial p(X) may be assumed to be quadratic. Thus

R = {p(Θ) : p(X) ∈ Q[X] and deg(p(X)) ≤ 2}.

Polynomials of degree 0 correspond to elements of Q.

Since R/Q is a cubic extension and the three maps

σi : R→ Q(θ1, θ2, θ3)

Θ 7→ θi

q 7→ q

for i = 1, 2, 3 and q ∈ Q are Q-monomorphisms, we have from propositions 1.23 and 1.71

that for α = (α1, α2, α3) ∈ R,

NRQ(α) = α1α2α3.

By Definition 1.68, NRQ(α) ∈ Q for all α ∈ R.

3.2 A Useful Homomorphism

Notation 3.5. Denote the set of square elements in Q∗ by

Q∗2 := {x ∈ Q∗ : x = y2 for some y ∈ Q∗},

29

the set of square elements in R∗ by

R∗2 := {x ∈ R∗ : x = y2 for some y ∈ R∗},

and the set of square-norm elements in R∗ by

R∗sn :={α ∈ R∗ : NR

Q(α) ∈ Q∗2}.

Fix a point P = (x, y) ∈ G. Since F (X) has no rational roots, we have y ∈ Q∗ and x 6= θj

for each j = 1, 2, 3. Thus

NRQ(x−Θ) = NR

Q((x− θ1, x− θ2, x− θ3))

= (x− θ1)(x− θ2)(x− θ3)

= F (x)

= y2

∈ Q∗2,

so x−Θ ∈ R∗sn, and we may define a function

µ : G→ R∗sn/R∗2

P = (x, y) 7→ (x−Θ) mod R∗2

O 7→ 1 mod R∗2.

(3.2)

It is easily seen that R∗sn/R∗2 is a subgroup of R∗/R∗2 and that R∗/R∗2 has exponent

dividing 2. For reasons that we defer to a later section, R∗sn 6= R∗2; hence R∗sn/R∗2 has

exponent 2. We will show that µ is a group homomorphism with ker(µ) = 2G. We need a

30

general result about homomorphisms.

Lemma 3.6. Let G and H be groups with group operations ∗ and •, respectively. Let

f : G→ H be a mapping such that f(idG) = idH and for any g1, g2, g3 ∈ G,

g1 ∗ g2 ∗ g3 = idG ⇒ f(g1) • f(g2) • f(g3) = idH .

Then f is a homomorphism.

Proof. Assume that f(idG) = idH and that for any g1, g2, g3 ∈ G, if g1 ∗ g2 ∗ g3 = idG, then

f(g1) • f(g2) • f(g3) = idH . Fix g ∈ G; then

g ∗ idG ∗ g−1 = idG;

thus

f(g) • f(g−1) = f(g) • idH • f(g−1) = f(g) • f(idG) • f(g−1) = idH .

Therefore f(g)−1 = f(g−1) for all g ∈ G.

Now fix g, g′ ∈ G; we will show that f(g ∗ g′) = f(g) • f(g′). Since g ∗ g′ ∗ (g ∗ g′)−1 = idG,

we have

f(g) • f(g′) • f((g ∗ g′)−1) = idH ,

and since f(g ∗ g′)−1 = f((g ∗ g′)−1),

f(g) • f(g′) • f(g ∗ g′)−1 = idH .

Hence f(g) • f(g′) = f(g ∗ g′), which completes the proof.

Lemma 3.7. µ is a group homomorphism.

Proof. By definition, µ maps the identity of its domain to the identity of its image, so by

31

Lemma 3.6, it will be sufficient to show that for any three points P1, P2, P3 ∈ G,

P1 + P2 + P3 = O ⇒ µ(P1)µ(P2)µ(P3) ≡ 1 mod R∗2.

Fix P1, P2, P3 ∈ G, and assume that P1 +P2 +P3 = O. We will show that µ(P1)µ(P2)µ(P3) ≡

1 mod R∗2 in three cases,

1. none of P1, P2, P3 are O,

2. exactly one of P1, P2, P3 is O,

3. at least two of P1, P2, P3 are O.

Case 1. Assume that P1 + P2 + P3 = O, with none of the three points P1, P2, P3 equal to

O. Then for each i = 1, 2, 3, there exist xi, yi ∈ Q with yi 6= 0 (since F (X) has no rational

roots) such that Pi = (xi, yi). The three points lie on the line (not vertical since none of

the three points is O) Y = mX + l, for some m, l ∈ Q. Therefore, the cubic polynomial

F (X) − (mX + l)2 has three distinct roots X = x1, x2, x3, and since F (X) − (mX + l)2 is

monic, we obtain the polynomial identity

F (X)− (mX + l)2 = (X − x1)(X − x2)(X − x3).

We substitute Θ for X to obtain

0− (mΘ + l)2 = (Θ− x1)(Θ− x2)(Θ− x3), so

(x1 −Θ)(x2 −Θ)(x3 −Θ) = (mΘ + l)2.

32

Thus,

µ(P1)µ(P2)µ(P3) = (x1 −Θ)(x2 −Θ)(x3 −Θ) mod R∗2

= (mΘ + l)2 mod R∗2

≡ 1 mod R∗2,

Case 2. Assume that P1 +P2 +P3 = O, with exactly one point, say P3, equal to O. Then

P1 + P2 = O, so P2 = −P1 = (x1,−y1) for some x1, y1 ∈ Q with y1 6= 0 (since F (X) has no

rational roots). Hence

µ(P2) = µ(−P1) = (x1 −Θ) = µ(P1) mod R∗2,

and

µ(P1)µ(P2)µ(P3) = µ(P1)µ(P1)1 = µ(P1)2 ≡ 1 mod R∗2.

Case 3. Assume that P1 +P2 +P3 = O, with two, and thus all, of the points equal to O.

Then

µ(P1)µ(P2)µ(P3) = µ(O)3 = 13 = 1 mod R∗2.

This completes the proof.

Lemma 3.8. The kernel of µ is 2G.

Proof. R∗sn/R∗2 has exponent 2, so since µ is a homomorphism, 2G ⊂ ker(µ). It remains to

show that 2G ⊃ ker(µ). Fix P ∈ ker(µ). We will show P ∈ 2G.

If P = O, then P = O = 2O ∈ 2G. Otherwise, P = (x0, y0) with x0 ∈ Q and y0 ∈ Q∗

(since F (X) has no rational roots), and we wish to find a line that meets the curve E : Y 2 =

F (X) once at P and twice at some other rational point, say P ′. A vertical line passing

through P also passes through O and −P , and it cannot pass through either of these points

33

twice unless they are equal, but that would imply P = O. Since we have already dealt with

that case, the line we seek is not vertical. Therefore, given (x0, y0) with y20 = F (x0) and

µ((x0, y0)) = 1 mod R∗2, we wish to find a line L : Y = mX + l, for some m, l ∈ Q, and a

point P ′ = (a, b) for some a, b ∈ Q, such that

L meets E once at P and twice at P ′.

In other words,

y0 = mx0 + l,

b = ma+ l, and the cubic polynomial

(mX + l)2 − F (X) has a simple root at x0 and a double root at a.

Therefore, we wish to find m, l, a ∈ Q such that

y0 = mx0 + l, (3.3)

(mX + l)2 − F (X) = (a−X)2(x0 −X) is a polynomial identity, (3.4)

and b will be determined by b = ma+ l.

The hypothesis P ∈ ker(µ) implies x0 − Θ ∈ R∗2; thus there is a polynomial p(X) =

p2X2 + p1X + p0 ∈ Q[X] such that

x0 −Θ = (p(Θ))2.

34

Θ satisfies no quadratic equations over Q, so p2 6= 0. Now,

(a−Θ)2(x0 −Θ) = (a−Θ)2(p(Θ))2

=[(a−Θ)(p2Θ2 + p1Θ + p0)

]2=[ap2Θ2 + ap1Θ + ap0 − p2Θ3 − p1Θ2 − p0Θ

]2=[−p2Θ3 + (ap2 − p1)Θ2 + (ap1 − p0)Θ + (ap0)

]2=[−p2(−AΘ−B) + (ap2 − p1)Θ2 + (ap1 − p0)Θ + (ap0)

]2=[(ap2 − p1)Θ2 + (Ap2 + ap1 − p0)Θ + (Bp2 + ap0)

]2.

Choose a = p1p2

, m = ±(Ap2 + ap1 − p0) and l = ±(Bp2 + ap0), with signs chosen so that

y0 = mx0 + l. Then since F (Θ) = 0,

(a−Θ)2(x0 −Θ) = (mΘ + l)2 − F (Θ).

Therefore (3.4) holds for three distinct values X = θ1, θ2, θ3. Since the cubic term in the

left-hand side of (3.4) is equal to the cubic term on the right-hand side of (3.4), this is

sufficient to show that (3.4) is a polynomial identity.

Now we have found m, l, a ∈ Q so that (3.4) is a polynomial identity and (3.3) holds.

Hence, L meets E once at P and twice at P ′. Thus P +2P ′ = O, and P = 2(−P ′) ∈ 2G.

The proof finds one half point P ′ of P , which is sufficient, but we might wonder if others

exist. Recall the formula for the x coordinate of the double of a point: for (x, y) ∈ G,

x coordinate of 2(x, y) =x4 − 2Ax2 − 8Bx+ A2

4y2.

By fixing P = (x0, y0) and solving the quartic equation

x4 − 2Ax2 − 8Bx+ A2 = 4x0y2,

35

we may find all four points on E that double to P , but only one will be rational.

Rather than solve the quartic, we take a more abstract approach. The kernel of the

doubling map on E(C) is the subgroup of 2-torsion points {O, (θ1, 0), (θ2, 0), (θ3, 0)}. Hence,

the preimage of P ∈ G is the coset

P ′ + {O, (θ1, 0), (θ2, 0), (θ3, 0)} = {P ′, P ′ + (θ1, 0), P ′ + (θ2, 0), P ′ + (θ3, 0)},

where P ′ is the half-point given by the proof of the lemma. Only the first element of the

coset is rational since the roots θ1, θ2, θ3 of F (X) are not rational.

3.3 Proof of the Weak Finite Basis Theorem

Now we are ready to give a proof of the theorem. We will significantly expand one component

of the standard proof of the theorem; however, the proof of that part will be deferred to the

next section. Given P = (x, y) ∈ G, we will exhibit an ideal factorization of the form

(x−Θ)OR = dz2,

where z ∈ I, the multiplicative group of nonzero fractional ideals in R, and d is representative

of a class in ID/I2D, where ID is the free abelian group generated by the prime ideals in R

that divide D. This factorization forms the crux of the proof, so we give it now, but it will

not actually be used until the next section.

Lemma 3.9. For any P = (x, y) ∈ G, there exist rational integers r, s, t such that gcd(r, t) =

gcd(s, t) = 1 and

x =r

t2, y =

s

t3.

Proof. Fix (x, y) ∈ G. Then x, y ∈ Q, and there exist r, s ∈ Z and n,m ∈ Z+ such that

36

gcd(r, n) = gcd(s,m) = 1 and

x =r

m, y =

s

n.

By substituting these representations of x and y into (3.1), we obtain

( sn

)2

=( rm

)3

+ A( rm

)+B,

and by clearing denominators, we have

s2m3 = r3n2 + Arm2n2 +Bm3n2. (3.5)

Since n2 divides the right-hand side of (3.5), n2 | s2m3. Since gcd(n, s) = 1, n2 | m3. We

can rearrange (3.5) to play the same game with m2. m2 divides the right-hand side of

r3n2 = s2m3 − Arm2n2 −Bm3n2,

and gcd(m, r) = 1, hence m2 | n2, which means m | n. This means that m3 divides the

right-hand side of the same rearrangement, thus m3 | n2. Now we have n2 | m3 and m3 | n2,

therefore m3 = n2. Let t = n/m (which is an integer since m | n); then

t2 = n2/m2 = m3/m2 = m and t3 = n3/m2 = n3/n2 = n,

which completes the proof.

Proposition 3.10. For any P = (x, y) ∈ G and any prime ideal p ⊂ OR, if p - D and

νp(r − t2Θ) 6= 0, then νp(r − t2Θ) = 2νp(s).

Proof. Let P = (x, y) ∈ G. Then, as in Lemma 3.9, there exist rational integers r, s, t such

37

that gcd(r, t) = gcd(s, t) = 1 and

x =r

t2, y =

s

t3.

By factoring F (X) and substituting r/t2 and s/t3 for X and Y , we obtain

F (X) = X3 + AX +B

Y 2 = (X −Θ)(X2 + ΘX + (Θ2 + A))

s2

t6=( rt2−Θ

)(r2

t4+ Θ

r

t2+ (Θ2 + A)

)s2 = (r − t2Θ)(r2 + Θrt2 + t4(Θ2 + A)).

Let p ⊂ OR be a prime ideal dividing both of the factors in the right-hand side of the last

equation. Then r ≡ t2Θ mod p, and

0 ≡ r2 + Θrt2 + t4(Θ2 + A)

≡ (t2Θ)2 + Θ(t2Θ)t2 + t4(Θ2 + A)

≡ Θ2t4 + Θ2t4 + t4(Θ2 + A)

≡ t4(3Θ2 + A) mod p;

thus

p divides t4F ′(Θ).

Since p is prime, either p | t or p | F ′(Θ). If p | t, then p | t2Θ implying p | r. But p cannot

divide both r and t since gcd(r, t) = 1; hence p - t. Thus, p | F ′(Θ).

Now, since p is a prime ideal of a Dedekind domain, it is maximal, and therefore OR/p

is a field. Now the reduced cubic F (X) in which the coefficients are reduced modulo p is

well-defined. Since F (Θ) = 0, F (Θ) = 0, and since p | F ′(Θ), F ′(Θ) = 0. Hence, F (X) has

38

a double root, and D = 0; thus p | D.

Now, if p - D, then p divides at most one of r − t2Θ and r2 + Θrt2 + t4(Θ2 + A). Hence,

if p - D and p | r − t2Θ, then

2νp(s) = νp(s2)

= νp(r − t2Θ) + νp(r2 + Θrt2 + t4(Θ2 + A))

= νp(r − t2Θ) + 0

= νp(r − t2Θ),

which is what we wanted.

Proposition 3.11. Let P, r, s, t be as in Proposition 3.10. Then the principal ideal in R

generated by r − t2Θ can be factored as d · z2, where d is representative of a class in ID/I2D

and z ∈ I.

Proof. By Proposition 3.10, for any prime ideal p ⊂ OR, if νp(r − t2Θ) > 0 and p - D, then

νp(r − t2Θ) = 2νp(s). Let

d =∏p|D

pνp(r−t2Θ) and z =∏p|D

p12(νp(r−t2Θ)−νp(r−t2Θ))

∏p-D

p12νp(r−t2Θ),

where

νp

(r − t2Θ

)= νp

(r − t2Θ

)mod 2,

and d | D. Since D is finite, there are only finitely many possibilities for d (not all of which

will arise from G, however). The point is that we have pushed everything that is a square

into z2 and left only finitely many primes in d. Now, by the construction of d and z,

(r − t2Θ

)OR = dz2,

39

where d represents a class in ID/I2D and z ∈ I.

In the next section, we will use this factorization to define a group H such that µ(G) < H.

For now, take it as given that the following sequences of groups are exact and that all of the

groups are finitely generated 2-torsion abelian.

1

��

[2]O∗+

��

1

��

1 //R∗�R∗2

��

// H //ID ∩ PsnI2

I2D

��

// 1

C [2]

��

1 //ID ∩ PI2

I2D

[2]N��

//[2]ID //

C DC 2

C 2// 1

1 [2]Q∗D

(3.6)

Assuming all this for now, we have

#H = #

(ID ∩ PsnI2

I2D

)#(

[2]O∗+

)# (C [2])

≤ #

(ID ∩ PI2

I2D

)#(

[2]O∗+

)# (C [2])

= #(

[2]ID)

#

(C DC 2

C 2

)−1

#(

[2]O∗+

)# (C [2])

<∞,

and we can prove the main theorem.

Proof of Theorem 3.2. By Lemma 3.8 and the First Isomorphism Theorem, G/2G ' µ(G).

By hypothesis, µ(G) < H. Since H is finite, G/2G is finite.

40

3.4 An Algebraic Interlude

In this section we will go through the details inherent in (3.6).

Notation 3.12. We list some old notation that will see a lot of use from now on.

R = Q[Θ] = Q(Θ)

R∗ = {α ∈ R : α 6= 0}

R∗sn = {α ∈ R∗ : NRQ(α) ∈ Q∗2}

R∗2 = {α ∈ R∗ : α = β2 for some β ∈ R∗}

O = the ring of algebraic integers in R (we drop the subscript R for simplicity)

I = the free multiplicative group of nonzero fractional ideals in R

ID = the subgroup of I generated by the prime ideals dividing D

P = {αO : α ∈ R∗}

C = I/P (the class group of R)

Remark 3.13. Recall the facts about the absolute norm noted earlier. The absolute norm

of an ideal of O is defined by N(a) = [O : a]. For all α ∈ R∗, N(αO) = |NRQ(α)| ∈ Q∗+.

41

Notation 3.14. We will need several new pieces of notation.

Psn = {αO : N(αO) ∈ Q∗2}

P2 = {αO : α ∈ R∗ and α = β2 for some β ∈ R∗}

I2 = {a ∈ I : a = b2 for some b ∈ I}

P� = P ∩ I2

C [2] = {aP : a2 ∈ P}

C D = {dP : d ∈ ID}

C 2 = {a2 : a ∈ C }

O∗+ = {α ∈ O∗ : NRQ(α) > 0}

R∗+ = {α ∈ R∗ : NRQ(α) > 0}

R∗� = {α ∈ R∗+ : αO ∈ I2}

Q∗D = the subgroup of Q∗ generated by primes dividing D

Keep in mind that Q∗D has nothing to do with localization. Also notice that all of the sets

of ideals defined here are multiplicative subgroups of I.

Notation 3.15. For a multiplicative abelian group G, let [2]G denote the quotient group of

G modulo squares. That is, [2]G := G/G2.

For a homomorphism f : A → B, [2]f will denote the map from A to [2]B obtained by

composing f with the projection B → [2]B.

Lemma 3.16. P� = Psn ∩ I2.

Proof. Clearly, Psn ∩ I2 ⊂ P ∩ I2 = P�. Fix aO = a2 ∈ P ∩ I2. Then N(aO) = N(a2) =

N(a)2 ∈ Q∗2, which means that aO = a2 ∈ Psn ∩ I2. Thus P ∩ I2 ⊂ Psn ∩ I2, and therefore

Psn ∩ I2 = P�.

42

Proposition 3.17. The following sequence is exact

1→ R∗�/R∗2 → R∗sn/R

∗2 g→ Psn/P� → 1. (3.7)

Proof. Since R∗2 < R∗� < R∗sn, the sequence

1→ R∗�R∗2→ R∗sn

R∗2→ R∗sn

R∗�→ 1

is exact. Let f : R∗ → P be the ideal map given by α 7→ αO. Then

ker(f |R∗sn) = {α ∈ R∗sn | αO = O} = {α ∈ R∗sn | α ∈ O} = R∗sn ∩O = O∗+,

and

ker(f |R∗�) = {α ∈ R∗� | αO = O} = {α ∈ R∗� | α ∈ O} = R∗� ∩O = O∗+.

By the third and first isomorphism theorems,

R∗snR∗�'R∗sn/O

∗+

R∗�/O∗+

' f(R∗sn)

f(R∗�)=Psn

P�,

which completes the proof.

Lemma 3.18. Let A,B,C be subgroups of a group G. Assume that either A and B are normal

or that C is normal. Then,

A ∩BCA ∩ C

' B ∩ ACB ∩ C

.

Proof. The map

f : A ∩BC → B ∩ ACB ∩ C

a = bc 7→ b = ac−1B ∩ C

43

is clearly surjective, and

ker f = {a = bc | b = ac−1 ∈ B ∩ C} = {a = bc | a ∈ C} = A ∩ C.

The lemma follows by the first isomorphism theorem.

Fix an element of (x, y) ∈ G. Then, as we saw in Proposition 3.11, the image of x − Θ

under

R∗sn → Psn

has the form

(x−Θ)O = dz2,

with (x−Θ)O ∈ Psn, d ∈ ID, z ∈ I. Thus,

(x−Θ)O = dz2 ∈ Psn ∩ IDI2,

and, using the previous lemma, it follows that

g(µ(G)) <Psn ∩ IDI2

P�' ID ∩ PsnI2

I2D

=: I,

where g is the surjection in Proposition 3.17. Put another way,

µ(G) < g−1(I) =: H,

which leads us to another proposition.

Proposition 3.19. The following sequence is exact,

1→ R∗�/R∗2 → H→ I→ 1. (3.8)

44

Proof. The proposition follows by observing that R∗�/R∗2 < H and that g(H) = I.

H is a 2-torsion group for which we will find an explicit parametrization in the sequel,

showing in particular its finiteness.

Lemma 3.20. O∗+ ∩R∗2 = O∗2 = O∗2+ .

Proof. Fix η ∈ O∗+∩R∗2. Since η ∈ R∗2, there exists some α ∈ R∗ such that η = α2. Since η

is an integer, η solves some polynomial p(x) ∈ Z[x]; hence α solves p(x2) ∈ Z[x], and α ∈ O∗.

Thus, η ∈ O∗2, and O∗+ ∩ R∗2 ⊂ O∗2. Since O∗2 ⊂ O∗+ and O∗2 ⊂ R∗2, O∗2 ⊂ O∗+ ∩ R∗2,

which demonstrates the first equality.

Clearly, O∗2+ ⊂ O∗2, so it will suffice to show that O∗2 ⊂ O∗2+ . Fix ξ2 ∈ O∗2. If ξ ∈ O∗+,

we are done. Suppose that ξ 6∈ O∗+, then NRQ(ξ) = −1. Since R/Q is a cubic extension,

NRQ(−1) = −1. Thus NR

Q(−ξ) = NRQ(−1) NR

Q(ξ) = (−1)(−1) = 1. Since ξ2 = (−ξ)2, ξ2 ∈ O∗2+ .

Hence O∗2 ⊂ O∗2+ .

Lemma 3.21. I2/P2 ' C .

Proof. Let g be the natural mapping I → I2/P2 given by a 7→ a2P2. g is clearly surjective.

Since factorization of ideals is unique, and I is torsion-free, a ∈ P if and only if a2 ∈ P2,

thus

ker g = {a ∈ I : a2 ∈ P2} = {a ∈ I : a ∈ P} = P .

Hence, I2/P2 ' I/P = C .

Lemma 3.22. P�/P2 ' C [2].

Proof. By Lemma 3.21, C ' I2/P2. Since I is torsion-free,

C [2] ' I2 ∩ PP2

=P�

P2.

45

Proposition 3.23. The following sequence is exact,

1→[2]

O∗+ →R∗�R∗2→ C [2]→ 1. (3.9)

Proof. Since O∗+ < R∗2 < R∗�, the sequence

1→O∗+R

∗2

R∗2→ R∗�

R∗2→ R∗�

O∗+R∗2 → 1

is exact. By the second isomorphism theorem and Lemma 3.20,

O∗+R∗2

R∗2'

O∗+O∗+ ∩R∗2

=O∗+O∗2

=O∗+O∗2+

=[2]

O∗+,

and by the second and third isomorphism theorems and Lemma 3.22,

R∗�O∗+R

∗2 'R∗�/O

∗+

O∗+R∗2/O∗+

'R∗�/O

∗+

R∗2/(O∗+ ∩R∗2)' P�

P2' C [2],

which completes the proof.

Proposition 3.24. The following sequence is exact,

1→ ID ∩ PI2

I2D

→ [2]ID →C DC 2

C 2→ 1. (3.10)

Proof. Since I2D < ID ∩ PI2 < ID, the following sequence is exact

1→ ID ∩ PI2

I2D

→ IDI2D

→ IDID ∩ PI2

→ 1.

By definition,

IDI2D

= [2]ID .

46

By the second and third isomorphism theorems,

IDID ∩ PI2

' IDI2P

I2P' (IDI2P)/P

(I2P)/P' C DC 2

C 2,

which completes the proof.

Proposition 3.25. The following sequence is exact,

1→ ID ∩ PsnI2

I2D

→ ID ∩ PI2

I2D

[2]N−→ [2]Q∗D . (3.11)

Proof. The proposition follows from the observation that N(ID ∩ PsnI2) ⊂ Q∗2D .

Sequences (3.8) through (3.11) combine to form (3.6), which we repeat here:

1

��

[2]O∗+

��

1

��

1 //R∗�R∗2

��

// H //ID ∩ PsnI2

I2D

��

// 1

C [2]

��

1 //ID ∩ PI2

I2D

[2]N��

//[2]ID //

C DC 2

C 2// 1

1 [2]Q∗D

At this point, the proof of Theorem 3.2 is fully formed. However, we can do better than

simply putting a cap on the size of G/2G.

47

3.5 Transition to Linear Algebra

As alluded to at the end of the previous section, we can do much more than simply show

that G/2G is finite. We will parametrize H as a product of finite cyclic groups. We can even

go so far as to show that H is an F2-module. Naturally, G/2G will be a submodule.

We now prove a(n equivalent,) slight rephrasing of corollary 1.62.

Corollary 3.26 (The Structure Theorem for Finitely Generated Abelian Groups, primary

decomposition). If G is a finitely generated abelian group, then there exists a set of generators

with each member having either infinite or prime-power order.

Proof. By theorem 1.61,

G ' Cr∞ × Cd1 × · · · × Cdn ,

where 1 < d1 | d2 | · · · | dn. By the Chinese remainder theorem, if di = pei1i1 · · · peimiimi

is the

prime factorization of the invariant factor di, then

Cdi 'mi∏j=1

Cpeijij,

where pij 6= pij′ if j 6= j′. Thus,

G ' Cr∞ ×

n∏i=1

mi∏j=1

Cpeijij.

By relabeling the prime powers and letting k =∑n

i=1mi, we obtain

G ' Cr∞ ×

k∏i=1

Cpeii ,

where the primes need not be distinct. For each cyclic group in the product, choose a

generator, and call its preimage under the above isomorphism gi. For 1 ≤ i ≤ k, the order

48

of gi in G is peii , and for k + 1 ≤ i ≤ k + r, gi has infinite order. Another way of writing this

is that G is the product

G 'k+r∏i=1

〈gi〉.

Notation 3.27. For a finitely generated abelian group G, we will say that a subset A is a

basis for G if A is a set of generators as described in Corollary 3.26.

Corollary 3.28. A finitely generated 2-torsion abelian group is a finitely generated F2-

module.

Proof. Let G be a 2-torsion abelian group. Then, G has a basis {g1, . . . , gn} and

G 'n∏i=1

〈gi〉 'n∏i=1

C2 'n∏i=1

F2 = Fn2 .

3.5.1 Parametrizing R∗�/R∗2

Recall the exact sequence (3.9)

1→[2]

O∗+ →R∗�R∗2→ C [2]→ 1.

Let {ξ1, . . . , ξn} be a basis for O∗+, each ξi having prime power order pεii or infinite order

by Corollary 3.26. By Lemma 3.20, O∗+/O∗2 = O∗+/O

∗2+ , so the generators with order two

or any odd number become trivial in the quotient. Discard the previous use of n, and let

{ξ1O∗2, . . . , ξnO

∗2} be a basis for[2]

O∗+. By Corollary 3.26,

[2]O∗+ '

n∏i=1

〈ξiO∗2〉.

49

Let {c1P , . . . , ckP} be a basis for C , each ciP having prime power order qδjj by Corollary

3.26. Since C [2] is the subgroup of order 2 elements, rename the ideal class generators so that

the first m elements are precisely the generators with even order, then {c2δ1−1

1 P , . . . , c2δm−1

m P}

is a basis for C [2]. By Corollary 3.26,

C [2] 'm∏i=1

〈c2δi−1P〉.

By Corollary 3.28,[2]

O∗+ and C [2] are F2-modules, and since (3.9) is exact,

R∗�R∗2'

n∏i=1

〈ξiO∗2〉 ×m∏i=1

〈c2δi−1P〉. (3.12)

3.5.2 Parametrizing (ID ∩ PI2)/I2D

We restate (3.10):

1→ ID ∩ PI2

I2D

→ [2]ID →C DC 2

C 2→ 1.

By definition, the prime ideals in O that divide the discriminant D form a free basis for

ID; thus

[2]ID '∏p|D

〈pI2D〉.

Since [2]ID and C DC 2/C 2 are finitely generated, 2-torsion, they are F2-modules.

To find a basis for (ID ∩ PI2)/I2D, we simply find a basis for the null space N of the

F2-linear map

[2]ID →C DC 2

C 2.

Since F2 is a field, this is a trivial calculation. We will say that

ID ∩ PI2

I2D

'∏d∈N

〈dI2D〉.

50

3.5.3 Parametrizing (ID ∩ PsnI2)/I2D

We restate (3.11) here:

1→ ID ∩ PsnI2

I2D

→ ID ∩ PI2

I2D

[2]N−→ [2]Q∗D .

Notice that Q∗D is also a finitely generated abelian group; hence

[2]Q∗D '

∏p|D

〈pQ∗D2〉.

To find a basis for (ID ∩ PsnI2)/I2D, we simply find a basis for the null space M of the

F2-linear map

ID ∩ PI2

I2D

[2]N−→ [2]Q∗

(which is a trivial calculation). We will say that

ID ∩ PsnI2

I2D

'∏d∈M

〈dI2D〉.

3.5.4 Parametrizing H

Recall the exact sequence (3.8)

1→ R∗�R∗2→ H→ ID ∩ PsnI2

I2D

→ 1.

Since R∗�/R∗2 and (ID ∩ PsnI2)/I2

D are F2-modules and 3.8 is exact,

H 'n∏i=1

〈ξiO∗2〉 ×m∏i=1

〈c2δi−1P〉 ×∏d∈M

〈dI2D〉. (3.13)

So not only is H finite, but it is an F2-module.

51

In the next chapter, we will use these ideas to develop a heuristic algorithm for computing

the size of G/2G.

52

Chapter 4: A Heuristic Algorithm

In the previous section we found a parametrization for a group containing the image of µ.

Here is the state of our work so far:

G/2G ' µ(G) < H 'n∏i=1

〈ξiO∗2〉 ×m∏i=1

〈c2δi−1P〉 ×∏d∈M

〈dI2D〉. (4.1)

This chapter will be devoted to answering the following question: given an element of H,

how do we determine whether it is in µ(G)?

4.1 Motivation

Recall from the end of Chapter 2 that G is finitely generated. By the Structure Theorem

for Finitely Generated Abelian Groups,

G ' Zr × Zpe11× · · · × Zpenn

for non-distinct primes pi and integer exponents ei. Since G has trivial 2-torsion (recall our

assumption that G[2] = {O}), each pi is odd; thus G/2G ' Fr2. As a result,

#µ(G) = 2r.

53

In order to find the rank of E , we need to determine which elements of H are in µ(G).

Equation (4.1) gives a parametrization of H, but we need an explicit way of picking a

basis of H that corresponds to the parametrization. Since there is a natural embedding of

[2]O∗+ into H, having generators for the subgroups of H isomorphic to each 〈ξiR∗2〉 amounts

to having a basis for[2]

O∗+ (which we assume).

To find a generator of the subgroup isomorphic to 〈c2δi−1P〉, recall the surjection in (3.8):

R∗�R∗2

// //P�

P2

∼ // C [2]

αR∗2� // αOP2 = a2P2 � // aP .

For each generator of C [2], we choose a class representative, square it, and then choose a

(positive norm) generator of the resulting principal ideal. The coset of R∗2 that this number

lies in generates the subgroup.

To get a generator of the subgroup of H isomorphic to 〈dI2D〉, recall the surjection (3.9):

H // //Psn ∩ IDI2

P�

∼ //ID ∩ PsnI2

I2D

δR∗2� // (δO)P�

� // (δO)I2D.

For each generator of (ID ∩ PsnI2)/I2D, there is some coset representative that is principal

(there may be more than one, but they will be equivalent modulo squares), and we choose

a (positive norm) generator for that principal ideal. The coset of R∗2 that this number lies

in generates the subgroup. Let k = #M , and call the generators of these principal ideals

δ1, . . . , δk.

We may assume that each of these coset representatives is an integer since we may always

replace, say, α1 = σ/τ with στ . Making the above choices, we have a list of (positive norm)

integers

ξ1, . . . , ξn, α1, . . . , αm, δ1, . . . , δk

54

such that

ξ1R∗2, . . . , ξnR

∗2, α1R∗2, . . . , αmR

∗2, δ1R∗2, . . . , δkR

∗2

is the basis of H corresponding to the decomposition in (4.1).

Now that we have a basis for H, our aim is to find a basis for µ(G) as a subspace of H

since the rank of E is equal to the size of such a basis:

2r = #µ(G) = 2# of generators for µ(G).

4.2 The Algorithm

Fix (x, y) ∈ G. Then µ(x, y) = (x−Θ)R∗2 ∈ H. Since (x−Θ)R∗2 ∈ H, there is some product

η of some of the coset representatives we chose such that (x−Θ)R∗2 = ηR∗2. In turn, there

is some ζ ∈ R∗ such that r − t2Θ = ηζ2. Since ζ ∈ R∗, there are nonzero integers ζn, ζd ∈ O

such that ζ = ζn/ζd. (Note that since, in general, O is not a unique factorization domain,

the concept of two integers being “coprime” is not defined.) By factoring the equation that

defines E , substituting, and clearing denominators, we find

y2 = x3 + Ax+B

⇔ s2 = r3 + Art4 +Bt6

⇔ s2 = (r − t2Θ)(r2 + Θrt2 + (Θ2 + A)t4)

⇔ s2 = ηζ2(r2 + Θrt2 + (Θ2 + A)t4)

⇔ s2 = ηζ2n

ζ2d

(r2 + Θrt2 + (Θ2 + A)t4)

⇔ s2ζ2d = ηζ2

n(r2 + Θrt2 + (Θ2 + A)t4),

where the last equation consists in elements of O. Given that r − t2Θ = ηζ2, the first and

last equations in the above list are equivalent. This proves the following

55

Proposition 4.1. For each ηR∗2 ∈ H, ηR∗2 ∈ µ(G) if and only if there exist r, s, t ∈ Z and

ζn, ζd ∈ O with s, t, ζn, ζd 6= 0 that satisfy the auxiliary equations

s2ζ2d = ηζ2

n(r2 + Θrt2 + (Θ2 + A)t4) and (r − t2Θ)ζ2d = ηζ2

n. (4.2)

Notice that F (0) = B, so if B is not a square, then we may also assume that r 6= 0.

Remark 4.2. These equations are non-unique in the sense that one could use other equations

instead. Again, assume that (x, y) ∈ G so that x = ηζ2 + Θ. Then y2 = x3 +Ax+B if and

only if

s2 = (ηζ2 + Θ)3t6 + A(ηζ2 + Θ)t6 +Bt6.

Thus ηR∗2 ∈ µ(G) if and only if both

s2ζ6d = (ηζ2

n + Θζ2d)3t6 + A(ηζ2

n + Θζ2d)ζ4

d t6 +Bζ6

d t6

has a solution (with the same restrictions on the variables) and ηζ2 + Θ ∈ Q. This alternate

equation has degree 12, whereas the highest degree in (4.2) is 6, which may be very important

depending on the method we choose to try to solve the auxiliary equations.

Now we can try to find the order of µ(G). For each element of H, we try to solve the two

auxiliary equations (4.2) or show that no solution exists. Failing that, we can use the group

structure of H. Suppose we find that ξ1R∗2 and α1R

∗2 are both in µ(G); then we know that

ξ1α1R∗2 ∈ µ(G), and there is no reason to try to solve the auxiliary equations for ξ1α1R

∗2.

Similarly, if ξ1R∗2 is in µ(G) and ξ1α1R

∗2 is not, then α1R∗2 is not in µ(G).

The difficulty is that there is no deterministic way to solve such equations, but we may be

able to show that a given pair does not have a solution by reducing modulo a prime ideal

and showing that there are no solutions in the residue field. For each pair of equations, we

have three options:

56

1. find a solution by a naive search (with an infinite search space)

2. show that no solution exists modulo a prime ideal

3. use the group law and information about other pairs of equations.

If we can determine whether each pair of auxiliary equations has a solution in integers,

then we obtain the rank of E . If not, we may at least be able to narrow the range the rank

lies in.

4.3 Two Examples

These examples will show how the algorithm works, how it can become intractable, and also

how to deal with some of the calculations. Some of the following calculations were done

by hand, but SAGE (and therefore also other software as described in the acknowledge-

ments) was employed for some of the more tedious work. Specifically, the SAGE command

NumberField() and the attributes .ideal(), .class group().gens(), .unit group().gens(), and

.integral basis() were used extensively. The attributes were used to compute generators for

ideals and also bases for C [2],[2]

O∗+, and R/Q (as a vector space).

Example 4.3. Consider the elliptic curve E : Y 2 = X3 − 2X + 5. This example was

chosen because some of the calculations can easily be done by hand and also because the

discriminant of the right-hand side has a single rational prime divisor (meaning there will

be few prime ideal divisors).

[2]O∗+ is cyclic with generator

(−2−Θ)O∗2.

C [2] is also cyclic, with generator

(2O + (1 + Θ)O)P ,

57

and the square of this class representative is

(1−Θ)O.

The ideal generated by the discriminant factors as

DO = 643O = ((3Θ2 − 2)O)2(3Θ2 − 8)O.

Since both are principal, they each lie in the trivial ideal class; thus (ID ∩PI2)/I2D = [2]ID.

Since NRQ(D) = 6433, both prime ideals dividing D have prime norm equal to 643. Therefore,

(ID ∩ PsnI2)/I2D is cyclic with generator

((3Θ2 − 2)(3Θ2 − 8)O)I2D = ((−12Θ2 − 45Θ + 16)O)I2

D.

We choose positive-norm integers that generate those three principal ideals:

−2−Θ, 1−Θ,−12Θ2 − 45Θ + 16 ∈ R∗.

By (4.1),

H = 〈(−2−Θ)R∗2〉 × 〈(1−Θ)R∗2〉 × 〈(−12Θ2 − 45Θ + 16)R∗2〉,

which means (in part) that the rank of E is no greater than 3.

The pair of equations auxiliary to (−2−Θ)R∗2 is

s2ζ2d = (−2−Θ)ζ2

n(r2 + Θrt2 + (Θ2 − 2)t4) and (r − t2Θ)ζ2d = (−2−Θ)ζ2

n.

The equation on the right suggests a solution may have ζn = ζd = 1, r = −2, and t = ±1.

58

By assuming these conditions, the left-hand equation becomes

s2ζ2d = (−2−Θ)ζ2

n(r2 + Θr(±t)2 + (Θ2 − 2)(±t)4)

s2 = (−2−Θ)((−2)2 + Θ(−2)12 + (Θ2 − 2)14)

s2 = (−2−Θ)(4− 2Θ + Θ2)

s2 = −4 + 4Θ− 2Θ2 − 2Θ + 2Θ2 −Θ3

s2 = −4 + 2Θ− (2Θ− 5)

s2 = 1,

so s = ±1. This means that (−2 − Θ)R∗2 ∈ µ(G), and the rank of E is at least 1. We can

also get a generator of G from this. Since r = −1,s = ±1,t = ±1, then x = −2 and y = ±1.

Since these two points have the same x-coordinate, (−2, 1) + (−2,−1) = O, and either will

serve as a generator.

Similarly, the pair of equations auxiliary to (1−Θ)R∗2,

s2ζ2d = (1−Θ)ζ2

n(r2 + Θrt2 + (Θ2 − 2)t4) and (r − t2Θ)ζ2d = (1−Θ)ζ2

n,

has the solution

ζn = 1, ζd = 1, r = 1, s = −2, t = −1.

Now we have that the rank of E is at least 2 and (1, 2) is a generator for G.

At this point, if any of the following pairs of equations has a solution in integers, then the

59

rank of E is 3:s2ζ2

d = (−12Θ2 − 45Θ + 16)ζ2n(r2 + Θrt2 + (Θ2 + A)t4)

(r − t2Θ)ζ2d = (−12Θ2 − 45Θ + 16)ζ2

ns2ζ2

d = (−2−Θ)(−12Θ2 − 45Θ + 16)ζ2n(r2 + Θrt2 + (Θ2 + A)t4)

(r − t2Θ)ζ2d = (−2−Θ)(−12Θ2 − 45Θ + 16)ζ2

ns2ζ2

d = (1−Θ)(−12Θ2 − 45Θ + 16)ζ2n(r2 + Θrt2 + (Θ2 + A)t4)

(r − t2Θ)ζ2d = (1−Θ)(−12Θ2 − 45Θ + 16)ζ2

ns2ζ2

d = (−2−Θ)(1−Θ)(−12Θ2 − 45Θ + 16)ζ2n(r2 + Θrt2 + (Θ2 + A)t4)

(r − t2Θ)ζ2d = (−2−Θ)(1−Θ)(−12Θ2 − 45Θ + 16)ζ2

n.

On the other hand, if we can be sure that any one of them does not, then the rank of E is 2.

Using the SAGE command EllipticCurve([-2,5]).rank(), we find that the rank of E is 2,

but attempts to show that at least one of these pairs has no solution (by working in residue

fields) have been unsuccessful. Using only this approach, the best we can say for now is that

the rank of E is either 2 or 3. More time spent on computations may or may not bear out a

definite result.

Example 4.4. Now we look at the curve E : Y 2 = X3 − 2X + 42. We will skip some of the

details that were present in the previous example so that we can get right to the point of

this one.

As in the previous case, we find that[2]

O∗+ and C [2] are cyclic, and we can find generators

for them. For this example, we are more interested in (ID∩PsnI2)/I2D. [2]ID has 5 generators,

p1I2D, p2I2

D, p3I2D, p4I2

D, p5I2D,

60

where we have chosen coset representatives

p1 = 163O + (50 + Θ)O,

p2 = 163O + (63 + Θ)O,

p3 = 2O + ΘO,

p4 = (5 + Θ)O,

p5 = (13− 4Θ + Θ2)O,

and (ID ∩ PsnI2)/I2D has two generators,

p1p2I2D = (163O + (53− 50Θ + Θ2)O)I2

D,

p3p4I2D = ((23− 5Θ + Θ2)O)I2

D.

Notice that the representative 163O + (53− 50Θ + Θ2)O is not principal. Let h be the class

number of R; then ah ∈ P for any ideal a. This means that if we examine all combinations

(163O + (53− 50Θ + Θ2)O)p2e11 p2e2

2 p2e33 p2e4

4 p2e55 ,

with −h < ei < h, then at least one of them will be principal, and there is no need to

consider larger exponents. Using SAGE, we find that

(p1p2)(p1p2p23p

24)2 = (169867204 + 8196002Θ− 12741639Θ2)O.

Together with information about the two cyclic subgroups of H, we can choose positive-

norm integers

−11− 3Θ, 15− 5Θ + Θ2, 23− 5Θ + Θ2, 169867204 + 8196002Θ− 12741639Θ2

61

such that

H = 〈(−11− 3Θ)R∗2〉 × 〈(15− 5Θ + Θ2)R∗2〉 × 〈(23− 5Θ + Θ2)R∗2〉

× 〈(169867204 + 8196002Θ− 12741639Θ2)R∗2〉,

which means the rank of E is at most 4. We could try to solve some of the auxiliary equations

(or show that some have no solutions), but this example has served its purpose.

62

Bibliography

[BSG66] Z. I. Borevich, I. R. Shafarevich, and Newcomb Greenleaf. Number theory. Aca-

demic Press, 1966.

[Cas86] J. W. S. Cassels. Mordell’s finite basis theorem revisited. Math. Proc. Cambridge

Philos. Soc., 100(1):31–41, 1986.

[Cas91] J. W. S. Cassels. LMSST 24: Lectures on Elliptic Curves. Cambridge University

Press, November 1991.

[Cre] John Cremona. mwrank. http://www.warwick.ac.uk/~masgaj/mwrank/.

[FHL+07] Laurent Fousse, Guillaume Hanrot, Vincent Lefevre, Patrick Pelissier, and Paul

Zimmermann. MPFR: A multiple-precision binary floating-point library with

correct rounding. ACM Transactions on Mathematical Software, 33(2):13:1–13:15,

June 2007.

[gin] GiNaC is Not a CAS. available at http://www.ginac.de/.

[Har] William Hart; Sebastian Pancratz; Andy Novocin; Fredrik Johansson; David Har-

vey. FLINT. available from http://www.flintlib.org/.

[Har77] Robin Hartshorne. Algebraic Geometry. Springer, December 1977.

[Jac74] Nathan Jacobson. Basic Algebra I. W H Freeman & Co (Sd), 1st edition, 1974.

63

[Jac09] Nathan Jacobson. Basic Algebra II: Second Edition. Dover Publications, 2nd

edition, July 2009.

[Jan73] Gerald J. Janusz. Algebraic number fields. Academic Press, 1973.

[Mor22] L. J. Mordell. On the rational solutions of the indeterminate equations of the third

and fourth degrees. Math. Proc. Cambridge Philos. Soc., 21:179–182, 1922.

[S+11] W. A. Stein et al. Sage Mathematics Software (Version 4.7). The Sage Develop-

ment Team, 2011. http://www.sagemath.org.

[Shu] Jerry Shurman. The Elliptic Curve Group Law Via The Riemann-Roch Theorem.

available from http://people.reed.edu/~jerry/311/rr.pdf.

[ST79] Ian Stewart and David Tall. Algebraic Number Theory. Chapman and Hall, May

1979.

[ST92] Joseph H. Silverman and John Tate. Rational points on elliptic curves. Under-

graduate Texts in Mathematics. Springer-Verlag, New York, 1992.

[Ste90] Ian Stewart. Galois Theory, Second Edition. Chapman & Hall, 2nd edition, May

1990.

[The11] The PARI Group, Bordeaux. PARI/GP, version 2.5.0, 2011. available from

http://pari.math.u-bordeaux.fr/.

[W. 11] W. Decker; G.-M. Greuel; G. Pfister; H. Schonemann. Singular 3-

1-3 — A computer algebra system for polynomial computations. 2011.

http://www.singular.uni-kl.de.

[Wei28] A. Weil. L’arithmetique sur les courbes algebriques. Acta Math, 52:281–315, 1928.

[Wei29] A. Weil. Sur un theoreme de Mordell. Bull. Sci. Math., 54:182–191, 1929.

64

VITA

The author was born in San Antonio, Texas on November 10, 1983 to Frederick and

Regina Sharon. He attended both primary and secondary school in the Lytle Independent

School District, graduating third in his class in 2002. The author then studied at Reed

College in Portland, Orgeon for three years before transferring to The University of Texas at

San Antonio. There, he completed his bachelor’s degree in mathematics and subsequently

began work on a master’s degree in the same field. He has worked as a teaching assistant at

UTSA and as an adjunct at Northwest Vista College.