The Ubiquity of Elliptic Curves - PowerPoint PPT Presentation

About This Presentation
Title:

The Ubiquity of Elliptic Curves

Description:

In string theory, the notion of a point-like particle is replaced by a curve ... In quantum theory, physicists like to compute averages over all possible paths, ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 47
Provided by: josephsi
Category:

less

Transcript and Presenter's Notes

Title: The Ubiquity of Elliptic Curves


1
The Ubiquity of Elliptic Curves
  • Joseph Silverman (Brown University)
  • Public Lecture Dublin
  • Tuesday, 4 September 2007, 730 PM

2
Elliptic CurvesGeometry, Algebra, Analysis and
Beyond
3
What is an Elliptic Curve?
  • An elliptic curve is an object with a dual
    nature
  • On the one hand, it is a curve, a geometric
    object.
  • On the other hand, we can add points on the
    curve as if they were numbers, so it is an
    algebraic object.
  • The addition law on an elliptic curve can be
    described
  • Geometrically using intersections of curves
  • Algebraically using polynomial equations
  • Analytically using functions with complex
    variables
  • Elliptic curves appear in many diverse areas of
    mathematics, ranging from number theory to
    complex analysis, and from cryptography to
    mathematical physics.

- 3 -
4
The Equation of an Elliptic Curve
We also require that the polynomial f(x) has no
double roots. This ensures that the curve is
nonsingular.
- 4 -
5
A Typical Elliptic Curve E
E Y2 X3 5X 8
Surprising Fact We can use geometry to take two
points P and Q on the elliptic curve and define
their sumPQ.
- 5 -
6
The Addition Law on anElliptic Curve
7
Adding Points P Q on E
- 7 -
8
Doubling a Point P on E
- 8 -
9
Vertical Lines and an Extra Point at Infinity
Add an extra point O at infinity. The point O
lies on every vertical line.
- 9 -
10
Properties of Addition on E
  • Theorem The addition law on E has the following
    properties
  • P O O P P for all P ? E.
  • P (P) O for all P ? E.
  • (P Q) R P (Q R) for all P,Q,R ? E.
  • P Q Q P for all P,Q ? E.

In mathematical terminology, the addition law
makes the points of E into a commutative group.
All of the group properties are easy to check
except for the associative law (c). The
associative law can be verified by a lengthy
computation using explicit formulas, or by using
more advanced algebraic or analytic methods.
- 10 -
11
An Example
Using the tangent line construction, we find
that 2P P P ( 7/4, 27/8).
Using the secant line construction, we find
that 3P P P P (553/121, 11950/1331)
Similarly, 4P (45313/11664,
8655103/1259712). As you can see, the coordinates
become complicated.
- 11 -
12
An Addition Formula for E
Suppose that we want to add the points P1
(x1,y1) and P2 (x2,y2) on the elliptic
curve E y2 x3 Ax B.
Quite a mess!!!!! But
Crucial Observation If A and B are rational
numbers and if the coordinates of P1 and P2 are
rational numbers, then the coordinates P1 P2
and 2P1 are rational numbers.
- 12 -
13
The Group of Points on E with Rational
Coordinates
The elementary observation on the previous slide
leads to an important result
Theorem (Poincaré, ?1900) Suppose that an
elliptic curve E is given by an equation of the
form y2 x3 A x B with A,B rational
numbers. Let E(Q) be the set of points of E with
rational coordinates, E(Q) (x,y) ? E x,y
are rational numbers ? O . Then sums of
points in E(Q) remain in E(Q).
In mathematical terminology, E(Q) is a subgroup
of E.
- 13 -
14
The Group of Points on E with Other Sort of
Coordinates
And later well look at the set of points E(Fp)
whose coordinates are in a finite field Fp.
Key Fact In any of these sets, we can add points
and stay within the set.
- 14 -
15
What Does E(R) Look Like?
We saw one example of E(R). It is also possible
for E(R) to have two connected components.
- 15 -
16
Elliptic Curves and Complex Numbers
OrHow the Elliptic Curve Acquired Its
Unfortunate Moniker
17
The Arc Length of an Ellipse
- 17 -
18
The Arc Length of an Ellipse
- 18 -
19
Elliptic Integrals and Elliptic Functions
- 19 -
20
Elliptic Functions and Elliptic Curves
The ?-function and its derivative satisfy an
algebraic relation
This equation looks familiar
?(z) and ?(z) are functions on a fundamental
parallelogram
- 20 -
21
The Complex Points on an Elliptic Curve
The ?-function gives a complex analytic
isomorphism
Parallelogram with opposite sides identified a
torus
- 21 -
22
Elliptic Curves andNumber Theory
Rational Points on Elliptic Curves
23
E(Q) The Group of Rational Points
A fundamental and ancient problem in number
theory is that of solving polynomial equations
using integers or rational numbers. The
description of E(Q) is a landmark in the modern
study of Diophantine equations.
Theorem (Mordell, 1922) Let E be an elliptic
curve given by an equation E y2 x3 A x B
with A,B ? Q. There is a finite set of
points P1,P2,,Pr so that every point P in E(Q)
can be obtained as a sum P n1P1 n2P2
nrPr with n1,,nr ? Z. In math terms, E(Q)
is a finitely generated group.
- 23 -
24
E(Q) The Group of Rational Points
A point P has finite order if some multiple of P
is O. The elements of finite order in E(Q) are
quite well understood.
Theorem (Mazur, 1977) The group E(Q) contains at
most 16 points of finite order.
Conjecture The number of points needed to
generate E(Q) may be arbitrarily large.
- 24 -
25
E(Z) The Set of Integer Points
If P1 and P2 are points on E having integer
coordinates, then P1 P2 will have rational
coordinates, but there is no reason for it to
have integer coordinates. Indeed, the formulas
for P1 P2 are so complicated, it seems unlikely
that P1 P2 will have integer coordinates. Comple
menting Mordells finite generation theorem for
rational points is a famous finiteness result for
integer points.
Theorem (Siegel, 1928) An elliptic curve E y2
x3 A x B with A,B ? Z has only
finitely many points P (x,y) with integer
coordinates x,y ? Z.
- 25 -
26
Elliptic Curves and Finite Fields
27
Finite Fields
You may have run across clock arithmetic, where
after counting 0, 1, 2, 3,,11, you go back to 0.
Another way to view clock arithmetic is that
whenever you add or multiply numbers together,
you should divide by 12 and just keep the
remainder.
We want to do the same thing, but instead of
using 12, well use a prime number p, for example
3 or 7 or 37.
The Finite Field Fp is the set of numbers
0, 1, 2, , p1 with the
rule that when we add or multiply two of them, we
are required to divide by p and just keep the
remainder.
- 27 -
28
An Example of a Finite Field
For example, in the finite field F7,
This illustrates why we use a prime p, instead of
a number like 12. In a finite field Fp, every
nonzero number has a reciprocal. So Fp is a lot
like the rational numbers Q and the real numbers
R
In Fp, not only can we can add, subtract, and
multiply, we can also divide by nonzero numbers
- 28 -
29
Elliptic Curves over a Finite Field
The formulas giving the addition law on E are
fine if the points have coordinates in any field,
even if the geometric pictures dont make
sense. For example, we can take points with
coordinates in Fp.
Using the addition formulas, we can compute in
E(F37) 2P (35,11) 3P (34,25) 4P (8,6)
5P (16,19) P Q (11,10) 3P 4Q
(31,28)
- 29 -
30
E(Fp) The Group of Points Modulo p
Number theorists also like to solve polynomial
equations modulo p.
This is much easier than finding solutions in Q,
since there are only finitely many solutions in
the finite field Fp! One expects E(Fp) to have
approximately p1 points. A famous theorem of
Hasse (later vastly generalized by Weil and
Deligne) quantifies this expectation.
- 30 -
31
Elliptic Curves andCryptography
32
The (Elliptic Curve) Discrete Log Problem
Suppose that you are given two points P and Q in
E(Fp).
  • If the prime p is large, it is very very
    difficult to find m.
  • Neal Koblitz and Victor Miller (1985)
    independently invented Elliptic Curve
    Cryptography in 1985 when they suggested building
    a cryptosystem around the ECDLP.
  • The extreme difficulty of the ECDLP yields highly
    efficient cryptosystems that are in widespread
    use protecting everything from your bank account
    to your governments secrets.

- 32 -
33
Elliptic Curve Diffie-Hellman Key Exchange
Public Knowledge A group E(Fp) and a point P of
order n.
BOB
ALICE
Choose secret 0 lt b lt n Choose
secret 0 lt a lt n
Compute QBob bP Compute
QAlice aP
Compute bQAlice
Compute aQBob
Bob and Alice have the shared value bQAlice abP
aQBob
Presumably(?) recovering abP from aP and bP
requires solving the elliptic curve discrete
logarithm problem.
- 33 -
34
Elliptic Curves andClassical Physics
35
The Pit and the Pendulum
- 35 -
36
The Pit and the Pendulum
This leads to a simple harmonic motion for the
pendulum.
- 36 -
37
How to Solve the Pendulum Equation
and do a bunch of algebra.
An Elliptic Integral!!!
An Elliptic Curve!!!
As a favor, Ill spare you the details and just
tell you the answer!!
Conclusion tan(q /2) Elliptic Function of t
- 37 -
38
Elliptic Curves andModern Physics
39
Elliptic Curves and String Theory
In string theory, the notion of a point-like
particle is replaced by a curve-like string. As a
string moves through space-time, it traces out a
surface.
For example, a single string that moves around
and returns to its starting position will trace a
torus. So the path traced by a string looks like
an elliptic curve! In quantum theory, physicists
like to compute averages over all possible paths,
so when using strings, they need to compute
integrals over the space of all elliptic curves.
- 39 -
40
Elliptic Curves andNumber Theory
Fermats Last Theorem
41
Fermats Last Theorem and Fermat Curves
It is enough to prove the case that n 4
(already done by Fermat himself) and the case
that n p is an odd prime.
But Fermats curve is not an elliptic curve. So
how can elliptic curves be used to study Fermats
problem?
- 41 -
42
Elliptic Curves and Fermats Last Theorem
Frey suggested that Ea,b,c would be such a
strange curve, it shouldnt exist at all. More
precisely, Frey doubted that Ea,b,c could be
modular. Ribet verified Freys intuition by
proving that Ea,b,c is indeed not modular. Wiles
completed the proof of Fermats Last Theorem by
showing that (most) elliptic curves, in
particular elliptic curves like Ea,b,c, are
modular.
- 42 -
43
Elliptic Curves and Fermats Last Theorem
Ea,b,c y2 x (x ap) (x bp)
To Summarize Suppose that ap bp cp with
abc ? 0. Ribet proved that Ea,b,c is not
modular Wiles proved that Ea,b,c is
modular. Conclusion The equation ap bp cp
has no solutions.
- 43 -
44
Elliptic Curves and Modularity
There are many equivalent definitions, all of
them rather complicated and technical. Heres one
E is modular if it is parameterized by modular
forms!
- 44 -
45
Conclusion
Elliptic Curves Are Everywhere
Don't Leave Home Without One!
- 45 -
46
The Ubiquity ofElliptic Curves
Joseph Silverman (Brown University) Public
Lecture Dublin September 4, 2007
Write a Comment
User Comments (0)
About PowerShow.com