Elliptic curve 1

Elliptic curve

A catalog of elliptic curves. Region shown is [−3,3]2 (For a = 0 and b = 0 the function isnot smooth and therefore not an elliptic curve.)

Group theory

In mathematics, an elliptic curve (EC)is a smooth, projective algebraic curveof genus one, on which there is aspecified point O. An elliptic curve isin fact an abelian variety — that is, ithas a multiplication definedalgebraically, with respect to which itis a (necessarily commutative) group— and O serves as the identityelement. Often the curve itself, withoutO specified, is called an elliptic curve.

Any elliptic curve can be written as aplane algebraic curve defined by anequation of the form:

which is non-singular; that is, its graphhas no cusps or self-intersections.(When the characteristic of thecoefficient field is equal to 2 or 3, theabove equation is not quite general enough to comprise all non-singular cubic curves; see below for a more precisedefinition.) The point O is actually the "point at infinity" in the projective plane.

If y2 = P(x), where P is any polynomial of degree three in x with no repeated roots, then we obtain a nonsingularplane curve of genus one, which is thus also an elliptic curve. If P has degree four and is squarefree this equationagain describes a plane curve of genus one; however, it has no natural choice of identity element. More generally,any algebraic curve of genus one, for example from the intersection of two quadric surfaces embedded inthree-dimensional projective space, is called an elliptic curve, provided that it has at least one rational point.Using the theory of elliptic functions, it can be shown that elliptic curves defined over the complex numberscorrespond to embeddings of the torus into the complex projective plane. The torus is also an abelian group, and infact this correspondence is also a group isomorphism.Elliptic curves are especially important in number theory, and constitute a major area of current research; forexample, they were used in the proof, by Andrew Wiles (assisted by Richard Taylor), of Fermat's Last Theorem.They also find applications in elliptic curve cryptography (ECC) and integer factorization.An elliptic curve is not an ellipse: see elliptic integral for the origin of the term. Topologically, an elliptic curve is atorus.

Elliptic curve 2

Elliptic curves over the real numbersAlthough the formal definition of an elliptic curve is fairly technical and requires some background in algebraicgeometry, it is possible to describe some features of elliptic curves over the real numbers using only high schoolalgebra and geometry.

Graphs of curves y2 = x3 − x and y2 = x3 − x + 1

In this context, an elliptic curve is a plane curve defined by an equationof the form

where a and b are real numbers. This type of equation is called aWeierstrass equation.

The definition of elliptic curve also requires that the curve benon-singular. Geometrically, this means that the graph has no cusps,self-intersections, or isolated points. Algebraically, this involvescalculating the discriminant

The curve is non-singular if and only if the discriminant is not equal to zero. (Although the factor −16 seemsirrelevant here, it turns out to be convenient in a more advanced study of elliptic curves.)

The (real) graph of a non-singular curve has two components if its discriminant is positive, and one component if it isnegative. For example, in the graphs shown in figure to the right, the discriminant in the first case is 64, and in thesecond case is −368.

The group lawBy adding a "point at infinity", we obtain the projective version of this curve. If P and Q are two points on the curve,then we can uniquely describe a third point which is the intersection of the curve with the line through P and Q. Ifthe line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the y-axis, wedefine the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on anelliptic curve.

It is then possible to introduce a group operation, +, on the curve with the following properties: we consider thepoint at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points P, Q and R,then we require that P + Q + R = 0 in the group. One can check that this turns the curve into an abelian group, andthus into an abelian variety. It can be shown that the set of K-rational points (including the point at infinity) forms asubgroup of this group. If the curve is denoted by E, then this subgroup is often written as E(K).The above group can be described algebraically as well as geometrically. Given the curve y2 = x3 − px − q over thefield K (whose characteristic we assume to be neither 2 nor 3), and points P = (xP, yP) and Q = (xQ, yQ) on the curve,assume first that xP ≠ xQ. Let s be the slope of the line containing P and Q; i.e.,

Elliptic curve 3

Since K is a field, s is well-defined. Then we can define R = P + Q = (xR, −yR) by

If xP = xQ (third and fourth panes above), then there are two options: if yP = −yQ, including the case where yP = yQ =0, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the x-axis.If yP = yQ ≠ 0 (second pane), then R = P + P = 2P = (xR, −yR) is given by

Associativity

All of the group laws except associativity follow immediately from thegeometrical definition of the group operation. This animationillustrates geometically a proof of the associativity law.Notice that the sum of the three values on any of the six lines is 0. Thelocation of all nine points is determined by the elliptic curve togetherwith the locations of 0,a,b and c. The central point of the nine lies onthe line through a and b+c, and also on the line through a+b and c. Itfollows that the central point is equal to both -(a+(b+c)) and-((a+b)+c), and thus these values are equal.

The elliptic curve and the point 0 are fixed in this animation while a, b and c move independently of each other.

Elliptic curve 4

Elliptic curves over the complex numbers

An elliptic curve over the complex numbers is obtained as a quotient of thecomplex plane by a lattice Λ, here spanned by two fundamental periods ω1 and

ω2. The four-torsion is also shown, corresponding to the lattice 1/4 Λ containingΛ.

The formulation of elliptic curves as theembedding of a torus in the complexprojective plane follows naturally from acurious property of Weierstrass's ellipticfunctions. These functions and their firstderivative are related by the formula

Here, g2 and g3 are constants; is theWeierstrass elliptic function and itsderivative. It should be clear that this relationis in the form of an elliptic curve (over thecomplex numbers). The Weierstrass functionsare doubly periodic; that is, they are periodicwith respect to a lattice Λ; in essence, theWeierstrass functions are naturally defined ona torus T = C/Λ. This torus may be embeddedin the complex projective plane by means ofthe map

This map is a group isomorphism, carryingthe natural group structure of the torus intothe projective plane. It is also an isomorphismof Riemann surfaces, so topologically, agiven elliptic curve looks like a torus. If thelattice Λ is related by multiplication by anon-zero complex number c to a lattice cΛ ,then the corresponding curves are isomorphic. Isomorphism classes of elliptic curves are specified by the j-invariant.

The isomorphism classes can be understood in a simpler way as well. The constants g2 and g3, called the modularinvariants, are uniquely determined by the lattice, that is, by the structure of the torus. However, the complexnumbers form the splitting field for polynomials with real coefficients, and so the elliptic curve may be written as

One finds that

and

so that the modular discriminant is

Here, λ is sometimes called the modular lambda function.Note that the uniformization theorem implies that every compact Riemann surface of genus one can be representedas a torus.

Elliptic curve 5

This also allows an easy understanding of the torsion points on an elliptic curve: if the lattice Λ is spanned by thefundamental periods ω1 and ω2, then the n-torsion points are the (equivalence classes of) points of the form

for a and b integers in the range from 0 to n−1.Over the complex numbers, every elliptic curve has nine inflection points. Every line through two of these pointsalso passes through a third inflection point; the nine points and 12 lines formed in this way form a realization of theHesse configuration.

Elliptic curves over the rational numbersA curve E defined over the field of rational numbers is also defined over the field of real numbers, therefore the lawof addition (of points with real coordinates) by the tangent and secant method can be applied to E. The explicitformulae show that the sum of two points P and Q with rational coordinates has again rational coordinates, since theline joining P and Q has rational coefficients. This way, one shows that the set of rational points of E forms asubgroup of the group of real points of E. As this group, it is an abelian group, that is, P + Q = Q + P.

The structure of rational pointsThe most important result is that all points can be constructed by the method of tangents and secants starting with afinite number of points. More precisely[1] the Mordell-Weil theorem states that the group E(Q) is a finitely generated(abelian) group. By the fundamental theorem of finitely generated abelian groups it is therefore a finite direct sum ofcopies of Z and finite cyclic groups.The proof of that theorem[2] rests on two ingredients: first, one shows that for any integer m > 1, the quotient groupE(Q)/mE(Q) is finite (weak Mordell–Weil theorem). Second, introducing a height function h on the rational pointsE(Q) defined by h(P0) = 0 and h(P) = log max(|p|, |q|) if P (unequal to the point at infinity P0) has as abscissa therational number x = p⁄q (with coprime p and q). This height function h has the property that h(mP) grows roughly likethe square of m. Moreover, only finitely many rational points with height smaller than any constant exist on E.The proof of the theorem is thus a variant of the method of infinite descent[3] and relies on the repeated applicationof Euclidean divisions on E: let P ∈ E(Q) be a rational point on the curve, writing P as the sum 2P1 + Q1 where Q1 isa fixed representant of P in E(Q)/2E(Q), the height of P1 is about 1⁄4 of the one of P (more generally, replacing 2 byany m > 1, and 1⁄4 by 1⁄m2). Redoing the same with P1, that is to say P1 = 2P2 + Q2, then P2 = 2P3 + Q3, etc. finallyexpresses P as an integral linear combination of points Qi and of points whose height is bounded by a fixed constantchosen in advance: by the weak Mordell–Weil theorem and the second property of the height function P is thusexpressed as an integral linear combination of a finite number of fixed points.So far, the theorem is not effective since there is no known general procedure for determining the representants ofE(Q)/mE(Q).The rank of E(Q), that is the number of copies of Z in E(Q) or, equivalently, the number of independent points ofinfinite order, is called the rank of E. The Birch and Swinnerton-Dyer conjecture is concerned with determining therank. One conjectures that it can be arbitrarily large, even if only examples with relatively small rank are known. Theelliptic curve with biggest exactly known rank is

y2 + xy = x3 − 26175960092705884096311701787701203903556438969515x +51069381476131486489742177100373772089779103253890567848326.

It has rank 18, found by Noam Elkies in 2006. Curves of rank at least 28 are known, but their rank is not exactlyknown.As for the groups constituting the torsion subgroup of E(Q), the following is known[4] the torsion subgroup of E(Q) is one of the 15 following groups (a theorem due to Barry Mazur): Z/NZ for N = 1, 2, …, 10, or 12, or Z/2Z ×

Elliptic curve 6

Z/2NZ with N = 1, 2, 3, 4. Examples for every case are known. Moreover, elliptic curves whose Mordell-Weilgroups over Q have the same torsion groups belong to a parametrized family.[5]

The Birch and Swinnerton-Dyer conjectureThe Birch and Swinnerton-Dyer conjecture (BSD) is one of the Millennium problems of the Clay MathematicsInstitute. The conjecture relies on analytic and arithmetic objects defined by the elliptic curve in question.At the analytic side, an important ingredient is a function of a complex variable, L, the Hasse–Weil zeta function ofE over Q. This function is a variant of the Riemann zeta function and Dirichlet L-functions. It is defined as an Eulerproduct, with one factor for every prime number p.For a curve E over Q given by a minimal equation

with integral coefficients ai, reducing the coefficients modulo p defines an elliptic curve over the finite field Fp(except for a finite number of primes p, where the reduced curve has a singularity and thus fails to be elliptic, inwhich case E is said to be of bad reduction at p).The zeta function of an elliptic curve over a finite field Fp is, in some sense, a generating function assembling theinformation of the number of points of E with values in the finite field extensions of Fp, Fpn. It is given,[6]

The interior sum of the exponential resembles the development of the logarithm and, in fact, the so-defined zetafunction is a rational function:

The Hasse–Weil zeta function of E over Q is then defined by collecting this information together, for all primes p. Itis defined by

where ε(p) = 1 if E has good reduction at p and 0 otherwise (in which case ap is defined differently than above).This product converges for Re(s) > 3/2 only. Hasse's conjecture affirms that the L-function admits an analyticcontinuation to the whole complex plane and satisfies a functional equation relating, for any s, L(E, s) to L(E, 2−s).In 1999 this was shown to be a consequence of the proof of the Shimura–Taniyama–Weil conjecture, which assertsthat every elliptic curve over Q is a modular curve, which implies that its L-function is the L-function of a modularform whose analytic continuation is known.One can therefore speak about the values of L(E, s) at any complex number s. The Birch-Swinnerton-Dyerconjecture relates the arithmetic of the curve to the behavior of its L-function at s = 1. More precisely, it affirms thatthe order of the L-function at s = 1 equals the rank of E and predicts the leading term of the Laurent series of L(E, s)at that point in terms of several quantities attached to the elliptic curve.Much like the Riemann hypothesis, this conjecture has multiple consequences, including the following two:• Let n be an odd square-free integer. Assuming the Birch and Swinnerton-Dyer conjecture, n is the area of a right

triangle with rational side lengths (a congruent number) if and only if the number of triplets of integers (x, y, z)satisfying is twice the number of triples satisfying . Thisstatement, due to Tunnell, is related to the fact that n is a congruent number if and only if the elliptic curve

has a rational point of infinite order (thus, under the Birch and Swinnerton-Dyer conjecture, itsL-function has a zero at 1). The interest in this statement is that the condition is easily verified.[7]

Elliptic curve 7

• In a different direction, certain analytic methods allow for an estimation of the order of zero in the center of thecritical strip of families of L-functions. Admitting the BSD conjecture, these estimations correspond toinformation about the rank of families of elliptic curves in question. For example,:[8] suppose the generalizedRiemann hypothesis and the BSD conjecture, the average rank of curves given by issmaller than 2.

The modularity theorem and its application to Fermat's Last TheoremThe modularity theorem, once known as the Taniyama–Shimura–Weil conjecture, states that every elliptic curve Eover Q is a modular curve, that is to say, its Hasse–Weil zeta function is the L-function of a modular form of weight2 and level N, where N is the conductor of E (an integer divisible by the same prime numbers as the discriminant ofE, Δ(E).) In other words, if, for Re(s) > 3/2, one writes the L-function in the form

the expression

defines a parabolic modular newform of weight 2 and level N. For prime numbers ℓ not dividing N, the coefficienta(ℓ) of the form equals ℓ – the number of solutions of the minimal equation of the curve modulo ℓ.

For example,[9] to the elliptic curve with discriminant (and conductor) 37, is associated theform

For prime numbers ℓ distinct of 37, one can verify the property about the coefficients. Thus, for ℓ = 3, the solutionsof the equation modulo 3 are (0, 0), (0, 1), (2, 0), (1, 0), (1, 1), (2, 1), as and a(3) = 3 − 6 = −3.The conjecture, going back to the fifties, has been completely shown in 1999 using ideas of Andrew Wiles, whoalready proved it in 1994 for a large family of elliptic curves.[10]

There are several formulations of the conjecture. Showing that they are equivalent is difficult and was a main topicof number theory in the second half of the 20th century. The modularity of an elliptic curve E of conductor N can beexpressed also by saying that there is a non-constant rational map defined over Q, from the modular curve X0(N) toE. In particular, the points of E can be parametrized by modular functions.

For example, a modular parametrization of the curve is given by[11]

where, as above, q = exp(2πiz). The functions x(z) and y(z) are modular of weight 0 and level 37; in other words theyare meromorphic, defined on the upper half-plane Im(z) > 0 and satisfy

and likewise for y(z) for all integers a, b, c, d with ad − bc = 1 and 37|c.Another formulation depends on the comparison of Galois representations attached on the one hand to ellipticcurves, and on the other hand to modular forms. The latter formulation has been used in the proof the conjecture.Dealing with the level of the forms (and the connection to the conductor of the curve) is particularly delicate.The most spectacular application of the conjecture is the proof of Fermat's Last Theorem (FLT). Suppose that for aprime p > 5, the Fermat equation

has a solution with non-zero integers, hence a counter-example to FLT. Then the elliptic curve

Elliptic curve 8

of discriminant

cannot be modular. Thus, the proof of the Taniyama–Shimura–Weil conjecture for this family of elliptic curves(called Hellegouarch–Frey curves) implies the FLT. The proof of the link between these two statements, based on anidea of Gerhard Frey (1985), is difficult and technical. It was established by Kenneth Ribet in 1987.[12]

Integral pointsThis section is concerned with points P = (x, y) of E such that x is an integer.[13] The following theorem is due to C.L. Siegel: the set of points P = (x, y) of E(Q) such that x is integral is finite. This theorem can be generalized topoints whose x coordinate has a denominator divisible only by a fixed finite set of prime numbers.The theorem can be formulated effectively. For example,[14] if the Weierstrass equation of E has integer coefficientsbounded by a constant H, the coordinates (x, y) of a point of E with both x and y integer satisfy:

For example, the equation y2 = x3 + 17 has eight integral solutions with y > 0 :[15]

(x,y) = (−1,4), (−2,3), (2,5), (4,9), (8,23), (43,282), (52,375), (5234,378661).As another example, Ljunggren's equation, a curve whose Weierstrass form is y2 = x3 − 2x, has only four solutionswith y ≥ 0 :[16]

(x,y) = (0,0), (−1,1), (2, 2), (338,6214).

Generalization to number fieldsMany of the preceding results remain valid when the field of definition of E is a number field, that is to say, a finitefield extension of Q. In particular, the group E(K) of K-rational points of an elliptic curve E defined over K is finitelygenerated, which generalizes the Mordell–Weil theorem above. A theorem due to Loïc Merel shows that for a giveninteger d, there are (up to isomorphism) only finitely many groups that can occur as the torsion groups of E(K) for anelliptic curve defined over a number field K of degree d. More precisely,[17] there is a number B(d) such that for anyelliptic curve E defined over a number field K of degree d, any torsion point of E(K) is of order less than B(d). Thetheorem is effective: for d > 1, if a torsion point is of order p, with p prime, then

As for the integral points, Siegel's theorem generalizes to the following: let E be an elliptic curve defined over anumber field K, x and y the Weierstrass coordinates. Then the points of E(K) whose x-coordinate is in the ring ofintegers OK is finite.The properties of the Hasse–Weil zeta function and the Birch and Swinnerton-Dyer conjecture can also be extendedto this more general situation.

Elliptic curve 9

Elliptic curves over a general fieldElliptic curves can be defined over any field K; the formal definition of an elliptic curve is a non-singular projectivealgebraic curve over K with genus 1 with a given point defined over K.If the characteristic of K is neither 2 nor 3, then every elliptic curve over K can be written in the form

where p and q are elements of K such that the right hand side polynomial x3 − px − q does not have any double roots.If the characteristic is 2 or 3, then more terms need to be kept: in characteristic 3, the most general equation is of theform

for arbitrary constants b2, b4, b6 such that the polynomial on the right-hand side has distinct roots (the notation ischosen for historical reasons). In characteristic 2, even this much is not possible, and the most general equation is

provided that the variety it defines is non-singular. If characteristic were not an obstruction, each equation wouldreduce to the previous ones by a suitable change of variables.One typically takes the curve to be the set of all points (x,y) which satisfy the above equation and such that both xand y are elements of the algebraic closure of K. Points of the curve whose coordinates both belong to K are calledK-rational points.

IsogenyLet E and D be elliptic curves over a field k. An isogeny between E and D is a finite morphism f : E → D of varietiesthat preserves basepoints (in other words, maps the given point on E to that on D).The two curves are called isogenous if there is an isogeny between them. This is an equivalence relation, symmetrybeing due to the existence of the dual isogeny. Every isogeny is an algebraic homomorphism and thus induceshomomorphisms of the groups of the elliptic curves for k-valued points.

Elliptic curves over finite fields

Set of affine points of elliptic curve y2 = x3 − x over finite field F61.

Let K = Fq be the finite field with q elements andE an elliptic curve defined over K. While theprecise number of rational points of an ellipticcurve E over K is in general rather difficult tocompute, Hasse's theorem on elliptic curves givesus, including the point at infinity, the followingestimate:

In other words, the number of points of the curvegrows roughly as the number of elements in thefield. This fact can be understood and proven withthe help of some general theory; see local zetafunction, Étale cohomology.

Elliptic curve 10

Set of affine points of elliptic curve y2 = x3 − x over finite field F89.

The set of points E(Fq) is a finite abelian group. Itis always cyclic or the product of two cyclicgroups. For example,[18] the curve defined by

over F71 has 72 points (71 affine points including(0,0) and one point at infinity) over this field,whose group structure is given by Z/2Z × Z/36Z.The number of points on a specific curve can becomputed with Schoof's algorithm.

Studying the curve over the field extensions of Fqis facilitated by the introduction of the local zetafunction of E over Fq, defined by a generatingseries (also see above)

where the field Kn is the (unique) extension of K = Fq of degree n (that is, Fqn). The zeta function is a rationalfunction in T. There is an integer a such that

Moreover,

with complex numbers α, β of absolute value . This result are a special case of the Weil conjectures. Forexample,[19] the zeta function of E : y2 + y = x3 over the field F2 is given by

this follows from:

Elliptic curve 11

Set of affine points of elliptic curve y2 = x3 − x over finite field F71.

The Sato–Tate conjecture is astatement about how the error term

in Hasse's theorem varies with thedifferent primes q, if you take anelliptic curve E over Q and reduce itmodulo q. It was proven (for almost allsuch curves) in 2006 due to the resultsof Taylor, Harris andShepherd-Barron,[20] and says that theerror terms are equidistributed.

Elliptic curves over finite fields arenotably applied in cryptography andfor the factorization of large integers.These algorithms often make use of thegroup structure on the points of E.Algorithms that are applicable togeneral groups, for example the group of invertible elements in finite fields, F*q, can thus be applied to the group ofpoints on an elliptic curve. For example, the discrete logarithm is such an algorithm. The interest in this is thatchoosing an elliptic curve allows for more flexibility than choosing q (and thus the group of units in Fq). Also, thegroup structure of elliptic curves is generally more complicated.

Algorithms that use elliptic curvesElliptic curves over finite fields are used in some cryptographic applications as well as for integer factorization.Typically, the general idea in these applications is that a known algorithm which makes use of certain finite groups isrewritten to use the groups of rational points of elliptic curves. For more see also:•• Elliptic curve cryptography•• Elliptic Curve DSA•• Lenstra elliptic curve factorization•• Elliptic curve primality proving

Alternative representations of elliptic curves•• Hessian curve•• Edwards curve•• Twisted curve•• Twisted Hessian curve•• Twisted Edwards curve• Doubling-oriented Doche–Icart–Kohel curve• Tripling-oriented Doche–Icart–Kohel curve•• Jacobian curve•• Montgomery curve

Elliptic curve 12

Notes[3] See also J. W. S. Cassels, Mordell's Finite Basis Theorem Revisited, Mathematical Proceedings of the Cambridge Philosophical Society 100,

3–41 and the comment of A. Weil on the genesis of his work: A. Weil, Collected Papers, vol. 1, 520–521.[6] The definition is formal, the exponential of this power series without constant term denotes the usual development.[8] D. R. Heath-Brown, The average analytic rank of elliptic curves, Duke Mathematical Journal 122–3, 591–623 (2004).[9] For the calculations, see for example D. Zagier, « Modular points, modular curves, modular surfaces and modular forms », Lecture Notes in

Mathematics 1111, Springer, 1985, 225–248.[10] A synthetic presentation (in French) of the main ideas can be found in this (http:/ / archive. numdam. org/ ARCHIVE/ SB/

SB_1994-1995__37_/ SB_1994-1995__37__319_0/ SB_1994-1995__37__319_0. pdf) Bourbaki article of Jean-Pierre Serre. For more detailssee

[11] D. Zagier, « Modular points, modular curves, modular surfaces and modular forms », Lecture Notes in Mathematics 1111, Springer, 1985,225–248.

[12] See the survey of K. Ribet «From the Taniyama–Shimura conjecture to Fermat's Last Theorem», Annales de la Faculté des sciences deToulouse 11 (1990), 116–139.

[14][14] , due to Baker.[15] T. Nagell, L'analyse indéterminée de degré supérieur, Mémorial des sciences mathématiques 39, Paris, Gauthier-Villars, 1929, pp. 56–59.[16][16] .[17] L. Merel, « Bornes pour la torsion des courbes elliptiques sur les corps de nombres », Inventiones Mathematicae 124 (1996), No. 1–3,

437–449.[18][18] See[20] M. Harris, N. Shepherd-Barron, R. Taylor. A family of Calabi–Yau varieties and potential automorphy (http:/ / www. math. harvard. edu/

~rtaylor/ cyfin. pdf)

ReferencesSerge Lang, in the introduction to the book cited below, stated that "It is possible to write endlessly on ellipticcurves. (This is not a threat.)" The following short list is thus at best a guide to the vast expository literature availableon the theoretical, algorithmic, and cryptographic aspects of elliptic curves.• I. Blake; G. Seroussi, N. Smart (2000). Elliptic Curves in Cryptography. LMS Lecture Notes. Cambridge

University Press. ISBN 0-521-65374-6.• Richard Crandall; Carl Pomerance (2001). "Chapter 7: Elliptic Curve Arithmetic". Prime Numbers: A

Computational Perspective (1st ed.). Springer-Verlag. pp. 285–352. ISBN 0-387-94777-9.• Cremona, John (1997). Algorithms for Modular Elliptic Curves (http:/ / www. warwick. ac. uk/ staff/ J. E.

Cremona/ / book/ fulltext/ index. html) (2nd ed.). Cambridge University Press. ISBN 0-521-59820-6.• Darrel Hankerson, Alfred Menezes and Scott Vanstone (2004). Guide to Elliptic Curve Cryptography (http:/ /

www. cacr. math. uwaterloo. ca/ ecc/ ). Springer. ISBN 0-387-95273-X.• Hardy, G.H.; Wright, E.M. (2008) [1938], An Introduction to the Theory of Numbers, Revised by D.R.

Heath-Brown and J.H. Silverman. Foreword by Andrew Wiles. (6th ed.), Oxford: Oxford University Press,ISBN 978-0-19-921986-5, Zbl  1159.11001 (http:/ / www. zentralblatt-math. org/ zmath/ en/ search/?format=complete& q=an:1159. 11001) Chapter XXV

• Hellegouarch, Yves (2001). Invitation aux mathématiques de Fermat-Wiles. Paris: Dunod.ISBN 978-2-10-005508-1

• Husemöller, Dale (2004). Elliptic Curves. Graduate Texts in Mathematics 111 (2nd ed.). Springer.ISBN 0-387-95490-2.

• Kenneth Ireland; Michael I. Rosen (1998). "Chapters 18 and 19". A Classical Introduction to Modern NumberTheory. Graduate Texts in Mathematics 84 (2nd revised ed.). Springer. ISBN 0-387-97329-X.

• Anthony Knapp (1992). Elliptic Curves. Math Notes 40. Princeton University Press.• Koblitz, Neal (1993). Introduction to Elliptic Curves and Modular Forms. Graduate Texts in Mathematics 97

(2nd ed.). Springer-Verlag. ISBN 0-387-97966-2• Koblitz, Neal (1994). "Chapter 6". A Course in Number Theory and Cryptography. Graduate Texts in

Mathematics 114 (2nd ed.). Springer-Verlag. ISBN 0-387-94293-9

Elliptic curve 13

• Serge Lang (1978). Elliptic curves: Diophantine analysis. Grundlehren der mathematischen Wissenschaften 231.Springer-Verlag. ISBN 3-540-08489-4.

• Henry McKean; Victor Moll (1999). Elliptic curves: function theory, geometry and arithmetic. CambridgeUniversity Press. ISBN 0-521-65817-9.

• Ivan Niven; Herbert S. Zuckerman, Hugh Montgomery (1991). "Section 5.7". An introduction to the theory ofnumbers (5th ed.). John Wiley. ISBN 0-471-54600-3.

• Silverman, Joseph H. (1986). The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics 106.Springer-Verlag. ISBN 0-387-96203-4

• Joseph H. Silverman (1994). Advanced Topics in the Arithmetic of Elliptic Curves. Graduate Texts inMathematics 151. Springer-Verlag. ISBN 0-387-94328-5.

• Joseph H. Silverman; John Tate (1992). Rational Points on Elliptic Curves. Springer-Verlag.ISBN 0-387-97825-9.

• John Tate (1974). "The arithmetic of elliptic curves". Inventiones Mathematicae 23 (3–4): 179–206. doi:10.1007/BF01389745 (http:/ / dx. doi. org/ 10. 1007/ BF01389745).

• Lawrence Washington (2003). Elliptic Curves: Number Theory and Cryptography. Chapman & Hall/CRC.ISBN 1-58488-365-0.

External links• Hazewinkel, Michiel, ed. (2001), "Elliptic curve" (http:/ / www. encyclopediaofmath. org/ index. php?title=p/

e035450), Encyclopedia of Mathematics, Springer, ISBN 978-1-55608-010-4• The Mathematical Atlas: 14H52 Elliptic Curves (http:/ / www. math. niu. edu/ ~rusin/ known-math/ index/

14H52. html)• Weisstein, Eric W., " Elliptic Curves (http:/ / mathworld. wolfram. com/ EllipticCurve. html)" from MathWorld.• The Arithmetic of Elliptic Curves (http:/ / planetmath. org/ encyclopedia/ ArithmeticOfEllipticCurves. html) from

PlanetMath• Three Fermat Trails to Elliptic Curves (http:/ / mathdl. maa. org/ images/ upload_library/ 22/ Polya/ 07468342.

di020792. 02p05747. pdf), Ezra Brown, The College Mathematics Journal, Vol. 31 (2000), pp. 162–172, winnerof the MAA writing prize the George Pólya Award.

• Matlab code for implicit function plotting (http:/ / www. mathworks. com/ matlabcentral/ fileexchange/ loadFile.do?objectId=300& objectType=File) – Can be used to plot elliptic curves.

• Interactive introduction to elliptic curves and elliptic curve cryptography with SAGE (http:/ / sagenb. org/ home/pub/ 1126/ )

• Geometric Elliptic Curve Model(Java-Applet drawing curves) (http:/ / www. certicom. com/ ecc_tutorial/ecc_javaCurve. html)

• Interactive elliptic curve over R (http:/ / danher6. 100webspace. net/ ecc#ER_interactivo) and over Zp (http:/ /danher6. 100webspace. net/ ecc#EFp_interactivo) - Web application that requires HTML5 capable browser.

This article incorporates material from Isogeny on PlanetMath, which is licensed under the Creative CommonsAttribution/Share-Alike License.

Article Sources and Contributors 14

Article Sources and ContributorsElliptic curve  Source: http://en.wikipedia.org/w/index.php?oldid=551818982  Contributors: 777sms, Albertaszi, Almacantar, Artie p, Aryaniae, AugPi, Avelingk, AxelBoldt, Bender235,Betacommand, BiT, Bovineone, Brusegadi, CBM, CRGreathouse, CYD, Charles Matthews, Charvest, Chas zzz brown, Chris the speller, Ciphergoth, Cjfsyntropy, CloudNine, ColdFeet,Conversion script, Crasshopper, CryptoDerk, CsDix, Cyp, Damien Karras, Daniel ht, David Eppstein, Dcoetzee, Delaszk, Deltahedron, Desnacked, Dmharvey, Doctorhook, Dysprosia, Ee79,Elwikipedista, Emijrp, Eubulides, Feketekave, Fred Gandt, Fred999, Froire, Fropuff, Fsedit, Fwclarke, GNU, Galaxiaad, Gandalf61, Gauss, Gene Ward Smith, Giftlite, Goldencako, Graham87,Greenstruck, Hari, Ilya (usurped), JackSchmidt, Jacksonwalters, Jakob.scholbach, Jaroslavleff, Jcobb, Jinhyun park, Joebloggs290792, John Vandenberg, Jok2000, Joost Rijneveld, Jowa fan,Juliusross, Jwy, KSmrq, Keilana, Kusma, Lagelspeil, LaughingMan, Linas, Lowellian, Lwalkera, Lzur, Magioladitis, Maike.massierer, Mathsci, Maxal, Michael Hardy, Mon4, Mongreilf, MrX,Mwhirsch, N6k6t6, Obradovic Goran, Ogrizzo, Originalbigj, Originalfmg, Ozob, Paul August, Phil Boswell, PierreAbbat, Point-set topologist, Policron, Python eggs, RJChapman, Rckrone,RobHar, Robertwb, Roentgenium111, Ruud Koot, Ryan Reich, Salzbrezel, Sam Derbyshire, ShaunMacPherson, ShelfSkewed, Siddhant, Simon12, Slash, Stevenj, Stuart Presnell, Suhagja,Susvolans, TLange, Talkloud, TankMiche, Taw, Technopop.tattoo, Tesseran, The Anome, Thecheesykid, ThomasStrohmann, Tkuvho, Truthteam3, Twri, Vanish2, WLior, Wck1999, Widefox,Yintan, ZeroOne, 135 anonymous edits

Image Sources, Licenses and ContributorsImage:EllipticCurveCatalog.svg  Source: http://en.wikipedia.org/w/index.php?title=File:EllipticCurveCatalog.svg  License: Public Domain  Contributors: TosImage:ECClines-3.svg  Source: http://en.wikipedia.org/w/index.php?title=File:ECClines-3.svg  License: Creative Commons Attribution-Sharealike 3.0,2.5,2.0,1.0  Contributors:User:Emmanuel.boutetImage:ECClines.svg  Source: http://en.wikipedia.org/w/index.php?title=File:ECClines.svg  License: Creative Commons Attribution-Sharealike 3.0,2.5,2.0,1.0  Contributors: SuperManuFile:EllipticGroup.gif  Source: http://en.wikipedia.org/w/index.php?title=File:EllipticGroup.gif  License: Public Domain  Contributors: Thomas CooperImage:Lattice torsion points.svg  Source: http://en.wikipedia.org/w/index.php?title=File:Lattice_torsion_points.svg  License: Creative Commons Attribution-Sharealike 3.0  Contributors:User:Sam DerbyshireFile:Elliptic curve y^2=x^3-x on finite field Z 61.PNG  Source: http://en.wikipedia.org/w/index.php?title=File:Elliptic_curve_y^2=x^3-x_on_finite_field_Z_61.PNG  License: Public Domain Contributors: Technopop.tattooFile:Elliptic curve y^2=x^3-x on finite field Z 89.PNG  Source: http://en.wikipedia.org/w/index.php?title=File:Elliptic_curve_y^2=x^3-x_on_finite_field_Z_89.PNG  License: CreativeCommons Zero  Contributors: Technopop.tattooFile:Elliptic curve y^2=x^3-x on finite field Z 71.PNG  Source: http://en.wikipedia.org/w/index.php?title=File:Elliptic_curve_y^2=x^3-x_on_finite_field_Z_71.PNG  License: CreativeCommons Zero  Contributors: Technopop.tattoo

LicenseCreative Commons Attribution-Share Alike 3.0 Unported//creativecommons.org/licenses/by-sa/3.0/