The Arithmetic of Elliptic Curves : W 1. Introduction

Download as pdf or txt
Download as pdf or txt
You are on page 1of 28

ln~entlones math.

23, 1 7 9 - 2 0 6 119741
9 by Springer-Verlag 1974

The Arithmetic of Elliptic Curves*


John T. Tate (Cambridge, Mass.)

w 1. Introduction
After curves of genus 0 (e.g. lines and conics in the plane) come
curves of genus 1, or "elliptic" curves (e. g. plane cubics or intersections
of quadric surfaces in three-space). Elliptic curves are the first examples
of abelian varieties. Their points of finite order give the first non-trivial
examples of 6tale cohomology groups. The action of Galois groups on
these leads both to the classical theory of complex multiplication as
well as to systems of non-abelian extensions which may contain clues
to non-abelian class field theory. Elliptic curves are intimately connected
with the theory of modular forms, in more ways than one.
In the early sections I have tried to give a brief introduction to the
fundamentals of the subject, using explicit formulas to by-pass chunks
of general theory when possible. The later sections are a survey of recent
work with emphasis on three main topics: (1) The problem of rational
points, the Shafarevitch group, and the conjecture of Birch and Swinner-
ton-Dyer. (2) Modular curves and Weil's astounding idea that every
elliptic curve over the rational field is "'modular". (3) Serre's theorem
that the Galois groups obtained from points of finite order on elliptic
curves are "as big as possible". I hope to be able to convey some idea
of these advances here, illustrating them by numerical examples discussed
in the last section.

w 2. Weierstrass Models
In these lectures we will use the term elliptic curee to mean an abelian
variety of dimension 1, or, what is the same, an irreducible non-singular
projective algebraic curve of genus 1 furnished with a point 0, the
origin for the group law. Any such curve E, defined over a field K,
has a plane cubic model of the form
y 2 + a 1x y + a 3 y = x 3 + a 2 x2+a4x+a6 (1)
* Revised version of a survey, distributed in conjunction with the Colloquium Lectures
given at D a r t m o u t h College, Hannover, August 29-September 1, 1972 (77th summer
meelmg of the A.M.S.).
The author thanks N.S.F. for its support, and J.-P. Serre for his secretarial and editorial
help
13 invenUones math, Vol 23
t80 J.T. Tate

where x and y are coordinates in the affine plane and the coefficients a,
are in our g r o u n d field K. W e call (1) a Weierstrass equation because in
characteristics + 2 , 3 we can replace x and y by

a~ +4a2
~o=x+ 12 ' ~~

a n d (1) becomes of the form

(y),)2 = 4 ~o3 _ g2 ~o - g3.

In the projective plane the curve (1) has a unique point at infinity which
we call 0 and take as the origin for the g r o u p law. It is a point of inflection
with the line at infinity as tangent; the other lines through 0 are the
"vertical" lines, x = const.
Given an Eq. (1), i.e., given five elements al, a2, a3, a,, a6 in K, we
define associated quantities b,, c,, A, and j by the following formulas.
T h e subscripts indicate weights. The quantity A, of weight 12, is called
the discriminant; its non-vanishing is necessary and sufficient for the
curve (1) to be non-singular, hence elliptic.

b2=aZ+4a2 c4--b~-24b~(=12g2)
b4=ala3+2a 4 %= -b3+3662b4-216b6(=21693)
b6=aZ+4a6 A=-b2bs-8b3-27b2+9bzb4b6(=g~-27g~ (2)

2 llZ2 9 C34 .
b 8 = bz a6 - al a3 a+ + a 2 a3 - , j= ~ = 1728 J).

These quantities are related by

4b 8 = b 2b 6 - b 4 z and 1 7 2 8 A - c- 3, ~ - c.26 . (3)

A n invariant differential on tl) is

dx ( _ d~o(Zl =dz) " (4)


co- 2y+alx+a3 go'(z)
A Weierstrass model (1) for an elliptic curve E over K is unique
up to a coordinate transformation of the form
x-=u2x'+r, y=u3y'+su2x'+t (5)

with r, s, t, u ~ K , u:~O. Under such a change we have

co' = u co, (6)


The Arithmetic of Elliptic Curves 181

and the transformation rules for the a's, b's, c's, A and j are:

u a'l = a l + 2 s ua b's = b s + 3r b6 + 3r2 b4 +r3 b2 + 3r 4

uZ a ' 2 = a 2 - s a l + 3 r - s z u6 b'6=b6 + 2r b4 + r2 b2 + 4 r 3

u3a3=a3+ral+2t u4 b4=b4+rb2+6r 2

u4 a ' 4 = a 4 - s a 3 + 2 r a 2 u2 b',_=bz + 1 2 r (7)


- ( t + r s ) al + 3 r 2 - 2 s t

u6 a ' 6 = a 6 + r a 4 +rZ az + r 3 - - t a 3 - - r t a ~ - - t 2

u ~ c'~ = c 4 , u ~ c'o = c 6 , u ~2 A ' = A, j, = j .

If two elliptic curves E and E' are isomorphic, then j = j ' ; the
converse is true over an algebraically closed field K, as is not hard
to check using the formulas above.
If P is a point on E we denote the corresponding prime divisor
by (PI. We let D ~ D ' denote linear equivalence of divisors. The g r o u p
law on E, which is commutative and denoted by + , is determined
intrinsically by the rule

n n tl n

i= i i= 1 l= l i= 1

together with the fact that 0 is the identity element, i.e., O + P = P for
all P. On a Weierstrass model (in fact on any plane cubic model in
which 0 is a point of inflection) it follows that for three points P, Q, R
on E we have P + Q + R = O e * . ( P ) + ( Q ) + ( R ) ~ 3 ( O ) c * ( P ) + ( Q ) + ( R ) is
the intersection cycle of a line with E. (This means simply P, Q, and R
collinear if P + Q : t = R + P ; if P=Q:4=R, it means that the tangent to E
at P meets E also in R; and if P = Q = R it means that P is a point of
inflection.)
It is easy to m a k e the addition law on a Weierstrass model (1) very
explicit. Let P~= (x 1 , Yl) and P2 =(x2, Y21 be two points + 0 on the curve.
Then P1 + P2 = 0 ~ xl = x2 and y~ + Y2 + al x + a 3 = 0. Otherwise, we find
the sum P~+Pz=P3=(x3,Y3) as follows: Let y - - R x + v be the line
through P~ and Pz (tangent to E at Px if P~= Pz). Then x 1, x 2, x 3 are
the roots, with correct multiplicities, of the cubic equation in x obtained
by substituting 2 x + v for y in (1). Hence x3 can be calculated from
x I -Jvx 2 -t- x 3 = 2 2 -~-aa 2 -- a z , then 1'3 from - a t x3 - a3 - Y3 =)~ x3 + v. Of
course, if the coordinates of the points P~ and P2 lie in the g r o u n d
13"
182 J.T. Tate

field K, those of P3 do also. Thus the set E(K) of K-rational points on E,


consisting of 0 and the solutions (x,y)eKxK of Eq.[1), is a group.
Even if E is not an elliptic curve, but a singular plane cubic of the
form (1), the prescription just given makes the set of non-singular points
E,s on E into a group. In this case E is a rational curve of genus 0, with
one singularity, S, a node or cusp. The situation is as follows:
If A = 0 and c4 4=0 (so j = zc,) then S is a node and is rational over K.
If
y = 0q X~-/~ 1 and y = 0~2 X-}-/~ 2

are the two tangents to E at S then the m a p

y--o~ 1 X - - [ ] 1
P = (x, y) ~ 19)
y--o~2 X - - [ ~ 2

is an isomorphism of E,s with the multiplicative group Gin. If :q and c~2


are in K, this isomorphism is defined over K and E,,s(K)',-K*; if not,
then ~1 and ~2 are conjugate quadratic irrationalities over K and
E,s(K)~-(gp. of elts. of norm 1 in the quad. ext. K(o:)/K).
If A = 0 and c4 = 0 {so j indeterminate), then S is a cusp. If S is rational
over K (which is automatic if K is perfect or of characteristic 32, 3),
then the m a p 1
P~-~ (10)
(slope PSi-(slope of tangent at S)
is an isomorphism of E,, with the additive group G,, defined over K,
and E,s(K)mK +.
By means of the formulas (71 it is easy to determine the structure
of the group of automorphisms of an elliptic curve E. If j4=0, 1728 then
the only non trivial automorphism is P~-*-P. If c h a r K # 2 , 3 and
j = 0 (resp. j = 1 2 3 ) then E can be taken in the form y2=X3~-6/6(resp.
yZ=x3+a4x) and the only automorphisms are of the form (x,y)w.
(u2x,u3y) with u 6 = 1 (resp. u a = l ) . If c h a r K = 3 {resp. c h a r K = 2 ) and
j = 0 = 1728 then, over an algebraically closed field, E can be taken of
the form y2=x3-x (resp. yZ--.!,'=X3) and A u t E is a non-commutative
group of order 12 (resp. 24). M o r e precisely:
The group of order 12 can be presented by two generators s, t with
the relations s 4 = l , t 3 = l , sts-l=t-~; its quotient by { _ + l } = { l , s 2}
is SLz(F2)= ~3, as one sees by considering its action on the 2-division
points.
The group of order 24 is isomorphic to SL2(F3), as one sees by
considering its action on the 3-division points; it is a semi-direct product
of a cyclic group of order 3 by a quaternion group of order 8 {normal
subgroup).
T h e Arithmetic of Elliptic Curves 183

w 3. Expansions near 0; the Formal Group


Let E be defined by a Weierstrass Eq. {1). Let

x 1 z 1
z=----, w=----, so x = - - , ). . . . . . . (11)
y y w w

The equation for E in the affine (z, w)-plane is

w = 23 + a 1 z Iv + a 2 z z / v -t- a 3 w - + a4_ z w 2 + 06 w 3 t 12)

The point 0 is given by (z, w)=10, 0), and z is a local parameter at 0.


F r o m (12) we get the formal expansion

W = 2 3 -}-a 1 Z4 +((1~ q- r 2 5 @(r + 2 a l el_,+ a3} _6


+(a~+3a~a2+3alaa+a~+a~)z7 + ".. (131

= 2 3 ( 1 + A 1 z + A 2 z 2 + '' "),

where ,4, is a polynomial of weight n in the a, with positive integral


coefficients. F r o m (13) and (11) we get

X=Z-2 --~/1 Z - I _ a 2 _ a3 ... _ (tT.t + a t a3 ) 22 q_ " " ,


(141
y= - - Z -1 X : - - - - - 3 ~-~/1 Z - 2 ~ - ' " ,

as the formal expansion of x and y. Clearly, the coefficients of these


expansions have coefficients in Z [ a l , a2, a3, a4, % ] . The same is true
for the expansion of the invariant differential o):

w=dz(l + a 1 2 " + ( a 2 q - . 2) ,7.2 -1- ((213 + 2 a t a 2 +2a 3) z 3


(15)
+ (a~ + 3 a~ a 2 + 6 al a3 + a 2 + 2a4) z 4 + . . . ) ,
because
~) dx/dz -2-- 3 +...
dz 2y+alx+a 3 -2z-3+ -..

dy/dz - 3 z- 4 +...
=

3x2+2azx+a,,--aly -3z-4+..

has coefficients in Z [89 at . . . . . % ] , but also in Z [~, a t . . . . . a6].


Finally, if P3 =/]1 +Pz and P,=(z,, w,), then we can express z 3 = F ( z , , z2J
as a formal power series in z~ and z 2, with coefficients in Z [al . . . . . %].
The expansion begins

F ( : I , z2)= zl + z2 - al zx zz - a2 (z~ z 2 + zl z~)


(16)
- - 2 a 3(2 3Z 2-~-21Z 3 ) + ( r 2 2 2-1--...
184 J.T Tale

This is the "formal group on one parameter" associated with E,


el. [4J, [7], [16], [59], [79].
For each integer n > 1 we have, formally,
z(n P)=~h,[z(P)), (17)
where the series 4, are defined inductively by
~q(z)=z, ~,+l(z)=F(z,~,.(z)). (18)
For example, we have
O2(z)= 2 z - al z 2 - 2 a 2 z 3 +(al a2 - 7 a 3 ) z++ -.- (19)
and
t/13(z)=3z-3alzZ+(aZ-8az)z3+3(4aia2-13a3)z4+.,.. (20)

In characteristic p >0, for any formal group on one parameter, the


series 4'p is of the form
g%(Z)=qZP"+CaZ2Ph+C3z3Ph+'", with c1+0,

where h is an integer > 1, or ~ (h= co means g%(z)=0). This h is called


the height; it determines the formal group up to isomorphism over an
algebraically closed ground field [261. The formal group of an elliptic
curve E is of height 1 or 2, because the isogeny p: E - + E is of degree p-'
(see below), and ph is the inseparable part of that degree. If the height
is 1, E is said to be ordinary, or to have non-zero Hasse invariant; if the
height is 2, E is said to be supersingular, or to have Hasse invariant O.
Concerning the Hasse invariant, cf. e.g. [13]; also [60], [97]. It can be
defined as the coefficient of zp in Op(z), which is equal (in char. p) to
the coefficient of z p-~ dz in the z-expansion (15) of o)=dz(I +...), and
is determined up to multiplication by an element of (K*)p- 1
Over an algebraically closed field of characteristic p#:0, there is
only a finite number of supersingular curves, up to isomorphism. The
number is roughly p/12; more precisely we have the following "mass-
formula", due to Eichler and Deuring [13]'

y, l _ p-1 (21)
s~i,..... g~l~ [AutE] 24

Here ]AutE[ denotes the number of automorphisms of E over the


algebraically closed field. In conjunction with the results on autE
stated at the end of {}2, this formula is a convenient memory aid, being
equivalent to the following: For p = 2 , 3 the only supersingular invariant
is j = 0 = 1 2 3. For p > 5 , there are [p/12] supersingular values of j
different from 0 or 12 3, and j = 0 (resp. 12 3) is supersingular for p-= 11
The Arithmetic of Elliptic Curves 185

or 5 m o d 1 2 (resp. for p---ll or 7 mod 12)~ It is worth noticing that the


number of these supersingular j's is equal (for p > 3 ) to
1 +genus of the Fo(p) modular curve
and to
dimension of modular forms of weight p + 1 on SL2(Z).
This is more than simple coincidence (see e.g. the last w of Deligne-
Rapoport in [-84]).

w4. Isogenies and/-Adic Homology


An isogeny is a non-zero homomorphism q~: E~ -~E z of elliptic
curves. Its degree, dog,o, can be defined either as the degree of the
corresponding function field extension K[E1)/K(E2), or as the total
intersection multiplicity F~ ..Fo of the graph of ~p with the graph of the
0-homomorphism, on the product Et x E z. More precisely, the separable
part of the field extension degree is equal to the number of points of
intersection and the inseparable part to their multiplicities. An isogeny
~: E l - - > E 2 induces a dual isogeny ~o': E z ~ E ~ in the other direction,
because an elliptic curve, being its own Jacobian, is self dual. If s (sum)
is the canonical map from divisors of degree 0 to points defined by
~s'(Zn,(P~)}=~niP~, then we have q~'(s2(D))=sl(~p*(D) ) for a divisor D
of degree 0 on E z, where (p* denotes "inverse image under (p "'. We have
(~0')' = ~p, 9'o (p = multn, by deg 9 = (potp'
(22)
degq~=degtp', q0'~+,p':=(~Ol+qa2)', (eo~/,)'=~b'otp '.
All these rules are easy consequences of the theory of divisors on the
product E1 x Ez, i.e., of "correspondences". So also is the fundamental
fact that degtp is a quadratic fimction of (p, i.e., if (p,: EL---~E: are
homomorphisms, then d e g ( ~ m, tpl) is a quadratic form in the integral
variables m, (we put dog0=0). In particular, for any integer m > 0 the
multiplication by m in E is m(id)E and is therefore an isogeny of degree rn2.
We denote this isogeny by m~ and its kernel by Em. Granting all this,
there follows
Theorem 1. Let E be an elliptic curve defined over a field K.
a) If K is separably closed and m an integer not divisible by the
characteristic of K, then E(K) is divisible by m, and its subgroup Era(K)
qf elements of order dividing m is" isomorphic to ( Z / m Z ) x l Z / m Z ) , the
product of two cyclic groups of order m.
b) If K is algebraically closed of characteristic p>O, then E(K) is
divisible by p. If E is ordinary, then Ep,[K)~Z/p~Z, but if E is super-
singular, then Ev~ (K) = O.
186 J.T Tare

For example, if K = C , the complex field, then we have EIC)~C/L,


where L=Zcot+Zr is a "period lattice" in C. Hence, for any
integer m > 0.
E , , ( C ) = ( ~ L)/L"- L / m L = ( Z / m Z) | L ~ ( Z / m Z) x (Z/m Z)

is indeed a free module of rank 2 over the ring Z/m Z. Moreover it has
a homological interpretation, as the 1-homology of E with coefficients
modm, because L can be identified with HI(C/L,Z). In view of
Theorem 1, if E is an elliptic curve over any field K and Ks a separable
algebraic closure of K, it is reasonable to view E,,,(Ks) as the 1-dimen-
sional homology of E with coefficients in Z/m Z, which, in fact. it is
in the 6tale cohomology theory of M. Artin and Grothendieck. Taking
m = l", 1 a prime 4: char(K), and passing to the projective limit as n-+ ~,
we get Weil's l-adic space
It- K=C,

T~(E)=IimE~.(Ks) ....bo,~ li%~m(Z/l"Z~ | L = Z , | L,


rt

which is a free module of rank 2 over the ring Z l of /-adic integers, and
plays the role of H1 (E, Zt).
Going back to the case K = C we note that the intersection pairing
of 1-cycles induces an alternating form on L=H1 with values on Z,
making A z L~_ Z. The algebraic analog is WeiFs '" e,,-pairing"

em: Em(Ks}x Em(Ks}-~.ttm{Ks) (23)


with values in m-th roots of unity. Passage to the limit with m = l "
furnishes identifications
A 2, T~(E)-~ T~(p). (24)

An endomorphism qg: E--,E induces an endomorphism qg~ of T~(E)


which can be represented by a 2 x 2 l-adic matrix, once a base for T~ is
chosen, and which has a determinant, trace, and characteristic poly-
nomial independent of that choice. Naturally (p' is adjoint to q9 with
respect to the era-pairings, so we have q9~q/x t z = tt A q)i t2 in the sense
of (24). Replacing t 2 by qgt t 2 and using qg'~0=deg~0 gives qg~tl A qo~t2=
(degqg)(q At2), i.e., detqgt=degqg. Replacing q9 by m-qg, meZ, we get
that deg(m-qg)=f~(m) for all m, where f~(X)=det(X-~o~) is the
characteristic polynomial of @. Hence JI(X)= X2 _ (Tr q0) X + (deg (p)
has coefficients in Z, independent oJ I. Call it f(X). Since deg ( m - n qg)> 0
all m, n we have (Trqg)2-4 degqg<0, or, what is the same, the complex
roots of f ( X ) = O ("eigenvalues of qg") are conjugate, of absolute value
d]/~: if q~r Z, these two roots generate an imaginary quadratic field.
It is customary (although slightly abusive) to identify q9 with one of these
The Arithmetic of Elhptlc Curves 187

roots, hence to speak of ~o as a " n u m b e r " in some quadratic imaginary


field: one then writes T r ~ o = q ~ + ~ and deg~o=~oFp.
Let N~ be the n u m b e r of fixed points of ~0 acting on E(K~). If I -~0 is
separable, then the fixed points have multiplicity 1 and
N~ = deg(1 - ~p)= 1 - T r q0+ deg q0 = (1 - q0)(1 -Up), (25~

a "Lefschetz fixed point f o r m u l a ' .


For a concrete discussion of how to c o m p u t e isogenies on Weierstrass
models, see V61u [78].

w 5. Finite Ground Field


Let k be a finite field of characteristic p with q=p" elements. In
characteristic p the m a p x ~-* x ~ is a field isomorphism, and x = x q r x ~ k.
Hence, if V is an algebraic variety defined by equations j~(x~ . . . . . x , ) = 0
with coefficients in k, the m a p (x~ . . . . . x,) v--,(x q . . . . . xq,) induces a rational
m a p nv/k of V into itself, called the Frobenius endomorphism of V relative
to k, whose fixed point set is just the set V(k) of k-rational points on ~
Let E be an elliptic curve over k. Then 7z= ~zE,k is a purely inseparable
isogeny of degree q of E.
T h e o r e m 2. The order of the group E(k) is
]E(k)l = 1 - T r r t + q . (26)

It differs from 1 + q by at most 2 ]/q.


This theorem, conjectured by E. Artin in his thesis, was proved by
Hasse in the 1930's, and later generalized to curves of higher genus
and abelian varieties by Weil. It is an immediate consequence of the
considerations at the end of the last section. Indeed, :r being purely
inseparable has differential 0, so 1 - 7z has differential the identity and
is separable.
Remark. We m a y identify ~z with an integer of an imaginary quadratic
field (or of Q), with I ~ l = q ~, cf. w Conversely, any such integer is "'the
Frobenius e n d o m o r p h i s m " of an elliptic curve over Fq, determined
up to Fq-isogeny; this follows from Deuring [13] and has been generalized
to abelian varieties by H o n d a and Tate [75], [77].
The zeta function of the curve Elk (cf. e.g. [54]) is:

fe/k q ) (27)
~E/k(S)= (1--q-~)(1 _ql-~)"
where
fz/k(X)=detll - ~ X ) = 1 - ( T r n ) X + q X 2 = ( 1 -TtX)(1 - ~ X ) , (28)
and T h e o r e m 2 implies that its zeros are on the line Rels)= 89
188 J.T Tate

We define fe/k(X) also when E is not an elliptic curve, but a curve of


Weierstrass type (1) with a singularity, S. There are three cases as discussed
at the end of w1. We put

1 - X, if S a node with tangents rational over k


fE/k(X)= ~1 + X , if S a node with tangents quadratic over k (29)
[1, if S a cusp.

Then (27) holds in all cases, E singular or not. So does the relationship

{E,s(k)[ = qf(q-'). (301

w 6. Local Fields
The group E(C) of points on an elliptic curve over the complex field
is a connected compact complex Lie group of complex dimension 1, so
is isomorphic to the product of two circles.
The group E(R) of points on an elliptic curve over the real field is a
compact real Lie group of dimension 1 with one or two components
(according as d < 0 or A >0), and is therefore isomorphic to the circle
group or to its product with a group of order 2.
Suppose now that K is a field complete with respect to a discrete
valuation, v. Let R denote the ring of integers in K. p a prime element
in R, and k = R / p R the residue field. Assume v normalized so that
v (p)= 1. Let E be an elliptic curve over K. There exist Weierstrass Eqs. (1)
for E with coefficients aiER. A m o n g all such, choose one for which v (A)
is minimal. We call such an equation a minim~! Weierstrass equation for E.
Using the Eqs. (7) it is a simple matter to check that any two such minimal
equations are related by a transformation (5) with r, s, t~R and u invertible
in R. This will mean that the following considerations are essentially
independent of our choice of minimal Eq.(l). In particular, the Weier-
strass curve/~ over k got by reducing (1) modulo the prime in R is unique
up to a transformation of the form (5) over k.
A point P in projective n-space over K can be represented by a set of
coordinates (Xo . . . . . x,) such that xi~R all t and xi invertible in R for
some i (i.e., such that 0 = M i n v(xi)), and then on reducing the x~ mod pR
we get a point/5 = (Xo . . . . . ~,) in projective n-space. For n = 2 this "reduc-
tion m a p " P~--~P from P2(K) to Pz(k) obviously carries E(K) to /~(k).
We put
E o (K)= {PeE(K) IPeE.~ (k)}, (31)
E,(K)= {PeE(K) lP = 0 } . (32)

Recall (cf. w1) that/~,~ denotes the non-singular part of/~, and is a group.
The Arithmetic of Elhptic Curves 189

Theorem3. a) The set Eo(K ) is a subgroup oj Jinite index in E(K).


b) The reduction map is a homomorphism of Eo(K) onto [2,,(k) with
kernel E1 (K).
c) The map P--* z(P)= -x(P)/y(P) is an isomorphism between EL(K)
and the group of points on the formal group {16) with coordinate z in the
prime ideal of R.
That Eo(K)is a subgroup and is mapped homomorphically to/~,~(k)
by reduction follows from the fact that reduction carries lines into lines.
The homomorphism is onto by Hensel's lemma, and its kernel is E~IK)
by definition. The finiteness of index in a) depends on the minimality of
the Eq. (1): see the discussion following the "addendum to Theorem 3"
below. Part (c) is clear: a point P = ( x , y) in E(K) is in Ex (K) if and only
ifx and y are not in R, l.e., v(xk v(y)<O. Then (1) shows 3 t,(x)= 2 v(y) and
consequently r(z)>0. Conversely, if L~(z)>0 then formulas (14) define a
point P=(x,y) such that z(P)=z.
Corollary 1. The groLlp E~(K) is uniquely divisible by integers m not
divisible by char(k).
Because such an tn is invertible in R, and hence the series 6~(z)=
m z + - . . (cf. (18)) has an inverse function in R [[z]].
If c h a r ( k ) = p > 0 the Newton polygon of ~bp(Z) gives information
about points of order p" in E~(K); cf. [30], [59]. In particular, if p is
unramified in R, e.g. if R=Zp, then E~(K) is torsion-free unless p = 2
and a~ is odd, in which case its torsion subgroup is of order 2.
We say E has good, or stable, reduction at v, if/~ is an elliptic curve, 1.e.,
if zT+0, i. e., if v (A)= 0. Then j e R and its residue jis the modular invariant
of/~. If/~ is singular with a node we say E has multiplicative, or semistable,
reduction at v. This happens if and only if v(A)>0, but v(c4)=O, and
then j~ R. If/~ has a cusp, then E has additive, or unstable reduction at v,
this occurs if and only if v(A)>0 and v(c4)>0. In this case there is a finite
(ramified) extension K" of K over which E has either good reduction
(ifjE R), or multiplicative reduction (if j~ R).
Let K , , , and K, denote the maximal unramified extension of K
and the separable closure of K, respectively. Thus the residue field of K u n r
(for the unique extension of v) is k~, and we have

Gal (kJk) ~- Gal (Kunr / K ) ~- G ,,/I v ,

where G~=Gal(Ks/K) is the Galois group of K S over K and IL=


Gal(KJKunr) its inertia subgroup. If G~, acts on a set T we say T is un-
ramified at v if I,, acts trivially on it. This being said we can state the
"criterion of Ogg-N6ron-Shafarevitch'"
190 J,T. Tate

Theorem 4. The following conditions are equivalent


(a) E has good reduction at r,
(b) Em(K s) um'amified at v Jot all m not divisible by charlk},
(c) TI(E) is unram!fied at v for some prime l=char(k}.
When these conditions hold, the reduction homomorphism induces an
isomorphism E,, (K~n,)'"/~,, (k~)for all m not divisible by char(k).
For the proof, see [-45] and [56]. Corollaries are, that good reduction
at v is invariant under K-isogeny, and that ~ TI(E) is unramified at v for
one prime I+char(k), it is so jor all such I.
In case of potential good reduction (jsR), I~,acts on TIIE) (for l 4: char(k))
through a finite quotient group, tamely if char (k)4: 2, 3, and the quotient
group and the character of the representation are independent of I
(cf. [56], but note that the functorial argument with Ndron's model made
there can be replaced by Weierstrass equation calculations in the case of
elliptic curves).
In case jeeR many aspects of the situation are made transparent by
the existence of an analytic uniformization covering all of E, not just EI.
Consider the classical formulas
zc, qc

c 4 = 1 + 240 Y' n3 q" A = q II(1 _ q,}2s (33)


.=a l - q " ' n=l

and
1
J-- - + 7 4 4 + 196884q+..-. (34)
A q

These make sense for qEK with 0 < v ( q ) < ~ , (i.e., l > l q l > 0 ) and, in
our non-archimedean field K, the relation (34) gives a bijection between
the set of all such q and the set o f j e K with v(j)<0 (i.e.,jCR). Any such q
generates an infinite cyclic discrete subgroup qZ of the multiplicative
group Gin. In the classical case, C*/q z is an elliptic curve with invariant i
given by (34). The same is true over K!
Theorem 5. For q as above, Gm/qZ=Eq is an elliptic curve over K.
It has a minimum Weierstrass equation with c4, A, and j as above. It is
characterized, up to K-isomorphism by the .fact that it has the given
j-invariant, together with the fact that its reduction is of split multiplicative
type (ie., Eq has a node with tangents rational over K).
I found this theorem in 1959 and would like to apologize for never
having officially published it. The most complete reference for it at
present is [51]. Mumford [38] has found a very non-obvious generaliza-
tion to curves of higher genus. For the generalization to abelian varieties,
see McCabe [88] and Raynaud [96].
The Arithmetic of Elhptlc Curves 191

Theorem 5 gives an isomorphism Eo(K)~_K*/q z under which the


s u b g r o u p (Eq) 0 (K) corresponds to the group of units in R, and (Eq) 1(K)
to the group of units -= 1.
If E is another elliptic curve over K with the same j-invariant as/~q,
then there is a unique separable quadratic extension KE/K such that E
becomes isomorphic to Eq over K~, and then E(K)~_A/q z, where A is
the group of elements in K E whose norm to K is a power ofq. The extension
K j K is unramified if and only ifE has multiplicative reduction, in which
case the residue field extension of Ke/K is generated by the tangents at
the node of/~.
Addendum to Theorem 3. Let E be an elliptic curre over K. If E has
split multiplicative reduction, then E(K)/Eo(K ) is cyclic of order t,(A)=
-v(j). In all other cases E(K)/Eo(K) is of order <_4.
If E has split multiplicative reduction, then E ~ E q for some q, and
the claim follows from the discussion above, because r(A)=t,(q). The
other cases can be checked out laboriously working with Weierstrass
equations (following an algorithm given in a letter to Cassels, see [85]),
but more insight can be gained by considering N&'on's minimal model.
Indeed, the projective two-dimensional scheme over R defined by a
minimal Weierstrass equation may not be regular at the singular point
of its special fiber/7; (ifE is singular). By resolving this possible singularity,
one obtains a regular projective scheme G over R whose special fiber ef
may be any one of the 10 well-known types consisting of several irreducible
components with multiplicities as pictured, e.g., in E21] and [39]. The
non-singular points on the special fiber o~ form an algebraic group ~,s
over k whose connected component i s / ~ , and we have E(K)/Eo(K)~
,~,,~(k)/E,~(k). The addendum above now follows, because, except for
Kodaira's type I m (N6ron's (bin)), which corresponds to our Eq, with
v(q)=m, no other type of special fiber has strictly more than 4 com-
ponents of multiplicity 1.
We can do no more here than mention briefly the duality, in case k
is finite, between the compact profinite group E(K) and the discrete
torsion group H I ( G a l ( K j K ) , E(K3), cf. [733, [933.
We close this section by mentioning the exponent of the conductor of
E at v. This is a certain integer f = f , > 0 which is a measure of the badness
the reduction of E at v and is invariant under isogeny. It is 0 for good
reduction and 1 for multiplicative reduction. For additive reduction we
have f = 2 + 6 where 6 > 0 is a certain "measure of wild ramification"
which can be defined in terms of the action of the inertia group I~. on the
points of finite order, and which is 0 except in case char k = 2 or 3, cf. [45],
[49], and [56]. If n is the total number of irreducible components of the
special fiber of N6ron's model (not counting their multiplicities) over the
192 J.T. Tate

algebraic closure k of k, Ogg has shown, by checking case by case, that


f =v(A)+l-n.
It would be interesting to know what is behind this mysterious equality.

w7. Global Fields; the Group E(Q)


Global fields are finite extensions of the rational field Q or of a field
k(T), k finite. But we shall usually simply illustrate the ideas with the
example K = Q. Let E be an elliptic curve over Q.
Theorem 6. The group E [Q) is finitely generated.
This was proved by Mordell 50 years ago. Soon after, Well, in his
thesis, generalized it to abelian varieties over number fields. N6ron
proved it for abelian varieties over any finitely generated field (cf. [23]
and [24]).
We give only the briefest outline of the proof. A full account, and
further references, can be found in CasseFs survey [9], and also in Mordell's
recent book on Diophantine equations. The first step is to construct a
"height" function. After N6ron [40], it is natural to use the canonical
height. If x=m/n is a rational number in lowest terms, we define hIx)=
logMax(tml, lnIt. One shows then that there is a unique real-valued
function h on E (Q) such that hi2 P ) = 4 hiP), and such that the difference
h(P)-h(xIP)) is bounded as P runs over E(Q), where x is the "x-coordi-
nate" function in any Weierstrass equation for E over Q. Moreover, the
bound is effectively calculable in terms of the coefficients of the equation
(see e.g. Manin-Zarkin [90], where however the elliptic curve is not given
by a Weierstrass equation, but as an intersection of two quadrics in
3-space). The function h is quadratic, in the sense that the function

(P, Q)~r2 89(h (P + Q)- h (P}- h (Q)) (35}

is biadditive on E ( Q ) x E(Q).
Now it is straightforward to show that if, for some integer m > 2 ,
the points Pi represent all cosets of mE(Q) in E(Q), and if h o >h(P,) all i,
then E (Q) is generated by the set of points P such that h (P) < h o . Since that
set is finite for any h o, Theorem 1 will follow if we prove that E(Q)/mE(Q)
is finite; that is the second part of the proof.
To do this, one produces an exact sequence
E(Q)- '~ , E ( Q ) ~ S ~"~-,111,. - . 0 , 136)
in which S ~"~, the Selmer group for m, is finite and effectively computable,
and in which///,, is the set of elements of order dividing m in the Shafare-
The A r i t h m e t i c of Elhptic C u r v e s 193

fitch group 111 of E/Q. This takes care of the finiteness statement, but does
not yet give an effective method of constructing generators. The trouble
is that there is no known method of computing///,,! However, for each
integer n > 1 there is a commutative diagram
E(Q) , S~ - - + / / / , , , >0

Id. fl~ multn bv m n 1


1371
E(Q) ~ ~ S I'~ >///~ - - - - - ~ 0
in which the middle column is effectively computable [in principlej.
Computing it is called making the n-th descent, if I understand the
classical terminology properly, and yields a refinement of t36k namely
E(Q) ~ , E[Q)~ S<"'")-~ m"- ~III,,,-+O, (38)
where S tm'"~ is the image of S (~"j under ft,.
Now the standard procedure for finding generators for E(Q) is,
as Barry Mazur puts it, the following: By day, one makes descents,
computing s(m~=s("'l)=S(m'2'~s(m'3~= "'' By night, one computes
T t c T 2 ~ T 3 = . . . where T, is the subgroup o f S <m)generated by the images
under ~ of the points P = i x . y ) on E for which h ( x ) < n . If, some happy
day or night, one arrives at T, = S ("-~t, then one knows that mS-~///m, = 0
and that the points P=(x+ y) with h ( x ) < n generate E ( Q ) / m E ( Q ) . From
these it is easy to get generators for E(Q), as described above. On the
other hand, if///,, contains an infinitely divisible element, ~ 4=0, such that
for all j there exists ~j e / / / w i t h ~ = ms ~ , then we are doomed to continue
computing through all eternity a.
Being optimistic, we suppose that this does not happen, and in fact
make
Conjecture 1. The ShaJhrevi~ch group IlI is finite.
This is not known to be true for a single elliptic curve. However,
in thousands of special cases one has shown that the 2 or 3 primary
component (///is a torsion group) is finite, as a result of the successful
carrying out of the above procedure for m = 2 or 3. Moreover the con-
jectures of Birch and Swinnerton-Dyer produce an integer which is
naturally, interpreted as the order o f / / / i s e e below).
If///is finite, then its order is a square, for Cassels [8] has constructed
a canonical alternating biadditive map / / / • Q/Z which is non-
degenerate i f / / / i s finite.
While we are on the subject of rational points and constructibility+
let us mention that C.L. Siegel's famous theorem to the effect that on
O r give u p (edit.).
194 J T Tate

any affine model for E there are only finitely many points with i~tegral
coordinates, which was non-constructive for so long, has recently been
made constructive by A. Baker and J. Coates ~3]. They prove
Theorem T. Let F(x,y) be an absolutely irreducible polyncmlial o[
degreee n with integer coefficients having absolute t,alues at most M such
that the curve F(x, y ) = 0 has genus 1. Then all integer solutions F(x, 1')=0
satisfy
Max(Ixt, lyl)<exp exp exp(2M) w"~~ (39)
Incidentally, their method of proof is to reduce to the Welerstrass
equation case, which had been treated earlier by Baker, with a somewhat
better bound. But this problem of integral points involves completely
different concepts from those we are discussing and we mention it only
in passing.
Let E (Q)~o,sdenote the torsion subgroup ofE (Q). In view of Theorem 6,
E(Q)to~~ is finite and
E (Q)'-- Z ~• E{Q)tor,, (40)
where r is a certain integer > 0 called the rank of E over Q. In all known
explicit examples the rank is quite small.
The carve ) , 2 = x 3 + A x 2 + B x has rank > 7 (very probably 7) for
A = - 3 . 5 . 11.13.17.19.23.29.31.37
with B---1 692602, B = 2 8 4 3 7 3 8 or B=2877338.
These curves were recently discovered by C. Pomerance and D. F!.
Penney [95] by computer search. I don't know of any explicit example
of rank >7. However, by spezialisation arguments, N6ron [94] has
shown there must be elliptic curves over Q with rank >11, and I would
guess that there is no bound on the rank. Shafarevitch and i [64] have
shown that the rank can be arbitrarily large if we take as ground field the
field of rational functions in one variable over a finite constant field
instead of the field of rational numbers.
Perhaps one reason that questions about E(Q) are so difficult is that
the adele methods which are so successful with linear algebraic groups
look like a mess in the case of elliptic curves. Since E is a projective
variety, the groups E(R) and E(Qp) are compact. Hence the map

E(Q)-~ E ( R ) x l-I E(Qv)


p

takes E(Q) to a non-closed subgroup of the product (except in case of


rank 0). One good thing about the situation, however, is that the closure
of E(Q) in I~E{Qp)is the biggest profinite group in which E(Q) can be
The A n t h m e h c of Elliptic Curves 195

dense, i.e. the "congruence subgroup p r o b l e m " has an affirmative answer


for E (Serre [52]~.
The torsion subgroup o f E (Q) is effectively computable in the practical
as well as theoretical sense, by well-known means (cf. [9], Thms. 17.2 and
22.1 ). By far the best way to get an upper bound for the amount of torsion
on a specific curve is to reduce mod p for various primes p. For example,
if E is given by a Weierstrass equation with integer coefficients whose
reduction mod p for some prime p gives a non-singular curve /~, then
E(Q),or~ is mapped injectively into/~ (Z/p Z) if p odd, and with a kernel
of order at most 2 if p = 2, for the kernel is in the group of points on a
formal group over Zp by Theorem 3. For example, if the equation for E
is congruent to ),2 _=x 3 _ x - 1 (mod 3) then E (Q) has no torsion, because
that congruence has no solutions.
It is conjectured that, for each number field K of finite degree, the
order of E(K),or~ is bounded as E ranges over all elliptic curves defined
over K. In 1969, Manin [31] proved that, for each prime p, the order of the
p-primary part of E(K)tors is bounded. More recently, Demjanenko has
published proofs of the full conjecture [12], and of an even stronger one
[86]. However, there seem to be gaps in his arguments, and the status
of the conjecture is unclear at the moment; it deserves clarification -~
Over the rational field, it is known that, ifE(Q) has a point of order m,
then either m_<_10, m = 12, or m is divisible by a prime p > 23. Using methods
of Demjanenko, Kubert [87] also proves that m is not divisible by the
square of any prime l > 5 for which Fermat's last theorem is true. An
excellent account of the problem is given by Ogg in [46] and [47], where he
explains the connection with the modular curve Xl(m) which para-
metrizes pairs (E, P) consisting of an elliptic curve E with a point P of
order m. For m_-<10 and m = 12, X 1(m) is a rational curve, so it is tri~ia]
to get plenty of elliptic curves over Q with a point of those orders. For
example, the point P = (0, 0) is of order 7 on the curve
y 2 + ( l + d - d 2) x y +(d 2 - d 3 l y = x 3 + (d 2 - d 3)x 2
for any d, and that curve is elliptic if
A=dT (d - l)7 ( d 3 - S d 2 + 5d + 1)=t=0.

w 8. L-Series
Let E be an elliptic curve over Q, and let (1) be a global minimal
Weierstrass equation for E. (In general, if K is the field of fractions of
a Dedekind ring R. there is for each E over K a certain ideal class in R,
2 A b o u t [12]. Cassels wrote m Math. Reviews (vol. 44, 1972, n ~ 2755). "" .. Unfortunately,
the e x p o s i t i o n is so obscure that the reviewer has ye! to meet s o m e o n e who would vouch
for the validity of the proof, on the o t h e r h a n d he has yet to be shown a m~stake that un-
a m b i g u o u s l y and irretrievably vitiates the a r g u m e n t . " (edit.)
14 Inxentloncs math., Vol.2~
196 J.T. Tate

who's 12th power is 1, which is the obstruction to the existence of a


Weierstrass equation for E with coefficients in R which is simultaneously
minimal for all primes of R. Hence, if R is a principal ideal domain like Z,
or more generally if the class group of R has no 2- or 3-torsion, there
is such a "global minimal equation".) For each prime p the reduction
of (1) (mod p) defines a curve/~ (p) over the prime field F e. Let Ap denote
the number of points of/~(p) rational over Fp. Note that Ap is one more
than (because of the point 0 at infinity} the number of solutions of the
congruence
y2+alxy+a3Y=x3+azxZ+a~x+a 6 ( m o d p).

Put
tp= I+p--Ap. (4l)
If p~/A, then tp is the "trace of Frobenius" and satisfies ]tpi<2l/p.
Ifp[A, then tp= 1, - 1 , or 0, according as/~(p) has a node with rational
tangents, a node with tangents quadratic over Fp, or a cusp.
One associates with E/Q an "L-function"
1 v1- 1
L~(s)= I1
plJ ( I - tpp -~) pl,~l
A 1 - t p p - ~ + p 1-z~"
(42)

This "Euler product" converges for Re s > 3. Expanded out, it is a


Dirichlet series ~ c~ n -s whose p-th coefficient for p prime is Cp=tp.
The conductor, N, of E is defined by
N = 1-[ pSp (43)
pEJ

where fe is the exponent defined at the end of w6. Let


~e(s) = N s/2 (2n)-'F(s) LEIsL (44)
Conjecture 2. The function ~e(s) is holomorphic in the whole s plane
and satisfies a .functional equation
~ ( s } = w ~ E ( 2 - s ), with w = + l .
This is a special case of a vast conjecture about zeta functions
attached to the cohomology of any dimension of any algebraic variety
over any global field (cf. Serre's discussion [573 and Deligne's appendix
to it). For elliptic curves with complex multiplication, over any number
field, the conjecture is true [Weil [81], Deuring [14]) and is proved by
showing L e is a Hecke L-series with Gr6ssencharacter. For certain
modular curves over Q the conjecture is true (Eichler, Shimura [65])
and is proved by showing L e is the Mellin transform of a modular
form. The philosophy of Weil and Langlands seems to be that every
The Anthmel:c of Elliptic Curves 197

zeta function associated with any algebraic variety is some sort of


transform of a modular form on a semisimple or reductive algebraic
group. I don't know anything more definite in general, but in the case
of elliptic curves over Q, Weil [82] has the following precise conjecture,
for which overwhelming evidence has already accumulated.
Conjecture 3. Let E be an ellipHc curve over Q. Let N be its conductor,
and L E = E en n-S its zeta function. Then the Junction f ( t ) = ~ c, e 2.... ,
,['or r in the upper half plane, is a cusp form of weight 2 Jbr the congruence
subgroup Fo(N) of the modular group SL 2 (Z), which is an eigenfunction
fi~r the Hecke operators Tp, p X N , and satisfies f l W = - w f, where
W r = - l i n t and w= +__1 is the sign in the functional equation of con-
jecture 2. Moreover there is a rational map cp: Xo(N~--~ E defined over Q
such that o7 o q~ is a multiple of the differential form represented by f(z) dr
on Xo(N).
Here Xo(N) is the modular curve over Q which, over C, is the
compactification of the quotient of the upper half plane by F0 (NI. (Con-
cerning modular forms see Hecke's collected work, Ogg's Benjamin
notes, Shimura [67], and the Proceedings of the Antwerp Summer
School [84], [85].)
The forms f(z) obtained from elliptic curves of conductor N should
be "new-forms" for Fo(Nk in the sense of Atkin-Lehner [2]. Thus, the
number of such forms which are eigenfunctions for the Hecke operators
with rational eigenvalues should be equal to the number of isogeny
classes of elliptic curves over Q with conductor N. A lot of experimental
evidence points to the truth of this. A computer search for elliptic
curves of small conductor was initiated by Swinnerton-Dyer, and
continued by Birch, Tingley, V61u {cf. [85]); for each N<200, the right
number of isogeny classes was found. Moreover, much theoretical work
has been done (e.g. [44], [61]) to determine the elliptic curves over Q
with given conductor. All of this supports Conjecture 3.
For any given N it is possible, in principle, to check Conjecture 3
for curves of conductor N. The point is that Baker's methods now
make effective (cf. remark in Coates [11]) the theorem of Siegel used
by Shafarevitch [62] to prove
Theorem 8. Let K be an algebraic number field and S a finite set of
places of K. Then, up to isomorphism, there is only a finite number of
elliptic curves over K with good reduction outside S.
Incidentally, the corresponding theorem should be true for abelian
varieties of any dimension, with a fixed polarization degree. If it were
true for dimension 2 and degree 1 then, as Serre remarks, one could
prove the isogeny conjecture stated at the end of w9, by the methods
of [75].
14"
198 J.T. Tate

For formal group considerations related to Conjecture 3, see [7]


and [17].
Shimura ([69], [68]) has recently verified Conjecture3 for the
elliptic curves over Q with complex multiplication.
The part of Conjecture 3 before the word "'moreover" has a
generalization from Q to arbitrary global fields which has been proved
by Deligne in the function field case (cf. [83]).
In view of Conjecture 3, it is natural to study elliptic curves over Q
which do come from modular functions, since presumably all do. Such
curves have an incredibly rich structure whose exploitation may well
lead to progress on the question of rational points; cf. Birch [6],
Martin [33], [89], Mazur [34], [913, and Mazur-Swinnerton-Dyer [92].
Another conjecture for which there is overwhelming evidence is
that of Birch and Swinnerton-Dyer [5], concerning the behavior of
LE(s) at s = 1.
For each prime p[A, let cp=(E(Qv):Eo(Qp) ) where E o is as defined
in (31); in other words, let cp be the number of components of multi-
plicity 1 rational over Fp on the special fiber of Ndron's minimum model
for E at p (cf. end of w6). Also, let co be the differential form (4) associated
with a global minimal model for E (note that it is unique up to sign,
because + 1 are the only units in Z), and put

E(R)

In other words, ~ is either the positive real period of ~o or twice that


period, depending on whether E(R) is connected or has two components.
Conjecture4. a) The order of the zero of LE(s) at s= 1 is equal to the
rank r of the group E(Q).
b) Let P1, P2..... P~ be r independent points in E(Q) and let B = ~ ZP,
be the subgroup of E(Q) which they generate. Then
lim L~(s) det (P,, P/) [ ] %,
s~, ( s - l ) r = ~ [ / / / ] (E(Q):B) 2 ptJ
where [///] is the order of the Shafarevitch group of E over Q, where o~
~nd the cp are as dejined just above, and where ( , ) is the height
pairing (35).
This remarkable conjecture relates the behavior of a function L at
a point where it is not at present known to be defined to the order of
a g r o u p / / / w h i c h is not known to be finite! It has been corroborated
numerically in thousands of cases ([5], [71]), and it fits well with the
modular point of view [6], [34]. Other evidence is reviewed in [9]
and [72]. Recently Razar [50] checked it (rood2) for some infinite
families of curves over Q.
The Arithmetic of Elliptic Curves 199

The generalization to abelian varieties over arbitrary global fields


is discussed in [76]. The situation over functions fields is encouraging.
There, part (a) implies part (bl, up to a power of the characteristic.
Furthermore, Milne [36] has proved both parts in char4=2 for elliptic
curves with constant j#=O, 123. And M. Artin and H. Swinnerton-Dyer
[1] have proved (a) for an elliptic curve defined over a field of rational
functions k(t), k finite, by an E q . ( 1 ) i n which the coefficients a~=ai{t)
are polynomials in t with degree ai < 2 i.
For the super-generalization of part (a), see [74].

w 9. Action of Galois on Points of Finite Order


Let K be a number field, K" an algebraic closure of K and G the
Galois group o f / ~ over K. Let E be an elliptic curve over K. The group
G operates naturally on E(K). If n is an integer >1, let E , = E , ( K )
denote the set of points P~EIK) such that nP=O. As we have seen (w
En is a free (Z/n Z)-module of rank 2, and the action of G on E, is given
by a homomorphism
(0," G --, Aut (E,) ~ G L 2 (Z/n Z).
The group q~,(G) is the Galois group of the extension of K obtained
by adjunction of the coordinates of the points of E,.
The properties of ~o, are well known in case E has complex multi-
plication (cf. [15]), Suppose therefore that E does not have complex
multiplication. Then Serre [55], [59], has proved:
Theorem 9. The index of %(G) in AutIE,)~-GL2(Z/nZ) is bounded
by a constant depending only oll E and K, not on n.
Note the analogy with the theory of cyclotomic extensions. For each
integer n > 1, the group p, of n-th roots of 1 in K" is a free (Z/n Z)-module
of rank 1, and the action of G on it is given by a homomorphism
Z,: G -~ Aut (p,)-~ GL1 (Z/n Z).
The boundedness of the index of z,(G) in Aut(p,) is an immediate
consequence of the fact that )~, is surjective if K = Q ("irreducibility
of the cyclotornic polynomial"). Moreover, the cyclotomic theory is
part of the elliptic theory. Since Weil's e,-pairing (23) gives a G-iso-
morphism ,4 2 E , - it,, we have
det (p,(~)= Z, (or) for ~ G .
Thus the GL2/SL z part of the story is just cyclotomic theory.
Serre's methods are quite effective when j is not an algebraic
integer, for then the v-adic analytic theory for a place l; with v Ij ) < 0
furnishes transvections in q~,(G). For example:
200 J.T Tate

Proposition. Let E be an elliptic curve over Q with discriminant


A = [J p;' and with square free conductor N = l~ P,. Suppose ! is a prime
not dividing one of the e i, or > 5. Then qol(G)=Aut(El)~-GLz (Ft) unless
A p - 0 (mod l) for all p•A. (Ap is the number of points on the reduction
of E mod p.)
Of course G operates on the l-adic modules Tl(E)=lim_mEi, and on
the vector spaces V~(E)=Qt| TdE). If E and E' are K-isogenous,
then Vt(E) and V~(E') are isomorphic G-modules. Is the converse true?
Conjecture 5. Suppose E and E' are elliptic curt'es over K such that
Vt(E) and VI(E') are G-isomorphic for some prime 1 (hence for all 1). Then
E and E' are K-isogenous.
Serre has proved this in case the modular invariant j of E is not an
algebraic integer, using the v-adic analytic theory (cf. [55], ch. IV, w2.3).
It would be very interesting to prove it in general.

w 10. Examples
Here are some examples of curves over Q which illustrate various
points of the general theory we have discussed. WeJl's conjecture
predicts that there is no elliptic curve E over Q with conductor N < 11.
There are three known curves with N = 11 (cf. [78]), all isogenous as
they should be. Two of them are
y2q_ y = X 3 __ X2 (,~ = -- 11, j = --213/11)
and
yZ+y=x3-x2-1Ox-20 ( A = - l l S , j = -212313/115).

They correspond to the modular groups F1(1 l) and Fo (1 l) respectively.


They have rank 0, and the conjecture of Birch and Swinnerton-Dyer
is true for them if the latter has t r i v i a l / / / ( [ 2 7 ] , [72]). Serre's theory
(see prop. above) shows that for primes 145 one has q~t(G)=AutEt.
The prime l = 5 is an exception, because each curve has a rational point
of order 5. But the most striking thing about them is their L-function:
if we define integers c, by

ql-[ll--q")2~(l--qlX")2= %q~,
n=l n=l n=!
then

To prove this is the same as to show that the number of solutions of


the congruence y 2 + y = x 3 - x 2 (modp) is p - c p for every prime p.
Eichler showed this for all p outside an unknown finite exceptional set,
The Arithmetic of Elhptic Cur,~es 201

and it follows from Igusa [19], [-20] that Eichler's exceptional set is
in fact empty (see also Deligne-Rapoport's paper in [84]].
Our next example is the curve
b/3 -1- U3 : W3 "

To get it in minimal Weierstrass form, put

X = -3 .-' 9 [ u-v I
.+,,'
and it becomes
y2--3,=X3-- 7 (N=27, A= - - 3 9, j = 0 ) .
There are only three rational points (i.e., Fermat's last theorem is true
for exponent 3), and there is convincing numerical evidence that the
conjecture of Birch and Swinnerton-Dyer is true for it (cf. [71]). In the
Disquisitiones Gauss proved that the number of rational points on the
curve (modpl is
p+l, if p - - 1 (rood3),

:! /;
2-

7P

-2 /f / I N./~ ~ / 7 1 2 3 x

-p "~2P

-3 -t- ~, P

Fig. 1. The curve y2 + y =X3 --X


202 J.T. Tate

and is
p+l -iv, if p - 1 (mod3L

w h e r e tp is the u n i q u e i n t e g e r - - 1 ( r o o d 3 ) s u c h t h a t 4p=t~+27B 2
for s o m e i n t e g e r B. W e l l i n t e r p r e t e d Gauss" result as m e a n i n g t h a t
LE(s) was a c e r t a i n H e c k e L-series for the field Q ( ] / - 3 ) . T h e c u r v e
has c o m p l e x m u l t i p l i c a t i o n by the t h i r d r o o t s of unity, a n d the p o i n t s
o f finite o r d e r g e n e r a t e a b e l i a n e x t e n s i o n s o v e r t h a t field.
T h e g r o u p of r a t i o n a l p o i n t s o n the c u r v e

yZ+y=x3--X (N=37, A = 3 7 , j = 2 1 2 33/37)

is infinite cyclic, g e n e r a t e d by P = {0, 0). W e h a v e

P=(O,O) 3P=[-1,-1) 5P=( 88 7 P = { - ~ , 5 _,v)8

2 P = (1, 0) 4P=12,-3) 6P=(6, 14) 8 P -- (~,2t _ T~),~

" e t c . " . T h e r e a r e 5 p o i n t s ( m o d 2 ) and 7 I m o d 3 t . T h i s s h o w s t h e r e is


no t o r s i o n , b u t in fact, by S e r r e ' s p r o p o s i t i o n a b o v e , it s h o w s m u c h
m o r e , n a m e l y t h a t ~p~(Gl=Aut(E~) for e v e r y p r i m e I!

References
Most works cited below are post-1960, but no attempt at completeness has been
made even for this recent period. An excellent guide to the earlier literature is the btbliog-
raphy in Cassels' survey article [9]
I. Artin, M., Swinnerton-Dyer, H.P.F.: The Shafarevitch-Tate conjecture for pencils
of elliptic curves on K3 surfaces, lnventJones math. 20, 2~9-266 0973)
2. Atkln, A.O.L., Lehner, J.: Hecke operators on F0tin) Math. Ann. 185, 134- t60 (19701
3. Baker, A., Coates, J.: Integer points on curves of genus 1. Proc. Camb. Phil. Soc 67,
595-602 (1970)
4. Barsottl, I ' Analytical methods for abehan varieties in positive characteristic. Colloque
de Bruxelles, pp. 77-85, 1962
5. Birch, B.J., Swinnerton-Dyer, H.P.F.. Notes on elliptic curves (ill J remne u ange-
wandte Math. 218, 79-108 (1965)
6. Birch, B.J.: Elhptlc curves A progress report. Proceedings of the 1969 Summer institute
on Number Theory held at Stony Broek, New York, A.M.S pp. 396-400 (1971)
7. Cartier, P.: Groupes formels, fonctions automorphes et fonctions zeta des courbes
elliptiques Actes, Congres intern. Math. T. 2, 291-299 1197t0)
8. Cassels, J W S.: Arithmetic on curves of genus 1, IIV). Proof of the Hauptvermutung.
J. reme u. angewandte Math. 211, 95-112 (1962)
9. C assels, J W.S.: Diophantine equations with special reference to elliptic curves Survey
Article. Journ. London Math. Soc. 41, 193-291 (1966)
l0 Cassels, J W.S., Ellison, W J., Pfister, A ' On sums of squares and on eihptic curves
over functions fields. Journ. Number Theory 3, 125-149 (1971)
11. Coates, J.: An effective p-adlc analog of a theorem of Thue IIl. The Diophantine
Equation ),2 = x 3 + k. Acta Arithmetlca XV1,425-435 f1970)
12. Demjanenko, V.A.' On the torsion of elhptlc curves (in Russian). Isv. Acad Nauk
U.S.S.R. 35, 280-307 (19711 (English trans, in Math. of U.S.S R., isv., AMS)
The A m h m e t l c of Elhptic Curves 203

13 Deurmg, M : Die Typen der Mulliphkatorenrmge elliphscher Funktionenk6rper.


Abh, Hamb. 16, 32-47 (1949)
14 Deurmg, M.: Die Zetafunktion ether algebralschen Kurve vom Geschlechte Eins, 1,
Ih Ill, IV Gott. Nach., 1953, 1955, 1956, 1957
15 Deurmg, M.: Die Klassenk6rper der komplexen Multlplikation. Enz. Math Wlss,
12, 23 Stuttgart: Teubner 1958
16 Frohhch, A : Formal groups. Lecture Notes in Mathematics 74. Berlin-Heidelberg-
New York: Springer 1968
17. Honda, T.: Formal groups and zeta functions Osaka J. Math. 5. 199-213 [19681
18 Honda, T.: On the theory of commutative formal groups Journ Math. Soc Japan 22,
213-246 (1970)
19. Igusa, J : On the transformation theory of elliptic functions Amer. J. Math, 81,436-452
(1959)
20. Igusa. J.: Kroneekermn model of fields of ethptic modular functions Amer .l. Math
81,561-577 119591
21 Kodalra, K : On compact analytic surfaces Annals of M a t h Studies 24, 121 135
Princeton Univ. Press 1960
22. Lang, S., Tate, J.: Principal homogeneous spaces over abelian varieties. A m e r J
Math. 80, pp. 659-684 I1958)
23. Lang, S., N6ron, A.: Rational points of abelian varieties over function fields Amer
J. Math. 95-118 (1959)
24 Lang, S : Dlophantme Geometry. New York: Interscience 1962
25. Lang, S.. Elliptic Functions. Reading: Addison-Wesley 1973
26 Lazard, M. Sur les groupes de Lie formels ~ un param~tre. Bull Soc Math. France 83,
251-274 (1955)
27, Llgozat, G.: Fonctions L des courbes modulawes S6minalre Delange-Pisot-Poitou.
Jan. 1970, 10p.
28. Lubm, J., Serre, J.-P, Tate, J.T." Elliptic curves and formal groups A.M.S. Summer
Institute on Algebraic Geometry. Woods Hole, 1964
29. Lubm, J., Tare, J.' Formal m o d u h for one-parameter formal Lie groups. Bull. Soc.
Math. France 94, 49-60 (1966)
30. Lubin, J.: Finite subgroups and lsogenies of one-parameter formal Lie groups Annals
of Math. 85, 296-302 (1967)
31. Manin, V.T.: Uniform bound for the p-torsion of elliptic curves (in Russian). lsv.
Acad. Nauk. U. S. S. R. 33, 459-465 [ 1969t (English translation in M a t h of the U S.S.R.,
lsv,, AMS)
32. Manin, Y.I.: Le groupe de Brauer-Grothendieck en g6om6trle diophantlenne. Actes,
Congres Intern. Math. 1, 401-411 (1970)
33. Martin, Y.h Parabolic points and zeta funchons of modular curves [in Russtan). Isv.
Acad. Nauk., pp. 19-66 [1972)
34. Maznr, B. Courbes elliptlques et symboles modulalres S6m. Bourbaki, No 414 - June
1972, 18 p.
35. Mflne, J S : The Tate-Shafarevitch group of a constant abelmn variety. Inventiones
math. 6, 91-105 [1968)
36. Mllne, J.S.. On the arithmehc of abelian varieties. Inventlones math 17, 177-190 (19721
37. Mumford, D. Abehan Varieties. Oxford Univ. Press 1970
38. Mumford, D.' An analytic construction of degeneratmg curves over complete local
rings, C o m p Math. 24, 129-174 (1972)
39. N6ron, A.: Mod+les minimaux des variet6s abeliennes sur les corps locaux et globaux.
IHES, Publ. Math. pp 361-483 [19641
40. N6ron, A.: Quasl-fonctions et hauteurs sur les vari6t6s abeliennes Annals of Math.
82, 249-331 t1965)
204 J.T. Tate

41. N e u m a n n , O. Zur Reduktion der elllptlschen Kurven. Math. Nach. 46, 285 310 ( 19701
42. Ogai, S V : On rational points on the curve y2=x(x2+ax+b) (Russian) Trudy,
Math. Inst. Steklov 80 (1965). Translated by A. M. S.
43. Ogg, A.P.: Cohomology of abelian varieties over function fields. Annals of Math.
pp. 185-212 (1962)
44 Ogg, A. P.: Abelian curves of small conductor. J. relne und angew. Math. 226, 204-
215 (1967)
45. Ogg, A. P.: Elliptic curves and wild ramification. Amer. J pp. 1-21 (1967)
46. Ogg, A.P.: Rational points of finite order on elliptic curves lsv. Math. 12, 105-111
(1971)
47. Ogg, A. P.: Rational pmnts on certain elhptic modular curves. [A talk given in St Lores
on March 29, 1972, at the A M S Symposium on Analytic N u m b e r Theory and Related
Parts of Analysis)
48. Rajwade, A.R.: Arithmetic on curves with complex multiplication by ] / - 2 Proc.
C a m b Phil. Soc. 64, 659-672 (1968)
49. Raynaud, M.: Caract6nstlque d ' E u l e r - P o i n c a r 6 d'un faisceau et cohomologle des
vari6t6s ab61iennes S6m. Bourbaki, 286, F6vner 1965
50. Razar, M.: The non-vanishing of L(II for certain elliptic curves. Harvard Ph. D Thesis,
June 1971
51. Roquette, P . Analytic theory of elliptic functions over local fields. Hamb. Math.
Einzelschriften Neue Folge, Heft 1, Gbttingen 1970
52 Serre, J-P.: Sur les groupes de congruences des vari6t~s ab611ennes lsv. Akad. Nauk,
Math Series 28, 3-20 (1964)
53. Serre, J-P.: Groupes de Lie l-adlques attach6s aux courbes elliptiques. Coll. lnternat.
du C N R.S., No. 143 a Clermont-Ferrand, Editions du C.N.R.S., Paris 1966
54 Serre, J-P.: Zeta- and L-functions, in Arithmetical Algebraic Geometry. New York:
Harper and Row 1966
55. Serre, J-P.: Abelian l-adic representations and elliptic curves. New York' BenJamin
1968
56 Serre, J-P., Tate, J.: Good reduction of abehan varieties. Annals of Math pp. 492-517
(1968)
57. Serre, J-P.: Facteurs locaux des fonctlons z6ta des vari6tes alg6briques (dSfimtlons et
conjectures), S6mlnalre Delange-Pisot-Poitou, 15 p., Mai 1970
58. Serre, J-P.: p-torsion des courbes elhptiques (d'apr6s Y Manan). Sere. Bourbaki, n ~ 380,
14 p., Mal-Juin 1970
59 Serre, J-P.: Propn6t6s galoisiennes des points d'ordre finl des courbes elliptlques.
inventiones math. 15, 259-331 (1972)
60 Serre, J-P.: Congruences et formes modulalres (d'apr+s H. P. F. Swinnerton-Dyer), S6m.
Bourbakl, No. 416, 20 p., Jura 1972
61. Setzer, C. B.: Elhptlc curves of prime conductor. Harvard Ph D. Thesis, J une 1972
62. Shafarevitch, I.R.. Algebraic number fields Proc. Int Cong. Math., Stockholm 1962,
pp. 163-176 (A M.S. Translation, Ser 2, Vol. 31, pp. 25-39)
63. Shafarevitch, t.R. Principal homogeneous spaces defined over a function-field. Amer.
Math. Soc. Transl. 37, 85-I 14 (1964)
64. Shafarevitch, I. R., Tare, J T.: The rank of elliptic curves. Dokl. Akad Nauk. USSR
175 (1967h pp. 770-773 (in Russian). (A.M S. Translations Vol. 8, 917-920 (19671)
65. Shlmura, G.: On the zeta functions ot the algebraic curves umformized by certain
automorphlc functmns Jour Math. Soc. Japan 13, 275-331 (1961)
66. Shimura, G.: A reciprocity law in non-solvable extensions. J. reine and angew. Math
221,209-220 (1966)
67. Shimura, G.: Introduction to the Arithmetic Theory of Automorphic Functmns.
Publ Math. Soc. Japan 11, lwanoml Shoten Publishers, and Princeton U m v Press,
267 p.(1971)
The Arithmetic of Elliptic Curves 205

68. Shimura, G.. On the zeta-function of an abehan variety with complex multiphcatlon
A n n Math 94, 504-533 (1971)
69. Shimura, G.: On elliptic curves with complex multiplication as factors of the jacoblans
of modular function fields. Nagoya Math. J. 43, 199-208 (1971J
70. Shioda, T. On rational points of the generic elliptic curve with level N structure over
the field of modular functions of level N (to appear)
71. Stephens, N. M ' The diophantine equation x J+ yJ= DZ 3 and the conjectures of Birch
and Swinnerton-Dyer J. Reine Angew Math. 231, 121-162 (1968)
72. Swinnerton-Dyer, H . P . F . The conjectures of Birch and Swinnerton-Dyer, and of
Tata. Proc. of a conference on local fields, pp 132-157. Berlin-Heidelberg-New York:
Springer 1967
73 Tate, J.:W.C. groups over P-adic fields S6mmalre Bourbakl, No. 156, 13 p., D~c. 1957
74 Tate, J." Algebraic cycles and poles of zeta functions. Arithmetical Algebraic Geometry
New York: Harper and Row 1966
75. Tate, J.: Endomorphisms of abehan varieties over finite fields. Inventiones math. 2,
134-144 (1966)
76 Tate, J.: On the conjecture of Birch and Swinnerton-Dyer and a geometric analog.
S+m. Bourbaki, No. 306, 26 p., F6v. 1966
77. Tate, J.: Classes d'isog6nie des vari6t6s ab61iennes sur un corps tim (d'apr6s T. Honda)
S6m Bourbakl, No. 352, 16 p., Nov. 1968
78. V61u, J.: Courbes elliptiques sur Q ayant bonne r6duction en dehors de (11 ). C. R Acad.
So. Paris, pp 73-75 (1971)
79. V61u, J.' Isog6nies entre courbes ellipttques. C. R. Acad. Sc Paris, pp 238-241 (1971)
80. Waterhouse, W.C., Milne, J.S.: Abelian varieties over fimte fields. A.M.S. S u m m e r
Institute on N u m b e r Theory, Stony Brook, 1969, Proc of Symposta m pure mathe-
matics, Vol. XX, AMS, 1971
81 Well, A.' Jacobi sums as ,,Grossencharaktere". Trans. Amer. Math. Soc. 75, 487-495
(1952)
82. Well, A.: Ober die Bestimmung Dirichletscher Relhen durch Funktionalglelchungen.
Math. Annalen 168, 149-156 (1967)
83. Well, A.: D~richlet Series and Automorphic Forms Lecture Notes in Mathematics 189.
Berhn-Heldelberg-New York. Springer 1971

Additional Bibliographv
84 Modular Functions of One Variable Vol. II. Lecture Notes in Mathematics 349.
Berlin-Heidelberg-New York: Springer 1973
85. Modular Functions of One Variable Vol. IV. Lecture Notes m Math. Berlin-
Heidelberg-New York: Springer 1974
86. Demjanenko, V.A. On the uniform boundedness of the torsion of elliptic curves over
algebraic number fields (in Russian). Izv. Akad. Nauk SSSR 36 (1972)
87. Kubert, D.: Universal bounds on the torsion and isogenies of elhptlc curves Harvard
P h . D . thesis, May 1973
88. McCabe, John. p-ad~c theta functions. Harvard P h . D . thesis, pt~. 1-222 (1968)
89. M a m n , Y.l : Cyclotomic fields and modular curves (in Russian). Usp Mat. Nauk 26,
7-71 (1971)
90. Manin, Y . l , Zarkin, Y G.: Heights on families of abehan varieties (in Russmn). Mat.
Sbornik 89, 171-181 (1972)
9l. Mazur, B.: Rational points of abehan varieties with values in towers of number fields.
Inventiones math. 18, 183-266 (1972)
92. Mazur, B, Swinnerton-Dyer, H.P.F.: Arithmetic of Weil curves. To appear m ln-
ventiones math.
93. Milne, J.: Weil-Chfitelet groups over local fields. A n n Sci. ENS, 3, 273-284 (1970);
Addendum, 1bid. 5, 261-264 (1972)
206 J.T. Tale

94. N6ron, A.: Propri&& arithmetiques de cerlaines families de courbes alg6brlques.


Proc. Int, Congress Amsterdam, IIL 481-488 (1954)
95. Penney, D.E., Pomerance, C.' A search for elliptic curves with large rank. In prepara-
tion
96. Raynaud, Michel' Vari6t~s ab+liennes et g6om&rie nglde. Proc Int. Congress Nice,
I, 473-477 {1970)
97. Robert, A.: EIlipuc curves. Lecture Notes m Mathematics 326. Berlin-Heidelberg-
New York Springer 1973
John T Tate
Harvard University
Department of Mathematics
1 Oxford Street
Cambridge, MA 02138, USA

(Received October 30, 1973 )

You might also like