AMS Contributed Paper Sessions: Combinatorics and Graph Theory, I
Y. Kim, Cycle-saturated graphs with minimum number of edges.
D. Pragel, Algebraic and Graph-Theoretic Properties of the Box Product of Two Paths.
A. Barghi, Firefighting on Random Geometric Graphs.
J. Ellis-Monaghan, Ribbon Graphs and Twisted Duality.
J. Fierson, Some graph theoretical results for the task mapping problem for parallel computers.
S. Raval, Complex Contagions on Graph Dynamical Systems.

Although I’m officially a number theorist (honest, it says so right there in the sidebar!) much of my thesis topic and subsequent work has been more concerned with graphs, and there was plenty of interest on offer here.

From a research perspective the box product construction particularly caught my attention: in the presented work, products of paths were considered, which yield grids that can be sliced vertically into copies of one factor, and horizontally into the other. This carries over into some nice structural properties of the adjacency matrix, and they were able to come up with a particularly neat characterisation of its determinant based on the length of the paths. The obvious next step would be to try something more complicated than paths, and I wonder if some candidates from my own studies of cyclotomic graphs might be suitable.

On the other hand, the firefighting problem is something I’d have no idea how to solve, but it seems like I could make an undergrad project out of it – or a web game! Given a graph, some vertices are specified as being on fire. Each round, firefighters may be placed at any vertices that aren’t on fire, then the fire spreads to any neighbouring vertices that haven’t been protected in this way. On an infinite graph, the question is whether such a fire can be contained or could burn indefinitely.

AMS Colloquium Lectures
A. Lubotzky, Expander graphs in pure and applied mathematics, I.

More in the graph-theory line: unfortunately I was only able to attend this, the first of a series of three talks by Alex Lubotzky on the subject, but at least I now know what expander graphs are and why I might care! The original motivation was practical: in designing a communications network (be it mobile phones or multicore processors) you want short routes between nodes for speed and reliability, but as few connections between nodes as possible to minimise cost. Expander graphs are those which (remarkably) manage to balance these opposing properties, but they also find application in a surprising range of abstract mathematical topics.

MAA Contributed Paper Sessions: Cryptology for Undergraduates
D. Cabarcas, Algebraic Cryptanalysis as a tool for teaching Cryptology.
D. Spickler, Cryptography Tools: A Teaching Tool for the Investigation of Classical Cryptography and Cryptanalysis. (Cryptography Tools)
C. Beaver, Group Signature Schemes: How to share a secret without telling it.
A. Li, Cryptography, a Great Topic for Undergraduate Mathematics Courses.
T. Feil, A Cryptology Course for the Non-Mathematician.
R. Talbert, A Brief Fly-Through of Cryptology for First-Semester Students using Active Learning and Common Technology.
R. Beezer, A first-year seminar in cryptology. (slides).
S. Boersma, Student Codebooks: An in-depth writing assignment.
K. Smith, Codes in History, the Arts, and Literature.
K. Meyer, Making Cryptography Come Alive.
M. May, Using Cryptography to Show Students that Math is Everywhere.

This session was one of my reasons for making the long trip, and was definitely worth it. Based on the enthuiasm of the speakers, the feedback they’ve received from their students, and the sheer number of people who turned up for this session, I think it’s safe to say that cryptography is definitely worth offering in the undergraduate syllabus. The American undergraduate experience is rather different to the English one I had, or the Scottish one I tutored for, and in particular there’s a need for mathematics courses for non-mathematics students. Several speakers were able to provide a cryptology course for such an audience, as the mathematical prerequisites can be made fairly modest and supplemented by the history of the subject, or its relevance today to topics like privacy and security online. One even managed to assess it through written projects, despite the protests of the more mathematically inclined students! The consensus seems to be that if you’re going to teach such a course, your starting point should be Cryptography by Trappe and Washington, and -despite my love of the discrete log problem – it’s probably best to stick to symmetric crypto and a bit of RSA. Various speakers had developed software to remove some of the computational grind (such as crypto tools, linked above), but the coolest contribution was probably instructions (PDF) on how to make an Enigma machine out of a pringles can!

AMS-SIAM Special Session on Mathematics of Computation: Algebra and Number Theory, I & II
M. O’Sullivan, The sum-product algorithm for binary codes having check nodes of degree two.
D. Harm, Complexity of the Graph Isomorphism Problem.
N. Boston, Combining Group Theory and Number Theory Computations.
M. Jacobson, Class Group and Regulator Computation in Quadratic Fields.
A. Sutherland, Genus 1 point counting in quadratic space and essentially quartic time.
A. Silverberg, Finding the rational points on a certain genus 12 curve.
R. Scheidler, Efficient Divisor Reduction on Hyperelliptic Curves.
D. Moulton, Finding small sets whose subset sums include a given set.
J. Silverman, Lehmer’s Conjecture and points on elliptic curves that are congruent to torsion points.
C. Smyth, Minimal polynomials of algebraic numbers with rational parameters.
K. Hare, Pisot and Salem polynomials dividing Newman polynomials.

This session was the other reason for my attendance – Mahler measure is quite a niche topic, so with two talks on the agenda here I felt I should turn up, but they weren’t the only draw. If you dig deep enough in this blog, you’ll find that I spent the start of my PhD thinking about point counting problems and hyperelliptic curve arithmetic, which both featured here. A particular highlight was Andrew Sutherland’s talk, which presented improvements to SEA which have led to a substantially larger record for point counting on elliptic curves.

MAA Session on New and Continuing Connections between Math and the Arts, I

Fractal Tree No. 3 by R. Fathauer

`Mathematical Art’ usually conjures up images of fractals, but there’s a lot more to it than that and several themes emerged from this session and the attached exhibition.

The Alhambra in Spain gets another bump up my list of potential mathematical tourism sites: although it seems that debate continues over whether all seventeen wallpaper tilings can be found there, it seems to have the best (and best known) collection. But other talks mentioned their appearance in everything from Tibetan sand mandalas to Norwegian rosemaling. I discovered that there’s such a thing as ethnomathematics, which aims to go beyond cataloguing such connections between mathematics and culture and attempt to explain them.

Also finding its way to the travel list is the Museum of Mathematics, although I’ll have to wait a bit as it doesn’t exist yet… hopefully it’ll open in 2012. Rather than focus on dry historical exhibits, their vision is for installation pieces like a race circuit for square-wheel tricycles, large geometric sculptures, and interactive digital art. The target audience might be schoolkids, but I suspect I’d walk around with a big smile on my face too!

Another exciting project I was oblivious to is the Bridges series of conferences on connections between maths and art: these combine invited talks and papers (with peer-reviewed proceedings) with hands-on activities, an art exhibition, film screenings, all in a location chosen to inspire! The next one is at the University of Coimbra, Portugal, in July.

AMS Special Session on Self-Organization in Human, Biological, and Artificial Systems, II
R. Niemeyer, Graphs, Dynamical Systems, Fractals: A Heuristic Framework for Modeling the Structure and Dynamics of Complex Interactions Across Multiple levels of Analysis.
L. Smith, An Agent-Based Approach to Modeling Gang Rivalries.

Although it’s a long way from my research activities, emergent systems is one of the topics that first steered me towards mathematics and computer science. So with a spare hour to fill, I decided to indulge an old interest by sampling a couple of talks from this session. Laura Smith’s was particularly intriguing: based partly on geographic constraints, her team of mathematicians and criminologists was able to build a model of the (violent) interactions of LA’s numerous gangs. The hope is that such a model would be accurate enough to predict where best to focus police efforts to reduce conflict, although because I’ve been watching too much Castle lately I found myself dreaming up scenarios of mathematically-savvy gang bosses using optimization theory to maximise their territory instead…

MAA Invited Addresses
M. Matchett Wood, Binary quadratic forms: From Gauss to algebraic geometry
R. Bell, Lessons from the Netflix Prize

Melanie Matchett Wood’s talk was in the rare category of those from which I felt I’d gained some insight into abstract algebra. Whilst modern terminology is probably the best working language, I think there’s a lot to be said for tracing the historical roots of a topic, rather than simply overwriting it with what can be opaque notation. Gauss may have essentially being doing group theory, but he didn’t know that, and the motivation and inspiration is perhaps easier to understand without that abstraction.

The Netflix prize offered US$1million for a 10% improvement to their film recommendation algorithm. That might seem a lot easier than other million dollar prize problems, compared to the ferociously difficult millenium problems, for instance. But it also meant a lot more viable competition, especially as when Robert Bell’s team hit the required 10%, they didn’t simply win but triggered a 30 day endgame which saw alliances form and the leadership change hands repeatedly: in the end, “BellKor’s Pragmatic Chaos” triumphed by just a fraction of a percent and a twenty minute earlier submission time than their closest rivals. His talk captured this drama, entertained with some of the sub-problems encountered (Why is it so hard to tell who’ll like Napoleon Dynamite? What happens if a user gets a girlfriend? and just who has the time to rate 99% of the netflix database?), and also described plenty of the mathematics behind their algorithm. There’s a documentary film in there somewhere…

AMS-MAA-SIAM Gerald and Judith Porter Public Lecture and Special Film Presentation
R. Lang, From flapping birds to space telescopes: The mathematics of origami.
Film: Between the Folds.

…which leads me neatly to the final events. Robert Lang seems to have been central to the revolution in Origami caused by the mathematisation of the discipline. The ability to algorithmically create folding patterns of stick-figure skeletons has pushed forward the level of detail that can be achieved with a single sheet; but as with other media, the possibility of greater realism has led also to a reaction in the form of abstract works, from mathematically-inspired patterns to ‘single crease’ sculptures. But it’s not just about art: origami folding lends itself to the design of airbags and heart stents, or to the problem of getting large structures into space.

All of which appears in the film Between the Folds, that I’m going to recommend regardless of the contents of your netflix queue. Here’s the trailer:

So all in all I had an excellent time at the JMM; I’m certainly planning to attend the next one, which it seems will be held in Boston even earlier in January. Hopefully I’ll be able to give a talk too- the question is, in which session?

Both the report itself and the OHP slides version are available (pdf). Content covered: hyperelliptic curves, points, divisors, mumford polynomials and the Picard group/Jacobian; the discrete logarithm problem; explicit group law computation; characteristic polynomial of Frobenius and Weil theorems/interval; group-theoretic approaches; Schoof’s algorithm, SEA in genus 1, genus 2 hybrid algorithms.

The plaque marking the discovery of the quarternions, Dublin.

I’ve spent the last three days in Dublin, and whilst there I couldn’t resist taking a rare opportunity for mathematical tourism. Hamilton figured out the structure of the quarternions in “a flash of genius” during a morning walk along Dublin’s royal canal, carving them into the nearby Brougham bridge. Whilst the carving does not survive, there is a plaque at the spot to mark this discovery, and it was that I set off to see.

Getting there doesn’t seem too difficult, though: I got the 120 bus from Parnell Street (conveniently close to my hotel on Parnell Square) to Broombridge road. This is the opposite of advice found elsewhere online, but the suggested 20 route doesn’t seem to exist any more. If you have a map, it’s easy enough to follow the bus route, but as I didn’t I just asked the driver to give me a shout when we got there. Brougham is pronounced broom, so all you need to do is to find where Broombridge road crosses the canal and (it turns out) railway tracks: presumably taking the western suburban line would be an even easier way to get there, as the platform is next to the bridge. Of course, I went the wrong way along Broombridge road, which is easily detected by reaching the end without finding a bridge!

It’s been described as “the least visited tourist attraction in Dublin”, partly because the area isn’t particularly appealing today but presumably because there aren’t that many mathematical tourists!

It does seem a shame that the site – and Hamilton – are so overlooked compared to the attention that, say, local authors or artists get. But it’s better than nothing, as mathematical tourist attractions are few and far between, especially outside of universities. The bridges of Konigsberg are often suggested; I’d also be fascinated to tour Japan in search of sangaku. If you have other ideas, why not mention them in the comments?

Background: The Zeta function

Recall that the zeta function of a curve encodes information about the number of points over an infinite family of fields. For a curve C over the field F_q This is defined as

Thus, we can recover the cardinality over F_q^r by differentiating r times with respect to T, evaluating for T=0 and dividing through by (r-1)!. This is all well and good, provided that computing the zeta function is less work than simply testing points in the field directly. For this, we need a couple of results:

Weil Conjectures for curve C over F_q
We have

such that

with the α_i algebraic integers such that |α_i|=q^1/2.

For such α_i we then have

For F_q to be a field, q=p^r for some prime p. Thus we need only compute the zeta function over F_p to be able to retrieve #C(F_q) or indeed any higher #C(F_q^r). The question is, therefore, whether computing the zeta function for F_p is any easier than the naive point search. With Weil’s result, we can see that knowledge of #C(F_p),…,#C(F_p^2g) would, via some Taylor series trickery, be enough to determine P(T) and hence Z(T). If q is a high power of p, or we are interested in high powers of q, then this is already progress. But if q was itself a (potentially very large) prime, this approach would be useless for finding #C(F_q) since it would require knowledge of #C(F_q) (!) and at least #C(F_q²) too! Fortunately SAGE does not complain about searching over prime fields- there are a couple of algorithms – so we can restrict our attention to the original problem, that of composite q.

Elliptic Curves

Let us consider then the problem of finding #E(F_q^r) where q=p^s for a prime p with rs≥2 and E an Elliptic curve with coefficients from F_p. Then by the above we need only find #E(F_p) and #E(F_p²), which by brute force is rarely more work than finding #E(F_q^r)=#E(F_p^rs). But, since the genus is 1 the various results allow us to cut down our workload still further:

Weil Conjectures for Elliptic curve E over F_p

We have

such that

with the α_i algebraic integers such that |α_i|=p^1/2.

For such α_i we then have

It follows that α₁, α₂ are conjugates, so over F_p we have

and

So,

meaning that the zeta function can be constructed from just #E(F_p) as it is simply:

This then allows us to recover #E(F_q^r)=#E(F_p^rs) as desired, by repeated differentiation to recover the rs‘th coefficient.

Comparison

For an elliptic curve over a finite field, using SAGE to calculate the cardinality over a field of p^r elements by the “very, very stupid” algorithm rapidly gets impractical. For instance, for a given elliptic curve y²=x³+Ax+b with A,B from F₅ determining the cardinality takes about 0.04s over F₅; about a second over F₂₅, around 3.7s for F₁₂₅ and a tedious 19s over F₆₂₅. Implementing the approach above, asking for the cardinality of three such curves over F₆₂₅ is rapid enough in Maple to not register on its timer. This is despite my program lazily using brute force for the #E(F₅) calculations! (The same machine, with a 2.6ghz celeron processor, was used for each run; with Maple on Windows XP and SAGE in Xubuntu Linux; SAGE timings were for CPU rather than wall time.)

Smarter Still

In fact, if we only wish to determine a single #E(F_q^r) we can sidestep the construction of the zeta function by working with the α_p, since

Thus if α_p=a+bi then

and

So

will suffice, and again this requires only knowledge of #E(F_p).

Maple Source

The file ellCount contains Maple procedures for finding the cardinality of elliptic curves over finite fields (with coefficients from the prime subfield). Simply put, CountPoints(F,q) will find the number of points over the field of q elements for an Elliptic curve F=0. For instance, CountPoints(y^2-x^3-x-2,625) gives the cardinality of E: y²=x³+x+2 over F_5⁴ (should be 640). The route taken is to find points over F₅, determine α then directly calculate from the formula in the previous section. You can retrieve the zeta function with ellZeta(F,q), or ellZetap(F,p), if you know that q is prime (which saves Maple trying to determine the prime factor). Thus the number of points over F_q^r can be retrieved with getZetaCoeffr(Z,r) which performs the appropriate differentiation and scaling; this is useful to avoid having to calculate the number of solutions over the prime field, or indeed determine the prime, every time. ZetaCountPoints(F,q) behaves as CountPoints except it follows this alternative route.

A call to totalTrace(d,t) will scurry off and determine all degree d polynomials of trace t, provided neither your chosen trace or degree are too high (data tables only exist up to a certain point, and I wasn’t patient enough to implement much of what is known, either!). If you’re confident that the trace is sufficiently small to guarantee a building block from the set of exceptional polynomials S, you can use the fractionally faster totalTraceS(d,t) instead- it’ll tell you if you’re wrong!

Calling smallDefectPol(g) will, for a genus g, display the possible polynomials Q (whose roots are the β_i) corresponding to small defect curves (where small means at most 0.780022g, using the exceptional set S). You can get the types (of the form used e.g. by Serre) instead by calling smallDefectTypes(g).

Some defects that don’t meet the bound for small can nonetheless be computed with totalTrace(d,t), use its output as the argument for zetaTypes(X) to recover their corresponding types. This will become more useful if I add additional cases from the data tables.

Mazur’s Theorem

Let E/Q be an elliptic curve. Then the torsion subgroup E_tors(Q) is one of the following fifteen groups:

Z/nZ for 1≤n≤10 or n=12;

Z/2Z X Z/2nZ 1≤n≤4.

Further, each of these groups does occur as an E_tors(Q).

This result is particularly handy as it allows for an experimental approach to be taken, gathering enough computational evidence to determine which form the torsion subgroup takes; knowledge of the order of points being especially useful. For instance, the presence of an order 7 element instantly shows that E_tors(Q) is Z/7Z. Better still, there are results which aid in finding such points:

Nagell-Lutz Theorem

Let E/Q be an elliptic curve of the form

(that is, with the usual labelling of coefficients, a_1=a_3=0) with a,b,c integers. If P an element of E(Q) has finite order then x(P), y(P) are also integers.

Further, For such a point either y(P)=0 or y(P) divides

Hence for such curves it is sufficient to look for integer points; and only finitely many such points are suitable candidates for being torsion points.

Good and Bad Reduction

What of Elliptic curves not in the above form? It is possible to bound the number of torsion elements (and generate candidates) by working over finite fields (which I’ve coincidentally considered before). Save for finitely many primes of bad reduction – those which divide the discriminant of the elliptic curve – it transpires that the torsion subgroup maps injectively to E(F_p). For small primes, this is readily found without anything more sophisticated than brute force. Testing a number of primes can give an upper bound whilst naive searches for integer points can provide a lower bound: appealing again to Mazur’s theorem then usually settles the question.

Procedures

I’ve bundled together various Maple procedures based on these ideas as torsion_tools.mpl; they require gla.mpl. Various number theory subprocedures are included to make it all work (the numtheory package is invoked as well), but the following procedures should be the only ones you’re likely to need to work with directly.

ellorder(point)

gla.mpl comes with a procedure, modgetorder for calculating the order of a point when working modulo a prime; ellorder should now always be used instead. When working on gla, I’d been aware of the possibility of torsion points in non-finite fields, but didn’t know of any good way to ensure that a point was genuinely of infinite rather than very large order. However, due to the Nagell-Lutz result this is now easy: if any multiple of the point is non-integral, it cannot be a torsion point (since the multiple of a torsion point is a torsion point, and they have integral co-ordinates). Better still, Mazur’s theorem ensures that the maximum order of a torsion point is 12, so simply testing multiples will be fast. Thus ellorder performs repeated addition until either the group identity or a non-integral point is found, and (along with a test for the group identity as input) is therefore suitable regardless of whether you are working in a finite field. I’m keeping modgetorder around so that my earlier examples still work, hence ellorder lazily calls that when workModM is true.

torsion()

If workModM is set to true, then this simply tests all possible (x,y) pairs for membership of the curve. Any that are found are returned along with their order.

If a_1 and a_3 are both zero, then the Nagell-Lutz result holds and the algorithm given in Cremona’s book is implemented, with each point with positive y co-ordinate given, along with its order. From this it is usually obvious (by Mazur’s theorem) which group they come from; playing around with ncopies usually confirms this, or can be employed to give an explicit list of all points and the relationship between them.

Otherwise, alternative methods using reduction need to be employed, the use of which is described below.

testRange(x1,x2,y1,y2)

This provides a brute-force test of points (x,y) such that x1≤x≤x2 and y1≤y≤y2 for membership of the curve, paying attention to workModM. Whenever a point is found, it is displayed along with its order.

The variant testRangeQuiet takes the same arguments and performs a similar task, but instead returns a count of the number of points found and suppresses the points themselves. This is useful for comparing the upper bounds of several good reductions, which is precisely what the next procedure does.

boundTorsion(n)

This is actually just a wrapper for boundForOrder, feeding it the primes of bad reduction; n primes of good reduction are then used to place upper bounds on the size of the torsion subgroup; the least upper bound is found and displayed, along with the points found when working modulo that prime, which may give assist in identifying genuine torsion points.

I’m unsure as to whether 2 should always be rejected as a prime of bad reduction; if you wish to exclude it, call boundTorsion2 instead.

Examples

Exercise 8.12 of Silverman’s Arithmetic of Elliptic Curves supposedly gives examples of each possible type of torsion group; we can attempt to verify these using torsion_tools. (Start a maple worksheet and enter read "torsion_tools.mpl" to load them; this requires that both torsion_tools.mpl and gla.mpl be somewhere Maple can find them, typically your home directory.)

a) y²=x³-2

>a_1:=0;a_3:=0;a_2:=0;a_4:=0;a_6:=-2;
torsion();

Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

Nagell-Lutz theorem applies, but no points other than the identity are found. Thus we have Z/1Z i.e., the trivial group {0}.

b) y²=x³+8

>a_1:=0;a_3:=0;a_2:=0;a_4:=0;a_6:=8;
torsion();

Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

-2, 0, 2

We have one other point, of order 2; so the torsion subgroup is Z/2Z, consisting of the identity and (-2,0).

c) y²=x³+4

>a_1:=0;a_3:=0;a_2:=0;a_4:=0;a_6:=4;
torsion();

Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

0, 2, 3

We have a point (0,2) of order 3; so the torsion subgroup is clearly Z/3Z. We can explicity find all the elements of the group:

>> ncopies(1,0,2);

0, 2

> ncopies(2,0,2);

0, -2

> ncopies(3,0,2);

zero

So they are the identity, P=(0,2) and 2P=(0,-2).

d) y²=x³+4x

>a_1:=0;a_3:=0;a_2:=0;a_4:=4;a_6:=0;
torsion();

Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

0, 0, 2

2, 4, 4

Now things get slightly more interesting. We have an element P=(2,4) of order 4, so we have a subgroup of size 4 consisting of the multiples of P. Does this include the other point found, (0,0)?

> ncopies(1,2,4);

2, 4

> ncopies(2,2,4);

0, 0

> ncopies(3,2,4);

2, -4

> ncopies(4,2,4);

zero

Since it does, we can safely conclude that the torsion subgroup is Z/4Z.

e) y²-y=x³-x²

>a_1:=0;a_3:=-1;a_2:=-1;a_4:=0;a_6:=0;
torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {11}

To test l such primes call boundTorsion(l)

We are no longer in the convenient situation of being able to apply the Nagell-Lutz result. Thus we try to place a bound on the torsion:

> boundTorsion(10);

At most 5 points, example: working mod 5, brute force search for points on curve with order yields

0, 0, 5

0, 1, 5

1, 0, 5

1, 1, 5

4 points, plus point at infinity for a total of 5 points.

The torsion group can have no more than five elements, but it may of course have less. If, however, we can verify the existence of a point of order 5 (not working modulo a prime) then we are clearly done (note that after its calculations for various moduli, boundTorsion resets workModM to false.

> ncopies(5,0,0);
zero

So, as suspected, the group is Z/5Z with (0,0) a generator.

f) y²=x³+1

>a_1:=0;a_3:=0;a_2:=0;a_4:=0;a_6:=1;
torsion();
Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

-1, 0, 2

0, 1, 3

2, 3, 6

Another easy one; using ncopies it is readily verified that P=(2,3) is a generator for the other elements found, so the group is Z/6Z.

g) y²+y=x³-x+137

This one seems to be broken, given the structure of the exercise it should yield Z/7Z. However:

>a_1:=0;a_3:=1;a_2:=0;a_4:=-1;a_6:=167;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {11, 659, 1667}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 1 points, example: working mod 2, brute force search for points on curve with order yields

0 points, plus point at infinity for a total of 1 points.

Or, excluding the prime 2,

> boundTorsion(2);
At most 4 points, example: working mod 3, brute force search for points on curve with order yields

0, 1, 2

1, 1, 2

2, 1, 2

3 points, plus point at infinity for a total of 4 points.

So in neither case can there be an element of order 7.

h) y² + 7xy =x³+16x

>a_1:=7;a_3:=0;a_2:=0;a_4:=16;a_6:=0;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3, 17}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 8 points, example: working mod 7, brute force search for points on curve with order yields

0, 0, 2

4, 3, 4

4, 4, 4

5, 3, 8

5, 4, 8

6, 2, 8

6, 5, 8

7 points, plus point at infinity for a total of 8 points.

By Mazur’s Theorem, a torsion group with 8 elements (assuming there is no better bound) could be Z/8Z, or Z/2Z X Z/4Z. Thus we need to test for the existence of an order 8 element; the points found above being possibilities. However, ncopies confirms they are not suitable, so we try a brute-force search:

> testRange(-20,20,-20,20);

-8, 16, 8

-2, 4, 8

-2, 10, 8

0, 0, 2

4, 4, 4

5

So, for instance, P=(-2,10) – corresponding to (5,3) mod 7 – is of order 8, so we have Z/8Z.

i) y²+xy+y=x³-x²-14x+29

>a_1:=1;a_3:=1;a_2:=-1;a_4:=-14;a_6:=29;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 9 points, example: working mod 11, brute force search for points on curve with order yields

1, 3, 3

1, 6, 3

3, 1, 9

3, 6, 9

8, 6, 9

8, 7, 9

9, 4, 9

9, 8, 9

8 points, plus point at infinity for a total of 9 points.

We suspect Z/9Z, and indeed ncopies(9,3,1) gives zero, so the suspicion is correct.

j) y²+xy=x³-45x+81

>a_1:=1;a_3:=0;a_2:=0;a_4:=-45;a_6:=81;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3, 11}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 10 points, example: working mod 13, brute force search for points on curve with order yields

0, 4, 10

0, 9, 10

2, 12, 2

5, 10, 5

5, 11, 5

6, 3, 5

6, 4, 5

7, 2, 10

7, 4, 10

9 points, plus point at infinity for a total of 10 points.

(0,4) fails, but (0,9) turns out to genuinely be of order 10 (using ellorder, for a change!). So this gives rise to a torsion group of Z/10Z.

k) y²+43xy-210y=x³-210x²

>a_1:=43;a_3:=-210;a_2:=-210;a_4:=0;a_6:=0;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3, 5, 7, 13}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 12 points, example: working mod 17, brute force search for points on curve with order yields

0, 0, 12

0, 6, 12

6, 0, 6

6, 3, 6

9, 13, 4

9, 14, 4

11, 10, 12

11, 16, 12

13, 1, 3

13, 7, 3

14, 8, 2

11 points, plus point at infinity for a total of 12 points.

(0,0) is of order 12, so the torsion group is Z/12Z.

l) y²=x³-4x

> a_1:=0;a_3:=0;a_2:=0;a_4:=-4;a_6:=0;
> torsion();
Nagell-Lutz search for non-identity torsion points, with order, yields:

x, y, order

-2, 0, 2

0, 0, 2

2, 0, 2

Since we were able to use Nagell-Lutz, this is all the points with positive y co-ordinate. Along with the identity, there are thus at least 4 points, but none of order 4. So by Mazur’s theorem we have Z/2Z X Z/2Z, so the points above must be related. We can confirm this:

> P:=-2,0;

P := -2, 0

> Q:=0,0;

Q := 0, 0

> ella(P,Q);

2, 0

So we can think of the group as {0,P} X {0,Q}.

m) y²+xy-5y = x³ -5x²

Again, I’m unsure as to whether or not 2 should always be avoided as a prime of bad reduction since it is also misleading here, claiming no more than 4 elements. Using boundTorsion2 (and then ellorder) we find P=(0,0) of order 4, and Q=(1,2) of order 2; Q is not 2P so they are independent, that is, there are 8 elements in contradiction to the result when reducing modulo 2. The torsion group therefore appears to be (in line with the structure of the exercise) {0,Q} X {0,P} = Z/2Z X Z/4Z.

n) y²+5xy-6y=x³-3x²

> a_1:=5;a_3:=-6;a_2:=-3;a_4:=0;a_6:=0;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3, 5}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 12 points, example: working mod 17, brute force search for points on curve with order yields

0, 0, 6

0, 6, 6

2, 15, 2

3, 0, 3

3, 8, 3

5, 16, 2

11, 1, 2

12, 1, 6

12, 13, 6

14, 1, 6

14, 3, 6

11 points, plus point at infinity for a total of 12 points.

P=(0,0) has order 6, whilst the suggestion of 12 points yet none of order 12 implies Z/2Z X Z/6Z. None of the potential order 2 points above have finite order when not working modulo 17; so we search by brute force:

> testRange(-10,10,-10,10);

-3, 3, infinity

0, 0, 6

0, 6, 6

2, -2, 2

3, -9, 3

3, 0, 3

6

This turns up a point Q=(2,-2) of order 2; we must verify it is not generated by P:

> ncopies(2,0,0);

3, -9

> ncopies(3,0,0);

-6, 18

> ncopies(4,0,0);

3, 0

> ncopies(5,0,0);

0, 6

As this is not the case, we conclude that the group is {0,Q} X {0,P} = Z/2Z X Z/6Z.

o) y²+17xy-120y = x³-60x²

> a_1:=17;a_3:=-120;a_2:=-60;a_4:=0;a_6:=0;
> torsion();
Error, expected a_1=a_3=0

Try working with reduced curve modulo a prime not from the set {2, 3, 5, 7}

To test l such primes call boundTorsion(l)

> boundTorsion(10);

At most 16 points, example: working mod 19, brute force search for points on curve with order yields

0, 0, 8

0, 6, 8

3, 0, 4

3, 12, 4

5, 8, 2

7, 3, 4

7, 17, 4

8, 9, 8

8, 13, 8

11, 4, 8

11, 5, 8

12, 14, 8

12, 16, 8

17, 1, 2

18, 2, 2

15 points, plus point at infinity for a total of 16 points.

Again, P=(0,0) turns out to be a legitimate point of order 8; it generates 2P=(60,-900), 3P=(-30,180), 4P=(24,-144), 5P=(-30,450), 6P=(60,0), 7P=(0,120). None of the suggested points of order 2 work, so again we search, this time over much larger ranges (given the values for multiples of P)-

> testRange(-500,500,-500,500);

-40, 400, 2

-30, 180, 8

-30, 450, 8

-12, 36, 4

-12, 288, 4

0, 0, 8

0, 120, 8

24, -144, 2

30, -300, 8

30, -90, 8

60, 0, 4

11

Q=(-40,400) is of order 2 and not a multiple of P, so we have {0,Q} X {0,P} = Z/2Z X Z/8Z for the torsion subgroup.

This also makes it much more likely that you’ll be interested in the order of a point, so a procedure modgetorder is included to calculate this by brute force- that is, repeated addition until the zero element is reached.

This makes questions of the type I faced in MA40188: Algebraic Curves much easier. For instance, consider the curve

Over the field with 37 elements, and with a suitable dehomogenisation, the point P: (x,y)=(0,23) is easily verified as an element of E. Then we may easily determine the point Q=-2P, the third intersection of E with the tangent to E at P:

>read "gla.mpl";

> a_1:=0;a_2:=0;a_4:=-9;a_3:=0;a_6:=11;

>workModM:=true;

>

>M:=37;

>Q:=ncopies(-2,0,23);

1,22

So Q=(1,22). Further, Q is an inflexion point: that is, the tangent to E at Q meets E three times at Q. In terms of the group law, this means -2Q=Q, or equivalently 3Q=0. We can verify this in a couple of ways:

> ncopies(3,Q);

zero

> modgetorder(Q);

3

Since Q=-2P and 3Q=0, it should follow that 6P=0. Which, fortunately, it does:

> modgetorder(0,23);

6

Example 1

We consider example 2.4/problem 3.4 from Silverman;

By inspection we can identify some integer points, such as P₁=(-2,3) and P₃=(2,5). A brute force search for x in the range -1000 to 1000 generates the following results-

> #naive point search;

> for k from -1000 to 1000 do

> if(type(simplify((k^3+17)^(1/2)),integer)) then print(k,simplify((k^3+17)^(1/2))); end;

> end;

-2, 3

-1, 4

2, 5

4, 9

8, 23

43, 282

52, 375

Silverman tells us there is a further point, P₈=(5234,378661), plus we have missed all the inverses of our points (since only the positive square root was computed). Brute force on the range -6000 to 6000 of course uncovers P₈, but this computation takes 70.6 seconds, 10.24mb of memory and produces alarming sounds from my new office computer. Silverman observes that (due to a result of Nagell) the rational points are generated by integer combinations of P₁, P₃, so we can proceed by testing some of these instead:

> read "gla.mpl";

> a_1:=0;a_3:=0;a_2:=0;a_4:=0;a_6:=17; #setting
up the curve;

>#smarter search

> for i from -5 to 5 do

> for j from -5 to 5 do

> if(type(mnadd(i,j,-2,3,-1,4)[1],integer) and type(mnadd(i,j,-2,3,-1,4)[2],integer)) then print(i,j,mnadd(i,j,-2,3,-1,4));

> end if;

> end:

> end:

-3, -2, 43, -282

-2, -3, 5234, -378661

-2, -1, 2, -5

-2, 0, 8, 23

-1, -1, 4, 9

-1, 0, -2, -3

-1, 1, 52, -375

0, -1, -1, -4

0, 1, -1, 4

1, -1, 52, 375

1, 0, -2, 3

1, 1, 4, -9

2, 0, 8, -23

2, 1, 2, 5

2, 3, 5234, 378661

3, 2, 43, 282

All sixteen points are recovered in 0.02 seconds, consuming merely 0.31mb of memory!

Of course, for this example I’m cheating somewhat because I know where I’d like to get to in that I know this list is complete; although a priori there’s no indication of how large the arguments m,n needed to be to generate points such as P₇ or P₈. Nonetheless, this indicates that the procedures allow for more rapid exploration of points on the curve, even if they don’t prove anything (besides existence) by themselves.

Example 2

Maple’s own algcurves package can also be useful to tackle problems given in projective terms. For instance, we can rapidly demonstrate the first result claimed in Exercise 3.3b. Here we are concerned with the curve

which homogenizing away from Z=0 gives

However, this is not of Weierstrass form; but we can retrieve this from Maple:

> with(algcurves):

> f:=x^3+y^3-A

> Weierstrassform(f,x,y,x0,y0)

This yields

But this is not quite of the Weierstrass form as used in Silverman; we substitute -x₀ for x₀ to arrive at

That is, we have that the curve coefficients a_i are all zero except a₆=27A²/4; we also have an isomorphism φ between E and its Weierstrass form given coordinatewise. We can verify with the procedure j_invariant that these are indeed the same curve (it turns out to have j invariant zero, too). Moreover, we can show the desired result, that

For this, let P=(x_0,y_0) a point on the curve in Weierstrass form. Then we compute -P:

> a_1:=0;a_3:=0;a_2:=0;a_4:=0,a_6=-27*A^2/4:

> read "gla.mpl":

> ellm(x_0,y_0);

x_0, -y_0

Then, identifying P with a projective point via the isomorphism, we find

Which is the desired result.

Overview

These maple procedures implement the group law algorithm for an elliptic curve as given in Chapter III Section 2.3 of Silverman’s The Arithmetic of Elliptic Curves. In particular, they can handle the group identity symbolically as it arises during calculations.

Loading the procedures

The procedures can be downloaded as the maple file gla.mpl, which should be placed in whatever directory Maple expects to find it. To be more helfpul, this is probably your home directory on Unix based systems; on Windows it could be the application directory, although if you invoke maple by opening a worksheet, it’ll be the directory that sheet resides in. If you’re unsure, entering the following:

> x:=5;

> save x, "test.m";

Will create a file test.m which you can then search for to determine the appropriate directory.

Having established where the file goes, you then need to read it into Maple:

> read "gla.mpl";

Which after some shameless self-promotion gives you the procedures. The assumption is that you have an Elliptic curve given by a Weierstrass equation determined by coefficients a₁,…,a₆ as in Silverman:

You can of course work in full generality without defining these coefficients. The point at infinity is referred to as zero, whilst a point P=(x,y) can be specified as x,y (using (x,y) will likely give errors).

The procedures

Looking at the source you’ll find various procedures, some of which are only needed for the internal workings- in particular, elladd cannot handle zero and should not be used directly. The operations available are:

Elliptic addition (ella)

Addition with the group law is achieved by a call to the ella procedure; a typical call is ella(x1,y1,x2,y2) to compute x1,y1+x2,y2=P₁⊕P₂; however, you may substitute zero for either or both points (for instance, ella(zero,x,y) is valid). In accordance with 2.3(b) this either returns zero or x(P₁+P₂),y(P₁+P₂).

Inverse of a point (ellm)

Given a point P=(x,y), ellm(x,y) returns the group inverse, i.e., the point -P. zero is understood and is its own inverse.

Integer multiples (ncopies)

Repeated iteration of ella for a single point P=(x,y) is made available by ncopies(n,x,y), for n an integer. As before, zero may be (somewhat pointlessly) subsituted for x,y. Care is taken to ensure zero is appropriately handled at each stage, and thus may be returned as an answer (always, for n=0). Negative values of n are of course handled by returning n copies of -P, so this provides an alternative to ellm.

Addition of integer multiples (mnadd)

For convenience, two such integer multiples [m]P₁,[n]P₂ can be added using mnadd(m,n,x1,y1,y2); as usual zero can replace a pair of coordinates (or both).

To save carrying the original paperwork about, and to give myself a recap on the material, I’ve written up the lecture notes from MA40037:Galois Theory as taught at the University of Bath by Geoff Smith.

The content is broadly as follows: Rings, Integral Domains, Fields of Fractions, Units, Ideals, Homomorphisms, The First Isomorphism Theorem, The Chinese Remainder Theorem, Irreducibles, Field Extensions, Characteristic, Minimal Polynomials and Algebraic Numbers, Galois Theory.

The notes very closely match those I made and hence the lectures given, except the section on the Chinese Remainder Theorem, which was adapted from problem sheets. There have been various minor linguistic tweaks, but few mathematical ones.

It should be noted (to avoid confusion under composition) that the convention of writing function arguments to the left (i.e., (x)f rather than f(x)) is adopted here; and that square brackets are sometimes used for factors in polynomials where these appear in expressions also featuring function or polynomial evaluations (which are denoted by round brackets).

Proof reading would be appreciated!