Complex Multiplication for Elliptic Curve
3.2 Endomorphism Ring
In Section 2.1.3, we formulate some definitions related to homomor-phism. For studying the details of the CM-method, we start from intro-ducing the endomorphism ring of an elliptic curve.
Definition 3.2 (Endomorphism). Let A1 and A2 are abelian varieties over K and HomKpA1, A2q denote the set of homomorphisms from A1 to A2. Then the homomorphisms EndKpA1q :“ HomKpA1, A1q are the endomorphisms of A1.
24
) ( ) (ω iω L=Ζ +Ζ
ω iω
Figure 3.1: Square lattice L“ Zω ` Ziω
The set EndKpA1q is a ring with composition as multiplicative structure.
Given an elliptic curve E defined over K, we say that the elliptic curve E has complex multiplication if the endomorphism ring of E, EndKpEq, is strickly larger than Z. We now utilize the elliptic curves defined over C as examples to illustrate the endomorphism rings, then show that all the elliptic curves defined over finite fields have complex multiplication.
We use the elliptic curve E : y2 “ 4x3 ´ 4x defined over C as example.
As we had proved, we can find a lattice L “ Zω1 ` Zω2 such that EpCq » C{L. In this case, it can be computed that the lattice L can be written as L “ Zω ` Ziω for a certain ω P R. Figure 3.1 shows an example of this square lattice.
The square lattice was symmetic, i.e. iL “ L. Considering the
25
endomorphism αpxq “ ix acts on the Weierstrass ℘-function
Hence, we have the corresponding endomorphism on the elliptic curve E given by
ipx, yq “ p´x, iyq
i.e. we get the the corresponding map of the endomorphism between E and C{L
since point multiplication by integer a and b can be expressed by ratio-nal functions.
Therefore, in this cases,
Zris Ď EndCpEq .
Figure 3.2 shows two examples of EndCpEq, one is multiplication by integer and the other by i.
Now we deal with the endomorphism rings of the arbitrary elliptic curve over C. We prove the following theorem.
Theorem 3.3. Let E be an elliptic curve defined over C and L be the lattice such that EpCq » C{L. Then
EndCpEq » tβ P C|βL Ď Lu . 26
) ( ) (ω iω
L=Ζ +Ζ iL=L⊆L
) ( ) (ω iω
L=Ζ +Ζ 2L⊂L
×i
×2
i·(iω) i·ω
2·(iω) 2·ω ω
iω
ω iω
Figure 3.2: Examples of EndCpEq » tβ P C|βL Ď Lu
27
P=(x, y) α(P)
=(R(x), yS(x))
z
α
α~ α~(z)
Φ Φ-1
E(C)
C/L
Figure 3.3: The illustration of the morphisms proved of Theorem 3.3 -(1)
Proof. Let E be an elliptic curve defined over C and L “ Zω1 ` Zω2 be the corresponding lattice. To prove the theorem, we need to show the followings:
1. All endomorphisms of EpCq can be expressed by β such that βLĎ L
2. All such β’s define endomorphisms of EpCq Here we start the proof.
1. Given an endomorphism α of EpCq, by definition of the en-domorphism, it maps a point P “ px, yq P E pCq to αP “ αpx, yq P E pCq and can be expressed by rational functions
αpx, yq “ pR pxq , yS pxqq .
Since there exists an isomorphism Φ between C{L and E pCq Φ : C{L ÝÑ E pCq , Φ pzq “ p℘ pzq , ℘1pzqq , the map
α˜“ Φ´1pα pΦ pzqqq
would be an endomorphism of C{L. Figure 3.3 illustrates the relations of these morphisms.
To show that ˜αpzq “ βz for some β P C, we focus on the action of the endomorphism applying on a sufficiently small area U near z “ 0. Then we obtain the map from U to C such that
α˜pz1` z2q ” ˜αpz1q ` ˜αpz2q mod L, @z1, z2 P U 28
and we may assume that ˜αp0q “ 0. By continuity, ˜αpzq Ñ 0 when z Ñ 0. If U is sufficiently small, we may assume that
α˜pz1` z2q “ ˜αpz1q ` ˜αpz2q , @z1, z2 P U.
Therefore, for z P U, α˜1pzq “ lim
hÑ0
α˜pz ` hq ´ ˜αpzq h
“ lim
hÑ0
α˜pzq ` ˜αphq ´ ˜αpzq h
“ limhÑ0α˜phq ´ ˜αp0q
h “ ˜α1p0q .
Let β “ ˜α1p0q, since ˜α1pzq “ β, @z P U, we have ˜αpzq “ βz,@z P U.
Now let z P C be arbitrary. Since there exists an integer n such that z{n P U,
α˜pzq ” n˜αpz{nq “ n pβz{nq “ βz mod L.
Hence, the endomorphism ˜α is given by multiplication by β.
For the definition of homomorphsim, ˜αpLq Ď L, it follows that βLĎ L.
2. Given β P C satisfies βL Ď L, then multiplication by β is a ho-momorphism from C{L to C{L. Therefore, the functions ℘ pβzq and ℘1pβzq are doubly periodic with respect to L. By Theorem
??, there exists rational functions R and S such that
℘pβzq “ R p℘ pzqq , ℘1pβzq “ ℘1pzq S p℘ pzqq .
Hence, multiplication by β on C{L corresponds to the map on E:
px, yq ÞÑ pR pxq , yS pxqq .
Again, we use Figure 3.4 to show the illustration of the relation between the morphisms proved in this part.
29
z
Figure 3.4: The illustration of the morphisms proved of Theorem 3.3 -(2)
By proving the above, we link the endomorphism ring EndCpEq and the lattice L corresponding to EpCq together.
Theorem 3.3 shows that the endomorphism ring of an elliptic curve over C is related closely to the lattice it corresponds to. The next theo-rem gives us a precise structure of the endomorphism ring, EndCpEq.
Theorem 3.4. Let E be an elliptic curve defined over C. Then EndCpEq is isomorphic either to Z or to an order in an imaginary quadratic field.
Proof. Let L “ Zω1 ` Zω2 be the lattice corresponding to E. By
So the determinant of the matrix is 0,
β2´ pj ` nq β ` pjn ´ kmq “ 0.
Hence, β lies in some quadratic field K and β is an algebraic integer (7 j, k, m, nP Z). We deal with field K in two cases.
30
1. Assume β P R.
Then the equation above βω1 “ jω1 ` kω2 (or βω2 “ mω1 ` nω2) gives a dependence relation between ω1 and ω2 with real coefficients:
Then β is an algebraic integer in a quadratic field and for β R R, K must be an imaginary quadratic field, denote K by Q`?´d˘.
Let β1 R Z be another element of R. By the same reason, β1 P K1 “ Q`?´d1˘ for some d1.
Since R is a ring, β` β1must also be in R, implies that K “ K1 and R Ă K. For all the elements of R are algebraic integers, we have
RĎ OK.
Therefore, the endomorphism ring EndCpEq “ R is isomorphic either to Z or an order in an imaginary quadratic field.
After studying the structure of the endomorphism ring of the ellip-tic curves defined over C, next we discuss the endomorphism rings of elliptic curves defined over finite field Fq.
Considering the Frobenius endomorphism φq on an elliptic curve defined over Fq,
By the Hasse theorem (Theorem 2.43), the unique integer t satisfies
|t| ď 2?q. It can be shown that if t “ ˘2?q, then the endomorphism ring would be an order in a quaternion algebra. For our application and in pratical, we restrict the discussion on the case that|t| ă 2?q. Since
|t| ă 2?q, the polynomial X2´ tX ` q “ 0 would have only complex roots, therefore
Z‰ Z rφqs Ď End pEq .
From Theorem 3.4, then the endomorphism ring of an elliptic curve defined over finite field would be an order in an imaginary quadratic field. Observing the polynomial
X2´ tX ` q “ 0,
the roots would lie in the imaginary quadratic field Q´
at2´ 4q¯ . Hence, for choosing the parameters t and q, we can then determine the imaginary quadratic field K “ Q`?´d˘ such that
EndpEq Ď OK.
This is an important result that allows us to choose the desired order first and then find the elliptic curve with the exactly order.
In this section, we link the relation of the order of an elliptic curve and the structure of its endomorphism ring. Following we show how to use the structure to find the desired elliptic curve.