Abstract Algebra

Elliptic Curves

Bitcoin, Ethereum, TLS 1.3 all use elliptic curves. The secp256k1 group has approximately 1.158 * 10^77 elements - the intractable discrete logarithm problem underpins public-key cryptography.

  • **Cryptography:** ECDSA, ECDH are the standard signature and key-exchange protocols in TLS, SSH, Bitcoin (secp256k1)
  • **Number theory:** the Hasse-Weil zeta function of the curve connects to L-functions in the Langlands program
  • **Proof of FLT:** Wiles (1995) used elliptic curves and modular forms
  • **Birch and Swinnerton-Dyer:** one of the 7 Millennium Prize problems (1 million USD)

Предварительные знания

  • Abelian groups and the structure theorem
  • Finite fields and modular arithmetic
  • Plane algebraic curves
  • Basic number theory
  • Algebraic Topology

Definition and Weierstrass Form

In the 19th century, elliptic curves arose from the problem of arc length of an ellipse - hence the name. Karl Weierstrass put them in canonical form y^2 = x^3 + ax + b. Today the same formula with p = 2^256 - 2^32 - 977 (the curve secp256k1) secures Bitcoin: each of the 700 million wallets worldwide relies on the group law on this curve.

An elliptic curve is not an ellipse. The name is historical: integrals for the arc length of an ellipse (elliptic integrals) lead to cubic equations, not to ellipses themselves. The modern definition works over any field.

What does Delta = -16(4a^3 + 27b^2) != 0 guarantee for the curve y^2 = x^3 + ax + b?

The Group Law

The main miracle of elliptic curves is that the points form an abelian group. The addition law is geometric: draw a line through P and Q, find the third intersection R', reflect across the x-axis. This operation turns an algebraic curve into an arithmetic object. ECDSA (Elliptic Curve Digital Signature Algorithm) in TLS 1.3, SSH, and Bitcoin operates with exactly this group.

ECDSA security relies on ECDLP - the discrete logarithm problem on an elliptic curve: given P and Q = [n]P, find n. The best known algorithm is Pollard rho with complexity O(sqrt(p)). For p = 2^256 this is 2^128 operations - out of reach of any current machine.

What does the relation P + Q + R = O mean geometrically in the elliptic curve group law?

The Mordell-Weil Theorem

In 1922 Louis Mordell proved that the group of rational points E(Q) is finitely generated: a finite set of generators yields all rational points by addition. Andre Weil generalized this to algebraic number fields (the Mordell-Weil theorem). The rank of this group is one of the deepest objects in number theory, central to the Birch and Swinnerton-Dyer conjecture - one of the Clay Millennium Prize problems.

Elliptic curves - crossroads of mathematics and cryptography

The group of points of an elliptic curve unites algebra, number theory, and modern cryptography.

  • Cryptography — ECDSA, ECDH are the standard digital signature and key exchange algorithms in TLS, Bitcoin (secp256k1), SSH
  • Number theory — L-functions of elliptic curves, BSD conjecture, Langlands program - central objects
  • Algebraic geometry — Genus 1 curves; modular forms; Wiles' modularity theorem - proof of Fermat's Last Theorem
  • Proof of FLT — Andrew Wiles (1995) proved FLT through elliptic curves and modular forms; the modularity theorem

Итоги

  • **Weierstrass equation:** y^2 = x^3 + ax + b with Delta = -16(4a^3 + 27b^2) != 0
  • **Point at infinity O:** the identity element; projective coordinates [0:1:0]
  • **Group law:** P + Q + R = O for collinear points; formulas via chord and tangent slopes
  • **Scalar multiplication:** [n]P in O(log n) operations via double-and-add
  • **Mordell-Weil theorem:** E(Q) = Z^r (+) E(Q)_tors - finitely generated abelian group
  • **Mazur's theorem:** only 15 possible torsion groups for E(Q)
  • **BSD conjecture:** rank of E(Q) equals the order of vanishing of L(E, s) at s = 1

What does the Mordell-Weil theorem state about the group of rational points of an elliptic curve?

Elliptic Curves

0

1

Sign In