Points on an elliptic curve over a field are given in terms of projective coordinates: a point (a, b, c) is equivalent to (x, y, z) if and only if there exists an element u (in the field of definition) such that ua=x, ub=y, and uc=z. The equivalence class of (x, y, z) is denoted by the projective point (x:y:z). At least one of the projective coordinates must be nonzero. We call the coefficients normalized if either z=1, or z=0 and y=1.
In this section the descriptions will refer to a point set H, which is either the H in the signature or the base point set of the elliptic curve E in the signature.
Returns the sequence of points in H whose x-coordinate is x.
Returns the indexed set containing the identity point of H.
Returns true if the sequence of values in S are the coordinates of a point in H, false otherwise. If this is true, then the corresponding point is returned as the second value.
Returns true if x is the x-coordinate of a point in H, false otherwise. If this is true, then a corresponding point is returned as the second value. Note that the point at infinity of H will never be returned.
Access the i-th coefficient for an elliptic curve point P, for 1 <= i <= 3.
Given a point P on an elliptic curve, this function returns a sequence of length 3 consisting of its coefficients (normalized).
Returns the category of elliptic curve points, PtEll.
Returns the parent point set for the point P.
Returns the corresponding scheme or elliptic curve for the parent point set of P.
The points on an elliptic curve over a field form an abelian group, for which we use the additive notation. The identity element is the point O = (0:1:0).
The additive inverse of the point P on an elliptic curve E.
Returns the sum P + Q of two points P and Q on the same elliptic curve.
Given two points P and Q on the same elliptic curve, set P equal to their sum.
Returns the difference P - Q of two points P and Q on the same elliptic curve.
Given two points P and Q on the same elliptic curve, set P equal to their difference.
Returns the n-th multiple of the point P on an elliptic curve.
Set P equal to the n-th multiple of itself.
> E := EllipticCurve([0, 0, 1, -7, 6]); > P1 := E![ 175912024457 * 278846, -41450244419357361, 278846^3 ]; > P1; (175912024457/77755091716 : -41450244419357361/21681696304639736 : 1) > P2 := E![ -151 * 8, -1845, 8^3 ]; > P2; (-151/64 : -1845/512 : 1) > P3 := E![ 36773 * 41, -7036512, 41^3 ]; > P3; (36773/1681 : -7036512/68921 : 1)Now we try small linear combinations in the hopes of finding nicer looking points. We shall omit the bad guesses and just show the good ones.
> P1 + P2; (777/3364 : 322977/195112 : 1)Success! We replace P1 with this new point and keep going.
> P1 +:= P2; > P2 + P3; (-3 : 0 : 1) > P2 +:= P3; > P3 - P1; (-1 : -4 : 1) > P3 -:= P1;After a small search we find:
> P1 -:= 2*P2; > [ P1, P2, P3 ]; [ (0 : 2 : 1), (-3 : 0 : 1), (-1 : -4 : 1) ]The only other candidate for a smaller point is something with x-coordinate 2, but while this point exists it is generated by smaller points and so does not improve matters.
> IsPoint(E, 2); true (2 : 0 : 1) > P3 - P1; (2 : 0 : 1)These points are in fact the generators of the Mordell--Weil group of this particular elliptic curve. Since none of the transformations increased the size of the space spanned by the points it follows that the original set of points are also generators of E. The reduced points form a much more convenient basis, however.
> E := EllipticCurve([GF(97) | 1, 2]); > K<y> := FunctionField(E); > F<x> := BaseRing(K);Now we lift the curve to be over its own function field, and form a generic point on E.
> EK := BaseChange(E, K);
> P := EK![x,y,1];
> P;
(x : y : 1)
> 2*P;
((73*x^4 + 48*x^2 + 93*x + 73)/(x^3 + x + 2) : (85*x^6 + 37*x^4 + 5*x^3 + 60*x^2 + 96*x + 8)/
(x^6 + 2*x^4 + 4*x^3 + x^2 + 4*x + 4)*y : 1)
Finally, we verify, by a cut-and-paste, that addition of the
generic point serves as definition of the addition laws on the
curve.
> Q<x,y> := PolynomialRing(E); > m2 := Isogeny(E, E, x^3 + x + 2, 73*x^4 + 48*x^2 + 93*x + 73, > (85*x^6 + 37*x^4 + 5*x^3 + 60*x^2 + 96*x + 8)*y); > P := E![32,93,1]; > m2(P); (95 : 63 : 1) > 2*P; (95 : 63 : 1)
Given a point on an elliptic curve defined over Q or a finite field, this function computes the order of P; that is, the smallest positive integer n such that n⋅P=O on the curve. If no such positive n exists, then 0 is returned to indicate infinite order. If the curve is defined over a finite field, the order of the curve will first be computed.
Given a point on an elliptic curve defined over Q or over a finite field, this function returns the factorization of the order of P. If the curve is over a finite field then on repeated applications this is generally much faster than factorizing Order(P) because the factorization of the order of the curve will be computed and stored. An error ensues if the curve is defined over Q and P has infinite order.
> E := EllipticCurve([GF(NextPrime(10^12)) | 1, 1]); > Order(E); 1000001795702 > FactoredOrder(E); [ <2, 1>, <7, 1>, <13, 1>, <19, 1>, <31, 1>, <43, 1>, <59, 1>, <3677, 1> ] > P := E ! [652834414164, 320964687531, 1]; > P; (652834414164 : 320964687531 : 1) > IsOrder(P, Order(E)); true > FactoredOrder(P); [ <2, 1>, <7, 1>, <13, 1>, <19, 1>, <31, 1>, <43, 1>, <59, 1>, <3677, 1> ] > FactoredOrder(3677 * 59 * P); [ <2, 1>, <7, 1>, <13, 1>, <19, 1>, <31, 1>, <43, 1> ]
Returns true if and only if the point P is the identity point of its point set, false otherwise.
Returns true if and only if P and Q are points on the same elliptic curve and have the same normalized coordinates.
The logical negation of eq.
Given a point P, return true if and only if P is in the point set H. That is, it satisfies the equation of E and its coordinates lie in R, where H = E(R).
Given a point P, return true if and only if P is on the elliptic curve E (i.e., satisfies its defining equation). Note that this is an exception to the general rule, in that P does not have to lie in the base point set of E for this to be true.
Returns true if and only if P has order m. If you believe that you know the order of the point then this intrinsic is likely to be much faster than just calling Order.
Given a point P on an elliptic curve defined over Q, this function returns true if and only if the coordinates of the (normalization of) P are integers.
Given a point P on an elliptic curve defined over Q and a sequence S of primes, this function returns true if and only if the coordinates of the (normalization of) P are S-integers. That is, the denominators of x(P) and y(P) are only supported by primes of S.
Magma contains an optimized implementation of the Weil pairing on an elliptic curve. This function is used in the computation of the group structure of elliptic curves over finite fields, making the determination of the group structure efficient.
Computes the Weil pairing of P and Q, both of which must be n-torsion points.
Returns true if and only if the sequence S is linearly independent over Z/nZ. The points in S must have order dividing n.
Returns true if and only if the points P and Q form a basis of the n-torsion points.
> p := NextPrime(2^131);
> n := p + 1;
> n;
2722258935367507707706996859454145691688
> Factorization(n);
[ <2, 3>, <3, 2>, <37809151880104273718152734159085356829, 1> ]
> E0 := SupersingularEllipticCurve(GF(p));
> G<x>, f := AbelianGroup(E0);
> G;
Abelian Group isomorphic to Z/2722258935367507707706996859454145691688
Defined on 1 generator
Relations:
2722258935367507707706996859454145691688*x = 0
> n eq #G;
true
> P0 := f(x);
> E1 := BaseExtend(E0,GF(p^2));
> P1 := E1!P0;
> repeat
> Q1 := Random(E1);
> z1 := WeilPairing(P1,Q1,n);
> until Order(z1) eq n;
> IsOrder(Q1, n);
true
> r := 1234567;
> z2 := WeilPairing(r*P1,Q1,n);
> z1^r eq z2;
true
> WeilPairing(P1,r*P1,n);
1