2.6. Elliptic curves over finite fields 39 proposition is the discriminant of the polynomial f(x). The discrim- inant of E/Q, ΔE as in Definition 2.6.3, is a multiple of D in fact, ΔE = 16D. This fact together with Proposition 2.6.8 yield the fol- lowing corollary: Corollary 2.6.9. Let E/Q be an elliptic curve with coeﬃcients in Z. Let p ≥ 2 be a prime. If E has bad reduction at p, then p | ΔE. In fact, if E is given by a minimal model, then p | ΔE if and only if E has bad reduction at p. Example 2.6.10. The discriminant of the elliptic curve E1 : y2 = x3 + 35x + 5 of Example 2.6.7 is ΔE 1 = −2754800 = −24 · 52 · 71 · 97 (and, in fact, this is the minimal discriminant of E1). Thus, E1 has good reduction at 7 but it has bad reduction at 2, 5, 71 and 97. The reduction at 71 and 97 is multiplicative. Let E be an elliptic curve defined over a finite field Fq with q elements, where q = pr and p ≥ 2 is prime. Notice that E(Fq) ⊆ P2(Fq), and the projective plane over Fq only has a finite number of points (how many?). Thus, the number Nq := |E(Fq)|, i.e., the number of points on E over Fq, is finite. The following theorem provides a bound for Nq. This result was conjectured by Emil Artin (in his thesis) and was proved by Helmut Hasse in the 1930’s: Theorem 2.6.11 (Hasse [Sil86], Ch. V, Theorem 1.1). Let E be an elliptic curve defined over Fq. Then q + 1 − 2 √ q Nq q + 1 + 2 √ q, where Nq = |E(Fq)|. Remark 2.6.12. Heuristically, we expect that Nq is approximately q+1, in agreement with Hasse’s bound. Indeed, let E/Q be an elliptic curve given by y2 = x3 + Ax + B, with A, B ∈ Z, and let q = p be a prime for simplicity. There are p choices of x in Fp. For each value x0, the polynomial f(x) = x3 +Ax+B gives a value f(x0) ∈ Fp. The probability that a random element in Fp is a perfect square in Fp is 1/2 (notice, however, that f(x0) is not random this is just a heuristic argument). If f(x0) is a square modulo p, i.e., if there is a y0 ∈ Fp such that f(x0) ≡ y0 2 mod p, then there are two points (x0, ±y0) in

Purchased from American Mathematical Society for the exclusive use of nofirst nolast (email unknown) Copyright 2011 American Mathematical Society. Duplication prohibited. Please report unauthorized use to cust-serv@ams.org. Thank You! Your purchase supports the AMS' mission, programs, and services for the mathematical community.