Hasse’s Theorem(1)

Given a finite set, perhaps the most elementary question we can and should ask about this set is its cardinality: how many elements it contains? In some problems or areas of mathematics, it is still a basic and open question.

In this post, we will state and prove (in some special cases) a theorem of Hasse, which estimates how many elements an elliptic curve can contain over some special fields.

Let p be a prime number, and q=p^n(n\in \mathbb{N}) a power of p. Then \mathbb{F}_q denotes the finite field of q elements. Moreover, \overline{\mathbb{F}_q} denotes the algebraic closure of \mathbb{F}_q. By an elliptic curve over \mathbb{F}_q, we mean the set of points (x,y)\in\overline{\mathbb{F}_q}^2 satisfying an equation y^2=x^3+ax+b where a,b\in\mathbb{F}_q and x^3+ax+b is a separable polynomial over \overline{\mathbb{F}_q}(which means that it admits three different roots). Together with another point(which we call, the point at infinity), we can,’mysteriously’, show that this set has an Abelian group structure(we will talk about this in another post in detail). We denote this set, the point at infinity included, by E(\overline{\mathbb{F}_q})(and we write the group operation as addition (x,y)+(x',y'), when there is no confusion, we write simply E(\overline{\mathbb{F}_q}) for the group (E(\overline{\mathbb{F}_q}),+)). Note that, \overline{\mathbb{F}_q} contains infinitely many elements, so for any x\in\overline{\mathbb{F}_q}, we have at least one y\in\overline{\mathbb{F}_q} such that (x,y) satisfies the equation above. So, we know that E(\overline{\mathbb{F}_q}) is an infinite set. Yet, we can also consider those points of E(\overline{\mathbb{F}_q}) such that (x,y)\in\mathbb{F}_q^2. We denote this set, again the point at infinity included, by E(\mathbb{F}_q). Note that this time, since \mathbb{F}_q is itself a finite set, so does E(\mathbb{F}_q). So, here we can count the elements of E(\mathbb{F}_q). That is what the theorem of Hasse will deal with:

Theorem(Hasse): for an elliptic curve E:y^2=x^3+ax+b over \mathbb{F}_q, we have that |q+1-\# E(\mathbb{F}_q)|\leq2\sqrt{q}.

This theorem shows that for large q, the equation y^2=x^3+ax+b essentially has about q solution, with a fluctuation 2\sqrt{q}. In other words, if p\neq2, there are about q/2‘s x\in\mathbb{F}_q such that y^2=x^3+ax+b has a solution(for most of these x, there will be two y(one being the opposite of the other) such that y^2=x^3+ax+b), and altogether there are about q/2*2=q solutions to this equation.

There is one way to prove this theorem using the theory of degrees of rational morphisms. First of all, we give a definition:

Definition: for an elliptic curve E(\overline{\mathbb{F}_q}),an endomorphism on it is a rational map f:E(\overline{\mathbb{F}_q}\rightarrow E(\overline{\mathbb{F}_q}),(x,y)\mapsto (f_1(x,y),f_2(x,y)) where f_1,f_2 are rational functions on x,y(what is more, f takes the point at infinity to the point at infinity) such that f(P+Q)=f(P)+f(Q).

Note that the condition that f respects the group operation poses a great constraint on f. For f_1(x,y), using the fact that y^2=x^3+ax+b, we can assume that f_1(x,y)=\frac{P_1(x)+P_3(x)y}{P_2(x)}. However, we know that, (f_1(x,-y),f_2(x,-y))=f(x,-y)=f(-(x,y))=-f(x,y)=(f_1(x,y),-f_2(x,y)). This means that f_1(x,-y)=f_1(x,y), in other words, \frac{P_1(x)-P_3(x)y}{P_2(x)}=\frac{P_1(x)+P_3(x)y}{P_2(x)}, which means that P_2=0. So, f_1(x,y)=f_1(x)=\frac{P_1(x)}{P_2(x)}. Now we can assume that P_1,P_2 are coprime polynomials, and they are unique up to a constant factor. Then we set

Definition: deg(f)=\max{deg(P_1,P_2)}. We say that f is separable if f_1'\neq0.

Note that the derivative of f_1 is in the formal sense, (x^n)'=n x^{n-1}. Note that given a t\in \overline{\mathbb{F}_q}, we have that f_1(x)=t admits at most deg(f) many solutions. This is the following lemma:

Lemma: If f_1{x}=c(c\in \overline{\mathbb{F}_q}) has at least one solution, then it has exactly deg(f) if and only if f is separable.

Essentially this lemma says that if P_1(x)=cP_2(x) has at least one solution, then it has exactly \max{deg(P_1),deg(P_2)} many distinct solutions if and only if P_1'P_2-P_1P_2'\neq0.

Then we have that \# Ker(f)=deg(f) if and only if f is not separable.

Then we want to construct a special endomorphism f such that E(\mathbb{F}_q)=Ker(f). What functions can we try? How can we pose conditions on the points (x,y)\in\overline{\mathbb{F}_q}^2 such that (x,y) actually lies in \mathbb{F}_q^2? We can step back to first consider this question: what condition can we set such that x\in\overline{\mathbb{F}_q} actually lies in \mathbb{F}_q? There is one obvious choice: the Frobenious morphism. That is to say, we define F_q:\overline{\mathbb{F}_q}\rightarrow\overline{\mathbb{F}_q},x\mapsto x^q. We see easily that F_q is an endomorphism of field. And we have that \mathbb{F}_q=Ker(F_q-I_{\overline{\mathbb{F}_q}}).

If a,b\in\mathbb{F}_q, then for the elliptic curve y^2=x^3+ax+b, we have that F_q(E(\overline{\mathbb{F}_q}))\subset E(\overline{\mathbb{F}_q}). Moreover, for P,Q,R\in\overline{\mathbb{F}_q}, if they lie on the same line t x+s y=r(t,s,r\in\mathbb{F}_q), then so do F_q(P),F_q(Q),F_q(R). If they lie on the same conic, the same cubic(all with coefficients in \mathbb{F}_q), so do their image under F_q. So, in fact F_q is an endomorphism on E(\overline{\mathbb{F}_q}). And so, we have that

Proposition: E(\mathbb{F}_q)=Ker(F_q-I_{\overline{\mathbb{F}_q}}).

So, next question is the degree of F_q-I. Note that for any two endomorphisms over E(\overline{\mathbb{F}_q}),f,g, we can define a third as h(P)=f(P)+g(P)(P\in\overline{\mathbb{F}_q}). It is indeed an endomorphism. What is more, for any n\in\mathbb{Z}, we set (n f)(P)=n (f(P)). So, F_q-I makes sense. The next proposition shows how to calculate the degree of r f+s g from f,g:

Proposition: for r,s\in\mathbb{Z}, we have that deg(r f+s g)=r^2 deg(f)+s^2 deg(g)+r s(deg(f+g)-deg(f)-deg(g)).

This formula appears mysterious at first sight, however in the next post we will explain how it comes.