3
$\begingroup$

Let $E : y^2=x^3+b$ be an elliptic curve over $\mathbb{F}_p$ ($p$ is a prime) with $b \in \mathbb{F}_p$ and $p=2 \mod 3$.

How can I show that $E[2]$ (the $2$-torsion points of $E$ on a algebraic closure of $\mathbb{F}_p$) is not included in $E(\mathbb{F}_p)$, the points of $\mathbb{F}_p$ in $E$.

Thank you.

1 Answers 1

1

I assume that $p>2$ and $b\neq0$ as otherwise the curve is not elliptic.

For curves in this form their $2$-torsion points are the affine points with $y=0$. If $y=0$, then also $x^3+b=0$. The equation $x^3+b=0$ has three zeros in the algebraic closure $\overline{\Bbb{F}_p}$, and your task is to prove that not all of the three solutions are in $\Bbb{F}_p$.

This is where the congruence condition gets used:

  • Show that $p-1$ is not divisible by three.
  • Because the group $\Bbb{F}_p^*$ is cyclic of order $p-1$ this implies that cubing is an injective (hence also bijective) mapping from $\Bbb{F}_p$ to itself. Do you see why?
  • This implies that every non-zero element of $\Bbb{F}_p$ has a single cube root in $\Bbb{F}_p$ (and two other cube roots in the quadratic extension field $\Bbb{F}_{p^2}$.

Anyway, the conclusion is that $E[2]$ has one finite point in $E(\Bbb{F}_p)$ and the two remaining points are in $E(\Bbb{F}_{p^2})\setminus E(\Bbb{F}_p)$.

  • 0
    The part with cubing being a bijection in such a field has certainly been explained many times on our site. I don't recall seeing it in this exact context though.2017-02-16
  • 0
    Ok, I am fully aware that $w \mapsto x^3$ is a bijection when $p=1=2 \mod 3$. Thanks by the way !2017-02-16
  • 0
    Really clear ! Accpted :)2017-02-16
  • 0
    Great, @Jacques! Sorry, if I sounded a bit condescending. I wasn't quite sure about your background level, so I wanted to leave you at least a bit of work.2017-02-16
  • 0
    No it was not condescending at all ;)2017-02-16
  • 0
    Additionnal question : if we have $E[n] \subset E(\mathbb{F}_p)$, I'm trying to prove that this implies $n \le 2$ (so that it is also not the case by what we've proven), I've shown that $n^2 \vert p+1$, how can we show that $n \vert p-1$. This must be very simple, I think, and I want to find a subgroup of $\mathbb{F}_p^*$, from $E[n]$ of order $n$, how can I do so ?2017-02-16
  • 0
    Jyrki Lahtonen : maybe should I open a new question ?2017-02-16
  • 1
    @JacquesMardot $n\mid p-1$ follows from the properties of Weil pairing (at least). I think we covered that somewhere here. Gimme a minute.2017-02-17
  • 1
    @JacquesMardot: My understanding of that is given [here](http://math.stackexchange.com/a/381152/11619). I am not an expert on this, but I think that leads to the desired conclusion. There may be a simpler argument.2017-02-17
  • 0
    Perfect ! I admit that I didn't give a tought about the Weil pairing. I believed it was more simple !2017-02-17