Introduction to Arithmetic Geometry, Lecture notes of Geometry

Download Introduction to Arithmetic Geometry and more Lecture notes Geometry in PDF only on Docsity! INTRODUCTION TO ARITHMETIC GEOMETRY (NOTES FROM 18.782, FALL 2009) BJORN POONEN Contents 1. What is arithmetic geometry? 3 2. Absolute values on fields 3 3. The p-adic absolute value on Q 4 4. Ostrowski’s classification of absolute values on Q 5 5. Cauchy sequences and completion 8 6. Inverse limits 10 7. Defining Zp as an inverse limit 10 8. Properties of Zp 11 9. The field of p-adic numbers 12 10. p-adic expansions 13 11. Solutions to polynomial equations 14 12. Hensel’s lemma 14 13. Structure of Q×p 15 14. Squares in Q×p 17 14.1. The case of odd p 17 14.2. The case p = 2 18 15. p-adic analytic functions 18 16. Algebraic closure 19 17. Finite fields 20 18. Inverse limits in general 22 19. Profinite groups 25 19.1. Order 25 19.2. Topology on a profinite group 25 19.3. Subgroups 25 20. Review of field theory 26 21. Infinite Galois theory 27 21.1. Examples of Galois groups 28 22. Affine varieties 29 Date: December 10, 2009. 1 22.1. Affine space 29 22.2. Affine varieties 29 22.3. Irreducible varieties 30 22.4. Dimension 31 22.5. Smooth varieties 32 23. Projective varieties 33 23.1. Motivation 33 23.2. Projective space 33 23.3. Projective varieties 33 23.4. Projective varieties as a union of affine varieties 34 24. Morphisms and rational maps 36 25. Quadratic forms 37 25.1. Equivalence of quadratic forms 38 25.2. Numbers represented by quadratic forms 39 26. Local-global principle for quadratic forms 39 26.1. Proof of the Hasse-Minkowski theorem for quadratic forms in 2 or 3 variables 41 27. Rational points on conics 42 28. Sums of three squares 43 29. Valuations on the function field of a curve 44 29.1. Closed points 46 30. Review 46 31. Curves and function fields 47 32. Divisors 49 32.1. Degree of a divisor 49 32.2. Base extension 50 32.3. Principal divisors 51 32.4. Linear equivalence and the Picard group 52 33. Genus 54 33.1. Newton polygons of two-variable polynomials 54 34. Riemann-Roch theorem 55 35. Weierstrass equations 57 36. Elliptic curves 58 37. Group law 59 37.1. Chord-tangent description 59 37.2. Torsion points 60 38. Mordell’s theorem 61 39. The weak Mordell-Weil theorem 62 40. Height of a rational number 66 2 Properties: (Val1) vp(x) = +∞ if and only if x = 0 (Val2) vp(xy) = vp(x) + vp(y) (Val3) vp(x+ y) ≥ min(vp(x), vp(y)) These hold even when x or y is 0, as long as one uses reasonable conventions for +∞, namely: • (+∞) + a = +∞ • +∞ ≥ a • min(+∞, a) = a for any a, including a = +∞. Property (Val2) says that if we disregard the input 0, then vp is a homomorphism from the multiplicative group Q× to the additive group Z. Proof of (Val3). The cases where x = 0 or y = 0 or x+ y = 0 are easy, so assume that x, y, and x+ y are all nonzero. Write x = pn r s (and) y = pm u v with r, s, u, v not divisible by p, so vp(x) = n and vp(y) = m. Without loss of generality, assume that n ≤ m. Then x+ y = pn ( r s + pm−nu v ) = pn N sv . Here sv is not divisible by p, but N might be so N might contribute some extra factors of p. Thus all we can say is that vp(x+ y) ≥ n = min(n,m) = min(vp(x), vp(y)).  Definition 3.3. Fix a prime p. The p-adic absolute value of a rational number x is defined by |x|p := p−vp(x). If x = 0 (i.e., vp(x) = +∞), then we interpret this as |0|p := 0. Properties (Val1), (Val2), (Val3) for vp are equivalent to properties (Abs1), (Abs2), (Abs3′) for | |p. In particular, | |p really is an absolute value on Q. 4. Ostrowski’s classification of absolute values on Q On Q we now have absolute values | |2, | |3, | |5, . . . , and the usual absolute value | |, which is also denoted | |∞, for reasons having to do with an analogy with function fields that we will not discuss now. Ostrowski’s theorem says that these are essentially all of them. 5 Definition 4.1. Two absolute values ‖ ‖ and ‖ ‖′ on a field k are said to be equivalent if there is a positive real number α such that ‖x‖′ = ‖x‖α for all x ∈ k. Theorem 4.2 (Ostrowski). Every nontrivial absolute value on Q is equivalent to | |p for some p ≤ ∞. Proof. Let ‖ ‖ be the absolute value. Case 1: there exists a positive integer b with ‖b‖ > 1. Let b be the smallest such positive integer. Since ‖1‖ = 1, it must be that b > 1. Let α be the positive real number such that ‖b‖ = bα. Any other positive integer n can be written in base b: n = a0 + a1b+ · · ·+ asb s where 0 ≤ ai < b for all i, and as 6= 0. Then ‖n‖ ≤ ‖a0‖+ ‖a1b‖+ ‖a2b 2‖+ · · ·+ ‖asbs‖ = ‖a0‖+ ‖a1‖bα + ‖a2‖b2α + · · ·+ ‖as‖bsα ≤ 1 + bα + b2α + · · ·+ bsα (by definition of b, since 0 ≤ ai < b) = ( 1 + b−α + b−2α + · · ·+ b−sα ) bsα ≤ Cnα (since bs ≤ n), where C is the value of the convergent infinite geometric series 1 + b−α + b−2α + · · · . This holds for all n, so for any N ≥ 1 we can substitute nN in place of n to obtain ‖nN‖ ≤ C(nN)α, which implies ‖n‖N ≤ C(nα)N ‖n‖ ≤ C1/Nnα. This holds for all N ≥ 1, and C1/N → 1 as N →∞, so we obtain ‖n‖ ≤ nα for each n ≥ 1. We next prove the opposite inequality ‖n‖ ≥ nα for all positive integers n. Given n, choose an integer s such that bs ≤ n < bs+1. Then ‖bs+1‖ ≤ ‖n‖+ ‖bs+1 − n‖ 6 so ‖n‖ ≥ ‖bs+1‖ − ‖bs+1 − n‖ = b(s+1)α − ‖bs+1 − n‖ (since ‖b‖ = bα) ≥ b(s+1)α − (bs+1 − n)α (by the previous paragraph) ≥ b(s+1)α − (bs+1 − bs)α (since bs ≤ n < bs+1) = b(s+1)α [ 1− ( 1− 1 b )α] = (bn)α [ 1− ( 1− 1 b )α] = cnα, where c is a positive real number independent of n. This inequality, ‖n‖ ≥ cnα holds for all positive integers n, so as before, we may substitute n = nN , take N th roots, and take the limit as N →∞ to deduce ‖n‖ ≥ nα. Combining the previous two paragraphs yields ‖n‖ = nα for any positive integer n. If m is another positive integer, then ‖n‖ · ‖m/n‖ = ‖m‖ ‖m/n‖ = ‖m‖/‖n‖ = mα/nα = (m/n)α. Thus ‖q‖ = qα for every positive rational number. Finally, if q is a positive rational number, then ‖ − q‖ = ‖ − 1‖ · ‖q‖ = qα = | − q|α so ‖x‖ = |x|α holds for all x ∈ Q (including 0). Case 2: ‖b‖ = 1 for all positive integers b. Then as in the previous paragraph, the axioms of absolute values imply that ‖x‖ = 1 for all x ∈ Q×, contradicting the assumption that ‖ ‖ is a nontrivial absolute value. Case 3: ‖n‖ ≤ 1 for all positive integers n, and there exists a positive integer b such that ‖b‖ < 1. Assume that b is the smallest such integer. If it were possible to write b = rs for some smaller positive integers r and s, then ‖r| = 1 and ‖s‖ = 1 by definition of b, but then ‖b‖ = ‖r‖ · ‖s‖ = 1, a contradiction; thus b is a prime p. We prove (by contradiction) that p is the only prime satisfying ‖p‖ < 1. Suppose that q were another such prime. For any positive integer N , the integers pN and qN are relatively prime, so there exist integers u, v such that upN + vqN = 1, 7 Example 5.7. The completion of Q with respect to the usual absolute value | | is the field R of real numbers. Proposition 5.8. Let k be a subfield of a complete field L. Then (1) The inclusion k ↪→ L extends to an embedding k̂ ↪→ L. (2) If every element of L is a limit of a sequence in k, then the embedding k̂ ↪→ L is an isomorphism. Proof. (1) Given an element a ∈ k̂, represented as the limit of (ai) with ai ∈ k, map a to the limit of (ai) in L. This defines a ring homomorphism k̂ → L, which is automatically injective since these are fields. (2) Suppose that every element of L is a limit of a sequence in k. Given ` ∈ L, choose a sequence (ai) in k converging to `. Then (ai) is Cauchy, so it also converges to an element a ∈ k̂. This a maps to `, by definition of the embedding. So the embedding is surjective as well as injective; hence it is an isomorphism.  6. Inverse limits Definition 6.1. An inverse system of sets is an infinite sequence of sets (An) with maps between them as follows: · · · → An+1 fn→ An → · · · f1→ A1 f0→ A0. Definition 6.2. The inverse limit A = lim←−An of an inverse system of sets (An), (fn) as above is the set A whose elements are the infinite sequences (an) with an ∈ An for each n ≥ 0 satisfying the compatibility condition fn(an+1) = an for each n ≥ 0. It comes with a projection map εn : A→ An that takes the nth term in the sequence. Remark 6.3. If the An are groups and the fn are group homomorphisms, then the inverse limit A has the structure of a group: multiply sequences term-by-term. If the An are rings and the fn are ring homomorphisms, then the inverse limit A has the structure of a ring. 7. Defining Zp as an inverse limit Fix a prime p. Let An be the ring Z/pnZ. Let fn be the ring homomorphism sending b̄ := b+ pn+1Z to b̄ := b+ pnZ. The ring of p-adic integers is Zp := lim←−An. For example, if p = 3, then a sequence like 0 mod 1, 2 mod 3, 5 mod 9, 23 mod 27, · · · defines an element of Z3. 10 8. Properties of Zp Recall that a sequence of group homomorphism is exact if at the group in each position, the kernel of the outgoing arrow equals the image of the incoming arrow. For example, 0→ A f→ B g→ C → 0 is called a short exact sequence if f is injective, g is surjective, and g induces an isomorphism from B/A (or more precisely, B/f(A)) to C. Proposition 8.1. For each m ≥ 0, 0→ Zp pm→ Zp εm→ Z/pmZ→ 0 is exact. (Here the first map is the multiplication-by-pm map, sending (an)n≥0 to (pman)n≥0., and εm maps (an)n≥0 to am.) Proof. First let us check that multiplication-by-p on Zp is injective. Suppose that a = (an) ∈ Zp is in the kernel. Then pa = 0, so pan = 0 in Z/pnZ for all n. In particular, pan+1 = 0 in Z/pn+1Z. That means that an+1 = pnyn+1 for some yn+1 ∈ Z/pn+1Z. But then an = fn(an+1) = pnfn(yn+1) = 0 in Z/pnZ. This holds for all n, so a = 0. Exactness on the left: Since multiplication-by-p is injective, composing this with itself m times shows that multiplication-by-pm is injective. Exactness on the right: Given an element β ∈ Z/pmZ, choose an integer b that represents β. Then the constant sequence b represents an element of Zp mapping to β. Exactness in the middle: If a ∈ Zp, then εm(pma) = pmε(a) = 0 in Z/pmZ. Thus the image of the incoming arrow (multiplication-by-pm) is contained in the kernel of the outgoing arrow (εm). Conversely, suppose that x = (xn) is in the kernel of εm. So xm = 0. Then for all n ≥ m, we have xn ∈ pmZ pnZ . So there is a unique yn−m mapping to xn via the isomorphism Z pn−mZ pm−→ pmZ pnZ . These yn−m are compatible (because the xn are), so as n ranges through integers ≥ m, they form an element y ∈ Zp such that pmy = x. So x is in the image of multiplication-by-pm.  Proposition 8.2. (1) An element of Zp is a unit if and only if it is not divisible by p. In other words, the group of p-adic units Z×p equals Zp − pZp. (2) Every nonzero a ∈ Zp can be uniquely expressed as pnu with n ∈ Z≥0 and u ∈ Z×p . Proof. 11 (1) If a = (an) ∈ Zp is divisible by p, then a1 = 0, so a cannot have an inverse. Conversely, if a = (an) is not divisible by p, then an ∈ Z/pnZ is represented by an integer not divisible by p, so an has an inverse bn ∈ Z/pnZ. These bn must be compatible, and b := (bn) is an inverse of a in Zp. (2) Existence: If a = (an) ∈ Zp is nonzero, then there is a largest n such that an = 0. For that n, Proposition 8.1 implies that a = pnu for some u ∈ Zp. Moreover, u cannot be divisible by p (since otherwise an+1 = 0 too), so u is a unit. Uniqueness: Suppose that pnu = pmu′. If m = n, then using injectivity of multiplication-by-pm we get u = u′, so the factorizations are the same. Otherwise, without loss of generality n > m. Then u′ = pn−mu is a unit divisible by p, contra- dicting (1).  Multiplying nonzero elements pnu and pmu′ yields pn+muu′, whose (n+m+1)th component is nonzero, so Zp is an integral domain. In fact, Zp is a UFD with one prime! 9. The field of p-adic numbers Definition 9.1. The field Qp of p-adic numbers is the fraction field of Zp. Each nonzero a ∈ Qp is uniquely expressible as pnu with n ∈ Z and u ∈ Z×p . (For existence, any nonzero a ∈ Qp is (pm ′ u′)/(pmu) for some m,m′ ∈ Z≥0 and u, u′ ∈ Z×p , so a = pm ′−m(u′u−1). Define the p-adic valuation on Qp by vp(p nu) = n whenever n ∈ Z and u ∈ Z×p , and vp(0) := +∞. Then define |x|p := p−vp(x) for each x ∈ Qp. The ring Z injects into Zp, so its fraction field Q injects into Qp, and the p-adic valuation and absolute value on Qp restrict to the p-adic valuation and absolute value on Q previously defined. Proposition 9.2. (1) The field Qp is complete with respect to | |p. (2) Every element of Qp is a limit of a sequence in Q. Proof. (1) Let (an) be a Cauchy sequence in Qp. Then (an) is bounded. By multiplying by a suitable power of p, we can reduce to the case where an ∈ Zp for all n. Choose an infinite subsequence S1 whose image in Z/pZ is constant. Choose an infinite subsequence S2 of S1 whose image in Z/p2Z is constant, and so on. Form a sequence by choosing one element from S1, a later element from S2, and so on. Then this subsequence converges in Zp to the element whose image in each Z/pnZ is the image 12 Proof. We prove by induction that for n ≥ 1 there exists an ∈ Zp such that an ≡ a (mod p) and f(an) ≡ 0 (mod pn) (and that an mod pn is uniquely determined). For n = 1, take a1 = a. Now suppose that the result is known for some n ≥ 1. So f(an) = pnc, for some c ∈ Zp. We try to adjust an slightly to make the value of f even smaller p-adically. More precisely, we try an+1 = an+ε for a p-adic integer ε to be determined: Taylor’s theorem gives f(an+1) = f(an) + f ′(an)ε+ g(ε)ε2 for some polynomial g(x) ∈ Zp[x]. (This is really just expanding f(an + ε) as a polynomial in ε.) Choose ε = pnz with z ∈ Zp. Then f(an+1) = f(an) + f ′(an)pnz + g(pnz)p2nz2 ≡ pnc+ f ′(an)pnz (mod pn+1). Since f ′(an) ≡ f ′(a) 6≡ 0 (mod p), we get f(an+1) ≡ (c+ f ′(a)z)pn (mod pn+1), and there is a unique z mod p that makes c+f ′(a)z ≡ 0 (mod p), and hence a unique choice of an+1 mod pn+1 that makes f(an+1) ≡ 0 (mod pn+1) This completes the inductive step. Since f(x) = 0 has a unique solution in each Z/pnZ congruent to a modulo p, these solutions give a unique solution in Zp congruent to a modulo p.  This is the p-adic analogue of Newton’s method, in which one approximates the poly- nomial by a linear function in order to pass from an approximate zero to an even better approximation to a zero. 13. Structure of Q×p The map εn : Zp → Z/pnZ restricts to a surjective homomorphism Z×p → (Z/pnZ)×. Its kernel is Un := 1 + pnZp. So Z×p /Un ' (Z/pnZ)×, and Z×p ' lim←−Z×p /Un ' lim←−(Z/pnZ)×. The Un form a descending chain of subgroups inside Z×p : · · · ⊂ U3 ⊂ U2 ⊂ U1 ⊂ Z×p . Let Fp := Z/pZ. (Generally one writes Fp when Fp is being thought of as a field, and Z/pZ when it is being thought of as a ring or an abelian group.) 15 Lemma 13.1. The quotients in the filtration are: (1) Z×p /U1 ' F×p , and (2) Un/Un+1 ' Z/pZ for all n ≥ 1. Proof. The first of these has already been proved. For the second, observe that Un → Z/pZ 1 + pnz 7→ (z mod p) is surjective and has kernel Un+1.  Corollary 13.2. The order of U1/Un is pn−1. Proposition 13.3. Let µp−1 be the set of solutions to xp−1 = 1 in Z×p . Then µp−1 is a group (under multiplication) mapping isomorphically to F×p , and Z×p = U1 × µp−1. Proof. The set µp−1 is the kernel of the (p − 1)th power map from Z×p to itself, so it is a group. Given a ∈ {1, 2, . . . , p− 1}, Hensel’s lemma shows that µp−1 contains a unique p-adic integer congruent to a modulo p. And there are no elements of µp−1 congruent to 0 mod p. So reduction modulo p induces an isomorphism µp−1 → F×p . We have U1 ∩ µp−1 = {1} (by Hensel’s lemma, there is only one solution to xp−1 − 1 = 0 congruent to 1 modulo p). Also, U1 · µp−1 = Z×p , since any a ∈ Z×p can be divided by an element of µp−1 congruent to a modulo p to land in U1. Thus the direct product U1 × µp−1 is equal to Z×p .  Lemma 13.4. Let p be a prime. If p 6= 2, let n ≥ 1; if p = 2, let n ≥ 2. If x ∈ Un − Un+1, then xp = Un+1 − Un+2. Proof. We have x = 1 + kpn for some k not divisible by p. Then xp = 1 + ( p 1 ) kpn + ( p 2 ) k2p2n + · · ·+ kppnp ≡ 1 + kpn+1 (mod pn+2). so xp ∈ Un+1 − Un+2.  Proposition 13.5. If p 6= 2, then U1 ' Zp. If p = 2, then U1 = {±1} × U2 and U2 ' Z2. Proof. Suppose then p 6= 2. Let α = 1 + p ∈ U1 − U2. By the previous lemma applied repeatedly, αp i ∈ Ui+1 − Ui+2. Let αn be the image of α in U1/Un. Then αp n−2 n 6= 1 but αp n−1 n = 1, so αn has exact order pn−1. On the other hand, the group it belongs to, U1/Un, also has order pn−1. So U1/Un is cyclic, generated by αn. We have an isomorphism of inverse 16 systems · · · // Z/pnZ //  Z/pn−1Z //  · · · · · · // U1/Un+1 // U1/Un // · · · Taking inverse limits shows that Zp ' U1. For p = 2, the same argument with α = 1 + 4 works to prove that Z2 ' U2. Now {±1} and U2 have trivial intersection, and they generate U1 (since U2 has index 2 in U1), so the direct product {±1} × U2 equals U1.  Theorem 13.6. (1) The group Z×p is isomorphic to Z/(p− 1)Z×Zp if p 6= 2, and to Z/2Z×Z2 if p = 2. (2) The group Q×p is isomorphic to Z×Z/(p− 1)Z×Zp if p 6= 2, and to Z×Z/2Z×Z2 if p = 2. Proof. (1) Combine Propositions 13.3 and 13.5. (2) The map Z× Z×p → Q×p (n, u) 7→ pnu is an isomorphism of groups. Now substitute the known structure of Z×p into this.  14. Squares in Q×p 14.1. The case of odd p. Theorem 14.1. (1) An element pnu ∈ Q×p (with n ∈ Z and u ∈ Z×p ) is a square if and only if n is even and u mod p is a square in F×p . (2) We have Q×p /Q×2 p ' (Z/2Z)2. (3) For any c ∈ Z×p with c mod p /∈ F×2 p , the images of p and c generate Q×p /Q×2 p . Proof. (1) We have Q×p = pZ × F×p × Zp, and 2Zp = Zp, so Q×2 p = p2Z × F×2 p × Zp. Thus an element pnu is a square if and only if n is even and u mod p ∈ F×2 p . (2) Using the same decomposition, Q×p /Q×2 p = (Z/2Z)×(F×p /F×2 p )×{0} ' (Z/2Z)2 since F×p is cyclic of even order. 17 Proof. Iterate Step 3 to obtain a chain of fields k ⊆ k′ ⊆ k′′ ⊆ · · · ⊆ k(n) ⊆ · · · . Let E be their union. Any polynomial in E[x]≥1 has coefficients in some fixed k(n), and hence has a zero in k(n+1), so it has a zero in E. Thus E is algebraically closed.  Step 5: There exists an algebraic closure k of k. Proof. Let E be as in Step 4. Let k be the set of α ∈ E that are algebraic over k. Since algebraic elements are closed under addition, multiplication, etc., the set k is a subfield of E. And of course, k is algebraic over k. If f ∈ k[x]≥1, let β be a zero of f in E; then β is algebraic over the field k(coefficients of f), which is algebraic over k, so β is algebraic over k, so β ∈ k. Thus k is algebraically closed.  Step 6: If E is an algebraic extension of k, and L is an algebraically closed field then any embedding k ↪→ L extends to an embedding E ↪→ L. Proof. If E is generated by one element α, then E ' k[x]/(f(x)) for some f ∈ k[x]≥1. Choose a zero α′ ∈ L of f , and define E ↪→ L by mapping α to α′. If E is generated by finitely many elements, extend the embedding in stages, adjoining one element at a time. In general, use transfinite induction (Zorn’s lemma).  Step 7: Any two algebraic closures of k are isomorphic over k. Proof. Let E and L be two algebraic closures of k. Step 6 extends k ↪→ L to E ↪→ L. If E 6= L, then the minimal polynomial of an element of L − E would be a polynomial in E[x]≥1, contradicting the assumption that E is algebraically closed.  17. Finite fields Let Fp be Z/pZ viewed as a field. Theorem 17.1. For each prime p, choose an algebraic closure Fp of Fp. (1) Given a prime power q = pn, there exists a unique subfield of Fp of order q, namely Fq := {x ∈ Fp : xq = x}. (2) Every finite field is isomorphic to exactly one Fq. (3) Fpm ⊆ Fpn if and only if m|n. (4) Gal(Fqn/Fq) ' Z/nZ, and it is generated by Frobq : Fqn → Fqn x 7→ xq. Proof. 20 (1) The pth power map Frobp : Fp → Fp x 7→ xp. is a field homomorphism, by the binomial theorem. In particular, it is injective. Since Fp is algebraically closed, Frobp is also surjective. So Frobp is an automorphism of Fp. If q = pn, then the qth power map Frobq is Frobnp , so it too is an automorphism of Fp. Then Fq is the subset of Fp fixed by Frobq, so Fq is a field. Since xq − x and d dx (xq − x) = −1 have no common zeros, the polynomial xq − x has q distinct zeros in Fp. Thus #Fq = q. This proves the existence half of (1). (2) (and uniqueness in (1)) Conversely, if K is any finite field, then the characteristic of K is a prime p > 0, and the image of Z→ K is a subfield isomorphic to Fp. Viewing K as an Fp-vector space shows that #K = pn for some n ≥ 1. Let q = pn. The embedding Fp ↪→ Fp extends to an embedding K ↪→ Fp. Since K× is a group of order q− 1, every element of K× satisfies xq−1 = 1, so every element of K satisfies xq = x, so K ⊆ Fq. But #K = #Fq = q, so K = Fq. Finally, K cannot be isomorphic to any Fq′ with q′ 6= q, because its size is q. (3) If Fpm ⊆ Fpn , then Fpn is a vector space over Fpm , so pn is a power of pm (namely, pm raised to the dimension), so m|n. Conversely, if m|n, write n = rm; then Fpm = {fixed points of Frobpm} ⊆ {fixed points of (Frobpm)r} = {fixed points of Frobprm} = Fprm = Fpn . (4) The order of Frobq ∈ Aut(Fqn) is the smallest m such that xq m = x for all x ∈ Fqn , which is n. In general, if G is a finite subgroup of Aut(K), then K is Galois over the fixed field KG and Gal(K/KG) = G. Apply this to K = Fqn and G the cyclic group of order n generated by Frobq ∈ Aut(Fqn): the fixed field is Fq, so we get Gal(Fqn/Fq) = G ' Z/nZ.  The primitive element theorem says that every finite separable extension of a field k is generated by one element α, i.e., is of the form k[x]/(f(x)) for some monic irreducible polynomial f(x) ∈ k[x] (the minimal polynomial of α). So we get 21 Corollary 17.2. Given a prime power q and n ≥ 1, there exists a monic irreducible poly- nomial f(x) ∈ Fq[x] of degree n. Remark 17.3. It is not known whether one can find such a polynomial in deterministic polynomial time! This is unsolved even for q prime and n = 2: i.e., the problem of finding a nonsquare in Fp in time polynomial in log p is unsolved. On the other hand, if one repeatedly chooses a random monic polynomial over Fq of degree n, then there is a fast test for irreducibility, and one can estimate the probability of irreducibility to show that this succeeds in random polynomial time. Example 17.4. F2[t]/(t3 + t+ 1) is a finite field of order 8. Warnings: F8 6' Z/8Z (the latter is not even a field), and F4 6⊂ F8. Proposition 17.5. If k is a field, and G is a finite subgroup of k×, then G is cyclic. Proof. As an abstract group, G ' Z a1Z × · · · × Z anZ for some positive integers ai satisfying a1 > 1 and ai|ai+1 for all i. If n > 1, then G has more than a1 elements of order dividing a1. But xa1 − 1 can have at most deg(xa1 − 1) = a1 zeros in k. Thus n = 1, so G is cyclic.  Remark 17.6. There is an alternative proof that avoids the structure theorem for finite abelian groups, and instead uses a more elementary counting argument to prove that if G is a finite group of order n such that for each d|n, the group G has at most d elements satisfying xd = 1, then G is cyclic. Corollary 17.7. The group F×q is cyclic of order q − 1. 18. Inverse limits in general Earlier we defined the inverse limit lim←−Si of a sequence of sets Si indexed by the natural numbers equipped with maps Si+1 → Si. Now we will define lim←−Si given a collection of sets (Si)i∈I for more general index sets, equipped with maps. Definition 18.1. A partially ordered set (poset) is a set I equipped with a binary relation ≤ such that for all x, y, z ∈ I, (PO1) x ≤ x (reflexivity) (PO2) If x ≤ y and y ≤ x, then x = y (antisymmetry) (PO3) If x ≤ y and y ≤ z, then x = z (transitivity). Definition 18.2. A directed poset is a nonempty poset I such that 22 19. Profinite groups Definition 19.1. A profinite group is an inverse limit lim←−i∈I Gi of finite groups Gi. Examples: (1) Zp = lim←−Z/pnZ for any prime p (2) Ẑ = lim←−Z/nZ (3) GLr(Zp) = lim←−n GLr(Z/pnZ) for any fixed prime p and fixed r ≥ 0. (4) The profinite completion of any group. 19.1. Order. Definition 19.2. Assuming that the inverse system maps Gj → Gi are all surjective, the order #G of a profinite group G := lim←−i∈I Gi is the least common multiple of #Gi, interpreted as a supernatural number ∏ p p ep where each ep is either a nonnegative integer or ∞. Example 19.3. #Z×5 = 225∞. 19.2. Topology on a profinite group. (This subsection is for those who know the basic definitions of topology.) The profinite topology on a profinite group G = lim←−i∈I Gi is con- structed as follows. Equip each finite group Gi with the discrete topology. Equip ∏ i∈I Gi with the product topology. Then G = lim←−i∈I Gi is a closed subset of ∏ i∈I Gi, and we give it the subspace topology. By Tychonoff’s theorem, ∏ i∈I Gi is compact, so its closed subset G is compact too. 19.3. Subgroups. The profinite group G is equipped with group homomorphisms πi : G→ Gi. If Hi is a subgroup of Gi, then π−1 i (Hi) is a subgroup of G. These are called the open subgroups of G. If for every i we choose a subgroup Hi of Gi such that each φji : Gj → Gi maps Hj into Hi, then lim←−i∈I Hi is a subgroup of G = lim←−i∈I Gi. These are called the closed subgroups of G. The open subgroups are exactly the closed subgroups of finite index. In particular, every open subgroup is a closed subgroup, but not vice versa in general. Example 19.4. The profinite topology on Zp := lim←−Z/pnZ agrees with the topology coming from | |p. The open subgroups of Zp are the subgroups peZp for e = 0, 1, 2, . . .. The closed subgroups are these together with the trivial subgroup {0}. Subgroups of a profinite group that are not even closed are generally worthless! When one encounters such a subgroup, one takes its closure right away. 25 20. Review of field theory We recall some definitions of field theory. Let L/k be an algebraic field extension. Definition 20.1. The extension L/k is normal if it satisfies one of the following equivalent conditions: (1) Every irreducible polynomial in k[x] with a zero in L factors completely into linear factors in L[x]. (2) If we embed L in an algebraic closure of k, so k ⊆ L ⊆ k, then every σ ∈ Aut(k/k) satisfies σ(L) = L. Definition 20.2. A polynomial f(x) ∈ k[x] is separable if it satisfies one of the following equivalent conditions: (1) When factored in k[x] for an algebraic closure k of k, it has no repeated factors. (2) The polynomial f(x) and its derivative f ′(x) have no common zeros in k. (3) We have gcd(f(x), f ′(x)) = 1 in k[x]. We will usually be applying the notion of separable to minimal polynomials, which are irreducible. Over a field k of characteristic 0, every irreducible polynomial is separable. Proof: We have deg f ′(x) < deg f(x), and char k = 0 implies f ′(x) 6= 0, so f ′(x) is not divisible by f(x). so gcd(f(x), f ′(x)) = 1. Thus separability is an issue mainly in the case of characteristic p > 0. Definition 20.3. An element α in L is separable over k if it satisfies one of the following equivalent conditions: (1) It is a zero of a separable polynomial in k[x]. (2) The minimal polynomial of α over k is separable. (3) Either char k = 0, or char k = p and the minimal polynomial of α over k is not of the form g(xp) for a polynomial g(x) ∈ k[x]. The set of elements of L that are separable over k form an intermediate subfield. Definition 20.4. If every element of L is separable over k, then L is called separable over k. By the remark preceding the definition, it is enough if L is generated by separable elements. If k is a field of characteristic p, the image of the p-power Frobenius endomorphism k → k is a subfield kp := {ap : a ∈ k} of k. Definition 20.5. A field k is perfect if it satisfies one of the following equivalent conditions: • Either char k = 0, or char k = p and k = kp. • Every finite extension of k is separable over k. • Every algebraic extension of k is separable over k. 26 Example 20.6. Finite fields are perfect. Example 20.7. The prototypical example of an imperfect field is k = Fp(t). The prototyp- ical example of an inseparable extension is the extension L = k(t1/p) of this k. The minimal polynomial of t1/p over k is xp− t, which is irreducible (as minimal polynomials always are), but not separable. Definition 20.8. Call L/k Galois if it is both normal and separable. In this case, the Galois group Gal(L/k) is the set of automorphisms σ of L such that σ(x) = x for all x ∈ k. Definition 20.9. If blah is a property of a group (e.g., abelian), call L/k blah if L/k is a Galois extension and Gal(L/k) is blah. Definition 20.10. Let k be a field. Choose an algebraic closure k. The separable closure of k (in a fixed algebraic closure k) is ksep := {α ∈ k : α is separable over k}. It is the maximal subfield of k that is separable over k. The extension ksep/k is Galois. Definition 20.11. The absolute Galois group of k is Gk := Gal(ksep/k). 21. Infinite Galois theory Let K/k be a Galois extension (possibly of infinite degree). Let I be the set of fields F such that k ⊂ F ⊂ K and F is a finite Galois extension of k. Order I by inclusion. Proposition 21.1. (1) If F, F ′ ∈ I, then their compositum FF ′ (the subfield of K generated by F and F ′) is in I too. (2) I is a directed poset (3) If k ⊂ E ⊂ K and E is finite over k, then E ⊆ F for some F ∈ I. (4) ⋃ F∈I F = K. Proof. (1) This is a well-known fact about Galois extensions. (2) This follows from (1). (3) The primitive element theorem expresses as E as k[x]/(f(x)). Let F be the splitting field of f(x). (4) This follows from (3).  For each F ∈ I, the group Gal(F/k) is finite. If F ⊂ F ′, then we have φF ′ F : Gal(F ′/k) Gal(F/k) σ 7→ σ|F . 27 Example 22.4. Take k = R, n = 2, and T = {x2 + y2 − 1}. Then Z(R) is the unit circle in R2. We say “Z is the variety defined by x2 + y2 = 1 over R”. The set of polynomials in k[x1, . . . , xn] that vanish at a point P is closed under addition and closed under multiplication by an arbitrary polynomial. So if I is the ideal of k[x1, . . . , xn] generated by T , then ZI = ZT . Example 22.5. The zero set of x2 + y2 − 1 and the zero set of (x2 + y2 − 1)2 in L2 for any field extension L of k are equal. More generally, any ideal I defines the same set of zeros as its radical √ I := {f ∈ k[x1, . . . , xn] : fm ∈ I for some m ≥ 0}. So we will assume that I is radical (I = √ I) from now on. Theorem 22.6 (version of Hilbert Nullstellensatz). There is an inclusion-reversing bijection {radical ideals of k[x1, . . . , xn]} ↔ {affine varieties Z in An k} I 7→ ZI (where ZI(L) = {common zeros of f ∈ I}) {f ∈ k[x1, . . . , xn] : f(P ) = 0 for all P ∈ Z(L) for all L} ←[ Z. We can view elements of k[x1, . . . , xn] as functions on Z, but the functions in I are iden- tically 0 on Z, so the ring of functions on Z is actually k[x1, . . . , xn]/I. Thus we write Z = Spec k[x1, . . . , xn] I . The commutative ring k[x1,...,xn] I is called the affine coordinate ring of Z. Example 22.7. Let X = Spec R[x,y] (x2+y2+1) and let Y = Spec R[x,y] (1) . Is X = Y ? No! One reason: X(C) is nonempty, but Y (C) is empty. Another reason: the ideal (x2 + y2 + 1) is not the unit ideal (1), since x2 + y2 + 1 has no inverse in R[x, y]. Moral: When k is not algebraically closed, it is important to consider Z(L) for all finite extensions L of k instead of just viewing of Z as the set of zeros with coordinates in k. Remark 22.8. If Z is any affine k-variety, then Z(k) = Z(k)Gk . 22.3. Irreducible varieties. The variety defined by xy = 0 is the union of the two varieties defined by x = 0 and y = 0 in A2. Definition 22.9. An irreducible variety is a nonempty variety that cannot be decomposed as a union of two smaller varieties. One can show that a general variety Z is a finite union of irreducible subvarieties, none contained in any other: these are called the irreducible components of Z. One can show: 30 Proposition 22.10. Suppose that Z = Spec k[x1, . . . , xn]/I, where I is radical. Then the following are equivalent: • Z is irreducible. • I is a prime ideal. • k[x1, . . . , xn]/I is an integral domain. If Z is irreducible, the function field κ(Z) of Z is defined as the fraction field Frac k[x1, . . . , xn]/I. Example 22.11. The function field of An k is the rational function field k(x1, . . . , xn) := { f g : f, g ∈ k[x1, . . . , xn] } . 22.4. Dimension. There are a couple of equivalent ways to define dimension of a variety X. Definition 22.12. The dimension dimX of X is the largest integer d such that there exists a chain of (closed) irreducible varieties Z0 ( Z1 ( · · · ( Zd contained in X. (If X = ∅, then dimX = −∞.) An alternative, equivalent definition: Definition 22.13. Let X be an irreducible variety. Then dimX is the smallest integer d such that the function field κ(X) contains elements f1, . . . , fd such that κ(X) is algebraic over the subfield k(f1, . . . , fn) generated by k and the fi inside κ(X). Then, for any variety X, define dimX as the maximum of the dimensions of its irreducible components. (Proving the equivalence requires a lot of commutative algebra.) Example 22.14. We have dimAn = n. A maximal chain of irreducible subvarieties is A0 ⊆ A1 ⊆ · · · ⊆ An−1 ⊆ An, corresponding to the chain of prime ideals (x1, . . . , xn) ⊇ (x2, . . . , xn) ⊇ · · · ⊇ (xn) ⊇ (), of k[x1, . . . , xn]. (It takes some work to show that there is no longer chain.) Alternatively, the function field k(x1, . . . , xn) is algebraic over the subfield generated by n elements x1, . . . , xn. (It takes some work to show that one cannot do it with less than n elements.) 31 22.5. Smooth varieties. Definition 22.15. A hypersurface in An k is a subvariety defined by a single equation f(x1, . . . , xn) = 0 with f a nonzero polynomial in k[x1, . . . , xn]. Definition 22.16. Let X be a hypersurface f(x1, . . . , xn) = 0 in An k . A point P ∈ X(L) (for some field extension L of k is a singularity of X if ∂f ∂xi (P ) = 0 for all i. The set of singularities forms a subvariety of X, defined by f = 0 together with the equations ∂f ∂xi = 0 for i = 1, . . . , n. Definition 22.17. A hypersurface X in An k is called smooth (of dimension n − 1) or non- singular if there are no singularities in X(L) for any L ⊇ k (actually it suffices to check X(k)). Example 22.18. Let X be the curve y2 = x3 + 1 in A2 Q. Is X singular? Let f(x, y) := y2 − x3 − 1. The singular locus is defined by the equations y2 − x3 − 1 = 0 −3x2 = 0 2y = 0, which have no common solutions in Q, so the curve is smooth. (But it would not have been so if instead of Q we were working over the field F2 or F3.) Example 22.19. Let Y be the “nodal cubic” y2 = x3 +x2. The singular locus is defined by the equations y2 − x3 − x2 = 0 −3x2 − 2x = 0 2y = 0, which have the common solution (0, 0). So Y is singular, with a unique singularity at (0, 0). Near (0, 0), the curve Y looks approximately like y2 = x2 (obtained by discarding higher order terms like x3) so it has two “branches” crossing at (0, 0). Such a singularity is called a node. More generally: Definition 22.20. A variety X := Spec k[x1,...,xn] (f1,...,fm) is smooth (of dimension n−m) if and only if at every point P ∈ X(L) for every extension L of k, the Jacobian matrix ( ∂fi ∂xj ) ∈Mm×n(L) has rank m. (Again it suffices to check P ∈ X(k).) 32 More generally, inside Pn, if i ∈ {0, 1, . . . , n}, then the hyperplane Hi defined by xi = 0 is a copy of Pn−1, and its complement Ui, which consists of points of the form (x0 : · · · : xi−1 : 1 : xi+1 : · · · : xn), is a copy of An. Since every point on Pn has at least one nonzero coordinate, ⋃n i=0 Ui = Pn. 23.4.2. Homogenization and dehomogenization of polynomials. Given a polynomial f(x, y) ∈ k[x, y], we can make a homogeneous polynomial by multiplying each monomial by a suitable power of z. For example, 5x2 + 3y3 + xy + 7 becomes 5x2z + 3y3 + xyz + 7z3. The process can be reversed by setting z = 1. In general: Definition 23.3. Fix i ∈ {0, 1, . . . , n}. Given f ∈ k[x0, . . . , xi−1, xi+1, . . . , xn] of total degree d, its homogenization is xdi f ( x0 xi , . . . , xi−1 xi , xi+1 xi , . . . , xn xi ) . Conversely, given a homogeneous polynomial F (x0, . . . , xn), its dehomogenization (with re- spect to xi) is F (x0, . . . , xi−1, 1, xi+1, . . . , xn). 23.4.3. Affine patches of a projective variety. Let X be a projective variety in Pn. Let I ⊆ k[x0, . . . , xn] be its homogeneous ideal. Fix i ∈ {0, 1, . . . , n}. Let Ii be the ideal of k[x0, . . . , xi−1, xi+1, . . . , xn] obtained by dehomogenizing all homogeneous f ∈ I. Then the ith affine patch of X is the affine variety X ∩ Ui = Spec k[x0,...,xi−1,xi+1,...,xn] Ii . We have⋃n i=0(X ∩ Ui) = X. One thinks of X as being constructed by glueing the affine patches in a particular way. (More general varieties and schemes can be constructed by glueing affine varieties in other ways.) 23.4.4. Projective closure of an affine variety. Let V = Spec k[x0,...,xi−1,xi+1,...,xn] I be an affine variety. So V ⊆ An = Ui ⊂ Pn. The projective closure V of V in Pn is the projective variety defined by the homogeneous ideal generated by the homogenizations of the f ∈ I. If I is generated by one element, it suffices to homogenize that one element. Example 23.4. The projective closure of the affine plane curve y2 = x3 + 2x + 7 in P2 is the projective variety defined by y2z = x3 + 2xz2 + 7z3. If one starts with an affine variety V and takes its projective closure, one can recover V by taking an affine patch. But if one starts with a projective variety X, and takes an affine patch X ∩ Ui, and then takes the projective closure, one could get a smaller variety: one loses irreducible components in the hyperplane Hi. 35 23.4.5. Properties of projective varieties. Definition 23.5. The dimension of a projective variety is the maximum of the dimensions of its affine patches. Definition 23.6. A projective variety is smooth if and only if all its affine patches are. In fact, one can check whether a point P on a projective variety is singular by checking any affine patch containing P . Definition 23.7. The function field of an irreducible projective variety is the function field of any of its nonempty affine patches. (One can show that this is independent of the patch chosen.) 24. Morphisms and rational maps Definition 24.1. Let X be an irreducible variety, and let Y be a projective variety in Pn. A rational map f : X 99K Y is an equivalence class of (n+ 1)-tuples (f0 : f1 : · · · : fn) such that fi ∈ κ(X) for all i, and the fi are not all identically 0, and such that for any field extension L ⊇ k and any P ∈ X(L) such that the fi(P ) are all defined and not all 0, (f0(P ) : f1(P ) : · · · : fn(P )) ∈ Y (L). The equivalence relation is: (f0 : f1 : · · · : fn) = (λf0 : · · · : λfn) for any λ ∈ κ(X)×. Say that f is defined (or regular at a point P ∈ X(L) if there exists λ ∈ κ(X)× such that (f0(P ) : f1(P ) : · · · : fn(P )) is defined (i.e., each fi is defined at P functions the fi(P ) are all defined Definition 24.2. A rational map X 99K Y that is defined at every P ∈ X(L) (for all L ⊇ k) is called a morphism. Example 24.3. The map P1 → P2 (x : y) 7→ (x2 : xy : y2) is a morphism. (Strictly speaking, it should be written as (t2 : t : 1) or (1 : t−1 : t−2), where t is the rational function x/y on P1.) Its image is the projective curve in P2 defined by x2 1 = x0x2. 36 Example 24.4. Consider the unit circle X : x2 + y2 = 1 over a field k of characteristic not 2. Let X be its projective closure. Identify P1 with the projective closure of the y-axis. For all points P ∈ X(L) other than (−1, 0), the line through (−1, 0) and P intersects this P1 in a point Q ∈ P1(L). This construction defines a rational map f : X → P1 (x : y : 1) 7→ ( y x+ 1 : 1 ) . There is an inverse construction: For most points Q ∈ P1(L), the line through (−1, 0) and Q intersects X in one point P other than (−1, 0), and this defines a rational map g : P1 → X (t : 1)→ ( 1− t2 1 + t2 : 2t 1 + t2 : 1 ) . Where are these rational maps defined? The first map can be rewritten as (x : y : z) 7→ (y : x+ z) = (x− z : −y). The first right hand side makes sense except at (1 : 0 : −1), and the second right hand side makes sense except at (1 : 0 : 1), so it is defined everywhere. The second map can be rewritten as (x : y) 7→ (x2 − y2 : 2xy : x2 + y2). which is defined everywhere since x2 − y2 = x2 + y2 = 0 implies x = y = 0. The composition of the two rational maps in either order is the identity map, so one says that the two varieties X and P1 are isomorphic: X ' P1. In particular, for each field extension L ⊇ k, the set X(L) can be parametrized. Taking L = Q gives essentially the well-known parametrization of Pythagorean triples. Remark 24.5. Sometimes it happens that there are rational maps X 99K Y and Y 99K X whose composition in either order is the identity except that one or both of the maps is not defined everywhere. In this case, X and Y are said to be birational, which is weaker than being isomorphic. 25. Quadratic forms In this section, k is a field of characteristic not 2. Definition 25.1. A quadratic form over a field k is a homogeneous polynomial q(x1, . . . , xn) ∈ k[x1, . . . , xn] of degree 2. Example 25.2. Over Q, take q(x, y) = 2x2 + 5xy − 6y2. 37 (Actually, this was proved by Minkowski alone. Hasse generalized the theorem to the case of quadratic forms over a finite extension of Q.) Remark 26.2. The fields Qp and R and Fp((t)) and their finite extensions are called local fields, because Laurent series fields like C((t)) are describing the expansion of functions around a single point. On the other hand, Q and Fp(t) and their finite extensions are called global fields. Local fields are completions of global fields. Here are two variants of the theorem: Theorem 26.3. Given a ∈ Q, a quadratic form over Q represents a if and only if it repre- sents a over Qp for all p ≤ ∞. Theorem 26.4. Two quadratic forms over Q are equivalent if and only if they are equivalent over Qp for all p ≤ ∞. Corollary 26.5. Let X be a (smooth projective) plane conic over Q (i.e., the zero locus in P2 Q of a quadratic form q(x, y, z) that is irreducible even over Q). Then the following are equivalent: (i) X has a rational point. (ii) X has a Qp-point for all p ≤ ∞. (iii) X ' P1 Q. Proof. (i)⇐⇒ (ii) is Hasse-Minkowski. (iii) =⇒ (i) is trivial. (i) =⇒ (iii): If X has a rational point P , projection from P defines an isomorphism (the argument is similar to the argument for the unit circle).  Remark 26.6. If X is a smooth projective plane conic over Fq then X has an Fq-point, by the Chevalley-Warning theorem proved in the homework, so X ' P1 Fq . In particular #X(Fq) = q + 1. Definition 26.7. A variety X over Q is said to satisfy the local-global principle (also called the Hasse principle) if the implication X has a Qp-point for all p ≤ ∞ =⇒ X has a Q-point holds. So plane conics satisfy the local-global principle. Unfortunately, more complicated varieties can violate the local-global principle. It is a major problem of arithmetic geometry to determine which families of varieties satisfy the local-global principle. 40 26.1. Proof of the Hasse-Minkowski theorem for quadratic forms in 2 or 3 vari- ables. Note: In prove the Hasse-Minkowski theorem, we can assume that the quadratic form is in diagonal form, and that the first coefficient is 1 (scaling it by a nonzero constant does not affect whether it represents 0). We do only the hard direction, in which we assume that q represents 0 over Qp for all p ≤ ∞, and hope to prove that q represents 0 over Q. First consider the 2-variable case, so q is x2 − ay2 for some a ∈ Q. To say that x2 − ay2 represents 0 is to say that a is a square. We may assume a 6= 0. Since q represents 0 over R, we have a > 0. Write a = ∏ primes p pnp . Since q represents 0 over Qp, the valuation np must be even. Since this holds for all p, this means that a is a square in Q, so q represents 0. The proof in the 3-variable case will use the following lemma. Lemma 26.8. Let a, b ∈ k where char k 6= 2. Let N : k( √ a) → k be the norm map: if a is not a square in k, then N(x + y √ a) = x2 − ay2. (If a is a square, N(x) := x.) Then the quadratic form x2 − ay2 − bz2 over k represents 0 if and only if b = N(α) for some α ∈ k( √ a). Proof. Case 1: a is a square, say a = c2. Then x2 − ay2 = (x + cy)(x − cy), which is equivalent to xy, which represents everything, so x2 − ay2 − bz2 = 0 has a solution with z = 1. On the other side, b = N(b). Case 2: a is not a square. If b is a norm, say b = N(x+ y √ a), then x2 − ay2 − b · 12 = 0. Conversely, if x2− ay2− bz2 represents 0, the nontrivial solution to x2− ay2− bz2 = 0 must have z 6= 0. Dividing by z2 shows that b is a norm.  We may assume that our 3-variable quadratic form q is x2 − ay2 − bz2 where a, b 6= 0. Multiplying y or z by an element of Q× changes q to an equivalent quadratic form, so we are free to multiply a and b by squares. Thus we may assume that a and b are integers, and in fact, squarefree integers (i.e., not divisible by the square of any prime). We use strong induction on m := |a|+ |b|. Case 1: m ≤ 2. There are four possibilities: x2 + y2 + z2 x2 + y2 − z2 x2 − y2 + z2 x2 − y2 − z2. We are assuming that q represents 0 over R, so the first is actually not possible. In the other three cases, q represents 0 over Q, as desired. 41 Case 2: m > 2. Without loss of generality |b| ≥ |a|. So |b| ≥ 2. Write b = ±p1 · · · pk where the pi are distinct primes. Let p be one of the pi. By assumption, there is a nontrivial solution to x2 − ay2 − bz2 = 0 over Qp, and we may assume that x, y, z ∈ Zp and that not all are in pZp. We claim that a is a square mod p. If not, then considering x2 − ay2 − bz2 = 0 modulo p shows that x ≡ y ≡ 0 (mod p), but then p2 divides x2 and ay2, so p2|bz2, so p|z2, so p|z, so x, y, z ∈ pZp, a contradiction. Since a is a square mod pi for all i, and since Z/bZ = ∏ Z/piZ, we have that a is a square mod b. So there exists t ∈ Z such that t2 ≡ a (mod b). Adjust t by a multiple of b to assume that |t| ≤ |b|/2. So t2 − a = bb′ for some b′ ∈ Z. We have |b′| = ∣∣∣∣t2 − ab ∣∣∣∣ ≤ |t|2|b| + |a| |b| ≤ |b| 4 + 1 < |b| since |b| ≥ 2. Now bb′ is a norm of an element of Q( √ a), and hence is a norm from Qp( √ a). Lemma 26.8 implies that b too is a norm from Qp( √ a), so b′ = (bb′)/b is a norm from Qp( √ a). Thus x2 − ay2 − b′z2 = 0 represents 0 over each Qp. But |a|+ |b′| < |a|+ |b| (and it’s even better if you divide b′ by a square to get a squarefree coefficient), so the inductive hypothesis implies that it represents 0 over Q. Thus b′ is a norm from Q( √ a). If b′ = 0, then a is a square, and we are done; otherwise b = (bb′)/b′ is a norm from Q( √ a), and Lemma 26.8 implies that x2−ay2−bz2 = 0 represents 0. 27. Rational points on conics Consider a projective plane conic ax2 + by2 + cz2 = 0 in P2 Q. Without loss of generality, a, b, c are nonzero integers. Proposition 27.1. If a, b, c ∈ Z are all nonzero, and p is a finite prime such that p - 2abc, then ax2 + by2 + cz2 = 0 has a nontrivial solution over Qp. Proof. By the Chevalley-Warning theorem, there exists a nontrivial solution over Fp. Lift this solution arbitrarily to get (x0, y0, z0) ∈ Zp satisfying ax2 0 + by2 0 + cz2 0 ≡ 0 (mod p), with x0, y0, z0 not all in pZp. Without loss of generality, suppose that x0 /∈ pZp. Then x0 is an approximate zero of the polynomial f(x) := ax2 + by2 0 + cz2 0 ∈ Zp[x] 42 Every f ∈ κ(C)× can be uniquely written as tnu where n ∈ Z and u ∈ O×P . The map vP : κ(C)→ Z ∪ {+∞} f = tnu 7→ n 0 7→ +∞ is a valuation on κ(C). We have OP = {f ∈ κ(C) : vP (f) ≥ 0} mP = {f ∈ κ(C) : vP (f) > 0} O×P = {f ∈ κ(C) : vp(f) = 0} . Also, vP (t) = 1. All of this generalizes to any smooth curve. Theorem 29.4. Let C be a smooth curve. Let P ∈ C(k). Then there is a valuation vP : κ(C)→ Z ∪ {+∞} such that OP = {f ∈ κ(C) : vP (f) ≥ 0} mP = {f ∈ κ(C) : vP (f) > 0} O×P = {f ∈ κ(C) : vp(f) = 0} . Definition 29.5. Say that f has a zero of multiplicity m at P if vP (f) = m > 0, and a pole of multiplicity m at P if vP (f) = −m < 0. Definition 29.6. An element t ∈ κ(C) such that vP (t) = 1 is called a uniformizing parameter at P . If t is a uniformizing parameter at P , then every f ∈ κ(C)× can be uniquely written as tnu, where n ∈ Z and u ∈ O×P . Namely, n = vP (f). Over a field like R, the implicit function theorem shows that the part of the curve near P is the graph of an analytic function of t, so the different values of t near t = 0 parametrize the points of C near P . Remark 29.7. Suppose that C is the curve f(x, y) = 0 in A2, and (a, b) ∈ C(k) is a smooth point on C, so either ∂f ∂y (a, b) 6= 0 or ∂f ∂x (a, b) 6= 0 (or both). • If ∂f ∂y (a, b) 6= 0 (so the tangent line is not vertical), then x − a is a uniformizing parameter. • If ∂f ∂x (a, b) 6= 0, then y − b is a uniformizing parameter. 45 Example 29.8. Let C be the curve y2 = x3−x. Let P = (0, 0). At P , the rational function y is a uniformizing parameter. So vP (y) = 1. What is vP (x)? We have x = y2 ( 1 x2−1 ) , and 1 x2−1 ∈ O×P (it and its inverse are both defined at P ), so vP (x) = 2. 29.1. Closed points. If k is not algebraically closed (but still perfect), then we will want to define valuations at more than just the k-points. Going back to the example of A1 k, the valuation at a k-point was measuring the exponent of t − a in the factorization of a rational function. But we should also measure the exponent of each other monic irreducible polynomial p(t) in k[t]. The zero set of any such p(t) is an irreducible subvariety of A1 k, but when considered over k it breaks up as a Gk-orbit of points in A1(k). In general, a closed point of a variety X is a 0-dimensional irreducible subvariety. If X = Spec k[t1, . . . , tn]/I, then closed points of X are in bijection with maximal ideals of k[t1, . . . , tn]/I. If k is algebraically closed, then the closed points are the same as elements of X(k). For an arbitrary perfect field k, the closed points of X are in bijection with the Gk-orbits of points in X(k). If P is a closed point of a curve C over k, one can define OP and mP as before. The residue field κ(P ) := OP/mP turns out to be a finite extension of k, and degP := [κ(P ) : k] is called the degree of P . If moreover X is a curve C, and C is smooth at P (which is the same as saying that C over k is smooth at any of the k-points into which P breaks up), then there is also a valuation vP with the same properties as in the case where P ∈ C(k). Working with closed points is an alternative to working with L-points for all (finite) extensions L of k. 30. Review • Absolute values, archimedean vs. nonarchimedean • Valuations • Ostrowski’s theorem • Cauchy sequences • Completion • Zp as inverse limit • Qp = FracZp, or Qp as completion of Q • Hensel’s lemma • Structure of Z×p and Q×p • Squares in Q×p • p-adic power series • Algebraic closure • Finite fields, Frobenius automorphism • Inverse limits • Profinite groups, open and closed subgroups 46 • Properties of fields and extensions of fields: normal, separable, perfect, Galois • Infinite Galois groups as profinite groups, absolute Galois group • Infinite Galois theory • Affine varieties, affine coordinate ring • Projective varieties, homogeneous coordinate ring • Irreducibility and function field • Dimension • Smoothness • Homogenization, dehomogenization, projective closure, affine patches • Rational maps, morphisms • Quadratic forms, bilinear forms • Rank, nondegenerate, equivalence • Local-global principle for quadratic forms (Hasse-Minkowski theorem); applications to rational points on conics • Valuations on a curve, local ring, maximal ideal, uniformizing parameter 31. Curves and function fields Theorem 31.1. If φ : C 99K X is a rational map from a smooth irreducible curve to a projective variety, then φ is a morphism (i.e., φ is actually defined everywhere). Proof. It suffices to check that φ is defined at each closed point P . Suppose that X ⊆ Pn and that φ is given by (f0 : · · · : fn). Let f be the fi such that vP (fi) is minimum. Then (f0 : · · · : fn) is equivalent to ( f0 f : · · · : fn f ) but vp(fj/f) ≥ 0 for all j so the functions fj/f are defined at P , and their values are not all 0 since fi/f = 1. So we get a morphism φ : C → Pn, and in fact it maps into X, because the locus in C where the image satisfies the equations of X in Pn is a subvariety of C containing infinitely many k-points. (Every subvariety of C other than C itself is 0-dimensional, and hence a finite union of closed points, which contains only finitely many k-points.)  Example 31.2. If C is not smooth, Theorem 31.1 can fail: {y2 = x2(x+ 1)} → A1 (x, y) 7→ y x gives a rational map between the projective closures that is not defined at the singularity (0, 0). Over R, this map cannot even be extended to a continuous function. 47 Example 32.7. In the x2 +y2 = z2 example above, the degree of the divisor 2P −3Q is −1. The map DivC → Z D 7→ degD is a group homomorphism. Its kernel, the subgroup of divisors of degree 0, is denoted Div0C. 32.2. Base extension. Definition 32.8. If X is a variety over a field k, and L is a field extension of k, then the base extension XL is the variety defined by the same polynomial equations as X but with the polynomials viewed as polynomials with coefficients in L (even though the coefficients are actually in the subfield k). A common case is where k is a perfect field and L = k is an algebraic closure of k. Example 32.9. If X = Spec Q[x,y] (x2+y2−1) , then XQ = Spec Q[x,y] (x2+y2−1) . Similarly, if Y = Proj Q[x,y,z] (x2+y2−z2) , then YQ = Proj Q[x,y,z] (x2+y2−z2) . If P is a closed point of C, then its base extension (to k) consists of a finite set of closed points P1, . . . , Pn of Ck, where n = degP . Define a homomorphism DivC → DivCk by mapping each closed point P of C to the corresponding sum P1 + . . .+Pn, and extending linearly (i.e., extend so as to get a homomorphism). Example 32.10. Suppose that C is P1 R. Then CC is P1 C. Closed points on C other than the point (1 : 0) “at infinity” are closed points in A1 R, which correspond to monic irreducible polynomials in R[t]. Each such polynomial has degree 1 or 2, and that degree is the degree of the closed point. The base extension of a closed point other than (1 : 0) is a set of 1 or 2 points in C(C) corresponding to the zeros of the monic irreducible polynomial. Proposition 32.11. The homomorphism DivC → DivCk is injective, and its image is the subgroup of Gk-invariant elements of DivCk. Sketch of proof. This follows from the description of a closed point of C as a Gk-orbit of elements of C(k).  50 Example 32.12. Let C be x2 + y2 = 1 over Q. Let P = (1/2, √ 3/2) and Q = (1/2, √ 3/2); these are points in C(Q). Even though P and Q are not individually elements of C(Q), their sum P +Q is a GQ-invariant divisor, so it comes from a closed point of C. Namely, it comes from the closed point defined by the equations x2 + y2 = 1 and x = 1/2, that is, the closed point Spec Q[x.y] (x2+y2−1,x−1/2) . This is a closed point of degree 2, with residue field Q( √ 3). 32.3. Principal divisors. Suppose that C is a nice curve over k. Let f ∈ κ(C)× be a rational function on C. Then the divisor of f is the divisor div f = (f) := ∑ closed points P∈C vP (f)P. Implicit in this definition is the proposition (which we assume without proof) that for any f ∈ κ(C)×, there are only finitely many P such that vP (f) = 0. Definition 32.13. A divisor is called principal if it equals (f) for some f ∈ κ(C)×. The map κ(C)× → DivC f 7→ (f) is a homomorphism, and its image is the set of principal divisors. This shows that the set of principal divisors is a subgroup of DivC. Example 32.14. If C = P1 k, then κ(C) is the rational function field k(t). Let P be a closed point of C, and let p(t) be the corresponding monic irreducible polynomial. If f ∈ κ(C)×, then vP (f) is measuring the exponent of p(t) in f . Thus the divisor of f is keeping track of the complete factorization of f . In other words it measures the zeros and poles of f with multiplicity, with poles giving a negative coefficient. Remark 32.15. For any rational function f ∈ κ(C)×, if we write the principal divisor (f) as D1 − D2 where D1 and D2 are effective with disjoint supports, then the following positive integers are equal: • The degree of the rational map C → P1 given by (f : 1); • degD1, which is the number of zeros of f counted with multiplicity; and • degD2, which is the number of poles of f counted with multiplicity. Remark 32.16. Every principal divisor is of degree 0: that is, deg(div f) = 0 for every f ∈ κ(C)×. (We will not prove these last results, but you proved the last fact for C = P1 k on your last homework assignment.) 51 32.4. Linear equivalence and the Picard group. Definition 32.17. Divisors D1 and D2 are called linearly equivalent if there exists f ∈ κ(C)× such that D1 −D2 = div(f). (Write D1 ∼ D2 in this case.) Linear equivalence is an equivalence relation. Each equivalence class [D] is called a divisor class. Because the set of principal divisors is a subgroup of DivC, the set of equivalence classes is the quotient group PicC := DivC {principal divisors} , which is called the Picard group of C. Since DivC is abelian, so is its quotient PicC. Example 32.18. Let C = P1 k. Two divisors on C are linearly equivalent if and only if they have the same degree. In other words, PicC ' Z. (You proved this in your last homework assignment.) In general, for any nice curve C over k, there is an exact sequence 0→ k× → κ(C)× → DivC → PicC → 0. Remark 32.19. In more advanced algebraic geometry courses, one shows that divisor classes are in bijection with isomorphism classes of line bundles, which, loosely speaking, are families of vector spaces in which one has one vector space for each point of C. Because principal divisors are of degree 0, the degree homomorphism DivC → Z D 7→ degD factors through the quotient PicC: i.e., it induces a well-defined homomorphism PicC → Z [D] 7→ degD. Its kernel, consisting of divisor class of degree 0, is denoted Pic0C. Example 32.20. Let E be the projective closure of the affine curve E0 in A2 Q given by y2 = x(x− 1)(x− 7). We will show that PicE contains an element of order 2. The projective closure is given by the equation y2z = x(x− z)(x− 7z) in P2 Q. If we intersect with the “hyperplane at infinity” z = 0 in P2, we find that x = 0 too, so the point ∞ := (0 : 1 : 0) is the unique point on E not contained in the affine patch E0. 52 34. Riemann-Roch theorem Definition 34.1. Given D ∈ DivC, define L(D) := {f ∈ κ(C)× : (f) +D ≥ 0} ∪ {0}. Proposition 34.2. The set L(D) is a k-subspace of κ(C). Proof. Suppose that D = ∑ nPP . To say that f ∈ L(D) is to say that vP (f) ≥ −nP for all P . Each condition vP (f) ≥ −nP defines a set of f that contains 0 and is closed under addition and multiplication by constants in k, so each condition defines a subspace VP of κ(C). Then L(D) = ⋂ P VP , so L(D) is a subspace too.  Example 34.3. If D = 0, then L(D) is the set of f ∈ κ(C) such that (f) ≥ 0. But for nonzero f , the divisor (f) has degree 0, so (f) ≥ 0 is possible only if (f) = 0, which holds when f ∈ k×. Thus L(D) = k. Example 34.4. If D = 2P for a closed point P , then L(D) is the set of f ∈ κ(C) with at most a double pole at P (i.e., a double pole, simple pole, or defined at P ), and defined at all other closed points of C. If D = 3P − 2Q, for closed points P and Q, then L(D) is the set of f ∈ κ(C) with at most a triple pole at P , and with at least a double zero at Q. If D1 ≤ D2, then L(D1) ⊆ L(D2). Example 34.5. Let C = P1 ⊃ A1 = Spec k[t]. Let ∞ ∈ P1(k) be the point outside this A1, so v∞(t) = −1, and more generally v∞(p(t)) = − deg p for any polynomial p(t) ∈ k[t]. Let D = 3∞. What is L(3∞)? If f = p(t) q(t) ∈ L(3∞), where p(t) and q(t) are nonzero relatively prime polynomials in k(t), then q(t) cannot have a zero at any closed point P of A1, because at any such zero we would get vP (f) < 0, so (f) + 3∞ would not be effective. Thus q(t) is a constant, and we may assume q(t) = 1. Thus f = p(t) is a polynomial in t. The condition (f) + 3∞ ≥ 0 implies v∞(f) ≥ −3, which says that − deg p(t) ≥ −3, so deg p(t) ≤ 3. Thus L(3∞) is the k-vector space of polynomials in k[t] of degree at most 3. In particular, L(3∞) has basis 1, t, t2, t3, so dimk L(3∞) = 4. Let P ∈ A1(k) be the point where t takes the value 7. What is L(3∞ − P )? This is the subspace of L(3∞) consisting of polynomials that have at least a simple zero at P , or equivalently, that are divisible by t−7. Thus L(3∞−P ) = {(t−7)g(t) : g(t) ∈ k[t], deg g(t) ≤ 2}, which is a 3-dimensional k-vector space. It turns out that dimk L(D) is always finite. Definition 34.6. For each D ∈ DivC, define `(D) := dimk L(D) ∈ Z≥0. 55 Example 34.7. If D = 0, then L(D) = k, so `(D) = 1. Proposition 34.8. If degD < 0, then L(D) = {0} and `(D) = 0. Proof. Suppose that degD < 0. If f ∈ L(D)− {0}, then (f) + D ≥ 0. The divisor (f) has degree 0, so (f) +D has the same negative degree as D. On the other hand, if (f) +D ≥ 0, then (f) +D has nonnegative degree. This contradiction shows that no such f exists.  Proposition 34.9. If D and D′ are linearly equivalent, then `(D) = `(D′). Proof. Write D = D′ + (g) for some g ∈ κ(C)×. If f ∈ L(D) is nonzero, then (f) + D ≥ 0, so (f)+D′+(g) ≥ 0, so (fg)+D′ ≥ 0, so fg ∈ L(D′). Thus multiplication-by-g maps L(D) into L(D′), and does so injectively, since multiplication-by-g on κ(C) is injective. Similarly, multiplication-by-g−1 maps L(D′) into L(D). These maps define inverse isomorphisms of k-vector spaces between L(D) and L(D′). In particular, their dimensions `(D) and `(D′) are the same.  Theorem 34.10 (Riemann-Roch). Let C be a nice curve of genus g over k. There exists a divisor class consisting of divisors K called canonical divisors such that `(D)− `(K −D) = degD + 1− g for all D ∈ DivC. The Riemann-Roch theorem is rather deep, so we will not prove it here. From now on, K denotes any fixed canonical divisor. Corollary 34.11. (i) `(K) = g. (ii) degK = 2g − 2. (iii) If degD > 2g − 2, then `(D) = degD + 1− g. Proof. (i) Taking D = 0 in the Riemann-Roch theorem yields 1− `(K) = 0 + 1− g, so `(K) = g. (ii) Taking D = K yields g − 1 = degK + 1− g so degK = 2g − 2. (iii) If degD > 2g − 2, then deg(K −D) < 0 so `(K −D) = 0 by Proposition 34.8. So the Riemann-Roch theorem simplifies to `(D) = degD + 1− g. 56  Example 34.12. Let C = P1 ⊃ A1 = Spec k[t]. For d ≥ 0, we have L(d∞) = {p(t) ∈ k[t] : deg p(t) ≤ d}, so `(d∞) = d + 1. On the other hand, when d is sufficiently large, then Corollary 34.11(c) implies that `(d∞) = d + 1 − g. Thus g = 0. (This agrees with the fact that P1(C) is topologically a sphere, which is of genus 0.) If D ∈ DivP1 is of degree d > −2, then Corollary 34.11(c) implies that `(D) = degD + 1; alternatively, use that D ∼ d∞ to obtain `(D) = `(d∞) = d+ 1. To summarize, for any D ∈ DivP1 of degree d, we have `(D) = 0 if d < 0 (by Proposition 34.8) d+ 1 if d ≥ 0. The same conclusion holds for any genus 0 curve C, by a similar argument. Proposition 34.13. If C is a nice curve of genus 0 over k, and C(k) is nonempty, then C ' P1 k. Proof. Choose P ∈ C(k). By Corollary 34.11(c), `(P ) = 1 + 1 = 2, but `(0) = 1 as in Example 34.7, so there exists f ∈ L(P ) − L(0). Since L(0) = k, this means that f is a nonconstant function with a simple pole at P and no other poles. The number of poles of f is 1, so the degree of the morphism C → P1 given by (f : 1) equals 1. In other words, C → P1 is a birational map, and hence an isomorphism.  35. Weierstrass equations From now on, k is a perfect field of characteristic not 2 or 3. Definition 35.1. A (short) Weierstrass equation is a polynomial equation of the form y2 = x3 + Ax+B for some constants A,B ∈ k. (If char k were 2 or 3, we would instead consider long Weier- strass equations of the form y2 + a1xy + a3y = x3 + a2x 2 + a4x+ a6, but when char k 6= 2, 3, we can complete the square in y to make a1 = 0 and a3 = 0, and then complete the cube in x to make a2 = 0.) Proposition 35.2. Let E be the projective closure in P2 of the affine curve E0 defined by a Weierstrass equation y2 = x3 + Ax+B. Then the following are equivalent: (i) The affine curve E0 is smooth. (ii) The projective curve E is smooth. 57 where the intersections are viewed as degree 3 divisors on E as above. In particular, if L2 is the line at infinity, and L1 ∩ E = (P ) + (Q) + (R), where P,Q,R ∈ E(k), then (f) = (P ) + (Q) + (R)− 3 ·O = (P −O) + (Q−O) + (R−O). Proposition 37.3. Let E ⊆ P2 be an elliptic curve in Weierstrass form, and let O = (0 : 1 : 0), as usual. Then (i) The point O is the identity for the group law on E(k). (ii) If P,Q,R ∈ E(k) are such that there is a line L with L ∩ E = (P ) + (Q) + (R), then P +Q+R = O in the group E(k). Proof. (1) The point O ∈ E(k) corresponds to [O −O] ∈ Pic0E. (2) The sum P + Q + R in E(k) corresponds to [P − O] + [Q− O] + [R − O], which as explained just before this proposition, is the class of a principal divisor.  Proposition 37.3 characterizes the group law on E(k) completely: • To compute the inverse of a point P = (a, b) ∈ E(k) not equal to O, let L ⊆ P2 be the projective closure of the vertical line x = a in A2; then L∩E = (P )+(P ′)+(O), where P ′ := (a,−b). (L passes through O since its homogeneous equation is x − az = 0, which vanishes at (0 : 1 : 0)); thus according to Proposition 37.3(ii), P +P ′+O = O, so P ′ = −P . Of course, Proposition 37.3(i) we also know that −O = O. • To compute P +Q where P,Q ∈ E(k), first let L be the line in P2 through P and Q; if P = Q, take L to be the tangent line to E at P . Then L ∩ E = (P ) + (Q) + (R) for some R ∈ E(k) (it is a k-point because its degree must be 1; more concretely, it is so because if two roots of a cubic polynomial are rational, then the third root is rational too). By Proposition 37.3(ii), P + Q + R = O, so P + Q = −R, which can be determined, as we already saw. In fact, it is possible to define a product variety E×E, an addition morphism E×E → E, and an inverse morphism E → E. 37.2. Torsion points. Definition 37.4. Let E be an elliptic curve over k. Let P ∈ E(L) for some field extension L ⊇ k. Let n ∈ Z≥1. Call P an n-torsion point if nP = O in the group E(L). The n-torsion subgroup E[n] of E(k) is the kernel of the multiplication-by-n homomorphism [n] : E(k)→ E(k) P 7→ nP. Example 37.5. Assume char k 6= 2. Let E be the projective closure of y2 = f(x) where f(x) is a separable cubic polynomial. Then E[2] consists of O and the three points (α, 0) where α ∈ k is a zero of f . Thus E[2] ' Z/2Z× Z/2Z. 60 Assume moreover that f(x) = (x−e1)(x−e2)(x−e3) for distinct e1, e2, e3 ∈ k. Then E[2] ⊆ E(k). Consider the multiplication-by-2 morphism on E and the corresponding extension of function fields. E [2]  L := κ(E) E K := κ(E) ? OO Each T ∈ E[2] induces an addition-by-T morphism τT : E → E, a deck transformation of the top E (i.e., an automorphism satisfying [2](τT (P )) = [2](P )), and this corresponds to an automorphism of L acting trivially on K. In fact, we get an injective homomorphism E[2]→ Aut(L/K). In fact, it turns out that [2] : E → E is a morphism of degree 22 = 4 (that is, [L : K] = 4), so L/K is a Galois extension with Galois group E[2]. One way to prove this is to compute degrees of all the morphisms in the diagram E x  [2] // E x  P1 φ // P1 where x is the projection onto the x-coordinate, and φ(x) is the rational function giving x([2]P ) for P = (x, y): an explicit calculation of the tangent line for y2 = x3 +Ax+B gives x 7→ φ(x) := x([2]P ) = x4 − 2Ax2 − 8Bx+ A2 4(x3 + Ax+B) , which is a rational function of degree max(4, 3) = 4. For a more conceptual proof that deg[2] = 4, using differentials and dual isogenies, see [Sil92]. Since Gal(L/K) ' Z/2Z × Z/2Z, there are three intermediate quadratic fields, and it turns out that these are K( √ x− ei) for i = 1, 2, 3. Note that (x − e1)(x − e2)(x − e3) is already a square in K, namely y2. So L = K( √ x− e1, √ x− e2). 38. Mordell’s theorem In a 1901 paper, Poincaré considered the problem of finding generators for the group E(Q) for an elliptic curve E over Q. It was only many years later, in 1922, that Mordell proved the existence of a finite set of generators. He used an argument resembling the “method of infinite descent” used by Fermat to prove that x4 + y4 = z2 has no solutions in positive integers. Theorem 38.1 (Mordell). If E is an elliptic curve over Q, then the abelian group E(Q) is finitely generated. 61 By the structure theorem for finitely generated abelian groups, Mordell’s theorem implies that E(Q) ' Zr × T for some nonnegative integer r (called the rank of E) and some finite abelian group T (called the torsion subgroup of E). Remark 38.2. Mordell’s theorem is sometimes also called the Mordell-Weil theorem, but Weil’s contribution was to generalize it by replacing Q with an arbitrary finite extension of Q and E by an abelian variety of arbitrary dimension. All known proofs of Theorem 38.1 are minor variants of the one we will give. It consists of two parts. The first part is the following: Theorem 38.3 (Weak Mordell-Weil theorem). If E is an elliptic curve over Q, then E(Q)/2E(Q) is finite. The second part involves the construction of a function h : E(Q)→ R called a height func- tion. For P ∈ E(Q), the value h(P ) measures the size of the numerators and denominators of the coordinates of P . Remark 38.4. It is not known whether there exists an algorithm that takes E as input and outputs a finite list of points that generate E(Q). The problem is that the proof of the weak Mordell-Weil theorem is not effective; i.e., it does not produce coset representative for the elements of E(Q)/2E(Q), even in principle. 39. The weak Mordell-Weil theorem In this section we will prove the weak Mordell-Weil theorem in the case that E[2] ⊆ E(Q), i.e., the case in which E is given by an equation of the form y2 = (x− e1)(x− e2)(x− e3). If we make the substitution x = x′/d2 and y = y′/d3 and multiply both sides by d6, we get an isomorphic curve; moreover, by choosing d so the denominator of each ei divides d, the new curve is of the same form but with ei ∈ Z. So assume that ei ∈ Z from now on. Lemma 39.1. We have an isomorphism of abelian groups Q× Q×2 ∼→ Homconts(GQ, {±1}) ā 7→ ( σ 7→ σ √ a√ a ) . (Here, for each a ∈ Q×, we write ā for its image in Q×/Q×2, and √ a for a fixed square root of a in Q×. The notation Homconts denotes the group of continuous homomorphisms.) 62 But it really comes from Lemma 39.2, plus the isomorphism E[2]→ {±1} × {±1} (e1, 0) 7→ (−1, 1) (e2, 0) 7→ (1,−1), plus Lemma 39.1. It is saying that in order to take half of a point (x, y) ∈ E(Q)−E[2], one must adjoin √ x− e1 and √ x− e2 to the ground field.  Final exam on Mon Dec 14, 9am-12 in 3-135. It will be mainly based on topics covered in homework problems. Remaining office hours this week: Wed 1:30-2:30, Fri 12:30-1:30. Challenge problems: Show that every nice genus 2 curve over a field of characteristic not 2 is birational to an affine curve y2 = f(x) with f(x) separable of degree 5 or 6. What can you say about explicit equations of genus 3 curves? Compute E(Q)/2E(Q) for E : y2 = x3 − x. Can you determine E(Q) itself? Proposition 39.6. Let S be the set of primes p such that p|(ei − ej) for some distinct i, j. Let Q(S, 2) be the finite subgroup of Q×/Q×2 generated by (the images of) −1 and the primes in S. Then the image of the injective homomorphism E(Q) 2E(Q) φ ↪→ Q× Q×2 × Q× Q×2 is contained in Q(S, 2)×Q(S, 2). Sketch of proof. Suppose P = (x, y) ∈ E(Q). For simplicity, let us assume that P /∈ E[2]. To say that x − e1 ∈ Q(S, 2) is to say that vp(x − e1) is even for every prime p /∈ S. Fix p /∈ S. Case 1: vp(x) < 0. Then vp(x− ei) = vp(x) for i = 1, 2, 3. Now 2vp(y) = vp(y 2) = vp((x− e1)(x− e2)(x− e3)) = vp(x− e1) + vp(x− e2) + vp(x− e3) = 3vp(x), so vp(x) is even. Case 2: vp(x) ≥ 0. Then p divides at most one of x− e1, x− e2, x− e3, because otherwise subtracting would show that p divides some ei − ej, so p ∈ S, a contradiction. On the other hand, vp((x− e1)(x− e2)(x− e3)) is even, as in Case 1, so vp(x− ei) must be even for each i.  Proposition 39.6 proves that E(Q)/2E(Q) injects into a finite group; this proves the weak Mordell-Weil theorem (at least for elliptic curves E over Q with E[2] ⊂ E(Q)). 65 40. Height of a rational number Definition 40.1. Let t = a/b be a rational number in lowest terms. The (exponential) height of t is H(t) := max(|a|, |b|). Extend the definition to t ∈ P1(Q) = Q ∪ {∞} by defining H(∞) = 1. Definition 40.2. The (logarithmic) height of t ∈ Q ∪ {∞} is h(t) := logH(t). Example 40.3. We have h(100) < h(1001/1000). In general, h(t) is approximately the width of a piece of paper needed to write down t explicitly as a fraction of integers. Proposition 40.4 (Northcott). For any bound B ∈ R, the set {t ∈ Q : H(t) ≤ B} is finite. Proof. Each t in this set has numerator in the range [−B,B] and denominator in [1, B], so there are at most (2B + 1)B possibilities.  Challenge problem: Find an asymptotic formula for the size of this set as B →∞. Definition 40.5. The degree of a rational function p(x)/q(x) ∈ Q(x) in lowest terms is max(deg p, deg q). Theorem 40.6. If f(x) is a rational function of degree d, then h(f(t)) = dh(t) +Of (1) for all t ∈ Q. (That is, there is a constant C = C(f) such that |h(f(t))− dh(t)| for all t ∈ Q.) Proof. Write f(x) = p(x)/q(x), where p(x), q(x) ∈ Z[x] have gcd 1. Upper bound: Write t = a/b in lowest terms. Let P (x, y) = yd p(x/y) and Q(x, y) = yd q(x/y) be the homogenizations of p(x) and q(x), respectively. Then f(t) = f(a/b) = P (a, b)/Q(a, b). This might not be in lowest terms, but in any case H(f(t)) ≤ max(|P (a, b)|, |Q(a, b)|) ≤ C max(|a|, |b|)d = CH(t)d for some constant C depending on P and Q (i.e., on f). Taking log of both sides yields h(f(t) ≤ dh(t) + logC. Lower bound: We must bound |a| and |b| in terms of |P (a, b)| and |Q(a, b)|. Example: If P (a, b) = 3a2 + b2 and Q(a, b) = ab, we could use the identities aP (a, b)− bQ(a, b) = 3a3 bP (a, b)− 3aQ(a, b) = b3. In particular, gcd(P (a, b), Q(a, b))| gcd(3a3, b3)|3 66 so P (a, b)/Q(a, b) is almost in lowest terms, so H(f(t)) = H(P (a, b)/Q(a, b)) ∼ max(|P (a, b)|, |Q(a, b)|), where ∼ means up to a bounded constant factor. Also, 3|a|3 ≤ max(|a|, |b|) max(|P (a, b)|, |Q(a, b)|) |b|3 ≤ max(|a|, |b|) max(|P (a, b)|, |Q(a, b)|), so max(|a|, |b|)3 ≤ max(|a|, |b|) max(|P (a, b)|, |Q(a, b)|) max(|a|, |b|)2 ≤ max(|P (a, b)|, |Q(a, b)|) H(t)2 ≤ H(f(t)) times a constant. 2h(t) ≤ h(f(t)) +O(1). To generalize to arbitrary P (a, b) and Q(a, b), we need the two identities. Observe that P (a, b) and Q(a, b) have no common zeros in Q except (0, 0). So the Nullstellensatz implies that the ideals (P (a, b), Q(a, b)) and (a, b) of Q[a, b] have the same radical. In particular, for some n, we have that an and bn lie in the ideal generated by P (a, b) and Q(a, b) in Q[a, b]. Clearing denominators shows that there exists c ∈ Z≥1 such that the same holds for can and cbn in Z[a, b].  41. Height functions on elliptic curves Recall that we are studying the elliptic curve with equation y2 = (x− e1)(x− e2)(x− e3). Without loss of generality, by making the substitution x 7→ x + c for some c ∈ Q, we may assume that the coefficient of x2 in the right hand side is 0. And then, as before, we may also assume that ei ∈ Z for all i. Now the right hand side is also x3 + Ax + B for some A and B. Definition 41.1. For P ∈ E(Q), define hx(P ) := h(x(P )) = logH(x(P )). (By convention, hx(O) = 0.) Proposition 41.2. For all P ∈ E(Q), we have hx(2P ) = 4hx(P ) +OE(1) where the bound on the error term depends only on E, not on P . 67 We have |a| ≤ H(x) |d2| ≤ H(x) and the equation y2 = x3 + Ax+B so b2 = a3 + Aad4 +Bd6, so |b|2 ≤ OE,P0(1)H(x)3. Plugging these estimates in yields H(x(P + P0)) = OE,P0(1)H(x)2. Taking log of both sides gives hx(P + P0) ≤ 2hx(P ) +OE,P0(1).  42. Descent It is traditional to define the näıve height on the abelian group G := E(Q) by the formula h(P ) = 1 2 hx(P ). By Propositions 41.5, 41.2, and 40.4, respectively, h : G→ R satisfies the following axioms: (i) For each P0 ∈ G, we have h(P + P0) ≤ 2h(P ) +OP0(1) for all P ∈ G. (ii) We have h(2P ) = 4h(P ) +O(1) for all P . (iii) For each B ∈ R, the set {P ∈ G : h(P ) ≤ B} is finite. Proposition 42.1. If G is any abelian group such that G/2G is finite, and h : G → R is any function satisfying (i) and (ii), then there exists B > 0 such that G is generated by {P ∈ G : h(P ) ≤ B}. So if h also satisfies (iii), then G is finitely generated. Proof. Let R be a set of coset representatives for G/2G. We will apply (i) only to P0 ∈ R, and R is finite, so all the O(1)’s are uniformly bounded. Given Q0 ∈ G, we may write Q0 = 2Q1 + r1 for some Q1 ∈ G and r1 ∈ R; then 4h(Q1) +O(1) = h(2Q1) ≤ 2h(Q0) +O(1), so h(Q1) ≤ 1 2 h(Q0) +O(1) ≤ 2 3 h(Q0); if h(Q0) is sufficiently large. Choose B so that this holds whenever h(Q0) > B. Let S := {P ∈ G : h(P ) ≤ B}. We may increase B if necessary to assume that R ⊆ S. Let 〈S〉 be the subgroup of G generated by S. 70 We claim that 〈S〉 = G. Suppose that Q0 ∈ G. If h(Q0) > B, write Q0 = 2Q1 + r1 as above. If h(Q1) > B, repeat the process to write Q1 = 2Q2 + r2, and so on. Since the height is shrinking by a constant factor each time, eventually we reach a Qn with h(Qn) ≤ B, i.e., with Qn ∈ S. (This is “Fermat’s method of infinite descent”!) Now Qn−1 = 2Qn + rn ∈ 〈S〉, and Qn−2 = 2Qn−1 + rn−1 ∈ 〈S〉, and so on, until we show that Q0 ∈ 〈S〉. This holds for every Q0, so 〈S〉 = G.  The weak Mordell-Weil theorem combined with the fact that h : E(Q) → R satisfies the hypotheses of Proposition 42.1 proves that E(Q) is finitely generated. 43. Faltings’ theorem The following was conjectured by Mordell in 1922, proved by Faltings in 1983, and reproved by a different method by Vojta in 1991. Theorem 43.1. Let X be a nice curve of genus g > 1 over Q. Then X(Q) is finite. Both proof methods are very difficult. With a lot of work, each can be used to get an upper bound on #X(Q), but neither gives a method to determine X(Q) explicitly. Acknowledgements These notes are based partly on material in [Kob84], [Ser73], [Lan02], [Har77], and [Sil92]. References [Har77] Robin Hartshorne, Algebraic geometry, Springer-Verlag, New York, 1977. Graduate Texts in Math- ematics, No. 52. MR0463157 (57 #3116) ↑43 [Kob84] Neal Koblitz, p-adic numbers, p-adic analysis, and zeta-functions, 2nd ed., Graduate Texts in Math- ematics, vol. 58, Springer-Verlag, New York, 1984. MR754003 (86c:11086) ↑43 [Lan02] Serge Lang, Algebra, 3rd ed., Graduate Texts in Mathematics, vol. 211, Springer-Verlag, New York, 2002. MR1878556 (2003e:00003) ↑43 [Ser73] J.-P. Serre, A course in arithmetic, Springer-Verlag, New York, 1973. Translated from the French; Graduate Texts in Mathematics, No. 7. MR0344216 (49 #8956) ↑43 [Sil92] Joseph H. Silverman, The arithmetic of elliptic curves, Graduate Texts in Mathematics, vol. 106, Springer-Verlag, New York, 1992. Corrected reprint of the 1986 original. MR95m:11054 ↑37.5, 43 Department of Mathematics, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA Email address: poonen@math.mit.edu URL: http://math.mit.edu/~poonen/ 71