This post briefly proves why the rational points of an elliptic curve is a group. The proof idea comes from MATH 214B, but I tried to use classical language.

Background

Let $k$ be a field. Then we have the projective plane $\mathbb{P}^2_k$ with homogeneous coordinates $[ x,y,z ]$, where $x,y,z$ are not all zero and $[ wx,wy,wz ]$ represents the same point as $[ x,y,z ]$ for all non-zero $y\in k^{\times}$. A smooth curve $X$ can be defined as a projective smooth variety of dimension $1$. On a plane $\mathbb{P}^2_k$, it can be defined by an irreducible homogeneous polynomial equation $P(x,y,z) = 0$, for $P\in k[x,y,z]$.

To simplify discussion, Points on $X$ are defined to be maximal ideals containing the ideal generated by those polynomials. That is, $n+1$ irreducible polynomials $f_0(x),f_1(y),f_2(z)$ where the $P$ above is a linear combination of those $f_i$. For example, we consider $[2, y^2+3, 1] = (x-2,y^2+3, z-1)$ a point of unit circle $x^2+y^2=z^2$ when $k=\mathbb{Q}$, because

However, here $y^2+3$ is not a point in $\mathbb{Q}$ or $\mathbb{C}$, but instead gluing of two points $\pm \sqrt{-3}\in \mathbb{C}$. Points with coordinates inside $k$ are called rational points, whose set is denoted by $X(k)$. Like $[1, 0, 1] = (x-1, y, z-1)$ is both a point and a $\mathbb{Q}$-rational point.

A rational function $f$ on $X$ is a non-zero homogeneous fraction polynomial $f=\frac{g}{h}$ on $X$, with $g,h\in \bar{k}[ x,y,z ]$ homogeneous and $\deg g=\deg h$. We use $K(X)$ denote the ring of rational functions. Clearly $f$ is defined on only some points of $X$, but not all points. Two rational functions are considered equal if they share the same poles, zeros, and values on $X$, like $\frac{x}{z}+1$ is the same as $\frac{xz+x^2+y^2}{z^2}$ in the above circle. The order of $f$ at a point $P\in X$, $\operatorname{ord}_P(f)$ is defined as:

• If $P$ is a zero of $f$, $\operatorname{ord}_P(f)$ is the order of the zero point. For example, $\operatorname{ord}_P(f) = 2$ for $P=[-1,0,1]$, $f=x/z+1 = -\frac{1}{xz-z^2}y^2$. $\{ f=0 \}$ is the tangent line at that point.
• If $P$ is a pole of $f$, $\operatorname{ord}_P(f)$ is the negative of the order of the pole. Like $\operatorname{ord}_P(f) = -1$ for $P=[1,i,0]$, $f=x/z+1 = (x+z)z^{-1}$. Note that if the base field is $\mathbb{Q}$ and $P = [1,y^2+1, 0]$ is glued, then $\operatorname{ord}_P(f) = -2$.
  • (Note: this is for the sake of explanation. In practice people change the way we count degree, instead of the coefficient)
• Otherwise, $\operatorname{ord}_P(f)$ is zero.

Weil Divisor

A divisor is an element of the free group generated by all points of $X$: $\operatorname{Div}(X) := \sum_{P\in X} n_P \cdot P$ with $n_P\in \mathbb{Z}$ and only finitely many $n_P$ non-zero. For example $D= 2\cdot [-1,0,1] - [1,i,0]$ is a divisor of the circle above. Note that a divisor itself is only a formal notation which makes no sense, what makes sense is the group structure on $\operatorname{Div}(X)$. The degree of a divisor $D = \sum_{P\in X} n_P \cdot P \in \operatorname{Div}(X)$ is the sum of coefficients: $\deg D = \sum_{P\in X} n_P$. Clearly, this is a homomorphism $\operatorname{Div}(X)\to \mathbb{Z}$. Let the zero divisor group $\operatorname{Div}^0(X)$ be the divisors of degree zero.

For any rational function $f\in K(X)$, we can define the following divisor corresponding to $f$: $(f) := \sum_{P\in X} \operatorname{ord}_P(f)\cdot P $. We call it a principal divisor. We can prove that $\deg (f) = 0$ for all $f\in K(X)$, and $(f) = 0 \iff f\in \bar{k}^\times$ The quotient of $\operatorname{Div}(X)$ by principal divisor groups is called divisor class group $\mathcal{Cl}(X)$. Similarly, we set $\mathcal{Cl}^0(X)$ to be the subgroup of all zero-degree elements. This makes sense because principal divisors are all of degree zero.

For any divisor $D = \sum_{P\in X} n_P \cdot P \in \operatorname{Div}(X)$, and a subset $U\subset X$ we can have a space of rational functions

And actually, $\mathcal{O}(D)(U)$ is always a finite-dimensional $\bar{k}$ vector space (proof omitted). $\mathcal{O}(D)$ is called a line bundle and elements in $\mathcal{O}(D)(X)$ is called its global sections.

Riemann-Roch Theorem

The Riemann-Roch theorem implies that for all curve $X$ we have a magic number, genus $g=g(X)$, s.t.

1. $\dim_{\bar{k}}\mathcal{O}(D)(X) \geq 1-g+\deg(D)$ for all divisor $D$.
2. If $\deg D > 2g-2$, then 1 becomes an equality.

(proof omitted)

Elliptic Curves

An elliptic curve $X$ is a smooth curve of genus $1$, with a fixed rational point $x_0\in X$. To show that the rational points on an elliptic curve forms a group, it is enough to give a bijection $\varphi: X(k)\to \mathcal{Cl}^0(X)$. We can simply let $\varphi(p) := p-x_0$, and verify it is a bijection.

Surjectivity

Suppose $D = \sum_{P\in X} n_P P \in \operatorname{Div}^0(X)$. Let $D’ = D + x_0$, which is of degree $1$. By Riemann-Roch theorem, $\mathcal{O}(D’)(X)$ has dimension $1$. Let $f\in \mathcal{O}(D’)(X)$ be a non-zero global section. Since $\deg (f) = 0$, it must be of form $(f) = D’ - p$ for some point $p\in X$. We know $p\in X(k)$ because $f$ cannot have order $\pm 1$ for $\bar{k}-k$ points. Then, we have $\varphi^{-1}(D) = p$, since $f$ shows $p-x_0$ is equivalent to $D$ in $\mathcal{Cl}^0(X)$. Also, $p$ is unique, because non-zero vector $f$ generates the whole space $\mathcal{O}(D’)(X)$ via scala multiplication, which does not change poles.

Injectivity

If $\varphi(p) = \varphi(q)$, then there is a rational function $f\in K(X)^{\times}$ s.t. $(f) = p-q$. Then, $f\in \mathcal{O}(q)(X)$. But by Riemann-Roch, $\mathcal{O}(q)(X)$ is of dimension $1$, and since constant functions are clearly in that vector space, $f$ itself is constant $f\in \bar{k}$. Thus, $p=q$.

References

• R. Hartshorne. Algebraic Geometry.
• J. H. Silverman. The Arithmetic of Elliptic Curves.
• W. Fulton. Algebraic Curves.