The addition law on elliptic curves

Let $E$ be an elliptic curve defined over ${\mathbb{Q}}$. We have seen that a line $L$ with rational slope passing through one rational point on $E$ need not intersect $E$ in rational points only. But if $L$ passes through two rational points on $E$, then the third intersection point must be rational. This is because a cubic polynomial with two rational roots must have all its roots rational. One caveat is required, however: in order to be guaranteed to have three intersection points, one must interpret intersections in the sense of Bezout's Theorem; in other words, one really should work in the projective plane ${\mathbb{P}}^2$ over the complex numbers, and count intersection points with multiplicities. It turns out that among all the points at infinity in the projective plane, only one is on the elliptic curve; i.e., the line at infinity intersects $E$ only in one point (with multiplicity 3, though!)

For an example, let us go back to the elliptic curve $E$ of the previous section with equation $y^2=x(x+5)(x-5)$. Let us find the third intersection point $U$ of $E$ with the line $L$ through $S=(-4,6)$ and $T=(0,0)$. The equation of $L$ is $y=(-3/2)x$, so the $x$-coordinates of the points in $E \cap L$ are solutions to

$$[(-3/2)x]^2 = x(x+5)(x-5)$$

$$= x^3 - (9/4) x^2 - 25 x$$ 0

$$= x(x+4)(x-25/4).$$ 0

As usual, the factors $x$ and $x+4$ had to be there, because $S$ and $T$ are in $E \cap L$. Now we know that the $x$-coordinate of $U$ is $25/4$, and using the equation of $L$ we find that $U=(25/4,-75/8)$.

Using this operation of taking two rational points and producing a third, we can develop a way to ``add'' two points. One says that the set of rational points on $E$ can be given the structure of an abelian group. This means that there is an operation $+$ that takes two rational points $P,Q$ on $E$ and produces a new rational point $P+Q$ on $E$, such that the following axioms are satisfied:

• $(P+Q)+R = P + (Q+R)$ for all rational points $P,Q,R$ on $E$.
• There exists a rational point $O$ on $E$ such that $P+O=P$ and $O+P=P$ for all rational points $P$ on $E$.
• For any rational point $P$ on $E$ there exists a point $Q$ (also called $-P$) such that $P+Q=O$ and $Q+P=O$.
• $P+Q=Q+P$ for all rational points $P$ and $Q$ on $E$.

The specific addition rule on the elliptic curve is characterized by the following rules:

1. The point $O$ mentioned in the abelian group axioms is the unique point on $E$ at infinity mentioned earlier.

2. If a line $L$ intersects $E$ in three rational points $P,Q,R$ (listed with multiplicity), then $P+Q+R=O$.

Note: a line passes through $O$ if and only if it is vertical or is the ``line at infinity.''

As an example, let us compute $S+T$, where $S=(-4,6)$ and $T=(0,0)$. We already found that the line $y=(-3/2)x$ intersects $E$ in the points $S$, $T$, and $U=(25/4,-75/8)$. Therefore, by Rule 2, $S+T+U=0$. Thus $S+T=-U$. The vertical line $x=25/4$ intersects $E$ in the three points $U$, $V=(25/4,75/8)$ and $O$, so $U+V+O=O$. Hence $V=-U$, so $S+T=V=(25/4,75/8)$.

In general, the recipe for adding two points $A$ and $B$ on an elliptic curve $E$ is as follows: draw the line $L$ through $A$ and $B$. (If $A=B$, draw the line tangent to $E$ at $A$, in order to get a line that intersects $E$ at $A$ with multiplicity at least 2.) Find a third point $C$ such that $L \cap E$ consists of $A$, $B$, and $C$ (listed with multiplicity if necessary). If $C=O$, then $A+B$ equals $O$; if $C \not=O$, $A+B$ equals the reflection of $C$ in the $x$-axis.