Formal Groups, Elliptic Curves, and Some Theorems of Couveignes

The formal group law of an elliptic curve has seen recent applications to computational algebraic geometry in the work of Couveignes to compute the order of an elliptic curve over finite fields of small characteristic ([2], [6]). The purpose of this paper is to explain in an elementary way how to associate a formal group law to an elliptic curve and to expand on some theorems of Couveignes. In addition, the paper serves as background for [1]. We treat curves defined over arbitrary fields, including fields of characteristic two or three. The author wishes to thank Al Laing for a careful reading of an earlier version of the manuscript and for many useful suggestions. 1 Definition and construction of formal group laws Let R be a commutative ring with a multiplicative identity 1 and let R[[X ]] denote the ring of formal power series of R. In general it is not possible to compose two power series in a meaningful way. For example, if we tried to form the composition f ◦ g with f = 1+ τ + τ + τ + · · · and g = 1+ τ we would get f ◦ g = 1 + (1 + τ) + (1 + τ) + (1 + τ) + · · · The constant term is 1 + 1+ 1 + · · ·, which makes no sense. But there are some cases where f ◦ g does make sense, namely when f is a polynomial or when the constant term of g is zero. Let R[[X,Y ]] = R[[X ]][[Y ]], the ring of formal power series in two variables. If F ∈ R[[X,Y ]] and g, h ∈ τR[[τ ]] then F (g, h) makes sense and belongs to R[[τ ]]. If in addition F has a zero constant term, then F (g, h) ∈ τR[[τ ]]. A one dimensional (commutative) formal group law over R is a power series F ∈ R[[X,Y ]] with zero constant term such that the “addition” rule on τR[[τ ]] given by g ⊕F h = F (g, h) makes τR[[τ ]] into an abelian group with identity 0. In other words, for every g, h we must have (f ⊕F g)⊕F h = f ⊕F (g⊕F h) (associative law), f ⊕F g = g⊕F f (commutative law), f ⊕F 0 = f (0 is identity), and for each f ∈ τR[[τ ]] there exists g ∈ τR[[τ ]] such that f ⊕F g = 0 (inverses). Denote this group by C(F ). An equivalent and more widely known definition is the following: a formal group law over R is a power series F (X,Y ) ∈ R[[X,Y ]] such that (i) (ii) (iii) F (X, 0) = X ; F (X,Y ) = F (Y,X) F (F (X,Y ), Z) = F (X,F (Y, Z)) (Additive Identity) (Commutative Law) (Associative Law). (1.1) The first property implies that F has the form X+Y H(X,Y ). By symmetry in X and Y , it must therefore be of the form F (X,Y ) = X + Y +XYG(X,Y ), G ∈ R[[X,Y ]]. (1.2) Proposition 1.1 Let F be a power series in two variables with coefficients in R such that F (0, 0) = 0. The following are equivalent. (1) The three conditions in (1.1) hold; (2) The binary operation on τR[[τ ]] defined by f ⊕F g = F (f, g) makes τR[[τ ]] into an abelian group with identity 0; (3) The binary operation on τR[[τ ]] defined by f ⊕F g = F (f, g) makes τR[[τ ]] into an abelian semigroup with identity 0. Proof. We will show (1) ⇒ (2) ⇒ (3) ⇒ (1). Assume (1) holds. Define a binary operation on τR[[τ ]] by f ⊕F g = F (f, g) for f, g ∈ τR[[τ ]]. The three conditions immediately imply f⊕F 0 = f , f⊕F g = g⊕F f , and (f⊕F g)⊕F h = f⊕F (g⊕F h) for f, g, h ∈ τR[[τ ]]. It remains only to prove the existence of inverses. For this, it suffices to prove there is a power series ι ∈ τR[[τ ]] such that F (g, ι◦g) = 0 for all g ∈ τR[[τ ]]. Let ι = −τ . By (1.2) F (τ, ι) ≡ τ − τ ≡ 0 mod τ. Now assume inductively that ι ∈ τR[[τ ]] satisfies F (τ, ι) ≡ 0 mod τ and ι ≡ ι mod τ . Then there is a ∈ R such that F (τ, ι) ≡ aτ mod τ. Let ι = ι − aτ. By (1.2) F (ι,−aτ) ≡ ι − aτ = ι mod τ. Thus F (τ, ι) ≡ F (τ, F (ι,−aτ)) = F (F (τ, ι),−aτ) ≡ F (τ, ι)− aτ ≡ 0 mod τ. This completes the induction. Let ι ∈ τR[[τ ]] be the power series such that ι ≡ ι mod τ for all N . Then F (τ, ι(τ)) = 0, and hence F (x, ι(x)) = 0 for all x ∈ τR[[τ ]]. This proves (1) ⇒ (2). It is obvious that (2) ⇒ (3). Now assume (3) holds. We will prove condition (iii) of (1.1) holds; the other conditions in (1.1) can be proved similarly. Let G(X,Y, Z) = F (F (X,Y ), Z) − F (X,F (Y, Z)). We must show G = 0. By hypothesis, if a, b, c are any positive integers then G(τ, τ, τ) = (τ ⊕F τ)⊕F τ − τ ⊕F (τ ⊕F τ) = 0 as an element of R[[τ ]]. We must show that every coefficient of G is zero. Write