Mazur's Control Theorem and Applications

Università di Pisa

Dipartimento di Matematica

Corso di Laurea in Matematica

Tesi di Laurea Magistrale

Mazur’s Control Theorem

and Applications

Candidata:

Jessica Alessandrì

Relatore: Prof. Andrea Bandini Controrelatore: Prof.ssa Ilaria Del Corso

Introduction ii

1 Preliminary Results 1

1.1 _Zp-extensions . . . 1

1.1.1 The Iwasawa algebra . . . 3

1.2 Cohomology of profinite groups . . . 6

1.2.1 Cohomology of procyclic groups . . . 11

1.2.2 Cohomological dimension . . . 13

1.3 Elliptic Curves . . . 18

1.3.1 Weil Pairing . . . 21

1.3.2 Formal Group of an Elliptic Curve . . . 23

1.3.3 Elliptic Curves over local fields . . . 25

1.3.4 Good and Bad Reduction . . . 28

1.3.5 Elliptic Curves over global fiels . . . 30

1.3.6 The Selmer Groups . . . 35

1.4 Λ-modules . . . 37

2 Mazur’s Control Theorem 45 2.1 Study of the Kummer maps . . . 45

2.2 Control theorem . . . 51

2.3 Applications and Examples . . . 58

2.3.1 Mazur’s Theorem . . . 58

2.3.2 Triviality of Sel_E(F∞)p. . . 58

2.3.3 Order of the Tate-Shafarevich group . . . 59

2.3.4 Corank of the Selmer group . . . 60

2.3.5 Example with X0(11) . . . 61

2.3.6 Main Conjecture . . . 64

Bibliography 67

Introduction

Iwasawa theory started in the late 1950’s from the work of Kenkichi Iwa-sawa, who studied a particular type of infinite Galois extensions, called Zp

-extensions, namely extensions of a number field with Galois group isomorphic to Zp, the ring of p-adic integers, for some prime p. In particular, he studied

the behaviour of (the p-torsion part of) ideal class groups I_n in the sub-fields K_{n of a Zp}-extension K∞/K, in order to recover information about

the "class group" I = lim_←−In, where the transition maps of the projective

limit are the norm maps. This group is a module over the Iwasawa Algebra Zp[[Gal(K∞/K)]], so the idea is to study this ring and the modules defined

over it.

In the early 1970s, Barry Mazur in his work Rational points of abelian varieties with values in towers of number fields [4] presented a generalization of Iwasawa theory for abelian varieties. Some of the motivations were the study of the growth of the rank of an abelian variety over the subfields in a Zp-extension and the Birch and Swinnerton-Dyer conjecture.

One of the main theorems proven by Mazur is the so called Control Theorem, concerning the behaviour of Selmer groups in a Zp-extension for

an abelian variety with good, ordinary reduction at a prime p. The main goal of this thesis is, following Greenberg’s idea [2], to prove Mazur’s Control Theorem using Galois cohomology and to provide some applications mainly referred to the case of elliptic curves with good, ordinary reduction at a prime p.

We now give some motivations and details of our work. Let E be an elliptic curve defined over a number field K. The Mordell-Weil theorem 1.3.38 states that the abelian group E(K) of the points in E with coordinates in K is finitely generated, so

E(K) ' Zr×T,

where T = E(K)tors is a finite abelian group and r = rankZE(K). If K

is an infinite algebraic extension of Q this may not be true in general, but there are extensions such that E(K) is finitely generated, and the following theorem gives a sufficient condition.

Theorem 1. Let K be a Galois extension of Q. Suppose that E(K)tors is

finite and that rank_ZE(L) is bounded as L varies over the finite extensions of Q contained in K. Then E(K) is finitely generated.

We look for examples of K such that the hypotheses of this theorem are verified, which is not easy, especially for the one on rank_ZE(L). The following theorem by Mazur gives us conditions to control the rank of an elliptic curve over the subfields of a Zp-extension.

Theorem 2. Let E be an elliptic curve defined over a number field F . Let p be a prime such that E has good, ordinary reduction at all primes in F lying over p. Assume that E(F ) and XE(F )(p) are finite. Let F∞ =S Fn be a

Zp-extension of F . Then the rank of E(Fn) is bounded as n varies.

The group XE(F ) is the Tate-Shafarevich group, and XE(F )(p) denotes

its p-primary subgroup. We will prove this theorem as a corollary of Mazur’s Control theorem (see Corollary 2.3.1), and we will need results about mod-ules defined over the Iwasawa algebra Zp[[Gal(F∞/F )]]. The idea is to study

the behaviour of certain groups, called Selmer groups, instead of studying directly E(F ) or the Tate-Shafarevich group. In fact, if we restrict to ellip-tic curves with good, ordinary reduction at a prime p, then the p-primary part of the Selmer group for E over a number field, or over certain infinite extensions of Q, can be easily described in terms of the Galois cohomology for the p-torsion part of E. Here is the statement of the Control Theorem (which is proved in Section 2.2):

Theorem 3 (Mazur’s Control Theorem). Let p be a prime such that E has good, ordinary reduction at all primes in F over p. Let F∞ = S_nFn be a

Zp-extension of F . Then the natural maps

SelE(Fn)p−→ SelE(F∞)Gal(F_p ∞/Fn)

have finite kernels and cokernels, of bounded order as n → ∞.

To prove theorem 2 we will show, via the control theorem, that the dual of SelE(F∞)pis a torsion Zp[[Gal(F∞/F )]]-module and this, using properties

of finitely generated modules over the Iwasawa algebra, will give us a bound on rank_ZE(Fn) for all n. We will also use the structure of these modules

to get a bound on the Zp-corank of the (p-torsion part of) Selmer groups

SelE(Fn) and from that we derive an analogous bound on rankZE(Fn).

In Chapter 1 we recall some basic results on Iwasawa theory and el-liptic curves. In particular, we show some properties of Zp-extensions and

the Iwasawa algebra, proving that it is isomorphic to Λ = Zp[[T ]], the ring

of power series in one variable over Zp. We list some results on cohomology

of profinite groups which we will widely use for the main results of Chap-ter 2, we give the definition of cohomological dimension and Potryagin dual,

Introduction iv

and we prove the Corank Lemma, another fundamental tool for the proofs in Chapter 2. We recall some properties of elliptic curves, in particular we focus on elliptic curves defined over local fields, studying what happens when we reduce the curve modulo a uniformizer. We introduce the Weil pairing and the Kummer pairing, and give two equivalent definitions of Selmer groups. We end this introductory chapter by discussing some properties of Λ-modules and defining the Iwasawa invariants λ and µ.

In Chapter 2 we first study the p-primary subgroups of the Selmer groups and to do so we describe the images of the Kummer maps that define those groups. We then prove Mazur’s control theorem for elliptic curves with good ordinary reduction: we divide the proof in steps and we use the description of the Kummer maps for each step. In the last section we show some ap-plications of the control theorem: we use properties of Λ-modules to prove Mazur’s theorem 2 and some results concerning the growth of the order of the Selmer and the Tate-Shafarevich groups. We conclude by giving two examples: first we study an elliptic curve with positive µ invariant, then we briefly introduce L-functions and the Main Conjecture of Iwasawa theory for elliptic curves to show how Mazur’s theorem and the Main Conjecture can be combined to provide partial results on the Birch and Swinnerton-Dyer conjecture.

Preliminary Results

In this introductive chapter we will see the main tools that we shall use later to prove the main theorems. We shall state the main results on Iwasawa theory and elliptic curves we are going to use in the rest of this thesis. Most of them are well known and we shall provide references for them plus some sketches of proofs when needed.

1.1

_Z

-extensions

A Zp-extension of a number field K is a Galois extension K∞/K with

Gal(K∞/K) ' Zp, the ring of p-adic integers. Recalling that the only closed

subgroups of Zp are 0 and pnZp for some n, from the fundamental theorem

of infinite Galois theory we get:

Proposition 1.1.1. Let K∞/K be a Zp-extension. Then, for each n ≥ 0,

there exists a unique field Kn⊆ K∞ of degree pn over K, and these Kn are

the only fields between K and K∞.

From that it follows that we can regard a Zp-extension as a sequence of

fields

K = K0⊂ K1 ⊂ · · · ⊂ K∞=

[ Kn

with Gal(K_{n/K) ' Z /p}n_Z.

It is possible to prove that every number field has at least one Zp

-extension, namely the cyclotomic Zp-extension. It is obtained by

let-ting K∞ be an appropriate subfield of K(ζp∞) =S

nK(ζpn), where ζ_pn is a

primitive pn-th root of unity.

Proposition 1.1.2. Let K∞/K be a Zp-extension and let l be a prime

(possi-bly archimedean) of K which does not lie above p. Then K∞/K is unramified

at l.

Proof. Let I ⊆ Gal(K∞/K) ' Zp be the inertia group for l. It is closed, so

I = 0 or I = pnZpfor some n ≥ 0. If I = 0 we are done. Suppose I = pnZp.

1.1 Zp-extensions 2

We have that I is infinite and we may assume that l is non-archimedean (if l is archimedean, I must have order 1 or 2). Set l₀ = l and for each n, choose inductively l_n ∈ K_n lying above l_n−1. Let cKn be the completion of Kn at

ln, and let dK∞=SKc_n. Then we have

I ⊆ Gal( dK∞/ bK).

Let U be the units of bK. By local class field theory, there is a continuous surjective homomorphism U → I. But we know also that

U ' Za˜_l ×T,

where T is a finite group, a ∈ N and ˜l is the prime in Q such that l|˜l. Now since I ' pnZp has no torsion, we must have a continuous surjective map

Z˜a_l → pnZp → pnZp/pn+1Zp.

But Za˜_l has no closed subgroups of index p, so there is a contradiction. Hence

we have always I = 0 and the proof is complete.

In other words, we say that Zp-extensions are unramified outside p.

Proposition 1.1.3. Let K∞/K be a Zp-extension. At least one prime

ram-ifies in this extension, and there exists n ≥ 0 such that every prime which ramifies in K∞/K is totally ramified.

Proof. Since K has ideal class group Cl(K) of finite order, if H is the Hilbert class field of K (the maximal abelian unramified extension of K), we have that Gal(H/K) ' Cl(K) is finite. Thus there is at least a prime which ramifies in K∞/K. By the above proposition, only finitely many primes

ramify in K∞/K. Call them p1, . . . , psand let I1, . . . , Isbe the corresponding

inertia groups. Then T Ii is a closed subgroup of Zp, so it is equal to pnZp

for some n ≥ 0. The fixed field of pn_Zp is K_n and since Gal(K∞/Kn)

is contained in each Ij we have that all primes above each pj are totally

ramified in K∞/Kn.

We now introduce the Iwasawa algebra of a profinite group G = lim

←−iGi. Suppose that the homomorphisms ϕij : Gj → Gi are surjective

for i ≥ j ≥ 0. We then obtain Zp-algebra homomorphisms

ψij : Zp[Gj] → Zp[Gi],

where Zp[Gk] denotes the group ring for Gk over Zp. So we define the

Iwasawa algebra for G as the completed group ring for G over Zp, i.e.

where the inverse limit is defined by the surjective maps ψ_{ij. Since Zp}[Gi]

is a compact topological ring, Zp[[G]] is a compact topological ring as well.

For each i there is a continuous, surjective Zp-algebra homomorphism ψi :

Zp[[G]] → Zp[Gi]. Moreover, the group algebra Zp[G] can be identified with

a subring of Zp[[G]] in a natural way and it is dense.

We are interested in the case G = Γ = Gal(K∞/K) ' Zp, taking Gn =

Γn= Γ/Γp

n

' Gal(K_n/K).

1.1.1 The Iwasawa algebra

The topological ring Zp[[Gal(K∞/K)]] is called the Iwasawa algebra

associ-ated with the Zp-extension K∞/K. We shall study modules over this algebra

in Section 1.4 (mainly Selmer groups, see Section 1.3.6). Their structure will be determined via a noncanonical isomorphism between the Iwasawa alge-bra and the ring of power series in one variable over Zp which we denote by

Λ := Zp[[T ]].

First we investigate some properties of Λ = Zp[[T ]]. It is a Noetherian

ring and if g(T ) = P∞

i=0biTi ∈ Λ, then g(T ) is invertible if and only if

b0 ∈ Z×p. Thus Λ is a local ring with maximal ideal m = (p, T ) and we

have Λ/m ' Z /p Z. Actually Λ/mk is finite for every k ≥ 1. Giving Λ the m-adic topology, it becomes a topological ring and, since Λ ' lim

←−Λ/mk, it is a compact topological ring.

Theorem 1.1.4. Let g(T ) = P∞

i=0biTi ∈ Λ, with g(T ) /∈ pΛ. Let d be

the smallest integer such that b_{d ∈ Z}×_p. Let f (T ) ∈ Λ, then there exists r(T ) ∈ Zp[T ] of degree < d and h(T ) ∈ Λ such that

f (T ) = g(T )h(T ) + r(T ).

Furthermore, h(T ) and r(T ) are uniquely determined by f (T ) and g(T ).

Proof. First we prove uniqueness. If g(T )h(T ) + r(T ) = g(T )h0(T ) + r0(T ), then s(T ) = r0(T ) − r(T ) is divisible by g(T ) in Λ. Let ˜Λ = Λ/pΛ. We observe that ˜_{Λ ' F}p[[T ]] is an integral domain, so p is a prime element

of Λ. Assume that s(T ) 6= 0, then we can write s(T ) = pms0(T ), where

s0(T ) /∈ pΛ and m ≥ 0. Now since g(T )|s(T ) and p is irreducible in Λ, we

have that g(T )|s0(T ). But in ˜Λ, ˜s0(T ) (that is the image of s0(T ) under the

projection Λ → ˜Λ) is a non zero polynomial of degree < d, divisible by ˜g(T ) and therefore by Tdin ˜Λ. That is impossible, so s(T ) = 0, thus r0(T ) = r(T ) and this implies that h0(T ) = h(T ).

For the existence we use the fact that ˜Λ is a discrete valuation ring and we lift back to Λ the quotient and the reminder of the division of ˜f (T ) by ˜

g(T ) in ˜Λ as in the Hensel Lemma. If ˜f (T ) =P∞

i=0a˜iTi, then we can write

˜ f (T ) = Td( ∞ X i=d ˜ aiTi−d) + d−1 X i=0 ˜ aiTi.

1.1 Zp-extensions 4

In ˜Λ, ˜g(T ) and Tddiffer by an invertible, so they generate the same ideal. We can write ˜f (T ) = ˜g(T )˜h(T )+ ˜r(T ), where ˜h(T ) ∈ ˜Λ and ˜r(T ) is a polynomial in ˜Λ of degree < d. Lifting back to Λ we get

f (T ) = g(T )h1(T ) + r1(T ) + pf1(T )

where h₁(T ), f1(T ) ∈ Λ and r1(T ) is a polynomial of degree < d. Applying

the same argument to f1(T ) and substituting in the previous equation, we

have

f (T ) = g(T )h2(T ) + r2(T ) + p2f2(T )

with h2(T ), f2(T ) ∈ Λ, r2(T ) is a polynomial of degree < d and h2(T ) ≡

h1(T ) (mod pΛ), r2(T ) ≡ r1(T ) (mod p Zp[T ]). If we iterate this argument

we obtain, for each n ≥ 1

f (T ) = g(T )hn(T ) + rn(T ) + pnfn(T )

with hn(T ), fn(T ) ∈ Λ, rn(T ) is a polynomial of degree < d and hn(T ) ≡

hn−1(T ) (mod pn−1Λ), rn(T ) ≡ rn−1(T ) (mod pn−1Zp[T ]). Now if h(T ) =

limn→∞hn(T ) and r(T ) = limn→∞rn(T ), we can write f (T ) = g(T )h(T ) +

r(T ), where h(T ) ∈ Λ and r(T ) is a polynomial of degree < d.

Corollary 1.1.5. Let g(T ) be as in Theorem 1.1.4. Then Λ/(g(T )) is iso-morphic to Zdp as Zp-module.

Proof. Consider the map

Λ/(g(T )) → {r(T ) | r(T ) ∈ Zp[T ], deg(r(T )) < d} = X

f (T ) + (g(T )) 7→ r(T ),

where r(T ) is the reminder of the division of f (T ) by g(T ). It is an isomor-phism of Zp-modules. This concludes since X ' Zdp.

Definition 1.1.6. A polynomialPd

i=0ciTi ∈ Zp[T ] is called distinguished

if c_d= 1 and ci∈ p Zp for all i < d. Equivalently, if it is monic and all of its

roots in Qp have positive valuation.

Corollary 1.1.7. Let g(T ) be as in Theorem 1.1.4. Then there exists a unique distinguished polynomial g₀(T ) such that g(T ) = u(T )g0(T ), where

u(T ) ∈ Λ× and g₀(T ) has degree d.

Proof. The multiplication by T induces an endomorphism ϕ of Λ/(g(T )). Since Λ/(g(T )) is free of rank d as Zp-module, there exists a monic

polyno-mial g₀(T ) of degree d that annihilates Λ/(g(T )). In fact, g0(T ) is the

charac-teristic polynomial of the endomorphism ϕ. Thus (g0(T )) ⊆ (g(T )). Now if

we apply the previous corollary to g0(T ), we find that Λ/(g0(T )) ' Zdp0, with

d0 ≤ d. But, since (g0(T )) ⊆ (g(T )), there exists a surjective homomorphism

Ψ : Zd0

and so d₀ = d and Ψ is an isomorphism. Thus (g(T )) = (g0(T )) and g0(T )

is a distinguished polynomial.

The uniqueness follows easily by observing that Λ/(g(T )) can be iden-tified with Zp[T ]/(g0(T )) and g0(T ) is the minimal polynomial of the

endo-morphism ϕ.

Corollary 1.1.8. Let g(T ) ∈ Λ be nonzero. Then we can write g(T ) as

g(T ) = pmu(T )g0(T )

with m ≥ 0, u(T ) ∈ Λ× and g0(T ) ∈ Zp[T ] distinguished, in a unique way.

Furthermore g(T ) is irreducible if and only if either m = 1 and g₀(T ) = 1 or m = 0 and g_{0(T ) is irreducible in Qp}[T ].

Proof. It is obvious that g(T ) = pmg1(T ) with g1(T ) ∈ Λ − pΛ and m ≥ 0

(in a unique way). So if we apply Corollary 1.1.7 to g₁(T ), the first part is proved. Now p is clearly irreducible in Λ, so suppose m = 0. Since Qp is the

field of fractions of Zp, it follows immediately that g(T ) is irreducible in Λ

if and only if g_{0(T ) is irreducible in Qp}[T ].

It follows that, up to multiplication by an invertibile element of Λ×, the irreducible elements of Λ are either p or distinguished polynomials that are irreducible in Zp[T ] (or, equivalently, in Qp[T ]). Now, since Zp[T ] is a UFD,

it is clear that Λ is a UFD too.

Remark 1.1.9. For n ≥ 1, let ωn= (1 + T )p

n

− 1. They are distinguished polynomials in Λ and we have that

Λ ' lim_←−

n

Zp[[T ]]/(ωn).

It is not hard to prove this isomorphism, using that Λ is a UFD (for more details see [13], §7.1).

The next theorem shows, as we anticipated, that the rings Zp[[Γ]] and Λ

can be identified, with a non canonical identification, that depends on the choice of a topological generator γ₀ of Γ.

Theorem 1.1.10. Let γ0 be a topological generator of Γ. There is a unique

isomorphism

ε : Λ → Zp[[Γ]]

of topological Zp-algebras such that ε(T ) = γ0− 1.

Proof. The ring Λ = Zp[[T ]] is a compact Zp-algebra. For each n ≥ 0,

consider ωn = (1 + T )p

n

1.2 Cohomology of profinite groups 6

distinguished polynomial of degree pn, Λ/(ω_{n) is isomorphic to Z}p_pn _{as a Zp} -module, with a Zp-basis given by {(1 + T )i+ (ωn) | 0 ≤ i < pn}. We can

then define an isomorphism

Λ/(ωn) −→ Zp[Γ/Γp n ] 1 + T + (ωn) 7−→ γ0Γp n .

Thus we obtain a continuous surjective Zp-algebra homomorphism Λ →

Zp[Γ/Γp

n

] for all n ≥ 0, that maps T to (γ0 − 1)Γp

n

. It induces a con-tinuous Zp-algebra homomorpshim ε : Λ → Zp[[Γ]]. Now the image of ε is

dense, and since Λ is compact, it is also closed, so ε is surjective. It is clear that ε(T ) = γ0 − 1. This implies that ε is uniquely determined, and since

ker(ε) =T

n(ωn) = 0, ε is also injective. To conclude that ε is a

homeomor-phism, we show that it is a closed mapping: let H ⊆ Λ be a closed subset, it is compact since Λ is compact. So ε(H) is compact in a Hausdorff space (since Zp[[Γ]] is profinite), hence closed.

1.2

Cohomology of profinite groups

Since our focus will be on Zp-extensions, we want to give some definitions

and results concerning the cohomology of profinite groups. From now on G (unless explicitly specified otherwise) will be a profinite group.

First we see how direct and projective limits behave when passing in cohomology. Suppose that (Gi)i∈I is a projective system of finite groups

and (Ai)i∈I a direct system of Gi-modules for all i ∈ I and the transition

maps ϕ_ij : Gj → Gi and fij : Ai → Aj form compatible pairs, meaning that

fij(ϕij(σ)a) = σ(fij(a)), i.e. the following diagram commutes for all σ ∈ Gj

Ai Aj Ai Aj fij ϕij(σ) σ fij .

Then the Hn(Gi, Ai) form a direct system of abelian groups with induced

transition maps

Hn(Gi, Ai) −→ Hn(Gj, Aj)

ψ 7−→ ψ : σ 7→ fe _ij(ψ(ϕ_ij(σ))) and the following holds:

Proposition 1.2.1. If G = lim_←−Gi and A = lim_−→Ai, then

Example 1.2.2. Take G = Zp, the projective limit of the p-groups Z /pnZ. So if we let G_{n= Zp}/pn

Zp and Γn = pnZp, given A a discrete Zp-module,

we have that A =S

nAΓn = lim_−→AΓn. Thus

Hn(Zp, A) ' lim_−→Hn(Gn, AΓn) = lim_−→Hn(Zp/pnZp, Ap

n

Zp_).

We will study discrete abelian groups, but, in general, for a Hausdorff, abelian and locally compact group A we define:

Definition 1.2.3. The group

A∨ = Homcont(A, R/ Z)

is the Pontryagin dual of A (where R/ Z has the quotient topology). We endow it with the compact-open topology (viewing A∨ as a subspace of Hom(A, R/ Z)).

Theorem 1.2.4 (Pontryagin duality). If A is a Hausdorff abelian locally compact topological group, then the same is true for A∨. The canonical homomorphism

A → (A∨₎∨

a 7→ τa

where τa: A∨ → R/ Z, φ 7→ φ(a), is an isomorphism of topological groups.

If A is a discrete torsion group (as the ones we are interested in), then A∨ ' Hom(A, Q/ Z). If A is a G-module, Q/ Z is also a G-module with a trivial action, so A∨ becomes a G-module, with the action given by:

(σ · f )(a) = σ(f (σ−1a)) = f (σ−1a) for all σ ∈ G, for all f ∈ A∨ and for all a ∈ A.

Note that Zp and Qp/ Zp, like Q/ Z, are always viewed as discrete

G-modules with trivial action.

The following theorem gives us a powerful tool, that will be used repeat-edly in our proofs. For a proof, see [8], Proposition 1.6.7.

Theorem 1.2.5 (Five Term Exact Sequence). Let H be a closed normal subgroup of G and let A be a G-module. We have the following exact sequence

0 −→ H1(G/H, AH)−→ Hinf 1(G, A)−→ Hres 1(H, A)G/H

tg

−→ H2(G/H, AH)−→inf H2(G, A).

(1.1)

The maps inf and res are the well-known inflation and restriction maps, the map between H1(H, A)G/H and H2(G/H, AH) is called transgression, which we will not define, since our focus will be on the restriction-inflation

1.2 Cohomology of profinite groups 8

part and since in most of our cases we will have H2(G/H, AH) = 0.

Recall that if G is a finite group, given a G-module A, the modified cohomology groups are

b Hn(G, A) = ( AG_{/ N} GA for n = 0 Hn(G, A) for n ≥ 1, where NGA is the image of the norm map

NG: A → A, a 7→

X

σ∈G

σa.

For profinite groups G = lim

←−Gi, by passing to the direct limit we can define

the modified cohomology groups as well:

b

Hn(G, A) = lim_−→Hb

n

(Gi, A).

Proposition 1.2.6. Let G be a profinite group and U an open subgroup of G. Then for every G-module A such that bHn(U, A) = 0, we have

[G : U ] · bHn(G, A) = 0.

In particular, if G is finite we have |G| · bHn(G, A) = 0. If, moreover, A is a finitely generated abelian group, then bHn(G, A) is also a finitely generated abelian group, hence finite, since it is annihilated by |G|.

Remark 1.2.7. If G is a profinite group, since Hn(G, A) = lim_−→Hn(G/U, AU), with the limit taken on the normal open subgroups of G, then the Hn(G, A) are torsion groups for every n ≥ 1.

Definition 1.2.8. Let p be a prime. A profinite group G is called a pro-p-group if for every U normal open subpro-p-group of G the pro-p-group G/U is a finite p-group, i.e. G is the projective limit of finite p-groups.

Example 1.2.9. It is clear that Zp = lim_{←− Z}/pnZ is a pro-p-group.

For a closed subgroup H of a profinite group G and a natural number n, we say that [G : H] is prime to n if the index [G : U ] is prime to n for every open subgroup U containing H.

Definition 1.2.10. A p-Sylow subgroup of a profinite group G is a closed subgroup Gp such that:

(1) Gp is a pro-p-group,

The Sylow theorems hold for profinite groups as well, for a proof see [8], Proposition 1.6.9.

Theorem 1.2.11. Let G be a profinite group and p a prime. Then

(1) there exists a p-Sylow subgroup Gp;

(2) every pro-p-subgroup is contained in a p-Sylow subgroup;

(3) the p-Sylow subgroups of G are conjugate.

Example 1.2.12. Let b_{Z be the profinite completion of Z, that is bZ =} lim

←−

n∈N

Z /n Z. We can write bZ = Qq primeZq, so the p-Sylow subgroup of bZ is

Zp.

In studying Zp-modules, and in general G-modules, we are often reduced

to study the submodule formed by those elements that have order a power of p. If A is an abelian group, this subgroup is called the p-primary part A(p) of A. If A is a torsion group, then A =L

pA(p). For the p-primary

part of the torsion group Hn(G, A), we have:

Proposition 1.2.13. Let A be a G-module and G_p a p-Sylow subgroup of G. Then the homomorphism

res : Hn(G, A)(p) → Hn(Gp, A)

is injective. If G_p is open in G, the homomorphism

cor : Hn(Gp, A) → Hn(G, A)(p)

is surjective.

Proof. The proposition holds for any closed subgroup H with [G : H] prime to p: if H is such a subgroup, suppose that H is open, then the map

[G : H] = cor ◦ res : Hn(G, A)(p) → Hn(G, A)(p)

is an isomorphism, since [G : H] is prime to p, so res : Hn(G, A)(p) → Hn(H, A) is injective and cor : Hn(H, A) → Hn(G, A)(p) is surjective. If H is not open, since H is itself profinite, the injectivity of the map res follows from Proposition 1.2.1.

Corollary 1.2.14. If Hn(Gp, A) = 0 for every prime p, then Hn(G, A) = 0.

Two interesting properties of p-primary modules are the following:

Proposition 1.2.15. Let H be a finite p-group and let A be a p-primary H-module.

1.2 Cohomology of profinite groups 10

(1) If H0(H, A) = 0, then A = 0.

(2) If pA = 0 and there exists q such that bHq(H, A) = 0, then A is an induced H-module and, in particular, cohomologically trivial.

For a proof of this proposition, see [8], Proposition 1.6.12 for (1) and Proposition 1.8.3 for (2).

Remark 1.2.16. If a p-primary G-module A 6= 0 is simple, since for every a ∈ A the G-orbit of a is finite (this follows from the fact that the stabilizer of an element is an open subgroup of G), A is finitely generated as Z-module: just consider the submodule hσ(a)|σ ∈ Gi_Zand conclude by simplicity. Then A is finite and there exists a unique prime p such that pA = 0.

Corollary 1.2.17. Let G be a pro-p-group. Then every simple p-primary module A is isomorphic to Z /p Z. In particular, if A is a p-primary G-module

A = 0 ⇔ AG = 0

Proof. If A is a (nonzero) discrete simple p-primary G-module, by the pre-vious remark, then pA = 0. Now since A = S AH_{, where the H are open}

subgroups of G, there exists U an open subgroup of G such that AU 6= 0 and so by Proposition 1.2.15 applied to G/U and AU we have

H0(G/U, AU) = AG 6= 0.

So by simplicity AG _{= A, meaning that A is a F}p-vector space with trivial

action of G, hence it has dimension 1.

It follows immediately that every finite p-primary G-module admits a descending chain A = A₀ ⊇ A₁ ⊇ A₂ ⊇ · · · ⊇ A_k = {id} such that Ai/Ai+1' Z /p Z for all i = 0, . . . , k − 1.

Let A be a p-primary abelian group. We can regard it as a Zp-module

and endow it with the discrete topology. In this case its Pontryagin dual

A∨ = Homcont(A, Qp/ Zp)

is a compact Zp-module.

Definition 1.2.18. We say that A is a confinitely generated Zp-module

if A∨ _{is a finitely generated Zp-module, and we call Zp}-corank of A the rank of A∨ _{as Zp}-module. We then write corank_ZpA = rank_ZpA∨.

Example 1.2.19. _{• The Pontryagin dual of Qp/ Zp is Zp}. • A = Qp/ Zp

r

Therefore if A is a cofinitely generated Zp-module, since Zp is a PID, we

can write

A∨ ' Zrp×T,

for some r ≥ 0 and some finite group T (r = corank_ZpA). But then A ' (A∨)∨'_{Qp/ Zp}r× T∨.

Example 1.2.20. If A is Zp-cofinitely generated of corank r, its divisible

part is Adiv' (Qp/ Zp)r and [A : Adiv] < ∞.

We will show that, if K_{v is a finite extension of Qp}, and if A is a cofree Zp-module, then H1(Gal(Kv/Kv), A) is a cofinitely generated Zp-module (it

is the corank lemma, that we will see at the end of this section).

1.2.1 Cohomology of procyclic groups

We know that, if G is a finite cyclic group, for every G-module A we have

b

H2n(G, A) = AG/ NGA and Hb

2n−1

(G, A) = ker NG/(σ − 1)A

where σ is a generator of G. If G is infinite, we want to give an explicit expression of the cohomology groups, at least for n = 0, 1, similar to the latter.

Definition 1.2.21. A procyclic group G is a profinite group that is topo-logically generated by an element σ, i.e. G is the closure of the subgroup generated by σ, hσi = {σn_{|n ∈ Z}.}

For example, Zp = lim_{←− Z}/pnZ and bZ = lim_{←− Z}/n Z are additive procyclic groups, both generated by the element (1, 1, . . . ). Actually, every procyclic group is a quotient of bZ: if G is a procyclic group topologically generated by σ, then for every n we have the surjective homomorphism

Z /n Z → G/Gn [1] 7→ [σ],

so passing to the limit we have a continuous surjective homomorphism bZ → G. But now, since bZ =QpZp, every procyclic group can be written as

G ' Z /n Z ×Y

p∈S

Zp

where n is a natural number and S ⊆ {p prime | p - n}. Now assume that G is torsion-free, i.e. G =Q

p∈SZp and let N(S) be the set of natural numbers

not divisible by prime numbers q /_{∈ S. Then for every n ∈ N(S) the groups} Gn(n-th powers) are open subgroups of G and

G = lim_←− n∈N(S) G/Gn' lim ←− n∈N(S) Z /n Z .

1.2 Cohomology of profinite groups 12

Definition 1.2.22. An abelian group X is called S-divisible if X = nX for all n ∈ N(S), and is called S-torsion if X =S

n∈N(S)X[n], where X[n] =

{x ∈ X | nx = 0}.

Proposition 1.2.23. Let G = Q

p∈SZp be a torsion-free procyclic group,

with topological generator σ, and let A be a G-module.

(1) If A is S-torsion, then H1(G, A) ' A/(σ − 1)A.

(2) If A is torsion or S-divisible, then Hn(G, A) = 0 for n ≥ 2. For a proof, see [8], Proposition 1.7.7.

One easily obtains the following proposition, that will help us compute the cohomology groups for p-primary groups (we will use it, in fact, applied to the p-primary part of an elliptic curve).

Proposition 1.2.24. Let Γ ' Zp and let γ be a topological generator of Γ.

(1) Suppose that A is a finite abelian p-group, on which Γ acts continuously. Then

H1(Γ, A) = A (γ − 1)A.

(2) Let A be a p-primary abelian group on which Γ acts continuously. Then

H1(Γ, A) = A (γ − 1)A.

(3) If A ' (Qp/ Zp)rthen H0(Γ, A) and H1(Γ, A) have the same Zp-corank

and, if H0(Γ, A) is finite, then H1(Γ, A) = 0.

Proof. The first two points are immediate consequences of the previous proposition. For (3), consider the exact sequences

1 → AΓ→ A−→ (γ − 1)A → 1γ−1 and

1 → (γ − 1)A → A → A

(γ − 1)A → 1 . (1.2)

From the exactness of the first sequence, it follows that

corank A = corank AΓ+ corank(γ − 1)A. From the second we get instead:

corank A = corank A/(γ − 1)A + corank(γ − 1)A,

so corank AΓ _{= corank A/(γ − 1)A. Now suppose that H}0_{(Γ, A) is finite,}

then 0 = corank H0(Γ, A) = corank H1(Γ, A), and also H1(Γ, A) is finite. But since H1(Γ, A) = _(γ−1)AA , this means that (γ − 1)A is an infinite open submodule of A = (Qp/ Zp)r, which has only finite proper submodules. Thus

1.2.2 Cohomological dimension

A fundamental numerical invariant of a profinite group G is its cohomological dimension.

Definition 1.2.25. The cohomological dimension cd G of G is the smal-lest integer n such that

Hq(G, A) = 0 ∀q > n

for all A torsion G-modules, and it is ∞ if no such integer exists.

Let p be a prime. The p-cohomological dimension cdpG of G is the

smallest integer n such that the p-primary part

Hq(G, A)(p) = 0 ∀q > n

for all A torsion G-modules, and it is ∞ is no such integer exists.

Remark 1.2.26. To show that the p-cohomological dimension of G is n, it is enough to show that n is the smallest integer such that Hq(G, A) = 0 for all q > n, for all A p-primary G-modules. Indeed, every torsion G-module can be written as A =L

pA(p) and we have that Hq(G, A)(p) = Hq(G, A(p)).

Since every abelian torsion group decomposes into the direct sum of its p-primary parts, we have that

cd G = sup

p

cdpG.

To compute the p-cohomological dimension of G, we can actually compute only the dimension of its p-Sylow subgroup.

Proposition 1.2.27. If H is a closed subgroup of G, then

cdpH ≤ cdpG

and we have an equality in each of the following cases

(1) [G : H] is prime to p,

(2) H is open and cd_pG < ∞.

For a proof, see [8], Proposition 3.3.5. From the proposition we have immediately the following

Corollary 1.2.28. If G_p is a p-Sylow subgroup of G, then

cdpG = cdpGp = cd Gp.

1.2 Cohomology of profinite groups 14

Proposition 1.2.29. cd_pG = 0 if and only if the order of G is prime to p. Proof. It is clear that if the order of G is prime to p, then G has p-cohomological dimension 0. Suppose now that the order of G is not prime to p, then by the previous corollary, we can suppose that G is a pro-p-group. If G = lim_←−

nGn6=

{1}, then for each n ≥ 0, since G_nis a finite p-group, there exists a continuous surjective homomorphism Gn→ Z /p Z. This yields a continuous surjective

homomorphism G → Z /p Z. Thus H1(G, Z /p Z) ' Hom(G, Z /p Z) 6= 1, meaning that cd_pG ≥ 1.

We are interested in the cohomological dimension of Zp: since cd(Zp) =

cdp(Zp), from Remark 1.2.26 we want to compute Hn(Zp, A) for all p-primary

Zp-modules A. Thanks to Proposition 1.2.23 we have that those cohomology

groups are trivial for n ≥ 2. Now by the previous proposition we have that cd(Zp) ≥ 1, thus we conclude cd(Zp) = 1.

We can use this information to simplify the five term exact sequence for Zp-extensions.

Example 1.2.30. Let K∞/K be a Zp-extension and for every n ≥ 0 consider

K ⊂ Kn ⊂ K∞. For our purposes, we consider A a p-primary Zp-module

and put GK∞ = Gal(K/K∞) and GKn = Gal(K/Kn), where K is a fixed

algebraic closure of K. Since GKn/GK∞ ' Gal(K∞/Kn) ' pnZp we get the

five-term exact sequence:

0 → H1(GKn/GK∞, AGK∞) inf −→ H1(GKn, A) res −→ H1(GK∞, A)GKn/GK∞ tg −→ H2(GKn/GK∞, A GK∞_)−→inf _H2_(G Kn, A).

Since GKn/GK∞ ' pnZp' Zp one has cd(pnZp) = 1 and so

H2(GKn/GK∞, A

GK∞_{) = 0.}

The sequence above becomes then a short exact sequence:

0 → H1(GKn/GK∞, A GK∞_{)→ H}inf 1_(G Kn, A) res → H1(GK∞, A) GKn/GK∞ _{→ 0}

We now give the definition of cohomological dimension of a field, and we investigate some of its properties.

Definition 1.2.31. The cohomological dimensions cdp(K), cd(K) of a

field K are defined as the cohomological dimension cdpGK and cd GK of its

absolute Galois group G_K = Gal(K/K), where K is a fixed algebraic closure of K.

The p-cohomological dimension for a field with char(k) = p > 0 plays an exceptional role (for a proof, see [9], §2.2, Proposition 3):

We now consider a prime number p different from the characteristic of the field considered. We write Hn(K, A) for Hn(GK, A), where A is any

GK-module.

Proposition 1.2.33. If F/K is a finite extension and if cdp(K) < ∞ or

p - [F : K], then cdp(F ) = cdp(K).

This is a consequence of Proposition 1.2.27, since GF is isomorphic to an

open subgroup of G_K.

Theorem 1.2.34. Let K be a field, complete with respect to a discrete val-uation with perfect residue field k. If p 6= char(k) is a prime number and cdp(k) < ∞, then

cdp(K) = cdp(k) + 1.

For a proof, see [8], Theorem 6.5.15.

From this theorem we find that, for any prime p, the p-cohomological dimension of Qp is 2: we have that the p-cohomological dimension of its

residue field is cdp(Fp) = cdp(GFp) = cdpZ and since the p-Sylow of bb Z

is Zp, and we showed that cdp(Zp) = 1, we conclude that cdp(Fp) = 1.

Furthermore, thanks to the previous proposition, the same is true for every finite extension of Qp.

But what if the extension is infinite? In particular, what if the extension is a Zp-extension?

Definition 1.2.35. Let K/F be an infinite extension. We define the profi-nite degree of K/F as

lcm{[L : F ]| F ⊆ L ⊆ K L/F finite} We can regard it as a supernatural numberQ

l primelal, with 0 ≤ al ≤ ∞.

We say that l∞ divides the profinite degree of K/F if for every n ≥ 0 there exists a finite extension with ln | [L : F ] (i.e. the power of l that divides [L : F ] is unbounded as L/F varies).

Lemma 1.2.36. Let l be a prime and Kv be an extension of Ql such that

p∞ divides the profinite degree of K_v/Ql. Then G_Kv has p-cohomological dimension 1.

For the proof we will need the following (for a proof see [9], §5.6, Lemma 3)

Lemma 1.2.37. In the same hypotheses of the previous lemma, the p-primary subgroup of the Brauer group of Kv is 0, i.e.

H2(Kv, Kv ×

1.2 Cohomology of profinite groups 16

Proof. (of Lemma 1.2.36) We have H2(Kv, Kv

×

)(p) = 0 and applying the same argument to any exten-sion of K_v we get H2(H, Kv

×

)(p) = 0 for every H closed subgroup of GKv.

Consider the following exact sequence

1 −→ µp −→ Kv × p −→ K_v×−→ 1. It induces in cohomology: H1(H, Kv × ) −→ H2(H, µp) −→ H2(H, Kv × ), and since by Hilbert 90 theorem H1(H, Kv

×

) = 0 and, as we have just seen, H2(H, Kv

×

)(p) = 0, we deduce H2(H, µp) = 0. Note that Kv(µp)/Kv is an

extension (possibly trivial) of degree prime to p: since we are only interested in p-cohomological dimension we have cdpGKv = cdpGKv(µp) and we can

always assume µp ⊂ Kv so that µp ' Z /p Z as GKv-modules. Thus in

particular if G_p is a p-Sylow subgroup of G_Kv H2(Gp, Z /p Z) = 0. Now

if M is a p-primary Gp-module H2(Gp, M ) = 0. In fact, using Corollary

1.2.17, we can construct M0 = {id} ⊂ M1 ⊂ · · · ⊂ Mk−1 ⊂ Mk = M with

Mi/Mi−1' Z /p Z and we have the short exact sequence

0 → Mn−1→ Mn→ Z /p Z → 0

that induces

H2(Gp, Mn−1) → H2(Gp, Mn) → H2(Gp, Z /p Z) = 0

and so H2(Gp, Mn−1)  H2(Gp, Mn). Proceeding in this way we arrive to

0 = H2(Gp, M1) = H2(Gp, Z /p Z)  H2(Gp, M2), i.e. H2(Gp, M2) = 0, and

so by iteration we must have H2(Gp, M ) = 0.

Now we know that the restriction H2(Kv, M )(p) → H2(Gp, M ) is

injec-tive and thus H2(Kv, M )(p) = 0, as we wanted.

We end this section on cohomology with a proof of the Corank Lemma. We use two theorems of Tate.

Theorem 1.2.38 (Tate Duality). Let K be a p-adic local field. Let A be a finite GK module and let bA(1) = Hom(A, µp∞). Then the cup-product

Hi(K, bA(1)) × H2−i(K, A)−→ H∪ 2(K, µp∞) ' Q/ Z

induces for 0 ≤ i ≤ 2 an isomorphism of finite abelian groups

This is proved in [8], Theorem 7.2.6.

We write bA(1) to emphasize the fact that the action of GK is given by

the action on µp∞, i.e. by the cyclotomic charater χ_cyc.

For the second theorem, let K be a local field and p the characteristic of its residue field. If A is a finite G_K-module of order prime to char K (if char K > 0), we define the Euler-Poincarè characteristic of A:

χ(K, A) =

2

Y

j=0

| Hj(K, A)|(−1)j.

Theorem 1.2.39 (Tate). If |A| = a, then

χ(K, A) = kakK

where k · k_K is the normalized valuation on K.

For a proof, see [8], Theorem 7.3.1.

Now for the Corank Lemma, let Kv be a finite extension of Qp, where p

is a prime, and suppose A is a discrete G_Kv-module.

Theorem 1.2.40 (Corank Lemma). Suppose that A ' (Qp/ Zp)r as a Zp

-module.

(1) Let Kv be a finite extension of Qp. Then H1(Kv, A) is a cofinitely

generated Zp-module of corank equal to

r[Kv : Qp] + corankZpH

0_(K

v, A) + rankZpH

0_(K

v, bA(1)).

(2) Let Kv be a finite extension of Ql, where l 6= p. Then H1(Kv, A) is a

cofinitely generated Zp-module of corank equal to

corank_ZpH

0_(K

v, A) + rankZpH

0_(K

v, bA(1)).

Proof. We first show that H1(Kv, A) is a cofinitely generated Zp-module. To

do so, consider the short exact sequence

0 → A[p] → A→ A → 0p that induces in cohomology

H1(Kv, A[p])→ Hi 1(Kv, A) p

→ H1(Kv, A).

We have im(i) = ker(p) = H1(Kv, A)[p], thus we have a surjective map

H1(Kv, A[p]) → H1(Kv, A)[p]. Now let Lv be a finite Galois extension of

Kv such that GLv acts trivially on A[p] (so H

1_(L

v, A[p]) = Hom(GLv, A[p])).

From the inflaction-restriction sequence (1.1) with G = GKv and H = GLv

0 −→ H1(Gal(Lv/Kv), A[p]GLv) inf

−→ H1(Kv, A[p]) res

1.3 Elliptic Curves 18

we have that

ker(res) = H1(Gal(Lv/Kv), A[p]GLv) = H1(Gal(Lv/Kv), A[p])

and it is finite, since Gal(Lv/Kv) is finite. Moreover we have H1(Lv, A[p]) =

Hom(Gal(Mv/Lv), A[p]), where Mv is the maximal extension of Lv such

that Gal(M_v/Lv) is an elementary abelian p-group (since the elements of

A[p] have order p). But Lv has only a finite number of extensions of degree

p, so Mv/Lv is finite. Hence H1(Lv, A[p]) is finite, so H1(Kv, A[p]) is finite

too. It follows that H1(Kv, A)[p] is finite since H1(Kv, A[p])  H1(Kv, A)[p].

This implies that H1(Kv, A) is a Zp-cofinitely generated module.

The same statement is true for H0(Kv, A), thanks to Proposition 1.2.24.

We now see how to use the two theorems of Tate to show that H2(Kv, A)

is also cofinitely generated as a Zp-module and the formulas for the rank of

H1(Kv, A) hold.

Let M be a finite GKv-module. Assume that |M | = p

a_{. Then cM (1) is}

also a G_Kv-module of order pa. From Theorem 1.2.39, taking the canonical valuation on K_v we get 2 Y j=0 | Hj(Kv, M )|(−1) j = ( p−a[Kv:Qp] _{if v|p} 1 if v - p

and by Theorem 1.2.38 H2(Kv, M ) is the Pontryagin dual of H0(Kv, cM (1))

(and so they have the same order). We extend these results to infinite GKv

-modules A =S

nA[pn] applying the above results to M = A[pn] for all n ≥ 0

(which are finite). We get:

2 X j=0 (−1)jcorank Hj(Kv, A) = ( −[Kv : Qp] corank A if v|p 0 if v - p

and H2(Kv, A) is the Pontryagin dual of H0(Kv, bA(1)) and hence

corank H2(Kv, A) = rankZpH

0_(K

v, bA(1)).

These results conclude the proof in both cases.

Given an elliptic curve over a finite extension of Qp, with the Corank

Lemma we will able to compute the rank of the image of the map induced by the inclusion ker(π) ,→ E(p), where π is the reduction modulo v and E(p) is the p-primary subgroup of E_tors, that is the torsion subgroup of E.

1.3

Elliptic Curves

Elliptic curves are non-singular curves of genus 1 with a specific base point. Every such curve can be written (thanks to the Riemann-Roch theorem) as

the locus in P2 of a cubic equation with only one point (the base point) on the line at ∞, i.e. as an equation of the form (using non-homogeneous coordinate to ease notation)

E : y2+ a1xy + a3y = x3+ a2x2+ a4x + a6, (1.3)

with the basepoint O = [0, 1, 0], called the Weierstrass equation of the curve. If a1, . . . , a6 ∈ K, we say that E is defined over K.

If char(K) 6= 2, 3, we can change coordinates to get a simpler equation:

E : y2 = x3+ Ax + B . (1.4)

This equation has associated quantities

∆(E) := −16(4A3+ 27B2), j(E) := 1728(4A3)/∆(E).

Definition 1.3.1. The quantity ∆ above is called the discriminant of the Weierstrass equation, j is called the j-invariant of the elliptic curve E.

Proposition 1.3.2. (1) The curve given by a Weierstrass equation is non singular if and only if ∆ 6= 0.

(2) Two elliptic curves are isomorphic over K if and only if they have the same j-invariant.

(3) Let j₀ ∈ K. Then there exists an elliptic curve (defined over K(j₀)) with j-invariant j0.

For a proof, see [11], §III, Proposition 1.4.

Let E be an elliptic curve given by a Weierstrass equation and let O be the point at infinity. We define an operation on E by the following rule:

Let P, Q ∈ E, L the line connecting P and Q (tangent line if P = Q), and R the third point of intersection of L with E. Let L0 be the line connecting R and O. Then P + Q is the point such that L0 intersects E at R, O and P + Q.

It is not hard to prove the following (in [11], Ch.III.2 there is a proof with explicit formulas for the coordinates of the point P + Q):

Theorem 1.3.3. The composition law defined above makes E into an abelian group with identity element O.

Now suppose that a Weierstrass equation has discriminant ∆ = 0, so it has a singular point. If we discard the singular point we still have a group law.

1.3 Elliptic Curves 20

Definition 1.3.4. Let E be a curve given by a Weierstrass equation. The non-singular part of E, denoted E_ns, is the set of non-singular points of E. Similarly, if E is defined over K, then Ens(K) is the set of non-singular

points of E(K).

Proposition 1.3.5. Let E be a curve given by a Weierstrass equation with discriminant ∆ = 0, so E has a singular point. Then the composition law defined above makes Ens into an abelian group. Furthermore:

(1) suppose that E has a node, then E_ns is isomorphic to K×; (2) suppose that E has a cusp, then Ens is isomorphic to K

+

.

For a proof, see [11], Ch.III, Proposition 2.5.

For each m ∈ Z we can define the multiplication by m [m] : E → E

in the following way:

[m]P = P + · · · + P (m terms) for m > 0, [0]P = O, and [m]P = [−m](−P ) for m < 0.

This map will be one of the most powerful tools for the study of elliptic curves.

Definition 1.3.6. Let E be an elliptic curve and m ∈ Z, m 6= 0. The m-torsion subgroup of E is the set of points of E of order m:

E[m] = {P ∈ E | [m]P = O}.

The torsion subgroup of E is the set of points of finite order

Etors= ∞

[

m=1

E[m].

The structure of the torsion points is given by the following theorem (see [11], Ch.III, Corollary 6.4).

Theorem 1.3.7. (1) If char(K) = 0 or if m is prime to char(K), then

E[m] ' (Z /m Z) × (Z /m Z). (2) If char(K) = p, then one of the following holds:

E[pn] ' Z /pnZ for all n = 1, 2, 3, . . . in this case we say that E/K is ordinary, or

E[pn] = 0 for all n = 1, 2, 3, . . . and in this case we say that E/K issupersingular.

From that, by taking the direct limit we get that if char(K) = 0 then

Etors' Q/ Z ×Q/ Z .

Actually, we will be interested in the p-primary part of an elliptic curve defined over a field with char(K) = 0. In this case, we take E[pk] ' Z /pkZ × Z /pkZ for every k ∈ N and by passing to the direct limit, our study will be focused on

E(p) = [

k∈N

E[pk] ' Qp/ Zp×Qp/ Zp.

If char(K) = p and E is ordinary, then

E(p) ' Qp/ Zp,

while if E is supersingular E(p) = 0, i.e. it has no p-torsion points.

Given an elliptic curve over a field K we have an obvious action of the absolute Galois group G_K on E, given by the action on the coordinates. Of course, it acts on the group E[m] and for all P ∈ E[m] we have

[m](Pσ) = ([m]P )σ = O.

Thus, when E[m] ' Z /m Z × Z /m Z, choosing a basis for E[m], we obtain a representation

GK → Aut(E[m]) ' GL2(Z /m Z).

1.3.1 Weil Pairing

Consider now E an elliptic curve over K. We fix an integer m ≥ 2, prime to p = char(K), if p > 0. Let S, T ∈ E[m] and choose a function F ∈K(E) (the function field of E over the algebraic closure of K) with divisor

div(F ) = m(T ) − m(O).

Letting T0∈ E with [m]T0_{= T , there is a function G ∈ K(E) such that}

div(G) = [m]∗(T ) − [m]∗(O) = X

R∈E[m]

(T0+ R) − (R),

where [m]∗is the pullback of the multiplication by m. The functions F ◦ [m] and Gm have the same divisor, so we may assume that

F ◦ [m] = Gm. Then for every point X ∈ E we have

1.3 Elliptic Curves 22

Therefore we can define a pairing1, called Weil e_m-pairing

em : E[m] × E[m] −→ µm

(S, T ) 7−→ G(X + S) G(X) ,

(1.5)

where X ∈ E is any point in which G(X + S) and G(X) are defined and non-zero. We give some of its basic properties (for a proof see [11], Ch.III, Proposition 8.1).

Proposition 1.3.8. The Weil em-pairing is:

(1) bilinear:

em(S1+ S2, T ) = em(S1, T )em(S2, T ),

em(S, T1+ T2) = em(S, T1)em(S, T2);

(2) alternating:

em(S, T ) = em(T, S)−1;

(3) non-degenerate: if em(S, T ) = 1 for all S ∈ E[m], then T = O;

(4) compatible with Galois action: for all σ ∈ GK,

em(S, T )σ = em(Sσ, Tσ);

(5) compatible with multiplication: if S ∈ E[mm0] and T ∈ E[m], then emm0(S, T ) = e_m([m0]S, T ).

This basic properties of the Weil paring imply its surjectivity.

Corollary 1.3.9. The pairing em is surjective. In particular, if E[m] ⊂

E(K), then µm ⊂ K∗.

Proof. The image of em is a subgroup of µm, say equal to µd. So for all

S, T ∈ E[m],

1 = em(S, T )d= em([d]S, T ).

Because the pairing is non-degenerate, we have that [d]S = O and since S is arbitrary, we must have d = m. Now suppose that E[m] ⊂ E(K). Then from the Galois invariance of the e_m-pairing, e_m(S, T ) ∈ K∗ for all S, T ∈ E[m]. Therefore µm ⊂ K∗.

1

We can regard a pairing between R-modules M × N → L as a R-linear map ϕ : M → HomR(N, L). We say that the pairing is perfect if ϕ is an isomorphism of R-modules.

1.3.2 Formal Group of an Elliptic Curve

Let R be a ring.

Definition 1.3.10. A (one-parameter commutative) formal group F defined over R is a power series F (X, Y ) ∈ R[[X, Y ]] satisfying:

(1) F (X, Y ) = X + Y + terms of degree ≥ 2;

(2) F (X, F (Y, Z)) = F (F (X, Y ), Z) (associativity);

(3) F (X, Y ) = F (Y, X) (commutativity);

(4) there is a unique power series i(T ) ∈ R[[T ]] such that F (T, i(T )) = 0 (inverse);

(5) F (X, 0) = X and F (0, Y ) = Y .

We call F (X, Y ) the formal group law of F .

In general a formal group is merely a group operation, but if the ring R is local and complete, and if the variables are specialized to values in the maximal ideal m of R, then the power series giving the formal group will converge.

Definition 1.3.11. Suppose that R is a local ring. The group associated to F /R, denoted F (m), is the set m with the group operations

x ⊕F y = F (x, y) for x, y ∈ m (addition),

Fx = i(x) for x ∈ m (inverse).

Proposition 1.3.12. Let R be a local ring and let F be a formal group defined over R.

(1) For each n ≥ 1, the map

F (mn_{)/F (m}n+1_{) → m}n_/mn+1 _(1.6)

induced by the identity map on sets is an isomorphism of groups.

(2) Let p be the characteristic of the residue field k (we admit the case p = 0). Then every torsion element of F (m) has order a power of p. Proof. (1) Since the underlying sets are the same, it suffices to show that

the map is a homomorphism: for x, y ∈ mn,

x ⊕Fy = F (x, y)

= x + y + . . .

1.3 Elliptic Curves 24

(2) For this proof we assume that R is Noetherian (for a general proof, see [11], Ch.IV, Proposition 3.2). We show that there are no non-zero torsion elements with order prime to p. Let m ≥ 1 be prime to p (if p = 0, take any arbitrary m) and x ∈ F (m) with [m](x) = 0. We show inductively that x ∈ mnfor all n ≥ 1 (this implies that x = 0). Suppose x ∈ mnand let ¯x be the image of x in F (mn)/F (mn+1). We have that ¯

x has order dividing m, but from (1) we have that F (mn)/F (mn+1) is isomorphic to the k-vector space mn/mn+1, so it has only p-torsion. Hence ¯x = 0, meaning that x ∈ mn+1.

Let E be an elliptic curve given by a Weierstrass equation with coeffi-cients in R

E : y2+ a1xy + a3y = x3+ a2x2+ a4x + a6

with the point at infinity O = [0, 1, 0]. We change variables

z = −x

y w = − 1 y

so that the point O is now the point (z, w) = (0, 0) and z is a local uniformizer at O (i.e. z has a zero of order 1 at O). The Weierstrass equation becomes

w = z3+ a1zw + a2z2w + a3w2+ a4zw2+ a6w3= f (z, w). (1.7)

Now if we substitute this equation into itself recursively, we get an expression of w as a power series in z:

w = z3(1 + A1z + A2z2+ . . . )

with A_{i ∈ Z[a1}, . . . , a6] for all i. Thanks to Hensel’s Lemma, this

proce-dure converges and moreover we get that w(z) is the unique power series in Z[a1, . . . , a6][[z]] satisfying w(z) = f (z, w(z)). Since x = _wz and y = −_w1,

using the power series for w(z) we can obtain a Laurent series for x and y

x(z) = z w(z) = 1 z2 − a1 z − a2− a3z − (a4+ a1a3)z 2_{− . . .} y(z) = −1 w(z) = − 1 z3 = a1 z2 + a2 z = a3+ (a4+ a1a3)z + . . .

also with coefficients in Z[a1, . . . , a6]. The pair (x(z), y(z)) is a formal

solu-tion of the Weierstrass equasolu-tion of E, i.e. a solusolu-tion in the quotient field of formal power series.

We want to construct a power series that will formally give the addition law on E. Let z₁ and z₂ be two indeterminates and let w₁ = w(z1) and

w2 = w(z2). The line connecting (z1, w1) and (z2, w2) has equation w =

λz − ν, where the slope λ = w2−w1

z2−z1 ∈ Z[a1, . . . , a6][[z1, z2]] and ν = w1 −

obtaining a cubic expression in z that has z₁ and z₂ as roots. We look for the third root z₃ and we find that it can be expressed as a power series in z₁ and z2, again with coefficients in Z[a1, . . . , a6]:

z3= −z1− z2+

a1λ + a3λ2− a2y − 2a4λν − 3a6λ2ν

1 + a2λ + a4λ2+ a6λ3

.

We need now the formula for the inverse. The inverse for (x, y) is (x, −y − a1x − a3), so since z = −x/y we find that the inverse of (z, w) has

z-coordinate i(z) = x(z) y(z) + a1x(z) + a3 = z −2_{− a} 1z−1− . . . −z−3_{+ 2a} 1z−2+ . . . ∈ Z[a1 , . . . , a6][[z]]

and w-coordinate w(i(z)). So the formal addition law is given by

F (z1, z2) = i(z3(z1, z2))

= z1+ z2− a1z1z2− a2(z12z2+ z1z22) + . . .

that is a power series in z₁ and z_{2 with coefficients in Z[a1}, . . . , a6]. From

the properties of the addition law on E we find that F (z1, z2) has the

corre-sponding properties of commutativity, associativity and inverse. The formal group associated to E, denoted bE, is given by this formal series F (z1, z2).

Suppose that the elliptic curve E is defined over K, the quotient field of a local and complete ring R with maximal ideal m. The power series x(z) and y(z) give a map

m −→ E(K)

z 7−→ (x(z), y(z)). This map gives a homomorphism from bE(m) to E(K).

1.3.3 Elliptic Curves over local fields

Let K be a local field, complete with respect to a discrete valuation v. We denote by R the ring of integers of K and by m the maximal ideal of R. Consider π a uniformizer (we assume that v is normalized so that v(π) = 1) for R and denote by k the residue field of R. We have the natural reduction map, that we denote by a tilde:

R −→ k

t 7−→ ˜t. Now let E/K be an elliptic curve and let

y2+ a1xy + a3y = x3+ a2x2+ a4x + a6

be a Weierstrass equation of E/K. We can change coordinates in order to find a Weierstrass equation with all coefficients a_i ∈ R. Then the discrimi-nant satisfies v(∆) ≥ 0 and, since v is discrete, we can look for an equation with v(∆) as small as possible.

1.3 Elliptic Curves 26

Definition 1.3.13. A Weierstrass equation as above is called minimal Weierstrass equation for E at v if v(∆) is minimized subject to the condition a1, a2, a3, a4, a6 ∈ R.

If we choose a minimal Weierstrass equation for E/K, we can reduce the coefficients modulo π to obtain a curve over k:

e

E : y2+ ˜a1xy + ˜a3y = x3+ ˜a2x2+ ˜a4x + ˜a6.

Furthermore, if P ∈ E(K), we can find homogeneous coordinates P = [x0, y0, z0] with x0, y0, z0 ∈ R and at least one of x0, y0, z0 in R×. Then

the reduced point eP = [ ˜x0, ˜y0, ˜z0] is in eE(k). So we have a reduction map

E(K) −→ E(k)e P 7−→ P .e Now eE may be singular. We define

E0(K) = {P ∈ E(K) | eP ∈ eEns},

the set of points with non-singular reduction, and

E1(K) = {P ∈ E(K) | eP = eO},

the kernel of reduction.

Remark 1.3.14. Obviously ∆( eE) = ^∆(E), so if v(∆) = 0, then e∆ 6= 0, e

E = eEnsand E0(K) = E(K).

Proposition 1.3.15. The sequence of abelian groups

0 → E1(K) → E0(K) → eEns(k) → 0,

where the right-hand map is the reduction modulo π, is exact.

Proof. We give a sketch of the proof. The surjectivity on the right is obtained by Hensel’s Lemma (a point in eEns(k) satisfies the reduced Weierstrass

equa-tion ef (x, y) = 0 and the partial derivatives of ef at the point are nonzero). To complete the proof one has to show that the reduction is a homomor-phism and that E₀(K) is a subgroup of E(K), the exactness in the middle follows from the definition of E1(K) and E0(K). These two facts can be

proved by noticing that the reduction takes lines to lines (see [11], Ch.VII, Proposition 2.1).

Proposition 1.3.16. Let E/K be given by a minimal Weierstrass equation, let bE/R be the formal group associated to E and let w(z) ∈ R be the power series obtained by substituting recursively (1.7). Then the map

b E(m) −→ E1(K) z 7−→  z w(z), − 1 w(z)  is an isomorphism.

For a proof, see [11], Ch.VII, Proposition 2.2.

Proposition 1.3.17. Let E/K be an elliptic curve and m ≥ 1 an integer prime to char(k). Then

(1) E1(K) has no non-trivial points of order m;

(2) if the reduced curve eE is non-singular, then the reduction map E(K)[m] → eE(k)

is injective.

Proof. Thanks to the previous proposition the above exact sequence becomes

0 → bE(m) → E0(K) → eEns(k) → 0.

From this and using (2) of Proposition 1.3.12, we get (1). Now if eE is non-singular, then E0(K) = E(K) and eEns(k) = eE(k), so the m-torsion of E(K)

injects into eE(k) and this proves (2).

The above proposition gives us a method to find the torsion subgroup of an elliptic curve defined over a number field: given a number field K and Kv its completion with respect to some discrete valuation v, clearly E(K)

injects into E(Kv). So by applying the proposition with different v’s, we can

obtain information about the torsion in E(K) by computing the points of eE with coordinates in the residue fields k_v.

Example 1.3.18. Let E/Q be the elliptic curve E : y2+ y = x3− x + 1.

Its discriminant is ∆ = −611 = −13 · 47, so its reduction modulo 2 (de-noted eE) is non-singular. One easily checks that eE(F2) = {O}, so from the

proposition we get that E(Q) has no non-zero torsion points.

Now what can we say about the action of Galois on the torsion points? Let Knr be the maximal unramified extension of K and I_v the inertia sub-group of G_K. We have the following exact sequence:

1 → G_K/Knr → GK → GKnr_/K → 1,

where we use the notation G_L/F = Gal(L/F ). But we also know that the unramified extensions of K correspond to the extensions of the residue field k, so the sequence becomes

1 → Iv → GK → Gk → 1.

We can then say that Iv is the set of elements of GK which act trivially on

1.3 Elliptic Curves 28

Definition 1.3.19. Let Σ be a set on which G_K acts. We say that Σ is unramified at v if the action of I_v on Σ is trivial.

Proposition 1.3.20. Let E/K be an elliptic curve and suppose that eE/k is non-singular. Let m ≥ 1 be an integer prime to char(k). Then E[m] is unramified at v.

Proof. Let F/K be a finite extension such that E[m] ⊂ E(F ) and let R0 be the ring of integers of F , m0 the maximal ideal of R0, k0 the residue field of R0 and v0 the valuation of F . Since E has non-singular reduction, we can take a minimal Weierstrass equation for E at v and have v(∆) = 0. Then also v0(∆) = 0, so the reduced curve eE/k0 is non-singular. Now from Proposition 1.3.17, the reduction map E[m] → eE(k0) is injective.

Let σ ∈ Iv and P ∈ E[m]. Since the inertia subgroup acts trivially onk,

σ acts trivially on eE(k0), so ^

Pσ_{− P = eP}σ_{− eP = eO.}

Now since Pσ− P ∈ E[m], the injectivity of the map E[m] → eE(k0) implies that Pσ− P = O.

We can actually give a kind of converse to this, known as the Néron-Ogg-Shafarevich criterion (see Theorem 1.3.25).

1.3.4 Good and Bad Reduction

Let E/K be an elliptic curve. We know that its reduction in general is not an elliptic curve, in particular, there are three possibilities:

Definition 1.3.21. Let E/K be an elliptic curve, and let eE be the reduced curve for a minimal Weierstrass equation.

(1) E has good reduction over K if eE is non-singular. (2) E has multiplicative reduction over K if eE has a node. (3) E has additive reduction over K if eE has a cusp.

In the last two cases, we say that E has bad reduction. Furthermore, if E has multiplicative reduction, the reduction is said to be split (respectively non-split) if the slopes of the tangent lines at the node are in k (respectively not in k).

We will work only with E having good, ordinary reduction, so that the reduced curve is still an elliptic curve. It is easy to characterize the type of reduction of an elliptic curve by its Weierstrass equation.

Proposition 1.3.22. Let E/K be an elliptic curve with minimal Weierstrass equation

y2+ a1xy + a3y = x3+ a2x2+ a4x + a6.

Let ∆ be the discriminant of this equation. Then E has good reduction if and only if v(∆) = 0 (i.e. ∆ ∈ R×).

This and the characterization of multiplicative and additive reduction can be found in [11], Ch.VII, Proposition 5.1, the terminology originates form the isomorphisms of Proposition 1.3.5.

Example 1.3.23. Let p ≥ 5 be a prime. Then the elliptic curve

y2 = x3+ px + 1

has good reduction over Qp, since ∆ = −16(4p3+ 27).

We want to know how reduction types behave if we have a field exten-sion. The next theorem answers to our question (for a proof, see [11], §VII, Proposition 5.4).

Theorem 1.3.24. Let E/K be an elliptic curve.

(1) Let F/K be an unramified extension. Then the reduction type of E over K is the same as the reduction type over F .

(2) Let F/K be a finite extension. If E has good or multiplicative reduction over K, it has the same type of reduction over F .

(3) There exists a finite extension F/K such that E has good or (split) multiplicative reduction over F .

Now if an elliptic curve E/K has good reduction, and m ≥ 1 is an integer prime to char(k), then we have seen that the torsion group E[m] is unramified. As announced earlier, here is a partial converse.

Theorem 1.3.25 (Néron-Ogg-Shafarevich). Let E/K be an elliptic curve. The following are equivalent:

(1) E has good reduction over K;

(2) E[m] is unramified at v for all integers m ≥ 1 prime with char(k);

(3) E[m] is unramified at v for infinitely many integers m ≥ 1 prime with char(k).

We will not see the proof (that can be found in [11], Ch.VII, Theorem 7.1) of this important theorem, but we mention that it is based on a deep theorem about the structure of the group E(K)/E0(K).

1.3 Elliptic Curves 30

Theorem 1.3.26 (Kodaira, Néron). Let E/K be an elliptic curve. If E has split multiplicative reduction over K, then E(K)/E₀(K) is a cyclic group of order v(∆). In all other cases, E(K)/E0(K) is a finite group of order at

most 4.

Corollary 1.3.27. The subgroup E0(K) is of finite index in E(K).

Another application of this theorem is the following proposition, that will be very useful for our later work. This and the previous corollary are proved in [11], Ch.VII.6.

Proposition 1.3.28. Let K be a finite extension of Qp. Then E(K) contains

a subgroup of finite index which is isomorphic to R+(i.e. R taken additively).

Proof (Sketch). The main steps are:

(1) from the above corollary we know that E(K)/E₀(K) is finite and by Proposition 1.3.15 E0(K)/E1(K) is isomorphic to eEns(k), which is

finite by hypothesis;

(2) we know from Proposition 1.3.16 that E1(K) ' bE(m) and by

Proposi-tion 1.3.12 bE(m) has a filtration such that each quotient is isomorphic to mi/mi+1;

(3) the logarithm map (see [11], Ch.IV, §5) provides an isomorphism bE(mr_{) '}

R+ if r is sufficiently large (see [11], Ch.IV, Theorem 6.4);

(4) we then have that bE(m) ' E1(K) has a subgroup of finite index

iso-morphic to R+.

So if K is a finite extension of Qp, since R+ is a free Zp-module with

rank [K : Qp], we have obtained

E(K) ' Z[K:Qp]

p ×T,

where T is a finite group. This is usually referred to as Lutz Theorem, a local version of the classical Mordell-Weil Theorem we shall see later (see Theorem 1.3.38).

1.3.5 Elliptic Curves over global fiels

Let K be a number field and E an elliptic curve over K. We denote by R the ring of integers of K, with K_v the completion of K at v, for a valuation v on K and with Rv, mv, kv the ring of integers, the maximal ideal and the

residue field associated to K_v, respectively. Moreover we write M_K0 for the set of non-archimedean valuations on K and M_K∞for the set of archimedean valuations on K. We suppose E[m] ⊂ E(K).

Definition 1.3.29. Let m ≥ 2 be an integer. The Kummer pairing

κ : E(K) × GK → E[m]

is defined as follows. Let P ∈ E(K), and choose Q ∈ E(K) such that [m]Q = P . We then define

κ(P, σ) = Qσ− Q.

Proposition 1.3.30. The Kummer pairing has the following properties.

(1) The Kummer pairing is well-defined.

(2) The Kummer pairing is bilinear.

(3) The kernel of the Kummer pairing on the left is mE(K), i.e.

{P ∈ E(K) | κ(P, σ) = O ∀σ ∈ GK} = mE(K) .

(4) The kernel of the Kummer pairing on the right is G_L, where

L = K([m]−1E(K))

is the composite of all the fields K(Q), where Q ranges over the points of E(K) such that [m]Q ∈ E(K).

Therefore the Kummer pairing induces a perfect bilinear pairing

E(K)/mE(K) × Gal(L/K) → E[m].

Most of this proposition follows immediately if we reinterpret the Kum-mer pairing in terms of group cohomology. Recall the KumKum-mer exact se-quence of GK-modules:

1 −→ µm−→ K × m

−→ K×−→ 1

where the map m is the rising to the m-th power. By taking the G_K -cohomology we get a long exact sequence from which we extract

1 → K×/(K×)m−→ Hδ 1(K, µm) → H1(K, K ×

), (1.8)

since by Hilbert 90 H1(K, K×) = 1, δ is an isomorphism. We follow the same procedure for elliptic curves.

Proof (of Proposition 1.3.30). We start with the following exact sequence of GK-modules

1.3 Elliptic Curves 32

As above, we take the G_K-cohomology, obtaining a long exact sequence

0 −→ E(K)[m] −→ E(K) −→[m] E(K) →

δ

−→ H1_{(K, E[m]) −→ H}1_{(K, E(K)) −→ H}[m] 1_{(K, E(K)) → . . .}

(1.10) We can then extract the following short exact sequence, which we call the Kummer sequence for E/K:

0 → E(K) mE(K) → H

1_{(K, E[m]) → H}1_{(K, E(K))[m] → 0, (1.11)}

where H1(K, E(K))[m] is the m-torsion subgroup of H1(K, E(K)).

Now recall how the boundary map δ is defined: let P ∈ E(K) and choose some Q ∈ E(K) such that [m]Q = P . Then a representative for δ(P ) is the cocycle

c : GK → E[m]

σ 7→ Qσ_{− Q,}

which corresponds to the Kummer pairing κ(P, σ) defined earlier. Since E[m] ⊂ E(K), we have

H1(K, E[m]) = Hom(GK, E[m])

and so we have an injective homomorphism

˜

δ : E(K)

mE(K) −→ Hom(GK, E[m])

P 7−→ κ(P, ·)

This proves (1), (2), (3) of Proposition 1.3.30. To prove (4), take σ ∈ GL,

then we have

κ(P, σ) = Qσ− Q = O,

since Q ∈ E(L), by definition of L. Conversely, suppose that σ ∈ G_K is such that κ(P, σ) = O for all P ∈ E(K). Then for every Q ∈ E(K) satisfying [m]Q ∈ E(K) we have

O = κ([m]Q, σ) = Qσ− Q. By the definition of L we have that σ fixes L, so σ ∈ GL.

Using the inflaction-restriction sequence we can also prove

Proposition 1.3.31. Let F/K be a finite Galois extension. If E(F )/mE(F ) is finite, then E(K)/mE(K) is also finite.