Elliptic divisibility sequence

In mathematics, an elliptic divisibility sequence (EDS) is a sequence of integers satisfying a nonlinear recursion relation arising from division polynomials on elliptic curves. EDS were first defined, and their arithmetic properties studied, by Morgan Ward[1] in the 1940s. They attracted only sporadic attention until around 2000, when EDS were taken up as a class of nonlinear recurrences that are more amenable to analysis than most such sequences. This tractability is due primarily to the close connection between EDS and elliptic curves. In addition to the intrinsic interest that EDS have within number theory, EDS have applications to other areas of mathematics including logic and cryptography.

Definition

A (nondegenerate) elliptic divisibility sequence (EDS) is a sequence of integers (Wn)n 1 defined recursively by four initial values W1, W2, W3, W4, with W1W2W3 ≠ 0 and with subsequent values determined by the formulas


  \begin{align}
  W_{2n+1}W_1^3 &= W_{n+2}W_n^3 - W_{n+1}^3W_{n-1},\qquad n \ge 2, \\
  W_{2n}W_2W_1^2 &= W_{n+2}W_n W_{n-1}^2 - W_n W_{n-2}W_{n+1}^2,\qquad n\ge 3,\\
  \end{align}

It can be shown that if W1 divides each of W2, W3, W4 and if further W2 divides W4, then every term Wn in the sequence is an integer.

Divisibility property

An EDS is a divisibility sequence in the sense that


  m \mid n \Longrightarrow W_m \mid W_n.

In particular, every term in an EDS is divisible by W1, so EDS are frequently normalized to have W1 = 1 by dividing every term by the initial term.

Any three integers b, c, d with d divisible by b lead to a normalized EDS on setting


  W_1 = 1,\quad W_2 = b,\quad W_3 = c,\quad W_4 = d.

It is not obvious, but can be proven, that the condition b | d suffices to ensure that every term in the sequence is an integer.

General recursion

A fundamental property of elliptic divisibility sequences is that they satisfy the general recursion relation


  W_{n+m}W_{n-m}W_r^2 = W_{n+r}W_{n-r}W_m^2 - W_{m+r}W_{m-r}W_n^2
  \quad\text{for all}\quad n > m > r.

(This formula is often applied with r = 1 and W1 = 1.)

Nonsingular EDS

The discriminant of a normalized EDS is the quantity


  \Delta = 
  W_4W_2^{15} - W_3^3W_2^{12} + 3W_4^2W_2^{10} - 20W_4W_3^3W_2^7 +
  3W_4^3W_2^5 + 16W_3^6W_2^4 + 8W_4^2W_3^3W_2^2 + W_4^4.

An EDS is nonsingular if its discriminant is nonzero.

Examples

A simple example of an EDS is the sequence of natural numbers 1, 2, 3,… . Another interesting example is the sequence 1, 3, 8, 21, 55, 144, 377, 987,… consisting of every other term in the Fibonacci sequence, starting with the second term. However, both of these sequences satisfy a linear recurrence and both are singular EDS. An example of a nonsingular EDS is


  \begin{align}
    &1,\, 1,\, -1,\, 1,\, 2,\, -1,\, -3,\, -5,\, 7,\, -4,\, -23,\,
    29,\, 59,\, 129,\\
    &-314,\, -65,\, 1529,\, -3689,\, -8209,\, -16264,\dots.\\
  \end{align}

Periodicity of EDS

A sequence (An)n 1 is said to be periodic if there is a number N 1 so that An+N = An for every n ≥ 1. If a nondegenerate EDS (Wn)n 1 is periodic, then one of its terms vanishes. The smallest r ≥ 1 with Wr = 0 is called the rank of apparition of the EDS. A deep theorem of Mazur[2] implies that if the rank of apparition of an EDS is finite, then it satisfies r ≤ 10 or r = 12.

Elliptic curves and points associated to EDS

Ward proves that associated to any nonsingular EDS (Wn) is an elliptic curve E/Q and a point P ε E(Q) such that


  W_n = \psi_n(P)\qquad\text{for all}~n \ge 1.

Here ψn is the n division polynomial of E; the roots of ψn are the nonzero points of order n on E. There is a complicated formula[3] for E and P in terms of W1, W2, W3, and W4.

There is an alternative definition of EDS that directly uses elliptic curves and yields a sequence which, up to sign, almost satisfies the EDS recursion. This definition starts with an elliptic curve E/Q given by a Weierstrass equation and a nontorsion point P ε E(Q). One writes the x-coordinates of the multiples of P as


  x(nP) = \frac{A_n}{D_n^2} \quad \text{with}~\gcd(A_n,D_n)=1~\text{and}~D_n \ge 1.

Then the sequence (Dn) is also called an elliptic divisibility sequence. It is a divisibility sequence, and there exists an integer k so that the subsequence ( ±Dnk )n ≥ 1 (with an appropriate choice of signs) is an EDS in the earlier sense.

Growth of EDS

Let (Wn)n 1 be a nonsingular EDS that is not periodic. Then the sequence grows quadratic exponentially in the sense that there is a positive constant h such that


  \lim_{n\to\infty} \frac{\log |W_n|}{n^2} = h > 0.

The number h is the canonical height of the point on the elliptic curve associated to the EDS.

Primes and primitive divisors in EDS

It is conjectured that a nonsingular EDS contains only finitely many primes[4] However, all but finitely many terms in a nonsingular EDS admit a primitive prime divisor.[5] Thus for all but finitely many n, there is a prime p such that p divides Wn, but p does not divide Wm for all m < n. This statement is an analogue of Zsigmondy's theorem.

EDS over finite fields

An EDS over a finite field Fq, or more generally over any field, is a sequence of elements of that field satisfying the EDS recursion. An EDS over a finite field is always periodic, and thus has a rank of apparition r. The period of an EDS over Fq then has the form rt, where r and t satisfy


  r \le \left(\sqrt q+1\right)^2 \quad\text{and}\quad t \mid q-1.

More precisely, there are elements A and B in Fq* such that


  W_{ri+j} = W_j\cdot A^{ij} \cdot B^{j^2}
  \quad\text{for all}~i \ge 0~\text{and all}~j \ge 1.

The values of A and B are related to the Tate pairing of the point on the associated elliptic curve.

Applications of EDS

Bjorn Poonen[6] has applied EDS to logic. He uses the existence of primitive divisors in EDS on elliptic curves of rank one to prove the undecidability of Hilbert's tenth problem over certain rings of integers.

Katherine Stange[7] has applied EDS and their higher rank generalizations called elliptic nets to cryptography. She shows how EDS can be used to compute the value of the Weil and Tate pairings on elliptic curves over finite fields. These pairings have numerous applications in pairing-based cryptography.

References

  1. Morgan Ward, Memoir on elliptic divisibility sequences, Amer. J. Math. 70 (1948), 3174.
  2. B. Mazur. Modular curves and the Eisenstein ideal, Inst. Hautes Études Sci. Publ. Math. 47:33186, 1977.
  3. This formula is due to Ward. See the appendix to J. H. Silverman and N. Stephens. The sign of an elliptic divisibility sequence. J. Ramanujan Math. Soc., 21(1):117, 2006.
  4. M. Einsiedler, G. Everest, and T. Ward. Primes in elliptic divisibility sequences. LMS J. Comput. Math., 4:113 (electronic), 2001.
  5. J. H. Silverman. Wieferich's criterion and the abc-conjecture. J. Number Theory, 30(2):226237, 1988.
  6. B. Poonen. Using elliptic curves of rank one towards the undecidability of Hilbert's tenth problem over rings of algebraic integers. In Algorithmic number theory (Sydney, 2002), volume 2369 of Lecture Notes in Comput. Sci., pages 3342. Springer, Berlin, 2002.
  7. K. Stange. The Tate pairing via elliptic nets. In Pairing-Based Cryptography (Tokyo, 2007), volume 4575 of Lecture Notes in Comput. Sci. Springer, Berlin, 2007.

Further material

External links

This article is issued from Wikipedia - version of the Thursday, February 17, 2011. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.