Elliptic Curve - The Group Law

The Group Law

By adding a "point at infinity", we obtain the projective version of this curve. If P and Q are two points on the curve, then we can uniquely describe a third point which is the intersection of the curve with the line through P and Q. If the line is tangent to the curve at a point, then that point is counted twice; and if the line is parallel to the y-axis, we define the third point as the point "at infinity". Exactly one of these conditions then holds for any pair of points on an elliptic curve.

It is then possible to introduce a group operation, +, on the curve with the following properties: we consider the point at infinity to be 0, the identity of the group; and if a straight line intersects the curve at the points P, Q and R, then we require that P + Q + R = 0 in the group. One can check that this turns the curve into an abelian group, and thus into an abelian variety. It can be shown that the set of K-rational points (including the point at infinity) forms a subgroup of this group. If the curve is denoted by E, then this subgroup is often written as E(K).

The above group can be described algebraically as well as geometrically. Given the curve y2 = x3 − px − q over the field K (whose characteristic we assume to be neither 2 nor 3), and points P = (x_P, y_P) and Q = (x_Q, y_Q) on the curve, assume first that x_P ≠ x_Q. Let s be the slope of the line containing P and Q; i.e., s = (y_P − y_Q)⁄_{(xP − xQ)}. Since K is a field, s is well-defined. Then we can define R = P + Q = (x_R, −y_R) by

If x_P = x_Q, then there are two options: if y_P = −y_Q, including the case where y_P = y_Q = 0, then the sum is defined as 0; thus, the inverse of each point on the curve is found by reflecting it across the x-axis. If y_P = y_Q ≠ 0, then R = P + P = 2P = (x_R, −y_R) is given by