To see what you can do to an object, use Tab
To find out what a command does, use ?
To get the source code, use ??
{{{id=8|
L.
///
}}}
The range(lower,upper) command is often useful. Note that the values return are up to but not including the upper bound. This will be a recurring theme.
{{{id=9|
R = range(1,10)
S = range(10)
R;S
///
}}}
Python "slice" notation lets you pick elements out of lists.
{{{id=10|
S[1:3]
///
}}}
{{{id=11|
S[:5]; S[5:]; S[::-1]
///
}}}
What will the following do?
{{{id=12|
S[5:1:-2]
///
}}}
We define three generic points, then add them using both ways of associating.
{{{id=23| P1 = (x1,y1); P2 = (x2,y2); P3 = (x3,y3) Z = elladd(P1, elladd(P2,P3)) W = elladd(elladd(P1,P2), P3) Z == W /// }}}Unfortunately, these points have coordinates that are just polynomials, so, e.g., the relationship $y_1^2 = x_1^3 + Ax_1 + B$ simply isn't taken into account. Thus $Z\neq W$. To take into the extra relationship between the $x_i$ and $y_i$, we create a quotient ring. This is just like how the integers modulo $n$ is a quotient ring, which takes into account the relation "$n = 0$".
We thus form the quotient polynomial ring with variables $x_i, y_i, A, B$, where $y_i^2 = x_i^3 +Ax_i + B$. You can think of this as a ring that contains three generic points on the elliptic curve.
{{{id=21| rels = [y1^2 - (x1^3 + A*x1 + B), y2^2 - (x2^3 + A*x2 + B), y3^2 - (x3^3 + A*x3 + B)] /// }}} {{{id=60| Q = R.quotient(rels) Q; show(Q) /// }}}We then verify that the two points $(P_1 + P_2)+P_3$ and $P_1 + (P_2 + P_3)$ are equal, modulo the relations, hence proving the associative law in the case where $P_1$, $P_2$, $P_3$, $P_1 + P_2$, and $P_2+P_3$ are all distinct, nonzero, and no pair are inverses of each other.
The massive polynomial $f$ below is $0$ in the quotient ring precisely if the $x$-coordinates of the two points are equal, modulo the relations.
{{{id=37| f = Z[0].numerator()*W[0].denominator() - Z[0].denominator()*W[0].numerator(); f /// }}}Coerce into the quotient ring $Q$ defined above:
{{{id=38| Q(f) /// }}}Likewise for the $y$-cordinates:
{{{id=64| Q(Z[1].numerator()*W[1].denominator() - Z[1].denominator()*W[1].numerator()) /// }}}$y^2 = x^3$
{{{id=67| implicit_plot(y^2-x^3,(-2,5),(-5,5)) /// }}} $y^2 = x^3 - 3x + 2$ {{{id=69| implicit_plot(y^2-x^3+3*x-2,(-3,5),(-5,5)) /// }}}Both of these curves have singularites -- points where the tangent line is undefined. If we try to define the group law on these curves using our formulas, we run into a problem when trying to double or add singular points. Thus we exclude these types of curves in our definition of elliptic curve.
We can define the group law on the nonsingular real-valued points of these curves. In the first example, the curve has a cusp, and the resulting group $E_{ns}(\mathbf{R})$ is isomorphic to the additive group of real numbers. In the second example, the curve has a node, and the resulting group $E_{ns}(\mathbf{R})$ is isomorphic to the multiplicative group of real numbers. Over general fields the second case is slightly more complicated. See Section 2.10 of Washington for details. {{{id=65| /// }}}