\section*{Introduction}
The goal of the paper is to introduce the Selmer group and
Shafarevich-Tate group by using the proof of the weak Mordell-Weil
theorem as a motivation. This approach allows us to present a more
geometric interpretation of the two groups in terms of principal
homogeneous spaces and their relation to Galois cohomology.
\edit{Make clear from the outset that you do not care at all
about computational complexity, i.e., how difficult the computations
are. What matters, is that they can be done at all. Also,
so far you don't say anything about how computing $E(K)$
is still an {\em open problem}, how deciding if a genus
one curve (even a cubic) has a rational point is an open
problem, and how these are related to Hilbert's 10th problem.}
In section 1, we introduce the Kummer pairing and prove its main
properties. We compute the left and right kernels and then view
the pairing in terms of the coboundary map in a long exact
sequence in Galois cohomology. In section 2, we study in details\edit{detail}
the properties of the right kernel of the pairing, which turns out
to be a finite index subgroup of the Galois group $\Gk$. Several
classical results from algebraic number theory are assumed, such
as the Dirichlet's $S$-unit theorem and standard facts about
unramified field extensions of a number field.
Section 3 is devoted to the classical techniques for computing the
weak Mordell-Weil\edit{group} by constructing a pairing $b : E(K) / mE(K)
\times E[m] \ra K^* / {K^*}^m$ out of the Weil pairing and using\edit{an}
explicit description of principal homogeneous spaces. In section
4, we illustrate these techniques for the case $m = 2$, which is
known as complete 2-descent.
In section 5, we define Selmer group\edit{groups} and Shafarevich-Tate group\edit{groups}
using Galois cohomology and then interpret the two groups
geometrically, in terms of rational points on homogeneous spaces.
We state one of the big open problems in number theory - \edit{should be an
em-dash: ---} the
conjecture about the finiteness of $\Sha$. In section 6, we prove
the finiteness of the Selmer group and explain the main techniques
for computing this group for elliptic curves. In the next section,
we illustrate these techniques for the case of 2-isogenies.
In the last section, we introduce another method for computing the
Selmer group which works in a\edit{delete word ``a''} greater generality and uses rational
functions on the Jacobian of the curve.
\edit{Include a paragraph stating your assumptions about the background
of the reader. For example, you assume the reader is familiar with
basic facts about elliptic curves, but not advanced facts. You assume
the reader is fluent in Galois cohomology, at the level of blah article.
You certainly assume Galois theory.}
%%% ----------------------------------------------------------------------
\section{Weak Mordell-Weil Group and Kummer Pairing via
Galois Cohomology}
Suppose that $E / K$ is an elliptic curve over a number field and
$m \geq 2$ is an integer, such that $E[m] \subseteq E(k)$.\edit{What
is little $k$? You only have $K$. Also, what is $K$? Is it
a number field?} We
define the weak Mordell-Weil group for $E / K$ to be the quotient
group $E(K) / mE(K)$, where $E(K)$ is the group of rational points
on the elliptic curve $E$. This group is an interesting object to
study for each $m$, since it contains a lot of information about
the full Mordell-Weil group $E(K)$. In fact,\edit{What?}
Define a pairing
$$
\kappa : E(K) \times \textrm{Gal}(\overline{K} / K) \ra E[m],
$$
in the following way: for each $P \in E(K)$ choose $Q \in E$\edit{
$Q\in E(\overline{K})$, since $E$ is not a set}, such
that $[m]Q = P$ and let $\kappa(P, \sigma) := Q^\sigma - Q$.
First of all, this pairing is well-defined. Indeed, suppose that
$Q'$ is another point, such that $[m]Q = [m]Q' = P$. We need to
check that $Q'^\sigma - Q' = Q^\sigma - Q$. But $[m](Q' - Q) = 0$,
i.e. $Q - Q' \in E[m] \subseteq E(K)$, which means that $Q' - Q$
is fixed by the action of Gal$(\overline{K} / K)$. Hence, $(Q' -
Q)^\sigma = Q' - Q$, or $Q'^\sigma - Q' = Q^\sigma - Q$. We often
call the pairing $\kappa$ the Kummer pairing.
The basic properties of $\kappa$ are summarized in the following
proposition:
\begin{prop}
The pairing $\kappa$ is bilinear, with left kernel equal to
$mE(K)$ and right kernel equal to Gal$(\overline{K} / L)$, where
$L$ is a field extension of $K$ obtained by adjoining the
coordinates of all points in $[m]^{-1}E(K)$ (or $L =
K([m]^{-1}E(K))$). In particular, $\kappa$ induces a perfect
bilinear pairing\edit{The Gal below should be in roman!}
$$
E(K) / mE(K) \times \textrm{Gal}(L / K) \ra E[m].
$$
\end{prop}
\verb"Proof:" Bilinearity of $\kappa$ is obvious from the
definition. Suppose that $P \in E(K)$ is in the left kernel of
$\kappa$. Choose $Q \in E(\overline{K})$, such that $[m]Q = P$. We
will show that $Q \in E(K)$ and thus, it will follow that $P \in
mE(K)$. But this is clear from the definition, since $\kappa(P,
\sigma) = 0$ means precisely that $Q$ is fixed by $\sigma$.
Conversely, any $P \in mE(K)$ is in the left kernel of $\kappa$.
Let $\sigma \in \Gk(K)$ be in the right kernel. In this case it
suffices to show that $\sigma$ fixes the field extension $L / K$.
Let $P \in E(K)$ and $Q$ be a point, such that $[m]Q = P$. Then
$\kappa(P, \sigma) = 0$ implies $Q^\sigma = Q$. Since this is true
for any point in $[m]^{-1}E(K)$, then $L$ is fixed by $\sigma$,
i.e. $\sigma \in \textrm{Gal}(\overline{K} / L)$. Conversely, any
$\sigma \in \textrm{Gal}(\overline{K} / L)$ is in the right
kernel, because it fixes the points in $[m]^{-1}E(K)$.
We obtain the perfect bilinear pairing by moding out by the left
and right kernels of $\kappa$. $\hfill \Box$ \\
Next, our goal is to describe the Kummer pairing in terms of
Galois cohomology. To begin with, consider the short exact
sequence of Gal$(\overline{K} / K)$-modules for a fixed integer $m
> 1$
\[
\begin{CD}
0 \ra E[m] @>>> E(\overline{K}) @>[m]>> E(\overline{K}) \ra 0.
\end{CD}
\]
This short exact sequence gives a long exact sequence on
cohomology
\[
\begin{CD}
0 @>>> H^0(\Gk, E[m]) @>>> H^0(\Gk, E(\overline{K})) @>[m]>>
H^0(\Gk, E(\overline{K})) \\
@>\delta>> H^1(\Gk, E[m]) @>>> H^1(\Gk, E(\overline{K})) @>[m]>>
H^1(\Gk, E(\overline{K})).
\end{CD}
\]
But $H^0(G, M) = M^G$ for any group $G$ and a $G$-module $M$, so
we rewrite the above sequence as
\[
\begin{CD}
0 @>>> E(K)[m] @>>> E(K) @>[m]>>
E(K) \\
@>\delta>> H^1(\Gk, E[m]) @>>> H^1(\Gk, E(\overline{K})) @>[m]>>
H^1(\Gk, E(\overline{K})).
\end{CD}
\]
Next, we obtain a short exact sequence out of this long exact
sequence, using the fact that ker $\delta = mE(K)$. We call this
short exact sequence the \emph{Kummer sequence}:
\[
\begin{CD}
0 \ra E(K) / mE(K) @>\delta>> H^1(\Gk, E[m]) @>>> H^1(\Gk,
E(\overline{K}))[m] \ra 0.
\end{CD}
\] \\
Since the left kernel of the pairing $\kappa$ is $mE(K)$, then
$\kappa$ induces a homomorphism
$$
\delta_E : E(K) / mE(K) \ra \textrm{Hom}(\Gk, E[m]).
$$
Using the Galois cohomology discussion from above, the
homomorphism $\delta_E$ is precisely the connecting homomorphism
$\delta$ for the long exact sequence, constructed above.
%%% ----------------------------------------------------------------------
\section{Properties of the Field Extension $L = K([m]^{-1}E(K))/K$}
After introducing the Kummer pairing in the previous section, we will
to study in a more detail the field extension $L = K([m]^{-1}E(K))$,
which appeared in proposition 1.1 in the previous section. The main
result that we prove is that this extension is abelian of exponent
$m$, which is unramified outside of a finite set of places
$\nu$. Then, using a general result from algebraic number theory, we
prove that $L / K$ is a finite extension.\edit{You might want to make
the following amusing observation. Since $L=K([m]^{-1} E(K))$, we see
that $L$ is obtained by adjoining to $K$ the coordinates of all $m$th
roots of elements in a basis for $E(K)$. If $E(K)$ has finite rank
(something we don't know yet, and are trying to prove!), then we need
only adjoin finitely many elements to get~$L$, so $L$ is of finite
degree over~$K$. Thus finite generated-ness of $E(K)$ would
immediately imply $L$ is finite over~$K$. However, we can not use
this, because we are trying to prove that $E(K)$ is finitely
generated!}
The main properties of the field extension $L / K$ are summarized
in the following
\begin{prop}
(i) The field extension $L / K$ is an abelian extension of
exponent $m$. In other words, the Galois group \edit{Gal should
be in roman.} Gal$(L / K)$ is
abelian and every element has order dividing $m$.\edit{This
is false if $L=K$, since then the exponent is $1$. You should
say the exponent divides~$m$.}\\
(ii) If $S$ is the finite set of places,\edit{Remove
this comma.} at which $E$ has bad
reduction, together with the infinite places and the places $\nu$,
for which $\nu(m) \ne 0$, then $L / K$ is unramified at each $\nu
\notin S$.
\end{prop}
The following lemma will be used in the proof of the proposition:
\begin{lem}
Suppose that $\nu$ is a discrete valuation, such that $\nu(m) = 0$
and $E / K$ has a\edit{Delete ``a''} good reduction at $\nu$. Then the reduction map
$E(K)[m] \ra \tilde{E}_\nu(k_\nu)$ is injective.
\end{lem}
\verb"Proof:" This is proved in [Sil-1, VIII.\S1]. $\hfill \Box$
\\
We are now ready to prove the proposition:
\verb"Proof of proposition 2.1:" (i) This is a consequence of
proposition 1.1. Indeed, the map $\sigma \mapsto \kappa(\sigma,
\cdot)$ is an injection Gal$(L / K) \ra \textrm{Hom}(E(K), E[m])$.
Therefore every element of Gal$(L / K)$ is abelian and of order
dividing $m$, since every homomorphism of $\textrm{Hom}(E(K),
E[m])$ has
order dividing $m$. \\
(ii) Take a point $Q \in [m]^{-1}E(K)$ and let $P = [m]Q$.
Consider the extension $L = K(Q)$ over $K$. It suffices to show
that this extension is unramified at each $\nu \notin S$. Let
$\nu'$ be an extension of $\nu$ in $K(Q)$ and $D_{\nu' / \nu}$ and
$I_{\nu' / \nu}$ be the inertia and the decomposition groups,
respectively. We will be done if we show that each element of
$I_{\nu' / \nu}$ acts trivially on $K(Q)$. Indeed, every element
of $I_{\nu' / \nu}$ acts trivially on $\tilde{E}_\nu(k'_{\nu'})$,
where $k'_{\nu'}$ denote the reduction of $K(Q)$ at $\nu'$.
Therefore $(Q^\sigma - Q)^{\sim} = \tilde{Q}^\sigma - \tilde{Q} =
\tilde{0}$ for all $\sigma \in I_{\nu' / \nu}$. But $Q^\sigma - Q
\in E[m]$, because $Q \in [m]^{-1}E(K)$. Thus, lemma 2.2 implies
that $Q^\sigma = Q$, so $I_{\nu' / \nu}$ acts trivially on $K(Q) /
K$, which means that the field extension is unramified. This
proves the proposition. $\hfill \Box$ \\
Our goal in this section is to show that $L / K$ is a finite
extension. So far, we concluded that $L / K$ is\edit{an} abelian
extension of exponent $m$ which is unramified outside of a finite set
of primes. It turns out that these conditions are enough to
claim\edit{deduce} the finiteness of $L/K$. The next theorem
establishes precisely this statement. In the proof, we assume several
nontrivial results from algebraic number theory.
\begin{thm}
Let $K$ be a number field, $m \geq 2$ be an integer, and $S$ -\edit{Why
is this dash here?} a
finite set of places, containing all infinite places in $K$ and
all finite places $\nu$, such that $\nu(m) \ne 0$. Consider the
maximal abelian extension $L / K$ which has exponent $m$ and which
is unramified at all places outside of $S$. Then $L / K$ is a
finite extension.
\end{thm}
\verb"Proof:" If the proposition is true for a finite extension
$K' / K$, then it is certainly true for $K$. Indeed, if $L/K$ is
the maximal abelian extension of exponent $m$, which is unramified
outside of the finite set $S$, then $LK' / K'$ is a maximal
abelian extension of exponent $m$, unramified outside of a set
$S'$ of extensions of the places in $S$ to $LK'$. Therefore, $LK'
/ K'$ is finite, and so $L / K$ would also be finite. Thus, we can
assume that $K$ contains the $m$-th roots of unity $\mu_m$.
We define \emph{the ring of $S$-integers}
$$
R_S = \{a \in K : \nu(a) \geq \edit{what?}\textrm{ for all } \nu \notin S\}.
$$
First, it follows from [La, V] that we can add finitely many
places to $S$, so that $R_S$ becomes a Dedekind domain with class
number 1 (i.e. a principal ideal domain). Making $S$ bigger
increases $L$ and so we can assume that $R_S$ is a PID.
Next, we use another auxiliary result:
\begin{lem}
Let $K$ be a number field (more generally, any field of
characteristic 0), containing the $m$-th roots of unity $\mu_m$.
Then the maximal abelian extension of $K$ of exponent $m$ is
obtained by adjoining $m$-th roots of the elements of $K$. In
other words, $L = K(a^{1/m} : a \in K)$ is the maximal abelian
extension of $K$ of degree $m$.\edit{You mean ``of exponent~$m$.}
\end{lem}
\verb"Proof:" *** LATER *** $\hfill \Box$ \\
According to the lemma 2.4\edit{Change ``the lemma 2.4'' to ``Lemma 2.4''}, $L$ is the largest extension of $K$,
contained in $K(a^{1/m} : a \in K)$, which is unramified outside
of $S$.\edit{Remind reader that $L$ is now exponent $m$ abelian and
unramified outside $S$, unlike in the statement of the Lemma,
where $L$ is something else! Also, maybe you shouldn't use
the symbol $L$ in the statement of the lemma.}
Suppose that $\nu \notin S$. Then $a^{1/m} \in L$ for some $a \in
K$ if and only if $K_\nu(a^{1/m}) / K_\nu$ is unramified. But
since $\nu(m) = 0$, then this condition is satisfied precisely
when $\nu(a) \equiv 0$ (mod $m$). Finally, we conclude that $L =
K(a^{1/m} : a \in T_S)$, where
$$
T_S = \{a \in K^* / {K^*}^m : \nu(a) \equiv 0 (\textrm{mod } m)
\textrm{ for all }\nu \notin S\}
$$
We will be done if we prove that $T_S$ is finite. The idea is to
consider the natural map $R_S^* \ra T_S$. We claim that this map
is surjective. Indeed, the valuations $\nu \notin S$ correspond
precisely to the prime ideals of $R_S$. Thus, if $a \in K^*$
represents an element of $T_S$, then the ideal $aR_S$ is the
$m$-th power of an ideal of $R_S$ (by the definition of $T_S$).
Since $R_S$ is a principal ideal domain, then $aR_S = b^mR_S$ for
some $b \in K^*$. Hence, $a = ub^m$ for some $u \in R_S^*$. But
then the images of $a$ and $u$ in $T_S$ are the same and therefore
the map $R_S^* \ra T_S$ is surjective. Since its kernel contains
$(R_S^*)^m$ then we obtain a surjective map $R_S^* / (R_S^*)^m \ra
T_S$. Finally, using Dirichlet's $S$-unit theorem [La, V], it
follows that $R_S^*$ is finitely generated and therefore $R_S^* /
(R_S^*)^m$ is finite. Thus, $T_S$ is finite and $L / K$ is a
finite extension. $\hfill \Box$ \\
We finally proved that $L / K$ is a finite extension, which is
enough to conclude that $E(K) / mE(K)$ is finite, because of the
perfect pairing $E(K) / mE(K) \times \textrm{Gal}(L / K) \ra E[m]$
induced by $\kappa$ in section 1.
%%% ----------------------------------------------------------------------
\section{Computation of the Weak Mordell-Weil Group and
Principal Homogeneous Spaces}
Recall that we assumed in the very beginning that $E[m] \subset
E(K)$. This assumption implies that $\mu_m \subset K^*$. It
follows from Hilbert 90 Satz theorem\edit{Doesn't satz mean theorem,
so why say it twice? Just say ``Hilbert's Theorem 90''.} [Jac] that each homomorphism
$\Gk \ra \mu_m$ has the form $\sigma \mapsto \sigma(\beta) /
\beta$ for some $\beta \in \overline{K}^*$ and $\beta^m \in K^*$.
Therefore, we have an isomorphism $\delta_K : K^* / {K^*}^m \ra
\textrm{Hom}(\Gk, \mu_m)$.
The main idea for the computation of the weak Mordell-Weil group
$E(K) / mE(K)$ is to use the homomorphisms $\delta_E$ (from
section 1) and $\delta_K$ in order to construct a pairing
$$
b : E(K)/mE(K) \times E[m] \ra K^* / {K^*}^m,
$$
which is computable.
For the construction of this pairing, we use the Weil pairing $e_m
: E[m] \times E[m] \ra \mu_m$, defined in [Sil1-III.\S8]. Define
$$
b(P, Q) = \delta_K^{-1}(e_m(\delta_E(P)(\cdot), Q)).
$$
The pairing is well-defined, because $\delta_K$ is an isomorphism. It
is also not hard to check that the pairing is bilinear and
nondegenerate on the left. Indeed, if $\delta_K$ were degenerate on
the left, then \edit{insert: ``there would exist a~$P$ such that...''}
for all $Q \in E[m]$ and all $\sigma \in \Gk$ it will follow that
$e_m(\kappa(P, \sigma), Q) = 1$. Since the Weil pairing is
nondegenerate, then $\kappa(P, \sigma) = 0$, which means that $P \in
mE(K)$ by proposition 1.1. \\
The pairing $b$ is easily computable. The next proposition
discusses how one can compute the pairing $b$.\edit{replace
this entire sentence by adding the phrase ``as follows'' to the
previous sentence.}
\begin{prop}
Let $S$ be the finite set of places $\nu$,\edit{remove
this comma} at which $E$ has a bad
reduction, the infinite places and the primes dividing $m$. Then
the image of the pairing $b$ lies in the subgroup
$$
K(S, m) = \{b \in K^* / {K^*}^m : \nu(b) \equiv 0 (\textrm{mod }
m) \textrm{ for all }\nu \notin S\}
$$
Moreover, for a point $Q \in E[m]$ if $f_Q$ and $g_Q$ are
functions, satisfying\edit{What is $F_Q$? Is it $f_Q$?} div$(F_Q) = m(Q) - m(0)$ and $f_Q \circ [m]
= g_Q^m$ and $P \ne Q$ then $b(P, Q) \equiv f_Q(P) \textrm{(mod }
{K^*}^m)$. In the case $P = Q$ one can consider any point $P' \in
E(K)$, such that $f_{Q}(-P') \ne 0$ and use bilinearity of the
pairing to obtain $b(P, P) = f_{Q}(P + P') / f_Q(P')$.
\end{prop}
Before presenting the proof, we will mention that the above
proposition might\edit{What do you mean ``might''? Is it or
isn't it helpful?} be helpful for computing the weak Mordell-Weil
group (and therefore the full Mordell-Weil group) for the elliptic
curve $E / K$. Indeed, the functions $f_Q$ can be computed from
the equation of the curve. Once we do this, it suffices to take
generating points for $E[m]$ (call them $Q_1$ and $Q_2$) and
consider all pairs $(b_1, b_2) \in K(S, m)$ (which are finitely
many). Using the non-degeneracy of the pairing $b$, we notice that
if the equations $b_1z_1^m = f_{Q_1}(P)$ and $b_2z_2^m =
f_{Q_2}(P)$ have a solution $(P, z_1, z_2)$, such that $P \in
E(K)$, $z_1, z_2 \in K^*$, then any other such solution\edit{What
do you mean by ``such solution''?}\edit{You should formalize
this as a proposition and prove it. The proof is of course
very simple, but is is so important to this whole section,
that it should be singled out and clearly explained.} has the
same $K$-rational point $P$. Therefore, the question\edit{of} computing
Mordell-Weil group\edit{groups. Also, you are only really computing
$E(K)/m E(K)$, which is not the full Mordell-Weil group. Once that
quotient is computed, there is a whole theory about getting $E(K)$
from points.} reduces to the existence of a point $(x, y,
z_1, z_2) \in K \times K \times K^* \times K^*$ on an auxiliary
curve, defined by the equations $y^2 + a_1 xy + a_3 y = x^3 +
a_2x^2 + a_4x + a_6$, $b_1z_1^m = f_{Q_1}(x, y)$ and $b_2z_2^m =
f_{Q_2}(x, y)$. We call this auxiliary curve a \emph{homogeneous
space} for $E / K$. In the following sections we will develop the
theory of homogeneous spaces in terms of Galois cohomology. \\
\verb"Proof of Proposition 1.2:" Consider the element $\beta =
b(P, Q)^{1/m}$ and the field extension $K(\beta) / K$. The proof
of the first part is based on two observations. First, the element
$\beta$ is contained in the finite extension $L =
K([m]^{-1}E(K))$, as defined in proposition 1.1. Since $L / K$ is
unramified outside of $S$ by theorem 2.3, then $K(\beta) / K$ is
unramified as well. But we get from algebraic number theory that
$K(\beta / K)$ is unramified at $\nu$ if and only if $\nu(\beta^m)
\equiv 0$ (mod $m$). This proves that the image of $b$ is
contained in $K(S, m)$.
For the second part of the proposition, recall [Sil-1, III.\S8]
that $f_Q$ and $g_Q$ are used for defining the Weil pairing. In
other words, $\ds e_m(P, Q) := \frac{g_Q(X + P)}{g_Q(X)}$ (the
last fraction is the same for all $X$). Choose a point $P' \in
E(\overline{K})$, such that $[m]P' = P$. Then by the definition of
$b$ and $e_m$ for $X = P'$, we have
$$
\frac{\beta^\sigma}{\beta} = e_m(P'^\sigma - P', Q) =
\frac{g_Q(P'^\sigma)}{g_Q(P')} = \frac{g_Q(P')^\sigma}{g_Q(P')}.
$$
By raising to the $m$-th power and using the fact that $\delta_K$
is an isomorphism, we conclude that $g_Q(P')^m \equiv \beta^m$
(mod ${K^*}^m$). Hence, $f_Q(P) = f_Q([m]P') = g_Q(P')^m \equiv
b(P, Q)$ (mod ${K^*}^m$), which completes the proof of the
proposition. $\hfill \Box$
%%% ----------------------------------------------------------------------
\section{Applications and Complete 2-descent}
Our discussion in section 3 will not be complete without an
explicit example, for which we compute the weak Mordell-Weil
group, using the described techniques. Since the main technical
difficulties arise from the group law on the elliptic curve,
derived out of the Weierstrass equation, we restrict ourselves to
the case $m = 2$, which can be made explicit using the formulas
for the group law on the elliptic curve, out of the Weierstrass
equations.\edit{Note here that the case $m>2$ can also be
made explicit, at least in principal, and for $m=3,4,5$ in
practice...}
First, take a Weierstrass equation for $E$ of the form
$$
y^2 = (x - e_1)(x - e_2)(x - e_3).
$$
The 2-torsion point in $E$ are $0$ and $Q_i = (e_i, 0)$ for $i =
1, 2, 3$. The first step is to determine the functions $f_{Q_i}$
and $g_{Q_i}$. In this case, the explicit formulas for the group
law on the curve [Sil1-III] makes this quite easy. We check that
the function $f_{Q_i} = x - e_i$ satisfies div$(f_{Q_i}) = 2(Q_i)
- 2(0)$. Moreover,
$$
x \circ [2] - e_i = (x^2 - 2e_ix - 2e_i^2 + 2(e_1 + e_2 + e_3)e_i
- (e_1e_2 + e_1e_3 + e_2e_3))^2 / (2y)^2,
$$
so\edit{It is bizarre that you did not use frac for the
above equation, but do for the one in the text right after
it!!} we can set $\ds g_{Q_i} = \frac{(x^2 - 2e_ix - 2e_i^2 + 2(e_1 +
e_2 + e_3)e_i - (e_1e_2 + e_1e_3 + e_2e_3))}{2y}$. Recall that
knowing $f_{Q_i}$ means knowing explicitely the equations for the
principal homogeneous spaces.
Fix $(b_1, b_2) \in K(S, 2) \times K(S, 2)$. To check whether
$(b_1, b_2)$ is in the image of the pairing $b$ means to check
whether the system of equations $y^2 = (x - e_1)(x - e_2)(x -
e_3)$, $b_1z_1^2 = x - e_1$ and $b_2z_2^2 = x - e_2$ has a
solution $(x, y, z_1, z_2) \in K \times K \times K^* \times K^*$
(we are using the fact that $Q_1$ and $Q_2$ are generators for
$E[2]$). By substituting the second and the third equation into
the first one, one\edit{change ``one'' to ``we''; also display
the ``second'' and ``third'' equations, and number them, because
I have no clue which the second and third are at this point!}
obtains $y^2 = (x - e_3)b_1b_2z_1^2z_2^2$.
Since $b_1, b_2, z_1, z_2$ are non-zero, we consider $\ds z_3 =
\frac{y}{b_1b_2z_1z_2}$. Then the new set of equations is
$b_1b_2z_3^2 = x - e_3$, $b_1z_1^2 = x - e_1$ and $b_2z_2^2 = x -
e_2$. *** LATER *** \\
We can summarize the whole argument in the following
\begin{thm}[Complete 2-descent]
Suppose that $E / K$ is an elliptic curve, given by a Weierstrass
equation
$$
y^2 = (x - e_1)(x - e_2)(x - e_3), \ \ e_i \in K
$$
Let $S$ be the set of places at which $E$ has bad reduction, the
places dividing 2 and the infinite places. Then there exists an
injective homomorphism
$$
E(K) / 2E(K) \ra K(S, 2) \times K(S, 2),
$$
which is given explicitly (by proposition 3.1) as
\[ P \mapsto \left\lbrace
\begin{array}{l l}
(x(P) - e_1, x(P) - e_2) & \text{if $x(P) \ne e_1, e_2$},\\
((e_1 - e_3)/(e_1 - e_2), e_1 - e_2) & \text{if $x(P) = e_1$},\\
(e_2 - e_1, (e_2 - e_3) / (e_2 - e_1)) & \text{if $x(P) = e_2$},\\
(1, 1) & \text{if $P = O$}.
\end{array}
\right. \]
If $(b_1, b_2) \in K(S, 2) \times K(S, 2)$ is not in the image of
the three points $O$, $(e_1, 0)$ and $(e_2, 0)$, then $(b_1, b_2)$
is the image of a point $P \in K$ if and only if the equations
$b_1z_1^2 - b_2z_2^2 = e_2 - e_1$ and $b_1z_1^2 - b_1b_2z_3^2 =
e_3 - e_1$ have a solution $(z_1, z_2, z_3) \in K^* \times K^*
\times K$. If such a solution exists, then a representative for
the element of $E(K) / mE(K)$ is given by $x(P) = b_1z_1^2 + e_1$
and $y(P) = b_1b_2z_1z_2z_3$.
\end{thm}
Finally, let us illustrate the technique of 2-descent with a
specific example:
$\ $\\
\textit{\bf Example:} The goal is to compute the weak Mordell-Weil
group $E(\Q) / 2E(\Q)$ for the curve\edit{Instead of doing
a random curve, why not do one that proves e.g., Fermat's
Last Theorem for exponent $n=3$? Or proves that $n=1$ is
not a congruent number? Or do that as well. I think
it is an example in Silverman-Tate.}
$$
E : y^2 = x^3 - 7x^2 + 5x = x(x - 2)(x - 5).
$$
First of all, the discriminant is $\Delta = 2^6 \cdot 3^5 \cdot
5^2$.
%%% ----------------------------------------------------------------------
\section{Definition of Selmer and Shafarevich-Tate Groups}
As in the previous section, we are led by the motivation to
effectively compute the Mordell-Weil group. The main step is to
find generators for the weak Mordell-Weil group $E(K) / mE(K)$.
In the previous section, we obtained the Kummer sequence out of
the long exact sequence on group cohomology. Now, we consider a
slightly more general setting: suppose that $\phi : E \ra E'$ is a
non-zero isogeny of elliptic curves over $K$. Then one has a short
exact sequence\edit{In the first term, $E(K)$ should
be $\phi(E(K))$.}
\[
\begin{CD}
0 \ra E[\phi] @>>> E @>\phi>> E' \ra 0.
\end{CD}
\]
In precisely the same way as for the case $E' = E$ and $\phi =
[m]$ from the previous section, we obtain a short exact sequence
\[
\begin{CD}
0 \ra E'(K) / E(K) @>\delta>> H^1(\Gk, E[\phi]) @>>> H^1(\Gk,
E(\overline{K}))[\phi] \ra 0
\end{CD}
\]
Next, we consider a place $\nu$ for the number field $K$. Extend
$\nu$ to a place in the algebraic closure $\overline{K}$. This
gives us an embedding $\overline{K} \subset \overline{K}_\nu$ and
a decomposition group, which we denote by $D_\nu \subset
\textrm{Gal}(\overline{K} / K)$. By the definition of a
decomposition group and of the completion $\overline{K}_\nu$, it
follows that $D_\nu$ acts on $E(\overline{K}_\nu)$ and
$E'(\overline{K}_\nu)$. Repeating the same argument as the one in
the previous section, we obtain similar Kummer sequences
$$
0 \ra E'(K_\nu) / \phi(E(K_\nu)) \ra H^1(D_\nu, E[\phi]) \ra
H^1(D_\nu, E(\overline{K}))[\phi] \ra 0.
$$
Notice that $D_\nu \subset \textrm{Gal}(\overline{K} / K)$ and
$E(\overline{K}) \subset E(\overline{K}_\nu)$. But recall\edit{why
do you even mention $E(\overline{K}_\nu)$? Actually, the
reason is because where you write $H^1(D_\nu, E(\overline{K}))$
you should write $H^1(D_\nu, E(\overline{K}_\nu))$ also there is
a subtle question of how this local cohomology depends
on the choice of~$\nu$---but everything is OK according to
I think Wall's article in Cassels-Frohlich.} from the
basic properties of Galois cohomology that these inclusions induce
restriction maps on cohomology. We do the same for each place
$\nu$ and use these restriction maps to obtain the following
commutative diagram
\[
\begin{CD}
0 \ra & E'(K) / \phi(E(K)) @>\delta>>
H^1(\textrm{Gal}(\overline{K} / K), E[\phi])
@>>> H^1(\textrm{Gal}(\overline{K} / K), E(K))[\phi] & \ra 0 \\
& @VVV @VVV @VVV \\
0 \ra & \prod_{\nu} E'(K_\nu) / \phi(E(K_\nu)) @>\delta>>
\prod_{\nu} H^1(D_\nu, E[\phi]) @>>> \prod_{\nu} H^1(D_\nu,
E(K_\nu))[\phi] & \ra 0
\end{CD}
\]
But in the previous section, we identified the group of
equivalence classes of principle homogeneous spaces $WC(E / K)$
with the cohomology group $H^1(\textrm{Gal}(\overline{K}/K), E)$.
Thus, we can change the upper and lower last terms by $WC(E / K)$
and $WC(E / K_\nu)$ respectively.\edit{What do you mean ``change... by''?
Do you mean ``replace ... by''?}
Our ultimate goal is computing the image of $E'(K) / \phi(E(K))$ in
$H^1(\Gk, E[\phi])$, which is the same as computing the kernel of the
map\edit{The $E$ should be $E(K)[\phi]$. I.e., the $\phi$ goes on the
inside! This is very important.} $H^1(\Gk, E)[\phi]) \ra WC(E /
K)[\varphi]$. But the following proposition provides a way of testing
whether an element is in the kernel, in terms of $K$-rational points
on the homogeneous spaces of $WC(E / K)$.
\begin{prop}
Suppose that $C / K$ is a homogeneous space for $E / K$. Then $C / K$
represents a\edit{``the'', not ``a''} trivial element of $WC(E / K)$
if and only if $C$ has at least one $K$-rational point.
\end{prop}
\verb"Proof:" One of the directions is easy. Suppose that $C/K$
represents a trivial element of $WC(E / K)$. Then there is a
$K$-isomorphism $\varphi : E \ra C$. Then $\varphi(0) \in C(K)$,
so in particular $C(K)$ is non-empty.
Conversely, suppose that $C(K)$ is non-empty, i.e. $P_0 \in C(K)$.
Define a morphism $\theta : E \ra C$ by $\theta(Q) = P_0 + Q$. We
first show that the morphism $\theta$ is defined over $K$. Suppose
$\sigma \in \textrm{Gal}(\overline{K} / K)$. Then
$$
\theta(Q)^\sigma = (P_0 + Q)^\sigma = P_0^\sigma + Q^\sigma = P_0
+ Q^\sigma = \theta(Q^\sigma).
$$
Thus, the morphism is defined over $K$. We will prove that
$\theta$ is an isomorphism. Indeed, since $E$ acts simply
transitively on $C$, then for each $P \in C$ there is a unique $Q
\in E$, such that $\theta(Q) = P$ and so $\theta$ has degree 1.
This means that the induced map on function fields $\theta^* :
\overline{K}(C) \ra \overline{K}(E)$ is an isomorphism of fields.
In other words $\theta^* \overline{K}(C) = \overline{K}(E)$.
Therefore, $\theta$ has an inverse, which we denote by
$\theta^{-1} : \overline{K}(E) \ra \overline{K}(C)$. This
isomorphism gives rise to a rational function $\psi : C \ra E$. We
will be done if we show that $\psi$ is a morphism, i.e. is defined
at every point. But this follows from [Sil-1, II.2.1]
(***LATER***). $\hfill \Box$
Although we obtained a simple criteria to check if a principal
homogeneous space represents the trivial element in the
Weil-Chatelet group, it is still a hard question to determine
whether a curve $C$ has a $K$-rational point. In such cases, it is
always easier to work over complete local fields, because we can
use Hensel's lemma to reduce the problem to checking whether the
curve has a point over a finite ring.
To illustrate more precisely the above idea, consider a place
$\nu$ and the complete local field $K_\nu$. By proposition 2.1,
computing
$$
\textrm{ker}\{H^1(D_\nu, E[\phi])\} \ra WC(E / K_\nu)[\phi]
$$
reduces to the question of determining whether a homogeneous space
$C$ has a $K_\nu$-rational point. *** EXPLAIN WHY THIS REDUCES TO
A FINITE AMOUNT OF COMPUTATION *** The idea of localization gives
rise to the following definitions:\\
\begin{defn}
For an isogeny $\phi : E \ra E'$ defined over $K$, consider the
$\phi$-Selmer group $S^{(\phi)}(E / K)$ to be the subgroup of
$H^1(\Gk, E[\phi])$, defined as
$$
S^{(\phi)}(E / K) := \textrm{ker}\left\{ H^1(\Gk, E[\phi]) \ra
\prod_{\nu} WC(E / K_\nu) \right\}.
$$
We also consider the Shafarevich-Tate group of $E / K$ to be the
subgroup of $WC(E / K)$ defined as
$$
\Sha(E / K) := \textrm{ker}\left\{ WC(E / K) \ra \prod_{\nu} WC(E
/ K_\nu)\right\}.
$$
\end{defn}
$\ $\\
One might think \textit{a priori} that the above definitions
depend on the extension of each place $\nu$ to the algebraic
closure $\overline{K}$, since for constructing the Kummer
sequence, we fixed an extension of each place $\nu$ (and thus a
decomposition group $D_\nu$). However, if we use the more
geometric interpretation of homogeneous spaces, it follows
immediately that both $S^{(\phi)}$ and $\Sha$ depend only on $E$
and $K$. Indeed, recall that a homogeneous space $C$ represents a
trivial element in $WC(E / K_\nu)$ if and only if it has a
$K_\nu$-rational point, a condition which is certainly independent
of the choice of extension of the places $\nu$. Therefore, both
$S^{(\phi)}$ and $\Sha$ depend only on $E$ and $K$.
A famous conjecture\edit{Due to Shafarevich and Tate.} about $\Sha(E /
K)$ for an elliptic is that it is always finite and has order a
perfect square.
$\ $\\
\textit{\bf Conjecture:} If $E / K$ is an elliptic curve,
then $\Sha(E / K)$ is finite and $\#\Sha(E / K) = \Box^2$.
\edit{Explain what the box means. Also, the box means
it's a square, but then you square it, so you mean a fourth
power!?}
$\ $\\ \textit{\bf Remark:} Another interesting observation for $\Sha$
is that it measures the failure of the "local-to-global principle",
since the \edit{nonzero!} elements in $\Sha$ are equivalence classes
of homogeneous spaces which have a rational point for every local
field $K_\nu$, but do not have a $K$-rational point. For instance, for
quadratic forms we have the Hasse-Minkowski principle, according to
which existence of $\Q_\nu$-rational point for each $\nu$-adic field
implies existence of $\Q$-rational point. This is not always true for
arbitrary curves.\edit{Give example! There is a great paper with
examples by Mazur in the Bulletins of the AMS from around 1997.} The
Shafarevich-Tate groups measures the failure of the local-to-global
principle. Notice that the above conjecture implies that for all, but
finitely many equivalence classes of homogeneous spaces the
local-to-global principle still holds. \\
%%% ----------------------------------------------------------------------
\section{Computing the Selmer Group for Elliptic Curves}
Unlike $\Sha$, it is not hard to prove that $S^{(\phi)}$ is finite and
effectively computable. The main goal of the section is to prove
finiteness of $S^{(\phi)}$ for\edit{insert ``an''} arbitrary isogeny
$\phi$ and then to explain why $S^{(\phi)}$ is \emph{\bf effectively
computable}.
To begin with, let $\phi : E \ra E'$ be an isogeny defined over
the number field $K$. Using only the cohomological definition of
the Selmer group and Shafarevich-Tate group and the commutative
diagram from the previous section, we obtain the following short
exact sequence
$$
0 \ra E'(K) / \phi(E(K)) \ra S^{(\phi)}(E / K) \ra \Sha(E /
K)[\phi] \ra 0.
$$
This is going to be helpful for proving the first main result of
the section
\begin{thm}
The $\phi$-Selmer group $S^{(\phi)}(E/K)$ is finite. In
particular, if one chooses $\phi$ to be the $m$-isogeny of $E$ to
itself, then the weak Mordell-Weil group $E(K) / mE(K)$ is finite.
\end{thm}
The key idea for the proof of the finiteness of the Selmer group
is the nontrivial observation that it consists of cohomology
classes of cocycles which are \textit{unramified} outside of
finite set of places $S$. Before proceeding, we give a precise
definition for a cocycle to be unramified.
\begin{defn}
Suppose that $M$ is a $\Gk$-module, $\nu$ is a discrete valuation
for the number field $K$ and $I_\nu \subset \Gk$ be the inertia
group for $\nu$. A cohomology class $\zeta \in H^p(\Gk, M)$ is
defined to be \emph{unramified at $\nu$} if has a trivial image in
$H^p(I_\nu, M)$ under the restriction map $H^p(\Gk, M) \ra
H^p(I_\nu, M)$.
\end{defn}
First of all, we make one clarification about the above
definition. Since we have already fixed a decomposition group
$D_\nu$ for $\nu$, the inertial group $I_\nu$ is determined by the
decomposition group as the kernel of the map $D_\nu \ra
\textrm{Gal}(\bar{k}_\nu / k_\nu)$, where $\nu'$ is the extension
of $\nu$ to the algebraic closure of $K$ and $\overline{k}_\nu$
and $k_\nu$ are the two residue fields for the complete local
fields $K_\nu$ and $\overline{K}_\nu$ respectively.
With the above definition and explanation, we are ready to begin
the proof of theorem 3.1. \\
\verb"Proof of theorem 3.1:"\edit{There is no theorem 3.1. By the
way, you should learn about using the label and ref commands in latex.
It's much better than hard coding things!} Suppose that $\zeta \in
S^{(\phi)}(E / K)$ and $\nu$ is a finite place of $K$ which does not
divide the degree of the isogeny $\phi$ and that $E'$ has
a\edit{delete word ``a''} good reduction at $\nu$. We will prove that
$\zeta$ is unramified at $\nu$. Using the definition of $S^{(\phi)}$,
we obtain that $\zeta$ has a trivial image in $WC(E / K_\nu)$. But
$WC(E / K_\nu)$ is identified with $H^1(D_\nu, E)$, so $\zeta(\sigma)
= P^\sigma - P$ is a coboundary, where $P \in E(\overline{K}_\nu)$ for
all $\sigma \in D_\nu$. Furthermore, the definition implies that
$P^\sigma - P \in E[\phi]$. But $E[\phi] \subset E[m]$ and we can use
lemma 2.2 to show that $E(K)[m]$ injects into $\tilde{E}_\nu$. But the
reduction (mod $\nu$) maps sends $P^\sigma - P \ra (P^\sigma -
P)^{\sim} = \tilde{P}^\sigma - \tilde{P}$. The last point is
$\tilde{0}$ for any $\sigma \in I_\nu$ by the definition of the
inertia group. Therefore $P^\sigma = P$ for every $\sigma \in I_\nu$
and hence the restriction of $\zeta$ to $H^1(I_\nu, E[\phi])$ is
trivial, i.e. $\zeta$ is unramified at $\nu$. \\
Finally, the theorem will follow from the next proposition:
\begin{prop}
For any finite, abelian $\Gk$-module $M$ the group of cohomology
classes which are unramified outside a finite set of primes is
finite. In other words, the group
$$
H^1(\Gk, M; S) := \{\zeta \in H^1(\Gk, M) : \zeta \textrm{ is
unramified outside of } S\}
$$
is finite.
\end{prop}
\verb"Proof:" Using the definition of the profinite topology and
the finiteness of $M$, we deduce that there must be a finite index
subgroup of $\Gk$ which acts trivially on $M$. Therefore, we can
assume that $\Gk$ acts trivially on $M$ by changing $K$ with a
finite extension (because the inflation-restriction sequence on
Galois cohomology implies that it suffices to prove the statement
for the extension of $K$). This in turn implies that $H^1(\Gk, M;
S) = \textrm{Hom}(\Gk, M; S)$. To complete the proof, denote by
$m$ the exponent of $M$ (i.e. the smallest $m$, such that $mx = 0$
for all $x \in M$). Denote by $L$ the maximal abelian extension of
exponent $m$, which is unramified outside of $S$. Then the natural
map Hom$(\textrm{Gal}(L / K), M) \ra \textrm{Hom}(\Gk, M; S)$ is
clearly an isomorphism. But theorem 2.3 implies that $L$ is
finite, i.e. $H^1(\Gk, M; S)$ is a finite extension. $\hfill \Box$
%%% ----------------------------------------------------------------------
\section{Computing Selmer Group for Isogenies of Degree 2}
The techniques from the previous two sections are illustrated with
several specific examples.
First, let $E / K$ be an elliptic curve, $E' = E$ and $\phi$ be
the $m$-isogeny. Suppose also that $E[m] \subset E(K)$. Our goal
will be to compute the cohomology group $H^1(\Gk, E[m]; S)$ of
elements, which are unramified outside the finite set of places
$S$. Since $E[m] \simeq \mu_m \times \mu_m$, then
$$
H^1(\Gk, E[m]) \simeq H^1(\Gk, \mu_m \times \mu_m) \simeq H^1(\Gk,
\mu_m) \times H^1(\Gk, \mu_m).
$$
By Hilbert Satz 90, $H^1(\Gk, \mu_m) \simeq K^* / (K^*)^m$.
Moreover, $H^1(\Gk, \mu_m; S) \cong K(S, m)$. Since each
unramified cocycle for $H^1(\Gk, \mu_m \times \mu_m)$ gives rise
to a pair of unramified cocycles for the two $H^1(\Gk, \mu_m)$
components, then $H^1(\Gk, E[m]; S) \simeq K(S, 2) \times K(S,
2)$. \\
\textrm{\bf Isogenies of Degree 2}: The goal is to analyze the
Selmer group for all isogenies $\varphi : E \ra E'$ of degree 2.
First, $E[\phi]$ consists of two points $\{0, T\}$. By
translation, we can assume that $T = (0, 0)$ and then the
Weierstrass equation of the curve $E$ is
$$
E : y^2 = x^3 + ax^2 + bx.
$$
Since $E[\phi] \cong \mu_2$ as $\Gk$-modules, then Hilbert Satz 90
implies that $H^1(\Gk, E[\phi]; S) \cong K(S, 2)$. Take arbitrary
$d \in K(S, 2)$. Using the above identification, a cocycle
$\zeta$, representing the class, corresponding to $d$ is precisely
$$
\zeta : \sigma \mapsto \left \lbrace
\begin{array}{ll}
O & \textrm{if }\sqrt{d}^\sigma = \sqrt{d} \\
T & \textrm{if }\sqrt{d}^\sigma = -\sqrt{d} \\
\end{array} \right.
$$
Next, we have to compute explicitly the principal homogeneous
space, corresponding to the cohomology class of $\zeta$. This is
not hard, if we consider the
%%% ----------------------------------------------------------------------
\section{Computing the Selmer Group of a Jacobian Using Functions On the Curve}
Before exploring the question of computing the Selmer group for
arbitrary abelian variety, we need to specify carefully how we
input the abelian variety to the algorithm. Of course, the best
thing will be if we could input only the equations defining the
variety and output the Selmer group. However, it might be
extremely difficult to compute the group law on the variety out of
the equations, defining the variety. Even for the case of
Jacobians of genus 2 curves, where presentation of the abelian
variety explicitly is well understood, it take a huge effort and
lots of advanced techniques from algebraic geometry [CITE
Cassel-Flynn].
In our discussion, we can assume that the abelian variety is given
to the input of the algorithm by a set of defining equations,
together with polynomials, defining the group law of the variety.
Under these assumptions, we will investigate how much the ideas
described for elliptic curves generalize for the case of abelian
varieties.
%%% ----------------------------------------------------------------------
\end{document}
% ------------------------------------------------------------------------