By the discussion at the beginning of the proof, this means that the tangent

line intersects the curve to order k

≥

2.

The associativity of elliptic curve addition will follow easily from the next

result. The proof can be simplified if the points P ij are assumed to be distinct.

The cases where points are equal correspond to situations where tangent lines

are used in the definition of the group law. Correspondingly, this is where

it is more dicult to verify the associativity by direct calculation with the

formulas for the group law.

THEOREM 2.6

Let C ( x, y, z ) be a hom ogeneous cubicpo ynom ial,and let C be the curve in

P 2 K described by C ( x, y, z )=0 .Let 1 , 2 , 3 and m 1 ,m 2 ,m 3 be lines in P 2 K

su ch that i = m j for all i, j .Let P ij be the point of intersection of i and

m j .Suppose P ij is a nonsingular pointon the curve C for all ( i, j ) =(3 , 3) .

In addition, w e require that if,for som e i ,there are k ≥ 2 of the points

P i 1 ,P i 2 ,P i 3 equ al tothe sam e point,then i intersects C toorderat east k

at thispoint.A so, if,for som e j ,there are k ≥ 2 of the points P 1 j ,P 2 j ,P 3 j

equ al tothe sam e point,then m j intersects C toorderat east k at thispoint.

Then P 33 also lies on the curve C .

PROOF Express 1 in the parametric form (2.2). Then C ( x, y, z ) becomes

C ( u, v ). The line 1 passes through P 11 ,P 12 ,P 13 .Let( u 1 : v 1 ) , ( u 2 : v 2 ) , ( u 3 :

v 3 ) be the parameters on 1 for these points. Since these points lie on C ,we

have C ( u i ,v i )=0for i =1 , 2 , 3.

Let m j have equation m j ( x, y, z )= a j x + b j y + c j z = 0. Substituting

the parameterization for 1 yields m j ( u, v ). Since P ij lies on m j ,wehave

m j ( u j ,v j )=0for j =1 , 2 , 3. Since 1 = m j and since the zeros of m j yield the

intersections of 1 and m j , the function m j ( u, v )vanishesonlyat P 1 j ,sothe

linear form m j is nonzero. Therefore, the product m 1 ( u, v ) m 2 ( u, v ) m 3 ( u, v )

is a nonzero cubic homogeneous polynomial. We need to relate this product

to

C .

LEMMA 2.7

Let R ( u, v ) and S ( u, v ) be hom ogeneous polynom ialsofdegree3,with S ( u, v )

not identically 0, and suppose there are three points ( u i : v i ) , i =1 , 2 , 3 ,at

which R and S vanish. M oreover, if k of these pointsareequaltothe sam e

point,werequire that R and S vanish toorderat east k at thispoint (that

is, ( v i u

u i v ) k divides R and S ). T hen there isaconstant α

−

∈

K su ch that

R = αS .

PROOF First, observe that a nonzero cubic homogeneous polynomial

S ( u, v ) can have at most 3 zeros ( u : v )in P 1 K

(counting multiplicities).