Many cryptographic protocols are based on elliptical curves, a crucial object in pure mathematics research.

The so-called elliptical curves are objects of great interest to mathematicians: they already appear –indirectly– in Arithmetic by Diophantus of Alexandria in the s. III before our era. Two thousand years later, Andrew Wiles used them to prove Fermat’s Last Theorem; today, they are the fundamental ingredient in one of the most important mathematics problems and a fundamental tool for cryptography.

Equations of the third degree define them, for example, y² = x³ – x. The curve is formed by the points (x, y) that satisfy this relationship. Its coefficients can be numbers of various types: integers –then the so-called diophantine equations appear–, real, or complex –which will be complex elliptical curves–. In each case, the equation’s solutions can be considered in that set of numbers or another compatible one – for example, that contains, or is contained, in the first one.

Throughout history, an infinity of questions with algebraic curves has been asked. For example, find the intersection of two or more curves. The problem can be understood both as an algebraic question: solving the system of equations formed by the two expressions that define the curves– or geometric –finding the points of intersection of the two curves in the plane. The so-called Bezout theorem establishes that two complex algebraic curves –not only applicable to elliptic curves–, of degrees n and m intersect at n · m points if they are counted correctly.

Thus, if you start from two points P and Q, from an elliptical curve, and draw the line that joins them, as this can be understood as a curve of degree 1, by Bezout’s theorem, it will cut the curve at three points : P, Q, and R. Now, we consider the point S, symmetric of R concerning the abscissa axis. Then, the operation +, defined as P + Q = S, allows creating an algebraic structure called a group, given by the curve with the operation +. When the curve’s coefficients are rational numbers, the group is finitely generated. Starting from a finite number of points on the curve, it is possible to obtain all the points with rational coordinates through sums of the first. However, when the coefficients are complex numbers, this is not the case.

This unique connection between algebra –the group– and geometry –the curve– was one of the ingredients in the proof of Fermat’s last theorem, which states that if n> 2, the equation x ^ n + y ^ n = z ^ n it has no nontrivial integer solutions. Since this milestone, crowned by Andrew Wiles, Richard Taylor, and so many other names, elliptic curves, and their associated universe occupy much of the core of pure mathematics research.

Another famous problem about elliptical curves is on the list of problems of the millennium, whose resolution is awarded by the Clay Foundation with a million dollars: the Birch and Swinnerton-Dyer conjecture, still generally open. It deals with elliptic curves with rational coefficients and relates two aspects: the minimum number of points necessary to generate the group of rational points, with the order of cancellation of a certain function associated with the curve –the so-called Hasse-Weil L function–. The order of cancellation of a function at a point is that of its first nonzero derivative.

The Hasse-Weil function is obtained as an infinite product of certain simpler functions associated with the curve and the prime numbers, the local L functions. Mathematicians reasonably understand these functions; for example, they are known to satisfy an analog of the famous Riemann hypothesis. The global L function is another matter, hardly anything is known about it, and it is a topic of great interest in current research.

Beyond the mathematics itself, elliptic curves on finite bodies are also very important in cryptography since they are used in the elliptical discrete logarithm problem (ECDLP). This problem consists of finding a value n, given two P and Q points on the curve, that satisfies P = NQ for n> 0. There is no known algorithm to solve it reasonably if the E curve is chosen wisely. What is used to employ this problem, for example, to share a private key through a public channel? The key will be of the form n · mP, with n> 1 and P on the curve. The first user knows the number n and sends the second nP. The second adds it m times, obtaining n · mP. The second, which knows the number m, sends mP to the first, who adds it n times, also reaching the same key n · mP.

Also, elliptical curves function as the basis for cryptosystems resistant to quantum attacks, specifically the so-called supersingular ones. It seems that they are one of the most promising options to develop this technology of the future.

Cafe y Teoremas is a section dedicated to mathematics and the environment in which they are created, coordinated by the Institute of Mathematical Sciences (ICMAT), in which researchers and members of the center describe the latest advances in this discipline, share points of encounter between mathematics and other social and cultural expressions and remember those who marked its development and knew how to transform coffee into theorems. The name evokes the definition of the Hungarian mathematician Alfred Renyi: “A mathematician is a machine that transforms coffee into theorems.”