254    13. Elliptic Curves over Finite Fields

        over a finite field F q . We may view E(F q ) as a subgroup of E(k) where k is an
        algebraically closed field containing F q . Since E is taken to be defined by a cubic
        equation with coefficients in F q , the Frobenius map
                                             q  q
                                  π(x, y) = (x , y )
        restricts to an endomorphism π = π E : E → E.

        (1.1) Definition. Let E be an elliptic curve defined over a finite field F q . The Frobe-
                                                        q
                                                           q
        nius endomorphism π E : E → E is given by π A (x, y) = (z , y )
           Then π E is in End(E), has degree q, and is purely inseparable. Moreover, (x, y)
        is in E(F q ) if and only if π E (x, y) = (x, y). Since the differential of 1 E − π E is the
        identity id E , the difference endomorphism 1 − π E in End(E) is separable. Also, we
        have that

                 (x, y) is in E(F q )  if and only if (x, y) is in ker(1 E − π E ).
        From the general theory of separable endomorphisms see 12(4) we know that

           N 1 = #E(F q ) = deg(1 − π E ) = deg(π E ) − Tr(π E ) + 1 = 1 + q − Tr(π E ).
                                    2
                     2
        Further, since m − mn Tr(π) + n q = deg(m − nπ) ≥ 0 for all m, n we see that
                                       √
             2
        Tr(π) −4deg(π) ≤ 0, or |Tr(π)|≤ 2 q. Hence, this simple argument, using prop-
        erties of degrees of endomorpisms applied to the Frobenius endomorphism, leads to
        the following result.
        (1.2) Theorem (Riemann Hypothesis for Elliptic Curves). Let E be an elliptic
        curve defined over a finite field F q , and let N m = #E(F q ). Then for all m ≥ 1 we
                                                      m
        have
                                    m
                               |1 + q − N m |≤ 2 · q m/2 .
           This theorem was conjectured by Artin in his thesis and proved by Hasse [1934].
        Since F q ⊂ F q if and only if m/n,wehaveinthiscase E(F q ) ⊂ E(F q ).
                                                                    n
                                                           m
                     n
               m
                                                                  2
                                                                          3
        (1.3) Example. Consider the elliptic curve E defined by the equation y + y = x .
        Then
                             E(F 2 ) ={∞= 0,(0, 0), (0, 1)}
        and
                                                         2
                                                                        2
                                                                     2
                                                              2
                                            2
         E(F 4 ) ={∞= 0,(0, 0), (0.1), (1, ω), (1,ω ), (ω, ω), (ω, ω ), (ω , ω), (ω ,ω )}.
                                   2
                           2
        where F 4 ={0, 1,ω,ω } with ω + ω + 1 = 0. The group E(F 2 ) is isomorphic to
                                        2
        Z/3and E(F 4 ) is isomorphic to (Z/3) .For q = 2 the difference N 1 − 1 − q =
                                               2    2                   2
        3 − 1 − 2 = 0and N 1 = 1 + q, while for q = 2 ,wehave N 2 − 1 − q =
        9 − 1 − 4 = 4 = 2q 2/2  = 2.2. Hence the inequality in the Riemann hypothesis is the
                                                m
        best possible for one power of q and N m = 1 + q for another power.