GROUP REPRESENTATIONS 147
every element in E[n] can be written as aP + bQ,wherea and
b run separately over integers from 0 to n − 1.
Remember that aP means
P + P +···+P if a is not 0, whereas it
means O, the neutral element of the elliptic curve, if a = 0. Also,
remember that we have already mentioned on page 113 how to
use the n-torsion to get a permutation representation: We pick any
element g of G, and we think about how g permutes the n
Now we look at g(P)andg(Q). We know that g(P)andg(Q)
must be elements of E[n], so we can write g(P) = aP + bQ and
g(Q) = cP + dQ,wherea, b, c,andd are all numbers between 0
and n − 1. Then our representation applied to g is deﬁned to be the
Now suppose n = p is a prime number and view the matrix
as an element of GL(2, F
). You can check that if g
are two elements of G,thenr(g
) = r(g
). You have to use
the fact that g(P + mQ) = g(P) + mg(Q) for any integers and m.
In any case, r is an honest-to-goodness linear representation.
This representation r has been described in a very abstract way.
We have told you how in theory you can ﬁnd the matrix r(g). In
actual practice, it can be hard to do. One of the beauties of the
modern theory of elliptic curves is that a tremendous amount of
information can be proved about the representation r, without
having to write it down explicitly in formulas. Instead, mathemati-
cians exploit all the symmetries and relationships implicit in the
deﬁnitions of elliptic curves and Galois groups. We will give an
example of one type of information that is known about r,afterwe
deﬁne Frobenius elements in G in chapter 16.
This is true because all the algebra used to ﬁnd P + mQ involves only rational
numbers, and so is unchanged when you apply the Galois element g.