This is a book that doesn’t disappoint; indeed, it is a model of its kind. In the space of just over 500 pages, Washington manages to be discursive when required, by providing a vast amount of theoretical background, but he also provides copious examples and well-designed exercises.
The book can be used in several ways: as a cryptographic text, as a text in modern number theory, and for work with complex elliptic curves. To this end, there are four introductory chapters, followed by more focused material. The first four chapters contain the core of elliptic curves. The first chapter describes some classical problems: the congruent number problem and the problem of finding a number that is both square and “pyramidal”; both these problems can be simply stated in terms of elliptic curves. The second chapter covers some basic theory (including different coordinate systems), elliptic curves over fields of characteristic 2, and, of course, elliptic curves modulo n. The third chapter introduces torsion points and pairings: the Weil and Tate-Lichtenbaum pairings. Given the current interest in pairing-based cryptography, these are welcome topics and I can imagine many cryptographers and teachers learning more about this topic from Washington’s lucid and elegant exposition. The fourth chapter investigates curves over finite fields. Here, the most important topic is a careful and detailed description of Schoof’s algorithm for determining the number of points on these curves. This last one is first carefully described, and then an example is given. As elsewhere in the book, the example is carefully chosen to provide the maximum pedagogy, with the minimum obstructive algebra. Indeed, one of the many excellent features of this book is the way examples are carefully described.
These first four chapters alone would make an excellent small monograph introduction to elliptic curves. One topic that is missing--although mentioned later in the book--is the relationship of elliptic curves to Weierstrass elliptic functions and the derivation of the addition law on curves from addition on functions.
The fifth chapter begins the material central to modern cryptography and is likely to be the most popular section of the text. This chapter discusses the discrete logarithm problem and describes several standard methods for attack: index calculus, Shanks’ baby-step giant-step method, Pollard’s rho and lambda methods, and the Pohlig-Hellman method. The other cryptographic chapters--6, 7, 11, and 13--discuss elliptic curve cryptosystems, factoring and primality testing, pairing methods, and hyperelliptic curves. This last chapter will be welcomed by newcomers to the field, who wish to gain the necessary mathematical background for work in hyperelliptic curve cryptography. One possible omission from the cryptographic chapters is any mention of weaknesses in any of the elliptic curve cryptosystems, or of methods of attack. Some mention of the efficiency of these systems could also have been included.
Apart from the cryptographic track (so named and defined by the author), the text contains chapters suitable for a number theory track and a complex track. The number theory track includes material on elliptic curves over rational numbers, with careful accounts of the Nagell-Lutz theorem that can be used to find torsion points (points of finite order), and of the Mordell-Weil theorem that characterizes the torsion subgroup. A chapter on elliptic curves over complex numbers introduces the Weierstrass elliptic functions, their double periodicity, and their relationship to elliptic curves. Indeed, Washington’s goal in this chapter is to “show that an elliptic curve over the complex numbers is the same thing as a torus.” Further material introduces complex multiplication, pairings, isogenies (homomorphisms between elliptic curves), zeta functions, and a whistle-stop tour through the proof of Fermat’s last theorem, with both Ribet’s and Wiles’ proofs discussed. The chapter on isogenies allows a discussion of the Atkin-Elkies extension of Schoof’s algorithm for point counting.
Appendices introduce basic number theory and algebra, and also the use of computer algebra systems to investigate elliptic curves. Three are briefly discussed: one commercial--Magma--and two open source--Pari/GP and Sage. This last appendix is all too brief; more on the use of these systems would be invaluable to the beginning researcher or graduate student.
I must admit that this book is not an easy read. Its readership is assumed to have considerable mathematical skills and background. However, each chapter finishes with a copious collection of exercises; they range from simple calculations to deeper exercises requiring proofs and analysis. Students who work their way through any of the designated tracks in this book, mastering the material and completing the exercises, will be in an excellent position to read more advanced texts and papers, and maybe even begin some independent research.
