The study of geometric objects defined by polynomial equations. From affine varieties and the Nullstellensatz to elliptic curves, schemes, and the Weil conjectures — algebraic geometry sits at the crossroads of algebra, geometry, topology, and number theory.
Let k be an algebraically closed field (think k = C for intuition). Affine n-space over k is the set A^n(k) = k^n of all n-tuples (a1, ..., an). The polynomial ring k[x1, ..., xn] acts on A^n by evaluation.
For any subset S of k[x1, ..., xn], the zero locus (affine variety) is:
Note that V(S) = V(I) where I is the ideal generated by S. So affine varieties correspond to ideals.
We define a topology on A^n by declaring the closed sets to be exactly the affine varieties (algebraic sets). This is the Zariski topology. Verification:
On A^1(C), the proper closed sets are exactly the finite subsets (zeros of nonzero polynomials). So the Zariski open sets on A^1 are the complements of finite sets (plus the empty set). This is far coarser than the standard topology on C.
A topological space X is irreducible if it cannot be written as a union of two proper closed subsets. For algebraic sets, V(I) is irreducible if and only if I is a prime ideal. Irreducible affine varieties are the fundamental geometric objects, and every affine variety decomposes uniquely into finitely many irreducible components.
The Nullstellensatz (Theorem of the Zero Locus) is the cornerstone of the algebra-geometry dictionary. Throughout, k is algebraically closed.
An ideal I in k[x1, ..., xn] satisfies V(I) = empty if and only if I = k[x1, ..., xn] (equivalently, 1 is in I). In other words, a system of polynomial equations over an algebraically closed field has no solution if and only if 1 can be expressed as a polynomial combination of the defining equations.
For any ideal I in k[x1, ..., xn], the ideal of functions vanishing on V(I) is the radical: I(V(I)) = sqrt(I) = (f : f^m is in I for some m >= 1). This is the precise algebraic characterization of which polynomials vanish on a given variety.
The Nullstellensatz establishes the following bijections (over an algebraically closed field k):
| Algebra (k[x1,...,xn]) | Geometry (A^n) |
|---|---|
| Radical ideal | Algebraic subset (closed set) |
| Prime ideal | Irreducible variety |
| Maximal ideal | Point (x1 = a1, ..., xn = an) |
| Whole ring (I = (1)) | Empty set |
The key trick in the proof is the Rabinowitsch trick: to show f vanishes on V(I), introduce a new variable y and consider the ideal J = I + (1 - yf) in k[x1,...,xn,y]. If f vanishes on V(I), then V(J) = empty, so by the Weak Nullstellensatz 1 is in J. Writing out this combination and substituting y = 1/f yields f^m in I for some m.
For an affine variety V with ideal I(V), the coordinate ring (or ring of regular functions) is:
Elements of k[V] are polynomial functions on V. Since I(V) is a prime ideal, k[V] is an integral domain. Conversely, every finitely generated k-algebra that is an integral domain arises as the coordinate ring of some affine variety. The Nullstellensatz tells us that the maximal ideals of k[V] are in bijection with the points of V.
A morphism (regular map) from V to W is a map phi: V to W given by polynomials: phi = (f1, ..., fm) where each fi is in k[x1,...,xn]. Morphisms are the structure-preserving maps in algebraic geometry, analogous to continuous maps in topology or homomorphisms in algebra.
Every morphism phi: V to W induces a ring homomorphism phi*: k[W] to k[V] by composition (pullback). Remarkably, this correspondence is functorial and gives a duality:
The category of affine varieties over k is (contravariantly) equivalent to the category of finitely generated k-algebras that are integral domains. A morphism phi: V to W is an isomorphism if and only if phi*: k[W] to k[V] is a k-algebra isomorphism.
A rational map phi: V dashrightarrow W is a morphism defined on a dense open subset of V (a subset containing a nonempty open set in the Zariski topology). Rational maps need not extend to all of V. For example, the map phi: A^2 to A^1 defined by phi(x,y) = y/x is a rational map undefined on the line x = 0.
Two varieties are birationally equivalent if there exist rational maps between them that are inverse to each other on dense open sets. Birational geometry studies varieties up to birational equivalence, which is coarser than isomorphism but captures many essential properties like the function field k(V).
Projective n-space P^n(k) is the set of lines through the origin in A^(n+1), i.e., the equivalence classes of nonzero (n+1)-tuples under the relation (a0, ..., an) ~ (lambda*a0, ..., lambda*an) for nonzero lambda in k. The equivalence class of (a0, ..., an) is written [a0 : a1 : ... : an] and called homogeneous coordinates.
Projective space compactifies affine space: P^n = A^n union P^(n-1), where the hyperplane at infinity is P^(n-1) = (a0 = 0). The standard open affine charts are Ui = ([a0 : ... : an] : ai not= 0), each isomorphic to A^n by the map [a0 : ... : an] to (a0/ai, ..., an/ai) (omitting ai/ai = 1).
A polynomial F in k[x0, ..., xn] is homogeneous of degree d if F(lambda*x0, ..., lambda*xn) = lambda^d * F(x0,...,xn) for all lambda. Although the value F(a0,...,an) depends on the representative, the condition F(a0,...,an) = 0 does not. So zero loci of homogeneous polynomials are well-defined subsets of P^n.
A projective variety V(S) in P^n is the common zero locus of a set S of homogeneous polynomials. The Zariski topology on P^n has projective varieties as its closed sets. Projective varieties are compact in the classical topology, which makes them geometrically nicer — for instance, the Bezout theorem says two plane curves of degrees d and e in P^2 intersect in exactly d*e points (counted with multiplicity), a statement that fails in A^2.
Let C and D be projective plane curves of degrees d and e in P^2 over an algebraically closed field k, with no common component. Then the number of intersection points of C and D, counted with intersection multiplicity, equals d*e. Example: a line (degree 1) and a conic (degree 2) meet in exactly 2 points in P^2, even when the naive picture in A^2 shows fewer.
A morphism from a projective variety V to P^m is given by an (m+1)-tuple of homogeneous polynomials of the same degree, not all vanishing simultaneously on V. A rational map V dashrightarrow P^m is defined on a dense open subset. Maps from smooth projective curves are always regular everywhere (no points of indeterminacy), a key rigidity property of curves that fails in higher dimensions.
The dimension of an irreducible variety V is the transcendence degree of the function field k(V) over k. Equivalently, it is the length of the longest chain of irreducible subvarieties:
A point has dimension 0, a curve has dimension 1, a surface has dimension 2, and so on. The dimension is additive in many situations: a hypersurface in A^n defined by one nonzero polynomial has dimension n-1. Every irreducible component of the intersection of two varieties V and W in A^n has dimension at least dim(V) + dim(W) - n (Krull's principal ideal theorem and its generalizations).
Let V = V(f1,...,fr) be an affine variety of dimension d in A^n. A point p in V is smooth (or nonsingular) if the Jacobian matrix J = (partial fi / partial xj) evaluated at p has rank n - d. If the rank is strictly less than n - d, then p is a singular point.
Consider the curve C = V(y^2 - x^3 - x^2) in A^2. Computing partial derivatives: partial f / partial x = -3x^2 - 2x, partial f / partial y = 2y. At the origin (0,0): both partials vanish, so (0,0) is a singular point — a node (the curve crosses itself). For the cusp V(y^2 - x^3): partials are -3x^2 and 2y, both zero at the origin, which is a cusp (one branch with a sharp point). All other points on both curves are smooth.
For an affine variety V at a point p, the (Zariski) tangent space T_p(V) is the kernel of the Jacobian map J(p): A^n to A^r. It is a linear subspace of A^n of dimension at least d, and dim T_p(V) = d exactly when p is smooth. The tangent space captures the first-order linear approximation to V at p.
Intrinsically, T_p(V) can be identified with (m_p / m_p^2)*, the dual of the cotangent space, where m_p is the maximal ideal of the local ring O(V,p). A variety is smooth at p if and only if O(V,p) is a regular local ring, meaning the maximal ideal m_p is generated by exactly d = dim V elements.
An algebraic curve is a variety of dimension 1. For the theory, we work with smooth projective curves over k = C. Every such curve is a compact Riemann surface in the analytic topology. The genus g is a fundamental topological invariant: a Riemann surface has genus g if it is homeomorphic to a sphere with g handles.
| Genus g | Name / Example | Description |
|---|---|---|
| 0 | Rational curve (P^1) | Sphere; parametrized by rational functions |
| 1 | Elliptic curve | Torus; admits a group structure |
| g >= 2 | Curve of higher genus | Only finitely many automorphisms (Hurwitz) |
For a smooth plane curve of degree d in P^2, the genus formula gives g = (d-1)(d-2)/2. So a smooth conic (d=2) has genus 0, a smooth cubic (d=3) has genus 1, a smooth quartic (d=4) has genus 3.
A divisor on a smooth curve C is a formal integer linear combination of points: D = sum n_P * P, where n_P is an integer, zero for all but finitely many P. The degree of D is deg(D) = sum n_P. A divisor D is effective (written D >= 0) if all n_P >= 0.
For a nonzero rational function f on C, its divisor (f) = sum v_P(f) * P, where v_P(f) is the order of vanishing (or pole) of f at P. Divisors of the form (f) are called principal divisors. Two divisors D and D' are linearly equivalent (D ~ D') if D - D' is principal. The divisor class group (Picard group) Pic(C) = Div(C) / principal divisors.
For a divisor D on a smooth projective curve C of genus g, define:
Key consequences: (1) l(K) = g and deg(K) = 2g - 2. (2) If deg(D) > 2g - 2 then l(K - D) = 0, so l(D) = deg(D) - g + 1 exactly. (3) For g = 0 (rational curve) and D = 0: l(0) = 1, as expected (only constant functions have no poles). (4) For g = 1 and D = [P] (a single point): l(D) = 1 (deg D = 1 <= 2g - 2 = 0 is false, so l(D) = 1 - 1 + 1 = 1). Adding more points: l(n[P]) = n for n >= 1.
An elliptic curve E over a field k (char k not= 2, 3 for simplicity) is a smooth projective curve of genus 1 with a distinguished base point O. Every such curve can be given in (short) Weierstrass form:
The nonvanishing of the discriminant ensures the cubic x^3 + ax + b has no repeated roots, which is equivalent to E being smooth. As a projective curve in P^2, the homogeneous equation is Y^2*Z = X^3 + a*X*Z^2 + b*Z^3, and the base point O is the unique point at infinity [0 : 1 : 0].
The set of points E(k) = E(k-bar) with coordinates in k forms an abelian group under the chord-and-tangent law, with O as the identity. The group law is defined geometrically:
For P = (x1, y1) and Q = (x2, y2) with P not= -Q on y^2 = x^3 + ax + b:
A point P in E(k) is an n-torsion point if nP = O. The n-torsion subgroup E[n] over an algebraically closed field of characteristic 0 is isomorphic to (Z/nZ)^2. Over the rationals, the Mordell-Weil theorem states that E(Q) is a finitely generated abelian group: E(Q) = Z^r times E(Q)_tors, where r is the Mordell-Weil rank (whose computation is generally hard) and E(Q)_tors is determined by Mazur's theorem (one of 15 possible groups).
On a smooth variety X, a Cartier divisor is a global section of the sheaf M_X* / O_X*, where M_X* is the sheaf of nonzero rational functions and O_X* is the sheaf of nonzero regular functions. Equivalently, it is a divisor that can be described locally by a single equation. On smooth varieties, every (Weil) divisor is Cartier.
Every Cartier divisor D determines a line bundle (invertible sheaf) O_X(D): locally on an open set U where D = (f_U), the sections are rational functions g such that g/f_U is regular on U. Two divisors D and D' give isomorphic line bundles if and only if they are linearly equivalent. The Picard group Pic(X) classifies line bundles up to isomorphism and equals the group of divisor classes.
The complete linear system |D| associated to a divisor D is the projective space P(H^0(X, O_X(D))): the set of all effective divisors linearly equivalent to D. Choosing a basis (s0, ..., sN) for H^0(X, O_X(D)) defines a rational map phi_D: X dashrightarrow P^N by x to [s0(x) : s1(x) : ... : sN(x)]. This map is a morphism (everywhere defined) when D is basepoint-free (no point lies in the vanishing locus of all sections). When D is very ample, phi_D is a closed embedding — this is how projective varieties arise from abstract algebraic geometry.
The canonical divisor class K_X is the class of the canonical line bundle omega_X = det(Omega^1_X), the determinant of the sheaf of differential 1-forms. For a smooth projective curve of genus g: deg(K_C) = 2g - 2 and l(K_C) = g. For a smooth surface, the canonical class controls much of the birational geometry (Kodaira dimension, Enriques-Kodaira classification). The minimal model program (Mori theory) generalizes these ideas to higher-dimensional varieties.
A presheaf F of abelian groups on a topological space X assigns to each open set U an abelian group F(U) (sections over U) and to each inclusion V subset U a restriction map rho(UV): F(U) to F(V), functorially (rho(UU) = id and rho(VW) composed with rho(UV) = rho(UW)). A presheaf is a sheaf if it satisfies:
The key sheaf in algebraic geometry is the structure sheaf O_X: on an affine variety V, O_V(U) consists of regular functions on U — rational functions with no poles on U. Sheaf cohomology H^i(X, F) measures the obstruction to globally patching local sections, and is the algebraic-geometric analog of topological cohomology.
Grothendieck's revolution was to associate a geometric object to any commutative ring A. The spectrum Spec(A) is the set of all prime ideals of A, topologized with the Zariski topology (closed sets are V(I) for ideals I). The structure sheaf O(Spec(A)) assigns to the basic open set D(f) = (p : f not in p) the localization A_f.
An affine scheme is a locally ringed space isomorphic to (Spec(A), O(Spec(A))) for some ring A. A scheme is a locally ringed space covered by open affine schemes. Varieties over k embed into the world of schemes: a variety V with coordinate ring k[V] corresponds to Spec(k[V]).
Schemes handle phenomena that classical varieties cannot:
For a variety X defined over a finite field F_q, let |X(F(q^n))| denote the number of points with coordinates in the degree-n extension F(q^n). Weil (1949) defined the zeta function of X as a generating function encoding these counts:
For the projective line P^1 over F_q: |P^1(F(q^n))| = q^n + 1, so Z(P^1, T) = 1 / ((1 - T)(1 - qT)), a rational function with poles at T = 1 and T = 1/q. For an elliptic curve E over F_q: Z(E, T) = (1 - alpha*T)(1 - alpha-bar*T) / ((1 - T)(1 - qT)), where |alpha| = sqrt(q) (the Riemann Hypothesis for curves, proved by Weil).
Z(X, T) is a rational function of T — it can be written as a ratio of polynomials with integer coefficients.
Z(X, 1/(q^d T)) = plus or minus q^(d*chi/2) * T^chi * Z(X, T), where d = dim X and chi is the Euler characteristic of X over C.
Z(X, T) = P1(T) * P3(T) * ... / (P0(T) * P2(T) * ...) where Pi(T) = product over j of (1 - alpha_{i,j} T) and all |alpha_{i,j}| = q^(i/2).
The degree of Pi(T) equals the i-th Betti number of X(C), connecting the arithmetic over F_q to the topology over C.
The proofs required Grothendieck's construction of l-adic etale cohomology — a cohomology theory for varieties over finite fields that behaves like singular cohomology over C. Deligne completed the proof of the Riemann Hypothesis portion in 1974 using the theory of weights in l-adic cohomology, earning him the Fields Medal.
ECC applies the group law on elliptic curves over finite fields F_p. The security rests on the Elliptic Curve Discrete Logarithm Problem (ECDLP): given a generator G and a point Q = [n]G, find n. No subexponential algorithm is known for the ECDLP (unlike the classical DLP or integer factorization), so ECC achieves high security with small key sizes.
| Protocol | Description |
|---|---|
| ECDH | Diffie-Hellman key exchange using scalar multiplication on E(F_p) |
| ECDSA | Digital signature algorithm; used in Bitcoin, TLS, and SSH |
| Curve25519 | High-performance ECDH using the Montgomery curve y^2 = x^3 + 486662x^2 + x over F_(2^255 - 19) |
| Weil / Tate pairing | Bilinear pairings on elliptic curves enable identity-based encryption and zk-SNARKs |
A 256-bit ECC key (e.g., P-256 or Curve25519) provides approximately the same security as a 3072-bit RSA key. This is why ECC dominates modern protocols: TLS 1.3, Signal, and most blockchain systems use elliptic curve primitives. The algebraic geometry underlying ECC — the group structure of E(F_p), counting points via the Hasse bound |#E(F_p) - (p+1)| <= 2*sqrt(p) (a special case of the Weil conjectures) — is directly applied in choosing secure curves.
An affine variety V(S) in affine n-space A^n (over an algebraically closed field k) is the set of common zeros of a collection S of polynomials in k[x1,...,xn]. The Zariski topology declares the closed sets to be exactly the algebraic sets (varieties): finite unions of varieties are closed, and arbitrary intersections of varieties are closed. Open sets are the complements of varieties, which makes the Zariski topology much coarser than the classical topology. For example, on the affine line A^1 over an algebraically closed field, the proper closed sets are exactly the finite subsets. The Zariski topology is the natural topology for studying polynomial maps because preimages of closed sets under polynomial maps are closed.
Hilbert's Nullstellensatz (Theorem of the Zero Locus) establishes a correspondence between algebra and geometry over algebraically closed fields. The Weak Nullstellensatz: an ideal I in k[x1,...,xn] (k algebraically closed) has V(I) empty if and only if I = k[x1,...,xn] (the whole ring). The Strong Nullstellensatz: for any ideal I, the ideal of polynomials vanishing on V(I) is exactly the radical of I: I(V(I)) = sqrt(I). This gives a bijection between radical ideals in k[x1,...,xn] and algebraic subsets of A^n, and between maximal ideals and points. It is the bridge that lets geometric questions about solution sets be translated into algebraic questions about polynomial rings.
An elliptic curve over a field k is a smooth projective curve of genus 1 with a specified base point O (the identity). In Weierstrass form it is given by y^2 = x^3 + ax + b with 4a^3 + 27b^2 not equal to 0 (ensuring smoothness). The set of points on an elliptic curve (including the point at infinity O) forms an abelian group. The group law is defined geometrically: to add two points P and Q, draw the line through P and Q, find the third intersection point R with the curve, then reflect R across the x-axis to get P + Q. If P = Q, use the tangent line. The point at infinity O serves as the identity element. This group structure is fundamental to elliptic curve cryptography and to the theory of abelian varieties.
The Riemann-Roch theorem for a smooth projective curve C of genus g relates the dimensions of spaces of meromorphic functions and differentials associated to a divisor D. It states: l(D) - l(K - D) = deg(D) - g + 1, where l(D) = dim H^0(C, O(D)) is the dimension of the linear system of D, K is the canonical divisor, and g is the genus. The canonical divisor has degree 2g - 2 and l(K) = g. As a corollary: for deg(D) > 2g - 2, we get l(D) = deg(D) - g + 1 exactly. For an elliptic curve (g = 1) and a divisor of degree d >= 1, l(D) = d. Riemann-Roch is the cornerstone of the theory of algebraic curves, used to classify curves, study maps between them, and establish the structure of their function fields.
A sheaf on a topological space X is a tool for systematically tracking locally-defined algebraic data (functions, sections, modules) that can be consistently glued together. Formally a sheaf F assigns to each open set U an abelian group (or ring, module, etc.) F(U) with restriction maps, satisfying the locality axiom (sections agreeing locally must agree globally) and the gluing axiom (compatible local sections can be glued into a global section). In algebraic geometry, the structure sheaf O_X encodes the ring of regular functions on each open set and is the fundamental object of a scheme. Sheaves allow one to work locally in the Zariski topology, define cohomology (which measures global obstructions), and handle singular or arithmetic varieties that cannot be described by a single polynomial equation. Grothendieck's introduction of sheaves and schemes revolutionized the field.
The Weil conjectures (1949), proved by Deligne in 1974, describe the number of points on algebraic varieties over finite fields F_q. For a smooth projective variety X over F_q, define the zeta function Z(X, T) = exp(sum_{n>=1} |X(F_{q^n})| * T^n / n). The conjectures state: (1) Rationality — Z(X,T) is a rational function of T; (2) Functional equation — Z satisfies a symmetry relating T and 1/(q^d T) where d = dim X; (3) Riemann Hypothesis — the zeros and poles of Z(X,T) have absolute value q^{-i/2} for appropriate integers i; (4) Connection to topology — the degrees of the numerator and denominator match the Betti numbers of the complex variety. The proofs required the development of l-adic etale cohomology by Grothendieck and his school, and represent one of the deepest achievements connecting algebraic geometry, topology, and number theory.
Elliptic curve cryptography exploits the difficulty of the elliptic curve discrete logarithm problem (ECDLP): given points P and Q = nP on an elliptic curve over a finite field F_p, finding n is computationally hard when p is large. Key exchange (ECDH): Alice chooses secret a and sends aG; Bob chooses secret b and sends bG; the shared secret is abG. Digital signatures (ECDSA): to sign a message hash h, choose random k, compute R = kG, and set s = k^{-1}(h + r*a) mod n where r is the x-coordinate of R and a is the private key. ECC achieves the same security as RSA with much smaller key sizes: a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key, making it ideal for mobile devices and embedded systems. The security rests on the group structure of elliptic curves over finite fields, a direct application of algebraic geometry over finite fields.
Practice affine and projective varieties, work through elliptic curve group law problems, apply Riemann-Roch, and test your understanding of schemes with targeted exercises.
Start Practicing FreeNo account required to get started.