Ciphering is essential for the security of internet. The RSA cryptography    is now commonly used. However, in the very near future the RSA cryptography will be replaced by the elliptic curve cryptography because of its efficiency; the RSA system is based on 2048 bits, while the elliptic system is based on 224 bits (2016,  ).
The target reader of this note is undergraduates or non-experts. Those who are interested in cryptography are strongly encouraged to master the theory of elliptic curve cryptography as soon as possible. For this purpose they must study an additional structure of elliptic curves. However, it is not so hard except for the associative law.
As far as we know an algebraic proof to it has not yet been given1. Therefore, we give an ‘‘elementary” proof by use of MATHEMATICA for them.
2. Addition of Points of an Elliptic Curve
Let us start by recalling the definition of an elliptic curve  
where a and b are some real constants. In the following we consider only real category. The discriminant of the cubic equation
is given by
(see for example  ) and we assume in the following, so the point crossing the real axis is just one.
For the graph of the elliptic curve (1)
we want to introduce an addition, which is essential in the elliptic curve cryptography. For the purpose we must add the infinity point to (3). As a result, our space is not but a two dimensional sphere . Later it turns out that O is the identity element of the addition, see (10), (11). This justifies the notation O for the infinity point.
Here we note
where we have adopted the notation for the mirror image of with respect to the real axis, see (11).
Let us introduce the addition in E. For two points we associate another point . Consider the straight line passing through and . We set R the crossing point of the line and the elliptic curve.
A simple-minded candidate of the addition is
Unfortunately, this is not good because the associative law does not hold. Instead, we take the reflection point of R
This is correct as shown in the paper. See the following Figure 1.
Next, we want to express the addition above by use of the coordinate system. For the purpose we set
Formula The addition formula
is given by
Figure 1. Addition .
Proof To give an elementary proof for undergraduates or non-experts is educational.
First of all we set the coordinate of the point and look for and . The straight line passing through and is given by
By taking into consideration we have
We substitute the straight line for the equation above
A short calculation gives
This is a quadratic equation and it is easy to solve
Here we set
By expanding and arranging we have
Some calculation (this is a key point) gives
where in the process we have used the equation
and we finally obtain
which is symmetric in 1 and 2. Another solution is (check this).
As a result we have
and this gives the Formula (6).
Comment From the geometric definition of the addition (5) it is easy to see the commutativity
However, it is not clear to see this from the Formula (6). Then, a small change of in (6) gives
which is anti-symmetric in 1 and 2. The commutativity is very clear. In our opinion this formula is best.
Next, we must define the addition of the same point P. The definition is usually performed by differential. By noting
the differential of at gives
If we set for
then we obtain
by applying the argument above to (6). See the following Figure 2.
There are tasks left behind. Our tasks are to show
Exercise Consider a proof with the geometric method.
Last, we must prove the associative law
which is very hard for undergraduates (hard even for experts).
The geometric method usually goes like Figure 3 ( , and in this figure)
Figure 2. Addition P1 = P2 = P.
Figure 3. Associativity .
However, this is not a proof but a circumstantial evidence. Therefore, we give an algebraic proof by use of MATHEMATICA2.
For the purpose let us calculate the difference
by MATHEMATICA. In the following program we set
and use the Formula (7) because of its high symmetry. Associativity holds when the right hand side vanishes.
Beginning of MATHEMATICA
Readers must input and execute the following program in standard form of MATHEMATICA.
and also set
Moreover, we set
Here, ( ) appears in the denominator of ( ) and ( ) in the denominator of (GG). The homogeneous polynomials P and Q are invariant under the permutation of , whereas R changes sign.
execute the following
Ending of MATHEMATICA
It takes about several seconds for a standard present day PC before MATHEMATICA outputs two huge homogeneous polynomials in , , , , and of integer coefficients. The “degrees” of and are 9 and 31/2, respectively, when “degree” 1 is assigned to , , and 3/2 for , and , see the curve Equation (1). In other words, and are universal polynomials of elliptic curves which are independent of the parameters a and b. More than 10 pages are required to write down the outputs. As we will see their explicit forms are irrelevant for the discussion of the associativity, we do not display them here. These polynomials have many interesting features.
From the program we have
It is very interesting and important that both have a common factor R. Note that we have not imposed the equations
up to this point.
Last, we show
under the condition (16), which finishes the proof of associativity (14).
Here, let us give an educational proof for undergraduates. We treat the following determinant :
Direct calculation gives
On the other hand, from (16) we have
by some fundamental operations.
Moreover, we have
by some fundamental operations. As a result, we obtain
by (19) and (20).
As shown in the paper the elementary proof of the associative law of the points of an elliptic curve is not easy. However, it is not necessarily a bad thing for the encryption system.
In this section we reproved the following
Theorem The system becomes an additive (abelian) group.
3. Concluding Remarks
We conclude the paper by making some comments on the elliptic curve cryptography   .
Let p be a huge prime number and be the finite field
see for example  .
Our target is an elliptic curve on
For this case becomes a finite set. We assume that and satisfy the relation
Problem For given P and Q is it possible to find n in polynomial time?
This is called the discrete logarithm problem and it is known as a very hard one to solve  . The security of the elliptic curve cryptography (which is worth studying for undergraduates or non-experts) is based on this hard problem.
We wishes to thank Ryu Sasaki for useful suggestions and comments.
1We don’t admit usual geometric proofs in standard textbooks of elliptic curves.
2We expect that undergraduates in the world can use MATHEMATICA or MAPLE, etc.
 Rivest, R.L., Shamir, A. and Adleman, L. (1978) A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21, 120-126.