Is every Elliptic Curve group over finite field $\mathbb F_p$ isomorphic to some subgroup of the Elliptic Curve group over the reals having the same equation?
Update: this is at last sometime the case. Take the equation $y^2=x^3+7$. On the field $\mathbb R$, it generates the following curve, on which we can isolate $6$ points that, together with the point at infinity/$0$/neutral, form a subgroup of order $n=7$ isomorphic to $(\mathbb Z_n,+)$, and to the Elliptic Curve finite group of same equation in the field $(\mathbb F_p,+,\cdot)$ for $p=13$.
The points can be obtained by solving the equation $6P=-P$, which leads to the $x$ coordinates of the points being the solutions at least $-\sqrt[3]7$ of the equation $$481890304-826097664x^3-455460096x^6-42235648x^9-284592x^{12}+3948x^{15}+x^{18}$$ with point 1 at $(5.26155\ldots, 12.3556\ldots)$. The group law is geometrically constructed as usual, and is internal to the 6+1 points because
- the tangent at point 1 goes thru 5, which is the symmetric of 2, thus 1+1=2.
- 1/2/4 are aligned, and the symmetric of 4 is 3, thus 1+2=3.
- the tangent at 3 goes thru 1, and the symmetric of 3 is 4, thus 1+3=4.
- the tangent at 2 goes thru 3, and the symmetric of 3 is 4, thus 2+2=4.
- etc…
That can be generalized to larger $n$ and $p$, including e.g. the group secp256k1 often used in Elliptic Curve Cryptography.
Update 2: if it was possible to efficiently compute any isomorphism from secp256k1 to the Elliptic Curve group for $y^2=x^3+7$ over reals, then we could solve the Discrete Logarithm Problem in secp256k1. To solve for integer $k$ the equation $Q=k\times P$, we would map $P$ and $Q$ to real coordinates $(x_P,y_P)$ and $(x_Q,y_Q)$, and solve the DLP there. This is possible because, using as generator the point $G$ with the largest $x_G$ and $y_G>0$ (which is computable, and corresponds to point 1 on the example above with $n=7$), we can solve $(x_P,y_P)=k_P\times(x_G,y_G)$ for $k_P$ by dichotomy, same for $(x_Q,y_Q)=k_Q\times(x_G,y_G)$, and then compute $k=k_Q/k_P\bmod n$.
But I have no idea for how to efficiently compute any such isomorphism. I only assert there is one for certain curves and certain $p$, including secp256k1, with argument that
- the finite group secp256k1 has prime order $n$;
- for any integer $n$, we can construct a finite subgroup of order $n$ of the Elliptic Curve group over reals for the equation $y^2=x^3+7$ of secp256k1, just as I did for $n=7$;
- all groups of prime order $n$ are isomorphic.
Independently: I do not fully get the first comment, due to my ignorance about torsion points. I would appreciate a more detailed answer, perhaps with an explicit counterexample, which is enough to answer the initial question by no.