I am working through the section on elliptic curves in An Introduction to Mathematical Cryptography by Hoffstein, Pipher, and Silverman.
My understanding of the group law ("addition") for points on elliptic curves is as follows:
Given two points $p$ and $q$ on an elliptic curve $E=\{(x,y):y^2=ax^3+bx+c\}\cup\{\mathcal O\}$, define a binary operation $+$ as
- If $p$ and $q$ are distinct but lie on the same vertical line, or if $p=q$ and the line tangent to $E$ at $p$ is vertical, then $p+q=\mathcal O$.
- If $p=q$ then draw a line tangent to $E$ at $p$. This line crosses another point $r\in E$. Then $p+q=-r$, where $-r$ denotes $r$ reflected across the $x$-axis.
- If $p$ and $q$ are distinct but do not lie on the same vertical line, then there is a (distinct) third point $r\in E$ on the line connecting $p$ and $q$. Then $p+q=-r$, wherer $-r$ denotes $r$ reflected across the $x$-axis.
My question is: How do we know $r$ exists? In other words, why does every non-vertical line that crosses two points on $E$ also cross a third point on $E$?
From Bezout's theorem, E(degree $3$) and line (degree $1$) intersect at exactly $3$ points. As we know the line and $E$ intersect at $p,q$. Thus,the line should crosses at yet another one point, $r$.
Also, vertical line also intersects with $E$ at exactly three points( first two points, and infinite point $O$).