## Joel Brigida

## CDA-4321: Cryptographic Engineering

### Elliptic Curve Functions

In [1]:
p = 2^255 - 19  # Pseudo-Mersenne Prime
a = 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144
b = 0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864
Gx = 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a
Gy = 0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14

In [4]:
# Create an Elliptic Curve over F_p with equation: y^2 = x^3 + ax + b
E = EllipticCurve(GF(p),[a,b])
print(f'Curve E = {E}')

# Point at infinity.
# Note when printing point at infinity, sage will show (0:1:0)
O = E(0)
print(f'Point at infinity: {O}')

T = E.random_point()
# Point with coordinates (x,y).
# Note when printing any point other than point at infinity, sage will show (x:y:1)
x = T[0]
y = T[1]

# Note when printing any point other than point at infinity, sage will show (x:y:1)
print(f'T[0] x = {x}\nT[1] y = {y}\n')
print(f'Point T = {T}')

# Order of point P : k * P = point at infinity
k = T.order()

# Number of bits of number k. Note: number of bits of k is ⌈log_2 k⌉.
print(f'# of Bits of K: {k.nbits()}')

Curve E = Elliptic Curve defined by y^2 = x^3 + 19298681539552699237261830834781317975544997444273427339909597334573241639236*x + 55751746669818908907645289078257140818241103727901012315294400837956729358436 over Finite Field of size 57896044618658097711785492504343953926634992332820282019728792003956564819949
Point at infinity: (0 : 1 : 0)
T[0] x = 41075246267893719307166194686267917353475773848132654608823633591112089817159
T[1] y = 43418067372823833314047382463218503626145745902612206746899415475383722027058



NameError: name 'P' is not defined

### Plotting a Continuous Curve

In [None]:
A = EllipticCurve([0,0,0,-1,1])
display(A.plot())

### Plotting an Elliptic Curve over a Galois Field

In [None]:
# GF = Galois Field = prime field

B = EllipticCurve(GF(101),[0,0,0,-1,1])

display(B.plot())
print(f'Number of points on curve B: {B.cardinality()}')

In [None]:
# GF = Galois Field = Prime Field (discrete)

C = EllipticCurve(GF(2^13 - 1),[0,0,0,-1,1])

display(C.plot())
print(f'Number of points on curve C: {C.cardinality()}')

### Plotting Elliptic Curves - Point Addition Examples:

Source: https://doc.sagemath.org/html/en/reference/arithmetic_curves/sage/schemes/elliptic_curves/constructor.html

Long Weistrass Equation, General Form:
#### $$ y^{2} + a_{1}xy + a_{3}y = x^{3} + a_{2}x^{2} + a_{4}x + a_{6} $$

This Example:
#### $$ y^{2} = x^{3} + x + 6 $$

Suppose $ P = (2, 4) \text{ and } Q = (5, 2) $

Function Form:
```python
EllipticCurve(GF(PRIME), [a1, a2, a3, a4, a6])

E = EllipticCurve([0, 0, 0, 1, 6])

plot(E)
```

In [None]:
E = EllipticCurve(GF(7), [0, 0, 0, 1, 6])
plot(E)

In [None]:
for p in E:
    print(p)

print(f'\nOrder of E: {E.order()}')

### Point Addition and Point Doubling

In [None]:
Q = E([4,2])
P = E([6,5])

PQ = Q + P  # point addition
PP = P + P  # point doubling
PP2 = 2 * P # point doubling

print(PQ)
print(PP)
print(PP2)

### Polynomial Functions over a Galois Field

In [None]:
R.<X> = PolynomialRing(GF(2), 'X')
S.<x> = GF(2^8, modulus = X^8 + X^4 + X^3 + X + 1, repr='poly')

print(f'R = {R}')
print(f'S = {S}\n')

print(f'AES modulus is: {S.modulus()}')
print(f'Order is: {S.order()}\n')

a = x^3 + 1
b = x^6 + x^2 + 1
c = a^(-1)

print('OpA = x^3 + 1')
print('OpB = x^6 + x^2 + 1\n')
print(f'Polynomial Addition Result is: {a + b}')
print(f'Polynomial Multiplication Result is: {a * b}')
print(f'Polynomial Inversion Result is: {c}')
print(f'a * a^-1 = {a * c}\n')

for i,x in enumerate(S):
    if x == 0:
        continue
    if x.multiplicative_order() == 255:
        #print("{} {}".format(i, x))
        print(f'{i}:  {x}')


### SBox Functions

In [None]:
R = PolynomialRing(GF(2),'x',1)
x = R.gen()
print(f'R = {R}\n')

m = x^8 + x^4 + x^3 + x + 1
print(f'AES modulus is: {m}\n')

y = x^7 + x^4 + x^2 + 1
print(f'SBox Input is: {y}\n')

# Coefficients of the S-Box, as determined through Lagrange interpolation
a = x^2 + 1
b = x^3 + 1
c = x^7 + x^6 + x^5 + x^4 + x^3 + 1
d = x^5 + x^2 + 1
e = x^7 + x^6 + x^5 + x^4 + x^2
f = 1
g = x^7 + x^5 + x^4 + x^2 + 1
h = x^7 + x^3 + x^2 + x + 1

# Final S-Box Addition
v = x^6 + x^5 + x + 1

s = a*(y^254) + b*(y^253) + c*(y^251) + d*(y^247) + e*(y^239) + f*(y^223) + g*(y^191) + h*(y^127) + v

print(f's % m = {s % m}')