### Joel Brigida

### CDA-4321: Cryptographic Engineering

### Sage Code for ECC: Elliptical Curve Cryptography

In [1]:
p = 2^255 - 19
pp = (p - 5) // 8

print(f'pp = {hex(pp)}')
print(f'total bit length of pp = {pp.bit_length()}')  # total length of `pp`
print(f'0xD in binary = {bin(0xd)}')
print(bin(0xd))

pp = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd
total bit length of pp = 252
0xD in binary = 0b1101
0b1101


In [2]:
print(f'p = {hex(p)}') # prime modulus

p = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed


### Constants:

In [3]:
p = 2^255 - 19
a = 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144
b = 0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864
Gx = 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a
Gy = 0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14

In [4]:
E = EllipticCurve(GF(p), [a, b])
G = E(Gx, Gy)               # Generator point (public)
print(f'G = {G}')

sk = 0x5a4c15d51209bdb902a5509229047c35a55f69658bd934e5568d8987ce3610b0

pk = (sk * G)[0]            # Need to generate the secret key and return the X coordinate (1st index in the tuple)
print(f'\npk = {hex(pk)}\n')

T = E.lift_x(pk)            # pk is only the X-coordinate of a point, we need the Y-coordinate
print(f'T = {T}\n')

yCoord = (pk * G)[0]
print(f'yCoord = {hex(yCoord)}\n')

ss = (sk * T)[0]            # last we need to generate a shared key
print(f'ss = {ss}')

G = (19298681539552699237261830834781317975544997444273427339909597334652188435546 : 43114425171068552920764898935933967039370386198203806730763910166200978582548 : 1)

pk = 0x4a08eb868647c36d7b02e42a04d041de0391715e71b7c0a15d86bc5c46ba8e3f

T = (33486911108845657824556496124813443090212173285153853565872592004249248501311 : 7860921102172468758001160037503328602235255120896215246392815054724963959308 : 1)

yCoord = 0x4a3691bfac0a1c047e247f3a5d81edd558ffd2708db6d6b7cbf3d8b1b6db3c32

ss = 7385100590267130821247075643465749176655100040357896990098864696422221080910


### Practice Questions for Final:

In [5]:
# p = 2^255 - 19    # Define a pseudo-mersenne prime modulus
# Create an Elliptic Curve over Fp with equation: y^2 = x^3 + a*x + b
# E = EllipticCurve(GF(p), [a, b])

# Define the elliptic curve E over the finite field GF(p)
E = EllipticCurve(GF(71), [1, 0])

# Choose a random point P on the curve E to be used as the base point
P = E.random_point()

Q = 13 * P                  # Point Q is 13 times point P
Q1 = -Q                     # Point Q1 is the opposite of point Q
print(f' Q = {Q}\n-Q = {Q1}')

student = 4 * P             # Z number: Last digit of Z number multiplied by point P
print(f'4 times P = {student}')

d = P + Q                   # Point d is point P + point Q
print(f'P + Q = {d}')

 Q = (42 : 52 : 1)
-Q = (42 : 19 : 1)
4 times P = (36 : 51 : 1)
P + Q = (12 : 6 : 1)


In [28]:
# Finite field Fp
U = GF(p)

# Scalar Value 's'
s = 15

# Create an Elliptic Curve over Fp with equation: y^2 = x^3 + a*x + b
E = EllipticCurve(GF(p), [a, b])

# Point at infinity.
# Note when printing point at infinity, sage will show (0:1:0)
O = E(0)
j = O.order()
print(f'Point O @ Infinity: {O}\nOrder of Point @ Infinity: {j}\n')

# Point with coordinates (x, y).
# Choose a random point P on the curve E to be used as the base point
T = E.random_point()
print(f'Point T = {T}')

# Order of point T
k = T.order()
print(f'Order of T = {k}')
# Number of bits of number k. Note: number of bits of k is ⌈log_2 k⌉.
print(f'# of bits of K: {k.nbits()}\n')

# The point coordinates x and y are stored in an array. To access them,
x = T[0]
y = T[1]

# Note when printing any point other than point at infinity, sage will show (x:y:1)
# P = E(x, y)
print(f'T[0] x = {x}\nT[1] y = {y}\n')

# Point Addition R = P + Q: Adding two points P and Q
R = P + Q
print(f'Point R = P + Q: {R}\n')

# Point Multiplication W = [s]P : Multiplying P by scalar s
W = s * P
print(f'Point W = [{s}]P: {W}\n')

# Point Inversion X = −P : P + R = point at infinity
# Note if P = (x, y), then this is just R = (x, −y)
X = -P
print(f'Point X = -P: {X}\n')

# Point Doubling V = P + P = [2]P : Doubling a point P
V = 2 * P
V2 = P + P
print(f'Point V = [2]P = {V}\nPoint V2 = P + P = {V2}')
print(f'Point V and V2 are equal ? {V == V2}')

Point O @ Infinity: (0 : 1 : 0)
Order of Point @ Infinity: 1

Point T = (30709201983114908762975624049481003411875532343594588613049040956831830321339 : 32133802658152515099221041676228436523120874665654002416124827598521572728153 : 1)
Order of T = 57896044618658097711785492504343953926856930875039260848015607506283634007912
# of bits of K: 256

T[0] x = 30709201983114908762975624049481003411875532343594588613049040956831830321339
T[1] y = 32133802658152515099221041676228436523120874665654002416124827598521572728153

Point R = P + Q: (12 : 6 : 1)

Point W = [15]P: (53 : 16 : 1)

Point X = -P: (22 : 34 : 1)

Point V = [2]P = (6 : 68 : 1)
Point V2 = P + P = (6 : 68 : 1)
Point V and V2 are equal ? True
