In [33]:
# https://martin-thoma.com/how-to-calculate-the-legendre-symbol/#python
def isPrime(a):
    return all(a % i for i in range(2, a))

def factorize(n):
    factors = []

    p = 2
    while True:
        while(n % p == 0 and n > 0): #while we can divide by smaller number, do so
            factors.append(p)
            n = n / p
        p += 1  #p is not necessary prime, but n%p == 0 only for prime numbers
        if p > n / p:
            break
    if n > 1:
        factors.append(int(n))
    #print(factors)
    return factors

def IntegersModP(p):
    class IntegerModP():
        def __init__(self, n):
            if (n is None):
                raise ValueError("Insufficient Parameters")
            self.n = n % p
            self.field = IntegerModP
        def __add__(self, other): return IntegerModP(self.n + other.n)
        def __sub__(self, other): return IntegerModP(self.n - other.n)
        def __mul__(self, other): return IntegerModP(self.n * other.n)
        def __truediv__(self, other): return self * other.inverse()
        def __div__(self, other): return self * other.inverse()
        def __neg__(self): return IntegerModP(-self.n)
        def __eq__(self, other): return isinstance(other, IntegerModP) and self.n == other.n
        def __abs__(self): return abs(self.n)
        def __str__(self): return '%d (mod %d)' % (self.n, self.p)
        def __repr__(self): return '%d (mod %d)' % (self.n, self.p)
        def __pow__(self,m): return IntegerModP(self.n**m)
        def inverse(self):
            return IntegerModP(self.n**(self.p-2))
        def legendreSymbol(self,a):
            if (a >= self.p or a < 0):
                return self.legendreSymbol(a % self.p)
            elif (a == 0 or a == 1):
                return a
            elif (a == 2):
                if (self.p%8 == 1 or self.p%8 == 7):
                    return 1
                else:
                    return -1
            elif (a == self.p-1):
                if self.p%4 == 1:
                    return 1
                else:
                    return -1
            elif (not isPrime(a)):
                factors = factorize(a)
                product = 1
                for pi in factors:
                    product *= self.legendreSymbol(pi)
                return product
            else:
                myField=IntegersModP(a)
                newSelf=myField(p)
                if ((self.p-1)/2)%2==0 or ((a-1)/2)%2==0:
                    return newSelf.legendreSymbol(p)
                else:
                    return (-1)*newSelf.legendreSymbol(p)
        def legendreSymbol2(self):
            return self.legendreSymbol(self.n)
    IntegerModP.p = p
    IntegerModP.__name__ = 'F_%d' % (p)
    return IntegerModP

def MyEllipticCurve(p,myA=None,myB=None,myJ=None):
    class EllipticCurve():
        # Assumes x,y given as either int or IntegerModP. So if it is not an integer, assumes it is IntegerModP with correct p
        #     this may cause a problem
        def __init__(self,x,y,isPInf):
            self.whichCurve=EllipticCurve
            if (type(x)==int):
                self.x=self.whichCurve.groundField(x)
            else:
                self.x=x
            if (type(y)==int):
                self.y=self.whichCurve.groundField(y)
            else:
                self.y=y
            self.isPInf=isPInf
            if (not isPInf):
                if (not (myA is None or myB is None)):
                    #print('Weirstrass')
                    shouldbeZero=self.y**2-self.x**3-self.whichCurve.groundField(myA)*self.x-self.whichCurve.groundField(myB)
                elif (not (myJ is None)):
                    #print('Legendre')
                    shouldbeZero=self.y**2-self.x*(self.x+self.whichCurve.groundField(1))*(self.x+self.whichCurve.groundField(myJ))
                else:
                    #print('Neither')
                    shouldbeZero=self.whichCurve.groundField(1)
                #print(shouldbeZero)
                if (shouldbeZero != self.whichCurve.groundField(0)):
                    print("Invalid Input")
                    raise ValueError("Not a point on the curve or invalid curve.")
        def __str__(self):
            return '(%s,%s, %r)' % (str(self.x),str(self.y),self.isPInf)
        # double and add are assuming that the curve is given with A,B coefficients rather than Legendre form
        #   does not check this. Potential problem.
        def pointCount(self):
            if (not (myA is None or myB is None)):
                #print('Weirstrass')
                count=0
                pointList=[]
                for j in range(self.whichCurve.groundField.p):
                    currentX = self.whichCurve.groundField(j)
                    currentYSquared = currentX**3 + self.whichCurve.groundField(myA)*currentX+self.whichCurve.groundField(myB)
                    isASquare = currentYSquared.legendreSymbol2()
                    if (isASquare==1):
                        count=count+2
                        pointList.append([currentX,currentYSquared])
                    elif (isASquare==0):
                        count=count+1
                        pointList.append([currentX,currentYSquared])
                    else:
                        #print('Count Unchanged')
                        count=count
                print(pointList)
                return count+1
            elif (not (myJ is None)):
                #print('Legendre')
                count=0
                pointList=[]
                for j in range(self.whichCurve.groundField.p):
                    currentX = self.whichCurve.groundField(j)
                    currentYSquared = currentX*(currentX+self.whichCurve.groundField(1))*(currentX+self.whichCurve.groundField(myJ))
                    isASquare = currentYSquared.legendreSymbol2()
                    if (isASquare==1):
                        count=count+2
                        pointList.append([currentX,currentYSquared])
                    elif (isASquare==0):
                        count=count+1
                        pointList.append([currentX,currentYSquared])
                    else:
                        #print('Count Unchanged')
                        count=count
                print(pointList)
                return count+1
            else:
                return 0
        def doubleW(self):
            if(not (self.whichCurve.type=='W')):
                return None
            if (self.isPInf):
                return self
            myGF = self.whichCurve.groundField
            if (self.y==myGF(0)):
                return self.whichCurve(2894,19204,True)
            s = myGF(3)*self.x**2+myGF(self.whichCurve.myA)
            s = s/(myGF(2)*self.y)
            xR = s**2-myGF(2)*self.x
            return self.whichCurve(xR,-self.y-s*(xR-self.x),False)
        # does multiply by num using multiply and square trick. Add and double here.
        def multiplyByNW(self,num):
            if(not (self.whichCurve.type=='W')):
                return None
            num=bin(num)[2:][::-1]
            lgth=len(num)
            current=self
            answer=self.whichCurve(2894,19204,True)
            for i in range(lgth):
                if (num[i]=='1'):
                    answer=answer.ecAddW(current)
                current=current.doubleW()
            return answer
        def ecAddW(self,other):
            if(not (self.whichCurve.type=='W')):
                return None
            if (self.isPInf):
                return other
            elif (other.isPInf):
                return self
            elif (self.x==other.x):
                if (self.y==-other.y):
                    # put two junk numbers for x,y because it will be PInf anyway
                    return self.whichCurve(2894,19204,True)
                else:
                    return self.doubleW()
            else:
                s = (self.y - other.y)/(self.x-other.x)
                xR = s**2 - self.x - other.x
                return self.whichCurve(xR,-self.y-s*(xR-self.x),False)
        # If not given in Legendre form myJ will be none and output none. Otherwise do the Jacobi embedding
        #      into P^3 with 4 homogenous coordinates
        def jacobiEmbedding(self):
            if(not (self.whichCurve.type=='L')):
                return None
            else:
                if self.isPInf:
                    return (self.whichCurve.groundField(0),self.whichCurve.groundField(1),self.whichCurve.groundField(1),self.whichCurve.groundField(1))
                else:
                    x2 = (self.x)**2
                    x3 = self.whichCurve.groundField(2)*(self.x)
                    jGF = self.whichCurve.groundField(self.whichCurve.myJ)
                    return (-self.whichCurve.groundField(2)*(self.y),
                            x2-jGF,x2+x3*jGF+jGF,
                            x2+x3+jGF)
        # undoes the Jacobi embedding assuming 2 is invertible
        def undoJacobi(self,embedded):
            if(not (self.whichCurve.type=='L')):
                return None
            if ((embedded[0]==self.whichCurve.groundField(0)) and (embedded[1]==embedded[2]) and (embedded[2]==embedded[3])):
                return self.whichCurve(2894,19204,True)
            else:
                jGF=self.whichCurve.groundField(self.whichCurve.myJ)
                denom=(self.whichCurve.groundField(1)-jGF)*embedded[1]-embedded[2]+jGF*embedded[3]
                numer1=jGF*(embedded[2]-embedded[3])
                numer2=jGF*(self.whichCurve.groundField(1)-jGF)*embedded[0]
                x = numer1/denom
                y = numer2/denom
                return self.whichCurve(x,y,False)
        # takes two points on the elliptic curve assumed in Legendre form and give the Jacobi embedding of the sum
        # if not in Legendre form will cause error when trying to make None-1
        def ecAddL(self,other):
            if(not (self.whichCurve.type=='L')):
                return None
            jacobiP1=self.jacobiEmbedding()
            jacobiP2=other.jacobiEmbedding()
            myConst=self.whichCurve.groundField(1-self.whichCurve.myJ)
            x3=jacobiP1[3]*jacobiP2[1]*jacobiP1[0]*jacobiP2[2]+jacobiP1[2]*jacobiP2[0]*jacobiP1[1]*jacobiP2[3]
            y3=jacobiP1[3]*jacobiP2[1]*jacobiP1[1]*jacobiP2[3]-jacobiP1[2]*jacobiP2[0]*jacobiP1[0]*jacobiP2[2]
            z3=jacobiP1[3]*jacobiP1[2]*jacobiP2[3]*jacobiP2[2]-myConst*jacobiP1[0]*jacobiP1[1]*jacobiP2[0]*jacobiP2[1]
            t3=(jacobiP1[3]*jacobiP2[1])**2+(jacobiP1[2]*jacobiP2[0])**2
            return self.undoJacobi((x3,y3,z3,t3))
        def doubleL(self):
            if(not (self.whichCurve.type=='L')):
                return None
            jacobiP1=self.jacobiEmbedding()
            myConst=self.whichCurve.groundField(2)
            A=jacobiP1[3]*jacobiP1[1]
            B=jacobiP1[3]*jacobiP1[2]
            C=jacobiP1[2]*jacobiP1[1]
            D=jacobiP1[0]*A
            E=jacobiP1[2]*D
            x3=myConst*E
            y3=A**2-B**2+C**2
            z3=B**2-A**2+C**2
            t3=A**2+B**2-C**2
            return self.undoJacobi((x3,y3,z3,t3))
        #does multiply by num using multiply and square trick. Add and double here.
        def multiplyByNL(self,num):
            if(not (self.whichCurve.type=='L')):
                return None
            num=bin(num)[2:][::-1]
            lgth=len(num)
            current=self
            answer=self.whichCurve(2894,19204,True)
            for i in range(lgth):
                if (num[i]=='1'):
                    answer=answer.ecAddL(current)
                current=current.doubleL()
            return answer
        def double(self):
            if (self.whichCurve.type=='L'):
                return self.doubleL()
            elif (self.whichCurve.type=='W'):
                return self.doubleW()
            else:
                return None
        def multiplyByN(self,num):
            if (self.whichCurve.type=='L'):
                return self.multiplyByNL(num)
            elif (self.whichCurve.type=='W'):
                return self.multiplyByNW(num)
            else:
                return None
        def ecAdd(self,other):
            if (self.whichCurve.type=='L'):
                return self.ecAddL(other)
            elif (self.whichCurve.type=='W'):
                return self.ecAddW(other)
            else:
                return None
    EllipticCurve.groundField=IntegersModP(p)
    EllipticCurve.myA=myA
    EllipticCurve.myB=myB
    EllipticCurve.myJ=myJ
    if ((myA is None or myB is None) and (myJ is None)):
        raise ValueError("Insufficient Parameters")
    elif (not (myJ is None)):
        EllipticCurve.type='L'
    else:
        EllipticCurve.type='W'
    EllipticCurve.__name__= 'myA=%s, myB=%s, myJ=%s over %s' % (str(myA),str(myB),str(myJ),IntegersModP(p).__name__)
    def calcDisc(myA,myB,myJ,groundField):
        if (myA is None or myB is None):
            return None
        else:
            return groundField(-16)*(groundField(4)*groundField(myA)**3+groundField(27)*groundField(myB)**2)
    EllipticCurve.discriminant=calcDisc(myA,myB,myJ,EllipticCurve.groundField)
    return EllipticCurve

In [29]:
myF19=IntegersModP(19)
print('The name of the field is '+myF19.__name__)
print('In this field 9*10 = '+str(myF19(9)*myF19(10)))
result=pow(myF19(9),2)
print('In this field 9^2='+str(result))
result=myF19(9)**2
print('In this field 9**2='+str(result))
print('9**2 is or is not a square: '+str(result.legendreSymbol(result.n)))
result=myF19(8)
print('8 is or is not a square: '+str(result.legendreSymbol(result.n)))
print('8 is or is not a square: '+str(result.legendreSymbol2()))

The name of the field is F_19
In this field 9*10 = 14 (mod 19)
In this field 9^2=5 (mod 19)
In this field 9**2=5 (mod 19)
9**2 is or is not a square: 1
8 is or is not a square: -1
8 is or is not a square: -1


In [34]:
myCurve=MyEllipticCurve(19,myJ=4)
print(myCurve.__name__)
print('type='+myCurve.type)
point1=myCurve(-2,2,False)
result=point1.jacobiEmbedding()
print('(-2,2) gets embedded as '+str(result))
result=point1.undoJacobi(result)
print('Should recover (-2,2): '+str(result))
point1=myCurve(-2,2,True)
result=point1.jacobiEmbedding()
print('PInf gets embedded as '+str(result))
point1=myCurve(-2,2,False)
print('P='+str(point1))
point2=point1.ecAddL(point1)
print('2P=' + str(point2))
for i in range(7):
    point2=point2.ecAddL(point1)
    print('%dP=' % (i+3) + str(point2))
for i in range(8):
    point2=point1.multiplyByNL(i)
    print('%iP=' % (i) + str(point2))
print('There are %i points' % (point1.pointCount()) )

myA=None, myB=None, myJ=4 over F_19
type=L
(-2,2) gets embedded as (15 (mod 19), 0 (mod 19), 11 (mod 19), 4 (mod 19))
Should recover (-2,2): (17 (mod 19),2 (mod 19), False)
PInf gets embedded as (0 (mod 19), 1 (mod 19), 1 (mod 19), 1 (mod 19))
P=(17 (mod 19),2 (mod 19), False)
2P=(0 (mod 19),0 (mod 19), False)
3P=(17 (mod 19),17 (mod 19), False)
4P=(6 (mod 19),14 (mod 19), True)
5P=(17 (mod 19),2 (mod 19), False)
6P=(0 (mod 19),0 (mod 19), False)
7P=(17 (mod 19),17 (mod 19), False)
8P=(6 (mod 19),14 (mod 19), True)
9P=(17 (mod 19),2 (mod 19), False)
0P=(6 (mod 19),14 (mod 19), True)
1P=(17 (mod 19),2 (mod 19), False)
2P=(0 (mod 19),0 (mod 19), False)
3P=(17 (mod 19),17 (mod 19), False)
4P=(6 (mod 19),14 (mod 19), True)
5P=(17 (mod 19),2 (mod 19), False)
6P=(0 (mod 19),0 (mod 19), False)
7P=(17 (mod 19),17 (mod 19), False)
[[0 (mod 19), 0 (mod 19)], [2 (mod 19), 17 (mod 19)], [5 (mod 19), 4 (mod 19)], [8 (mod 19), 9 (mod 19)], [9 (mod 19), 11 (mod 19)], [10 (mod 19), 1 (mod 19)], [11 (m

In [32]:
myCurve=MyEllipticCurve(11,myA=7,myB=13)
print('discriminant='+str(myCurve.discriminant))
print('type='+myCurve.type)
point1=myCurve(7,3,False)
print('P='+str(point1))
# doing the general purpose function which then goes to ecAddW
point2=point1.ecAdd(point1)
print('2P=' + str(point2))
for i in range(7):
    point2=point2.ecAdd(point1)
    print('%dP=' % (i+3) + str(point2))
for i in range(8):
    point2=point1.multiplyByN(i)
    print('%iP=' % (i) + str(point2))
print('There are %i points' % (point1.pointCount()) )

discriminant=3 (mod 11)
type=W
P=(7 (mod 11),3 (mod 11), False)
2P=(8 (mod 11),8 (mod 11), False)
3P=(10 (mod 11),4 (mod 11), False)
4P=(10 (mod 11),7 (mod 11), False)
5P=(8 (mod 11),3 (mod 11), False)
6P=(7 (mod 11),8 (mod 11), False)
7P=(1 (mod 11),9 (mod 11), True)
8P=(7 (mod 11),3 (mod 11), False)
9P=(8 (mod 11),8 (mod 11), False)
0P=(1 (mod 11),9 (mod 11), True)
1P=(7 (mod 11),3 (mod 11), False)
2P=(8 (mod 11),8 (mod 11), False)
3P=(10 (mod 11),4 (mod 11), False)
4P=(10 (mod 11),7 (mod 11), False)
5P=(8 (mod 11),3 (mod 11), False)
6P=(7 (mod 11),8 (mod 11), False)
7P=(1 (mod 11),9 (mod 11), True)
[[7 (mod 11), 9 (mod 11)], [8 (mod 11), 9 (mod 11)], [10 (mod 11), 5 (mod 11)]]
There are 7 points


In [25]:
point1=myCurve(7,3,False)
point1=myCurve(7,4,False)

Invalid Input


ValueError: Not a point on the curve or invalid curve.

In [35]:
myCurve=MyEllipticCurve(11,myA=7)

ValueError: Insufficient Parameters