# Elliptic curve Operation (Sage Math)

## 二进制域

sect163r1、sect163k1

In [68]:
m = 163
x = var('x')
ip = x^163 + x^7 + x^6 + x^3 + 1
GF2m.<z> = GF(2^m, ip)
print(f"ip: {hex(ip.subs(x=2))} -> {ip}")

ip: 0x800000000000000000000000000000000000000c9 -> x^163 + x^7 + x^6 + x^3 + 1


### 运算

In [69]:
x = GF2m.from_integer(0x1dbfd60b8bc7b317ee5b82b49bc4331d3516c4226)
y = GF2m.from_integer(0x3cb11cbd786bf745c8ffa5cfeb34a2e89e3d5514b)
# x = GF2m.random_element()
# y = GF2m.random_element()
print(f"x: {hex(x.to_integer())} -> {x}")
print(f"y: {hex(y.to_integer())} -> {y}")
result = x + y
print(f"x + y: {hex(result.to_integer())}")
result = x - y
print(f"x - y: {hex(result.to_integer())}")
result = x * y
print(f"x * y: {hex(result.to_integer())}")
result = x / y
print(f"x / y: {hex(result.to_integer())}")
result = x^2
print(f"x^2: {hex(result.to_integer())}")
result = x^(-1)
print(f"x^(-1): {hex(result.to_integer())}")
result = x.sqrt()
print(f"sqrt(x): {hex(result.to_integer())}")
result = x^(y.to_integer())
print(f"x^y: {hex(result.to_integer())}")

x: 0x1dbfd60b8bc7b317ee5b82b49bc4331d3516c4226 -> z^160 + z^159 + z^158 + z^156 + z^155 + z^153 + z^152 + z^151 + z^150 + z^149 + z^148 + z^147 + z^146 + z^144 + z^142 + z^141 + z^135 + z^133 + z^132 + z^131 + z^127 + z^125 + z^124 + z^123 + z^122 + z^118 + z^117 + z^116 + z^115 + z^113 + z^112 + z^109 + z^108 + z^104 + z^102 + z^101 + z^100 + z^99 + z^98 + z^97 + z^95 + z^94 + z^93 + z^90 + z^88 + z^87 + z^85 + z^84 + z^83 + z^77 + z^75 + z^73 + z^72 + z^70 + z^67 + z^64 + z^63 + z^61 + z^60 + z^59 + z^58 + z^54 + z^49 + z^48 + z^45 + z^44 + z^40 + z^39 + z^38 + z^36 + z^33 + z^32 + z^30 + z^28 + z^24 + z^22 + z^21 + z^19 + z^18 + z^14 + z^9 + z^5 + z^2 + z
y: 0x3cb11cbd786bf745c8ffa5cfeb34a2e89e3d5514b -> z^161 + z^160 + z^159 + z^158 + z^155 + z^153 + z^152 + z^148 + z^144 + z^143 + z^142 + z^139 + z^137 + z^136 + z^135 + z^134 + z^132 + z^130 + z^129 + z^128 + z^127 + z^122 + z^121 + z^119 + z^117 + z^116 + z^115 + z^114 + z^113 + z^112 + z^110 + z^109 + z^108 + z^106 + z^102 + z^1

### 椭圆曲线

#### 随机椭圆曲线 (sect163r1)

y^2 + x*y = x^3 + A*x^2 + B

In [70]:
A = GF2m.from_integer(0x07B6882CAAEFA84F9554FF8428BD88E246D2782AE2)
B = GF2m.from_integer(0x0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9)
ECb = EllipticCurve(GF2m, [1, A, 0, 0, B])

##### 基点

In [71]:
Gx = GF2m.from_integer(0x0369979697AB43897789566789567F787A7876A654)
Gy = GF2m.from_integer(0x00435EDB42EFAFB2989D51FEFCE3C80988F41FF883)
G = ECb(Gx, Gy)

##### Jacobian 坐标系

In [72]:
Jz = GF2m.random_element()
Jx = Gx * Jz^2
Jy = Gy * Jz^3
print(f"Jx = {hex(Jx.to_integer())}")
print(f"Jy = {hex(Jy.to_integer())}")
print(f"Jz = {hex(Jz.to_integer())}")

Jx = 0x959ca054cdbb232affe046b20aabb5876421ab5
Jy = 0x1a9930e92efca6cfefe66561d71e59a33b1fa79bb
Jz = 0x1f75028fbc733c2db6c0a26bf909d5baee092229d


##### López-Dahab 坐标系

In [73]:
# Lz = GF2m.random_element()
Lz = GF2m.from_integer(0x4581D79888B23905C7FFFB8B7FEB862BE5F73EB98)
Lx = Gx * Lz
Ly = Gy * Lz^2
print(f"Lx = {hex(Lx.to_integer())}")
print(f"Ly = {hex(Ly.to_integer())}")
print(f"Lz = {hex(Lz.to_integer())}")

Lx = 0x7422fb7b60ac486e3ab0a3a73281480fa9dad5ead
Ly = 0x38bbf17705658f03d9b3fdca9f1694b4059b19c65
Lz = 0x4581d79888b23905c7fffb8b7feb862be5f73eb98


##### 点加法

In [74]:
G2 = G + G
G3 = G2 + G
G4 = G3 + G
x, y = G2.xy()
print("G2 = G + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
print()
x, y = G3.xy()
print("G3 = G2 + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
print()
x, y = G4.xy()
print("G4 = G3 + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
assert G4 == G2 + G2

G2 = G + G
x = 0x4e1456ffead56a68862e3006a87bcf6d6fc3672b4
y = 0x223f5dd8ab164d4e51d903623764f48a787e528a8

G3 = G2 + G
x = 0x48a0a8a89d53dfb023ea98cee93381c6715aa87d1
y = 0x6be5460da1ad9ac2eff25554ddb5fe237bae5d412

G4 = G3 + G
x = 0x6580f74ee239912537f7c8bf2c2d9320d448f0057
y = 0x7e641d37c09c6b64909dac22a1627d63c428dccc9


##### 标量乘法

In [75]:
# n = GF2m.random_element().to_integer()
n = 8731870941184819475799947245630709385883641160251
Gn = G * n
x, y = Gn.xy()
print(f"Gn = G * {n}")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")

Gn = G * 8731870941184819475799947245630709385883641160251
x = 0x2c78b4d66711cf62ca0fac917690671e546dbb0e3
y = 0x602d79f7e63ead2af3b687d1a89a68a56bfcd7eda


#### Koblitz 曲线  (sect163k1)

y^2 + x*y = x^3 + A*x^2 + B

In [76]:
A = GF2m.from_integer(1)
B = GF2m.from_integer(1)
ECb = EllipticCurve(GF2m, [1, A, 0, 0, B])

##### 基点

In [77]:
Gx = GF2m.from_integer(0x02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8)
Gy = GF2m.from_integer(0x0289070FB05D38FF58321F2E800536D538CCDAA3D9)
G = ECb(Gx, Gy)

##### 点加法

In [78]:
G2 = G + G
G3 = G2 + G
G4 = G3 + G
x, y = G2.xy()
print("G2 = G + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
print()
x, y = G3.xy()
print("G3 = G2 + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
print()
x, y = G4.xy()
print("G4 = G3 + G")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")
assert G4 == G2 + G2

G2 = G + G
x = 0xcb5ca2738fe300aacfb00b42a77b828d8a5c41eb
y = 0x229c79e9ab85f90acd3d5fa3a696664515efefa6b

G3 = G2 + G
x = 0x2acfcfcc9a2af8e3f2828024f820033db20f69520
y = 0x5729c47f915badc7b4c17df14e5804109ffecdfe4

G4 = G3 + G
x = 0xba8c7e6e2523ef94cbc1e56facfede24f3f91578
y = 0x510f96cbc41cf3bdfa0157e9e8fee2c605791db0d


##### 标量乘法

In [79]:
# n = GF2m.random_element().to_integer()
n = 860749895544662177846543624795725813985896149794
Gn = G * n
x, y = Gn.xy()
print(f"Gn = G * {n}")
print(f"x = {hex(x.to_integer())}")
print(f"y = {hex(y.to_integer())}")

Gn = G * 860749895544662177846543624795725813985896149794
x = 0xfd34391fc1240e14c36d6749328a5591b63983c0
y = 0x3aec697608e7252b72147591fa8aebc4ccfc8a9dd


## 素域

###  运算 (p = 2^255 - 19)

In [80]:
p = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED
GFp = GF(p)
x = GFp(0x6C533682766ED5FB0CF26AF5DD566E29922A5337ED849AAB78F697D80E60D885)
y = GFp(0x3DE8BB63832A430EB26B4D6BCCCC49E30B1429B75C14F989A32FD8305E074164)
# x = GFp.random_element()
# y = GFp.random_element()
print(f"p: {hex(p)} -> {p}")
print(f"x: {hex(x)} -> {x}")
print(f"y: {hex(y)} -> {y}")
result = x + y
print(f"x + y: {hex(result)}")
result = x - y
print(f"x - y: {hex(result)}")
result = x * y
print(f"x * y: {hex(result)}")
result = x / y
print(f"x / y: {hex(result)}")
result = x^2
print(f"x^2: {hex(result)}")
result = x^(-1)
print(f"x^(-1): {hex(result)}")
result = x.sqrt()
print(f"sqrt(x): {hex(result)}")
result = x^y
print(f"x^y: {hex(result)}")

p: 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed -> 57896044618658097711785492504343953926634992332820282019728792003956564819949
x: 0x6c533682766ed5fb0cf26af5dd566e29922a5337ed849aab78f697d80e60d885 -> 48996812164937614909591619877671342122417362642894243494432705639003946276997
y: 0x3de8bb63832a430eb26b4d6bcccc49e30b1429b75c14f989a32fd8305e074164 -> 28002285592022700502113767362772125132909967119529347116973792415031772004708
x + y: 0x2a3bf1e5f9991909bf5db861aa22b80c9d3e7cef499994351c2670086c6819fc
x - y: 0x2e6a7b1ef34492ec5a871d8a108a244687162980916fa121d5c6bfa7b0599721
x * y: 0x6800a96cab0f23cdfe657ea1ea0e7d7fefcfb0ed95559c1606802431397fd6f3
x / y: 0x19c6491be351df42a7051ea6427adddd9bc680c09352bdba34ab6022bc1bc836
x^2: 0x68a61fc28d771792c9d831df25d69dce3f3d1248bd3fcb75ba330ee13959c59
x^(-1): 0x2c8f6a2d142f9272c7895d50283498870da0dd1af5e2d3eef17df13ac8af9492
sqrt(x): 0x536ac59c96afcb1dd81a43179cf5e600123b9dce9c11730d5710cd03a18b533
x^y: 0x60b2782342839e41a9d3153

### 椭圆曲线

#### Weierstrass 曲线 (secp160r1)

y^2 = x^3 + A*x + B

In [81]:
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF
GFp = GF(p)
A = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC
B = 0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45
ECp = EllipticCurve(GFp, [0, 0, 0, A, B])

##### 基点

In [82]:
Gx = 0x4A96B5688EF573284664698968C38BB913CBFC82
Gy = 0x23A628553168947D59DCC912042351377AC5FB32
G = ECp(Gx, Gy)

##### Jacobian 坐标系

In [83]:
Jz = GFp.random_element()
Jx = Gx * Jz^2
Jy = Gy * Jz^3
print(f"Jx = {hex(Jx)}")
print(f"Jy = {hex(Jy)}")
print(f"Jz = {hex(Jz)}")

Jx = 0xd6276d5036f00c131125638b1d5fac1021b6b762
Jy = 0x9f3fd493f2ba89c915c4cdee207a4f3be497a966
Jz = 0xc8836b646f23f860e356efac7d9292a3b2f88b6e


##### 点加法

In [84]:
G2 = G + G
G3 = G2 + G
G4 = G3 + G
x, y = G2.xy()
print("G2 = G + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
print()
x, y = G3.xy()
print("G3 = G2 + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
print()
x, y = G4.xy()
print("G4 = G3 + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
assert G4 == G2 + G2

G2 = G + G
x = 0x2f997f33c5ed04c55d3edf8675d3e92e8f46686
y = 0xf083a323482993e9440e817e21cfb7737df8797b

G3 = G2 + G
x = 0x7b76ff541ef363f2df13de1650bd48daa958bc59
y = 0xc915ca790d8c8877b55be0079d12854ffe9f6f5a

G4 = G3 + G
x = 0xb4041d8683be99f0afe01c307b1ad4c100cf2a88
y = 0x3f32caed841f08c00660cc74caf4a5bcf9beed08


##### 标量乘法

In [85]:
# n = GFp.random_element()
n = 520883674333875308841598528610693034323391171945
Gn = G * n
x, y = Gn.xy()
print(f"Gn = G * {n}")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")

Gn = G * 520883674333875308841598528610693034323391171945
x = 0x6fcc9f4a03a1432381c74dc478ab79a6845d101e
y = 0x58453abb84f81edc065373215e59281855628d33


#### Montgomery 曲线 (curve25519)

y^2 = x^3 + A*x^2 + x

In [86]:
p = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED
GFp = GF(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED)
A = 486662
B = 1
ECp = EllipticCurve(GFp, [0, A, 0, 1, 0])

##### 基点

In [87]:
Gx = 9
Gy = 0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9
G = ECp(Gx, Gy)

##### Jacobian 坐标系

In [88]:
Jz = GFp.random_element()
Jx = Gx * Jz^2
Jy = Gy * Jz^3
print("基点 G -> J (雅可比坐标)")
print(f"Jx = {hex(Jx)}")
print(f"Jy = {hex(Jy)}")
print(f"Jz = {hex(Jz)}")

基点 G -> J (雅可比坐标)
Jx = 0x46bcef0bbbf3097f87969a47e5f675bf0fc7d29108ef747ffd55f290a2fe4555
Jy = 0x580359e01a4b6419fe1c84e979fb525007abf529639aba335c8f39b06027eab9
Jz = 0x670a70e92c79263a4af500b9d0b939f915edc45abd2d92da4423c0c843f43d84


##### 点加法

In [89]:
G2 = G + G
G3 = G2 + G
G4 = G3 + G
x, y = G2.xy()
print("G2 = G + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
print()
x, y = G3.xy()
print("G3 = G2 + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
print()
x, y = G4.xy()
print("G4 = G3 + G")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")
assert G4 == G2 + G2

G2 = G + G
x = 0x20d342d51873f1b7d9750c687d1571148f3f5ced1e350b5c5cae469cdd684efb
y = 0x13b57e011700e8ae050a00945d2ba2f377659eb28d8d391ebcd70465c72df563

G3 = G2 + G
x = 0x1c12bc1a6d57abe645534d91c21bba64f8824e67621c0859c00a03affb713c12
y = 0x2986855cbe387eaeaceea446532c338c536af570f71ef7cf75c665019c41222b

G4 = G3 + G
x = 0x79ce98b7e0689d7de7d1d074a15b315ffe1805dfcd5d2a230fee85e4550013ef
y = 0x75af5bf4ebdc75c8fe26873427d275d73c0fb13da361077a565539f46de1c30


##### 标量乘法

In [90]:
assert G3 == G * 3
# n = GFp.random_element()
n = 28858031113744144219319953636765136992609993254249076323988998198036398117213
Gn = G * n
x, y = Gn.xy()
print(f"Gn = G * {n}")
print(f"x = {hex(x)}")
print(f"y = {hex(y)}")

Gn = G * 28858031113744144219319953636765136992609993254249076323988998198036398117213
x = 0x2aa87d5b3e78aab1745f5ce9fd10b12b107cf0e30ae388e7e309030327a59714
y = 0x550094a00ca4c5a805bb5e882f20e362e7a164cf920028bf893152f687c5e3b9
