### Модули

In [11]:
import matplotlib.pyplot as plt
import random
import sympy as smp
import numpy as np
import math
from ecpy.curves import Curve, Point

### Кривая Вейерштрасса

In [27]:
class My_Curve:
    """docstring"""
    
    def __init__(self, a, b, p):
        self.__a = a
        self.__b = b
        self.__p = p
        self.__pts = list(set(self.__get_points() + self.__get_shanks_points()))
        
    def get_coeffs(self):
        return self.__a, self.__b
    
    def get_mod(self):
        return self.__p
    
    def get_pts(self):
        return self.__pts
    
    def __get_points(self):
        X = [(x ** 3 + self.__a * x + self.__b) % self.__p for x in range(self.__p)]
        Y = [y ** 2 % self.__p for y in range(self.__p)]
        points = []
        for i in range(len(X)):
            for j in range(len(Y)):
                if(X[i] == Y[j]):
                    points += [[i, j]]
        points = [My_Point(pt[0], pt[1], self) for pt in points]
        return points
    
    def __get_shanks_points(self):
        points = []
        for x in range(self.__p):
            a = (pow(x, 3, self.__p) + self.__a * x + self.__b) % self.__p
            if not Jacobi(a, self.__p) == 1:
                continue
            y = Shanks(a, self.__p)
            temp_point1 = My_Point(x, y, self)
            points += [temp_point1]
        return points
    
    def get_random_point(self):
        return self.__pts[random.randint(0, len(self.__pts) - 1)]
    
    def get_order(self):
        return len(self.__pts) + 1
    
    def __repr__(self):
        return 'y^2 = x^3 + ({0}) * x + ({1}) mod {2}'.format(self.__a, self.__b, self.__p)

In [28]:
class My_Point():
    """docstring"""    
    
    def __init__(self, x, y, curve):
        self.__x = x
        self.__y = y
        self.__curve = curve
        
    def get_x(self):
        return self.__x
    
    def get_y(self):
        return self.__y
    
    def get_curve(self):
        return self.__curve
    
    def __repr__(self):
        return '({0}, {1})'.format(self.__x, self.__y)
    
    def get_inverse_point(self):
        return My_Point(self.__x, -1 * self.__y, self.__curve)
    
    def __add__(self, other):
        a, b = self.__curve.get_coeffs()
        x1 = self.__x
        y1 = self.__y
        x2 = other.get_x()
        y2 = other.get_y()
        if (x1 == 0 and y1 == 0):
            return other
        elif(x2 == 0 and y2 == 0):
            return self
        if (x1 != x2):
            k = (y2 - y1) * pow((x2 - x1), -1, self.__curve.get_mod()) % self.__curve.get_mod()
            x3 = pow(k, 2, self.__curve.get_mod()) - x1 - x2
            y3 = k * (x1 - x3) % self.__curve.get_mod() - y1
        elif (x1 == x2 and y1 == y2 and y1 != 0):
            k = (3 * pow(x1, 2, self.__curve.get_mod()) % self.__curve.get_mod() + a) * pow(2 * y1, -1, self.__curve.get_mod()) % self.__curve.get_mod()
            x3 = pow(k, 2, self.__curve.get_mod()) - 2 * x1 % self.__curve.get_mod()
            y3 = k * (x1 - x3) % self.__curve.get_mod() - y1
        elif (x1 == x2 and y1 == y2 and y1 == 0):
            x3 = 0
            y3 = 0
        elif (x1 == x2 and y1 != y2):
            x3 = 0
            y3 = 0
        x3 %= self.__curve.get_mod()
        y3 %= self.__curve.get_mod()
        return My_Point(x3, y3, self.__curve)
        
    def __sub__(self, other):
        if isinstance(other, My_Point):
            return self + other.get_inverse_point()
        
    def __mul__(self, other):
        result = My_Point(0, 0, self.__curve)
        Q = My_Point(self.__x, self.__y, self.__curve)
        m = bin(other)[2:]
        for i in reversed(range(len(m))):
            if (m[i] == '1'):
                result = result + Q
            Q = Q + Q
        return result
    
    def __eq__(self, other):
        return self.__x % self.__curve.get_mod() == other.get_x() % self.__curve.get_mod() and self.__y % self.__curve.get_mod() == other.get_y() % self.__curve.get_mod()
    
    def __hash__(self):
        return hash((self.__x, self.__y))

### Вспомогательные функции

In [29]:
def st(n):
    s = 0
    t = n
    while t % 2 == 0:
        s += 1
        t = t // 2
    return s, t

def Jacobi(a,n):
    if n < 0 or not n % 2:
        raise ValueError("n should be an odd positive integer") 
    j = 1
    if n == 1:
        return j
    if a<0:
        a = -a
        if n%4 == 3:
            j = -j
    while n>1:
        if a == 0:
            return 0
        s,t = st(a)
        if (s%2 == 1) & (n%8 in [3, 5]):
            j = -j
        if 3 == n%4 == t%4:
            j = -j
        a = n%t
        n = t
    return j

def Shanks(a, p):
    if not Jacobi(a, p) == 1:
        raise ValueError("a should be a quadratic residue")
    s, t = st(p-1)
    import random
    n = random.randint(2, p - 2)
    while Jacobi(n, p) == 1:
        n = random.randint(2, p - 2)
    b = pow(n, t, p)
    r = pow(int(a), (t+1)//2, p)
    d = 0
    f = pow(int(a), t, p)
    b2 = b
    for i in range(1,s):
        b2 = b2 * b2 % p
        if not pow(f, 2 ** (s - 1 - i), p) == 1:
            d += 2 ** i
            f = f * b2 % p 
    return r*pow(b, d//2, p) % p

# Задания

### <font color='red'>Задание 1.</font>
Реализовать класс `MontgomeryCurve` с методами `__repr__`, `__eq__`, `InfinityPoint`, `points`, `order`, `randpoint`.

### <font color='red'>Задание 2.</font>
Реализовать класс `MontgomeryPoint` с методами `__repr__`, `__eq__`, `__add__`, `__neg__`, `__sub__`, `__rmul__`.

### Решение

In [30]:
class MontgomeryCurve:
    """docstring"""
    
    def __init__(self, a, b, p):
        self.__a = a
        self.__b = b
        self.__p = p
        self.__pts = list(set(self.__get_points() + self.__get_shanks_points()))
        
    def get_coeffs(self):
        return self.__a, self.__b
    
    def get_mod(self):
        return self.__p
    
    def get_pts(self):
        return self.__pts
    
    def __get_points(self):
        X = [(x ** 3 + self.__a * x ** 2 + x) % self.__p for x in range(self.__p)]
        Y = [ self.__b * y ** 2 % self.__p for y in range(self.__p)]
        points = []
        for i in range(len(X)):
            for j in range(len(Y)):
                if(X[i] == Y[j]):
                    points += [[i, j]]
        points = [MontgomeryPoint(pt[0], pt[1], self) for pt in points]
        return points
    
    def __get_shanks_points(self):
        points = []
        for x in range(self.__p):
            a = (pow(x, 3, self.__p) + self.__a * x + self.__b) % self.__p
            if not Jacobi(a, self.__p) == 1:
                continue
            y = Shanks(a, self.__p) * pow(self.__b, -1, self.__p)
            temp_point1 = MontgomeryPoint(x, y, self)
            points += [temp_point1]
        return points
    
    def get_random_point(self):
        return self.__pts[random.randint(0, len(self.__pts) - 1)]
    
    # def get_order(self):
    #     return len(self.__pts) + 1
    
    def __eq__(self, other):
        a, b = other.get_coeffs()
        return self.__a == a and self.__b == b and self.__p == other.get_mod()
    
    def __repr__(self):
        return '({0}) * y^2 = x^3 + ({1}) * x^2 + x mod {2}'.format(self.__b, self.__a, self.__p)

In [32]:
class MontgomeryPoint():
    """docstring"""    
    
    def __init__(self, x, y, curve):
        self.__x = x
        self.__y = y
        self.__curve = curve
        
    def get_x(self):
        return self.__x
    
    def get_y(self):
        return self.__y
    
    def get_curve(self):
        return curve
    
    def __repr__(self):
        return '({0}, {1})'.format(self.__x, self.__y)
    
    def __neg__(self):
        return MontgomeryPoint(self.__x, -1 * self.__y, self.__curve)
    
    def __add__(self, other):
        a, b = self.__curve.get_coeffs()
        x1 = self.__x
        y1 = self.__y
        x2 = other.get_x()
        y2 = other.get_y()
        p = self.__curve.get_mod()
        if (x1 == 0 and y1 == 0):
            return other
        elif(x2 == 0 and y2 == 0):
            return self
        if (x1 != x2):
            k = (y2 - y1) * pow((x2 - x1), -1, p) % p
            x3 = pow(k, 2, p) * b % p - x1 - x2 - a
            y3 = k * (x1 - x3) % p - y1
        elif (x1 == x2 and y1 == y2 and y1 != 0):
            k = (3 * pow(x1, 2, p) % p + 2 * a * x1 % p + 1) * pow(2 * b * y1, -1, p)
            x3 = pow(k, 2, p) - 2 * x1 % p
            y3 = k * (x1 - x3) % p - y1
        elif (x1 == x2 and y1 == y2 and y1 == 0):
            x3 = 0
            y3 = 0
        elif (x1 == x2 and y1 != y2):
            x3 = 0
            y3 = 0
        x3 %= self.__curve.get_mod()
        y3 %= self.__curve.get_mod()
        return MontgomeryPoint(x3, y3, self.__curve)
        
    def __sub__(self, other):
        if isinstance(other, MontgomeryPoint):
            return self - other
        
    def __mul__(self, other):
        result = MontgomeryPoint(0, 0, self.__curve)
        Q = MontgomeryPoint(self.__x, self.__y, self.__curve)
        m = bin(other)[2:]
        for i in reversed(range(len(m))):
            if (m[i] == '1'):
                result = result + Q
            Q = Q + Q
        return result
    
    def __rmul__(self, other):
        result = MontgomeryPoint(0, 0, self.__curve)
        Q = MontgomeryPoint(self.__x, self.__y, self.__curve)
        m = bin(other)[2:]
        for i in reversed(range(len(m))):
            if (m[i] == '1'):
                result = result + Q
            Q = Q + Q
        return result
    
    def to_weierstrass(self):
        a, b = self.__curve.get_coeffs()
        x = self.__x
        y = self.__y
        p = self.__curve.get_mod()
        v = y * pow(b, -1, p) % p
        t = x * pow(b, -1, p) % p + a * pow(3 * b, -1, p) % p
        return My_Point(t, v, self.__curve)
    
    def __eq__(self, other):
        return self.__x % self.__curve.get_mod() == other.get_x() % self.__curve.get_mod() and self.__y % self.__curve.get_mod() == other.get_y() % self.__curve.get_mod()
    
    def __hash__(self):
        return hash((self.__x, self.__y))

### Проверяю

In [33]:
cur1 = MontgomeryCurve(15, 11, 17)

In [34]:
cur1

(11) * y^2 = x^3 + (15) * x^2 + x mod 17

In [35]:
cur1.get_pts()

[(3, 7),
 (3, 10),
 (5, 7),
 (5, 10),
 (1, 0),
 (12, 98),
 (6, 14),
 (12, 9),
 (14, 12),
 (3, 140),
 (11, 7),
 (11, 10),
 (7, 3),
 (9, 168),
 (4, 56),
 (12, 8),
 (14, 5),
 (2, 98),
 (0, 0),
 (10, 1),
 (10, 16),
 (6, 3),
 (7, 14)]

### <font color='red'>Задание 3.</font>
Для класса `MontgomeryPoint` реализовать метод, который переводит точку кривой Монтгомери в точку эллиптической кривой в форме Вейерштрасса согласно приведенным выше формулам. Проверить выпорнение равенства:
$$
  \varphi(P)+\varphi(Q)=\varphi(P+Q).
$$ 

### Решение

In [90]:
pt1 = cur1.get_random_point()
print(pt1)

(3, 140)


In [91]:
pt2 = pt1.to_weierstrass()
print(pt2)

(10, 5)


In [92]:
pt3 = cur1.get_random_point()
pt4 = cur1.get_random_point()
print(pt3.to_weierstrass() + pt4.to_weierstrass())
print((pt3 + pt4).to_weierstrass())

(16, 0)
(16, 0)


In [93]:
(pt3.to_weierstrass() + pt4.to_weierstrass()) == (pt3 + pt4).to_weierstrass()

True

### <font color='red'>Задание 4.</font>
Реализовать класс `TwistedEdwardsCurve` с методами `__repr__`, `__eq__`, `InfinityPoint`, `points`, `order`, `randpoint`.

In [None]:
class TwistedEdwardsCurve:
    """docstring"""
    
    def __init__(self, a, b, p):
        self.__a = a
        self.__b = b
        self.__p = p
        self.__pts = list(set(self.__get_points() + self.__get_shanks_points()))
        
    def get_coeffs(self):
        return self.__a, self.__b
    
    def get_mod(self):
        return self.__p
    
    def get_pts(self):
        return self.__pts
    
    def __get_points(self):
        X = [(x ** 3 + self.__a * x ** 2 + x) % self.__p for x in range(self.__p)]
        Y = [ self.__b * y ** 2 % self.__p for y in range(self.__p)]
        points = []
        for i in range(len(X)):
            for j in range(len(Y)):
                if(X[i] == Y[j]):
                    points += [[i, j]]
        points = [MontgomeryPoint(pt[0], pt[1], self) for pt in points]
        return points
    
    def __get_shanks_points(self):
        points = []
        for x in range(self.__p):
            a = (pow(x, 3, self.__p) + self.__a * x + self.__b) % self.__p
            if not Jacobi(a, self.__p) == 1:
                continue
            y = Shanks(a, self.__p) * pow(self.__b, -1, self.__p)
            temp_point1 = MontgomeryPoint(x, y, self)
            points += [temp_point1]
        return points
    
    def get_random_point(self):
        return self.__pts[random.randint(0, len(self.__pts) - 1)]
    
    # def get_order(self):
    #     return len(self.__pts) + 1
    
    def __eq__(self, other):
        a, b = other.get_coeffs()
        return self.__a == a and self.__b == b and self.__p == other.get_mod()
    
    def __repr__(self):
        return '({0}) * x^2 + y^2 = 1 + ({1}) * x^2 * y^2 mod {2}'.format(self.__a, self.__d, self.__p)

### <font color='red'>Задание 5.</font>
Реализовать класс `TwistedEdwardsPoint` с методами `__repr__`, `__eq__`, `__add__`, `__neg__`, `__sub__`, `__rmul__`.

In [None]:
class TwistedEdwardsPoint():
    """docstring"""    
    
    def __init__(self, x, y, curve):
        self.__x = x
        self.__y = y
        self.__curve = curve
        
    def get_x(self):
        return self.__x
    
    def get_y(self):
        return self.__y
    
    def get_curve(self):
        return curve
    
    def __repr__(self):
        return '({0}, {1})'.format(self.__x, self.__y)
    
    def __neg__(self):
        return MontgomeryPoint(self.__x, -1 * self.__y, self.__curve)
    
    def __add__(self, other):
        a, b = self.__curve.get_coeffs()
        x1 = self.__x
        y1 = self.__y
        x2 = other.get_x()
        y2 = other.get_y()
        p = self.__curve.get_mod()
        if (x1 == 0 and y1 == 0):
            return other
        elif(x2 == 0 and y2 == 0):
            return self
        if (x1 != x2):
            k = (y2 - y1) * pow((x2 - x1), -1, p) % p
            x3 = pow(k, 2, p) * b % p - x1 - x2 - a
            y3 = k * (x1 - x3) % p - y1
        elif (x1 == x2 and y1 == y2 and y1 != 0):
            k = (3 * pow(x1, 2, p) % p + 2 * a * x1 % p + 1) * pow(2 * b * y1, -1, p)
            x3 = pow(k, 2, p) - 2 * x1 % p
            y3 = k * (x1 - x3) % p - y1
        elif (x1 == x2 and y1 == y2 and y1 == 0):
            x3 = 0
            y3 = 0
        elif (x1 == x2 and y1 != y2):
            x3 = 0
            y3 = 0
        x3 %= self.__curve.get_mod()
        y3 %= self.__curve.get_mod()
        return MontgomeryPoint(x3, y3, self.__curve)
        
    def __sub__(self, other):
        if isinstance(other, MontgomeryPoint):
            return self - other
        
    def __mul__(self, other):
        result = MontgomeryPoint(0, 0, self.__curve)
        Q = MontgomeryPoint(self.__x, self.__y, self.__curve)
        m = bin(other)[2:]
        for i in reversed(range(len(m))):
            if (m[i] == '1'):
                result = result + Q
            Q = Q + Q
        return result
    
    def __rmul__(self, other):
        result = MontgomeryPoint(0, 0, self.__curve)
        Q = MontgomeryPoint(self.__x, self.__y, self.__curve)
        m = bin(other)[2:]
        for i in reversed(range(len(m))):
            if (m[i] == '1'):
                result = result + Q
            Q = Q + Q
        return result
    
    def to_weierstrass(self):
        a, b = self.__curve.get_coeffs()
        x = self.__x
        y = self.__y
        p = self.__curve.get_mod()
        v = y * pow(b, -1, p) % p
        t = x * pow(b, -1, p) % p + a * pow(3 * b, -1, p) % p
        return My_Point(t, v, self.__curve)
    
    def __eq__(self, other):
        return self.__x % self.__curve.get_mod() == other.get_x() % self.__curve.get_mod() and self.__y % self.__curve.get_mod() == other.get_y() % self.__curve.get_mod()
    
    def __hash__(self):
        return hash((self.__x, self.__y))