In [134]:
from sage.all import *
p = 0xD3915

F = GF(p)

In [135]:

import random

def get_elliptic_parameters(size):
    # random r
    while True:
        random_bit = random.getrandbits(size)
        binary_rand = '0' + bin(random_bit)[2:].zfill(size)
        r = int(binary_rand, 2)

        # random B same manner as r
        random_bit = random.getrandbits(size)
        binary_rand = '0' + bin(random_bit)[2:].zfill(size)
        b = int(binary_rand, 2)

        R.<a> = PolynomialRing(F)
        L = (r*b**2-a**3).roots()

        for u in L:
            check = (4*u[0]**2 + 27*b**2) % p
            if check != 0:
                a = u[0]
                return a, b, r
    

a, b ,r = get_elliptic_parameters(20)
a, b, r

(547613, 540474, 738610)

### CURVE DEFINITION

In [11]:
## CURVE DEFINITION
p = 0xD3915
F = GF(p)
a = 738492
b = 694682
r = 926251
ECurv = EllipticCurve(F, [a, b])

print(f"Curve: {ECurv}")

Curve: Elliptic Curve defined by y^2 = x^3 + 738492*x + 694682 over Finite Field of size 866581


In [12]:
# Test case 1
p1 = ECurv(184224, 74658)
p2 = ECurv(428817, 567437)

p1+p2
p1

(184224 : 74658 : 1)

In [22]:
# Test case 2
p1 = ECurv(24069, 233375)
p2 = ECurv(249867, 503874)

p1+p2

(847840 : 636963 : 1)

In [25]:
# # Test case 3
p1 = ECurv(40300, 763164)
p2 = ECurv(18900, 353015)

p1+p2

# ECurv.random_point()

(548652 : 419566 : 1)

### POINT MULTIPLY TESTS

In [26]:
p1 = ECurv(264320, 549393)

4*p1

(38956 : 83726 : 1)

### POINT ADD IMPL

In [5]:

from sage.all import *

def ell_add(E, P1, P2):
    a, b, p = E
    if P1 == "inf":
        return P2
    if P2 == "inf":
        return P1
    x1, y1 = P1
    x2, y2 = P2

    if x1 == x2 and y1 == (p - y2):
        return "inf"

    if P1 == P2:
        if y1 == 0:
            return "inf"
        lam = ((3 * (x1 ** 2) + a) * inverse_mod(2 * y1, p)) % p
    else:
        lam = ((y2 - y1) * inverse_mod(x2 - x1, p)) % p

    x3 = (lam ** 2 - x1 - x2) % p
    y3 = (-lam * x3 - y1 + lam * x1) % p
    return (x3, y3)

### RHO POLLARD

In [147]:

from typing import Tuple


class Group_parameters:
    def __init__(self, E, P, Q) -> None:
        self.E: Tuple[int, int, int] = E # a, b, p of Elliptic Curve
        self.P = P # generator
        self.Q = Q # Pub Key


class Triple:
    def __init__(self, X, a, b) -> None:
        self.X = X  # Point at Elliptic Curve
        self.a = a  # just a number
        self.b = b  # just a number

    def __str__(self) -> str:
        return f"x = {self.X}, a = {self.a}, b = {self.b}"


def f(triple: Triple, group: Group_parameters) -> Triple:

    x_of_xpoint = int(triple.X[0])

    a, b, p = group.E

    if x_of_xpoint % 3 == 0:
        X = triple.X + group.Q
        a = triple.a
        b = (triple.b + 1) % p
        # check 
        if (X != a * group.P + b * group.Q):
            print(f"3 xab: {X} {a} {b}")
        return Triple(X, a, b)
    if x_of_xpoint % 3 == 1:
        X = 2 * triple.X 
        a = (triple.a * 2) % p
        b = (triple.b * 2) % p
        if (X != a * group.P + b * group.Q):
            print(f"3 xab: {X} {a} {b}")
        return Triple(X, a, b)
    else:
        X = triple.X + group.P
        a = (triple.a + 1) % p
        b = triple.b
        if (X != a * group.P + b * group.Q):
            print(f"3 xab: {X} {a} {b}")
        return Triple(X, a, b)


def main(g: Group_parameters, t1):
    i = 1

    t2 = f(t1, g)

    print("%s %s | %s %s" % (i, t1, 2 * i, t2))

    i = 2
    while t1.X != t2.X and ((t1.b - t2.b) % p) != 0:
        t1 = f(t1, g)
        t2 = f(f(t2, g), g)
        print("%s %s | %s %s" % (i, t1, 2 * i, t2))
        i = i + 1

    print(f"Found:\nt1: {t1}\nt2: {t2}")

    x = ((t2.a - t1.a) * inverse_mod((t1.b - t2.b), g.E[2])) % p

    print(x)

In [156]:

# TEST DATA

ECurv = EllipticCurve(GF(17), [2,2])
p = 17
a = 2
b = 2


import random
P = ECurv.random_point()
print(P)

Q = 10 * P

print(Q)

E = (int(a), int(b), int(p))
g = Group_parameters(E, P, Q)

a_i = random.randint(2, p-2)
b_i = random.randint(2, p-2)
X_i = a_i * P + b_i * Q
print(f"X_0: {X_i}")
print(f"a_0: {a_i}")
print(f"b_0: {b_i}")
t = Triple(X_i, a_i, b_i)
x = main(g, t)

(3 : 16 : 1)
(6 : 14 : 1)
X_0: (13 : 10 : 1)
a_0: 14
b_0: 14
3 xab: (10 : 6 : 1) 11 11
1 x = (13 : 10 : 1), a = 14, b = 14 | 2 x = (10 : 6 : 1), a = 11, b = 11
3 xab: (10 : 6 : 1) 11 11
3 xab: (16 : 13 : 1) 5 5
3 xab: (0 : 11 : 1) 10 10
2 x = (10 : 6 : 1), a = 11, b = 11 | 4 x = (0 : 11 : 1), a = 10, b = 10
3 xab: (16 : 13 : 1) 5 5
3 xab: (7 : 11 : 1) 10 11
3 xab: (5 : 1 : 1) 3 5
3 x = (16 : 13 : 1), a = 5, b = 5 | 6 x = (5 : 1 : 1), a = 3, b = 5
Found:
t1: x = (16 : 13 : 1), a = 5, b = 5
t2: x = (5 : 1 : 1), a = 3, b = 5


ZeroDivisionError: inverse of Mod(0, 17) does not exist

In [175]:
print(f"MOD: {13 % 3})

X = ECurv(13,10)
print(X)

print("P and Q")
print(P*14 + Q*14)
print(P)
print(Q)

print("X double")
print(2*X)
X_1 = 2*(P*14 + Q*14)
print((14*2) % 17)
print((14*2) % 17)

print(X_1)
print(P*11 + Q*11)

Mod
1
(13 : 10 : 1)
P and Q
(13 : 10 : 1)
(3 : 16 : 1)
(6 : 14 : 1)
X double
(10 : 6 : 1)
11
11
(10 : 6 : 1)
(7 : 11 : 1)


In [127]:
from sage.all import *

def func_f(X_i, P, Q, E):
    """
        To calculate X_(i+1) = f(X_i)

        :parameters:
            X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
                X_i = (a_i * P) + (b_i * Q)
            P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
                Base point on which ECDLP is defined
            Q : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
                Q = x*P, where `x` is the secret key
            E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category
                Elliptic Curve defined as y^2 = x^3 + a*x + b mod p
    """
    try:
        # Point P and Q should lie on the Elliptic Curve E
        assert P == E((P[0], P[1]))
        assert Q == E((Q[0], Q[1]))
    except Exception as e:
        # Do not return anything if the point is invalid
        print("[-] Point does not lie on the curve!")
        return None
    if int(X_i[0]) % 3 == 2:
        # Partition S_1
        return X_i + Q
    if int(X_i[0]) % 3 == 0:
        # Partition S_2
        return 2*X_i
    if int(X_i[0]) % 3 == 1:
        # Partition S_3
        return X_i + P
    else:
        print("[-] Something's Wrong!")
        return -1

def func_g(a, P, X_i, E):
    """
    Calculate a_(i+1) = g(a)

    :parameters:
        a : int/long
            Equivalent to a_i in X_i = a_i*P + b_i*Q
        P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
            Base point on which ECDLP is defined
        X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
            X_i = a_i*P + b_i*Q
        E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category
            Elliptic Curve defined as y^2 = x^3 + a*x + b mod p
    """
    try:
        assert P == E((P[0], P[1]))
    except Exception as e:
        print(e)
        print("[-] Point does not lie on the curve")
        return None
    n = P.order()
    if int(X_i[0]) % 3 == 2:
        # Partition S_1
        return a
    if int(X_i[0]) % 3 == 0:
        # Partition S_2
        return 2*a % n
    if int(X_i[0]) % 3 == 1:
        # Partition S_3
        return (a + 1) % n
    else:
        print("[-] Something's Wrong!")
        return None

def func_h(b, P, X_i, E):
    """
    Calculate a_(i+1) = g(a)

    :parameters:
        a : int/long
            Equivalent to a_i in X_i = a_i*P + b_i*Q
        P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
            Base point on which ECDLP is defined
        X_i : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field
            X_i = a_i*P + b_i*Q
        E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category
            Elliptic Curve defined as y^2 = x^3 + a*x + b mod p
    """
    try:
        assert P == E((P[0], P[1]))
    except Exception as e:
        print(e)
        print("[-] Point does not lie on the curve")
        return None
    n = P.order()
    if int(X_i[0]) % 3 == 2:
        # Partition S_1
        return (b + 1) % n
    if int(X_i[0]) % 3 == 0:
        # Partition S_2
        return 2*b % n
    if int(X_i[0]) % 3 == 1:
        # Partition S_3
        return b
    else:
        print("[-] Something's Wrong!")
        return None

def pollardrho(P, Q, E):
    try:
        assert P == E((P[0], P[1]))
        assert Q == E((Q[0], Q[1]))
    except Exception as e:
        print(e)
        print("[-] Point does not lie on the curve")
        return None
    n = P.order()

    for j in range(10):
        a_i = random.randint(2, P.order()-2)
        b_i = random.randint(2, P.order()-2)
        a_2i = random.randint(2, P.order()-2)
        b_2i = random.randint(2, P.order()-2)

        X_i = a_i*P + b_i*Q
        X_2i = a_2i*P + b_2i*Q

        i = 1
        while i <= n:
            # Single Step Calculations
            a_i = func_g(a_i, P, X_i, E)
            b_i = func_h(b_i, P, X_i, E)
            X_i = func_f(X_i, P, Q, E)

            # Double Step Calculations
            a_2i = func_g(func_g(a_2i, P, X_2i, E), P, func_f(X_2i, P, Q, E), E)
            b_2i = func_h(func_h(b_2i, P, X_2i, E), P, func_f(X_2i, P, Q, E), E)
            X_2i = func_f(func_f(X_2i, P, Q, E), P, Q, E)

            if X_i == X_2i:
                if b_i == b_2i:
                    break
                assert GCD(b_2i - b_i, n) == 1
                return ((a_i - a_2i) * inverse_mod(b_2i - b_i, n)) % n
            else:
                i += 1
                continue

if __name__ == "__main__":
    import random
    for i in range(100):
        E = EllipticCurve(GF(17), [2, 2])
        P = E((5, 1))
        x = random.randint(2, P.order()-2)
        Q = x*P
        assert pollardrho(P, Q, E)*P == Q