In [1]:
# Elliptic Curve Cryptography using the BitCoin curve, SECG secp256k1
# Dr. Orion Lawlor, lawlor@alaska.edu, 2015-02-20 (Public Domain)
#
# full Python3 elliptic curve point multiplication code here - uaf-cs
# https://www.cs.uaf.edu/2015/spring/cs463/lecture/02_23_ECC_impl/ECC_bitcoin.py

# Convert a string with hex digits, colons, and whitespace to a long integer
def hex2int(hexString):
    return int("".join(hexString.replace(":","").split()),16)

# Half the extended Euclidean algorithm:
#    Computes   gcd(a,b) = a*x + b*y  
#    Returns only gcd, x (not y)
# From http://rosettacode.org/wiki/Modular_inverse#Python
def half_extended_gcd(aa, bb):
    lastrem, rem = abs(aa), abs(bb)
    x, lastx = 0, 1
    while rem:
        lastrem, (quotient, rem) = rem, divmod(lastrem, rem)
        x, lastx = lastx - quotient*x, x
    return lastrem, lastx 

# Modular inverse: compute the multiplicative inverse i of a mod m:
#     i*a = a*i = 1 mod m
def modular_inverse(a, m):
    g, x = half_extended_gcd(a, m)
    if g != 1:
        raise ValueError
    return x % m


# An elliptic curve has these fields:
#   p: the prime used to mod all coordinates
#   a: linear part of curve: y^2 = x^3 + ax + b
#   b: constant part of curve
#   G: a curve point (G.x,G.y) used as a "generator"
#   n: the order of the generator
class ECcurve:
    def __init__(self):
        return

    # Prime field multiplication: return a*b mod p
    def field_mul(self,a,b):
        return (a*b)%self.p

    # Prime field division: return num/den mod p
    def field_div(self,num,den):
        inverse_den=modular_inverse(den%self.p,self.p)
        return self.field_mul(num%self.p,inverse_den)

    # Prime field exponentiation: raise num to power mod p
    def field_exp(self,num,power):
        return pow(num%self.p,power,self.p)

    # Return the special identity point
    #   We pick x=p, y=0
    def identity(self):
        return ECpoint(self,self.p,0)

    # Return true if point Q lies on our curve
    def touches(self,Q):
        y2=self.field_exp(Q.y,2)%self.p
        # print("y^2 = ", y2)
        x3ab=(self.field_mul((Q.x*Q.x)%self.p+self.a,Q.x)+self.b)%self.p
        # print("x^3 + a x + b = ",x3ab)
        return y2==x3ab

    # Return the slope of the tangent of this curve at point Q
    def tangent(self,Q):
        return self.field_div(Q.x*Q.x*3+self.a,Q.y*2)

    # Return the (x,y) point where this line intersects our curve
    #  Q1 and Q2 are two points on the line of slope m
    def line_intersect(self,Q1,Q2,m):
        v=(Q1.y + self.p - (m*Q1.x)%self.p)%self.p
        x=(m*m + self.p-Q1.x + self.p-Q2.x)%self.p
        y=(self.p-(m*x)%self.p + self.p-v)%self.p
        return ECpoint(self,x,y)

    # Return a doubled version of this elliptic curve point
    def double(self,Q):
        if (Q.x==self.p): # doubling the identity
            return Q
        if (Q.y==0): # vertical tangent
            return self.identity()
        return self.line_intersect(Q,Q,self.tangent(Q))

    # Return the "sum" of these elliptic curve points
    def add(self,Q1,Q2):
        # Identity special cases
        if (Q1.x==self.p): # Q1 is identity
            return Q2
        if (Q2.x==self.p): # Q2 is identity
            return Q1

        # Equality special cases
        if (Q1.x==Q2.x): 
            if (Q1.y==Q2.y): # adding point to itself
                return self.double(Q1)
            else: # vertical pair--result is the identity
                return self.identity()

        # Ordinary case
        m=self.field_div(Q1.y+self.p-Q2.y,Q1.x+self.p-Q2.x)
        return self.line_intersect(Q1,Q2,m)

    # "Multiply" this elliptic curve point Q by the integer m
    #    Often the point Q will be the generator G
    def mul(self,Q,m):
        R=self.identity() # return point
        while m!=0:  # binary multiply loop
            if m&1: # bit is set
                # print("  mul: adding Q to R =",R);
                R=self.add(R,Q)
            m=m>>1
            if (m!=0):
                # print("  mul: doubling Q =",Q);
                Q=self.double(Q)

        return R

# A point on an elliptic curve: (x,y)
class ECpoint:
    """A point on an elliptic curve (x,y)"""
    def __init__(self,curve, x,y):
        self.curve=curve
        self.x=x
        self.y=y
        if not x==curve.p and not curve.touches(self):
            print(" ECpoint left curve: ",x,",",y)

    # "Add" this point to another point on the same curve
    def add(self,Q2):
        return self.curve.add(self,Q2)

    # "Multiply" this point by a scalar
    def mul(self,m):
        return self.curve.mul(self,m)

    # Print this ECpoint
    def __str__(self):
        if (self.x==self.curve.p):
            return "identity_point"
        else:
            return "("+str(self.x)+", "+str(self.y)+")"

In [2]:
myECC_01 = ECcurve()
myECC_01.p = 23
myECC_01.a = 1
myECC_01.b = 1
myECC_01.G = ECpoint(curve=myECC_01,x=0,y=1)
myECC_01.n = 29

In [3]:
# Test program:
curve=myECC_01

Q=curve.G
print("Generator touches curve? ",curve.touches(Q));
print("Tangent of generator: ",curve.tangent(Q));
print("Initial curve point ",Q);

for i in range(2,myECC_01.n):
    Q=Q.add(curve.G) # repeatedly add generator
    print("Curve point ",i,Q);

    J=curve.mul(curve.G,i) # direct jump
    if (J.x!=Q.x or J.y!=Q.y):
        print("    -> MULTIPLY MISMATCH: ",J.x,",",J.y);

Generator touches curve?  True
Tangent of generator:  12
Initial curve point  (0, 1)
Curve point  2 (6, 19)
Curve point  3 (3, 13)
Curve point  4 (13, 16)
Curve point  5 (18, 3)
Curve point  6 (7, 11)
Curve point  7 (11, 3)
Curve point  8 (5, 19)
Curve point  9 (19, 18)
Curve point  10 (12, 4)
Curve point  11 (1, 16)
Curve point  12 (17, 20)
Curve point  13 (9, 16)
Curve point  14 (4, 0)
Curve point  15 (9, 7)
Curve point  16 (17, 3)
Curve point  17 (1, 7)
Curve point  18 (12, 19)
Curve point  19 (19, 5)
Curve point  20 (5, 4)
Curve point  21 (11, 20)
Curve point  22 (7, 12)
Curve point  23 (18, 20)
Curve point  24 (13, 7)
Curve point  25 (3, 10)
Curve point  26 (6, 4)
Curve point  27 (0, 22)
Curve point  28 identity_point


In [4]:
print("9 Q ", curve.mul(curve.G,2))

9 Q  (6, 19)


In [5]:
144 % 23

6

In [6]:
(12*(0-6) - 1 ) % 23

19

In [7]:
myECC_02 = ECcurve()
myECC_02.p = 5
myECC_02.a = 2
myECC_02.b = 3
myECC_02.G = ECpoint(curve=myECC_02,x=1,y=1)
myECC_02.n = 7

curve=myECC_02

Q=curve.G
print("Generator touches curve? ",curve.touches(Q));
# print("Tangent of generator: ",curve.tangent(Q));
# print("Initial curve point ",Q);

print("6*(1,1) ", curve.mul(curve.G, 6))

for i in range(2,myECC_02.n):
    J=curve.mul(curve.G,i) # direct jump
    print("Curve point direct jump ",J.x,",",J.y);
        
for i in range(2,myECC_02.n):
    Q=Q.add(curve.G) # repeatedly add generator
    print("Curve point ",i,Q);

    J=curve.mul(curve.G,i) # direct jump
    if (J.x!=Q.x or J.y!=Q.y):
        print("    -> MULTIPLY MISMATCH: ",J.x,",",J.y);

Generator touches curve?  True
6*(1,1)  identity_point
Curve point direct jump  3 , 4
Curve point direct jump  2 , 0
Curve point direct jump  3 , 1
Curve point direct jump  1 , 4
Curve point direct jump  5 , 0
Curve point  2 (3, 4)
Curve point  3 (2, 0)
Curve point  4 (3, 1)
Curve point  5 (1, 4)
Curve point  6 identity_point


In [8]:
myECC_03 = ECcurve()
myECC_03.p = 5
myECC_03.a = 1
myECC_03.b = 1
myECC_03.G = ECpoint(curve=myECC_03,x=0,y=1)
myECC_03.n = 10

curve=myECC_03

Q=curve.G
print("Generator touches curve? ",curve.touches(Q));
print("Tangent of generator: ",curve.tangent(Q));
print("Initial curve point ",Q);
        
for i in range(2,myECC_03.n):
    Q=Q.add(curve.G) # repeatedly add generator
    print("Curve point ",i,Q);

    J=curve.mul(curve.G,i) # direct jump
    if (J.x!=Q.x or J.y!=Q.y):
        print("    -> MULTIPLY MISMATCH: ",J.x,",",J.y);

Generator touches curve?  True
Tangent of generator:  3
Initial curve point  (0, 1)
Curve point  2 (4, 2)
Curve point  3 (2, 1)
Curve point  4 (3, 4)
Curve point  5 (3, 1)
Curve point  6 (2, 4)
Curve point  7 (4, 3)
Curve point  8 (0, 4)
Curve point  9 identity_point


In [9]:
Q1 = ECpoint(curve=myECC_03,x=0,y=1)

In [10]:
print(Q1.add(Q1))

(4, 2)


In [11]:
[print(Q1.mul(i)) for i in range(10)]

identity_point
(0, 1)
(4, 2)
(2, 1)
(3, 4)
(3, 1)
(2, 4)
(4, 3)
(0, 4)
identity_point


[None, None, None, None, None, None, None, None, None, None]

In [12]:
Q2 = ECpoint(curve=myECC_03,x=4,y=2)
Q3 = ECpoint(curve=myECC_03,x=3,y=1)
print(Q2.add(Q3))

(4, 3)


In [13]:
myECC_04 = ECcurve()
myECC_04.p = 23
myECC_04.a = 1
myECC_04.b = 3
myECC_04.G = ECpoint(curve=myECC_04,x=0,y=7)
myECC_04.n = 29

curve=myECC_04

Q=curve.G
print("Generator touches curve? ",curve.touches(Q));
print("Tangent of generator: ",curve.tangent(Q));
print("Initial curve point ",Q);
        
for i in range(2,myECC_04.n):
    Q=Q.add(curve.G) # repeatedly add generator
    print("Curve point ",i,Q);

    J=curve.mul(curve.G,i) # direct jump
    if (J.x!=Q.x or J.y!=Q.y):
        print("    -> MULTIPLY MISMATCH: ",J.x,",",J.y);

Generator touches curve?  True
Tangent of generator:  5
Initial curve point  (0, 7)
Curve point  2 (2, 6)
Curve point  3 (4, 18)
Curve point  4 (5, 8)
Curve point  5 (7, 10)
Curve point  6 (19, 21)
Curve point  7 (22, 1)
Curve point  8 (14, 1)
Curve point  9 (12, 8)
Curve point  10 (15, 9)
Curve point  11 (21, 4)
Curve point  12 (10, 1)
Curve point  13 (6, 15)
Curve point  14 (6, 8)
Curve point  15 (10, 22)
Curve point  16 (21, 19)
Curve point  17 (15, 14)
Curve point  18 (12, 15)
Curve point  19 (14, 22)
Curve point  20 (22, 22)
Curve point  21 (19, 2)
Curve point  22 (7, 13)
Curve point  23 (5, 15)
Curve point  24 (4, 5)
Curve point  25 (2, 17)
Curve point  26 (0, 16)
Curve point  27 identity_point
Curve point  28 (0, 7)
