# Q1 ~ Q3 Evaluating Points on Elliptic Curve

In [129]:
import time, random, hashlib

In [124]:
# Define the elliptic curve for secp256k1
E = EllipticCurve(GF(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F), [0, 7])
G = E.gen(0)  # Base point

In [2]:
# Calculate 4G
result_4G = 4*G
result_4G

(32218012396881344548355657238706253422137441538982021156105971720202272027177 : 99239578269449058657394944486171813848555429735098086950370538300429951998254 : 1)

In [3]:
# Calculate 5G
result_5G = 5*G
result_5G

(479585632358859030818223506573316812292690676001561289718876011212918865721 : 57069963857376420666164540117231351811317457901457580992802940728293224713615 : 1)

In [58]:
# Calculate Q=dG
start_1 = time.time()
d = 1142 # my ID is b09901142
Q = d*G
end_1 = time.time()
print((end_1 - start_1))
Q

0.0006866455078125


(1109243043467112449304962939419683512604357085195564325682576288861010584113 : 61658990384821764855421679412393559819933351590653267702182442553986616290193 : 1)

In [115]:
Q

(1109243043467112449304962939419683512604357085195564325682576288861010584113 : 61658990384821764855421679412393559819933351590653267702182442553986616290193 : 1)

# Q4 Standard Double and Add

In [36]:
print(binary[2:])

10001110110


In [130]:
# 1 on bit 10,6,5,4,2,1

In [66]:
current_point = G
double = 0
add = 0
start_2 = time.time()
# Apply the decomposition
for power in range(9,-1,-1):
    current_point = 2*current_point
    double += 1
    if power in [6, 5, 4, 2, 1]:  # Add G at these powers
        current_point = current_point + G
        add += 1
end_2 = time.time()
print(end_2 - start_2)

(current_point, double, add)

0.0013370513916015625


((1109243043467112449304962939419683512604357085195564325682576288861010584113 : 61658990384821764855421679412393559819933351590653267702182442553986616290193 : 1),
 10,
 5)

In [70]:
binary = bin(d)
binary = binary[2:]

double = 0
add = 0

for bit in binary[1:]:
    double += 1
    if bit == '1':
        add += 1

print(double, add)
        

10 5


In [133]:
# test time from P to -P
current_point2 = current_point
start = time.time()
current_point2 = -current_point2
end = time.time()
print((end-start))

0.00022482872009277344


# Q5 Fastest Computing

In [143]:
# 1142 = 2^10 + 2^7 - 2^3 - 2^1
current_point2 = G
double = 0
add = 0
start_3 = time.time()

# Apply the decomposition
for power in range(9,-1,-1):
    current_point2 = 2*current_point2
    double += 1
    if power in [3,1]:  # subtract G at these powers
        current_point2 = current_point2 - G
        add += 1
    elif power == 7:
        current_point2 = current_point2 + G
        add += 1
end_3 = time.time()
print(end_3 - start_3)

(current_point2, double, add)

0.0017828941345214844


((1109243043467112449304962939419683512604357085195564325682576288861010584113 : 61658990384821764855421679412393559819933351590653267702182442553986616290193 : 1),
 10,
 3)

In [144]:
current_point2 = G
double = 0
add = 0

pos = list()
neg = list()
start_3 = time.time()
# Apply the decomposition
for power in range(1,11):
    current_point2 = 2*current_point2
    if power in [3,1]:  # subtract G at these powers
        neg.append(current_point2)
    elif power in [7,10]:
        pos.append(current_point2)
ans = pos[0] + pos[1] - neg[0] - neg[1] 
end_3 = time.time()
print(end_3 - start_3)

ans

0.0016701221466064453


(1109243043467112449304962939419683512604357085195564325682576288861010584113 : 61658990384821764855421679412393559819933351590653267702182442553986616290193 : 1)

# Q6 Bitcoin Transaction Signature

In [145]:
# Step 0
d_a = d
n = E.order()
m = "Sample Bitcoin Transaction Signing"

# Step 1
e = int(hashlib.sha256(m.encode()).hexdigest(), 16)

# Step 2
Ln = len(bin(n)[2:])
z = int(str(e)[:Ln])
random.seed(int(40))
k = random.randint(1,n-1)

# Step 3
(x1,y1) = (k*G).xy()
r = lift(x1) % n

# Step 4
s = ((z + r*d) * inverse_mod(k, n)) % n

# print("My Bitcoin Transaction Signature is")
(r,s)

(100675308465742854889664903595928459412093116657994640753696103043453352374816,
 10030033688558158763373387496651567819213879425141924412366526837790516787938)

# Q7 Bitcoin Transaction Verification

In [138]:
# Step 1
assert((1 <= r and r <= n-1) and (1 <= s and s <= n-1))

e_ver = int(hashlib.sha256(m.encode()).hexdigest(), 16)
# Step 2
Ln = len(bin(n)[2:])
z = int(str(e_ver)[:Ln])

w = inverse_mod(s, n) % n
u1 = (z*w) % n
u2 = (r*w) % n


# Step 3
(x2,y2) = (u1*G + u2 * Q).xy()
r2 = lift(x2) % n

# Step 4
assert(r2 == x1)

print("Verified")

Verified


# Q8 Quadratic Polynomial

In [123]:
R = PolynomialRing(Zmod(10007), 'x')
x = R.gen()
p = R.lagrange_polynomial([(1, 10), (2, 20), (3, 1142)])
p

556*x^2 + 8349*x + 1112