In [1]:
# Chapter 1: Finite fields

from ecc import FieldElement as FE

a = FE(7, 13)
b = FE(12, 13)
c = FE(6, 13)
x = FE(3, 13)
y = FE(12, 13)
z = FE(10, 13)

print(a==b)
print(a + b == c)
print(x * y == z)

False
True
True


In [2]:
# fields have to be prime to result same set regardless of the value of k
prime = 19
for k in [1, 2, 3, 4]:
    print(sorted([(k * i) % prime for i in range(prime)]))

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]


In [3]:
a = FE(17, 31)
# a**-3 == FE(29, 31)
print(a**-3)
print(FE(29,31))

FieldElement_31(29)
FieldElement_31(29)


In [4]:
# Chapter 2: Elliptic curves

from ecc import Point

p1 = Point(-1, -1, 5, 7)
p2 = Point(-1, 1, 5, 7)
inf = Point(None, None, 5, 7)
print(p1+inf)
print(inf+p2)
print(p1+p2)

print(Point(2,5,5,7)+Point(-1,-1,5,7))
print(Point(-1,1,5,7)+Point(-1,1,5,7))

Point(-1,-1)_5_7
Point(-1,1)_5_7
Point(infinity)
Point(3.0,-7.0)_5_7
Point(18.0,-77.0)_5_7


In [5]:
# Chapter 3: Elliptic curve cryptography
prime = 223
a, b = FE(0, prime), FE(7, prime)
def on_curve(x,y):
    return y**2 == x**3 + a*x + b

print(on_curve(FE(192, prime), FE(105, prime)))
print(on_curve(FE(200, prime), FE(119, prime)))

x1, y1 = FE(192, prime), FE(105, prime)
x2, y2 = FE(17, prime), FE(56, prime)
p1 = Point(x1, y1, a, b)
p2 = Point(x2, y2, a, b)
print(p1+p2)

# __rmul__:
x, y = FE(15, prime), FE(86, prime)
p = Point(x, y, a, b)
print(7*p)


True
False
Point(170,142)_0_7 FieldElement(223)
Point(infinity)


In [6]:
from ecc import S256Point, G, N

point = S256Point(
    0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 
    0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)

def verify(z, r, s):
    s_inv = pow(s, N-2, N)
    u = z * s_inv % N
    v = r * s_inv % N
    print((u*G+v*point).x.num == r)


# signature 1
z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60
r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395
s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4

verify(z, r, s)

# signature 2
z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d
r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c
s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6

verify(z, r, s)


True
True
