For an elliptic curve E over the field GF(p) given by short Weierstrass equation
y2 = x3 + Ax + B,
realized:
- Algorithm for generating a point on the curve E
- Algorithm for adding points
- Point doubling algorithm
- Algorithm for finding the integer multiple point
- Algorithm for finding an integer multiple point (Scalar multiplication)
- Algorithm for generating a divisor D over a curve E with a carrier supp(D) of a given size d
- Miller's algorithm for calculating the value of the Weil function f n, P from a divisor D such that supp(D) ∩ {P, O} = ∅
- Weil pairing
-
x mod n means “the remainder of n dividing x”. In other words, if x = an + b, and a, b ∈ integer as well as 0 ≤ b ≤ n − 1, then x mod n = b.
-
Inverse: If ax = 1 mod n,then a is the inverse of x mod n. There are two popular methods to solve a:
• Method 1: Try every value for a < n until xa mod n = 1.
• Method 2: Euclidean method, which is usually used to solve the inverse of big integers, so it is recommended to use Method 1 to solve the inverse of small integers.
A point P(x0, y0) on elliptic curve E means: its coordinates x0 and y0 are elements in the field, and the coordinates x0 and y0 satisfy Equation.
- Elliptic curve points addition: Let P, Q and R be three points on an elliptic curve. Points addition P + Q = R.
- Elliptic curve points doubling: Let P, Q be two points on an elliptic curve. Points doubling P + P = 2P = Q
- Scalar multiplication: Let P be a point on curve E defined in equation
- Scalar multiplication nP is defined as nP = P + P + P + ... + P (n times), where n is an integer; nP is also a point on the same curve E.
- The minimal positive integer a for aP = O is called the order of P .
- Scalar multiplication is extensively required in elliptic curve cryptosystems.
A divisor D on curve E is a convenient way to denote a multi-set of points on E, written as the formal sum
- The set of all divisors on E is denoted by DivFq(E) and forms a group, where addition of divisors is natural.
- The zero divisor: it is the divisor with all nP = 0, the zero divisor 0 ∈ DivFq(E).
- If the field Fq is not specific, it can be omitted and simply written as Div(E) to denote the group of divisors.
The divisor of a function f on E is used to denote the intersection points (and their multiplicities) of f and E.
The Weil pairing, which is denoted by em, takes as input a pair of points P, Q ∈ E[m] and gives as output an _mth root of unity em(P, Q). The bilinearity of the Weil pairing is expressed by the equations
em(P1 + P2, Q) = em(P1, Q) * em(P2, Q),
em(P, Q1 + Q2) = em(P, Q1) * em(P, Q2).
The Weil pairing of P and Q is the quantity
where S ∈ E is any point satisfying S ∉ {O, P, −Q, P − Q}. (This ensures that all of the quantities on the right-hand side of are defined and nonzero.) One can check that the value of em(P,Q) does not depend on the choice of fP, fQ, and S.
Let E be an elliptic curve and let P = (xP,yP) and Q = (xQ, yQ) be nonzero points on E.
Let λ be the slope of the line connecting P and Q, or the slope of the tangent line to E at P if P = Q. (If the line is vertical, we let λ = ∞.) Define a function gP, Q on E as follows:
.png)
Then
div(gP, Q) = [P] +[Q] - [P + Q] -[O].
Miller’s Algorithm
Let m ≥ and write the binary expansion of m as
m = m0 + m1 * 2 + m2 * 22 +···+ mn - 1 2n - 1
with mi ∈ {0, 1} and mn - 1 ≠ 0. The following algorithm returns a function fP whose divisor satisfies
div(fP) = m[P] − [mP] − (m − 1)[O],
where the functions gT, T and gT, P used by the algorithm are as defined in (a).
In particular, if P ∈ E[m], then div(fP) = m[P] − m[O].
Python 3.5numpy
git clone https://github.com/demining/CryptoDeepTools.git
cd CryptoDeepTools/04AlgorithmsForSecp256k/
pip3 install numpy
├── Curves.py <- Dataset of elleptic curves
├── Divisor.py <- Generarate divisor
├── EllipticCurve.py <- Classes of elliptic curve and point on elliptic curve
├── EuclideanAlg.py <- Extended Euclidean algorithm
├── Helper.py <- Helping functions(Reverse bits, modulo power...)
├── Pairing.py <- Weil pairing and Miller’s Algorithm
├── Tests.py <- Unit tests for functions
├── Tonelli_ShanksAlg.py <- Tonelli–Shanks algorithm
├── main.py <- main
We would like to thank @ElizaLo for her valuable work.
- Efficient Computation of Miller's Algorithm in Pairing-Based Cryptography
- An Introduction to Mathematical Cryptography
- Tonelli–Shanks algorithm
- Quadratic residue
- Exponentiation by squaring
- Extended Euclidean algorithm
- Elliptic Curves
- How to find primitive point on an elliptic curve?
- Generating random (torsion) point on elliptic curve efficiently
| Donation Address | |
|---|---|
| ♥ BTC | 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV |
| ♥ ETH | 0xaBd66CF90898517573f19184b3297d651f7b90bf |