Firas Kraiem on Thu, 30 Jan 2014 00:19:33 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Your help needed

On 29/01/14 23:46, Kaz Kobara wrote:

I have another favor to ask you or pari-users.

E = ellinit([a,b], 2)

defines EC over F2, but how EC over GF(2^m) can be defined on PARI/GP?

A short Weierstrass equation is always singular (and thus never defines an elliptic curve) in characteristic 2, so you need to use the long form. Then pass a generator of the desired finite field (as returned by ffgen()) as the second argument of ellinit(), like so:

(00:07) gp > t = ffgen((t^163+t^7+t^6+t^3+1)*Mod(1,2));
(00:08) gp > E = ellinit([1,0,1,0,1],t);
(00:08) gp > ellgroup(E)
(00:08) gp > E = ellinit([1,0,1,0,1],2);
(00:08) gp > ellgroup(E)

Of course if you want to use an element of F_{2^k}\F_2 in the equation of your curve you can use it (for example as a polynomial in t) in the array you pass to ellinit() (then you don't need a second argument):

(00:17) gp > E = ellinit([t,0,t^54+t^3+1,0,1]);
(00:18) gp > ellgroup(E)


Best regards,

-----Original Message-----
From: Bill Allombert []
Sent: Tuesday, January 28, 2014 10:18 PM
To: SeongHan Shin
Cc:; =?UTF-8?B?5Y+k5Y6f5ZKM6YKm?=
Subject: Re: Your help needed

On Tue, Jan 28, 2014 at 08:05:27AM +0900, SeongHan Shin wrote:
Dear Bill,

I assume you want to compute the order of a point on a elliptic curve
over a finite field of size around 512bit.
Unfortunately the number of points on the curve is too hard to be
factored by PARI.
Yes, that's exactly what I want to do.
Is there any way to compute a 512-bit order?

Not unless you know the factorisation of the order of the elliptic curve,
or some similar useful information