Bill Allombert on Thu, 16 Feb 2017 00:06:24 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Verifying Elliptic Curve Cryptography


On Wed, Feb 15, 2017 at 05:26:53PM -0500, James Cloos wrote:
> I've read examples in sage, but pari/gp is more readily available
> on my systems, so:
> 
> Does anyone have any sample code in gp for working with modern curves?

What is a "modern curve" ? Is it modern like in "modern dance" ?

> I'm interested in the math for things like ecdh or eddsa using
> "safe" curves (cf: http://safecurves.cr.yp.to).
> 
> I take it that sage's EllipticCurve() uses pari's ellinit(), yes?
> 
> I haven't done much with pari's elliptic curve support.
> 
> In particular, how can one use a curve like e:521:
> 
>   x^2+y^2 = 1-376014x^2y^2
>   modulo p = 2^521 - 1
> 
> given that ellinit doesn't take an x²y² coefficient?

You can use ellfromeqn() to compute an Weierstrass equation for the curve.

? e=ellfromeqn(x^2+y^2-(1-376014*x^2*y^2))
%3 = [0,376013,0,1504056,565544608728]
? p=2^521 - 1;
? E=ellinit(e,p);
? ellcard(E)
%6 =
6864797660130609714981900799081393217269435300143305409394463459185543183397654701903506606654631398546774636260936570417277131794810169271973685174680434092

Cheers,
Bill.