## Comparing elltors

for $y^2 + xy = x^3 + x^2 + 1$ :
``` (00:37) gp > a = 1 %1 = 1 (00:37) gp > b = 1 %2 = 1 (00:37) gp > E = ellinit([0,0,0,a,b]) %3 = [0, 0, 0, 1, 1, 0, 2, 4, -1, -48, -864, -496, 6912/31, [-0.6823278038280193273694837397, 0.3411639019140096636847418698 - 1.161541399997251936087917687*I, 0.3411639019140096636847418698 + 1.161541399997251936087917687*I]~, 3.749942978094342855851406868, -1.874971489047171427925703434 + 1.321720533565204538833995727*I, -1.256789871861911570289134735 + 0.E-29*I, 0.6283949359309557851445673678 - 1.280744177088026904445230577*I, 4.956376633845946955308257251] (00:38) gp > elltors(E) %4 = [1, [], []] ```

for $y^2 + xy = x^3 + z^3x^2 + (z^3+1)$
``` (00:38) gp > a = 8 %5 = 8 (00:39) gp > b = 9 %6 = 9 (00:39) gp > E=ellinit([0,0,0,a,b]) %7 = [0, 0, 0, 8, 9, 0, 16, 36, -64, -384, -7776, -67760, 3538944/4235, [-1.000000000000000000000000000, 0.5000000000000000000000000000 - 2.958039891549808021283664145*I, 0.5000000000000000000000000000 + 2.958039891549808021283664145*I]~, 2.323573124298217095517745754, -1.161786562149108547758872877 + 0.9328742056162391756323628615*I, -1.773647591593647783280373514 + 0.E-28*I, 0.8868237957968238916401867572 - 2.064141081460241175088749935*I, 2.167601432520942242537573241] (00:39) gp > elltors(E) %8 = [2, [2], [[-1, 0]]] ```

• #### Budi Rahardjo 7:03 am on December 30, 2009 Permalink | Reply

hmm… still trying to digest this

• #### CG 3:20 pm on December 30, 2009 Permalink | Reply

me too. still don’t understand what is the torsion and the generators 😦

## Point multiplication with PARI

Calculating point multiplication with a very big number in PARI

```Last login: Thu Nov 19 10:29:35 on ttys002
CGs-MacBook:~ chika\$ gp

GP/PARI CALCULATOR Version 2.1.7 (released)
unknown 32-bit version
(readline v5.0 enabled, extended help available)

Copyright (C) 2002 The PARI Group

PARI/GP is free software, covered by the GNU General Public License, and
comes WITHOUT ANY WARRANTY WHATSOEVER.

Type ? for help, \q to quit.
Type ?12 for how to get moral (and possibly technical) support.

realprecision = 28 significant digits
seriesprecision = 16 significant terms
format = g0.28

parisize = 4000000, primelimit = 500000
(13:50) gp > ? ellpow
ellpow(e,x,n): n times the point x on elliptic curve e (n in Z).

(14:00) gp > ellpow(E,z,10)
%9 = [Mod(4180294501348368083809563235021370057375591405930992803205, 6277101735386680763835789423207666416083908700390324961279), Mod(1227781623738814009517798297176766391967714436501424281520, 6277101735386680763835789423207666416083908700390324961279)]
(14:00) gp > u=ellpow(E,z,10)
%10 = [Mod(4180294501348368083809563235021370057375591405930992803205, 6277101735386680763835789423207666416083908700390324961279), Mod(1227781623738814009517798297176766391967714436501424281520, 6277101735386680763835789423207666416083908700390324961279)]
(14:00) gp > ellisoncurve(E, u)
%11 = 1
(14:01) gp > ellpow(E,z,x)
***   sorry, powell for nonintegral or non CM exponents is not yet implemented.
(14:01) gp > x
%12 = Mod(602046282375688656758213480587526111916698976636884684818, 6277101735386680763835789423207666416083908700390324961279)
(14:02) gp > z
%13 = [Mod(602046282375688656758213480587526111916698976636884684818, 6277101735386680763835789423207666416083908700390324961279), Mod(174050332293622031404857552280219410364023488927386650641, 6277101735386680763835789423207666416083908700390324961279)]
(14:02) gp > n = 602046282375688656758213480587526111916698976636884684818
%14 = 602046282375688656758213480587526111916698976636884684818
(14:02) gp > ellpow(E,z,n)
%15 = [Mod(4013698849075654558075584527424681810007648214270260418090, 6277101735386680763835789423207666416083908700390324961279), Mod(849673542270026574908323327879249398221278430546058704302, 6277101735386680763835789423207666416083908700390324961279)]
(14:02) gp > u=ellpow(E,z,n)
%16 = [Mod(4013698849075654558075584527424681810007648214270260418090, 6277101735386680763835789423207666416083908700390324961279), Mod(849673542270026574908323327879249398221278430546058704302, 6277101735386680763835789423207666416083908700390324961279)]
(14:03) gp > ellisoncurve(E, u)
%17 = 1
(14:03) gp > d = n
%18 = 602046282375688656758213480587526111916698976636884684818
(14:04) gp > Q = ellpow(d,z)
***   expected character: ',' instead of: Q=ellpow(d,z)
^-

(14:04) gp > Q=ellpow(E,z,d)
%19 = [Mod(4013698849075654558075584527424681810007648214270260418090, 6277101735386680763835789423207666416083908700390324961279), Mod(849673542270026574908323327879249398221278430546058704302, 6277101735386680763835789423207666416083908700390324961279)]
(14:05) gp >
```

• #### Budi Rahardjo 10:48 pm on November 25, 2009 Permalink | Reply

good stuff. next, implement this in own software 🙂

• #### CG 11:32 pm on November 25, 2009 Permalink | Reply

ok. pair programming?

• #### romi 3:49 am on May 17, 2011 Permalink | Reply

Mr CG can you help me to explain this:
what its mean: gen P(l): to automatically generate the parameter p, where |logp|2  l bits, and set the appropriate generator g. (elgamal cryptosystem)
jpj2  can be interpreted as:
| jp|2 = l, or
| jp|2 = l – 1, or
|jp|2 = l + 1:
to generate P with size l bits, and then set an appropriate generator g

help me pls

## Is it on curve? (on prime fields)

Sample parameters (from Guide to Elliptic Curve Cryptography #262)

P-192: p = 2^192 − 2^64 − 1, a = −3, h = 1
S = 0x 3045AE6F C8422F64 ED579528 D38120EA E12196D5
r = 0x 3099D2BB BFCB2538 542DCD5F B078B6EF 5F3D6FE2 C745DE65
b = 0x 64210519 E59C80E7 0FA7E9AB 72243049 FEB8DEEC C146B9B1
n = 0x FFFFFFFF FFFFFFFF FFFFFFFF 99DEF836 146BC9B1 B4D22831

y = 0x 07192B95 FFC8DA78 631011ED 6B24CDD5 73F977A1 1E794811

The variables:

y = 174050332293622031404857552280219410364023488927386650641
b = 2455155546008943817740293915197451784769108058161191238065

Calculating in PARI:

```chika\$ gp

GP/PARI CALCULATOR Version 2.1.7 (released)
unknown 32-bit version
(readline v5.0 enabled, extended help available)

Copyright (C) 2002 The PARI Group

PARI/GP is free software, covered by the GNU General Public License, and
comes WITHOUT ANY WARRANTY WHATSOEVER.
beowulf:~ chika\$ gp

GP/PARI CALCULATOR Version 2.1.7 (released)
unknown 32-bit version
(readline v5.0 enabled, extended help available)

Copyright (C) 2002 The PARI Group

PARI/GP is free software, covered by the GNU General Public License, and
comes WITHOUT ANY WARRANTY WHATSOEVER.

Type ? for help, \q to quit.
Type ?12 for how to get moral (and possibly technical) support.

realprecision = 28 significant digits
seriesprecision = 16 significant terms
format = g0.28

parisize = 4000000, primelimit = 500000
(12:21) gp > p = 2^192-2^64-1
%1 = 6277101735386680763835789423207666416083908700390324961279
(12:22) gp > a = Mod(-3,p)
%2 = Mod(6277101735386680763835789423207666416083908700390324961276, 6277101735386680763835789423207666416083908700390324961279)
(12:22) gp > b = Mod(2455155546008943817740293915197451784769108058161191238065,p)
%3 = Mod(2455155546008943817740293915197451784769108058161191238065, 6277101735386680763835789423207666416083908700390324961279)
(12:22) gp > E = ellinit([0,0,0,a,b])
%4 = [0, 0, 0, Mod(6277101735386680763835789423207666416083908700390324961276, 6277101735386680763835789423207666416083908700390324961279), Mod(2455155546008943817740293915197451784769108058161191238065, 6277101735386680763835789423207666416083908700390324961279), 0, Mod(6277101735386680763835789423207666416083908700390324961273, 6277101735386680763835789423207666416083908700390324961279), Mod(3543520448649094507125386237582140722992523532254439990981, 6277101735386680763835789423207666416083908700390324961279), Mod(6277101735386680763835789423207666416083908700390324961270, 6277101735386680763835789423207666416083908700390324961279), Mod(144, 6277101735386680763835789423207666416083908700390324961279), Mod(405994808970639648882882313592906595851778480660607224142, 6277101735386680763835789423207666416083908700390324961279), Mod(5525402385154848923235289274741921730185152131202286251655, 6277101735386680763835789423207666416083908700390324961279), Mod(6234286251230310114240839169629130138801351179850969208331, 6277101735386680763835789423207666416083908700390324961279), 0, 0, 0, 0, 0, 0]
(12:22) gp > x = Mod(602046282375688656758213480587526111916698976636884684818,p)
%5 = Mod(602046282375688656758213480587526111916698976636884684818, 6277101735386680763835789423207666416083908700390324961279)
(12:23) gp > y = Mod(174050332293622031404857552280219410364023488927386650641,p)
%6 = Mod(174050332293622031404857552280219410364023488927386650641, 6277101735386680763835789423207666416083908700390324961279)
(12:23) gp > z = [x,y]
%7 = [Mod(602046282375688656758213480587526111916698976636884684818, 6277101735386680763835789423207666416083908700390324961279), Mod(174050332293622031404857552280219410364023488927386650641, 6277101735386680763835789423207666416083908700390324961279)]
(12:23) gp > ellisoncurve(E,z)
%8 = 1
(12:24) gp >
```

• #### Budi Rahardjo 10:50 pm on November 25, 2009 Permalink | Reply

next would be koblitz curve

• #### CG 11:31 pm on November 25, 2009 Permalink | Reply

yes. i’m still insisting to use koblitz curve for our further implementation.

• #### zakimath 9:20 am on November 30, 2009 Permalink | Reply

Untuk P-521 udah nyoba belum ya? 🙂

## El-Gamal with Pari

Encrypt – decrypt successful.

• #### Budi Rahardjo 10:16 pm on October 21, 2009 Permalink | Reply

Congratulation! Good stuff 🙂

• #### CG 11:11 am on May 19, 2010 Permalink | Reply

thank you 🙂

• #### romi 3:45 am on May 17, 2011 Permalink | Reply

what its mean: gen P(l): to automatically generate the parameter p, where |logp|2  l bits, and set the appropriate generator g.
jpj2  can be interpreted as:
| jp|2 = l, or
| jp|2 = l – 1, or
|jp|2 = l + 1:

help me pliss

• #### romi 3:46 am on May 17, 2011 Permalink

this thing is in elgamal
i am not understand what the task want

• #### oman 7:47 pm on May 18, 2010 Permalink | Reply

can i know how u did this? any coding involved? thanks 😉

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r