P=64231 N=64633 a=0 b=3 G={0x01,0x02}
Topic: Construct own Elliptic Curve (Read 184 times)
Hmm. Can you please provide me a 2^16 curve with starting point 1 please?
It is easier to generate all points for 2^16 than for 2^32
)
It is easier to generate all points for 2^16 than for 2^32
)
To be analogous to secp256k1, your prime should be congruent to 3 mod 4, should have a primitive cube root of unity, and the generated group should be prime.
The curve created by a=0 b=11 over field P=2^32-116325 has these properties. N is 2^32-4443.
There are many such choices that work. I chose the option with the largest group size subject to the restriction that the order was still under 2^32, that the twist had cofactor of 4 or less, and that the embedding degree was 'large' (in this case almost 2^30, though there are somewhat smaller groups where the embedding degree is close to 2^32). I chose the smallest b among the isomorphic alternatives.
For a generator, you could use G = {0x02, 0x20c2c3af} (x=0x01 isn't on the curve). All points on the curve are equally good as a generator.
results=[]
for x in [xf for xf in range(2^32,2^32-300000,-1) if xf%4==3 and Integer(xf).is_prime() and FiniteField(xf)(1).nth_root(3)!=1]:
for b in range(1,15):
order=EllipticCurve([FiniteField(x)(0), FiniteField(x)(b)]).order()
if order<2^32 and order.is_prime()==True:
ordert=EllipticCurve([FiniteField(x)(0), FiniteField(x)(-b)]).order()
ordertp=factor(ordert)[-1][0]
if ordert/ordertp<=4:
results.append((order,RR(log(FiniteField(order)(x).multiplicative_order(),2)),ordert,-x,-b))
sorted(results)
The curve created by a=0 b=11 over field P=2^32-116325 has these properties. N is 2^32-4443.
There are many such choices that work. I chose the option with the largest group size subject to the restriction that the order was still under 2^32, that the twist had cofactor of 4 or less, and that the embedding degree was 'large' (in this case almost 2^30, though there are somewhat smaller groups where the embedding degree is close to 2^32). I chose the smallest b among the isomorphic alternatives.
For a generator, you could use G = {0x02, 0x20c2c3af} (x=0x01 isn't on the curve). All points on the curve are equally good as a generator.
results=[]
for x in [xf for xf in range(2^32,2^32-300000,-1) if xf%4==3 and Integer(xf).is_prime() and FiniteField(xf)(1).nth_root(3)!=1]:
for b in range(1,15):
order=EllipticCurve([FiniteField(x)(0), FiniteField(x)(b)]).order()
if order<2^32 and order.is_prime()==True:
ordert=EllipticCurve([FiniteField(x)(0), FiniteField(x)(-b)]).order()
ordertp=factor(ordert)[-1][0]
if ordert/ordertp<=4:
results.append((order,RR(log(FiniteField(order)(x).multiplicative_order(),2)),ordert,-x,-b))
sorted(results)
For some research I would like to use a secp256k1 like Elliptic Curve, but instead of 256 bit length it should be 32 bit length. Does somebody have something ready?
I mean, it is important to get the right values for G, n and P. How do you construct them for 32 bit?
Thx
I mean, it is important to get the right values for G, n and P. How do you construct them for 32 bit?
Thx
Jump to: