Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2017-03-25 19:06:33 +0200

dan_fulea gravatar image

The order of the curve is: $$ 2\cdot 5846006549323611672814738465098798981304420411291\ . $$ (The second factor is a prime.) Source:

Intel(R) Integrated Performance Primitives, Cryptography Guide, IPP 7.1, Andrzej Chrzeszczyk, Jakub Chrzeszczyk, September, 2012, page 214.

https://software.intel.com/sites/default/files/article/181895/intelcrypt710.pdf

(One has to read between the lines.)

The above source / link in the comments is no longer available.

Sage could in my hands with the present libraries not proceed. (It was even hard to kill the sage process, no chance to access mouse and keyboard after some minutes. It took all resources on the mashine.)

Here is the code that only verifies the order.

P  = 0x0800000000000000000000000000000000000000C9
c  = 0x07B6882CAAEFA84F9554FF8428BD88E246D2782AE2
b  = 0x0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9       
x0 = 0x0369979697AB43897789566789567F787A7876A654     
y0 = 0x00435EDB42EFAFB2989D51FEFCE3C80988F41FF883

R.<X> = PolynomialRing( GF(2) )
modulus = R( P.digits(2) )

q = 2 ** 163
F = GF( q, modulus=modulus, name='x' )
E = EllipticCurve( F, [ 1, F(c.digits(2)), 0, 0, F(b.digits(2)) ] )

POINT = E.point( ( F(x0.digits(2)), F(y0.digits(2)) ) )
PRIME = 5846006549323611672814738465098798981304420411291

print "Is   PRIME * POINT == 0? %s" % ( (   PRIME * POINT ).is_zero() )
print "Is 2*PRIME * POINT == 0? %s" % ( ( 2*PRIME * POINT ).is_zero() )


print "The value 2*PRIME is in hex between the Hasse bounds as follows:" 
print "%s :: hex of ceil  of q + 1 - 2 sqrt(q)" % hex(  ceil( q + 1 - 2*sqrt(q) ) )
print "%s :: hex of 2 * PRIME, the order of ( E( GF(q) ), + )" % hex( 2*PRIME )
print "%s :: hex of floor of q + 1 + 2 sqrt(q)" % hex( floor( q + 1 + 2*sqrt(q) ) )

And we get:

Is   PRIME * POINT == 0? True
Is 2*PRIME * POINT == 0? True
The value 2*PRIME is in hex between the Hasse bounds as follows:
7fffffffffffffffffffa57d86660310cdbdd3415 :: hex of ceil  of q + 1 - 2 sqrt(q)
7fffffffffffffffffffe91556d1385394e204f36 :: hex of 2 * PRIME, the order of ( E( GF(q) ), + )
800000000000000000005a827999fcef32422cbed :: hex of floor of q + 1 + 2 sqrt(q)

The order of the curve is: $$ 2\cdot 5846006549323611672814738465098798981304420411291\ . $$ (The second factor is a prime.) Source:

Intel(R) Integrated Performance Primitives, Cryptography Guide, IPP 7.1, Andrzej Chrzeszczyk, Jakub Chrzeszczyk, September, 2012, page 214.

https://software.intel.com/sites/default/files/article/181895/intelcrypt710.pdf

(One has to read between the lines.)

The above source / link in the comments is no longer available.

Sage could in my hands with the present libraries not proceed. proceed with the search. (It was even hard to kill the sage process, no chance to access mouse and keyboard after some minutes. It took all resources on the mashine.)machine.)

Here is the code that only verifies the order.

P  = 0x0800000000000000000000000000000000000000C9
c  = 0x07B6882CAAEFA84F9554FF8428BD88E246D2782AE2
b  = 0x0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9       
x0 = 0x0369979697AB43897789566789567F787A7876A654     
y0 = 0x00435EDB42EFAFB2989D51FEFCE3C80988F41FF883

R.<X> = PolynomialRing( GF(2) )
modulus = R( P.digits(2) )

q = 2 ** 163
F = GF( q, modulus=modulus, name='x' )
E = EllipticCurve( F, [ 1, F(c.digits(2)), 0, 0, F(b.digits(2)) ] )

POINT = E.point( ( F(x0.digits(2)), F(y0.digits(2)) ) )
PRIME = 5846006549323611672814738465098798981304420411291

print "Is   PRIME * POINT == 0? %s" % ( (   PRIME * POINT ).is_zero() )
print "Is 2*PRIME * POINT == 0? %s" % ( ( 2*PRIME * POINT ).is_zero() )


print "The value 2*PRIME is in hex between the Hasse bounds as follows:" 
print "%s :: hex of ceil  of q + 1 - 2 sqrt(q)" % hex(  ceil( q + 1 - 2*sqrt(q) ) )
print "%s :: hex of 2 * PRIME, the 2*PRIME = order of ( E( GF(q) ), + )" % hex( 2*PRIME )
print "%s :: hex of floor of q + 1 + 2 sqrt(q)" % hex( floor( q + 1 + 2*sqrt(q) ) )

And we get:

Is   PRIME * POINT == 0? True
Is 2*PRIME * POINT == 0? True
The value 2*PRIME is in hex between the Hasse bounds as follows:
7fffffffffffffffffffa57d86660310cdbdd3415 :: hex of ceil  of q + 1 - 2 sqrt(q)
7fffffffffffffffffffe91556d1385394e204f36 :: hex of 2 * PRIME, the 2*PRIME = order of ( E( GF(q) ), + )
800000000000000000005a827999fcef32422cbed :: hex of floor of q + 1 + 2 sqrt(q)
Copyright Sage, 2010. Some rights reserved under creative commons license. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.7.59