Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2012-06-16 06:53:14 +0200

achrzesz gravatar image

The following example (with your curve but changed Pa,u1,u2,r ) shows that "SAGE operations" are OK

p=(10^34+1000).next_prime()
E=EllipticCurve(GF(p),[0,57]);
x,y=(4259903772238643554901244696272038,3809941931717614434052814194698091)
E.is_on_curve(x,y)
#True
P=E(x,y)
n=P.order()
d=ZZ.random_element(n)   # Priv key
Pa=d*P                   # Pub key

kE=ZZ.random_element(n)  # Eph key
R=kE*P
r=Integer(R.xy()[0])     # first part of the signature
hx=ZZ.random_element(n)  # hash of the message
s=Mod((hx+d*r)*inverse_mod(kE,n),n)  # second part
w=s^-1
u1=Integer(Mod(w*hx,n))
u2=Integer(Mod(w*r,n))
Q=u1*P+u2*Pa
Integer(Q.xy()[0])==r    # Verification
#True
Copyright Sage, 2010. Some rights reserved under creative commons license. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.7.59