ASKSAGE: Sage Q&A Forum - Latest question feedhttp://ask.sagemath.org/questions/Q&A Forum for SageenCopyright Sage, 2010. Some rights reserved under creative commons license.Mon, 01 Jun 2020 06:12:27 -0500Halving Point on curve25519http://ask.sagemath.org/question/49463/halving-point-on-curve25519/ Hi there,
Is there any ways in sagemath to half a point in curve25519? I found that mod inverse of 2 are not defined in this curve.
Thanks beforeZor-elThu, 09 Jan 2020 02:30:27 -0600http://ask.sagemath.org/question/49463/Lifting an Isogeny without Starting All Overhttp://ask.sagemath.org/question/51671/lifting-an-isogeny-without-starting-all-over/So I was computing isogeny over finite field in different extension degrees. Let's suppose I have obtained an isogeny $\phi$ over $\mathbb{F}_q$ and an embedding . $\iota:\mathbb{F}_{q}\to\mathbb{F}_{q^k}$. How do I lift $\phi$ to a larger field $\mathbb{F}_{q^k}$ by $\iota$?
What I did for now is to extract the kernel polynomial $\phi_x\in\mathbb{F_q}[x]$; componentwisely lift its coefficient to $\mathbb{F}_{q^k}$ and obtain $\tilde\phi_x=\iota(\phi_x)$, then using Kohel's formula to compute the lifted isogeny $\tilde\phi:E\to E[\tilde\phi_x]$.
from sage.coding.relative_finite_field_extension import *
Fq = GF(71^2)
extFq = GF(71^4)
iota = RelativeFiniteFieldExtension(extFq,Fq).embedding()
E = EllipticCurve(Fq,[1,0])
P = E.random_element()*1024
phi = E.isogeny(P)
# above are settings for copy-paste
phix = phi.kernel_polynomial()
extPhix = sum(iota(ci)*extFq[x](x)^di for di, ci in enumerate(phix))
extE = phi.domain().change_ring(iota)
extPhi = extE.isogeny(phix)
However, this costs too much computational resources to recompute the whole isogeny from scratch. In theory, since we have already computed $\phi$ before hand, one reasonable approach is to simply lift the rational coefficients of $\phi$ by $\iota$ componentwise. But I'm not quite sure how we could do this within Sage because I can't find a constructor to construct an isogeny object without specifying its kernel. Any ideas?Taylor HuangMon, 01 Jun 2020 06:12:27 -0500http://ask.sagemath.org/question/51671/Elliptic curve defined over completionhttp://ask.sagemath.org/question/49033/elliptic-curve-defined-over-completion/I have an elliptic curve E defined over the rationals and K is an imaginary quadratic field. I have a Heegner point P for E over K. I also have a rational prime p. Let q be a prime of K above p. I would like to use Sage to check whether the point P is divisible by p in E(K) and also in E(Kq) where Kq is the completion of K at the prime q. To check this in E(K) is easy; one can use the heegner_index() function or one can use the division_points() function. I am wondering if there is a way in Sage to do my required check in E(Kq). It seems to me that completions of number fields at finite primes are not defined in Sage.amatarSat, 14 Dec 2019 03:11:35 -0600http://ask.sagemath.org/question/49033/Efficient n-th division polynomial of elliptic curvehttp://ask.sagemath.org/question/41280/efficient-n-th-division-polynomial-of-elliptic-curve/I try to implement the algorithm described in sec. 4 of this paper: https:// eprint.iacr.org/2002/109.pdf. Currently I have the following code:
N = 1444329727510154393553799612747635457542181563961160832013134005088873165794135221
js = [(-2^5)^3, (-2^5*3)^3, (-2^5*3*5*11)^3, (-2^6*3*5*23*29)^3]
R = Integers(N)
B1 = B2 = 10
for j in js:
a = R(j)/(R(1728)-R(j))
cs = [random.randint(1,N) for _ in range(B1)]
xs = [random.randint(1,N) for _ in range(B2)]
for c in cs:
E = EllipticCurve([3*a*c^2, 2*a*c^3])
F = E.division_polynomial(N)
for x in xs:
z = F(x)
if gcd(z,N) != 1:
print(j, c, x, z, gcd(z,N))
I think it is correct, but the division polynomial computation runs forever, while the paper claims it finishes in seconds because every operation is modulo some integer (sec. 3). It also uses dynamical programming and I don't know how division_polynomial is implemented.
How can I do this more efficiently in Sage?polybiusTue, 27 Feb 2018 05:59:26 -0600http://ask.sagemath.org/question/41280/Determining Elliptic Curve Componentshttp://ask.sagemath.org/question/44274/determining-elliptic-curve-components/Say we have an elliptic curve:
R.<a,b,c> = QQ[]
cubic = a*(a+c)*(a+b)+b*(b+c)*(a+b)+c*(b+c)*(a+c)-4*(a+b)*(a+c)*(b+c)
E = EllipticCurve_from_cubic(cubic, morphism=False)
print(E)
print(E.minimal_model())
f = EllipticCurve_from_cubic(cubic, morphism=True)
finv = f.inverse()
generators = E.gens()
print
print("generators = %s" %(generators))
Output:
Elliptic Curve defined by y^2 + x*y = x^3 + 69*x^2 + 1365*x + 8281 over Rational Field
Elliptic Curve defined by y^2 + x*y + y = x^3 - 234*x + 1352 over Rational Field
generators = [(-39 : 52 : 1)]
How do we determine which of the two elliptic curve components a particular point is on? If we had this elliptic curve in the form $y^2 = x^3 + 109 x^2 + 234 x$ it'd be quite simple (if $x<0$ it's on the egg). Is there a nice way to automate this process in SageMath? For example, in this case the generator is on the egg.octonionTue, 13 Nov 2018 19:59:02 -0600http://ask.sagemath.org/question/44274/Calculating the order of an Elliptic Curve fails.http://ask.sagemath.org/question/43765/calculating-the-order-of-an-elliptic-curve-fails/Hi. I would like to calculate the order of the base point on an Elliptic Curve. Some curves are successful while some fail.
Here are two examples and their parameters. The first example is successful, the second is not.
Example 1.
p = 10562920556476600174223203553624763158759224241690200395609486946570543757980521851146458516500451409335864053457189473296570712977858859585999979839497081
a = 1
b = 0
E = EllipticCurve(GF(p), [a, b])
Gx = 7001153264502603531568809091006890066238093206490706740054133060198019760090859987689015805782317128823647585142349315457499198272662472818714043462452903
Gy = 5379780378477219053711555876878459214243674711784518156355184015695786277532464885846858297098947964642836892714492422913471742703229817151186461774623684
G = E(Gx, Gy)
Q = G.order()
Q = 5532044755580494717
Example 2.
p = 8245498483844445086274997696534494324318871629323439587180432555305925857658196874670618312457436840885370130522487176480691396150486059031119600012524801
a = 1
b = 0
E = EllipticCurve(GF(p), [a, b])
Gx = 7273571546843413099993191994471155206649636421268389195048812757571665656628711965470673099293494650775090608549703675296316887753017258939382696588767431
Gy = 3529068830277582088596828423990199939817342479929127252014627303069162247307070606247527579307935679046819531543049464667736359244475241042487530444236684
G = E(Gx, Gy)
Q = G.order()
*** Warning: MPQS: number too big to be factored with MPQS,
giving up.
both these two curves are working curves. but why does sage fail to calculate the second curves order of G? Is it a limitation of sage itself? Is there any other way to calculate the order without using MPQS method?pottzmanTue, 25 Sep 2018 18:05:43 -0500http://ask.sagemath.org/question/43765/Elliptic Curve Twisthttp://ask.sagemath.org/question/45530/elliptic-curve-twist/Hello, I am trying to compute the quadratic twist for an example of an Elliptic curve defined over a GF(p^8) Field:
With
p=3351951982486667453837338848452726606028033606935065896469552348842908133596080151967071453287452469772970937967942438575522391344438242727636910570385409
and an Elliptic curve defined as:
E = ElllipticCurve(GF(p),[1,0])
given the extensions:
F2.<i> = GF(p^2, modulus=x^2 + 11)
F4.<j> = GF(p^4, modulus=x^4 + 11)
F8.<k> = GF(p^8, modulus=x^8 + 11)
I am trying to compute a twist of the elliptic curve defined over F8, of the twist equation form: y^2=x^3+a w^4 x, while a=1, and w satisfies the following: $w\in F_{p^8}$ and $w^4 \in F_{p^2}$, $w^2 \in F_{p^4}$ and $w^3 \in F_{p^{8}} \setminus F_{p^{4}}$
Is there any sage command that would help with this problem ?
Another way but I didn't know how to write it in sage: {1,w,w^2,w^3} are the basis of $F_{p^8}$ as a vector space over $F_{p^{2}}$.
Thanks in advance.JosephThu, 21 Feb 2019 10:03:56 -0600http://ask.sagemath.org/question/45530/How to find a CM point with the image in the elliptic curve under modular parametrization givenhttp://ask.sagemath.org/question/47463/how-to-find-a-cm-point-with-the-image-in-the-elliptic-curve-under-modular-parametrization-given/ everyone! Let $E:y^2+y=x^3-61$ be the minimal model of the elliptic curve 243b. How can I find the CM point $\tau$ in $X_0(243)$ such that $\tau$ maps to the point $(3\sqrt[3]{3},4)$ under the modular parametrization? Can anyone tell me the answer or how to use sagemath to find it?
I use the sagemath code
EllipticCurve([0,0,1,0,-61])
phi = EllipticCurve([0,0,1,0,-61]).modular_parametrization()
f=phi.power_series(prec = 10000)[1]
f.truncate(20000)
to get the parametrization of y coordinate, then I use
q=var('q')
f(q)=
df=diff(f,q)
NewtonIt(q)=q-(f/df)(q)
xn=e^(2*pi*I*a/20.031)
for i in range(1000):
xn=N(NewtonIt(xn),digits=2000)
print xn
to get the numerical $e^{2\pi i \tau}$. After taking log and dividing by $2 \pi i$, I get the numerical $\tau$. But if I use
z=
p=z.algebraic_dependency(100)
I get the wrong polynomial. Why?
LeeSun, 11 Aug 2019 16:05:54 -0500http://ask.sagemath.org/question/47463/Height of point elliptic curve over finite fieldhttp://ask.sagemath.org/question/47310/height-of-point-elliptic-curve-over-finite-field/Is it possible to count height of point from elliptic curve over finite field? How do I do that with Sage?
Thanks before.zelleonTue, 30 Jul 2019 03:22:52 -0500http://ask.sagemath.org/question/47310/How do I obtain the generator of a elliptic curve? Is E.gens() only for the generator for the free part of the group or is for torsion also?http://ask.sagemath.org/question/49373/how-do-i-obtain-the-generator-of-a-elliptic-curve-is-egens-only-for-the-generator-for-the-free-part-of-the-group-or-is-for-torsion-also/Code:
sage: E = EllipticCurve([0,-1,0,-4,-2])
sage: E.gens()
[(3 : 2 : 1)]
sage: T = E.torsion_subgroup()
sage: T.points()
[(0 : 1 : 0), (-1 : 0 : 1)]
What is the generator of the group E(Q)?Is it the point (3,2) only? or the point (3,2)+(-1,0)?ABSun, 05 Jan 2020 03:20:33 -0600http://ask.sagemath.org/question/49373/How to make objects execute their operations in a specific field/ring?http://ask.sagemath.org/question/51593/how-to-make-objects-execute-their-operations-in-a-specific-fieldring/Providing some context: i want to create a class to operate on isogeny graphs of elliptic curves. So it should have the $j$-invariants (integers modulo $p$) as nodes and the existence of $l$-isogenies as edges.
To compute the edges i need to do some calculations on GF(p) and some others on the ring PolynomialRing(GF(p), ['X', 'Y']).
How do i make sure the operations happen on their specific rings and don't change the field outside of the class?JGCWed, 27 May 2020 16:21:45 -0500http://ask.sagemath.org/question/51593/Elliptic Curve over Tower of Finite Fieldhttp://ask.sagemath.org/question/51434/elliptic-curve-over-tower-of-finite-field/So I was trying to construct a curve and compute arithmetics on different hierachy of extensions.
The problem is, since in my application the characteristic $p$ is so large that the regular `Fq.extension(degree)` runs like forever. I'm not sure why but I could instead compute `irr = PolynomialRing(Fq,'x').irreducible_element(degree)` and then just do the extension `extFq = Fq.extension(irr)` by explicitly specifying a irreducible. However, my curve obtain by `E.change_ring(extFq)` would no longer be recognized over finite field and able to sample a random point. Thus the following snippet fails
q, degree = 6441726727896377540006619567673100761, 8
# q is some priori decided prime power and degree is roughly 8
Fq = GF(q)
E = EllipticCurve(Fq,[1,0])
irr = PolynomialRing(Fq,'x').irreducible_element(degree)
extFq = Fq.extension(irr)
extE = E.change_ring(extFq)
extE.random_element() #this fails
On another hand, if I simply specify the relative extension `extFq = GF(q^degree)` and use the relative extension `RelativeFiniteFieldExtension` to get the embedding, then I'm not sure how to specify the coersion explicitly while using `E.change_ring`.
p, degree = 2538055698343985819, 8
q = p^2
Fq = GF(q)
E = EllipticCurve(Fq,[1,0])
irr = PolynomialRing(GF(p),'x').irreducible_element(2*degree)
extFq = GF(q^degree,'x',irr)
# we could obtain embedding by
# rel = RelativeFiniteFieldExtension(extFq,Fq)
E.change_ring(extFq) # error: no coersion
Is there any way to get around this?Taylor HuangSun, 17 May 2020 05:27:09 -0500http://ask.sagemath.org/question/51434/Displaying Z-coordinate of the Elliptic curve pointshttp://ask.sagemath.org/question/51312/displaying-z-coordinate-of-the-elliptic-curve-points/when i generate an elliptic curve and work with it's points. it is always displaying with Z-coordinate =1 as following:
sage: EC=EllipticCurve(GF(101),[2,3])
sage: EC
Elliptic Curve defined by y^2 = x^3 + 2*x + 3 over Finite Field of size 101
sage: EC.random_point()
(60 : 65 : 1)
sage: point1=EC.random_point()
sage: point1
(3 : 6 : 1)
sage: point2=2*point1
sage: point2
(30 : 55 : 1)
as shown Z-coordinate always = 1. can i work with points with it's normal (original) Z- component ??
Hassan MostafaWed, 06 May 2020 17:11:47 -0500http://ask.sagemath.org/question/51312/multiply the point by 2^-1 (mod n)http://ask.sagemath.org/question/50288/multiply-the-point-by-2-1-mod-n/ Public key x and y == Double(Half of the Public key x and y)
how to code this in sage math how to get coordinate x
x = f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
y = 388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
from this to >
x = c62c910e502cb615a27c58512b6cc2c94f5742f76cb3d12ec993400a3695d413
y = 17f3dadd767275ddd3b23f46723631778bf01dadaebb9a953cf068712457c010
educomWed, 18 Mar 2020 02:55:08 -0500http://ask.sagemath.org/question/50288/Find order of an Elliptic Curve over Gaussian Integerhttp://ask.sagemath.org/question/49838/find-order-of-an-elliptic-curve-over-gaussian-integer/I am new with Sagemath. I just find out that Sagemath has Elliptic Curve Library and I curious to find out how to find order of an elliptic curve over Gaussian Integer.
p = 107927
G = ZZ[I]
J = G.ideal(p)
Q = G.quotient(J,'x')
a = Q(I)
A = (95385+100114*a)
B = (18724+61222*a)
E = EllipticCurve(Q,[A, B])
E
it will show :
Elliptic Curve defined by y^2 = x^3 + (-7813*I-12542)*x + (-46705*I+18724) over Quotient of Gaussian Integers in Number Field in I with defining polynomial x^2 + 1 with I = 1*I by the ideal (107927)
E.cardinality()
AttributeError: 'EllipticCurve_field_with_category' object has no attribute 'cardinality'
why it shows an error ?
I found the group order is 11648283482 (using python and the program that I made from scratch)
`edFri, 07 Feb 2020 01:18:05 -0600http://ask.sagemath.org/question/49838/Sagemath refuses to load singular curvehttp://ask.sagemath.org/question/48982/sagemath-refuses-to-load-singular-curve/I know that this below Elliptic curve is singular at $(23796,0)$
F = GF(23981)
E = EllipticCurve(F,[0, 0, 0, 17230, 22699])
Since
$\frac{\partial f}{\partial x} = 3x^2 + 17230 =0 \pmod p$ and vanishes at $x=\{185,23796\}$ and $(185,0)$ not on the curve.
$\frac{\partial f}{\partial y} = -2y = 0 \pmod p$ and vanishes at $y=0$
I'm trying to define this curve to plot but SageMath gives the error;
> ArithmeticError: invariants (0, 0, 0, 17230, 22699) define a singular curve
How can I plot this curve?kelalakaMon, 09 Dec 2019 14:20:27 -0600http://ask.sagemath.org/question/48982/Pycharm + sage incorrect computationhttp://ask.sagemath.org/question/48503/pycharm-sage-incorrect-computation/I am using sage with Pycharm with sage by choosing Python2.7 from sage /bin directory like in guide in question 39742.
In computation on finite field there is bug or other incorrect behavior:
p = 5256107634024827443646803157596584915370839195839782329597601469354483229307063
j = 3611062252397503822281535488379195436991347721427144349104935225639485573271142
K = GF(p)
a = K((3 * j) / (1728 - j))
`a` is equals `5256107634024827443646803157596584915370839195839782329597601469354483229307059`, but in fact it should be `1674511800600631022371777328069227143110125063664501651628290807871952520681596`.
In stand-alone sage from terminal it works correctly. What should I do for working with sage from Pycharm with correct computation.
Latest version Mac OS, sage 8.9 from Homebrew, latest version Pycharm.SobiegFri, 25 Oct 2019 15:05:04 -0500http://ask.sagemath.org/question/48503/Elliptic curves - morphismhttp://ask.sagemath.org/question/48457/elliptic-curves-morphism/ Consider the example from the documentation:
sage: R.<u,v,t> = QQ[]
sage: Jacobian(u^3+v^3+t, variables=[u,v])
Elliptic Curve defined by y^2 = x^3 + (-27/4*t^2) over
Multivariate Polynomial Ring in u, v, t over Rational Field
how to obtain the morphism in this case?castorTue, 22 Oct 2019 03:04:13 -0500http://ask.sagemath.org/question/48457/elliptic curve : find only xhttp://ask.sagemath.org/question/48003/elliptic-curve-find-only-x/sir,
im a python programme and some idea of sagemath and c++ and .net
i study the btc cryptography seacp256k1
my problem is that
1. how to find x value where start from nearest of k so my loop is small and find the k
2.how to find cyclic ring where the repeate of x and ecliptic curve on seacp256k1 or bitcoin parameters
3.if i have x,y of public key and address how to find private key descrete logirithm problem loop is very large
how can i mage the small cuve , any apprelication or function if availabel in sagemath i required with baby step consider to proofsagemathecdlpSat, 21 Sep 2019 03:45:28 -0500http://ask.sagemath.org/question/48003/Why is exponentiation of points on elliptic curve so fast?http://ask.sagemath.org/question/46705/why-is-exponentiation-of-points-on-elliptic-curve-so-fast/I am working on elliptic curves in sagemath. I was trying to collect benchmarks for group operation and exponentiation of points on NIST P-256 elliptic curve. When I tried to perform a group operation on 2 points on the curve, it takes roughly 2 micro seconds. When I tried to perform exponentiation on a point in elliptic curve with a random exponent, it takes only 3 micro seconds. How is this even possible? Since I am exponentiating with a 256 bit value, this should at least take time required for 256 group operations, which is more than 1ms. I am worried if my code is wrong!
p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
order = 115792089210356248762697446949407573529996955224135760342422259061068512044369
b = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b
F = GF(p)
E = EllipticCurve(F, [-3,b])
runs = 10000
G = E.abelian_group()
F2 = GF(order)
exponent = [F2.random_element() for i in range(runs)]
t1 = time()
for i in range(runs):
e = Integer(exponent[i])*e2[i]
t2 = time()
print "Time per operation = ", (t2 - t1)/runs , " seconds"
e1 = [G.random_element() for i in range(runs)]
e2 = [G.random_element() for i in range(runs)]
t1 = time()
for i in range(runs):
e = e1[i]+e2[i]
t2 = time()
print "Time per operation = ", (t2 - t1)/runs , " seconds"pantherWed, 29 May 2019 22:50:46 -0500http://ask.sagemath.org/question/46705/Putting label in the right spot (upper-left) during animationhttp://ask.sagemath.org/question/46496/putting-label-in-the-right-spot-upper-left-during-animation/I'm quite new to SageMath. It took some time (half a sunday) to create a code the draws an elliptic curve with a cubic, controlling the speed of the animation and putting a label in. However, I don't know where I can put something like a `legend_loc='upper left` somewhere or whether that's even possible. My code is as follows:
step=0.2;
var('x,y');
a=animate([
plot(EllipticCurve(y^2==x^3+3.8*x^2-0.8*x+float(k)),xmin=-6,xmax=0
,color="red",thickness=2,legend_label=r'$y^2=x^3+3.8x^2-0.8x+{}$'.format(float(k)))
+plot(EllipticCurve(y^2==x^3+3.8*x^2-0.8*x+float(k)),xmin=10^(-9),xmax=6
,color="red",thickness=2)
+ plot(x^3+3.8*x^2-0.8*x+float(k),xmin=-6,xmax=6,color="blue",thickness=1)
for k in srange(-5,5,step)],xmin=-6,xmax=6,ymin=-20,ymax=20,gridlines=[[-6,6],[-20,20]]);
a.show(delay=1)
I also tried `set_legend_options(shadow=False, loc=2)` in the `plot` function, but that doesn't satisfy SageMath either. Anyone an idea how I can put that label at some fixed spot? Btw, it would be even better if I could put that label on the top centre **above** the animation. I appreciate any suggestions and help.AlgebearSun, 12 May 2019 15:52:37 -0500http://ask.sagemath.org/question/46496/How to implement pairings on MNT curves?http://ask.sagemath.org/question/46491/how-to-implement-pairings-on-mnt-curves/I have used elliptic curves in sagemath. But I do not how to use pairings in sagemath.
I found a list of MNT curves at https://www.esat.kuleuven.be/cosic/publications/article-522.pdf
I also found some documentation on elliptic curves at
https://doc.sagemath.org/html/en/reference/curves/sage/schemes/elliptic_curves/ell_point.html
It provides ate_pairing, tate_pairing, weil_pairing functions. I don't know which one to use. I couldn't understand it. I do not know math behind pairings well enough. Please provide a simple code for performing pairing operations on these curves.pantherSat, 11 May 2019 20:26:27 -0500http://ask.sagemath.org/question/46491/How would I be able to check if a given number is a solinas prime?http://ask.sagemath.org/question/46327/how-would-i-be-able-to-check-if-a-given-number-is-a-solinas-prime/Using sage, how would I be able to check whether a given number is a general mersenne prime, or if possible any other special primes?
In particular, looking to check for special primes `p` such that modulo `p` is easy to calculatejonathansmithWed, 24 Apr 2019 01:36:50 -0500http://ask.sagemath.org/question/46327/elliptic curve arithmetic without inversionhttp://ask.sagemath.org/question/45784/elliptic-curve-arithmetic-without-inversion/ It seems when you add points on an elliptic curve in sage, it immediately divides by the z coordinate if it is not zero. Since I plan on working in a finite field of a large prime, I would rather it not calculate this inverse, but I'm not sure how to stop it from automatically doing so. How do I get it to leave the z coordinate alone so as to avoid inverting elements of my field?milksushFri, 15 Mar 2019 02:49:09 -0500http://ask.sagemath.org/question/45784/x coordinate Of an Elliptic Curve pointhttp://ask.sagemath.org/question/45239/x-coordinate-of-an-elliptic-curve-point/I am defining an Elliptic curve E and then taking a random point P over E. now I want to print the x coordinate of the elliptic curve. How to do that ?
F.<z>=GF(2^11, modulus= conway_polynomial(2,11))
j= F.random_element()
E= EllipticCurve_from_j(j)
P= E.random_point()
Now I want to define w to be the x co-ordinate of P. BishwajitCThu, 31 Jan 2019 02:04:37 -0600http://ask.sagemath.org/question/45239/Get bit representation of an elliptic curve group elementhttp://ask.sagemath.org/question/44547/get-bit-representation-of-an-elliptic-curve-group-element/ I can define an elliptic curve using
> E = EllipticCurve(GF(97), [2,3])
I can then compute a group on E using
> G = E.abelian_group()
I can then sample a random element in the group using
> R = G.random_element()
Is there a way I can get a bit string representation of this group element R? Actually, I am implementing a pseudo-random generator scheme, which finally outputs a group element on elliptic curve. I need to convert it to a bit string.pantherMon, 03 Dec 2018 04:38:55 -0600http://ask.sagemath.org/question/44547/generate random elliptic curve of prime orderhttp://ask.sagemath.org/question/44480/generate-random-elliptic-curve-of-prime-order/As required in many cryptographic algorithms, I would like to sample a group (in this case, an abelian group defined on elliptic curve) of a random prime order. I know how to define an elliptic curve with given parameters, and then calculate its order. But how to sample an elliptic curve of random prime order?pantherTue, 27 Nov 2018 21:24:16 -0600http://ask.sagemath.org/question/44480/Elliptic Curve: Python int too large to convert to C longhttp://ask.sagemath.org/question/44054/elliptic-curve-python-int-too-large-to-convert-to-c-long/I'd like to plot the secp256k1 curve, but I get "Python int too large to convert to C long". Does sage have a built-in type to handle large numbers, or is there a recommended way to do this?
p=2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
A=0
B=7
F=GF(p)
F=GF(p)
E = EllipticCurve( [A,B] )
show(graphics_array([plot(E,thickness=3), plot(E.change_ring(GF(p)))]), frame=True)
Traceback:
Traceback (most recent call last): A=0
File "", line 1, in <module>
File "/private/var/folders/k6/lrb1z5jd7vx95c7lh05kq6v00000gn/T/tmpmwcLjo/___code___.py", line 14, in <module>
exec compile(u'show(graphics_array([plot(E,thickness=_sage_const_3 ), plot(E.change_ring(GF(p)))]), frame=True)
File "", line 1, in <module>
File "/Users/Jbaczuk/Documents/Personal/SageMath/local/lib/python2.7/site-packages/sage/misc/decorators.py", line 567, in wrapper
return func(*args, **options)
File "/Users/Jbaczuk/Documents/Personal/SageMath/local/lib/python2.7/site-packages/sage/plot/plot.py", line 1941, in plot
G = funcs.plot(*args, **original_opts)
File "/Users/Jbaczuk/Documents/Personal/SageMath/local/lib/python2.7/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py", line 107, in plot
G += plot.points([P[0:2] for P in self.points() if not P.is_zero()], *args, **kwds)
File "/Users/Jbaczuk/Documents/Personal/SageMath/local/lib/python2.7/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py", line 208, in points
v = self._points_via_group_structure()
File "/Users/Jbaczuk/Documents/Personal/SageMath/local/lib/python2.7/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py", line 150, in _points_via_group_structure
for m in range(1,ni[0]):
OverflowError: Python int too large to convert to C longjbaczukWed, 24 Oct 2018 09:43:51 -0500http://ask.sagemath.org/question/44054/Reducing a polynomial over a function field modulo a valuationhttp://ask.sagemath.org/question/43965/reducing-a-polynomial-over-a-function-field-modulo-a-valuation/ In my situation, I have the following elliptic curve:
K.<t> = FunctionField(QQ)
E = EllipticCurve([t,t])
I want to be able to go modulo t to get the curve
z*y^2 - x^3 = 0
I cannot figure out how to do this. I would like to work with valuations if possible (like going mod K.valuation(0)), but any way to make this work would be great. In general, I'd like to be able to go modulo any irreducible polynomial.trbillinTue, 16 Oct 2018 08:22:31 -0500http://ask.sagemath.org/question/43965/generating the ring for schoof's division polynomialshttp://ask.sagemath.org/question/43301/generating-the-ring-for-schoofs-division-polynomials/ hello,
i want to generate the ring $F_p[x,y]/(y^2-x^3-ax-b)$, which is necessary to compute the division polynomials in schoof's algorithm to compute the amount of elements of a elliptic curve of the form $y^2=x^3+ax+b$ over $F_p$.
I already tried this:
R.<x,y>=PolynomialRing(Zmod(p))
F=R.quo(y^2-x^3-ax-b)
x,y=F.gens()
When i computed some division polynomials in the generated F and matched them with division polynomials which sage computed by this:
F=Zmod(p)
E=EllipticCurve(F,[a,b])
E.division_polynomial()
i saw that my computed division polynomials must be wrong. Does anyone have an idea for generating the Ring $F_p[x,y]/(y^2-x^3-ax-b)$ or generating a "pseudo" elliptic curve in sage, because this code
F=Zmod(p)
E=EllipticCurve(F,[a,b])
E.division_polynomial()
doesn't work if $p$ isn't prime of course.
gebertlukiThu, 09 Aug 2018 18:42:18 -0500http://ask.sagemath.org/question/43301/