ASKSAGE: Sage Q&A Forum - Latest question feedhttp://ask.sagemath.org/questions/Q&A Forum for SageenCopyright Sage, 2010. Some rights reserved under creative commons license.Wed, 18 Dec 2019 13:00:15 -0600Default algorithm for cardinalityhttp://ask.sagemath.org/question/49070/default-algorithm-for-cardinality/Hello, I am using Sage for operations on elliptic curves and I was curious what is the default algorithm used to compute the cardinality of a curve when: "E.cardinality()" is used? I tried to find it here: http://doc.sagemath.org/html/en/reference/curves/sage/schemes/elliptic_curves/ell_finite_field.html but I only found out there are some algorithms which you can choose as an optional argument. Is it the Schoof's algorithm?JanoutVWed, 18 Dec 2019 13:00:15 -0600http://ask.sagemath.org/question/49070/Does sage offer API?http://ask.sagemath.org/question/49066/does-sage-offer-api/ Hello, I am currently using sage for calculations on elliptic curves in my semestral project and I want to build a sort of a "wrap GUI" in JavaFX, which would generate input for Sage and then will format the output from it. I was wondering if Sage offers some kind of API? I am well aware of using Processbuilder class in java to create and manage different processes, but this method inevitably has some caveats, so I'm just interested, is Sage offering some kind of API?JanoutVWed, 18 Dec 2019 06:45:19 -0600http://ask.sagemath.org/question/49066/How to use sagemath to generate inequalitieshttp://ask.sagemath.org/question/47238/how-to-use-sagemath-to-generate-inequalities/ In cryptography, sbox is used to substitute a number with another for hiding the original one. For a 4 bit sbox, there will be 16 inputs and 16 outputs. I need to get the inequalities for the sboxjithendrakbMon, 22 Jul 2019 01:26:12 -0500http://ask.sagemath.org/question/47238/How to use sagemath to generate inequalitieshttp://ask.sagemath.org/question/47237/how-to-use-sagemath-to-generate-inequalities/ In cryptography sbox is used to substitute a number with another number(which doesn't have a linear relation to the previous one). So for a 4 bit sbox 16 different inputs give 16 different outputs. I need to get the inequalities of the sbox while giving all the inputs and outputs jithendrakbMon, 22 Jul 2019 01:21:48 -0500http://ask.sagemath.org/question/47237/Calculating Cauchy Integrals in Sagehttp://ask.sagemath.org/question/47017/calculating-cauchy-integrals-in-sage/Hi!
I am relatively new to complex analysis and I am trying to write down the following integral in Sage Math:
$$
I(k) = \frac{1}{2i\pi}\oint\frac{(1-t^2)}{(1-t)^n}\frac{dt}{t^{k+1}}
$$
from a paper that can be found at:
http://magali.bardet.free.fr/Publis/ltx43BF.pdf
The contour is a unit circle around the origin with a radius less than 1.
whereby $$S(n) = \frac{(1-t^2)}{(1-t)^n} $$ is a formal power series. The Cauchy Integral will produce the k-th coefficient of $S(n)$. I tried doing the following:
<!-- language: python -->
def deg_reg_Cauchy(k, n, m):
R.<t> = PowerSeriesRing(CC, 't')
constant_term = 1/(2*I*pi)
s = (1-t**2)**m / (t**(k+1)*(1-t)**n)
s1 = constant_term * s.integral()
return s1
I realize this is probably ***very*** wrong and I used $0$ till $2\pi$ as simple placeholders until I find appropriate values. Does anyone have any tips on how to go about this, please? Below is the error message that is being outputted by Sage.
<!-- language: python -->
ArithmeticError: The integral of is not a Laurent series, since t^-1 has nonzero coefficient.
Thank you!JoaoDDuarteSat, 29 Jun 2019 12:01:11 -0500http://ask.sagemath.org/question/47017/Is there any implementation of EG algorithm?http://ask.sagemath.org/question/46675/is-there-any-implementation-of-eg-algorithm/The algorithm is described in paper:
"A General Framework for Subexponential Discrete Logarithm Algorithms".
I'm solving HECDLP problem and having trouble writing the implementation. So, i thought, since SageMath is so great, maybe it has written it. But I can't find useful infos about it.
And if I choose the wrong algorithm for GHS attack, please say it. I'm still not so familiar to this field.
Anyway, thx!FXTiSun, 26 May 2019 05:25:39 -0500http://ask.sagemath.org/question/46675/What can i do about this large boolean function?http://ask.sagemath.org/question/46400/what-can-i-do-about-this-large-boolean-function/If i have a large boolean function like this:
FUN() = (
(( ~g&(f^i^0))|(g&(1^f^h^0)))^(( ~x&(w^z^0))|(x&(1^w^y^0)))
^((d&(1^a^b^e))|( ~d&(1^a^c^e)))^((m&(1^j^k^n))|( ~m&(1^j^l^n)))
^o^p^q^0^r^s^t^u^v
)
can anyone explain how can i code to obtain the non-linearity of this boolean formula?
I didn't really understand the `BooleanFunction()` function in Sage.athulanMon, 29 Apr 2019 06:56:28 -0500http://ask.sagemath.org/question/46400/cryptographic hash functionhttp://ask.sagemath.org/question/46110/cryptographic-hash-function/Hello,
I'm writing a Sage program to implement a Public Key Cryptographic scheme and I need a cryptographic hash function that takes as input a binary string of a given size d_domain and outputs a binary string of a given size d_range.
I read the documentation of the package Crypto.Hash, but I don't understand how to use the hash functions there.
Can someone help me?
Example parameters are:
d_domain = d_range = 256
KatinkaBouFri, 12 Apr 2019 07:10:51 -0500http://ask.sagemath.org/question/46110/Can I use the "sr.lin_matrix ()" command for any S-Box?http://ask.sagemath.org/question/46002/can-i-use-the-srlin_matrix-command-for-any-s-box/ sage: sr = mq.SR(1, 1, 1, 8, gf2=True)
sage: S = sr.sbox(); S
(99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22)
sage: sr.lin_matrix()
[1 1 1 1 1 0 0 0]
[0 1 1 1 1 1 0 0]
[0 0 1 1 1 1 1 0]
[0 0 0 1 1 1 1 1]
[1 0 0 0 1 1 1 1]
[1 1 0 0 0 1 1 1]
[1 1 1 0 0 0 1 1]
[1 1 1 1 0 0 0 1]MarcioWed, 03 Apr 2019 08:18:58 -0500http://ask.sagemath.org/question/46002/Does anyone know how to implement a simple XL Algorithm in sage?http://ask.sagemath.org/question/41818/does-anyone-know-how-to-implement-a-simple-xl-algorithm-in-sage/I need to implement the XL algorithm in sage, which i can use to solve over-determined systems of polynomial equations (more equations than variables). Any help on how to do this?
DalvirThu, 29 Mar 2018 07:45:45 -0500http://ask.sagemath.org/question/41818/How do you calculate the branch number of a matrix?http://ask.sagemath.org/question/41152/how-do-you-calculate-the-branch-number-of-a-matrix/ Can anyone explain what a branch number is and how to calculate it? I have checked several books on matrices but it seems uncommon. In particular, the matrix:
$$02\quad 03\quad 01\quad 01$$
$$01\quad 02\quad 03\quad 01$$
$$01\quad 01\quad 02\quad 03$$
$$03\quad 01\quad 01\quad 02$$
These entries are hexadecimals (or bytes), e.g. in bits $\{02\}$ is $00000010$, and comes from the Mix column layer in the $AES$ cipher (just in case that makes a difference).
I have read this matrix has the maximum branch number of $n+1 = 5$, but I do not understand where this came from or what it means.
I also read this is an $MDS$ matrix and I think branch numbers and $MDS$ matrices are linked somehow but, again, I don't know how. I have looked for video tutorials on $MDS$ matrices and branch numbers but there is nothing for beginners.
A couple of simple examples for branch numbers and/or $MDS$ matrices would be really helpful.
Redbook1Fri, 16 Feb 2018 07:06:40 -0600http://ask.sagemath.org/question/41152/Routines for Pell's equationshttp://ask.sagemath.org/question/40202/routines-for-pells-equations/Hi,
I am interested in finding solutions to Pell's equations in finite fields. Are there Sagemath routines that I could use or should I create my own routines? I am interested in finding out solutions to the general equation x^2 - Dy^2 = 1 (mod p). Solutions to this form an closed Abelian group and the points form a cyclic subgroup.
Any suggestions/pointers would be deeply appreciated.
Thank you,
Rahul RahulKrishnanSun, 17 Dec 2017 10:21:54 -0600http://ask.sagemath.org/question/40202/order of hyperelliptic curve divisorhttp://ask.sagemath.org/question/40153/order-of-hyperelliptic-curve-divisor/ I create a hyperelliptic curve, over finite field
zz = random_prime(2^81-1,False,2^80);
Q = GF(zz); x = Q['x'].gen();
f = x^5+ 2*x^2 +x + 3;
C = HyperellipticCurve(f, 0)
Then, Jacobian of Hyperelliptic Curve
J = C.jacobian()(Q)
then found two points and get there divisor and substract
P1 = (514014285438369163567791 : 461217828857546813804480 : 1)
P2 = (514014285438369163567791 : 461217828857546813804480 : 1)
D1 = J(P1);
D2 = J(P2);
D = D1 - D2;
but when calculating the order of D (error)
D.order()
> otImplementedError
> Traceback (most recent call last)
> <ipython-input-69-4132ea6bd39c> in
> <module>()
> ----> 1 D.order()
>
> /home/sage/sage-8.0/src/sage/structure/element.pyx
> in
> sage.structure.element.AdditiveGroupElement.order
> (/home/sage/sage/src/build/cythonized/sage/structure/element.c:16098)()
> 2276 Return additive order of
> element 2277 """
> -> 2278 return self.additive_order() 2279 2280
> def __invert__(self):
>
> /home/sage/sage-8.0/src/sage/structure/element.pyx
> in
> sage.structure.element.ModuleElement.additive_order
> (/home/sage/sage/src/build/cythonized/sage/structure/element.c:15332)()
> 2196 Return the additive order
> of self. 2197 """
> -> 2198 raise NotImplementedError 2199 2200
> ########################################################################
>
> NotImplementedError:
How to calculate it's order(I need the order to use it as mod in further calculation)
sherifasagewadThu, 14 Dec 2017 05:04:48 -0600http://ask.sagemath.org/question/40153/I want to compare time of scalar multiplicity between ECC HECC with security level 80http://ask.sagemath.org/question/37514/i-want-to-compare-time-of-scalar-multiplicity-between-ecc-hecc-with-security-level-80/ So in ECC GF(next_prime(2^160)) then construct the curve, base point
=====================================================================
I'm not sure how in hyper elliptic curve;
I think
$ `q = next_prime(2^80)`
$ `K.<x>=GF(q,'x')[]`
$ `f = x^5 + x^3 + 1`
$ `H = HyperellipticCurve(f, 0)`
$ `J = H.jacobian()`
$ `z = Integer(randrange(2, q-2))`
$ `D = J(H.lift_x(F(z)))` # divisor
===============================================================
To compare time
ECC => `%timeit (Integer(randrange(1, 2^160))) * base point`
HECC => %timeit (Integer(randrange(1, 2^80))) * divisor`
==============================================================
is this correct?
and if this correct, how ECC time = 13.2 millisecond;
HECC time = 185 millisecondsherifasagewadThu, 04 May 2017 16:54:50 -0500http://ask.sagemath.org/question/37514/Overflow when defining points on elliptic curvehttp://ask.sagemath.org/question/36709/overflow-when-defining-points-on-elliptic-curve/I have the following elliptic curve in SAGE:
p1 = 2^256-189
E10 = EllipticCurve(GF(p1),[-3,0])
I want to find points of different orders and multiply them with a number. However when I try to get SAGE to define or print a point like P=E10.points()[19] I get the following error:
Error in lines 1-1
Traceback (most recent call last):
File "/projects/sage/sage-7.5/local/lib/python2.7/site-packages/smc_sagews/sage_server.py", line 982, in execute
exec compile(block+'\n', '', 'single') in namespace, locals
File "", line 1, in <module>
File "/projects/sage/sage-7.5/local/lib/python2.7/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py", line 214, in points
v = self._points_via_group_structure()
File "/projects/sage/sage-7.5/local/lib/python2.7/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py", line 156, in _points_via_group_structure
for m in range(1,ni[0]):
OverflowError: Python int too large to convert to C long
So far I have only suceeded in finding the point (0,0) of order 2 but I also need points of higher order. Is there any way to fix this overflow error or find points of different orders that SAGE can actually handle without getting overflow or is my curve just impossible to work with?
I started out trying to print the list of all points and their orders but that resulted in the error. Then I tried printing only one point and now I am simply trying to define the points without printing them (however I need to print k*P for some k later on for all the points).
I got the point (112810383992036387042877104932833846002363090508032041943368137894367452952778,85347934490306136025376423714596250175969011873639765034628869535783033211301) using `E10.gens()` but I can't define it getting the error:
ValueError: libGAP: Error, E: <n> must be a positive integer (not a integer (>= 2^60))
So I am suspecting that it is not possible to get any useful points on this curve. If so can anyone explain to me why it is so (with some references if possible)?AliceThu, 23 Feb 2017 06:27:27 -0600http://ask.sagemath.org/question/36709/Linear Algebra in Finite Fields (Goppa Codes)http://ask.sagemath.org/question/33915/linear-algebra-in-finite-fields-goppa-codes/Context:
I am trying to calculate a generator matrix for Goppa codes.
We are working in GF(16), e is a generator of GF(16), and we are given the polynomial
g = (x+e)*(x+e^14)
F.<e> = GF(16)
p = e.minpoly()
p
R.<x> = PolynomialRing(F)
g=(x+e)*(x+e^14)
i calculate the parity check matrix with coefficients in GF(16) as follows
H = matrix(F,2,12)
for i in range (2,14):
f=-((g(x)-g(e^i))/(x-e^i))*(1/g(e^i))
print("i=%s %s"%(i,f))
ff=R(f) # coerce to polynomial with canonical injection
H[0,i-2]=ff.list()[0]
H[1,i-2]=ff.list()[1]
i=2 (e^3 + e^2 + e + 1)*x + e^3 + e
i=3 (e^3 + e^2)*x + e^2 + e + 1
i=4 (e^3 + e^2)*x + e^3 + e
i=5 e*x + e^3 + 1
i=6 (e^3 + e^2 + e)*x + e^3 + e^2
i=7 x
i=8 (e^3 + 1)*x + e^2 + e + 1
i=9 (e^2 + 1)*x + e^2 + 1
i=10 (e^3 + e^2 + e)*x + e^2
i=11 (e^3 + 1)*x + e^3 + e + 1
i=12 (e^3 + e^2 + e + 1)*x + e^3 + 1
i=13 e*x + e^3 + e^2
H is a 2x12 matrix in GF(16)
now I am are interested in getting a 8x12 matrix corresponding to 8 equations. We get 4 equations for each row of H.
i am considering a vector of size 12 of unknowns c=(c1,c2,...,12) [with possible values 0 or 1], and for each row, we will look at the equation row_i * c=0 and we group terms corresponding to 1,e,e^2,e^3 and because this is a basis of GF(16) we know that the coefficients of 1,e,e^2,e^3 are 0. I want to extract those equations.
var('c1','c2','c3','c4','c5','c6','c7','c8','c9','c10','c11','c12')
C=matrix([[c1,c2,c3,c4,c5,c6,c7,c8,c9,c10,c11,c12]])
H*C.T
[ (e^3 + e)*c1 + (e^3 + e + 1)*c10 + (e^3 + 1)*c11 + (e^3
+ e^2)*c12 + (e^2 + e + 1)*c2 + (e^3 + e)*c3 + (e^3 + 1)*c4 + (e^3 +
e^2)*c5 + (e^2 + e + 1)*c7 + (e^2 + 1)*c8 + e^2*c9]
[(e^3 + e^2 + e + 1)*c1 + (e^3 + 1)*c10 + (e^3 + e^2 + e + 1)*c11 +
e*c12 + (e^3 + e^2)*c2 + (e^3 + e^2)*c3 + e*c4 + (e^3 + e^2 + e)*c5 + c6
+ (e^3 + 1)*c7 + (e^2 + 1)*c8 + (e^3 + e^2 + e)*c9]
for example for the first row the equation corresponding to e should be
(c1+c10+c2+c3+c7 =0)
could u please tell me how to recover the equation
AND to get the answer in matrix form
the next step of course is to find a basis for the kernel. How do we do that in SAGE ?
[of course it can be done by hand, but i want to be able to write the program]
PS. i am rather new to SAGE and to cryptography, i am following the MOOC from INRIA on fun-mooc
thank youfaguiSat, 25 Jun 2016 06:18:09 -0500http://ask.sagemath.org/question/33915/Can't multiply two variables together due to type (I think)http://ask.sagemath.org/question/25001/cant-multiply-two-variables-together-due-to-type-i-think/ I'm trying to digitally sign a test message in Sage using DSA (DSS). After running my code, I get:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "_sage_input_28.py", line 10, in <module>
exec compile(u'open("___code___.py","w").write("# -*- coding: utf-8 -*-\\n" + _support_.preparse_worksheet_cell(base64.b64decode("IyBDaGVjayB0aGUgc2lnbmF0dXJlCmNoZWNrX3NpZyhtLHAscSxnLHIscyx5KQ=="),globals())+"\\n"); execfile(os.path.abspath("___code___.py"))
File "", line 1, in <module>
File "/tmp/tmpUuKk65/___code___.py", line 3, in <module>
exec compile(u'check_sig(m,p,q,g,r,s,y)
File "", line 1, in <module>
File "/tmp/tmppjN9Gi/___code___.py", line 7, in check_sig
u_2 = mod(r*w,q)
File "element.pyx", line 1701, in sage.structure.element.RingElement.__mul__ (sage/structure/element.c:14531)
File "coerce.pyx", line 856, in sage.structure.coerce.CoercionModel_cache_maps.bin_op (sage/structure/coerce.c:8169)
TypeError: unsupported operand parent(s) for '*': 'Ring of integers modulo 98007532214006523718033513010741500921668410005086660781341579786663143142637' and 'Ring of integers modulo 44449'
The offending line is: `u_2 = mod(r*w,q)`. I think the issue here is I'm multiplying `r` and `w` where:
r = mod(mod(g^k,p),q)
w = mod(1/s,q)
However, these are both `mod q`. Why can't I perform a multiplication on them? Is there some kind of casting I have to do?darxius_sageTue, 25 Nov 2014 10:22:21 -0600http://ask.sagemath.org/question/25001/Binary Field Multiplicationhttp://ask.sagemath.org/question/23707/binary-field-multiplication/Hi,
I was trying to verify the binary field multiplication required to perform the GHASH part of the [Galois/Counter Mode (GCM)](http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf) for block ciphers using Sage. In order to do so, I need to compute a multiplication in `GF(2^128)` using the provided irreducible polynomial `p(x) = x^128 + x^7 + x^2 + x + 1`.
I took *Test Case 2* of *Appendix B* from [this](http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf) source. According to the specification of the standard, multiplying the ciphertext, denoted by `C`, with the hash subkey `H` (both values are represented by bit vectors containing the coefficients of their respective polynomial representation using hexadecimal basis) should give the result `X1`. I tried to compute the product (again represented in a hexadecimal value as provided in the standard) as follows:
<pre><code>sage: print version();
Sage Version 6.2, Release Date: 2014-05-06
sage: # Get test vectors from the document linked above (Test Case 2).
sage: C = Integer(0x0388dace60b6a392f328c2b971b2fe78);
sage: H = Integer(0x66e94bd4ef8a2c3b884cfa59ca342b2e);
sage: X1_exp = Integer(0x5e2ec746917062882c85b0685353deb7); # Expected product
sage: # Create the binary finite field using the given irreducible polynomial.
sage: P2.<x> = GF(2)[];
sage: p = x^128 + x^7 + x^2 + x + 1;
sage: GFghash = GF(2^128, 'x', modulus=p); GFghash
Finite Field in x of size 2^128
sage: # Create the field elements from the hexadecimal representation and multiply them.
sage: C_bf = GFghash._cache.fetch_int(C);
sage: H_bf = GFghash._cache.fetch_int(H);
sage: X1_bf = C_bf * H_bf;
sage: # Convert the field element back into a HEX representation containing the coefficients only.
sage: X1_bitvec = ''.join(map(str,X1_bf.polynomial().coeffs()));
sage: X1 = Integer(str(X1_bitvec)[::-1], base=2);
sage: # Check whether the result is correct.
sage: X1 == X1_exp
False
</code></pre>
Unfortunately, as you can see from the output, I do not get the expected result of the multiplication (as printed in the document referenced above). Interestingly, when I perform this calculation within a smaller field (for which I can verify the result by paper and pencil), for instance in `GF(2^4)`, the approach actually works (or at least I get the result I expected):
<pre><code>sage: print version();
Sage Version 6.2, Release Date: 2014-05-06
sage: # Use two elements of GF(2^4) represented by a hexadecimal coefficient bit vector.
sage: C = Integer(0xa); # a = x^3 + x = 1010(bin) = 10(dec) = a(hex)
sage: H = Integer(0xa);
sage: X1_exp = Integer(0x8); # Expected product = x^3 = 1000(bin) = 8(dec) = 8(hex)
sage: # Create the binary finite field using the given irreducible polynomial p(x) = x^4 + x + 1;
sage: P2.<x> = GF(2)[];
sage: p = x^4 + x + 1;
sage: GF16 = GF(2^4, 'x', modulus=p); GF16
Finite Field in x of size 2^4
sage: # Create the field elements from the hexadecimal representation and multiply them.
sage: C_bf = GF16._cache.fetch_int(C);
sage: H_bf = GF16._cache.fetch_int(H);
sage: X1_bf = C_bf * H_bf;
sage: # Convert the field element back into a HEX representation containing the coefficients only.
sage: X1_bitvec = ''.join(map(str,X1_bf.polynomial().coeffs()));
sage: X1 = Integer(str(X1_bitvec)[::-1], base=2);
sage: # Check whether the result is correct.
sage: X1 == X1_exp
True
</code></pre>
The actual questions I have right now, are:
1. Are there any limitations with regard to the maximum degree of the binary extension field with the approach I am using here?
2. If possible, can anybody point me to the mistake I am doing when operating in `GF(2^128)`?
Thanks,
MikemikemichiThu, 07 Aug 2014 03:48:35 -0500http://ask.sagemath.org/question/23707/can sage test the Elliptic Curves is security?http://ask.sagemath.org/question/11057/can-sage-test-the-elliptic-curves-is-security/p=FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFF
a=FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFC
b=28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 F39789F5 15AB8F92 DDBCBD41 4D940E93
n=FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF 7203DF6B 21C6052B 53BBF409 39D54123
Gx=32C4AE2C 1F198119 5F990446 6A39C994 8FE30BBF F2660BE1 715A4589 334C74C7
Gy=BC3736A2 F4F6779C 59BDCEE3 6B692153 D0A9877C C62A4740 02DF32E5 2139F0A0
http://www.oscca.gov.cn/UpFile/2010122214836668.pdf
http://www.oscca.gov.cn/UpFile/2010122214822692.pdf
2010/12, it published by from China State Administration Encryption,almost copy from American National Standards InstitutecjshWed, 19 Feb 2014 23:53:08 -0600http://ask.sagemath.org/question/11057/primitive roothttp://ask.sagemath.org/question/10709/primitive-root/I am writing a program to find the primitive root.
In the lecture we have given that
x is a primitive root in F_p, where p a prime number, if
x^((p-1)/pi) is not 1. (With pi the prime factors of p-1).
So here my programm:
p = 468889
R = IntegerModRing(p)
factor(p-1)
#gives: p-1 = 2^3 * 3 * 7 * 2791
list = [2,3,7,2791]
c=True
(I changed the for loop:)
for x in range(1,p):
for pi in list:
a = (p-1)/pi
if a == int(a):
k = R(x^a)
if k==1:
c=False
else:
print k
else:
pass
if c==True:
print x
else:
print c, x
But still there is no result. Can anyone help? I don't see the problem.
Thanks a lot!00Luca00Wed, 06 Nov 2013 10:41:16 -0600http://ask.sagemath.org/question/10709/Three-Pass Protocolhttp://ask.sagemath.org/question/10701/three-pass-protocol/I am currently trying to make an example for the three pass protocol.
Maybe someone can tell me my mistake, because it doesn't work out.
There is no error, but the numbers don't fit.
#Prime p = 8885569519.
#Let a = 7 and b = 17.
#Alice knows K = 263785119.
#Over the Ring mod p-1
R = IntegerModRing(8885569518)
K = 263785120
a = 11
b = 17
#Alice calculates K^a:
Ka = R(K)^a
#Bob calculates (K^a)^b:
Kab = R(Ka)^b
#Alice recives Kab and calculates((K^a)^b)^a^(-1).
#first a^(-1)
y = 1/R(a)
#then y*a % p-1 = 1 (p-1 = 8885569518)
Kaby = R(Kab)^y
#Kaby should be the same as K^b:
Kb = R(K)^b
#but it isn't
#The inverse of b:
z = 1/R(b)
KK = R(Kaby)^z
`K^a^b^a^(-1)` should be the same as `K^b`, but it doesn't work out. Does someone see my mistake?
Thank you and best,
Luca
00Luca00Tue, 05 Nov 2013 10:46:17 -0600http://ask.sagemath.org/question/10701/Working with multiplicative groupshttp://ask.sagemath.org/question/8876/working-with-multiplicative-groups/Hi,
I am just learning cryptography and the DLP problem.
How can I create a finite multiplicative Group over Zp?
Sage has many Group related classes but apparently I am not math-savvy enough
to chose one ;-)tbenderSun, 15 Apr 2012 09:22:11 -0500http://ask.sagemath.org/question/8876/[log discret logarithm] implantation index calculus algorithmhttp://ask.sagemath.org/question/9938/log-discret-logarithm-implantation-index-calculus-algorithm/Hello everybody,
I have a problem to implement with sage the index calculs algorithm in order to resolve the discret log 's problem.
I can create a system of algebra equation, but I can't compute the same modulo for each line
, I have ever the theorem of Chinese rest, but unsuccessfull !
Could you help me please ?
Vistrate
vistrateSat, 23 Mar 2013 05:47:20 -0500http://ask.sagemath.org/question/9938/Elliptic Curve functions don't seem to exist?http://ask.sagemath.org/question/9772/elliptic-curve-functions-dont-seem-to-exist/Hello. I'm trying to design a puzzle that involves finding a weakness in an elliptic curve cryptography application. I see descriptions of past puzzles that others have made, but they use SAGE with commands like "E = EllipticCurve(GF(c), [a, b])". From my attempts to uses SAGE online before installing, and from looking through the manual, it looks like there aren't any functions called EllipticCurve or for that matter GF. (They show up with red underlines in the online command window.) But then I did try running a similar command anyway:
"sage: p = 354990952970600489
sage: E = EllipticCurve(GF(p),[9326,1376127157])"
and got an error about this being prime or something similar -- don't have the error in front of me. So do the functions exist or what? I'm puzzled because the tutorial doesn't seem to work despite being written specifically for SAGE.kschneeTue, 05 Feb 2013 08:06:24 -0600http://ask.sagemath.org/question/9772/how to use the secret perfect shamir in Sage?http://ask.sagemath.org/question/8986/how-to-use-the-secret-perfect-shamir-in-sage/Good Morning.
I need to resorve this problem.
I have three fragments that I make with shamir's secret perfect and now I need to find the polinomy, but I don`t know if there is a method which I can to solve the polinomy and have the secret with Sage.
For exemple I have this polinomy 56 + 10*x + 5*x^2 mod 101. I know that the secret is 56 and three fragments [25, 98], [47, 57], [19, 31], (56 +10*25+5*25^2)mod 101 = 98
How I can to find the polinomy with these fragments?
I can't use Lagrange because it is arithmetic modular.
Thank you.AlfredoSun, 20 May 2012 08:11:00 -0500http://ask.sagemath.org/question/8986/How to enter a multiprecision integer in hex big endianhttp://ask.sagemath.org/question/8681/how-to-enter-a-multiprecision-integer-in-hex-big-endian/Hi,
I have a multiprecision integer (retrieved from a gpg signature). Example:
DSA p(2048 bits) - ab 21 99 ...many bytes here ... 5b
How can I enter the hex representation into Sage to work with it?tbenderSun, 29 Jan 2012 06:50:05 -0600http://ask.sagemath.org/question/8681/