Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Tables modify code

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for fining excact Point-1 after multiplying kprime to curve gen ?

Tables modify code

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for fining excact Point-1 after multiplying kprime to curve gen ?

Tables Need help to modify code

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for fining excact finding exact Point-1 after multiplying kprime to curve gen ?

Need help to modify code

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

Need help to modify code

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

Need help to modify codecode for find exact generator of curve

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

Need help How to modify code for find exact generator of curvecurve ?

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

How to modify code for find exact generator of curve ?

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

How to modify code for find find(calculate) exact generator of curve ?

This is ready to run source on pastebin https://pastebin.com/mCv0AHj7

How to get result=Point 1 after multiplying "kprime" to "curve gen" ? How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ? Maybe Chines Reminder needed ????? I'm Very needed help.

Then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Then I multyple kprime to Gprime, result: Point1="Point1-1", Bat, then I multiply "kprime" to "curve gen", I get another result: Point1<>Point-3.

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

Bat, then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

How to get this Ponint 1 after computation after multiplying kprime to curve gen ?

How to modify code and what needed to add to code for finding exact Point-1 after multiplying kprime to curve gen ?

Maybe Chines reminder needed ?????

Very needed help.

How to modify code for find(calculate) exact generator of curve ?

This is FULL ready to run source source on pastebin https://pastebin.com/mCv0AHj7

How to get result=Point 1 result=Point1* after multiplying "kprime" to "curve gen" ? *

How to modify code and what needed to add to code for finding exact Point-1 Point1 after multiplying kprime to kprime to curve gen gen ? Maybe Chines Reminder needed ????? I'm Very needed help.

Then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1 (29071217121488582521608171944263315625701615497932907218591416908586258568965, -(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get This point Point-3 (17926030768548235702442204134974018188929283587000768925853022445872051613924 Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Then I multyple kprime to Gprime, result: Point1="Point1-1", Bat, then I multiply "kprime" to "curve gen", I get another result: Point1<>Point-3.

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551

nistp256r1_modulus = 2224 * (232 - 1) + 2192 + 296 - 1

nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC

nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)

nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)Bat, then I multiply kripe * Gprime I get need result.

...

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point-1Point1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point 1-1Point2(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

How to modify code for find(calculate) exact generator of curve ?

This is FULL ready to run source on pastebin https://pastebin.com/mCv0AHj7

Then I multyple kprime to Gprime, result: Point1="Point1-1", Bat, then I multiply "kprime" to "curve gen", I get false result: Point1<>Point-3.

Bat, then I multiply kprime * Gprime I get true result.

How to get result=Point1* after multiplying "kprime" to "curve gen" ?*

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve gen ? Maybe Chines Reminder needed ????? I'm Very needed help.

Then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get This point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Then I multyple kprime to Gprime, result: Point1="Point1-1", Bat, then I multiply "kprime" to "curve gen", I get another result: Point1<>Point-3.

Bat, then I multiply kripe * Gprime I get need result.

...

curve = nistp256r1

curve_order = nistp256r1_order

curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

these are "inputs" to the system. Only pubkey is known

privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

we generates the necessary malicious generator

kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

We can now verify that the we knows a private key corresponding

to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

Q==Q' True Point1(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point2(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902) Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

How to modify code for find(calculate) exact generator of curve ?

This is FULL ready to run source on pastebin https://pastebin.com/mCv0AHj7

Then I multyple kprime to Gprime, multiply kprime to Gprime, result: Point1="Point1-1", Bat, Point1=Point1-1, But, then I multiply "kprime" kprime to "curve gen", I get false result: Point1<>Point-3.

Bat, Point1<>Point-3.

But, then I multiply kprime * Gprime Gprime I get true result.

How to get result=Point1result * *Point1 after multiplying "kprime" kprime to "curve gen" ?*

How to modify code and what needed to add to code for finding exact Point1 Point1 after multiplying kprime to curve gen ? Maybe Chines Reminder needed ????? Chinese Remainder needed?? I'm Very needed help.

Then I multiply "kprime" to "curve gen", I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get This point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

...

...

curve = nistp256r1

nistp256r1 curve_order = nistp256r1_order

nistp256r1_order curve_gen = nistp256r1_gen

nistp256r1_gen CG = Zmod(curve_order)

Zmod(curve_order) ### these are "inputs" to the system. Only pubkey is known

known privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

curve_gen) ### we generates the necessary malicious generator

generator kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

Gprime = ZZ(kprimeinv) * Q

Q ### We can now verify that the we knows a private key corresponding

corresponding ### to the public key under their generator

generator newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime) print("Q==Q'", Qprime == Q) print(Qprime.xy()) print(Q.xy()) print(newpoint)

result:

print(newpoint)

Result:

Q==Q' True
Point1(29071217121488582521608171944263315625701615497932907218591416908586258568965, **Point1**(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902)
Point2(29071217121488582521608171944263315625701615497932907218591416908586258568965, **Point2**(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902)
Point3(17926030768548235702442204134974018188929283587000768925853022445872051613924 **Point3**(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1)

1)

How to modify code for find(calculate) exact generator of curve ?

This is FULL ready to run source on pastebin https://pastebin.com/mCv0AHj7

Then I multiply kprime to Gprime, result: Point1=Point1-1, .

But, then I multiply kprime to "curve gen", curve_gen, I get false result: Point1<>Point-3.

But, then I multiply kprime * Gprime I get true result.

How to get result *Point1 after multiplying kprime to "curve gen" curve_gen?* *

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve gen curve_gen? Maybe Chinese Remainder needed?? I'm Very needed help.needed??

Then I multiply "kprime" to "curve gen", kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get This this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

...
nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)
nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1
 curve_order = nistp256r1_order
 curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

### these are "inputs" to the system. Only pubkey is known
known 
privkey = CG.random_element()
Q = curve(ZZ(privkey) * curve_gen)

### we generates generate the necessary malicious generator

kprime = CG.random_element()
kprimeinv = kprime.inverse_of_unit() 

Gprime = ZZ(kprimeinv) * Q

### We can now verify that the we knows a private key corresponding
### to the public key under their generator
newpoint = curve(ZZ(kprime) * curve_gen)
Qprime = curve(ZZ(kprime) * Gprime)
print("Q==Q'", Qprime == Q)
print(Qprime.xy())
print(Q.xy())
print(newpoint)

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
**Point1**(29071217121488582521608171944263315625701615497932907218591416908586258568965, sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
**Point2**(29071217121488582521608171944263315625701615497932907218591416908586258568965, sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
**Point3**(17926030768548235702442204134974018188929283587000768925853022445872051613924 sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)

How to modify code for find(calculate) exact generator of curve ?

This is FULL ready to run source on pastebin https://pastebin.com/mCv0AHj7

Then I multiply kprime to Gprime, result: Point1=Point1-1.

But, then I multiply kprime to curve_gen, I get false result: Point1<>Point-3.

But, then I multiply kprime * Gprime I get true result.

How to get result *Point1 after multiplying kprime to curve_gen?*

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve_gen? Maybe Chinese Remainder needed??

Then I multiply kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)
nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1
curve_order = nistp256r1_order
curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

### these are "inputs" to the system. Only pubkey is known 
privkey = CG.random_element()
Q = curve(ZZ(privkey) * curve_gen)

### we generate the necessary malicious generator

kprime = CG.random_element()
kprimeinv = kprime.inverse_of_unit() 

Gprime = ZZ(kprimeinv) * Q

### We can now verify that the we knows a private key corresponding
### to the public key under their generator
newpoint = curve(ZZ(kprime) * curve_gen)
Qprime = curve(ZZ(kprime) * Gprime)
print("Q==Q'", Qprime == Q)
print(Qprime.xy())
print(Q.xy())
print(newpoint)

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)

How to modify code for find(calculate) to find (calculate) exact generator of curve?

I am doing elliptic curve ?

This cryptography with the curve "nist256r1".

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)
nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1
curve_order = nistp256r1_order
curve_gen = nistp256r1_gen

CG = Zmod(curve_order)


### These are "inputs" to the system. Only pubkey is FULL ready to run source on pastebin https://pastebin.com/mCv0AHj7

Then known privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen) ### We generate the necessary malicious generator kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit() Gprime = ZZ(kprimeinv) * Q ### We can now verify that the we knows a private key corresponding ### to the public key under their generator newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime)

When I multiply kprime to Gprime, result: Point1=Point1-1.

But, then when I multiply kprime to curve_gen, I get false result: Point1<>Point-3.

But, then when I multiply kprime * Gprime I get true result.

How to get result *Point1 after multiplying kprime to curve_gen?*

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve_gen? Maybe Chinese Remainder needed??

Then I multiply kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)
nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1
curve_order = nistp256r1_order
curve_gen = nistp256r1_gen

CG = Zmod(curve_order)

### these are "inputs" to the system. Only pubkey is known 
privkey = CG.random_element()
Q = curve(ZZ(privkey) * curve_gen)

### we generate the necessary malicious generator

kprime = CG.random_element()
kprimeinv = kprime.inverse_of_unit() 

Gprime = ZZ(kprimeinv) * Q

### We can now verify that the we knows a private key corresponding
### to the public key under their generator
newpoint = curve(ZZ(kprime) * curve_gen)
Qprime = curve(ZZ(kprime) * Gprime)
print("Q==Q'", Qprime == Q)
print(Qprime.xy())
print(Q.xy())
print(newpoint)

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)

How to modify code to find (calculate) exact generator of curve?

I am doing elliptic curve cryptography with the curve "nist256r1".

nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
nistp256r1_modulus = 2**224 * (2**32 - 1) + 2**192 + 2**96 - 1
nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

nistp256r1_field = GF(nistp256r1_modulus)
nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

curve = nistp256r1
curve_order = nistp256r1_order
curve_gen = nistp256r1_gen

CG = Zmod(curve_order)


### These are "inputs" to the system. Only pubkey is known 
privkey = CG.random_element()
Q = curve(ZZ(privkey) * curve_gen)

### We generate the necessary malicious generator

kprime = CG.random_element()
kprimeinv = kprime.inverse_of_unit() 

Gprime = ZZ(kprimeinv) * Q

### We can now verify that the we knows a private key corresponding
### to the public key under their generator

newpoint = curve(ZZ(kprime) * curve_gen)
Qprime = curve(ZZ(kprime) * Gprime)

When I multiply kprime to Gprime, result: Point1=Point1-1.

But, when I multiply kprime to curve_gen, I get false result: Point1<>Point-3.

But, when I multiply kprime * Gprime I get true result.

How to get result *Point1Point1 after multiplying kprime to curve_gen?*

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve_gen? Maybe Chinese Remainder needed??

Then When I multiply kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)

How to modify code to find (calculate) exact generator of curve?

I am doing elliptic curve cryptography with the curve "nist256r1".

Here is the code I am using, also available at pastebin:

  • https://pastebin.com/mCv0AHj7

    nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 nistp256r1_modulus = 2**224 * (2**32 2224 * (232 - 1) + 2**192 2192 + 2**96 296 - 1 nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

    nistp256r1_field = GF(nistp256r1_modulus) nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b]) [0,0,0,nistp256r1_a,nistp256r1_b])

    nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1) 1)

    curve = nistp256r1 curve_order = nistp256r1_order curve_gen = nistp256r1_gen nistp256r1_gen

    CG = Zmod(curve_order) ### Zmod(curve_order)

    These are "inputs" to the system. Only pubkey is known known

    privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen) ### curve_gen)

    We generate the necessary malicious generator generator

    kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

    Gprime = ZZ(kprimeinv) * Q ### Q

    We can now verify that the we knows a private key corresponding ### corresponding

    to the public key under their generator generator

    newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime)

Gprime)

When I multiply kprime to Gprime, result: Point1=Point1-1.

But, when I multiply kprime to curve_gen, I get false result: Point1<>Point-3.

But, when I multiply kprime * Gprime I get true result.

How to get result Point1 after multiplying kprime to curve_gen?

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve_gen? Maybe Chinese Remainder needed??

When I multiply kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)

How to modify code to find (calculate) exact generator of curve?

I am doing elliptic curve cryptography with the curve "nist256r1".

Here is the code I am using, also available at pastebin:

  • pastebin: https://pastebin.com/mCv0AHj7

    .

    nistp256r1_order = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
    nistp256r1_modulus = 2224 * (232 2**224 * (2**32 - 1) + 2192 2**192 + 296 2**96 - 1
    nistp256r1_a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
    nistp256r1_b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B

    0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B nistp256r1_field = GF(nistp256r1_modulus) nistp256r1 = EllipticCurve(nistp256r1_field, [0,0,0,nistp256r1_a,nistp256r1_b])

    [0,0,0,nistp256r1_a,nistp256r1_b]) nistp256r1_base_x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 nistp256r1_base_y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 nistp256r1_gen = nistp256r1(nistp256r1_base_x, nistp256r1_base_y, 1)

    1) curve = nistp256r1 curve_order = nistp256r1_order curve_gen = nistp256r1_gen

    nistp256r1_gen CG = Zmod(curve_order)

    Zmod(curve_order) ### These are "inputs" to the system. Only pubkey is known

    known privkey = CG.random_element() Q = curve(ZZ(privkey) * curve_gen)

    curve_gen) ### We generate the necessary malicious generator

    generator kprime = CG.random_element() kprimeinv = kprime.inverse_of_unit()

    Gprime = ZZ(kprimeinv) * Q

    Q ### We can now verify that the we knows a private key corresponding

    corresponding ### to the public key under their generator

    generator newpoint = curve(ZZ(kprime) * curve_gen) Qprime = curve(ZZ(kprime) * Gprime)

Gprime)

When I multiply kprime to Gprime, result: Point1=Point1-1.

But, when I multiply kprime to curve_gen, I get false result: Point1<>Point-3.

But, when I multiply kprime * Gprime I get true result.

How to get result Point1 after multiplying kprime to curve_gen?

How to modify code and what needed to add to code for finding exact Point1 after multiplying kprime to curve_gen? Maybe Chinese Remainder needed??

When I multiply kprime to curve gen, I get another point - I get not point Point-1-(29071217121488582521608171944263315625701615497932907218591416908586258568965, 59574170696980719976515868978945602886682382595455160870729457813974828581902),

and get this point Point3=(17926030768548235702442204134974018188929283587000768925853022445872051613924 : 31678060064977392800194523884536612241566631842713190224565644256881729064814 : 1).

Result:

sage: print("Q==Q'", Qprime == Q)
Q==Q' True
sage: print(Qprime.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(Q.xy())
(29071217121488582521608171944263315625701615497932907218591416908586258568965, 
59574170696980719976515868978945602886682382595455160870729457813974828581902)
sage: print(newpoint)
(17926030768548235702442204134974018188929283587000768925853022445872051613924
: 31678060064977392800194523884536612241566631842713190224565644256881729064814
: 1)