[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Elliptic Curve Y2 = x3 + a * x**2 + b

To: [email protected] (Wei Dai)
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
From: [email protected] (Mark Chen)
Date: Sat, 31 Aug 1996 19:50:59 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from Wei Dai at "Aug 29, 96 12:59:25 pm"
Reply-To: [email protected]
Sender: [email protected]

Wei Dai writes:
> On Thu, 29 Aug 1996, Tom Rollins wrote:
> 
> > Questions are:
> > 
> >   1: How can I take the suqare root mod p ?
> 
> Here's some C++ code for taking modular square roots:
> 
> Integer ModularSquareRoot(const Integer &a, const Integer &p)
> {
> 	if (p%4 == 3)
> 		return a_exp_b_mod_c(a, (p+1)/4, p);
> 
> 	Integer q=p-1;
> 	unsigned int r=0;
> 	while (q%2==0)   // while q is even
> 	{
> 		r++;
> 		q >>= 1;
> 	}
> 
> 	Integer n=2;
> 	while (Jacobi(n, p) != -1)
> 		++n;
> 
> 	Integer y = a_exp_b_mod_c(n, q, p);
> 	Integer x = a_exp_b_mod_c(a, (q-1)/2, p);
> 	Integer b = (x.Square()%p)*a%p;
> 	x = a*x%p;
> 	Integer tempb, t;
> 
> 	while (b != 1)
> 	{
> 		unsigned m=0;
> 		tempb = b;
> 		do
> 		{
> 			m++;
> 			b = b.Square()%p;
> 			if (m==r)
> 				return Integer::ZERO;
> 		}
> 		while (b != 1);
> 
> 		t = y;
> 		for (unsigned i=0; i<r-m-1; i++)
> 			t = t.Square()%p;
> 		y = t.Square()%p;
> 		r = m;
> 		x = x*t%p;
> 		b = tempb*y%p;
> 	}
> 
> 	assert(x.Square()%p == a);
> 	return x;
> }
> 
> >   2: How to determine if a solution exists for a
> >      selected value of x ?
> 
> The Jacobi symbol tells you whether x has a square root mod p:
> 
> // if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is
> // quadratic residue mod b, -1 otherwise
> // check a number theory book for what Jacobi symbol means when b is not
> // prime
> 
> int Jacobi(const Integer &aIn, const Integer &bIn)
> {
>     assert(bIn[0]==1);
> 
>     Integer b = bIn, a = aIn%bIn;
>     int result = 1;
> 
>     while (!!a)
>     {
> 	unsigned i=0;
> 	while (a[i]==0)
> 		i++;
> 	a>>=i;
> 
> 	if (i%2==1 && (b%8==3 || b%8==5))
> 		result = -result;
> 
>         if (a%4==3 && b%4==3)
>             result = -result;
> 
>         swap(a, b);
>         a %= b;
>     }
> 
>     return (b==1) ? result : 0;
> }
> 
> >   3: Is the a simpler method than find a square root ?
> 
> I don't think so.  Let me know if you do find one.

If you work in GF(2^m), you can use a normal basis representation
which allows you to do much faster math.  Squaring, for example,
becomes a simple rotation.

There are also very efficient algorithms for computing inverses and
solving quadratics.

These speedups currently account for most of the performance
improvements which elliptic curve systems offer over their
integer-field counterparts.

   - Mark -


--
Mark Chen 
415/341-5539
[email protected]
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D

References:
- Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
  - From: Wei Dai <[email protected]>

Prev by Date: Re: Anti-Racist Laws Stifle Political Liberty
Next by Date: Re: Penet Bites the Dust
Prev by thread: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Next by thread: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Index(es):
- Date
- Thread

Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b

Re: Elliptic Curve Y2 = x3 + a * x**2 + b