def testWeilPairing(self):
# this example was refered to Washington.
e = elliptic.EC([0, 2], 7)
P = [5, 1]
Q = [0, 3]
R = e.WeilPairing(3, P, Q)
self.assertEqual(finitefield.FinitePrimeFieldElement(2, 7), R)
# test case of extension field, characteristic 7
p = 7
r = 11
F = finitefield.FinitePrimeField(p)
PX = uniutil.polynomial({0:3,1:3,2:2,3:1,4:4,5:1,6:1,10:1},F)
Fx = finitefield.FiniteExtendedField(p,PX)
E = elliptic.EC([F.one,-F.one],F)
Ex = elliptic.EC([Fx.one,-Fx.one],Fx)
P = [3,6]
assert E.whetherOn(P)
assert Ex.whetherOn(P)
assert E.mul(11,P) == E.infpoint
Qxcoord = Fx.createElement(6*7**9+7**8+7**6+6*7**3+6*7**2+7+6)
Qycoord = Fx.createElement(3*7**9+6*7**8+4*7**7+2*7**6+5*7**4+5*7**3+7**2+7+3)
Q = [Qxcoord,Qycoord]
assert Ex.whetherOn(Q)
assert Ex.mul(11,Q) == Ex.infpoint
w = Ex.WeilPairing(11, P, Q)
Wp = Fx.createElement(7**9 + 5*7**8 + 4*7**7 + 2*7**5 + 7**4 + 6*7**2)
assert w == Wp
def testOrder(self):
d = elliptic.EC([2, 6], 7)
e = elliptic.EC([1, 3], 7)
f = elliptic.EC([11, 3], 13)
self.assertEqual(11, d.order())
self.assertEqual(6, e.order())
self.assertEqual(13, f.order())
def testPoint(self):
d = elliptic.EC([2, 6], 7)
e = elliptic.EC([1, 3], 7)
f = elliptic.EC([11, 3], 13)
self.assertTrue(d.whetherOn(d.point()))
self.assertTrue(e.whetherOn(e.point()))
self.assertTrue(f.whetherOn(f.point()))
def testStructure(self):
# this example was rechecked by MAGMA.
e = elliptic.EC([0, 4], 997)
f = elliptic.EC([-1, 0], 65537)
g = elliptic.EC([0, 1], 65537)
self.assertEqual((12, 84), e.structure())
self.assertEqual((256, 256), f.structure())
self.assertEqual((1, 65538), g.structure())
def testEqualCh19(self):
e = elliptic.EC([2, 1], 19)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof)
e = elliptic.EC([2, 5], 19)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof)
def testEqualCh7(self):
e = elliptic.EC([1, 4], 7)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof, str(e))
e = elliptic.EC([2, 0], 7)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof, str(e))
e = elliptic.EC([1, 3, 4, 0, 1], 7)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof, repr(e)) # see EllipticTest.testStr
def testEqualCh5(self):
e = elliptic.EC([1, 4], 5)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof)
e = elliptic.EC([2, 0], 5)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof)
e = elliptic.EC([1, 3, 4, 0, 1], 5)
byNaive = e.naive()
bySchoof = e.Schoof()
self.assertEqual(byNaive, bySchoof)
def setUp(self):
self.a = elliptic.EC([0,-1,1,0,0], 0)
self.b = elliptic.EC([1,0], 0)
self.c = elliptic.EC([0,17], 0)
self.P1 = list(map(rational.Rational,[-2,3]))
self.P2 = list(map(rational.Rational,[-1,4]))
self.P3 = list(map(rational.Rational,[2,5]))
self.P4 = list(map(rational.Rational,[4,9]))
self.P5 = list(map(rational.Rational,[8,23]))
self.P6 = list(map(rational.Rational,[43,282]))
self.P7 = list(map(rational.Rational,[52,375]))
self.P8 = list(map(rational.Rational,[5234,378661]))
def testEqualCh233(self):
e = elliptic.EC([2, 1], 233)
byNaive = e.naive()
byShanksMestre = e.Shanks_Mestre()
bySchoof = e.Schoof()
self.assertEqual(byNaive, byShanksMestre)
self.assertEqual(byNaive, bySchoof)
# bug #2281173
e = elliptic.EC([2, 5], 233)
byNaive = e.naive()
byShanksMestre = e.Shanks_Mestre()
bySchoof = e.Schoof()
self.assertEqual(byNaive, byShanksMestre)
self.assertEqual(byNaive, bySchoof)
def testLine(self):
# FIXME: need more appropriate tests
e = elliptic.EC([0, 0, 1, -1, 0], 17)
P = [0, 0]
self.assertEqual(e.basefield.zero, e.line(P, P, P))
P2 = e.mul(2, P)
self.assertEqual(e.basefield.zero, e.line(P, P2, e.mul(-1, e.add(P, P2))))
def testEqualCh65537(self):
# 65537 is too large for naive method.
e = elliptic.EC([0, 1], 65537) # supersingular curve
byShanksMestre = e.Shanks_Mestre()
bySchoof = e.Schoof()
self.assertEqual(0, byShanksMestre)
self.assertEqual(0, bySchoof)
def testEqualCh311(self):
e = elliptic.EC([12, 179], 311)
byNaive = e.naive()
byShanksMestre = e.Shanks_Mestre()
bySchoof = e.Schoof()
self.assertEqual(byNaive, byShanksMestre)
self.assertEqual(byNaive, bySchoof)
def testDivPoly(self):
E = elliptic.EC([3, 4], 101)
F101 = finitefield.FinitePrimeField.getInstance(E.ch)
D = ({-1:uniutil.polynomial({0:-1}, F101),
0:uniutil.polynomial({}, F101),
1:uniutil.polynomial({0:1}, F101),
2:uniutil.polynomial({0:2}, F101),
3:uniutil.polynomial({0:92, 1:48, 2:18, 4:3}, F101),
4:uniutil.polynomial({0:188, 1:10, 2:22, 3:118, 4:60, 6:4}, F101),
5:uniutil.polynomial({0:48, 1:58, 2:53, 3:60, 4:28, 5:93, 6:79,
7:52, 8:65, 9:5, 10:85, 12:5}, F101),
6:uniutil.polynomial({0:18, 1:24, 2:88, 3:32, 4:128, 5:44, 6:152,
7:56, 8:84, 9:192, 10:174, 12:114, 13:124,
14:28, 16:6}, F101),
7:uniutil.polynomial({0:94, 1:77, 2:87, 3:65, 4:97, 5:45, 6:80,
7:22, 8:44, 9:76, 10:5, 11:49, 12:49, 13:74,
14:76, 15:53, 16:69, 17:47, 18:63, 19:70,
20:78, 21:20, 22:15, 24:7}, F101),
8:uniutil.polynomial({0:32, 1:100, 2:58, 3:20, 4:124, 5:160, 6:82,
7:132, 8:158, 9:96, 10:154, 11:106, 12:134,
13:140, 14:10, 15:36, 16:72, 17:56, 18:116,
19:190, 20:134, 21:182, 22:74, 23:186, 24:50,
25:186, 26:122, 27:68, 28:136, 30:8}, F101)},
[2, 3, 5, 7])
self.assertEqual(D, E.divPoly([]))
def testTatePairing(self):
# this example was refered to Washington.
# note that Tate pairing is only defined
# up to a multiple by an lth power.
e = elliptic.EC([-1, 1], 11)
self.assertEqual(10, e.order())
P = list(map(e.basefield.createElement,[3, 6]))
R = e.TatePairing(5, P, P)
l = list(map(finitefield.FinitePrimeFieldElement, [5, 6], [11]*2))
self.assertTrue(R in l, R)
def testTatePairing_Extend(self):
# this example was refered to Kim Nguyen.
e = elliptic.EC([0, 4], 997)
P = [0, 2]
Q = [747, 776]
R = e.TatePairing_Extend(3, P, P)
W1 = e.TatePairing_Extend(3, P, Q)
W2 = e.TatePairing_Extend(3, Q, P)
self.assertEqual(e.basefield.one, R)
self.assertEqual(finitefield.FinitePrimeFieldElement(304, 997), W1)
self.assertEqual(W1, W2.inverse())
def testWeilPairingIsFunction(self):
# e2 is isomorphic to Z/256 x Z/256
F_65537 = finitefield.FinitePrimeField(65537)
e2 = elliptic.EC([-1, 0], F_65537)
P1 = list(map(F_65537.createElement, [30840, 53250]))
self.assertFalse(256 % e2.pointorder(P1))
P2 = list(map(F_65537.createElement, [10657, 46245]))
self.assertFalse(256 % e2.pointorder(P2))
weil10 = set(e2.WeilPairing(256, P1, P2) for i in range(10))
# since Weil pairing is a function, the result is always same
self.assertEqual(1, len(weil10))
# Weil pairing is a function E[m]xE[m] -> mu_m
self.assertEqual(e2.basefield.one, weil10.pop()**256)
def testChangePoint(self):
self.assertEqual([-1, 1], elliptic.EC([1, 2], 0).changePoint([1, 2], [1, 2, 3, 4]))
def testChangeCurve(self):
self.assertEqual('y ** 2 + 6/1 * x * y + 8/1 * y = x ** 3 - 3/1 * x ** 2 - 10/1 * x',
str(elliptic.EC([2, 4], 0).changeCurve([1, 2, 3, 4])))
def testCh5(self):
e = elliptic.EC([1, 4], 5)
self.assertEqual(5 + 1 - e.trace(), e.order())
def testSimple(self):
self.assertEqual('y ** 2 = x ** 3 - 432/1 * x + 8208/1', str(self.a.simple()))
# ch > 0
e = elliptic.EC([1, 1, 1, 3, 4], 7)
self.assertTrue(e.simple())
def testStr(self):
e = elliptic.EC([1, 3, 4, 0, 1], 7)
self.assertTrue(str(e))
