def generate_montgomery_curve_from_weierstrass(wa, wb, wx, wy, p):
from sympy.polys.domains import ZZ
import sympy
from sympy.polys.galoistools import gf_factor
f = [1, 0, wa, wb]
sympy.Poly.from_list(f, sympy.Symbol('x'))
factor = gf_factor(f, p, ZZ)
x = None
for r in factor: # f*****g sympy
if isinstance(r, list):
for root in r:
if len(root) == 2 \
and len(root[0]) == 2 \
and gmpy2.jacobi(3 * ((p - root[0][-1]) ** 2) + wa, p) == 1:
x = p - root[0][-1]
break
assert x is not None
s = sqrt1(gmpy2.invert(3 * x**2 + wa, p), p)
mb = s
ma = (3 * x * s) % p
mx = (s * (wx - x)) % p
my = (s * wy) % p
return (ma, p - ma), (mb, p - mb), (mx, p - mx), (my, p - my)
def check(self, f, min_p=2, max_p=30):
# checking through few small primes to see if it is perhaps
# either irreducible in one of those, or the degrees of irreducible factors
# are imcompatible
from sympy.polys.galoistools import gf_factor
from sympy.polys.domains import ZZ
from sympy import primerange
irreduc_factors_degrees = {}
irreduc_primes = []
for p in primerange(min_p, max_p + 1):
try:
irreduc_factors = gf_factor(f.all_coeffs(), p, ZZ)
degrees = []
for x in irreduc_factors[1]:
pol = x[0]
e = x[1]
degrees += e * [(len(pol) - 1)]
if len(degrees) == 1:
# irreducible by p...
irreduc_primes.append(p)
# store irreducibility factors degrees for later
irreduc_factors_degrees[p] = degrees
except sympy.polys.polyerrors.NotInvertible:
pass
res = {}
if irreduc_primes:
res["p"] = irreduc_primes
# check if the degrees are compatible, first for degrees in Fp[x], we calculate by summing
# all possible degrees of irreducible factors in Z[x]
sums = {}
trivial = set(range(1, f.degree() + 1))
for p in irreduc_factors_degrees:
sums_p = subsets_sums(irreduc_factors_degrees[p])
if sums_p != trivial:
sums[p] = sums_p
if not sums:
return UNKNOWN, None
# then if intersection of these is empty or {deg(f)}, then lesser degree factor is impossible
# thus polynomial will have to be irreducible
inter = set.intersection(*list(sums.values()))
if f.degree() in inter:
inter.remove(f.degree())
if not inter:
# intersection is empty, imcompatible factors!
res["degrees"] = sums
if res:
return IRREDUCIBLE, res
return UNKNOWN, None
def dup_gf_factor(f, K):
"""Factor univariate polynomials over finite fields. """
f = dup_convert(f, K, K.dom)
coeff, factors = gf_factor(f, K.mod, K.dom)
for i, (f, k) in enumerate(factors):
factors[i] = (dup_convert(f, K.dom, K), k)
return K.convert(coeff, K.dom), factors
def dup_gf_factor(f, K):
"""Factor univariate polynomials over finite fields. """
f = dup_convert(f, K, K.dom)
coeff, factors = gf_factor(f, K.mod, K.dom)
for i, (f, k) in enumerate(factors):
factors[i] = (dup_convert(f, K.dom, K), k)
return K.convert(coeff, K.dom), factors
def test_gf_factor():
assert gf_factor([], 11, ZZ) == (0, [])
assert gf_factor([1], 11, ZZ) == (1, [])
assert gf_factor([1,1], 11, ZZ) == (1, [([1, 1], 1)])
assert gf_factor_sqf([], 11, ZZ) == (0, [])
assert gf_factor_sqf([1], 11, ZZ) == (1, [])
assert gf_factor_sqf([1,1], 11, ZZ) == (1, [[1, 1]])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor_sqf([], 11, ZZ) == (0, [])
assert gf_factor_sqf([1], 11, ZZ) == (1, [])
assert gf_factor_sqf([1,1], 11, ZZ) == (1, [[1, 1]])
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor_sqf([], 11, ZZ) == (0, [])
assert gf_factor_sqf([1], 11, ZZ) == (1, [])
assert gf_factor_sqf([1,1], 11, ZZ) == (1, [[1, 1]])
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor_sqf([], 11, ZZ) == (0, [])
assert gf_factor_sqf([1], 11, ZZ) == (1, [])
assert gf_factor_sqf([1,1], 11, ZZ) == (1, [[1, 1]])
f, p = [1,0,0,1,0], 2
g = (1, [([1, 0], 1),
([1, 1], 1),
([1, 1, 1], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
g = (1, [[1, 0],
[1, 1],
[1, 1, 1]])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor_sqf(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor_sqf(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor_sqf(f, p, ZZ) == g
f, p = gf_from_int_poly([1,-3,1,-3,-1,-3,1], 11), 11
g = (1, [([1, 1], 1),
([1, 5, 3], 1),
([1, 2, 3, 4], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
f, p = [1, 5, 8, 4], 11
g = (1, [([1, 1], 1), ([1, 2], 2)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
f, p = [1, 1, 10, 1, 0, 10, 10, 10, 0, 0], 11
g = (1, [([1, 0], 2), ([1, 9, 5], 1), ([1, 3, 0, 8, 5, 2], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
f, p = gf_from_dict({32: 1, 0: 1}, 11, ZZ), 11
g = (1, [([1, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 10], 1),
([1, 0, 0, 0, 0, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 10], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
f, p = gf_from_dict({32: 8, 0: 5}, 11, ZZ), 11
g = (8, [([1, 3], 1),
([1, 8], 1),
([1, 0, 9], 1),
([1, 2, 2], 1),
([1, 9, 2], 1),
([1, 0, 5, 0, 7], 1),
([1, 0, 6, 0, 7], 1),
([1, 0, 0, 0, 1, 0, 0, 0, 6], 1),
([1, 0, 0, 0, 10, 0, 0, 0, 6], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
f, p = gf_from_dict({63: 8, 0: 5}, 11, ZZ), 11
g = (8, [([1, 7], 1),
([1, 4, 5], 1),
([1, 6, 8, 2], 1),
([1, 9, 9, 2], 1),
([1, 0, 0, 9, 0, 0, 4], 1),
([1, 2, 0, 8, 4, 6, 4], 1),
([1, 2, 3, 8, 0, 6, 4], 1),
([1, 2, 6, 0, 8, 4, 4], 1),
([1, 3, 3, 1, 6, 8, 4], 1),
([1, 5, 6, 0, 8, 6, 4], 1),
([1, 6, 2, 7, 9, 8, 4], 1),
([1, 10, 4, 7, 10, 7, 4], 1),
([1, 10, 10, 1, 4, 9, 4], 1)])
config.setup('GF_FACTOR_METHOD', 'berlekamp')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
# Gathen polynomials: x**n + x + 1 (mod p > 2**n * pi)
p = ZZ(nextprime(int((2**15 * pi).evalf())))
f = gf_from_dict({15: 1, 1: 1, 0: 1}, p, ZZ)
assert gf_sqf_p(f, p, ZZ) == True
g = (1, [([1, 22730, 68144], 1),
([1, 81553, 77449, 86810, 4724], 1),
([1, 86276, 56779, 14859, 31575], 1),
([1, 15347, 95022, 84569, 94508, 92335], 1)])
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
g = (1, [[1, 22730, 68144],
[1, 81553, 77449, 86810, 4724],
[1, 86276, 56779, 14859, 31575],
[1, 15347, 95022, 84569, 94508, 92335]])
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor_sqf(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor_sqf(f, p, ZZ) == g
# Shoup polynomials: f = a_0 x**n + a_1 x**(n-1) + ... + a_n
# (mod p > 2**(n-2) * pi), where a_n = a_{n-1}**2 + 1, a_0 = 1
p = ZZ(nextprime(int((2**4 * pi).evalf())))
f = [1, 2, 5, 26, 41, 39, 38]
assert gf_sqf_p(f, p, ZZ) == True
g = (1, [([1, 44, 26], 1),
([1, 11, 25, 18, 30], 1)])
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor(f, p, ZZ) == g
g = (1, [[1, 44, 26],
[1, 11, 25, 18, 30]])
config.setup('GF_FACTOR_METHOD', 'zassenhaus')
assert gf_factor_sqf(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'shoup')
assert gf_factor_sqf(f, p, ZZ) == g
config.setup('GF_FACTOR_METHOD', 'other')
raises(KeyError, lambda: gf_factor([1,1], 11, ZZ))
config.setup('GF_FACTOR_METHOD')