def equiv_c(self, ec, m=0):
if m == 0:
p = Point()
p.x = 0
p.y = 1
p.z = 0
return (self.equiv_c(ec, p))
if self.z == 0 or m.z == 0:
if self.z == 0 and m.z == 0:
return True
else:
return False
temp = f_inv(ec.q, m.z)
s_temp = f_inv(ec.q, self.z)
self_x = f_mult(ec.q, (int)(self.x), s_temp)
self_y = f_mult(ec.q, (int)(self.y), s_temp)
m_x = f_mult(ec.q, m.x, m.z)
m_y = f_mult(ec.q, m.y, m.z)
if ec.q > 0:
if m_x % (ec.q) == self_x % (ec.q) and (m_y %
(ec.q)) == self_y % ec.q:
return True
else:
return False
else:
if m_x == self_x and m_y == self_y:
return True
else:
return False
def sign(ec, r, G, a, m):
k = np.random.randint(1, r)
rpoint = ec.scale(G, k)
s = f_inv(r, k)
temp = f_mult(r, a, rpoint.x)
temp = f_add(r, m, temp)
s = f_mult(r, s, temp)
return m, rpoint, s
def verify(ec, r, G, Q, m, rpoint, s):
u_1 = f_mult(r, f_inv(r, s), m)
u_2 = f_mult(r, f_inv(r, s), rpoint.x)
v = ec.scale(G, u_1)
temp = ec.scale(Q, u_2)
v = ec.add(v, temp)
if v.equiv_c(ec, rpoint):
return True
else:
return False
def add(self, x, y, fac=0):
if ec.verify(x) != True:
print("This is not on the curve.")
return 0
if ec.verify(y) != True:
print("This is not on the curve.")
return 0
if y.z == 0:
return x
elif x.z == 0:
return y
else:
q = self.q
x_1 = x.plane()[0]
y_1 = x.plane()[1]
x_2 = y.plane()[0]
y_2 = y.plane()[1]
ret = Point()
if x_1 != x_2:
m = f_add(self.q, y_2, -y_1)
m = f_mult(self.q, m,
f_inv(self.q, f_add(self.q, x_2, -x_1), fac))
x_3 = f_mult(q, m, m)
x_3 = f_add(q, x_3, -x_1)
x_3 = f_add(q, x_3, -x_2)
y_3 = f_add(q, x_1, -x_3)
y_3 = f_mult(q, m, y_3)
y_3 = f_add(q, y_3, -y_1)
elif y_1 != y_2:
ret.x = 0
ret.y = 1
ret.z = 0
return ret
elif y_1 != 0: #P_1 = P_2, y_1 != 0
m = f_mult(q, 3, x_1)
m = f_mult(q, m, x_1)
m = f_add(q, m, self.b)
div = f_mult(q, 2, y_1)
m = f_mult(q, m, f_inv(q, div, fac))
#print(m)
x_3 = f_mult(q, m, m)
x_3 = f_add(q, x_3, -x_1)
x_3 = f_add(q, x_3, -x_1)
y_3 = f_add(q, x_1, -x_3)
y_3 = f_mult(q, m, y_3)
y_3 = f_add(q, y_3, -y_1)
elif y_1 == 0:
ret.x = 0
ret.y = 1
ret.z = 0
return ret
ret.x = x_3
ret.y = y_3
ret.z = 1
return ret
def rand(
self): #pick a random point on this ec. TODO: Prime power support.
y_0 = False
while (y_0 == False):
x_0 = np.random.randint(0, self.q)
y_square = f_mult(self.q, x_0, x_0)
y_square = f_mult(self.q, x_0, y_square)
temp = f_mult(self.q, x_0, self.b)
y_square = f_add(self.q, temp, y_square)
y_square = f_add(self.q, y_square, self.c)
y_0 = f_sqrt(self.q, y_square)
r = Point()
r.x = x_0
r.y = y_0
r.z = 1
return r
def h_func(ec, p, q):
p_x = p.plane()[0]
p_y = p.plane()[1]
q_x = q.plane()[0]
q_y = q.plane()[1]
x, y = sp.symbols('x y')
if p_x == q_x and p_y != q_y:
h_pqn = x - p_x
h_pqd = 1
else:
if p_x == q_x and p_y == q_y and p_y == 0:
h_pqn = x - p_x
h_pqd = 1
else:
if p_x == q_x and p_y == q_y:
m = (3*p_x*p_x + ec.b)/(2*p_y)
m = f_mult(ec.q, p_x, p_x)
temp = f_add(ec.q, m, m)
m = f_add(ec.q, m, temp)
m = f_add(ec.q, m, ec.b)
temp = f_add(ec.q, p_y, p_y)
m = f_mult(ec.q, m, f_inv(ec.q, temp))
#print("yay")
else:
m = f_add(ec.q, q_y, -p_y)
temp = f_add(ec.q, q_x, -p_x)
#print("this is m")
#print(m)
#print("this is inv")
#print(f_inv(ec.q, temp))
m = f_mult(ec.q, m, f_inv(ec.q, temp))
temp = f_add(ec.q, p_x, q_x)
temp1 = f_mult(ec.q, m, m)
temp = f_add(ec.q, temp, -temp1)
h_pqn = (y - p_y - m*(x -p_x))
h_pqd = (x + temp)
return h_pqn, h_pqd
def weil(ec, p, q, m, s): #s is any point on the curve not P, -Q, P-Q, O
#Verify p, q are m-torsion points, and on curve
if ec.verify(p) == False or ec.verify(q) == False:
return "At least one point is not on the curve"
mp = ec.scale(p, m)
mq = ec.scale(q, m)
if mp.equiv_c(ec) != True:
return "P is not an m-torsion point"
if mq.equiv_c(ec) != True:
return "Q is not an m-torsion point"
x,y = sp.symbols('x y')
f_pn, f_pd = millers_algorithm(ec, p, m)
f_qn, f_qd = millers_algorithm(ec, q, m)
found = False
while found == False:#Find an s such that s notin {O, P, -Q, P-Q} to prevent
#degeneracy of the weil computations.
s = ec.rand()
q.neg()
if s.equiv_c(ec):
found = False
elif s.equiv_c(ec, p):
found = False
elif s.equiv_c(ec, q):
found = False
elif s.equiv_c(ec, ec.add(p, q)):
found = False
else:
found = True
q.neg()
ps = ec.add(q, s)
neg = ec_curves.Point()
neg.x = s.x
neg.y = -s.y
neg.z = s.z
qs = ec.add(p, neg)
num = f_pn.subs([(x, ps.plane()[0]), (y, ps.plane()[1])])
num = f_mult(ec.q, num, f_inv(ec.q, f_pd.subs([(x, ps.plane()[0]),
(y, ps.plane()[1])])))
den = f_pn.subs([(x, s.plane()[0]), (y, s.plane()[1])])
den = f_mult(ec.q, den, f_inv(ec.q, f_pd.subs([(x, s.plane()[0]),
(y, s.plane()[1])])))
num2 = f_qn.subs([(x, qs.plane()[0]), (y, qs.plane()[1])])
num2 = f_mult(ec.q, num2, f_inv(ec.q, f_qd.subs([(x,
qs.plane()[0]), (y, qs.plane()[1])])))
den2 = f_qn.subs([(x, neg.plane()[0]), (y, neg.plane()[1])])
den2 = f_mult(ec.q, den2, f_inv(ec.q, f_qd.subs([(x,
neg.plane()[0]), (y, neg.plane()[1])])))
num = f_mult(ec.q, num, den2)
den = f_mult(ec.q, den, num2)
ret = f_mult(ec.q, num, f_inv(ec.q, den))
print("Weil: " + str(ret))
return(ret)