Cryptography Reference
In-Depth Information
Example 11.10
We initialize in Maple the “Curve P-256”, which is an elliptic curve
defined in [75] over a prime field corresponding to a 256-bit prime
p
256. This curve
is the following:
> p256 := 2ˆ256-2ˆ224+2ˆ192+2ˆ96-1:
P256 := EllipticCurve(-3,"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e\
27d2604b", p256):
We find a pseudo-random point on the curve as follows:
> RandomTools:-MersenneTwister:-SetState():
PseudoRandomEllipticPoint(P256);
[52363283436175358074013488409767837878347197462689483511863707423269106759043,
27472337617088078407452476606541569370768112101332662796790021121765772447346]
We may check that the point is indeed on the curve:
> IsEllipticPoint(%, P256);
true
11.2.4 Elliptic Curve Groups Over Prime Fields in Maple
In order to work with the group of rational points of an elliptic curve, we have to
implement the group operation and we do this for the case of a prime field (as before,
of characteristic
>
3).
11.2.4.1 Elliptic Curve Point Addition
The following Maple function implements point addition closely following the steps
indicated in Theorem 11.1. The input parameters are two points
P, Q
in the for-
mat output by
EllipticPoint
and an elliptic curve
E
in the format output by
EllipticCurve
, and the output is the result of adding the two points. If either of
these points does not belong to the curve, an error message is returned.
> EllipticAdd := proc(P::{list,identical(0)}, Q::{list,identical(0)},
E::list(integer))
local p, x1, y1, x2, y2, a, b, m, x3, y3;
if not andmap(x -> IsEllipticPoint(x, E), [P, Q]) then
error "both points must be on the curve"
end if;
ifP=0then
return Q
elif Q = 0 then
return P
end if;
p := E[3];
x1 := P[1] mod p;
y1 := P[2] mod p;
x2 := Q[1] mod p;
y2 := Q[2] mod p;
if x1 = x2 and y1 = -y2 mod p then
return 0
