From f554dfc7088c6ca8d4aff927a51bd889b29dc186 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Wed, 25 Nov 2020 13:50:40 +0100 Subject: [PATCH] sage: Reorganize files * Move curve parameters to separate file * Rename main prover script for clarity --- sage/gen_exhaustive_groups.sage | 7 +--- ....sage => prove_group_implementations.sage} | 0 sage/secp256k1_params.sage | 32 +++++++++++++++++++ 3 files changed, 33 insertions(+), 6 deletions(-) rename sage/{secp256k1.sage => prove_group_implementations.sage} (100%) create mode 100644 sage/secp256k1_params.sage diff --git a/sage/gen_exhaustive_groups.sage b/sage/gen_exhaustive_groups.sage index 3c3c984811e3a..01d15dcdeac56 100644 --- a/sage/gen_exhaustive_groups.sage +++ b/sage/gen_exhaustive_groups.sage @@ -1,9 +1,4 @@ -# Define field size and field -P = 2^256 - 2^32 - 977 -F = GF(P) -BETA = F(0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee) - -assert(BETA != F(1) and BETA^3 == F(1)) +load("secp256k1_params.sage") orders_done = set() results = {} diff --git a/sage/secp256k1.sage b/sage/prove_group_implementations.sage similarity index 100% rename from sage/secp256k1.sage rename to sage/prove_group_implementations.sage diff --git a/sage/secp256k1_params.sage b/sage/secp256k1_params.sage new file mode 100644 index 0000000000000..ad77f7b4e3975 --- /dev/null +++ b/sage/secp256k1_params.sage @@ -0,0 +1,32 @@ +"""Prime order of finite field underlying secp256k1 (2^256 - 2^32 - 977)""" +P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F + +"""Finite field underlying secp256k1""" +F = FiniteField(P) + +"""Elliptic curve secp256k1: y^2 = x^3 + 7""" +C = EllipticCurve([F(0), F(7)]) + +"""Base point of secp256k1""" +G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) + +"""Prime order of secp256k1""" +N = C.order() + +"""Finite field of scalars of secp256k1""" +Z = FiniteField(N) + +""" Beta value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)""" +BETA = F(2)^((P-1)/3) + +""" Lambda value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)""" +LAMBDA = Z(3)^((N-1)/3) + +assert is_prime(P) +assert is_prime(N) + +assert BETA != F(1) +assert BETA^3 == F(1) + +assert LAMBDA != Z(1) +assert LAMBDA^3 == Z(1)