     |
ECB - Elliptic Curve Builder
ECB is a generator of elliptic curves that are intended for cryptographical purposes. The curves, over GF(P) or over GF(2n), are generated using the so-called complex multiplication method.
 |
Properties of a curve created with ECB
- Over GF(P):
- equation y2 = x3 + Ax + B;
- the order is U = R*S with S smooth and R a BPSW (Baillie, Pomerance, Selfridge & Wagstaff) pseudoprime;
- the binary size of the prime modulus P may be any in 33..512.
- Over GF(2n):
- equation y2 + xy = x3 + Ax2 + B;
- the order is U = R*S with S smooth and R a BPSW pseudoprime;
- the field degree n may be any in 33..512;
- the basis of the Galois field GF(2n) may be standard or normal (ECB works with any normal basis, i.e., not with Gaussian normal ones only).
Parameters ---------- P = 1019822425152210877949330633665510840063159640183534239657159 Discriminant = -4795 ClassNumber = 12 GenusNumber = 4 Order U = R*S with R pseudoprime -------------------------------- U = 1019822425152210877949330633665852523887456813016356781051489 R = 1019822425152210877949330633665852523887456813016356781051489 S = 1 U binary size = 200 R binary size = 200 S binary size = 1 MOV condition ------------- Critical threshold = 9 Checked up to 90 Class polynomial factors (mod P) -------------------------------- 4 degree-3 factors Q[0,3] = 1 Q[0,2] = -51301909889103105518557739260410974945123278680757771165551 Q[0,1] = 203140187800760456277975346098939541777078420050677780522614 Q[0,0] = 157393450616952842640789376196480017027311559331146838010293 Q[1,3] = 1 Q[1,2] = -221464647713733972198313197735350330768209631792833519826722 Q[1,1] = -493391488304099658627321820776239905549208696629748816608785 Q[1,0] = 176474156382251622839199572981140811737773836081256699007592 Q[2,3] = 1 Q[2,2] = 417737094469226266125825449978473286079956234071397612902226 Q[2,1] = -478901429125546897311130756345914755871078558287527942999170 Q[2,0] = -431729822970909185721018313233740050908158871225181869919599 Q[3,3] = 1 Q[3,2] = -144970536866389188408954512982711980366623323566416508887875 Q[3,1] = -250669695523324778288853402642295720419950805763842694166244 Q[3,0] = 97862215971704720241029364056119222143073482409592172670972 Root of Q over GF(P) -------------------- Z = 190987801642575392101911874518786930511677216775326746406031 Curve of order R*S over GF(P) ----------------------------- P = 1019822425152210877949330633665510840063159640183534239657159 R = 1019822425152210877949330633665852523887456813016356781051489 S = 1 A = -3 B = 506780569080129316469714699295613600568636592675898205448554 Point of Order R ---------------- X = 688276248190153899136892823075396429936228002705782769474491 Y = 315213794215586947062208847855771128161518503723629003807235 |
Parameters ---------- Field degree = 191 Discriminant = -564127 Order U = R*S with R pseudoprime -------------------------------- U = 3138550867693340381917894711531278116929969738635840702322 R = 1569275433846670190958947355765639058464984869317920351161 S = 2 U binary size = 191 R binary size = 190 S binary size = 2 MOV condition ------------- Critical threshold = 9 Checked up to 90 Class polynomial (mod 2) ------------------------ Degree = 191 W = EC92F4A31A57C50F6031A2FA59ED0350A61C7BB051D1EBAD W is irreducible over GF(2) Field GF(2^191) --------------- Field polynomial = [191,9,0] Basis type = Standard Root of W over GF(2^191) ------------------------ Z = E3E9AF02AF5BB0F5496B7DA70744FFDBB39A1007E52BC13 Curve of order R*S over GF(2^191) --------------------------------- R = 1569275433846670190958947355765639058464984869317920351161 S = 2 A = 1 B = 2AC03DC6A89D81EBC78E7A190E7853DE38E9DEEEAC364006 Point of order R ---------------- X = 1CDA5B1212040420B77E8A268E0D3670371BBE7B44A7D8E5 Y = 30A74DDA9F952EFBAB4C3F72A3AA6BA98BE22636DDACC861 |
v1.9.1 beta
- Suppressed the class number stuff.
- The maximal value of the cofactor S can be specified (instead of its maximal binary size).
- Over GF(P), the coefficients of a curve are in the range -P/2..P/2 whereas the coefficients of a point are in the range 0..P-1.
- Help file entirely rewritten.
v1.0 beta 6
- The lower bound 64 was decreased to 33 for both P binary size over GF(P) and field polynomial degree over GF(2n).
v1.0 beta 5
- Help file updated.
v1.0 beta 4
- Due to a very stupid bug (do sensible bugs exist?), the order of a curve over GF(2n) was sometimes set to 0 after having been computed.
v1.0 beta 3
- Cosmetic bugs fixed.
- The coefficient A of a curve over GF(P) may be random or any small integer in -1010..1010.
Last update May 11, 2008
Copyright © 2008, Marcel Martin. All rights reserved.