What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve

Laël Cellier on Sat, 05 Jul 2025 21:05:54 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?

To: pari-users <pari-users@pari.math.u-bordeaux.fr>
Subject: What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?
From: Laël Cellier <lael.cellier@gmail.com>
Date: Sat, 5 Jul 2025 21:05:50 +0200
Delivery-date: Sat, 05 Jul 2025 21:05:54 +0200
Disposition-notification-to: Laël Cellier <lael.cellier@gmail.com>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751742352; x=1752347152; darn=pari.math.u-bordeaux.fr; h=content-transfer-encoding:disposition-notification-to:subject:from :reply-to:to:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=VB7xyPLT+FZnoOrPr090OJuTH0t8qtZhuw6hyMue3MM=; b=Ynx3I6E3Qv4rMgR3AiMfykU4eqBS+T5mDy4ppz8j3gH9lUuVdfpVvij8WEZSkKHjHd WAsd7Ms2TdVOtQYxTagJ6KbObDuzsbFlpUUNv09f82V4hsXTGcgVmlwq9OfMG1n8vuND /SITVUykIwla+CYIPNFyLIoBZs/0w99wxRze30drV86b/CsNnNqgHZrzD6pqMj7G/R3r F/ZFrj02XW/8QAKglfN5lw1XRpAwpgBMQdWqypYgpiqBiV8Ce0r3EDkrwCTQmS8zRo2Y IgEWEXaozDw+iNF8tX6Q3gmR2e6RmZQApsB+3LBeiyU6Ec1j92KTeGx0binxkFB0sr5y FSUg==
Reply-to: lael.cellier@laposte.net
User-agent: Thunderbird Daily

Simple, I’ve curve defined as $\frac{Y^{2} = X^{3} + 3}{i + 9}$ definied over finite finite field $F_{p}^{2} = \frac{F_{p} [i]}{i^{2} + 1}$ with $p = 21888242871839275222246405745257275088696311157297823662689037894645226208583$ and point $X = 11559732032986387107991004021392285783925812861821192530917403151452391805634 \times i + 10857046999023057135944570762232829481370756359578518086990519993285655852781$ $Y = 4082367875863433681332203403145435568316851327593401208105741076214120093531 \times i + 8495653923123431417604973247489272438418190587263600148770280649306958101930$

As this curve is homomorphic to the curve $Y^{2} = X^{3} + 3$

defined over

F_{p}^{12}

, how to convert the point to the $F_{p}^{12}$

curve such as the discrete logarithm relation between 2 points on the 1^st curve is preserved ?

I’ve following code from py_ecc :

def twist(pt: Point2D[FQP]) -> Point2D[FQ12]:
    _x, _y = pt
    # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 18*x + 82
    xcoeffs = [_x.coeffs[0] - _x.coeffs[1] * 9, _x.coeffs[1]]
    ycoeffs = [_y.coeffs[0] - _y.coeffs[1] * 9, _y.coeffs[1]]
    # Isomorphism into subfield of Z[p] / w**12 - 18 * w**6 + 82,
    # where w**6 = x
    nx = FQ12([int(xcoeffs[0])] + [0] * 5 + [int(xcoeffs[1])] + [0] * 5)
    ny = FQ12([int(ycoeffs[0])] + [0] * 5 + [int(ycoeffs[1])] + [0] * 5)
    # Divide x coord by w**2 and y coord by w**3
    return (nx * w**2, ny * w**3)

but what it’s Pari/ɢᴘ equivalent ?

Follow-Ups:
- Re: What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

Prev by Date: Re: flags in a bitmap
Next by Date: Re: What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?
Previous by thread: Re: How to declare a finite field element resulting from a Prime Power in Pari/ɢᴘ ?
Next by thread: Re: What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?
Index(es):
- Date
- Thread