Re: What’s the equivalent of this py_ecc code for untwisting the ʙɴ128 curve in Pari/ɢᴘ ?

[Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>]

On Sat, Jul 05, 2025 at 10:56:31PM +0200, Laël Cellier wrote:
> Without using mathematical formulas, the question is not understandable :
> the curve is over a very special field. However, you can still use
> https://pari.math.u-bordeaux.fr/archives/pari-users-2507/msg00029.html to
> display it correctly,

So first define the field and the point:

 p=21888242871839275222246405745257275088696311157297823662689037894645226208583;
 i=ffgen((i^2+1)*Mod(1,p));
 X=11559732032986387107991004021392285783925812861821192530917403151452391805634*i+10857046999023057135944570762232829481370756359578518086990519993285655852781;
 Y=4082367875863433681332203403145435568316851327593401208105741076214120093531*i+8495653923123431417604973247489272438418190587263600148770280649306958101930;
 pt = [X,Y];
 \\ then define the target field, the target curve and the map from Fp[i] to Fp[w]:
 w=ffgen((w^12 - 18 * w^6 + 82)*Mod(1,p));
 E2 = ellinit([0,3],w); 
 map = ffembed(i,w);
 \\ define the isomorphism:
 twist(pt)= [ffmap(map,pt[1])*w^2, ffmap(map,pt[2])*w^3];
 \\ apply to pt
 pt2=twist(pt);
 \\ check
 ellisoncurve(E2,pt2)
 %11 = 1
 \\ success!
 
Cheers,
Bill.