Curve25519

255-bit prime field Montgomery curve.

By^2 \equiv x^3 + Ax^2 + x

Parameters

Name	Value
p0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed	`0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed`
a0x76d06	`0x76d06`
b0x01	`0x01`
G(0x09, 0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9)	`(0x09, 0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9)`
n0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed	`0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed`
h0x08	`0x08`

Characteristics

j-invariant:
39240375672115510010799456308813573486606784421612167109713554819120306934551
Trace of Frobenius:
-221938542218978828286815502327069187962
Discriminant:
3789438435840

SAGE

p = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed
K = GF(p)
A = K(0x76d06)
B = K(0x01)
E = EllipticCurve(K, ((3 - A^2)/(3 * B^2), (2 * A^3 - 9 * A)/(27 * B^3)))
def to_weierstrass(A, B, x, y):
	return (x/B + A/(3*B), y/B)
def to_montgomery(A, B, u, v):
	return (B * (u - A/(3*B)), B*v)
G = E(*to_weierstrass(A, B, K(0x09), K(0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9)))
E.set_order(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed * 0x08)
# This curve is a Weierstrass curve (SAGE does not support Montgomery curves) birationally equivalent to the intended curve.
# You can use the to_weierstrass and to_montgomery functions to convert the points.

p = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed
K = GF(p)
A = K(0x76d06)
B = K(0x01)
E = EllipticCurve(K, ((3 - A^2)/(3 * B^2), (2 * A^3 - 9 * A)/(27 * B^3)))
def to_weierstrass(A, B, x, y):
	return (x/B + A/(3*B), y/B)
def to_montgomery(A, B, u, v):
	return (B * (u - A/(3*B)), B*v)
G = E(*to_weierstrass(A, B, K(0x09), K(0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9)))
E.set_order(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed * 0x08)
# This curve is a Weierstrass curve (SAGE does not support Montgomery curves) birationally equivalent to the intended curve.
# You can use the to_weierstrass and to_montgomery functions to convert the points.

SAGE

JSON

{
  "name": "Curve25519",
  "desc": "Curve from https://cr.yp.to/ecdh.html",
  "form": "Montgomery",
  "field": {
    "type": "Prime",
    "p": "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
    "bits": 255
  },
  "params": {
    "a": {
      "raw": "0x76d06"
    },
    "b": {
      "raw": "0x01"
    }
  },
  "generator": {
    "x": {
      "raw": "0x09"
    },
    "y": {
      "raw": "0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9"
    }
  },
  "order": "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed",
  "cofactor": "0x08",
  "characteristics": {
    "j_invariant": "39240375672115510010799456308813573486606784421612167109713554819120306934551",
    "discriminant": "3789438435840",
    "trace_of_frobenius": "-221938542218978828286815502327069187962"
  }
}

{
  "name": "Curve25519",
  "desc": "Curve from https://cr.yp.to/ecdh.html",
  "form": "Montgomery",
  "field": {
    "type": "Prime",
    "p": "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
    "bits": 255
  },
  "params": {
    "a": {
      "raw": "0x76d06"
    },
    "b": {
      "raw": "0x01"
    }
  },
  "generator": {
    "x": {
      "raw": "0x09"
    },
    "y": {
      "raw": "0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9"
    }
  },
  "order": "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed",
  "cofactor": "0x08",
  "characteristics": {
    "j_invariant": "39240375672115510010799456308813573486606784421612167109713554819120306934551",
    "discriminant": "3789438435840",
    "trace_of_frobenius": "-221938542218978828286815502327069187962"
  }
}

JSON