M-221

221-bit prime field Montgomery curve.

Curve from https://eprint.iacr.org/2013/647.pdf

By^2 \equiv x^3 + Ax^2 + x

Parameters

Name	Value
p0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD	`0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD`
a0x01c93a	`0x01c93a`
b0x01	`0x01`
G(0x04, 0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d)	`(0x04, 0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d)`
n0x040000000000000000000000000015A08ED730E8A2F77F005042605B	`0x040000000000000000000000000015A08ED730E8A2F77F005042605B`
h0x8	`0x8`

SAGE

p = 0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD
K = GF(p)
A = K(0x01c93a)
B = K(0x01)
E = EllipticCurve(K, ((3 - A^2)/(3 * B^2), (2 * A^3 - 9 * A)/(27 * B^3)))
def to_weierstrass(A, B, x, y):
	return (x/B + A/(3*B), y/B)
def to_montgomery(A, B, u, v):
	return (B * (u - A/(3*B)), B*v)
G = E(*to_weierstrass(A, B, K(0x04), K(0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d)))
E.set_order(0x040000000000000000000000000015A08ED730E8A2F77F005042605B * 0x8)
# This curve is a Weierstrass curve (SAGE does not support Montgomery curves) birationally equivalent to the intended curve.
# You can use the to_weierstrass and to_montgomery functions to convert the points.

p = 0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD
K = GF(p)
A = K(0x01c93a)
B = K(0x01)
E = EllipticCurve(K, ((3 - A^2)/(3 * B^2), (2 * A^3 - 9 * A)/(27 * B^3)))
def to_weierstrass(A, B, x, y):
	return (x/B + A/(3*B), y/B)
def to_montgomery(A, B, u, v):
	return (B * (u - A/(3*B)), B*v)
G = E(*to_weierstrass(A, B, K(0x04), K(0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d)))
E.set_order(0x040000000000000000000000000015A08ED730E8A2F77F005042605B * 0x8)
# This curve is a Weierstrass curve (SAGE does not support Montgomery curves) birationally equivalent to the intended curve.
# You can use the to_weierstrass and to_montgomery functions to convert the points.

SAGE

JSON

{
  "name": "M-221",
  "desc": "Curve from https://eprint.iacr.org/2013/647.pdf",
  "form": "Montgomery",
  "field": {
    "type": "Prime",
    "p": "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD",
    "bits": 221
  },
  "params": {
    "a": {
      "raw": "0x01c93a"
    },
    "b": {
      "raw": "0x01"
    }
  },
  "generator": {
    "x": {
      "raw": "0x04"
    },
    "y": {
      "raw": "0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d"
    }
  },
  "order": "0x040000000000000000000000000015A08ED730E8A2F77F005042605B",
  "cofactor": "0x8"
}

{
  "name": "M-221",
  "desc": "Curve from https://eprint.iacr.org/2013/647.pdf",
  "form": "Montgomery",
  "field": {
    "type": "Prime",
    "p": "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD",
    "bits": 221
  },
  "params": {
    "a": {
      "raw": "0x01c93a"
    },
    "b": {
      "raw": "0x01"
    }
  },
  "generator": {
    "x": {
      "raw": "0x04"
    },
    "y": {
      "raw": "0x0f7acdd2a4939571d1cef14eca37c228e61dbff10707dc6c08c5056d"
    }
  },
  "order": "0x040000000000000000000000000015A08ED730E8A2F77F005042605B",
  "cofactor": "0x8"
}

JSON