您当前的位置: 首页 > 

mutourend

暂无认证

  • 2浏览

    0关注

    661博文

    0收益

  • 0浏览

    0点赞

    0打赏

    0留言

私信
关注
热门博文

curve25519-dalek中的basepoint各种表示

mutourend 发布时间:2019-08-08 12:32:25 ,浏览量:2

1. curve25519以montgomery表示下的basepoint

《Elliptic Curves for Security rfc7748》中说明,curve25519对应montgomery形式和basepoint如下: 在这里插入图片描述 因此对应的代码有:

/// The X25519 basepoint, in `MontgomeryPoint` format.
pub const X25519_BASEPOINT: MontgomeryPoint =
    MontgomeryPoint([0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
2. curve25519以edwards25519表示下的basepoint

《Elliptic Curves for Security rfc7748》中说明,curve25519对应edwards形式和basepoint如下: 在这里插入图片描述

由affine坐标系转换为extended坐标系的映射方法为: ( x , y ) ↦ ( X : Y : Z : T ) :   Z = 1 , T = X Y , X = x / Z , Y = y / Z (x,y)\mapsto (X:Y:Z:T):\ Z=1,T=XY,X=x/Z,Y=y/Z (x,y)↦(X:Y:Z:T): Z=1,T=XY,X=x/Z,Y=y/Z

/// The Ed25519 basepoint, as an `EdwardsPoint`.
///
/// This is called `_POINT` to distinguish it from
/// `ED25519_BASEPOINT_TABLE`, which should be used for scalar
/// multiplication (it's much faster).
pub const ED25519_BASEPOINT_POINT: EdwardsPoint = EdwardsPoint{
    X: FieldElement51([1738742601995546, 1146398526822698, 2070867633025821, 562264141797630, 587772402128613]),
    Y: FieldElement51([1801439850948184, 1351079888211148, 450359962737049, 900719925474099, 1801439850948198]),
    Z: FieldElement51([1, 0, 0, 0, 0]),
    T: FieldElement51([1841354044333475, 16398895984059, 755974180946558, 900171276175154, 1821297809914039]),
};

对应的 sage脚本为:

sage: p=2^255-19
sage: x=151122213495354007725011514095885315114540126930418572060461132839498477
....: 62202
sage: y=463168356949264781694283940034751631413079938662562256157830336031652518
....: 55960
sage: t=mod(x*y,p)
sage: t
46827403850823179245072216630277197565144205554125654976674165829533817101731
sage: 1841354044333475+16398895984059*2^51+755974180946558*2^102+900171276175154
....: *2^153+1821297809914039*2^204
46827403850823179245072216630277197565144205554125654976674165829533817101731
sage: 1738742601995546+1146398526822698*2^51+2070867633025821*2^102+562264141797
....: 630*2^153+587772402128613*2^204
15112221349535400772501151409588531511454012693041857206046113283949847762202
sage: 1801439850948184+1351079888211148*2^51+450359962737049*2^102+9007199254740
....: 99*2^153+1801439850948198*2^204
46316835694926478169428394003475163141307993866256225615783033603165251855960

根据博客edwards25519 point压缩及解压缩算法中说明,basepoint的压缩表示为:

pub const ED25519_BASEPOINT_COMPRESSED: CompressedEdwardsY =
    CompressedEdwardsY([0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
                        0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
                        0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
                        0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66]);

对应的sage证明为:

sage: x=151122213495354007725011514095885315114540126930418572060461132839498477
....: 62202
sage: y=463168356949264781694283940034751631413079938662562256157830336031652518
....: 55960
sage: hex(x&1)
'0'
sage: ((x&1)
关注
打赏
1664532908
查看更多评论

最近更新

热门博客

[ 申请 ]友情链接:

ClashX教程 绘画宝宝 配音宝宝
0.2678s