kris
/
SIDH_p751
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
99 Commits
14 Ramas
653 KiB
 
 
 
Árbol: 7bf83bb613
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '7bf83bb613'
${ noResults }
SIDH_p751/p751toolbox/isogeny_test.go

115 líneas
6.3 KiB
Original Blame Histórico 

  1. package p751toolbox

  2. 

  3. import (

  4. 	"testing"

  5. )

  6. 

  7. func TestFourIsogenyVersusSage(t *testing.T) {

  8. 	var xR, xP4, resPhiXr, expPhiXr ProjectivePoint

  9. 	var phi = NewIsogeny4()

  10. 

  11. 	// sage: p = 2^372 * 3^239 - 1; Fp = GF(p)

  12. 	// sage: R.<x> = Fp[]

  13. 	// sage: Fp2 = Fp.extension(x^2 + 1, 'i')

  14. 	// sage: i = Fp2.gen()

  15. 	// sage: E0Fp = EllipticCurve(Fp, [0,0,0,1,0])

  16. 	// sage: E0Fp2 = EllipticCurve(Fp2, [0,0,0,1,0])

  17. 	// sage: x_PA = 11

  18. 	// sage: y_PA = -Fp(11^3 + 11).sqrt()

  19. 	// sage: x_PB = 6

  20. 	// sage: y_PB = -Fp(6^3 + 6).sqrt()

  21. 	// sage: P_A = 3^239 * E0Fp((x_PA,y_PA))

  22. 	// sage: P_B = 2^372 * E0Fp((x_PB,y_PB))

  23. 	// sage: def tau(P):

  24. 	// ....:     return E0Fp2( (-P.xy()[0], i*P.xy()[1]))

  25. 	// ....:

  26. 	// sage: m_B = 3*randint(0,3^238)

  27. 	// sage: m_A = 2*randint(0,2^371)

  28. 	// sage: R_A = E0Fp2(P_A) + m_A*tau(P_A)

  29. 	// sage: def y_recover(x, a):

  30. 	// ....:     return (x**3 + a*x**2 + x).sqrt()

  31. 	// ....:

  32. 	// sage: first_4_torsion_point = E0Fp2(1, y_recover(Fp2(1),0))

  33. 	// sage: sage_first_4_isogeny = E0Fp2.isogeny(first_4_torsion_point)

  34. 	// sage: a = Fp2(0)

  35. 	// sage: E1A = EllipticCurve(Fp2, [0,(2*(a+6))/(a-2),0,1,0])

  36. 	// sage: sage_isomorphism = sage_first_4_isogeny.codomain().isomorphism_to(E1A)

  37. 	// sage: isogenized_R_A = sage_isomorphism(sage_first_4_isogeny(R_A))

  38. 	// sage: P_4 = (2**(372-4))*isogenized_R_A

  39. 	// sage: P_4._order = 4 #otherwise falls back to generic group methods for order

  40. 	// sage: X4, Z4 = P_4.xy()[0], 1

  41. 	// sage: phi4 = EllipticCurveIsogeny(E1A, P_4, None, 4)

  42. 	// sage: E2A_sage = phi4.codomain() # not in monty form

  43. 	// sage: Aprime, Cprime = 2*(2*X4^4 - Z4^4), Z4^4

  44. 	// sage: E2A = EllipticCurve(Fp2, [0,Aprime/Cprime,0,1,0])

  45. 	// sage: sage_iso = E2A_sage.isomorphism_to(E2A)

  46. 	// sage: isogenized2_R_A = sage_iso(phi4(isogenized_R_A))

  47. 

  48. 	xP4.FromAffine(&ExtensionFieldElement{

  49. 		A: Fp751Element{0x2afd75a913f3d5e7, 0x2918fba06f88c9ab, 0xa4ac4dc7cb526f05, 0x2d19e9391a607300, 0x7a79e2b34091b54, 0x3ad809dcb42f1792, 0xd46179328bd6402a, 0x1afa73541e2c4f3f, 0xf602d73ace9bdbd8, 0xd77ac58f6bab7004, 0x4689d97f6793b3b3, 0x4f26b00e42b7},

  50. 		B: Fp751Element{0x6cdf918dafdcb890, 0x666f273cc29cfae2, 0xad00fcd31ba618e2, 0x5fbcf62bef2f6a33, 0xf408bb88318e5098, 0x84ab97849453d175, 0x501bbfcdcfb8e1ac, 0xf2370098e6b5542c, 0xc7dc73f5f0f6bd32, 0xdd76dcd86729d1cf, 0xca22c905029996e4, 0x5cf4a9373de3}})

  51. 	xR.FromAffine(&ExtensionFieldElement{

  52. 		A: Fp751Element{0xff99e76f78da1e05, 0xdaa36bd2bb8d97c4, 0xb4328cee0a409daf, 0xc28b099980c5da3f, 0xf2d7cd15cfebb852, 0x1935103dded6cdef, 0xade81528de1429c3, 0x6775b0fa90a64319, 0x25f89817ee52485d, 0x706e2d00848e697, 0xc4958ec4216d65c0, 0xc519681417f},

  53. 		B: Fp751Element{0x742fe7dde60e1fb9, 0x801a3c78466a456b, 0xa9f945b786f48c35, 0x20ce89e1b144348f, 0xf633970b7776217e, 0x4c6077a9b38976e5, 0x34a513fc766c7825, 0xacccba359b9cd65, 0xd0ca8383f0fd0125, 0x77350437196287a, 0x9fe1ad7706d4ea21, 0x4d26129ee42d}})

  54. 	expPhiXr.FromAffine(&ExtensionFieldElement{

  55. 		A: Fp751Element{0x111efd8bd0b7a01e, 0x6ab75a4f3789ca9b, 0x939dbe518564cac4, 0xf9eeaba1601d0434, 0x8d41f8ba6edac998, 0xfcd2557efe9aa170, 0xb3c3549c098b7844, 0x52874fef6f81127c, 0xb2b9ac82aa518bb3, 0xee70820230520a86, 0xd4012b7f5efb184a, 0x573e4536329b},

  56. 		B: Fp751Element{0xa99952281e932902, 0x569a89a571f2c7b1, 0x6150143846ba3f6b, 0x11fd204441e91430, 0x7f469bd55c9b07b, 0xb72db8b9de35b161, 0x455a9a37a940512a, 0xb0cff7670abaf906, 0x18c785b7583375fe, 0x603ab9ca403c9148, 0xab54ba3a6e6c62c1, 0x2726d7d57c4f}})

  57. 

  58. 	phi.GenerateCurve(&xP4)

  59. 	resPhiXr = phi.EvaluatePoint(&xR)

  60. 	if !expPhiXr.VartimeEq(&resPhiXr) {

  61. 		t.Error("\nExpected\n", expPhiXr.ToAffine(), "\nfound\n", resPhiXr.ToAffine())

  62. 	}

  63. }

  64. 

  65. func TestThreeIsogenyVersusSage(t *testing.T) {

  66. 	var xR, xP3, resPhiXr, expPhiXr ProjectivePoint

  67. 	var phi = NewIsogeny3()

  68. 

  69. 	// sage: %colors Linux

  70. 	// sage: p = 2^372 * 3^239 - 1; Fp = GF(p)

  71. 	// sage: R.<x> = Fp[]

  72. 	// sage: Fp2 = Fp.extension(x^2 + 1, 'i')

  73. 	// sage: i = Fp2.gen()

  74. 	// sage: E0Fp = EllipticCurve(Fp, [0,0,0,1,0])

  75. 	// sage: E0Fp2 = EllipticCurve(Fp2, [0,0,0,1,0])

  76. 	// sage: x_PA = 11

  77. 	// sage: y_PA = -Fp(11^3 + 11).sqrt()

  78. 	// sage: x_PB = 6

  79. 	// sage: y_PB = -Fp(6^3 + 6).sqrt()

  80. 	// sage: P_A = 3^239 * E0Fp((x_PA,y_PA))

  81. 	// sage: P_B = 2^372 * E0Fp((x_PB,y_PB))

  82. 	// sage: def tau(P):

  83. 	// ....:     return E0Fp2( (-P.xy()[0], i*P.xy()[1]))

  84. 	// ....:

  85. 	// sage: m_B = 3*randint(0,3^238)

  86. 	// sage: R_B = E0Fp2(P_B) + m_B*tau(P_B)

  87. 	// sage: P_3 = (3^238)*R_B

  88. 	// sage: def three_isog(P_3, P):

  89. 	// ....:     X3, Z3 = P_3.xy()[0], 1

  90. 	// ....:     XP, ZP = P.xy()[0], 1

  91. 	// ....:     x = (XP*(X3*XP - Z3*ZP)^2)/(ZP*(Z3*XP - X3*ZP)^2)

  92. 	// ....:     A3, C3 = (Z3^4 + 9*X3^2*(2*Z3^2 - 3*X3^2)), 4*X3*Z3^3

  93. 	// ....:     cod = EllipticCurve(Fp2, [0,A3/C3,0,1,0])

  94. 	// ....:     return cod.lift_x(x)

  95. 	// ....:

  96. 	// sage: isogenized_R_B = three_isog(P_3, R_B)

  97. 

  98. 	xR.FromAffine(&ExtensionFieldElement{

  99. 		A: Fp751Element{0xbd0737ed5cc9a3d7, 0x45ae6d476517c101, 0x6f228e9e7364fdb2, 0xbba4871225b3dbd, 0x6299ccd2e5da1a07, 0x38488fe4af5f2d0e, 0xec23cae5a86e980c, 0x26c804ba3f1edffa, 0xfbbed81932df60e5, 0x7e00e9d182ae9187, 0xc7654abb66d05f4b, 0x262d0567237b},

  100. 		B: Fp751Element{0x3a3b5b6ad0b2ac33, 0x246602b5179127d3, 0x502ae0e9ad65077d, 0x10a3a37237e1bf70, 0x4a1ab9294dd05610, 0xb0f3adac30fe1fa6, 0x341995267faf70cb, 0xa14dd94d39cf4ec1, 0xce4b7527d1bf5568, 0xe0410423ed45c7e4, 0x38011809b6425686, 0x28f52472ebed}})

  101. 	xP3.FromAffine(&ExtensionFieldElement{

  102. 		A: Fp751Element{0x7bb7a4a07b0788dc, 0xdc36a3f6607b21b0, 0x4750e18ee74cf2f0, 0x464e319d0b7ab806, 0xc25aa44c04f758ff, 0x392e8521a46e0a68, 0xfc4e76b63eff37df, 0x1f3566d892e67dd8, 0xf8d2eb0f73295e65, 0x457b13ebc470bccb, 0xfda1cc9efef5be33, 0x5dbf3d92cc02},

  103. 		B: Fp751Element{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}})

  104. 	expPhiXr.FromAffine(&ExtensionFieldElement{

  105. 		A: Fp751Element{0x286db7d75913c5b1, 0xcb2049ad50189220, 0xccee90ef765fa9f4, 0x65e52ce2730e7d88, 0xa6b6b553bd0d06e7, 0xb561ecec14591590, 0x17b7a66d8c64d959, 0x77778cecbe1461e, 0x9405c9c0c41a57ce, 0x8f6b4847e8ca7d3d, 0xf625eb987b366937, 0x421b3590e345},

  106. 		B: Fp751Element{0x566b893803e7d8d6, 0xe8c71a04d527e696, 0x5a1d8f87bf5eb51, 0x42ae08ae098724f, 0x4ee3d7c7af40ca2e, 0xd9f9ab9067bb10a7, 0xecd53d69edd6328c, 0xa581e9202dea107d, 0x8bcdfb6c8ecf9257, 0xe7cbbc2e5cbcf2af, 0x5f031a8701f0e53e, 0x18312d93e3cb}})

  107. 

  108. 	phi.GenerateCurve(&xP3)

  109. 	resPhiXr = phi.EvaluatePoint(&xR)

  110. 

  111. 	if !expPhiXr.VartimeEq(&resPhiXr) {

  112. 		t.Error("\nExpected\n", expPhiXr.ToAffine(), "\nfound\n", resPhiXr.ToAffine())

  113. 	}

  114. }