From fee32327c105c091c9ea56743d4907579e9b52f5 Mon Sep 17 00:00:00 2001
From: Henry Case <kris@amongbytes.com>
Date: Fri, 28 Jun 2019 12:13:07 +0100
Subject: [PATCH] Add sage script for generating parameters

---
 README.md       |  2 +-
 tools/sidh.sage | 66 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 tools/sidh.sage

diff --git a/README.md b/README.md
index 9abc3f1..cbf37f4 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Supersingular Isogeny Key Encapsulation
 
 Repository keeps simple Go's implementation of 
-SIKE based on field p503 (Round2).
+SIKE based on field p434 and p503 (Round2).
 
 ## Speed
 
diff --git a/tools/sidh.sage b/tools/sidh.sage
new file mode 100644
index 0000000..01bef13
--- /dev/null
+++ b/tools/sidh.sage
@@ -0,0 +1,66 @@
+# P434
+e2 = 0xD8
+e3 = 0x89
+# P503
+# e2=0xFA
+# e3=0x9F
+#e2=0x174
+#e3=0xEF
+
+Nsk2_max_val = (2^e2) - 1
+Nsk2_bytes = floor(e2/8)
+Nsk3_S = ceil(RDF(log(3^e3,2)))
+Nsk3_bytes = floor(Nsk3_S/8)
+Nsk3_max_val = (2^Nsk3_S) - 1
+
+p = 2^e2 * 3^e3 - 1
+Fp = GF(p)
+R.<x> = Fp[]
+Fp2 = Fp.extension(x^2 + 1, 'i')
+i = Fp2.gen()
+E0Fp = EllipticCurve(Fp, [0,6,0,1,0])
+E0Fp2 = EllipticCurve(Fp2, [0,6,0,1,0])
+
+# Montgomery R
+# 448 = 7*(8*8)
+R = 2^448
+# P503
+# R = 2^512
+
+def calc_Y_in_Fp2(x, xi):
+    fp2X= Fp2(x+xi*i)
+    fp2Y2 = Fp2(fp2X^3 + fp2X)
+    ret = fp2Y2.sqrt()
+    return ret
+
+def calc_proj_point_A(fp2X, fp2Y): return (3^e3 * E0Fp2((fp2X, fp2Y)))
+def calc_proj_point_B(fp2X, fp2Y): return (2^e2 * E0Fp2(fp2X, fp2Y))
+              
+def tau(P): return E0Fp2(-P.xy()[0], i*P.xy()[1])
+def hd(val): 
+    return ", 0x".join([x.hex().upper() for x in Integer(val).digits(base=2^64)])    
+def hcp(point):
+    print("X: "); hd(point[0])
+    print("Y: "); hd(point[1])
+    print("Z: "); hd(point[2])
+def print_fp2_hex(Fp2_el):
+    fp2_pol = Fp2_el.polynomial()
+    print("A: FpElement{0x" + hd(fp2_pol[1]) + "},")
+    print("B: FpElement{0x" + hd(fp2_pol[0]) + "}}")
+
+def print_fp2_in_mont_hex(Fp2_el, text):
+    print(text)
+    mul = Integer(R)*Fp2_el
+    fp2_pol = mul.polynomial()
+    print("A: FpElement{0x" + hd(fp2_pol[0]) + "},")
+    print("B: FpElement{0x" + hd(fp2_pol[1]) + "}}")
+
+Integer(2^4 - 1).digits(2)
+
+print("\n            P =\n"+hd(p))
+print("\n          pX2 =\n"+hd(2*p))
+print("\n          p+1 =\n"+hd(p+1))
+print("\n    R^2 mod p =\n"+hd((R^2) % p))
+print("\n1/2 * R mod p =\n"+hd(((1/2)*R) % p))
+print("\n      R mod p =\n"+hd(R % p))
+print("\n  6 * R mod p =\n"+hd(((6*R) % p)))
\ No newline at end of file