Merge commit 'd029ddea8396d7a39910028dd5ae436a3bd3e9bb' as 'jubjub'

2025-07-31 12:31:22 +00:00 · 2019-12-12 11:32:47 -07:00
parent f5217b56d7 d029ddea83
commit 281cfe1912
34 changed files with 4035 additions and 0 deletions
--- a/jubjub/doc/derive/.gitignore
+++ b/jubjub/doc/derive/.gitignore
@@ -0,0 +1 @@
+*.sage.py
--- a/jubjub/doc/derive/derive.sage
+++ b/jubjub/doc/derive/derive.sage
@@ -0,0 +1,32 @@
+q = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
+Fq = GF(q)
+
+# We wish to find a Montgomery curve with B = 1 and A the smallest such
+# that (A - 2) / 4 is a small integer.
+def get_A(n):
+   return (n * 4) + 2
+
+# A = 2 is invalid (singular curve), so we start at i = 1 (A = 6)
+i = 1
+
+while True:
+    A = Fq(get_A(i))
+    i = i + 1
+
+    # We also want that A^2 - 4 is nonsquare.
+    if ((A^2) - 4).is_square():
+        continue
+
+    ec = EllipticCurve(Fq, [0, A, 0, 1, 0])
+    o = ec.order()
+
+    if (o % 8 == 0):
+        o = o // 8
+        if is_prime(o):
+            twist = ec.quadratic_twist()
+            otwist = twist.order()
+            if (otwist % 4 == 0):
+                otwist = otwist // 4
+                if is_prime(otwist):
+                    print "A = %s" % A
+                    exit(0)