1

My sagemath cannot compute the result of the following code for such a large number N. Can someone provide the result for the first 10 points ?

n=115792089237316195423570985008687907852837564279074904382605163141518161494337

K =  GF(n)
E = EllipticCurve(K,[0,7])
print(E)
print(E.order())
print(E.abelian_group())


for i in (1..E.order()):
    print(E[i], E[i].order())
Pieter Wuille
  • 105,497
  • 9
  • 194
  • 308
Donald
  • 21
  • 2

1 Answers1

1

Ok, running that code for you.

n=115792089237316195423570985008687907852837564279074904382605163141518161494337

K =  GF(n)
E = EllipticCurve(K,[0,7])
print(E)

Elliptic Curve defined by y^2 = x^3 + 7 over Finite Field of size 115792089237316195423570985008687907852837564279074904382605163141518161494337

print(E.order())

115792089237316195423570985008687907853269984665640564039457584007908834671663

print(E.abelian_group())

Additive abelian group isomorphic to Z/115792089237316195423570985008687907853269984665640564039457584007908834671663 embedded in Abelian group of points on Elliptic Curve defined by y^2 = x^3 + 7 over Finite Field of size 115792089237316195423570985008687907852837564279074904382605163141518161494337

for i in (1..E.order()):
    print(E[i], E[i].order())

Now, that won't work. To evaluate E[i], Sage would have to compute all 115792089237316195423570985008687907853269984665640564039457584007908834671663 points on the curve, put them in a list, sort them, and return the i'th element of it. The numbers are just completely infeasible to perform this with.

However, it's possible to achieve the same thing slightly differently: try X coordinates from low to high, and see if they have corresponding points on the curve, and print those. The output will be the same, but it'll run in reasonable time (as long as you don't actually want it for all points on the curve):

for X in K:
    if E.is_x_coord(X):
        for P in sorted([E.lift_x(X), -E.lift_x(X)]):
             print(P, P.order())

With as output:

(1 : 5647885500061325675748484062311156374277086380342947163834798608016077912256 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(1 : 110144203737254869747822500946376751478560477898731957218770364533502083582081 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(5 : 8431666291905083954801522372371357832158519650241434717544640703033853370223 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(5 : 107360422945411111468769462636316550020679044628833469665060522438484308124114 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(6 : 42020070001348706790142152499247364340931555193283231437254515282684880346805 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(6 : 73772019235967488633428832509440543511906009085791672945350647858833281147532 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(9 : 39862443989807251807276656820089717727772887583549899554895021886628471965623 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(9 : 75929645247508943616294328188598190125064676695525004827710141254889689528714 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(10 : 29483468331181912791030599117258770751379792607712291527986097186178047239105 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
(10 : 86308620906134282632540385891429137101457771671362612854619065955340114255232 : 1) 115792089237316195423570985008687907853269984665640564039457584007908834671663
...

Now, these are not the points with private keys 1, 2, 3, 4, ...; they're just the lowest X coordinates which have a corresponding point on the curve. Their discrete logarithm is not computable.

Pieter Wuille
  • 105,497
  • 9
  • 194
  • 308
  • 1
    thank you for your comment. But you get different result. If result was E[5] it possible substract E[5] from any point on E, And you will get result point With order lower then order of point from what you substract !!! But with yours points example order is not changes !!!! This understand ? Look to this url:. https://crypto.stackexchange.com/questions/89362/is-there-any-way-to-mapping-point-between-2-elliptic-curves – Donald Mar 07 '23 at 05:05
  • That has nothing to do with all of this. Orders don't get added or subtracted when you add/subtract points. The order is how many times you have to add a point to itself to get the point at infinity. – Pieter Wuille Mar 07 '23 at 13:42
  • and how get point with order bigger or smaller then G , in secp256k1 ? – Donald Mar 07 '23 at 18:33
  • 2
    You cannot. secp256k1 is a prime-ordered curve. Every point (except infinity, which has order 1) has the same order, equal to the number of points on the curve. – Pieter Wuille Mar 07 '23 at 18:37