ComSec作业五：椭圆曲线

一、

x的取值范围是0-6，mod 7的二次剩余是1,2,4，$1=1mod7$,$4=2^{2}mod7$.$2=3^{2}mod7$，

x	0	1	2	3	4	5	6
$y^2=x^3+2x+4$	1	4	6	6	3	3	5
是否为二次剩余	Y	Y	N	N	N	N	N
Y	1,6	2,5

（所以$E_7(2,1)的所有点为（0,1）（0,6）（1,2）（1,5）以及无穷远点$

二、

1. P=(3,5)，-P=(3,-5)，$-5mod7=2$,-P=(3,2)
2. Q=(2,5)，-Q=(2,-5)，$-5mod7=2$,-Q=(2,2)
3. R=(5,0)，-R=(5,0)

三、

$p=11,a=1,b=7$,

因为有
$$x_R=({\lambda }^2-x_P-x_Q)modp$$

$$y_R=(\lambda (x_P-x_R)-y_P)modp$$

$$\lambda =\frac{y_Q-y_P}{x_Q-x_P}modp，若P\ne Q$$

$$\lambda =\frac{3x_P^2+a}{2y_P}modp，若P=Q$$

$$G=(3,2),\lambda =\frac{3\ast 3\ast 3+1}{2\ast 2}mod11=7$$

$$x_3=7^2-3-3=10(mod11)y_3=(7\ast (3-10)-2)=4(mod11)$$

	G	2G	3G	4G	5G	6G	7G	8G	9G	10G	11G	12G	13G
	(3,2)	(10,4)	(1,8)	(5,4)	(4,8)	(7,7)	(6,8)	(6,3)	(7,4)	(4,3)	(5,7)	(1,3)	(10,7)
$\lambda$		7	5	8	1	6	4	2	4	6	1	8	5

def getLambda(x1, y1, x2, y2, a, p):
    if x1 == x2 and y1 == y2:
        return ((3 * x1 * x1 + a) / (2 * y1)) % p
    else:
        t1 = y2 - y1
        t2 = x2 - x1
        while t2 < 0:
            t2 += p
        while t1 < 0:
            t1 += p
        return fracMod(t1,t2,p)

def fracMod(x,y,p):
    for i in range(p):
        if y*i % p == x:
            return i
def getX(alpha, x1, x2, p):
    return (alpha ** 2 - x1 - x2) % p


def getY(alpha, x1, x3, y3, p):
    return (alpha * (x1 - x3) - y1) % p


if __name__ == '__main__':
    x1 = 3
    y1 = 2
    x2 = 3
    y2 = 2
    n = 13
    a = 1
    p = 11
    for i in range(2, n+1):
        alpha = getLambda(x1, y1, x2, y2, a, p)
        x3 = getX(alpha, x1, x2, p)
        y3 = getY(alpha, x1, x3, y1, p)
        print("lambda:", alpha)
        print(f"{i}G", x3, y3)
        x1 = x3
        y1 = y3