Une MAJ de sécurité est nécessaire sur notre version actuelle. Elle sera effectuée lundi 02/08 entre 12h30 et 13h. L'interruption de service devrait durer quelques minutes (probablement moins de 5 minutes).

Commit 77166dcd authored by MASSON Simon's avatar MASSON Simon
Browse files

cleaning files

parent 468e56b6
This diff is collapsed.
This diff is collapsed.
p := 40617634874521561120012275278918595705400291300343073463719823646463646775626428725145830484111969216804830609839402473453352722268478525175122438238327394611673609;
assert IsPrime(p);
Fp := GF(p);
Fpx<x> := PolynomialRing(Fp);
a := 1;
sgn := +1;
// try all x^2 +/- a with a growing
while not(IsIrreducible(x^2 - sgn*a)) do
if sgn eq -1 then
a +:= 1;
sgn := +1;
end if;
sgn := -1;
end while;
Fp2<u2> := ext<Fp | x^2 - sgn * a>;
print Fp2;
print DefiningPolynomial(Fp2);
Fp2y<y> := PolynomialRing(Fp2);
a := 1;
sgn := +1;
// try all x^2 +/- a with a growing
while not(IsIrreducible(y^2 - sgn*a)) do
if sgn eq -1 then
a +:= 1;
sgn := +1;
end if;
sgn := -1;
end while;
Fp4<u4> := ext<Fp2 | y^2 - sgn* a>;
print Fp4;
print DefiningPolynomial(Fp4);
Fp4z<z> := PolynomialRing(Fp4);
a := 1;
sgn := +1;
// try all x^2 +/- a with a growing
while not(IsIrreducible(z^2 - sgn*a)) do
if sgn eq -1 then
a +:= 1;
sgn := +1;
end if;
sgn := -1;
end while;
Fp8<u8> := ext<Fp | z^2 - sgn*a>;
print Fp8;
print DefiningPolynomial(Fp8);
'''
git clone git@gitlab.inria.fr:smasson/cocks-pinch-variant.git
sage
'''
from sage.rings.factorint import factor_trial_division
from BN import BN
BN446 = BN(u=2**110+2**36+1)
#BN446.print_parameters()
C.<x> = ZZ[]
p = BN446.p()
t = BN446.tr()
r = BN446.r()
P = C(BN446.polynomial_p)
R = C(BN446.polynomial_r)
T = C(BN446.polynomial_tr)
#
# For G1
#
# E
Order = p+1-t
assert Order == r
# Quad twist
QuadTwist = p+1+t
# Takes 5 seconds with 'factor(QuadTwist)'
QuadTwist_factors = [3, 830656634761357, 3266840591030257, 12555379861609401344257866088282311135894538400711907463636218900021353418589932758370767845065944585353]
assert QuadTwist == prod(QuadTwist_factors)
assert (t**2 - 4 * p)%3 == 0
y = sqrt((t**2 - 4*p)//-3)
assert -3* y**2 == t**2 - 4*p
assert (T**2 - 4 * P)%3 == 0
# à la main...
Y = 6 * factor((T**2 - 4*P)/(-3))[0][0]
assert -3* Y**2 == T**2 - 4*P
# Cubic twists
CubicTwist1 = p+1 - ( 3*y - t)//2
# Trial division donne les trois premiers puis ecm trois fois (30digits) donne les trois suivants et le dernier est premier.
CubicTwist_factors1 = [13, 19, 601, 21016098087231014353, 1189233894815828209, 4317845028782260987000142227, 6380324262963165699371076437222384827755570983891176625734042567]
assert CubicTwist1 == prod(CubicTwist_factors1)
CubicTwist2 = p+1 - (-3*y - t)//2
# Trial division jusqu'à 2**25 donne la factorisation.
CubicTwist_factors2 = [2^2, 7, 17299, 168277, 1253997879132213170676719877444667330752374418141633091656967499749522174771304384928717978120710928629586045008837757477511]
assert CubicTwist2 == prod(CubicTwist_factors2)
#Sextic twists
SexTwist1 = p+1 - (-3*y + t)//2
assert (P+1- (-3*Y + T)/2).is_irreducible()
# Trial division donne les deux premiers facteurs :
SexTwist_factors1 = [3,7]
# ECM (30digits) donne un troisième :
SexTwist_factors1 += [2333113853887455781]
# CADO-NFS donne les derniers facteurs :
SexTwist_factors1 += [37843969552527402327072244732283802474281110235567486949171346627723, 55125010003901064155058977864277078400148041159]
assert SexTwist1 == prod(SexTwist_factors1)
SexTwist2 = p+1 - ( 3*y + t)//2
# Trial division donne les 7 premiers facteurs et ECM (30 digits) donne les trois suivants et il reste un facteur premier.
SexTwist_factors2 = [2^2, 3^3, 11^2, 1777^2, 8243^2, 43037^2, 25781083^2, 390008032237, 2420302828357, 2420302828357, 12961245877671898020019138262148461088106790262496068931]
assert SexTwist2 == prod(SexTwist_factors2)
#
# For G2
#
t2 = t**2 - 2*p
assert (t2**2 - 4 * p**2)%3 == 0
y2 = sqrt((t2**2 - 4*p**2)//-3)
assert -3* y2**2 == t2**2 - 4*p**2
if (p**2 + 1 - (-3*y2 + t2)//2) % r == 0 :
alpha = -1
if (p**2 + 1 - ( 3*y2 + t2)//2) % r == 0 :
alpha = 1
Order_G2 = p**2 + 1 - (alpha*3*y2 + t2)//2
# The first factor is obvious
Order_G2_factors = [r]
# Trial division donne un facteur
Order_G2_factors.append(13)
# ECM (30 digits) ne donne pas de facteur mais CADO-NFS termine le travail
Order_G2_factors += [2176161170087922736641452328287069831430884850898680937, 63654875281071848204619458236080221790894877, 56758970850820284094692741664229197]
assert Order_G2 == prod(Order_G2_factors)
QuadTwist_G2 = p**2 + 1 + (alpha*3*y2 + t2)//2
# QuadTwist_G2 a CubicTwist(E)(Fp) comme sous-groupe dont on connait déjà la
# factorisation :-)
QuadTwist_G2_factors = []
if QuadTwist_G2 % CubicTwist1 == 0 :
QuadTwist_G2_factors += CubicTwist_factors1
if QuadTwist_G2 % CubicTwist2 == 0 :
QuadTwist_G2_factors += CubicTwist_factors2
# Trial division donne deux petits facteurs et ECM en donne un autre
QuadTwist_G2_factors+= [3, 7, 2333113853887455781]
#CADO-NFS donne les deux derniers facteurs :
QuadTwist_G2_factors += [37843969552527402327072244732283802474281110235567486949171346627723, 55125010003901064155058977864277078400148041159]
assert QuadTwist_G2 == prod(QuadTwist_G2_factors)
print QuadTwist_factors
print CubicTwist_factors1
print CubicTwist_factors2
print SexTwist_factors1
print SexTwist_factors2
print ''
print Order_G2_factors
print QuadTwist_G2_factors
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment