Commit a9092423 authored by MASSON Simon's avatar MASSON Simon
Browse files

Merge branch 'master' of gitlab.inria.fr:smasson/cocks-pinch-variant

parents 8bb205a9 d4915ed2
...@@ -404,11 +404,11 @@ def chain_alternate_iterators(gp, gm, with_zero=False): ...@@ -404,11 +404,11 @@ def chain_alternate_iterators(gp, gm, with_zero=False):
# promises. # promises.
class CocksPinchVariantResult(object): class CocksPinchVariantResult(object):
""" """
sage: C=CocksPinchVariantResult(6,3,34359607296,5,ht=0x101,hy=2,max_B1=1000) sage: C=CocksPinchVariantResult(6,3,34359607296,5,ht=0x101,hy=-2,max_B1=1000)
sage: C.E2(factor=True)["text_factorization"] sage: C.E2(factor=True)["text_factorization"]
'2^2 * 3 * 19 * 73 * 163 * 33637 * p48 * r' '2^2 * 3 * 19 * 73 * 163 * 33637 * p48 * r'
sage: C=CocksPinchVariantResult(6,3,0x600100002,5,ht=0x428,hy=0x639,allowed_cofactor=420,max_B1=600) sage: C=CocksPinchVariantResult(6,3,0x600100002,5,ht=0x428,hy=-0x639,allowed_cofactor=420,max_B1=600)
sage: C.is_small_subgroup_secure() sage: C.is_small_subgroup_secure()
True True
sage: C.is_twist_small_subgroup_secure() sage: C.is_twist_small_subgroup_secure()
...@@ -457,17 +457,17 @@ class CocksPinchVariantResult(object): ...@@ -457,17 +457,17 @@ class CocksPinchVariantResult(object):
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
sage: C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=-0x7e2) sage: C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=0x7e2)
sage: C.set_test_info(allowed_size_cofactor=10) sage: C.set_test_info(allowed_size_cofactor=10)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600) sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
sage: C.set_test_info(allowed_size_cofactor=10) sage: C.set_test_info(allowed_size_cofactor=10)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
sage: C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=-0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600) sage: C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
...@@ -487,11 +487,11 @@ class CocksPinchVariantResult(object): ...@@ -487,11 +487,11 @@ class CocksPinchVariantResult(object):
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
sage: C=CocksPinchVariantResult(7,20,0x5ec7fc01ff8,4,ht=-3,hy=-1,allowed_size_cofactor=10,max_B1=600) sage: C=CocksPinchVariantResult(7,20,0x5ec7fc01ff8,4,ht=-3,hy=1,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, False, False) (True, True, False, False)
sage: C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600) sage: C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=-0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure()) sage: (C.is_small_subgroup_secure(), C.is_twist_small_subgroup_secure(), C.is_G2_small_subgroup_secure(), C.is_twist_G2_small_subgroup_secure())
(True, True, True, True) (True, True, True, True)
......
...@@ -75,24 +75,23 @@ Example: search for baby examples ...@@ -75,24 +75,23 @@ Example: search for baby examples
This does a search for baby examples. This does a search for baby examples.
sage search.sage -k 8 -D 1 --T_choice "2-naf<=7" --hty_choice "2-naf<=7" --lambdap 160 --lambdar 70 --save --check_small_subgroup_secure 15 --spawn 4 0 4 sage search.sage -k 8 -D 1 --T_choice "2-naf<=7" --hty_choice "2-naf<=7" --lambdap 160 --lambdar 70 --save --check_small_subgroup_secure 15 --allowed_cofactor 30 --spawn 4 0 4
This should provide, as output, the file This should provide, as output, the file
`curves-data/curves-k8-p160-T:2-naf<=7-hty:2-naf<=7-2-4.sage`, with in `curves-data/curves-k8-p160-T:2-naf<=7-hty:2-naf<=7-2-4.sage`, with in
particular the following contents: particular the following contents:
C=CocksPinchVariantResult(8,4,0x27d80,7,ht=-0x451,hy=-0x481) C=CocksPinchVariantResult(8,4,0x27d80,7,ht=-0x451,hy=-0x481,allowed_cofactor=30)
(it takes about 15 minutes on a Intel Core i5-6500 CPU at 3.20GHz without any (it takes about 15 minutes on a Intel Core i5-6500 CPU at 3.20GHz without any
other running process). other running process).
One day later, these other curves were found: One day later, these other curves were found:
C=CocksPinchVariantResult(8,4,0x29072,7,ht=0x9bf,hy=-0x10e) C=CocksPinchVariantResult(8,4,0x29072,7,ht=0x9bf,hy=-0x10e,allowed_cofactor=30)
C=CocksPinchVariantResult(8,4,0x29f24,7,ht=-0x289,hy=0x53f) C=CocksPinchVariantResult(8,4,0x29f24,7,ht=-0x289,hy=0x53f,allowed_cofactor=30)
C=CocksPinchVariantResult(8,4,0x2a1c8,3,ht=0x53f,hy=-0x437) C=CocksPinchVariantResult(8,4,0x2a1c8,3,ht=0x53f,hy=-0x437,allowed_cofactor=30)
C=CocksPinchVariantResult(8,4,0x27d80,7,ht=-0x451,hy=-0x481) C=CocksPinchVariantResult(8,4,0x2617e,5,ht=-0xd93,hy=0x305,allowed_cofactor=30)
C=CocksPinchVariantResult(8,4,0x2617e,5,ht=-0xd93,hy=0x305) C=CocksPinchVariantResult(8,4,0x28f86,3,ht=0x8cf,hy=0x2e0,allowed_cofactor=30)
C=CocksPinchVariantResult(8,4,0x28f86,3,ht=0x8cf,hy=0x2e0)
The different parameters above are explained as follows. The different parameters above are explained as follows.
...@@ -126,18 +125,21 @@ The different parameters above are explained as follows. ...@@ -126,18 +125,21 @@ The different parameters above are explained as follows.
one with number 0, while `--spawn 4` indicates that we wish to perform one with number 0, while `--spawn 4` indicates that we wish to perform
4 searches in parallel, so that we'll actually do parts number 0, 1, 2, 4 searches in parallel, so that we'll actually do parts number 0, 1, 2,
and 3 in parallel. and 3 in parallel.
* `--allowed_cofactor 30` : group orders are considered secure whenever
they are of the form X times a prime, where here divides the cofactor
30.
Here is another example that cheats a bit, because we've arranged for the Here is another example that cheats a bit, because we've arranged for the
search to complete quickly, knowing that a previous search was search to complete quickly, knowing that a previous search was
successful. It still takes some minutes, though successful. It still takes some minutes, though
sage search.sage -k 6 -D 3 --T_choice 'hamming<=4' --hty_choice '2-naf<=4' --lambdap 160 --lambdar 70 --save --check_small_subgroup_secure 15 --spawn 1 --restrict_i '[1]' 57468 65536 sage search.sage -k 6 -D 3 --T_choice 'hamming<=4' --hty_choice '2-naf<=4' --lambdap 160 --lambdar 70 --save --check_small_subgroup_secure 15 --spawn 1 --restrict_i '[1]' --allowed_cofactor 420 57468 65536
For reference, the command above should write the following data to the For reference, the command above should write the following data to the
file `curves-data/curves-k6-p160-T\:hamming\<\=4-hty\:2-naf\<\=4-57468-65536.sage`: file `curves-data/curves-k6-p160-T\:hamming\<\=4-hty\:2-naf\<\=4-57468-65536.sage`:
C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=-0x7e2) C=CocksPinchVariantResult(6,3,0x600081000,1,ht=-0x191,hy=0x7e2,allowed_cofactor=420)
Using the search within `sage` so as to examine things more closely Using the search within `sage` so as to examine things more closely
=================================================================== ===================================================================
...@@ -202,7 +204,7 @@ Results are stored in a Python object called `CocksPinchVariantResult`. ...@@ -202,7 +204,7 @@ Results are stored in a Python object called `CocksPinchVariantResult`.
Whenever you look into an output file in the `curves-data` directory, it Whenever you look into an output file in the `curves-data` directory, it
starts with a line such as: starts with a line such as:
C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600) C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
This contains exactly the data that is necessary to identify the curve This contains exactly the data that is necessary to identify the curve
parameters uniquely. Provided the utility software has been attached into parameters uniquely. Provided the utility software has been attached into
...@@ -210,10 +212,10 @@ parameters uniquely. Provided the utility software has been attached into ...@@ -210,10 +212,10 @@ parameters uniquely. Provided the utility software has been attached into
then type the command above, and obtain data on the curve by `print`-ing then type the command above, and obtain data on the curve by `print`-ing
the object, as follows the object, as follows
sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600) sage: C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
sage: print C sage: print C
# Cocks-Pinch pairing-friendly curve of embedding degree 5: # Cocks-Pinch pairing-friendly curve of embedding degree 5:
C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600) C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
fD = 10000000147 fD = 10000000147
k = 5 k = 5
p = 0x40000138cd26ab94b86e1b2f7482785fa18f877591d2a4476b4760217f860bfe8674e2a4610d669328bda13044c030e8cc836a5b363f2d4c8abcab71b12091356bb4695c5626bc319d38bf65768c5695f9ad97 # 663 bits p = 0x40000138cd26ab94b86e1b2f7482785fa18f877591d2a4476b4760217f860bfe8674e2a4610d669328bda13044c030e8cc836a5b363f2d4c8abcab71b12091356bb4695c5626bc319d38bf65768c5695f9ad97 # 663 bits
...@@ -361,13 +363,13 @@ mileage may vary. See the [jobpick ...@@ -361,13 +363,13 @@ mileage may vary. See the [jobpick
documentation](https://gitlab.inria.fr/thome/jobpick/blob/master/README.md) documentation](https://gitlab.inria.fr/thome/jobpick/blob/master/README.md)
for information on the different parameters. for information on the different parameters.
my_machine ~ $ rsync -a pairings/code/ nancy.g5k:pairings-code/ my_machine ~ $ rsync -a cocks-pinch-variant/ nancy.g5k:cocks-pinch-variant/
fnancy ~ $ rm -rf ~/jobpick fnancy ~ $ rm -rf ~/jobpick
fnancy ~ $ (cd ~ ; git clone https://gitlab.inria.fr/thome/jobpick) fnancy ~ $ (cd ~ ; git clone https://gitlab.inria.fr/thome/jobpick)
fnancy ~ $ mkdir -p ~/pairings-code/k5/{todo,done,doing,failed} fnancy ~ $ mkdir -p ~/cocks-pinch-variant/k5/{todo,done,doing,failed}
fnancy ~ $ mkdir -p ~/pairings-code/k5/curves-data/ fnancy ~ $ mkdir -p ~/cocks-pinch-variant/k5/curves-data/
fnancy ~ $ for i in {0..1599} ; do touch ~/pairings-code/k5/todo/$((16*i)) ; done fnancy ~ $ for i in {0..1599} ; do touch ~/cocks-pinch-variant/k5/todo/$((16*i)) ; done
fnancy ~ $ cd ~/pairings-code/k5 ; for i in {1..10} ; do oarsub -n k5 -q production -l "{cluster='grcinq'}/nodes=8,walltime=1" -l "{cluster='grvingt'}/nodes=8,walltime=1" "/home/ethome/jobpick/pick.sh --job-queue-path /home/ethome/pairings-code/k5 --job-weight 16 /grvingt/software/SageMath/sage ../search.sage -k 5 -D 10000000147 --hty_choice ht:max=4 --restrict_i '[1]' --save --T_choice hamming=4 --lambdap 663 --lambdar 256 --check_small_subgroup_secure 7 --required_cofactor 4 --spawn 16 --parallel-mode hy --ntasks 68719476736 --task" ; done fnancy ~ $ cd ~/cocks-pinch-variant/k5 ; for i in {1..10} ; do oarsub -n k5 -q production -l "{cluster='grcinq'}/nodes=8,walltime=1" -l "{cluster='grvingt'}/nodes=8,walltime=1" "/home/ethome/jobpick/pick.sh --job-queue-path /home/ethome/cocks-pinch-variant/k5 --job-weight 16 /grvingt/software/SageMath/sage ../search.sage -k 5 -D 10000000147 --hty_choice ht:max=4 --restrict_i '[1]' --save --T_choice hamming=4 --lambdap 663 --lambdar 256 --check_small_subgroup_secure 7 --required_cofactor 4 --spawn 16 --parallel-mode hy --ntasks 68719476736 --task" ; done
Note that the job duration above, set to one hour (`walltime=1`), was Note that the job duration above, set to one hour (`walltime=1`), was
verified beforehand to be a comfortable upper bound on the running time verified beforehand to be a comfortable upper bound on the running time
...@@ -431,7 +433,9 @@ or by the `search.sage` script, prefixed by one or two dashes. ...@@ -431,7 +433,9 @@ or by the `search.sage` script, prefixed by one or two dashes.
* `hty_choice`: strategy for picking cofactors `ht` and `hy`. Same syntax * `hty_choice`: strategy for picking cofactors `ht` and `hy`. Same syntax
as above, plus some additional modifiers of the form `ht:foo` or as above, plus some additional modifiers of the form `ht:foo` or
`hy:foo` that make the strategy modifier (e.g., something like `max=4`) `hy:foo` that make the strategy modifier (e.g., something like `max=4`)
only applicable to `ht` (resp. `hy`(. only applicable to `ht` (resp. `hy`). Note that setting a hamming
weight or 2-naf weight here applies to the cumulative weight of the
pair (h_t, h_y).
* `lambdap`: search for `p` of exactly this bit length. * `lambdap`: search for `p` of exactly this bit length.
* `lambdar`: search for `r` of exactly this bit length. * `lambdar`: search for `r` of exactly this bit length.
* `--spawn` (only for the command-line of `search.sage`): start this * `--spawn` (only for the command-line of `search.sage`): start this
...@@ -496,17 +500,18 @@ exploration of this setting only, we use the following arguments: ...@@ -496,17 +500,18 @@ exploration of this setting only, we use the following arguments:
To do a fraction `2^-32 of the search space`: To do a fraction `2^-32 of the search space`:
sage search.sage -k 5 -D 10000000147 --hty_choice ht:max=4 --restrict_i '[1]' --save --T_choice hamming=4 --lambdap 663 --lambdar 256 --check_small_subgroup_secure 3 --required_cofactor 4 --spawn 4 --parallel-mode hy 0 4294967296 sage search.sage -k 5 -D 10000000147 --hty_choice ht:max=4 --restrict_i '[1]' --save --T_choice hamming=4 --lambdap 663 --lambdar 256 --check_small_subgroup_secure 15 --required_cofactor 4 --spawn 4 --parallel-mode hy 0 4294967296
On houblon.loria.fr, a fraction 4/2^39 of the search space is processed On houblon.loria.fr, a fraction 4/2^39 of the search space is processed
in 128 seconds WCT. in 128 seconds WCT.
On grvingt we do a fraction 64/2^39 in time 266 seconds WCT (2.1 GHz On grvingt-1.nancy.grid5000.fr we do a fraction 64/2^39 in time 266
per core, 64 hyperthreads). seconds WCT (2.1 GHz per core, 64 hyperthreads).
The following curve was found by job `24165/2^36`. The following curve was found by job `24165/2^36` (TODO: fix this, it is
(no longer) the right number).
# C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=-0x11e36418c7c8b454,max_B1=600) # C=CocksPinchVariantResult(5,10000000147,0xe000000000008000,1,ht=3,hy=0x11e36418c7c8b454,max_B1=600)
# card_E = 2^2 * p405 * r # card_E = 2^2 * p405 * r
# card_Et = 2^2 * p661 # card_Et = 2^2 * p661
# card_E2 = p2393 * (2^2 * p405 * r) * r # card_E2 = p2393 * (2^2 * p405 * r) * r
...@@ -532,7 +537,7 @@ computers: ...@@ -532,7 +537,7 @@ computers:
The following curve was found: The following curve was found:
# C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=-0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600) # C=CocksPinchVariantResult(6,3,0xfffffffffffffff00000000000000000,1,ht=0x43fff,hy=0xffffffffff800007fffe,allowed_size_cofactor=10,max_B1=600)
# card_E = 2^2 * 3 * p412 * r # card_E = 2^2 * 3 * p412 * r
# card_Et = 2^2 * 13 * p666 # card_Et = 2^2 * 13 * p666
# card_E2 = p416 * r # card_E2 = p416 * r
...@@ -550,16 +555,12 @@ to `|ht|<=4`. ...@@ -550,16 +555,12 @@ to `|ht|<=4`.
and we obtain four curves for which G2 is also twist-secure : and we obtain four curves for which G2 is also twist-secure :
C=CocksPinchVariantResult(6,3,0xff800000000000200000000000000000,1,ht=-1,hy=0xffffff823ffffe008000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(6,3,0xff800000000000200000000000000000,1,ht=-1,hy=0xffffff823ffffe008000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C print C
C=CocksPinchVariantResult(6,3,0xffe00008000000000000000000000000,1,ht=-1,hy=0xffbfffe3f80200000000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(6,3,0xffe00008000000000000000000000000,1,ht=-1,hy=0xffbfffe3f80200000000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C print C
C=CocksPinchVariantResult(6,3,0xffe00008000000000000000000000000,1,ht=-1,hy=0xfffffd0010001ffc0000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(6,3,0xffe00008000000000000000000000000,1,ht=-1,hy=0xfffffd0010001ffc0000,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C print C
C=CocksPinchVariantResult(6,3,0xefffffffffffffe00000000000000000,1,ht=-1,hy=0xffbbffffffffffffc020,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(6,3,0xefffffffffffffe00000000000000000,1,ht=-1,hy=0xffbbffffffffffffc020,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C print C
Search for curves of embedding degree 7 Search for curves of embedding degree 7
...@@ -567,11 +568,11 @@ Search for curves of embedding degree 7 ...@@ -567,11 +568,11 @@ Search for curves of embedding degree 7
For k=7, we need to restrict to small discriminant D: as 4*p = t**2 + D*y**2, For k=7, we need to restrict to small discriminant D: as 4*p = t**2 + D*y**2,
log_2(p) = 512 and t and y are defined mod r, we need to take D as small as log_2(p) = 512 and t and y are defined mod r, we need to take D as small as
possible, and D!= 3, 4 that are known discriminant, even if no attack using possible. We also avoid D != 3, 4 , even though no known attack takes
this property exist. advantage of this.
We looked for curves of security parameter 7 (i.e G1-subgroup- G1-twist-secure). We looked for curves of security parameter 7 (i.e G1-subgroup- G1-twist-secure).
For D = 5, HW_{NAF}(T) <= 7 and log_2(h_y) = 7, no curve was found. For D = 5, HW_{NAF}(T) <= 7 and log_2(h_y) = 7; no curve was found.
We obtain the only G1-subgroup- G1-twist-secure with HW_NAF(T) = 8 with: We obtain the only G1-subgroup- G1-twist-secure with HW_NAF(T) = 8 with:
C=CocksPinchVariantResult(7,20,0x5fffb820248,6,ht=-2,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(7,20,0x5fffb820248,6,ht=-2,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
...@@ -588,7 +589,7 @@ We decide to force `4 | #E` so that Edwards form can be used. ...@@ -588,7 +589,7 @@ We decide to force `4 | #E` so that Edwards form can be used.
The following curve was found: The following curve was found:
# C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600) # C=CocksPinchVariantResult(8,4,0xffffffffffffffc0,1,ht=-0x1821f,hy=-0x1fdc,allowed_cofactor=1232,allowed_size_cofactor=10,max_B1=600)
# card_E = 2^4 * p284 * r # card_E = 2^4 * p284 * r
# card_Et = 2^2 * p542 # card_Et = 2^2 * p542
# card_E2 = 2 * p830 * r # card_E2 = 2 * p830 * r
...@@ -620,12 +621,8 @@ This produces the following two curves (subjobs 47/4096 and 2483/4096, ...@@ -620,12 +621,8 @@ This produces the following two curves (subjobs 47/4096 and 2483/4096,
respectively): respectively):
C=CocksPinchVariantResult(8,4,0xffffffffeff7c200,5,ht=5,hy=-0xd700,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(8,4,0xffffffffeff7c200,5,ht=5,hy=-0xd700,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C
C=CocksPinchVariantResult(8,4,0xffdffffc7ffffc00,3,ht=5,hy=0xc5f4,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600) C=CocksPinchVariantResult(8,4,0xffdffffc7ffffc00,3,ht=5,hy=0xc5f4,allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
C.set_test_info(allowed_cofactor=420,allowed_size_cofactor=10,max_B1=600)
print C
Note that the former is naturally preferred because hy has 2-naf weight Note that the former is naturally preferred because hy has 2-naf weight
only 4. only 4.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment