openssl elliptic curves

Question

I have an elliptic curve EC and I need to find such an point G of EC which coordinate is the smallest non-negative integer of all points on the curve. I need it for an implementation of ECOH hashing algorithm. I was trying to use openssl to achieve this goal but so far I haven't figure out how to find such a point. I was trying to do this:

EC_POINT *G = EC_POINT_new(ec);
for(int i = 1; i < 1024; i++)
{
    itoa(i, str, 10);
    BN_dec2bn(&x, str);
    EC_POINT_set_affine_coordinates_GFp(ec, G, x, y, ctx);
    if(EC_POINT_is_on_curve(ec, G, ctx))
        printf("%s\n", str);
}

But it only checks whether the point with the coordinates of (x, y) is on the curve or not. How can I find it?

Answer 1

First, find a generator if ec did not provide one. I suppose you want generator with the smallest x-coordinate. You can do something like this:

// Suppose you've found a generator point G, and a BIGNUM context bn_ctx 
// has been created and initialized

BIGNUM x, y, x_min, y_min;
BN_init(&x); BN_init(&x_min);
BN_init(&y); BN_init(&y_min);

EC_POINT *P = EC_POINT_new(ec);
EC_POINT_copy(P,G);
EC_POINT_get_affine_coordinates_GFp(ec,P,x_min,y_min,bn_ctx);
do{
    EC_POINT_add(ec,P,P,G,bn_ctx);
    EC_POINT_get_affine_coordinates_GFp(ec,P,x,y,bn_ctx);
    if (x < x_min) {
        BN_copy(x_min, x);
        BN_copy(y_min, y);
    }
}while(!EC_POINT_is_at_infinity(ec,P));

Then you'll have your generator (x,y) with smallest x-coordinate. As to how to find a generator in the first place, that's another story.

Answer 2

Instead of using EC_POINT_set_affine_coordinates_GFp, which requires both x and y, use EC_POINT_set_compressed_coordinates_GFp, which instead of a y takes a y_bit denoting which of the two y values (even or odd) to use for a given x (if the x is within the curve's domain).

Then you should be able to just loop through the first few x to find the coordinate with the smallest x, just as you're attempting to do.