7

If you have an elliptic curve in the form of:

y^2 = x^3 + a*x + b  (mod p)

Is there a good program to calculate the number of points on this curve?

I have read about Schoof's and Schoof-Elkies-Atkin (SEA) algorithm, but I'm looking for open source implementations. Does anyone know a good program that can do this?

Also if a is 1 and b is 0, the SEA algorithm can't be used because the j-invariant is 0. Is this correct?

jww
  • 97,681
  • 90
  • 411
  • 885
Omega
  • 365
  • 1
  • 4
  • 10
  • I think you need to be more specific. What's the available point-space? Integers? Reals? There are infinite points unless you constrain the problem otherwise. – Michael Haren Jan 02 '09 at 21:03
  • 1
    The OP said "mod p" which implies integers. – Jason S Jan 02 '09 at 21:16
  • 1
    Context is probably elliptic-curve cryptography but I'm not sure, the math is a bit over my head. – Jason S Jan 02 '09 at 21:16
  • It is an interesting subject and I have found some theory on elliptic curves modulo p in one of my old math book. If you are interested I can present some information (but no solution). And I'm not sure if I still understand the complete math, but it is interesting stuff. – Toon Krijthe Jan 02 '09 at 21:33
  • I'm talking about this book: "http://www.amazon.com/Factorization-Primality-Testing-Undergraduate-Mathematics/dp/0387970401" – Toon Krijthe Jan 02 '09 at 21:35
  • Is a better question to ask what metrics to use to calculate number of points on a curve? – Dave Hillier Jan 02 '09 at 23:10
  • 3
    The question is phrased absolutely correctly for anyone involved in the field. What is meant by number of points of an elliptic curve E mod p is the number of points in the affine plane over the field with p elements A^2(F_p) (or the number of points in the projective plane P^2(F_p)). – Tobias Jun 12 '09 at 18:11
  • Future questions of this type should probably be posted on the [Cryptography Stack Exchange](http://crypto.stackexchange.com/). – David Grayson Jan 20 '15 at 00:37

4 Answers4

3

Have you heard of Sage?

Sage includes Pari, which is an open source package for number theory. Pari has an implementation of SEA.

From http://wstein.org/papers/2008-bordeaux/sphinx/elliptic_curves.html#schoof-elkies-atkin-point-counting:

sage: k = GF(next_prime(10^20))
sage: E = EllipticCurve(k.random_element())
sage: E.cardinality()                   # less than a second
100000000005466254167
Bobby Moretti
  • 717
  • 1
  • 6
  • 17
2

I have been using Mike Scotts program(miracl) for this purpose also. Being just curious may I ask: How large were the domains with prime group order you could produce with the software? I got up to 1024 bit and now quit because I need my office PC for something other than running point counting software for weeks on end. Did you produce larger domains? If so I would be glad to get the domain parameters and if you don't have objections would include them in my ECC-Software Academic Signature.

My domains can be found here ECC Domain Page. The software to use them with is accessible from here Manual with Link to download page

Regards.

jww
  • 97,681
  • 90
  • 411
  • 885
Michael Anders
  • 31
  • 2
1

I have tried Sage. It took me around 3-4 hours to compile to x64 ubuntu. It seems to be a good program. But when the j-invariant is 0 the SEA algorithm can't be used, and then it seems to have some problems if you use large values for p/k.

After searching some more I also found miracl: http://www.shamus.ie/index.php?page=elliptic-curves They have implementations for both the normal Schoof and SEA algorithm. But this program also has some problems when using large input values. After 3-4 hours of running it crashed :/. I tried to fix it, and currently it's running again so hopefully it will work.

Edit: It works now. The program in the link above is identical to the one Rasmus Faber gave.

Omega
  • 365
  • 1
  • 4
  • 10
1

There are some links here: Implementations of portions of the P1363 draft (wayback backup link of this page).

Arty
  • 14,883
  • 6
  • 36
  • 69
Rasmus Faber
  • 48,631
  • 24
  • 141
  • 189
  • "A C++ Implementation Implementation of the Schoof's Algorithms for Counting Points on an Arbitrary Elliptic Curve by Mike Scott" did the job. I had to make a few changes so it worked for large numbers. That is: increase the size of arrays and the precision of "Big" numbers. – Omega Mar 27 '09 at 13:42
  • Links are dead for me on that page, can anyone mirror? – samoz Mar 21 '14 at 13:11
  • @samoz Just modified answer a bit to include Wayback [backup link](https://web.archive.org/web/20170114091037/http://grouper.ieee.org/groups/1363/P1363/implementations.html), I hope original author of an Answer doesn't mind, because starting from 2014 he didn't reply yet to your request of updating dead link. – Arty Nov 23 '21 at 10:29