0

I am doing some research on elliptic curves. If I understood correctly there is a G base point that was set as a large prime point on the curve. As an example, I pick the infamous secp256k1 curve with G.

G = (0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 
     0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)

I wanted to test if a G lies on the curve. So I written a small piece of python code.

# y^2 = x^3 + 7
def curveEq(G):
    x, y = G
    left = (y * y)
    right = (x * x * x) + 7
    print("L:  " + str(left))
    print("R:  " + str(right))

but I get left != right. What am I missing?

Simen
  • 13
  • 1
  • 3
  • 1
    Umm ... you forgot the whole modulus thing. – President James K. Polk Dec 27 '21 at 21:23
  • Oh, I was not sure about the mod since it is the base point. In that case should my code look like this ? **left = (y * y) + (r * int(P))** where r is some order number ? and P = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f ? ( If I consider that there was no modding on x coordinate) – Simen Dec 27 '21 at 21:30
  • 1
    y\*y = x\*x\*x + 7 is an elliptic curve, but it's not the secpk1 elliptic curve. y\*y = x\*x\*x + 7 mod p where p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f is the secpk1 elliptic curve. – President James K. Polk Dec 27 '21 at 21:33
  • Ah! So that's what I was missing! thank you a lot! If you post it as an answer I can close this up :) – Simen Dec 27 '21 at 21:38
  • https://crypto.stackexchange.com/a/85802/18298 – kelalaka Dec 27 '21 at 22:41
  • Yes, I saw this one. Thank you anyway. The point for me was as Mr. Polk said - the secpk1 curve contains in definition **mod p**. I totally misunderstood that this curve is defined with **mod p** (I was thinking that curve is just an equation without the mod and that mod was used only in point doubling and adding). After correcting my code with modulus everything works and I am able to verify the point. – Simen Dec 27 '21 at 22:56

1 Answers1

1

The point for me was as Mr. Polk said in the comment - the secpk1 curve contains in definition mod p. I totally misunderstood that this curve is defined with mod p (I was thinking that curve is just an equation without the mod and that mod was used only in point doubling and adding). After correcting my code with modulus everything works and I am able to verify the point.

# y^2 = x^3 + 7 mod P  for secp256k1
P =  0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
def curveEqMod(p):
    x, y = p
    x = int(x)
    y = int(y)
    left = (y * y) % P
    right = ((x * x * x) + 7) % P
    print("L:  " + str(left))
    print("R:  " + str(right))

Also as Mr. kelalaka said there is a similar example: Proof that user public key corresponds the curve equation (secp256r1)

kelalaka
  • 5,064
  • 5
  • 27
  • 44
Simen
  • 13
  • 1
  • 3
  • All EC that we use in Cryptography is defined over a finite field `GF(p^m)`. They are also called the Galois Field. If `m=1` then it is a prime field and when `m >1` it is finite field extension. All of the operations must be performed according to this. Point addition, on the other hand, forms an abelian group from the points on the curve. – kelalaka Dec 28 '21 at 15:57