forked from asanso/CryptoWithSageMath
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtate-pairing-example.sage
70 lines (58 loc) · 1.13 KB
/
tate-pairing-example.sage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Tate Pairing Example
# Example 5.43 in IMC
# E: y^2 = x^3 + 30x + 34 mod 631
p = 631
a = 30
b = 34
E = EllipticCurve(GF(p), [a, b])
print E
P = E((36, 60))
Q = E((121, 387))
n = 5
S = E((0, 36))
print "P =", P.xy()
print "Q =", Q.xy()
print "#P = #Q =", n
var('x y')
def g(P, Q):
(x_P, y_P) = P.xy()
(x_Q, y_Q) = Q.xy()
if x_P == x_Q and y_P + y_Q == 0:
return x - x_P
if P == Q:
slope = (3 * x_P^2 + a)/(2 * y_P)
else:
slope = (y_P - y_Q)/(x_P - x_Q)
return (y - y_P - slope * (x - x_P))/(x + x_P + x_Q - slope^2)
def miller(m, P):
m = bin(m)[3:]
n = len(m)
T = P
f = 1
for i in range(n):
f = f^2 * g(T, T)
T = T + T
if int(m[i]) == 1:
f = f * g(T, P)
T = T + P
return f
def eval_miller(P, Q):
f = miller(n, P)
(x1, y1) = Q.xy()
return f(x = x1, y = y1)
def tate_pairing(P, Q, S):
eta = (p - 1)/n
num = eval_miller(P, Q+S)/eval_miller(P, S)
return (num^eta)
# r is \tau
r = tate_pairing(P, Q, S)
print "r(P, Q) =", r
# r^n = 1
print "r(P, Q)^n =", r^n
P3 = P * 3
Q4 = Q * 4
r12 = tate_pairing(P3, Q4, S)
print "[3]P =", P3.xy()
print "[4]Q =", Q4.xy()
print "r([3]P, [4]Q) =", r12
print "r(P, Q)^12 =", r^12