Baby Step Giant Step: Computing m of Rational Points on Elliptic Curve

  • Context: Graduate 
  • Thread starter Thread starter yavanna
  • Start date Start date
Click For Summary
SUMMARY

The discussion focuses on the baby-step-giant-step algorithm for computing the number m of rational points on an elliptic curve defined over the finite field \mathbb{F}_p. The user attempted to implement this algorithm using PARI/GP but encountered issues where the output did not yield the expected number m, instead providing indices [i,j] of the relation R+iQ=jP. Key functions utilized include ellpoint for generating points, ellsum for point addition, and ellpow for scalar multiplication. The algorithm's implementation is detailed with specific code snippets, highlighting the challenges faced in achieving the desired output.

PREREQUISITES
  • Understanding of elliptic curves and their properties over finite fields.
  • Familiarity with the baby-step-giant-step algorithm for point counting.
  • Proficiency in PARI/GP programming language and its elliptic curve functions.
  • Knowledge of group theory as it applies to elliptic curves.
NEXT STEPS
  • Study the implementation of the baby-step-giant-step algorithm in different programming environments.
  • Learn about the properties of elliptic curves over finite fields, particularly \mathbb{F}_p.
  • Explore advanced PARI/GP functions for elliptic curves, including error handling and optimization techniques.
  • Investigate alternative algorithms for counting rational points on elliptic curves, such as the Schoof's algorithm.
USEFUL FOR

Mathematicians, cryptographers, and computer scientists interested in elliptic curve cryptography, as well as developers working with PARI/GP for computational number theory.

yavanna
Messages
10
Reaction score
0
The baby-step-giant-step method to compute the number [itex]m[/itex] of rational points over an elliptic curve defined over [itex]\mathbb{F}_p[/itex]

http://img560.imageshack.us/img560/3852/babym.jpg
Uploaded with ImageShack.us

In the second part [itex]R=(p+1)P[/itex], but for every point on the curve [itex](p+1)P[/itex] is the identity element of the group: [itex]P_{\infty}[/itex].

So [itex]R+iQ[/itex] is always [itex]iQ[/itex], isn't it?
 
Last edited by a moderator:
Physics news on Phys.org
I've tried to use this algorithm in PARI/GP with the following code, just to check if it works, it doesn't output m but the indexes [i,j] of [itex]R+iQ=jP[/itex]. Ellpoint finds a random point on the curve, ellsum makes the sum between two points, ellpow(E,P,n) compute the scalar multiplication nP. But it doesn't work

{\\Baby-Step-Giant-Step E(F_p)
BSGS(e,char)=local(s,i,v,P,Match,j,Q,R,S,k);
s=ceil(char^(1/4));
P=ellpoint(e,char);
v=vector(s);
v[1]=P;
for(i=2,s,v=ellsum(e,v[i-1],P,char));
for(i=1,s,v=concat(v,[[v[1],-v[2]]]));
print(v);
Match=0;
Q=ellpow(e,P,2*s+1);
R=ellpow(e,P,char+1); j=0;
while(Match==0,j=j+1;S=ellpow(e,Q,j);print(S);for(i=1,s,if(S==v,Match=1;k=i,) )\\end for
);\\end while
return([k,j]);
}
 

Similar threads

Graduate Structure of modulo-integer matrix group GL(r,Z(n))?
  • · Replies 17 ·
Replies
17
Views
7K
Undergrad Meaning of "passage to the quotient"?
  • · Replies 3 ·
Replies
3
Views
1K
Undergrad A curve that does not meet rational points
  • · Replies 9 ·
Replies
9
Views
4K
Graduate Is There an Algebraic Closure for Every Field?
  • · Replies 1 ·
Replies
1
Views
3K
Graduate How to derive Quantum Mechanics in curved physical space?
  • · Replies 6 ·
Replies
6
Views
2K
Graduate Computing de Rham Cohomology of Connected Sums of Objects
  • · Replies 13 ·
Replies
13
Views
3K
Undergrad Phase space integral in noninteracting dipole system
  • · Replies 2 ·
Replies
2
Views
2K
Challenge Math Challenge - May 2020
  • · Replies 61 ·
3
Replies
61
Views
13K
Challenge Math Challenge - August 2021
  • · Replies 46 ·
2
Replies
46
Views
9K
Challenge Math Challenge - September 2021
  • · Replies 100 ·
4
Replies
100
Views
13K