how to use big prime in meshgrid

Question

Mohammad am 16 Mär. 2023

0
Verknüpfen

Direkter Link zu dieser Frage

https://de.mathworks.com/matlabcentral/answers/1929860-how-to-use-big-prime-in-meshgrid

Kommentiert: Mohammad am 17 Mär. 2023

I have this code to generate the base points:

% Define the Edwards curve parameters
a = 6;
b = 7;
p = 823572345728582623;
% Generate all the points on the curve
[X, Y] = meshgrid(0:p-1, 0:p-1);
Z = (X.^3) + (a * X.^2 + X);
idx = find(mod(b*Y.^2 - Z, p) == 0);
X = X(idx);
Y = Y(idx);
% Plot the points
scatter(X, Y);
display([X, Y]);
axis([0 p-1 0 p-1]);
title(sprintf('Points on the Montgomery curve %d*y^2=x^3+%d*x^2+x (mod %d)', a, b, p));
xlabel('X');
ylabel('Y');

but in matlab nnot accept the big number, how can I use big prime number to generate the base points in ECC?

10 Kommentare
8 ältere Kommentare anzeigen8 ältere Kommentare ausblenden

John D'Errico am 16 Mär. 2023

Bearbeitet: John D'Errico am 16 Mär. 2023

In MATLAB Online öffnen

@Stephen23 has said it very well. Your computer, even if you have a nice big computer on your desk, does not have enough memory to store that array.

p = 823572345728582623;
% Generate all the points on the curve
% [X, Y] = meshgrid(0:p-1, 0:p-1);

And even if it did have sufficient memory, you would not have the time to do anything with it. How many elements does that array contain? I count this many:

six hundred seventy eight decillion, two hundred seventy one nonillion, four hundred eight octillion, six hundred forty eight septillion, eight hundred eighty sextillion, twenty four quintillion, two hundred thirty one quadrillion, five hundred fifty four trillion, five hundred eight billion, five hundred thirty seven million, five hundred sixty thousand, one hundred twenty nine

Suppose your computer is able to perform a trillion operations per second? That would be pretty fast. But suppose you happen to work for the NSA, or someplace with some seriously big computers. They can even beat that mark these days.

p^2/10^12
ans =
   6.7827e+23

So if you do one operation per element, so one machine cycle, per element. Let me see, if I recalll, there are something like 30 million seconds in a year.

p^2/10^12/30e6
ans =
   2.2609e+16

What is the lifetime of the universe to this date? Not quite 14 billion years I recall?

p^2/10^12/30e6/14e9
ans =
   1.6149e+06

So 1.6 MILLION lifetimes of the universe to do something with that array?

But heck, if you could use Java. Java does not do anything special, sorry. How would that make it possible to compute anything even so?

People get spoiled. They see computers on TV or in the movies do all sorts of wonderful things. But a TV show is not the real world. Computers are not infinitely large. They are not infinitely fast. They are not infinitely powerful. Computers have very finite limits.

Mohammad am 16 Mär. 2023

What I mean isif I cannot generate a base points with that big prime number because I want huge RAM resources so how can I achieve it, or how can others achieved to get base point with big prime number?

Matt J am 16 Mär. 2023

Bearbeitet: Matt J am 16 Mär. 2023

how can others achieved to get base point with big prime number?

@Mohammad and as John has told you, that is not a Matlab question. You need to consult a cryptography forum, or relevant literature.

Melden Sie sich an, um zu kommentieren.

Melden Sie sich an, um diese Frage zu beantworten.

Answer 1

John D'Errico am 16 Mär. 2023

1
Verknüpfen

Direkter Link zu dieser Antwort

https://de.mathworks.com/matlabcentral/answers/1929860-how-to-use-big-prime-in-meshgrid#answer_1194565

Bearbeitet: John D'Errico am 16 Mär. 2023

In MATLAB Online öffnen

Pick some random integer X, less than p. You will need to use some tool capable of working with large integers, greater than the capability of a double, or even a uint64. You could use my VPI or the java.math.BigInteger tools, or SYM. Unfortunately, you will also need some other capabilities too, like a modular inverse, and a modular square root. The modular inverse is trivial, since it is effectively already in MATLAB under the guise of GCD.

a = 6;
b = 7;
p = sym('823572345728582623');
isprime(p)
ans = logical
   1

So p is prime.

Now, choose a random integer less than p.

X = sym('9259113932133140')
X = 9259113932133140

Form Z.

Z = mod((X.^3) + (a * X.^2 + X),p)
Z = 417026731990200586

Now you want to solve for Y, such that

mod(b*Y^2,p) == Z

First, what is the modular inverse of b, mod p? You can get that from the function GCD. That is, you want to solve the problem

mod(b*u,p) == 1

For some unknown integer u. It must always exist for an odd prime p, since then 2 and p are coprime. A nice thing is, the function GCD does exactly that for you by returning coefficients that satisfy the Bezout identity. From the help for GCD, the three argument form gives you this:

[G,C,D] = gcd(A,B) also returns C and D so that G = A.*C + B.*D.

In that case, as long as b and p are relatively prime (so G==1), then the second return argument from GCD is the modular inverse of b. You would find that

[G,C,D] = gcd(b,p)

G =

1

C =

D =

3

binv = mod(C,p)

binv =

470612768987761499

So binv has the property that

mod(b*binv,p)
ans = 1

is 1, as we needed. As such, we can now MULTIPLY by that modular inverse, because the number binv is a modular inverse.

Finally, all you need to do is compute the (modular) square root of binv*Z, so the square root in the ring of integers modulo p. In my VPIJ and VPI toolboxes, I used a method from Shanks-Tonelli to compute the sqrt.

Z = mod(binv.*Z,p)
Z = 177228439674111887

Unfortunately, I don't have a sym code that will compute the modular square root. (I should write that and post it on the FEX one day. But my hope is that TMW will do it for me.) But in this case, you would have gotten:

Y = sym('670916485936022059');

Do X and Y have the desired property?

mod(b*Y.^2 - ((X.^3) + (a * X.^2 + X)), p)
ans = 0

Which tells us that the pair (X,Y) are indeed a valid pair of solutions to that elliptic curve.

[X,Y]

ans =

Perform that computation for multiple values of X. You may find that no square root exists for some values of X, probably around 50% or them. You could learn that by checking to see if Z as I computed it is a quadratic residue for p.

Anyway, all you really need is to write a modular square root code. This is your homework, not mine.