Curve detail
Definition
| Name | Curve25519 |
|---|---|
| Category | djb |
| Description | Curve from https://cr.yp.to/ecdh.html |
| Field | Prime (0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed) |
| Field bits | 255 |
| Form | Montgomery $by^2 = x^3 + ax^2 + x$ |
| Param $a$ | 0x76d06 |
| Param $b$ | 0x01 |
| Generator $x$ | 0x09 |
| Generator $y$ | 0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9 |
Characteristics
| Order | 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed |
| Cofactor | 0x8 |
| $j$-invariant | 0x56c143fbfba334948229e71bacc4801f4321f1a7c4591336f27d7903cb215317 |
| Trace $t$ | -0xa6f7cef517bce6b2c09318d2e7ae9f7a |
| Embedding degree $k$ | 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae2529a51b2944ce6403108464d3a352 |
| CM discriminant | -0x64c66bee483cf65c231138c2de80a413a110920000d1b1d90bf4b83b29b3ce64 |
Traits
| $\text{cofactor}()$ | |
|---|---|
| order | 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed |
| cofactor | 0x8 |
| $\text{discriminant}()$ | |
| cm_disc | None |
| factorization | None |
| max_conductor | None |
| $\text{twist_order}(deg=1)$ | |
| twist_cardinality | 0x7fffffffffffffffffffffffffffffff5908310ae843194d3f6ce72d18516074 |
| factorization | None |
| $\text{twist_order}(deg=2)$ | |
| twist_cardinality | 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec6ce65046df0c268f73bb1cf485fd6fb17bbdb7fffcb9389bd02d1f135930c7b4 |
| factorization | None |
| $\text{kn_factorization}(k=1)$ | |
| (+)factorization | ['0x3', '0x7', '0x7', '0x1d', '0x1f', '0x89', '0x32fed5', '0xc58ab26a0e6f385bb2c51', '0x303a71a5c04234d25e0b332f35192735'] |
| (+)largest_factor_bitlen | 0x7e |
| (-)factorization | ['0x13', '0x267989', '0x3d1e595b7', '0xbbc0d57b651af9770bf4c5c686d490234e42764d3093394f3'] |
| (-)largest_factor_bitlen | 0xc4 |
| $\text{kn_factorization}(k=2)$ | |
| (+)factorization | ['0x5', '0x5', '0x25', '0xf475', '0x6c3cfd4ed334b', '0xaf7ba12f18d9928b7de578cb3d1028208ebd2a017fc93'] |
| (+)largest_factor_bitlen | 0xb4 |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | - |
| $\text{kn_factorization}(k=3)$ | |
| (+)factorization | NO DATA (timed out) |
| (+)largest_factor_bitlen | - |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | - |
| $\text{kn_factorization}(k=4)$ | |
| (+)factorization | ['0x3', '0xb', '0xd', '0xd', '0x17', '0x35f', '0xbb63dddfd9079963d', '0x6a02604e5e4e41ada19a8b38d1e634b8be68aa565'] |
| (+)largest_factor_bitlen | 0xa3 |
| (-)factorization | ['0x11', '0x49', '0x49', '0xa7', '0x14741', '0x1bc278027b6a96644255211991d9e42ecc5a1cef230fff62f5e1429'] |
| (-)largest_factor_bitlen | 0xd9 |
| $\text{kn_factorization}(k=5)$ | |
| (+)factorization | ['0x283', '0xfece3bb855ff3427d03954cd6fe02639d556037f965ef50c3f40b0d1a09c83'] |
| (+)largest_factor_bitlen | 0xf8 |
| (-)factorization | ['0x3', '0x7f', '0x4a9', '0x35bf', '0xfdb7', '0x1bb7cdd8f94c3f68c6c2754aee341acfef525df56f08a513a3283'] |
| (-)largest_factor_bitlen | 0xd1 |
| $\text{kn_factorization}(k=6)$ | |
| (+)factorization | ['0x15d', '0x23358c1a682913ce1eceda971b23f15488e29b386a49f792ba79265eb0b1225'] |
| (+)largest_factor_bitlen | 0xfa |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | - |
| $\text{kn_factorization}(k=7)$ | |
| (+)factorization | ['0x3', '0x3', '0x5', '0x641', '0x16c1b93580d4f3d', '0x23d0d5c4bcc2c55b99238a86a6593d1bbf0a85d79b170e1'] |
| (+)largest_factor_bitlen | 0xba |
| (-)factorization | ['0xb', '0xf95', '0x53a3b3da07e6486120d1490ce34731efd26cea9fee17ba36516faa90af611'] |
| (-)largest_factor_bitlen | 0xf3 |
| $\text{kn_factorization}(k=8)$ | |
| (+)factorization | ['0x7', '0x26a5a263ae5dcd7', '0x3c90143ee6bb6730ec2cae75c0fe0a68dd787c23647a61dd61'] |
| (+)largest_factor_bitlen | 0xc6 |
| (-)factorization | ['0x3', '0x5', '0x71', '0x2ab', '0x3ec07ffb95', '0xec7bf70da4c1c13dc79b56cf9d523c6cedd4c057ac8fec04d7'] |
| (-)largest_factor_bitlen | 0xc8 |
| $\text{torsion_extension}(l=2)$ | |
| least | 0x1 |
| full | 0x2 |
| relative | 0x2 |
| $\text{torsion_extension}(l=3)$ | |
| least | 0x4 |
| full | 0x4 |
| relative | 0x1 |
| $\text{torsion_extension}(l=5)$ | |
| least | 0xc |
| full | 0xc |
| relative | 0x1 |
| $\text{torsion_extension}(l=7)$ | |
| least | 0x30 |
| full | 0x30 |
| relative | 0x1 |
| $\text{torsion_extension}(l=11)$ | |
| least | 0x78 |
| full | 0x78 |
| relative | 0x1 |
| $\text{torsion_extension}(l=13)$ | |
| least | 0x18 |
| full | 0x18 |
| relative | 0x1 |
| $\text{torsion_extension}(l=17)$ | |
| least | 0x120 |
| full | 0x120 |
| relative | 0x1 |
| $\text{conductor}(deg=2)$ | |
| ratio_sqrt | 0xa6f7cef517bce6b2c09318d2e7ae9f7a |
| factorization | ['0x2', '0x3', '0xd', '0x14193938499049', '0x1b43fb5e36b92235a3'] |
| $\text{conductor}(deg=3)$ | |
| ratio_sqrt | 0x1319afb920f3d9708c44e30b7a02904e844248000346c7642fd2e0eca6cf39c9 |
| factorization | ['0x5', '0x856f3', '0x1b35632f', '0x119937ab683ee938f9c1b', '0x3eb186f947e86f26a983df59b0dda3b'] |
| $\text{conductor}(deg=4)$ | |
| ratio_sqrt | 0x5ff10ca6179ce92d0132130550ab3e30de8f2c9b90b444cd35972198f5adfedc5944cd7afd7b94541678f19aa74d8abc |
| factorization | ['0x2', '0x2', '0x3', '0xd', '0x2b', '0x95', '0x14d400c19', '0x152cd5735', '0x178028d79733', '0x14193938499049', '0x1b43fb5e36b92235a3', '0x1294ff43fc67c65a67b9d7748ca2c43a9b'] |
| $\text{embedding}()$ | |
| embedding_degree_complement | 0x6 |
| complement_bit_length | 0x3 |
| $\text{class_number}()$ | |
| upper | NO DATA (timed out) |
| lower | NO DATA (timed out) |
| $\text{small_prime_order}(l=2)$ | |
| order | None |
| complement_bit_length | None |
| $\text{small_prime_order}(l=3)$ | |
| order | 0x80000000000000000000000000000000a6f7cef517bce6b2c09318d2e7ae9f6 |
| complement_bit_length | 0x4 |
| $\text{small_prime_order}(l=5)$ | |
| order | 0x80000000000000000000000000000000a6f7cef517bce6b2c09318d2e7ae9f6 |
| complement_bit_length | 0x4 |
| $\text{small_prime_order}(l=7)$ | |
| order | 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ec |
| complement_bit_length | 0x3 |
| $\text{small_prime_order}(l=11)$ | |
| order | 0x80000000000000000000000000000000a6f7cef517bce6b2c09318d2e7ae9f6 |
| complement_bit_length | 0x4 |
| $\text{small_prime_order}(l=13)$ | |
| order | 0x1745d1745d1745d1745d1745d1745d17642d0e5b1b96b594dd3204836ff1344 |
| complement_bit_length | 0x6 |
| $\text{division_polynomials}(l=2)$ | |
| factorization | [['0x1', '0x1'], ['0x2', '0x1']] |
| len | 0x2 |
| $\text{division_polynomials}(l=3)$ | |
| factorization | [['0x2', '0x2']] |
| len | 0x1 |
| $\text{division_polynomials}(l=5)$ | |
| factorization | [['0x6', '0x2']] |
| len | 0x1 |
| $\text{volcano}(l=2)$ | |
| crater_degree | 0x1 |
| depth | 0x1 |
| $\text{volcano}(l=3)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=5)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=7)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=11)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=13)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=17)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=19)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{isogeny_extension}(l=2)$ | |
| least | 0x1 |
| full | 0x2 |
| relative | 0x2 |
| $\text{isogeny_extension}(l=3)$ | |
| least | 0x2 |
| full | 0x2 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=5)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=7)$ | |
| least | 0x8 |
| full | 0x8 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=11)$ | |
| least | 0xc |
| full | 0xc |
| relative | 0x1 |
| $\text{isogeny_extension}(l=13)$ | |
| least | 0x2 |
| full | 0x2 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=17)$ | |
| least | 0x12 |
| full | 0x12 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=19)$ | |
| least | 0x14 |
| full | 0x14 |
| relative | 0x1 |
| $\text{trace_factorization}(deg=1)$ | |
| trace | -0xa6f7cef517bce6b2c09318d2e7ae9f7a |
| trace_factorization | ['0x2', '0x3', '0xd', '0x14193938499049', '0x1b43fb5e36b92235a3'] |
| number_of_factors | 0x5 |
| $\text{trace_factorization}(deg=2)$ | |
| trace | -0xa6f7cef517bce6b2c09318d2e7ae9f7a |
| trace_factorization | ['0x2', '0x2b', '0x95', '0x14d400c19', '0x152cd5735', '0x178028d79733', '0x1294ff43fc67c65a67b9d7748ca2c43a9b'] |
| number_of_factors | 0x7 |
| $\text{isogeny_neighbors}(l=2)$ | |
| len | 0x1 |
| $\text{isogeny_neighbors}(l=3)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=5)$ | |
| len | 0x0 |
| $\text{q_torsion}()$ | |
| Q_torsion | 0x1 |
| $\text{hamming_x}(weight=1)$ | |
| x_coord_count | 0x7a |
| expected | 0x80 |
| ratio | 1.04918 |
| $\text{hamming_x}(weight=2)$ | |
| x_coord_count | 0x3fb2 |
| expected | 0x3fc0 |
| ratio | 1.00086 |
| $\text{hamming_x}(weight=3)$ | |
| x_coord_count | 0x151a42 |
| expected | 0x151580 |
| ratio | 0.99912 |
| $\text{square_4p1}()$ | |
| p | 0x3 |
| order | 0x1 |
| $\text{pow_distance}()$ | |
| distance | 0xa6f7cef517bce6b2c09318d2e7ae9f68 |
| ratio | 2.6086521088137155e+38 |
| distance 32 | 0x8 |
| distance 64 | 0x18 |
| $\text{multiples_x}(k=1)$ | |
| Hx | 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 1.00395 |
| $\text{multiples_x}(k=2)$ | |
| Hx | 0x3f76e82d50ed994bd312a2b5c258624ac6c292766b9425fee645ba29f065da0 |
| bits | 0xfa |
| difference | 0x6 |
| ratio | 0.98814 |
| $\text{multiples_x}(k=3)$ | |
| Hx | 0x45be57360eb47d42bbf7fb87a112996fafacc99b5c155203a0362185bd1014bd |
| bits | 0xff |
| difference | 0x1 |
| ratio | 1.00791 |
| $\text{multiples_x}(k=4)$ | |
| Hx | 0x77e221473afa8b062f551ffd27e10a60e9513612e7d4d51583aa6015caecee60 |
| bits | 0xff |
| difference | 0x1 |
| ratio | 1.00791 |
| $\text{multiples_x}(k=5)$ | |
| Hx | 0x283b43fcbf29ea887c9f5b4aecf3288b0fd11292cbd26acec843c033b5222291 |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 1.00395 |
| $\text{multiples_x}(k=6)$ | |
| Hx | 0x269cf421cd26cc439fa45bbba15ad0d497f46036c6bb62a8f73ca3b49b81f005 |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 1.00395 |
| $\text{multiples_x}(k=7)$ | |
| Hx | 0x5444e35ba0538f4808038dbf84e268b5f5f8f493972b83031b3eb35217fee0be |
| bits | 0xff |
| difference | 0x1 |
| ratio | 1.00791 |
| $\text{multiples_x}(k=8)$ | |
| Hx | 0x24ec36312f8c8aff0d7e17f5e0fc00700aad62a2a2e606238b674488e5fde6a6 |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 1.00395 |
| $\text{multiples_x}(k=9)$ | |
| Hx | 0x431d9050842ab712185647ca152e37e5977ce057b5ced37621f51c22354ca7de |
| bits | 0xff |
| difference | 0x1 |
| ratio | 1.00791 |
| $\text{multiples_x}(k=10)$ | |
| Hx | 0x5c5c772da10744cb8df4b105588863ae73e27440cba6dbd9a56fdd1739808ba3 |
| bits | 0xff |
| difference | 0x1 |
| ratio | 1.00791 |
| $\text{x962_invariant}()$ | |
| r | 0x2d7671d0e555d545415f9173641fdf2d7a839331281cf5802aa7f80410ac751c |
| $\text{brainpool_overlap}()$ | |
| o | -0x5097b425ed097b54c066a11a |
| $\text{weierstrass}()$ | |
| a | 0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144 |
| b | 0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864 |