Curve detail
Definition
| Name | SM2 |
|---|---|
| Category | oscca |
| Field | Prime (0xfffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff) |
| Field bits | 256 |
| Form | Weierstrass $y^2 = x^3 + ax + b$ |
| Param $a$ | 0xfffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc |
| Param $b$ | 0x28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93 |
| Generator $x$ | 0x32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7 |
| Generator $y$ | 0xbc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0 |
Characteristics
| Order | 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123 |
| Cofactor | 0x1 |
| $j$-invariant | 0x4ba049c8e8bc26c28c7f35ae2e383606c73debf7ace2640992a90e9f5b75412e |
| Trace $t$ | 0x8dfc2093de39fad5ac440bf6c62abedd |
| Embedding degree $k$ | 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54122 |
| CM discriminant | -0x3b1404bc8f5f15293555dcc39830894cc2dfdc6427fbae62a82a40ae2f52f3533 |
Traits
| $\text{cofactor}()$ | |
|---|---|
| order | 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123 |
| cofactor | 0x1 |
| $\text{discriminant}()$ | |
| cm_disc | NO DATA (timed out) |
| factorization | NO DATA (timed out) |
| max_conductor | NO DATA (timed out) |
| $\text{twist_order}(deg=1)$ | |
| twist_cardinality | 0xffffffff0000000000000000000000008dfc2092de39fad6ac440bf6c62abedd |
| factorization | None |
| $\text{twist_order}(deg=2)$ | |
| twist_cardinality | 0xfffffffe00000000fffffffffffffffffffffffe00000003fffffffdfffffffc4ebfb4370a0ead6daaa233c47cf76b34d20239bd804519d57d5bf51d0ad0cacd |
| factorization | None |
| $\text{kn_factorization}(k=1)$ | |
| (+)factorization | ['0x2', '0x2', '0x61', '0x2135', '0x5f804ed', '0x2703a507', '0x91af075183f6b64ad', '0x9d3725254ba35e7e110369009dfb'] |
| (+)largest_factor_bitlen | 0x70 |
| (-)factorization | ['0x2', '0x3', '0x1e4f', '0x36e9', '0x543d32e5', '0x13f1f3759051c182b92c3ad803bf3cb6b53f7b1c01a44ac369'] |
| (-)largest_factor_bitlen | 0xc5 |
| $\text{kn_factorization}(k=2)$ | |
| (+)factorization | ['0x3', '0x13', '0xc41', '0x462ba913', '0x2ac9d1e0018d70283cdc4d2bc46aa02ba6ab953ec3499c6f4d125'] |
| (+)largest_factor_bitlen | 0xd2 |
| (-)factorization | ['0x5', '0xd', '0x35', '0xef', '0xb48b', '0x2b19ff9', '0xbe83d423d', '0x1cd30b03354ef9de571f114554e2b41e102a436e9'] |
| (-)largest_factor_bitlen | 0xa1 |
| $\text{kn_factorization}(k=3)$ | |
| (+)factorization | NO DATA (timed out) |
| (+)largest_factor_bitlen | - |
| (-)factorization | ['0x2', '0x2', '0x2', '0x7', '0x1777', '0x959f3c340a97e62339d7e74e7850508e9398f04fdb24dd00359d7458d92d'] |
| (-)largest_factor_bitlen | 0xf0 |
| $\text{kn_factorization}(k=4)$ | |
| (+)factorization | ['0x7', '0x301', '0x23205b', '0x162e9bfad0e41635cbf02cef211c4fe8b4719099277937a7fd5a8c451'] |
| (+)largest_factor_bitlen | 0xe1 |
| (-)factorization | ['0x3', '0x3', '0xb', '0x18ad', '0x1d89', '0x3ffb1e9', '0xe898cdee2a5908829d9922369f0a8d9730ed4d635add25b9cd'] |
| (-)largest_factor_bitlen | 0xc8 |
| $\text{kn_factorization}(k=5)$ | |
| (+)factorization | ['0x2', '0x2', '0x2', '0x2', '0x3', '0x3', '0x59', '0x13f7255', '0x147d67dbd8fcb3956f73b39d235fdc366decc93f6f461a8445517d0f'] |
| (+)largest_factor_bitlen | 0xdd |
| (-)factorization | ['0x2', '0x1f', '0x1ed913', '0x7a3c525', '0x7db4a0341', '0x2dabc04fb83c3db2a8f1fe5e3694ad4014f108ef237'] |
| (-)largest_factor_bitlen | 0xaa |
| $\text{kn_factorization}(k=6)$ | |
| (+)factorization | ['0x51b', '0x5ca9f37', '0x33f2932c335d0fe4bce369c66f607539fba3347e8a9d440d7cb6571f'] |
| (+)largest_factor_bitlen | 0xde |
| (-)factorization | ['0x11', '0x17d5', '0x9589', '0x1ab2b995', '0x22c3f3ae8cc5', '0x1ca472e0ace15ef7d4ec6b7bc38914d4f8ab98d'] |
| (-)largest_factor_bitlen | 0x99 |
| $\text{kn_factorization}(k=7)$ | |
| (+)factorization | ['0x2', '0xb', '0xd07c1ce5bb', '0x9cdd6a7345895a5', '0x10e6fbe0f7a0ea30803', '0x9a83c0fe308e47e33284d'] |
| (+)largest_factor_bitlen | 0x54 |
| (-)factorization | ['0x2', '0x2', '0x3', '0x5', '0xe86dbf', '0x20e541e2ec6241fc3e331c80ce397b36b767243ecce6c5bd844725518d'] |
| (-)largest_factor_bitlen | 0xe6 |
| $\text{kn_factorization}(k=8)$ | |
| (+)factorization | ['0x3', '0x5', '0x35f', '0x1e5db5', '0x19e8b01', '0x5c8069879', '0x2459d8e3eeb83293e7', '0x100da6148a8028075b3cf298b'] |
| (+)largest_factor_bitlen | 0x61 |
| (-)factorization | ['0xbfb4ae738dda58b', '0xaaedb81f3e2bb8d6aa831cf1f6989d9e6482eaf3a1d1ded425'] |
| (-)largest_factor_bitlen | 0xc8 |
| $\text{torsion_extension}(l=2)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{torsion_extension}(l=3)$ | |
| least | 0x8 |
| full | 0x8 |
| relative | 0x1 |
| $\text{torsion_extension}(l=5)$ | |
| least | 0xc |
| full | 0xc |
| relative | 0x1 |
| $\text{torsion_extension}(l=7)$ | |
| least | 0x2 |
| full | 0x6 |
| relative | 0x3 |
| $\text{torsion_extension}(l=11)$ | |
| least | 0x8 |
| full | 0x8 |
| relative | 0x1 |
| $\text{torsion_extension}(l=13)$ | |
| least | 0x38 |
| full | 0x38 |
| relative | 0x1 |
| $\text{torsion_extension}(l=17)$ | |
| least | 0x10 |
| full | 0x10 |
| relative | 0x1 |
| $\text{conductor}(deg=2)$ | |
| ratio_sqrt | 0x8dfc2093de39fad5ac440bf6c62abedd |
| factorization | ['0x2ba41', '0x68348a7d', '0x7fe2853008a9820b71a1'] |
| $\text{conductor}(deg=3)$ | |
| ratio_sqrt | 0xb1404bcbf5f15293555dcc39830894cc2dfdc6457fbae62782a40ae2f52f3536 |
| factorization | ['0x2', '0x5', '0x3d', '0x18a5a63', '0x304a25ac006585e23f9dde701a62037eb5d7f6a58c90c289d477bcb9'] |
| $\text{conductor}(deg=4)$ | |
| ratio_sqrt | 0xf04b1c2baebcc9df1c772fb9cd01321bfefa2758801e125282d0273204e629f9137cbd65f30427473b4afcba6bf044c1 |
| factorization | ['0x3', '0xb', '0x6d', '0x95', '0xa075', '0x2ba41', '0x68348a7d', '0x8362b905', '0x112a8057d', '0x4193a1451', '0x7fe2853008a9820b71a1', '0x2573fae0224804d9c6f80198f8e1d571'] |
| $\text{embedding}()$ | |
| embedding_degree_complement | 0x1 |
| complement_bit_length | 0x1 |
| $\text{class_number}()$ | |
| upper | NO DATA (timed out) |
| lower | NO DATA (timed out) |
| $\text{small_prime_order}(l=2)$ | |
| order | 0x55555554ffffffffffffffffffffffffd0abf523b5ecac63c693fc03134715b6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=3)$ | |
| order | 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54122 |
| complement_bit_length | 0x1 |
| $\text{small_prime_order}(l=5)$ | |
| order | 0x55555554ffffffffffffffffffffffffd0abf523b5ecac63c693fc03134715b6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=7)$ | |
| order | 0x7fffffff7fffffffffffffffffffffffb901efb590e30295a9ddfa049ceaa091 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=11)$ | |
| order | 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54122 |
| complement_bit_length | 0x1 |
| $\text{small_prime_order}(l=13)$ | |
| order | 0x55555554ffffffffffffffffffffffffd0abf523b5ecac63c693fc03134715b6 |
| complement_bit_length | 0x2 |
| $\text{division_polynomials}(l=2)$ | |
| factorization | [['0x3', '0x1']] |
| len | 0x1 |
| $\text{division_polynomials}(l=3)$ | |
| factorization | [['0x4', '0x1']] |
| len | 0x1 |
| $\text{division_polynomials}(l=5)$ | |
| factorization | [['0x6', '0x2']] |
| len | 0x1 |
| $\text{volcano}(l=2)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=3)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=5)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=7)$ | |
| crater_degree | 0x2 |
| depth | 0x0 |
| $\text{volcano}(l=11)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=13)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=17)$ | |
| crater_degree | 0x2 |
| depth | 0x0 |
| $\text{volcano}(l=19)$ | |
| crater_degree | 0x1 |
| depth | 0x0 |
| $\text{isogeny_extension}(l=2)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=3)$ | |
| least | 0x4 |
| full | 0x4 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=5)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=7)$ | |
| least | 0x1 |
| full | 0x6 |
| relative | 0x6 |
| $\text{isogeny_extension}(l=11)$ | |
| least | 0x4 |
| full | 0x4 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=13)$ | |
| least | 0xe |
| full | 0xe |
| relative | 0x1 |
| $\text{isogeny_extension}(l=17)$ | |
| least | 0x1 |
| full | 0x8 |
| relative | 0x8 |
| $\text{isogeny_extension}(l=19)$ | |
| least | 0x1 |
| full | 0x13 |
| relative | 0x13 |
| $\text{trace_factorization}(deg=1)$ | |
| trace | 0x8dfc2093de39fad5ac440bf6c62abedd |
| trace_factorization | ['0x2ba41', '0x68348a7d', '0x7fe2853008a9820b71a1'] |
| number_of_factors | 0x3 |
| $\text{trace_factorization}(deg=2)$ | |
| trace | 0x8dfc2093de39fad5ac440bf6c62abedd |
| trace_factorization | ['0x3', '0xb', '0x6d', '0x95', '0xa075', '0x8362b905', '0x112a8057d', '0x4193a1451', '0x2573fae0224804d9c6f80198f8e1d571'] |
| number_of_factors | 0x9 |
| $\text{isogeny_neighbors}(l=2)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=3)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=5)$ | |
| len | 0x0 |
| $\text{q_torsion}()$ | |
| Q_torsion | 0x1 |
| $\text{hamming_x}(weight=1)$ | |
| x_coord_count | 0x88 |
| expected | 0x80 |
| ratio | 0.94118 |
| $\text{hamming_x}(weight=2)$ | |
| x_coord_count | 0x3fea |
| expected | 0x3fc0 |
| ratio | 0.99743 |
| $\text{hamming_x}(weight=3)$ | |
| x_coord_count | 0x1519aa |
| expected | 0x151580 |
| ratio | 0.99923 |
| $\text{square_4p1}()$ | |
| p | 0x1 |
| order | 0x3 |
| $\text{pow_distance}()$ | |
| distance | 0x10000000000000000000000008dfc2094de39fad4ac440bf6c62abedd |
| ratio | 4294967295.0 |
| distance 32 | 0x3 |
| distance 64 | 0x1d |
| $\text{multiples_x}(k=1)$ | |
| Hx | 0x32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7 |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 0.99219 |
| $\text{multiples_x}(k=2)$ | |
| Hx | 0xa3721db9207e1c46e24f06ec2d2d4d785617828a72b72f62370952e0572e033 |
| bits | 0xfc |
| difference | 0x4 |
| ratio | 0.98438 |
| $\text{multiples_x}(k=3)$ | |
| Hx | 0xc66e16ba1a17ecdeaac388abe7b22de5f2954b1dc326f4e847be1057fb6206c0 |
| bits | 0x100 |
| difference | 0x0 |
| ratio | 1.0 |
| $\text{multiples_x}(k=4)$ | |
| Hx | 0xcbfed371295fab4c3c5657b79da0b1bacbb34fe577a3ec1c52966d194ac15278 |
| bits | 0x100 |
| difference | 0x0 |
| ratio | 1.0 |
| $\text{multiples_x}(k=5)$ | |
| Hx | 0x72936d2249f780f2f4a4a5d0fe1155c52284cad00a1bb942be0ccc8dd6e75d52 |
| bits | 0xff |
| difference | 0x1 |
| ratio | 0.99609 |
| $\text{multiples_x}(k=6)$ | |
| Hx | 0x89ae4b2ce5a9bc4abef06df3010f79ca1a355e6fbd7fe6700452d4ae2545d00f |
| bits | 0x100 |
| difference | 0x0 |
| ratio | 1.0 |
| $\text{multiples_x}(k=7)$ | |
| Hx | 0x20aa4df99dfaced12bdd381af34c6c5910918a2f91c4f6953adbe8412399c04b |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 0.99219 |
| $\text{multiples_x}(k=8)$ | |
| Hx | 0xf61cc37fb62855bf4c58d7f3dc1bbddc9c2b25fd266b0c0839c01f60ee9b1886 |
| bits | 0x100 |
| difference | 0x0 |
| ratio | 1.0 |
| $\text{multiples_x}(k=9)$ | |
| Hx | 0x20b13f360be9fe979282c1bfc956d0236a0488c874c41eee3087f4b6eab37670 |
| bits | 0xfe |
| difference | 0x2 |
| ratio | 0.99219 |
| $\text{multiples_x}(k=10)$ | |
| Hx | 0xcc79a380b0351c814820d01c5710f6cc58f77df321ff60c76c4b5ef604e0920b |
| bits | 0x100 |
| difference | 0x0 |
| ratio | 1.0 |
| $\text{x962_invariant}()$ | |
| r | 0x7282c84d47c04077f4fb2415dd3dd82a4535db2e642fb7281eef281ed5bee4d7 |
| $\text{brainpool_overlap}()$ | |
| o | -0x28e9fa9d9d9f5e344d5a9e4f |
| $\text{weierstrass}()$ | |
| a | 0xfffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc |
| b | 0x28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93 |