Curve detail
Definition
| Name | ed-254-mont |
|---|---|
| Category | nums |
| Description | Original nums curve from https://eprint.iacr.org/2014/130.pdf |
| Field | Prime (0x3f80ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) |
| Field bits | 254 |
| Form | Twisted Edwards $ax^2 + y^2 = 1 + dx^2y^2$ |
| Param $a$ | 0x3f80fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe |
| Param $d$ | 0x367b |
Characteristics
| Order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c7 |
| Cofactor | 0x4 |
| $j$-invariant | 0x135d79329e6c7840748ca096d3644e5e5d2d035a88caa72ace76de9395aae67e |
| Trace $t$ | 0x51ab3e4dd0a7413c5430b004ee459ce4 |
| Embedding degree $k$ | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| CM discriminant | -0x38fd8c019db5e8239e76824dd27c2d3447010c3f833f3715e0b5058e873c553b |
Traits
| $\text{cofactor}()$ | |
|---|---|
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c7 |
| cofactor | 0x4 |
| $\text{discriminant}()$ | |
| cm_disc | -0x38fd8c019db5e8239e76824dd27c2d3447010c3f833f3715e0b5058e873c553b |
| factorization | ['0x2', '0x2', '0x67', '0x13f9', '0x15230350c2d', '0x4f6988719eb215207', '0x114e659212580ee93ebb8a2c058a41bcf'] |
| max_conductor | 0x2 |
| $\text{twist_order}(deg=1)$ | |
| twist_cardinality | 0x3f81000000000000000000000000000051ab3e4dd0a7413c5430b004ee459ce4 |
| factorization | None |
| $\text{twist_order}(deg=2)$ | |
| twist_cardinality | 0xfc0bf00ffffffffffffffffffffffffffffffffffffffffffffffffffffffff1c09cff989285f718625f6c8b60f4b2ee3fbcf01f30323a87d2be9c5e30eab14 |
| factorization | None |
| $\text{kn_factorization}(k=1)$ | |
| (+)factorization | ['0x3', '0x13', '0x13', '0x25', '0x130ab31', '0x9bc26b83f83', '0xa2780bba8aee85', '0x1409b937c071057', '0xb4760775d64c5e3'] |
| (+)largest_factor_bitlen | 0x3c |
| (-)factorization | ['0x61', '0x61', '0x690b', '0xc0c972917', '0x1a0e1cbd23', '0x2378c8829f5499', '0x18c7e434be9df3aa68ad8ec165'] |
| (-)largest_factor_bitlen | 0x65 |
| $\text{kn_factorization}(k=2)$ | |
| (+)factorization | ['0x7', '0x6d', '0x6d', '0x2d7', '0x70557c0b', '0x74c9078167', '0x8d8d3ed5794a9', '0x13e65eeac1aaa9f0fdb62947730d'] |
| (+)largest_factor_bitlen | 0x6d |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | NO DATA (timed out) |
| $\text{kn_factorization}(k=3)$ | |
| (+)factorization | ['0x5', '0x7d3', '0x1f536bc581f', '0xc7dde6ebc2bc19102b473385', '0x32f94a439cc2e52e2c87c98bed1'] |
| (+)largest_factor_bitlen | 0x6a |
| (-)factorization | ['0x3637', '0xb3609', '0xc0593db', '0x6d5379dcdccb', '0xfa122d405c1ee45cc9b88d671a8683f0f8315'] |
| (-)largest_factor_bitlen | 0x94 |
| $\text{kn_factorization}(k=4)$ | |
| (+)factorization | ['0x3', '0x3', '0x2f', '0x3d', '0x4f', '0x295', '0x329b1f5963236fbf5550e10d1f4326182e178b739d750026b8dc8a729'] |
| (+)largest_factor_bitlen | 0xe2 |
| (-)factorization | ['0x49', '0x9d', '0x1475', '0x34741', '0x15a87e14a8bcf18fdf34d530b3c719d35901a9981a5b51401231f7'] |
| (-)largest_factor_bitlen | 0xd5 |
| $\text{kn_factorization}(k=5)$ | |
| (+)factorization | NO DATA (timed out) |
| (+)largest_factor_bitlen | NO DATA (timed out) |
| (-)factorization | ['0x3', '0x3', '0x7', '0x8a13f', '0x770426d4f', '0xf051a09a5eeb1a393358f7', '0x15692647a517c5660d3ffd86c563'] |
| (-)largest_factor_bitlen | 0x6d |
| $\text{kn_factorization}(k=6)$ | |
| (+)factorization | ['0x71', '0x3235', '0x7a606a7', '0x23f74111b1c03d5ac681800bbf56f544eddd40f87d0d4e502d203'] |
| (+)largest_factor_bitlen | 0xd2 |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | NO DATA (timed out) |
| $\text{kn_factorization}(k=7)$ | |
| (+)factorization | ['0x3', '0xad', '0x1627d', '0x2bccf', '0x9d300d', '0x48aa4babcb', '0x35440e2f26715f', '0x63b0e1b25aef044360d1352f1'] |
| (+)largest_factor_bitlen | 0x63 |
| (-)factorization | ['0x5', '0x19d3d5', '0x32cff78353', '0x1157bc4df62c68faf07bcffdaa3b62efbcd646d48a2916aa69'] |
| (-)largest_factor_bitlen | 0xc5 |
| $\text{kn_factorization}(k=8)$ | |
| (+)factorization | NO DATA (timed out) |
| (+)largest_factor_bitlen | NO DATA (timed out) |
| (-)factorization | NO DATA (timed out) |
| (-)largest_factor_bitlen | NO DATA (timed out) |
| $\text{torsion_extension}(l=2)$ | |
| least | 0x1 |
| full | 0x2 |
| relative | 0x2 |
| $\text{torsion_extension}(l=3)$ | |
| least | 0x8 |
| full | 0x8 |
| relative | 0x1 |
| $\text{torsion_extension}(l=5)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{torsion_extension}(l=7)$ | |
| least | 0xc |
| full | 0xc |
| relative | 0x1 |
| $\text{torsion_extension}(l=11)$ | |
| least | 0xf |
| full | 0xf |
| relative | 0x1 |
| $\text{torsion_extension}(l=13)$ | |
| least | 0x18 |
| full | 0x18 |
| relative | 0x1 |
| $\text{torsion_extension}(l=17)$ | |
| least | 0x10 |
| full | 0x10 |
| relative | 0x1 |
| $\text{conductor}(deg=2)$ | |
| ratio_sqrt | 0x51ab3e4dd0a7413c5430b004ee459ce4 |
| factorization | ['0x2', '0x2', '0x7', '0xd', '0xd', '0xeeb89f', '0x2214445', '0x23978b76981e89ea5'] |
| $\text{conductor}(deg=3)$ | |
| ratio_sqrt | 0x2573300676d7a08e79da093749f0b4d11c0430fe0cfcdc5782d4163a1cf154ef |
| factorization | ['0x5', '0xb', '0xc5', '0x565', '0x135862316b5b59', '0x6e6897aa40ef7b', '0xe35901f75481bff', '0x5aac71252baabf25'] |
| $\text{conductor}(deg=4)$ | |
| ratio_sqrt | 0x2034cadff347fa99aade1faf2864dcd6f4be231e805f777c74e4b332945cb94d63d1de8b5410413229ca531dfed6abf8 |
| factorization | ['0x2', '0x2', '0x2', '0x3', '0x7', '0xd', '0xd', '0x3880bb', '0xeeb89f', '0x2214445', '0x2e39bd2310c45', '0x23978b76981e89ea5', '0x1a62e7733c6a079da0a408aaa3b775a20af4cbb420007b'] |
| $\text{embedding}()$ | |
| embedding_degree_complement | 0x1 |
| complement_bit_length | 0x1 |
| $\text{class_number}()$ | |
| upper | 0x1a6ca0f8cd3da213cb9b12f64afa5984a7 |
| lower | 0xd0b9f6 |
| $\text{small_prime_order}(l=2)$ | |
| order | None |
| complement_bit_length | None |
| $\text{small_prime_order}(l=3)$ | |
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=5)$ | |
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=7)$ | |
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=11)$ | |
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=13)$ | |
| order | 0xfe03fffffffffffffffffffffffffffeb95306c8bd62fb0eaf3d3fec46e98c6 |
| complement_bit_length | 0x2 |
| $\text{division_polynomials}(l=2)$ | |
| factorization | [['0x1', '0x1'], ['0x2', '0x1']] |
| len | 0x2 |
| $\text{division_polynomials}(l=3)$ | |
| factorization | [['0x4', '0x1']] |
| len | 0x1 |
| $\text{division_polynomials}(l=5)$ | |
| factorization | [['0x3', '0x4']] |
| len | 0x1 |
| $\text{volcano}(l=2)$ | |
| crater_degree | 0x0 |
| depth | 0x1 |
| $\text{volcano}(l=3)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=5)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=7)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=11)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=13)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=17)$ | |
| crater_degree | 0x2 |
| depth | 0x0 |
| $\text{volcano}(l=19)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{isogeny_extension}(l=2)$ | |
| least | 0x1 |
| full | 0x2 |
| relative | 0x2 |
| $\text{isogeny_extension}(l=3)$ | |
| least | 0x4 |
| full | 0x4 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=5)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=7)$ | |
| least | 0x2 |
| full | 0x2 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=11)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=13)$ | |
| least | 0x2 |
| full | 0x2 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=17)$ | |
| least | 0x1 |
| full | 0x8 |
| relative | 0x8 |
| $\text{isogeny_extension}(l=19)$ | |
| least | 0xa |
| full | 0xa |
| relative | 0x1 |
| $\text{trace_factorization}(deg=1)$ | |
| trace | 0x51ab3e4dd0a7413c5430b004ee459ce4 |
| trace_factorization | ['0x2', '0x2', '0x7', '0xd', '0xd', '0xeeb89f', '0x2214445', '0x23978b76981e89ea5'] |
| number_of_factors | 0x6 |
| $\text{trace_factorization}(deg=2)$ | |
| trace | 0x51ab3e4dd0a7413c5430b004ee459ce4 |
| trace_factorization | ['0x2', '0x3', '0x3880bb', '0x2e39bd2310c45', '0x1a62e7733c6a079da0a408aaa3b775a20af4cbb420007b'] |
| number_of_factors | 0x5 |
| $\text{isogeny_neighbors}(l=2)$ | |
| len | 0x1 |
| $\text{isogeny_neighbors}(l=3)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=5)$ | |
| len | 0x0 |
| $\text{q_torsion}()$ | |
| Q_torsion | 0x1 |
| $\text{hamming_x}(weight=1)$ | |
| x_coord_count | 0x75 |
| expected | 0x7f |
| ratio | 1.08547 |
| $\text{hamming_x}(weight=2)$ | |
| x_coord_count | 0x3f1e |
| expected | 0x3ec1 |
| ratio | 0.99424 |
| $\text{hamming_x}(weight=3)$ | |
| x_coord_count | 0x1499a6 |
| expected | 0x14977e |
| ratio | 0.99959 |
| $\text{square_4p1}()$ | |
| p | 0x1 |
| order | 0x61 |
| $\text{pow_distance}()$ | |
| distance | 0x7f000000000000000000000000000051ab3e4dd0a7413c5430b004ee459ce4 |
| ratio | 128.00787 |
| distance 32 | 0x4 |
| distance 64 | 0x1c |
| $\text{multiples_x}(k=1)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=2)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=3)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=4)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=5)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=6)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=7)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=8)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=9)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=10)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{x962_invariant}()$ | |
| r | 0xe896aa254d6afaa793b9c85565242d10b6a5b9f30a58b2bf57bb4a2b80c2c7d |
| $\text{brainpool_overlap}()$ | |
| o | -0x13f8ddb9ff6e2ae68e0ad194 |
| $\text{weierstrass}()$ | |
| a | 0x29fddf37e037052a961d42d02f179143e384c5cb2c350e827acd57a2c7e47162 |
| b | 0x202dec3c7a3b828955ef42f60c9f6898decb94ce5d3939e5538dc07cfbd7ebe8 |