Curve detail
Definition
| Name | w-254-mont |
|---|---|
| Category | nums |
| Description | Original nums curve from https://eprint.iacr.org/2014/130.pdf |
| Field | Prime (0x3f80ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) |
| Field bits | 254 |
| Form | Weierstrass $y^2 = x^3 + ax + b$ |
| Param $a$ | 0x3f80fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc |
| Param $b$ | -0x2f72 |
Characteristics
| Order | 0x3f80ffffffffffffffffffffffffffffeb818bea0da375c06fa419c4af8df83f |
| Cofactor | 0x1 |
| $j$-invariant | 0x241bdb147c4142e61d7b9951a5890233884e3b890c9b6933f01b832cb776362 |
| Trace $t$ | 0x147e7415f25c8a3f905be63b507207c1 |
| Embedding degree $k$ | 0xcb36666666666666666666666666666624d1bfb9c53e459afed9ec0efe931a6 |
| CM discriminant | -0xfc5fff6617e311c874f4297b4c0b5f269ab3a1cac911feec4904296677dfe07b |
Traits
| $\text{cofactor}()$ | |
|---|---|
| order | 0x3f80ffffffffffffffffffffffffffffeb818bea0da375c06fa419c4af8df83f |
| cofactor | 0x1 |
| $\text{discriminant}()$ | |
| cm_disc | -0xfc5fff6617e311c874f4297b4c0b5f269ab3a1cac911feec4904296677dfe07b |
| factorization | ['0x7', '0x3b', '0xbbff7', '0x56ed308d', '0x2735a0963c47f995916ae583e16403e6c3dfb4c9093a59a345'] |
| max_conductor | 0x1 |
| $\text{twist_order}(deg=1)$ | |
| twist_cardinality | 0x3f810000000000000000000000000000147e7415f25c8a3f905be63b507207c1 |
| factorization | None |
| $\text{twist_order}(deg=2)$ | |
| twist_cardinality | 0xfc0bf00ffffffffffffffffffffffffffffffffffffffffffffffffffffffff03a00099e81cee378b0bd684b3f4a0d9654c5e3536ee0113b6fbd69988201f85 |
| factorization | None |
| $\text{kn_factorization}(k=1)$ | |
| (+)factorization | ['0x2', '0x2', '0x2', '0x2', '0x2', '0x2', '0xcd857bb', '0xacd9b459', '0x29ab55d7718e45', '0x1cd9a8b1a7707ded', '0x63ca4594a554a3589ab'] |
| (+)largest_factor_bitlen | 0x4b |
| (-)factorization | ['0x2', '0x3', '0x5', '0xb', '0x732b27f', '0x6d812e8142ac0506f0754dbd83650dca2565b6ae64964eb4416c60d'] |
| (-)largest_factor_bitlen | 0xdb |
| $\text{kn_factorization}(k=2)$ | |
| (+)factorization | ['0x3', '0x3', '0x29', '0x63d9', '0xac27', '0x4322e1e9', '0x8eb1df657b', '0x43d99a0980e9', '0x65a8472eb8d9', '0x554c4cdff21d1b'] |
| (+)largest_factor_bitlen | 0x37 |
| (-)factorization | ['0x7', '0xd', '0x1d', '0x15b', '0x557', '0x23fb6f', '0x8ebbddff9', '0x15b88f8ca0a498b5643776d6772374e1514b8fb2959'] |
| (-)largest_factor_bitlen | 0xa9 |
| $\text{kn_factorization}(k=3)$ | |
| (+)factorization | ['0x2', '0x49d50ad1f8bffe1', '0x14a48618ca8cd7bd814766833f2f43e5c228cbacdab1f07c3f'] |
| (+)largest_factor_bitlen | 0xc5 |
| (-)factorization | ['0x2', '0x2', '0x2f', '0x125', '0x2e3', '0x4e84b8ba4f86c3523629ad42c6a89d2376c17fa917f7e8190ffbbd132f'] |
| (-)largest_factor_bitlen | 0xe7 |
| $\text{kn_factorization}(k=4)$ | |
| (+)factorization | ['0x5', '0x4006f9', '0xbca2125', '0x5278c0fd', '0x9a05300de45029', '0x58e477a0b85d123e9a010a811247a9'] |
| (+)largest_factor_bitlen | 0x77 |
| (-)factorization | ['0x3', '0x74b', '0x9ba21a8dd', '0x430dcb422bf', '0x6ea49f00c26251', '0xa8b221f82592bce37920d5410259'] |
| (-)largest_factor_bitlen | 0x70 |
| $\text{kn_factorization}(k=5)$ | |
| (+)factorization | ['0x2', '0x2', '0x3', '0x7', '0x25cf2069268f', '0x4bbb8cb173711', '0x5683ddc60f7365bc13741e394d6e126ba6fecad'] |
| (+)largest_factor_bitlen | 0x9b |
| (-)factorization | ['0x2', '0x13', '0xca375', '0xa9403ef43b2e4f8bd3d683c5bb20c1fb1850174c23944878f10912a573'] |
| (-)largest_factor_bitlen | 0xe8 |
| $\text{kn_factorization}(k=6)$ | |
| (+)factorization | ['0x1d661d6c241c75', '0xcf5e17a1ca4519b2da594c10edee6fa41726a516dab8f75382f'] |
| (+)largest_factor_bitlen | 0xcc |
| (-)factorization | ['0x5', '0x11', '0x18b9', '0xe595f1a31019229', '0x33c1e6e1128a3fe713f6d7170db4f5d0840df943bf475'] |
| (-)largest_factor_bitlen | 0xb2 |
| $\text{kn_factorization}(k=7)$ | |
| (+)factorization | ['0x2', '0x43', '0x49', '0x17b', '0x283', '0x6b59', '0x1d80c81', '0x9414067', '0x58332fc1', '0xd04303ed3', '0x136732b89e8b', '0x14946ae87e629'] |
| (+)largest_factor_bitlen | 0x31 |
| (-)factorization | ['0x2', '0x2', '0x2', '0x3', '0x3', '0x3', '0x2e1d342991a317', '0x15b72abfe1f4715', '0x86af87e8cd193bd34d1f4992dd318df1ea7'] |
| (-)largest_factor_bitlen | 0x8c |
| $\text{kn_factorization}(k=8)$ | |
| (+)factorization | ['0x3', '0x89', '0x1ec07', '0x338e6de3', '0x33184712edb84faab4fcc03073564062fadf9f99993e8fb8c6f'] |
| (+)largest_factor_bitlen | 0xca |
| (-)factorization | ['0xe5', '0x943', '0x6fed1', '0x30b3841733', '0x406700e925f9dd26c62a7', '0xb728efc8faaa136fdfa136895'] |
| (-)largest_factor_bitlen | 0x64 |
| $\text{torsion_extension}(l=2)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{torsion_extension}(l=3)$ | |
| least | 0x8 |
| full | 0x8 |
| relative | 0x1 |
| $\text{torsion_extension}(l=5)$ | |
| least | 0x6 |
| full | 0x6 |
| relative | 0x1 |
| $\text{torsion_extension}(l=7)$ | |
| least | 0x6 |
| full | 0x7 |
| relative | 0x1 |
| $\text{torsion_extension}(l=11)$ | |
| least | 0x5 |
| full | 0x5 |
| relative | 0x1 |
| $\text{torsion_extension}(l=13)$ | |
| least | 0x18 |
| full | 0x18 |
| relative | 0x1 |
| $\text{torsion_extension}(l=17)$ | |
| least | 0x18 |
| full | 0x18 |
| relative | 0x1 |
| $\text{conductor}(deg=2)$ | |
| ratio_sqrt | 0x147e7415f25c8a3f905be63b507207c1 |
| factorization | ['0xd', '0x49', '0x513b24d790687', '0x116c3bbaf7caeebfb'] |
| $\text{conductor}(deg=3)$ | |
| ratio_sqrt | 0x3ddcff6617e311c874f4297b4c0b5f269ab3a1cac911feec4904296677dfe07e |
| factorization | ['0x2', '0x5', '0x11', '0xb3', '0x853b92f46801e642c588621635c4de382fae2d03cb743465a2739a5c7031'] |
| $\text{conductor}(deg=4)$ | |
| ratio_sqrt | 0xa094511053de2435b41ee1728c2e21d69e845624a67313a74175a131d577da77c5336a3629d3cdb7f14662f8695a93d |
| factorization | ['0x3', '0xd', '0x49', '0x102b', '0x3d2b7ed78f84b', '0x513b24d790687', '0x116c3bbaf7caeebfb', '0xad12af1dea2f4d66f2bc104f57f9cc1ce1f2a3b684bfe1d7'] |
| $\text{embedding}()$ | |
| embedding_degree_complement | 0x5 |
| complement_bit_length | 0x3 |
| $\text{class_number}()$ | |
| upper | 0x3813ae3ecb9accb14bc3cc8bc4b1347a43 |
| lower | 0x4d276b |
| $\text{small_prime_order}(l=2)$ | |
| order | 0x659b33333333333333333333333333331268dfdce29f22cd7f6cf6077f498d3 |
| complement_bit_length | 0x4 |
| $\text{small_prime_order}(l=3)$ | |
| order | 0x3f80ffffffffffffffffffffffffffffeb818bea0da375c06fa419c4af8df83e |
| complement_bit_length | 0x1 |
| $\text{small_prime_order}(l=5)$ | |
| order | 0x659b33333333333333333333333333331268dfdce29f22cd7f6cf6077f498d3 |
| complement_bit_length | 0x4 |
| $\text{small_prime_order}(l=7)$ | |
| order | 0x152afffffffffffffffffffffffffffff92b2ea359e127402536b3418fd9fd6a |
| complement_bit_length | 0x2 |
| $\text{small_prime_order}(l=11)$ | |
| order | 0xcb36666666666666666666666666666624d1bfb9c53e459afed9ec0efe931a6 |
| complement_bit_length | 0x3 |
| $\text{small_prime_order}(l=13)$ | |
| order | 0x5c5e8ba2e8ba2e8ba2e8ba2e8ba2e8ba10bc6e6bb6bf36e95c9199d8452b97a |
| complement_bit_length | 0x4 |
| $\text{division_polynomials}(l=2)$ | |
| factorization | [['0x3', '0x1']] |
| len | 0x1 |
| $\text{division_polynomials}(l=3)$ | |
| factorization | [['0x4', '0x1']] |
| len | 0x1 |
| $\text{division_polynomials}(l=5)$ | |
| factorization | [['0x3', '0x4']] |
| len | 0x1 |
| $\text{volcano}(l=2)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=3)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=5)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=7)$ | |
| crater_degree | 0x1 |
| depth | 0x0 |
| $\text{volcano}(l=11)$ | |
| crater_degree | 0x2 |
| depth | 0x0 |
| $\text{volcano}(l=13)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=17)$ | |
| crater_degree | 0x0 |
| depth | 0x0 |
| $\text{volcano}(l=19)$ | |
| crater_degree | 0x2 |
| depth | 0x0 |
| $\text{isogeny_extension}(l=2)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=3)$ | |
| least | 0x4 |
| full | 0x4 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=5)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=7)$ | |
| least | 0x1 |
| full | 0x7 |
| relative | 0x7 |
| $\text{isogeny_extension}(l=11)$ | |
| least | 0x1 |
| full | 0x5 |
| relative | 0x5 |
| $\text{isogeny_extension}(l=13)$ | |
| least | 0x2 |
| full | 0x2 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=17)$ | |
| least | 0x3 |
| full | 0x3 |
| relative | 0x1 |
| $\text{isogeny_extension}(l=19)$ | |
| least | 0x1 |
| full | 0x9 |
| relative | 0x9 |
| $\text{trace_factorization}(deg=1)$ | |
| trace | 0x147e7415f25c8a3f905be63b507207c1 |
| trace_factorization | ['0xd', '0x49', '0x513b24d790687', '0x116c3bbaf7caeebfb'] |
| number_of_factors | 0x4 |
| $\text{trace_factorization}(deg=2)$ | |
| trace | 0x147e7415f25c8a3f905be63b507207c1 |
| trace_factorization | ['0x3', '0x102b', '0x3d2b7ed78f84b', '0xad12af1dea2f4d66f2bc104f57f9cc1ce1f2a3b684bfe1d7'] |
| number_of_factors | 0x4 |
| $\text{isogeny_neighbors}(l=2)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=3)$ | |
| len | 0x0 |
| $\text{isogeny_neighbors}(l=5)$ | |
| len | 0x0 |
| $\text{q_torsion}()$ | |
| Q_torsion | 0x1 |
| $\text{hamming_x}(weight=1)$ | |
| x_coord_count | 0x81 |
| expected | 0x7f |
| ratio | 0.9845 |
| $\text{hamming_x}(weight=2)$ | |
| x_coord_count | 0x3fa4 |
| expected | 0x3ec1 |
| ratio | 0.98607 |
| $\text{hamming_x}(weight=3)$ | |
| x_coord_count | 0x149cca |
| expected | 0x14977e |
| ratio | 0.999 |
| $\text{square_4p1}()$ | |
| p | 0x1 |
| order | 0x1 |
| $\text{pow_distance}()$ | |
| distance | 0x7f0000000000000000000000000000147e7415f25c8a3f905be63b507207c1 |
| ratio | 128.00787 |
| distance 32 | 0x1 |
| distance 64 | 0x1 |
| $\text{multiples_x}(k=1)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=2)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=3)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=4)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=5)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=6)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=7)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=8)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=9)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{multiples_x}(k=10)$ | |
| Hx | None |
| bits | None |
| difference | None |
| ratio | None |
| $\text{x962_invariant}()$ | |
| r | 0x257b46b4007528497a9d0fc152d5bed262c2a58eb7f26dd99a8e09ff2b9a21 |
| $\text{brainpool_overlap}()$ | |
| o | 0x1ffffffffffffffffffffffd |
| $\text{weierstrass}()$ | |
| a | 0x3f80fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc |
| b | -0x2f72 |