DiSSECT
About
Curves
Standards
Overview
ANSI X9.62
SECG
Brainpool
NIST: FIPS 186
NUMS
ANSSI FRP256v1
OSCCA SM2
GOST R
IEEE P1363
Traits
Analysis
Paper
Slides
Curve detail
Description
Attribute
Value
Name
w-382-mont
Category
nums
Description
Original nums curve from https://eprint.iacr.org/2014/130.pdf
Field
Prime (9847495414592669296538061489872013099874893943953759017552568018617869215322155954045933029003296406261776120807423)
Field bits
382
Form
Weierstrass $y^2 = x^3 + ax + b$
Param $a$
9847495414592669296538061489872013099874893943953759017552568018617869215322155954045933029003296406261776120807420
Param $b$
-133746
Order
9847495414592669296538061489872013099874893943953759017550383744416438584990326265468648445809278578438674191167517
Cofactor
1
$j$-invariant
1193904783842132576461800304849826730280618418511274336391995846834170990765840242224465394003336793409392233750372
Trace $t$
2184274201430630331829688577284583194017827823101929639907
Traits
Trait
cofactor: The order of the prime order subgroup and its cofactor
discriminant: Factorization of the discriminant of the Frobenius polynomial, i.e. factorization of $t^2-4p=v^2d_K$, where $t$ is the trace of Frobenius, $v$ is the maximal conductor and $d_K$ is the CM discriminant.
twist_order: Factorization of the quadratic twist cardinality in an extension, i.e. $\#E(\mathbb{F}_{p^d})$.
kn_factorization: Factorization of $kn \pm 1$ where $n$ is the cardinality of the curve.
torsion_extension: Degrees of field extensions containing the least nontrivial $l$-torsion, the full $l$-torsion and their relative degree of extension.
conductor: Factorization of ratio of the maximal conductors of CM-field over an extension and over a basefield.
embedding: The complement of the embedding degree, i.e. $(n-1)/e$ where $n$ is the prime-subgroup order and $e$ is the embedding degree.
class_number: Upper and lower bound for the class number of the CM-field.
small_prime_order: Multiplicative orders of small primes modulo the prime-subgroup order.
division_polynomials: Factorizations of small division polynomials.
volcano: Volcano depth and crater degree of the $l$-isogeny graph.
isogeny_extension: The least field extensions containing a nontrivial number and full number of $l$-isogenies and their relative ratio.
trace_factorization: Factorization of trace in field extensions.
isogeny_neighbors: Number of $j$-invariants adjacent to the curve by $l$-isogeny. This is the degree of the point in the $l$-isogeny graph.
q_torsion: Torsion order of the lift of $E$ to $Q$.
hamming_x: Number of points with low Hamming weight of the $x$-coordinate and the expected weight.
square_4p1: Square parts of $4q \pm 1$ and $4n \pm 1$.
pow_distance: Distance of $n$ from the nearest power of two and multiple of 32/64.
multiples_x: Bitlength of the $x$-coordinate of small inverted generator scalar multiples, i.e. $x$-coordinate of $P$ where $kP=G$. The difference and ratio to the bitlength of the whole group is also considered.
x962_invariant: Computation of $a^3/b^2$.
brainpool_overlap: Bit overlaps in curve coefficients
weierstrass: Coefficients of the curve in Weierstrass form
Params
Output
Result
Log-scale