DiSSECT
About
Curves
Standards
Overview
ANSI X9.62
SECG
Brainpool
NIST: FIPS 186
NUMS
ANSSI FRP256v1
OSCCA SM2
GOST R
IEEE P1363
Traits
Analysis
Paper
Slides
Curve detail
Description
Attribute
Value
Name
w-383-mers
Category
nums
Description
Original nums curve from https://eprint.iacr.org/2014/130.pdf
Field
Prime (19701003098197239606139520050071806902539869635232723333974146702122860885748605305707133127442457820403313995152987)
Field bits
383
Form
Weierstrass $y^2 = x^3 + ax + b$
Param $a$
19701003098197239606139520050071806902539869635232723333974146702122860885748605305707133127442457820403313995152984
Param $b$
97724
Order
19701003098197239606139520050071806902539869635232723333972032908904187686760616563249293103936710601848892201517983
Cofactor
1
$j$-invariant
11763417020248336900531851014528852113062851552345693728565095240611454671801552872415821277149082183594513817350077
Trace $t$
2113793218673198987988742457840023505747218554421793635005
Traits
Trait
cofactor: The order of the prime order subgroup and its cofactor
discriminant: Factorization of the discriminant of the Frobenius polynomial, i.e. factorization of $t^2-4p=v^2d_K$, where $t$ is the trace of Frobenius, $v$ is the maximal conductor and $d_K$ is the CM discriminant.
twist_order: Factorization of the quadratic twist cardinality in an extension, i.e. $\#E(\mathbb{F}_{p^d})$.
kn_factorization: Factorization of $kn \pm 1$ where $n$ is the cardinality of the curve.
torsion_extension: Degrees of field extensions containing the least nontrivial $l$-torsion, the full $l$-torsion and their relative degree of extension.
conductor: Factorization of ratio of the maximal conductors of CM-field over an extension and over a basefield.
embedding: The complement of the embedding degree, i.e. $(n-1)/e$ where $n$ is the prime-subgroup order and $e$ is the embedding degree.
class_number: Upper and lower bound for the class number of the CM-field.
small_prime_order: Multiplicative orders of small primes modulo the prime-subgroup order.
division_polynomials: Factorizations of small division polynomials.
volcano: Volcano depth and crater degree of the $l$-isogeny graph.
isogeny_extension: The least field extensions containing a nontrivial number and full number of $l$-isogenies and their relative ratio.
trace_factorization: Factorization of trace in field extensions.
isogeny_neighbors: Number of $j$-invariants adjacent to the curve by $l$-isogeny. This is the degree of the point in the $l$-isogeny graph.
q_torsion: Torsion order of the lift of $E$ to $Q$.
hamming_x: Number of points with low Hamming weight of the $x$-coordinate and the expected weight.
square_4p1: Square parts of $4q \pm 1$ and $4n \pm 1$.
pow_distance: Distance of $n$ from the nearest power of two and multiple of 32/64.
multiples_x: Bitlength of the $x$-coordinate of small inverted generator scalar multiples, i.e. $x$-coordinate of $P$ where $kP=G$. The difference and ratio to the bitlength of the whole group is also considered.
x962_invariant: Computation of $a^3/b^2$.
brainpool_overlap: Bit overlaps in curve coefficients
weierstrass: Coefficients of the curve in Weierstrass form
Params
Output
Result
Log-scale