DiSSECT
About
Curves
Standards
Overview
ANSI X9.62
SECG
Brainpool
NIST: FIPS 186
NUMS
ANSSI FRP256v1
OSCCA SM2
GOST R
IEEE P1363
Traits
Analysis
Paper
Slides
Curve detail
Description
Attribute
Value
Name
w-384-mont
Category
nums
Description
Original nums curve from https://eprint.iacr.org/2014/130.pdf
Field
Prime (27242793346725870392864805069239920482418413479970250235261124736529268568574243274298145027791523704776457633923071)
Field bits
384
Form
Weierstrass $y^2 = x^3 + ax + b$
Param $a$
27242793346725870392864805069239920482418413479970250235261124736529268568574243274298145027791523704776457633923068
Param $b$
27798
Order
27242793346725870392864805069239920482418413479970250235259423235120778003919452809303293004597311350022776641089211
Cofactor
1
$j$-invariant
9389810125085784038895999501913407890023434732219116309456633714446609786723521367379565147554179637873256505172542
Trace $t$
1701501408490564654790464994852023194212354753680992833861
Traits
Trait
cofactor: The order of the prime order subgroup and its cofactor
discriminant: Factorization of the discriminant of the Frobenius polynomial, i.e. factorization of $t^2-4p=v^2d_K$, where $t$ is the trace of Frobenius, $v$ is the maximal conductor and $d_K$ is the CM discriminant.
twist_order: Factorization of the quadratic twist cardinality in an extension, i.e. $\#E(\mathbb{F}_{p^d})$.
kn_factorization: Factorization of $kn \pm 1$ where $n$ is the cardinality of the curve.
torsion_extension: Degrees of field extensions containing the least nontrivial $l$-torsion, the full $l$-torsion and their relative degree of extension.
conductor: Factorization of ratio of the maximal conductors of CM-field over an extension and over a basefield.
embedding: The complement of the embedding degree, i.e. $(n-1)/e$ where $n$ is the prime-subgroup order and $e$ is the embedding degree.
class_number: Upper and lower bound for the class number of the CM-field.
small_prime_order: Multiplicative orders of small primes modulo the prime-subgroup order.
division_polynomials: Factorizations of small division polynomials.
volcano: Volcano depth and crater degree of the $l$-isogeny graph.
isogeny_extension: The least field extensions containing a nontrivial number and full number of $l$-isogenies and their relative ratio.
trace_factorization: Factorization of trace in field extensions.
isogeny_neighbors: Number of $j$-invariants adjacent to the curve by $l$-isogeny. This is the degree of the point in the $l$-isogeny graph.
q_torsion: Torsion order of the lift of $E$ to $Q$.
hamming_x: Number of points with low Hamming weight of the $x$-coordinate and the expected weight.
square_4p1: Square parts of $4q \pm 1$ and $4n \pm 1$.
pow_distance: Distance of $n$ from the nearest power of two and multiple of 32/64.
multiples_x: Bitlength of the $x$-coordinate of small inverted generator scalar multiples, i.e. $x$-coordinate of $P$ where $kP=G$. The difference and ratio to the bitlength of the whole group is also considered.
x962_invariant: Computation of $a^3/b^2$.
brainpool_overlap: Bit overlaps in curve coefficients
weierstrass: Coefficients of the curve in Weierstrass form
Params
Output
Result
Log-scale