From 28b6046fcc5d98e4ef2db02c3ab62abb3b92e452 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Sun, 8 Sep 2019 16:23:57 +0100 Subject: [PATCH] Add Tweedledum/Tweedledee parameters. Signed-off-by: Daira Hopwood --- Ep/a | 1 + Ep/b | 1 + Ep/l | 1 + Ep/p | 1 + Ep/rigid | 1 + Ep/shape | 1 + Ep/x0 | 1 + Ep/x1 | 1 + Ep/y0 | 1 + Ep/y1 | 1 + Eq/a | 1 + Eq/b | 1 + Eq/l | 1 + Eq/p | 1 + Eq/rigid | 1 + Eq/shape | 1 + Eq/x0 | 1 + Eq/x1 | 1 + Eq/y0 | 1 + Eq/y1 | 1 + README.md | 45 ++++++++++++++++++++++++++------------------- 21 files changed, 46 insertions(+), 19 deletions(-) create mode 100644 Ep/a create mode 100644 Ep/b create mode 100644 Ep/l create mode 100644 Ep/p create mode 100644 Ep/rigid create mode 100644 Ep/shape create mode 100644 Ep/x0 create mode 100644 Ep/x1 create mode 100644 Ep/y0 create mode 100644 Ep/y1 create mode 100644 Eq/a create mode 100644 Eq/b create mode 100644 Eq/l create mode 100644 Eq/p create mode 100644 Eq/rigid create mode 100644 Eq/shape create mode 100644 Eq/x0 create mode 100644 Eq/x1 create mode 100644 Eq/y0 create mode 100644 Eq/y1 diff --git a/Ep/a b/Ep/a new file mode 100644 index 0000000..573541a --- /dev/null +++ b/Ep/a @@ -0,0 +1 @@ +0 diff --git a/Ep/b b/Ep/b new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/Ep/b @@ -0,0 +1 @@ +5 diff --git a/Ep/l b/Ep/l new file mode 100644 index 0000000..fdbe5f8 --- /dev/null +++ b/Ep/l @@ -0,0 +1 @@ +57896044618658097711785492504343953925989756877607147991657089165100807356417 diff --git a/Ep/p b/Ep/p new file mode 100644 index 0000000..6f14081 --- /dev/null +++ b/Ep/p @@ -0,0 +1 @@ +57896044618658097711785492504343953925989756877607163761872965584918954377217 diff --git a/Ep/rigid b/Ep/rigid new file mode 100644 index 0000000..c7175fb --- /dev/null +++ b/Ep/rigid @@ -0,0 +1 @@ +not rigid diff --git a/Ep/shape b/Ep/shape new file mode 100644 index 0000000..d045b22 --- /dev/null +++ b/Ep/shape @@ -0,0 +1 @@ +shortw diff --git a/Ep/x0 b/Ep/x0 new file mode 100644 index 0000000..3a2e3f4 --- /dev/null +++ b/Ep/x0 @@ -0,0 +1 @@ +-1 diff --git a/Ep/x1 b/Ep/x1 new file mode 100644 index 0000000..3a2e3f4 --- /dev/null +++ b/Ep/x1 @@ -0,0 +1 @@ +-1 diff --git a/Ep/y0 b/Ep/y0 new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/Ep/y0 @@ -0,0 +1 @@ +2 diff --git a/Ep/y1 b/Ep/y1 new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/Ep/y1 @@ -0,0 +1 @@ +2 diff --git a/Eq/a b/Eq/a new file mode 100644 index 0000000..573541a --- /dev/null +++ b/Eq/a @@ -0,0 +1 @@ +0 diff --git a/Eq/b b/Eq/b new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/Eq/b @@ -0,0 +1 @@ +5 diff --git a/Eq/l b/Eq/l new file mode 100644 index 0000000..6f14081 --- /dev/null +++ b/Eq/l @@ -0,0 +1 @@ +57896044618658097711785492504343953925989756877607163761872965584918954377217 diff --git a/Eq/p b/Eq/p new file mode 100644 index 0000000..fdbe5f8 --- /dev/null +++ b/Eq/p @@ -0,0 +1 @@ +57896044618658097711785492504343953925989756877607147991657089165100807356417 diff --git a/Eq/rigid b/Eq/rigid new file mode 100644 index 0000000..c7175fb --- /dev/null +++ b/Eq/rigid @@ -0,0 +1 @@ +not rigid diff --git a/Eq/shape b/Eq/shape new file mode 100644 index 0000000..d045b22 --- /dev/null +++ b/Eq/shape @@ -0,0 +1 @@ +shortw diff --git a/Eq/x0 b/Eq/x0 new file mode 100644 index 0000000..3a2e3f4 --- /dev/null +++ b/Eq/x0 @@ -0,0 +1 @@ +-1 diff --git a/Eq/x1 b/Eq/x1 new file mode 100644 index 0000000..3a2e3f4 --- /dev/null +++ b/Eq/x1 @@ -0,0 +1 @@ +-1 diff --git a/Eq/y0 b/Eq/y0 new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/Eq/y0 @@ -0,0 +1 @@ +2 diff --git a/Eq/y1 b/Eq/y1 new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/Eq/y1 @@ -0,0 +1 @@ +2 diff --git a/README.md b/README.md index 26b2e36..4653715 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,35 @@ -Jubjub supporting evidence --------------------------- +Tweedledum/Tweedledee supporting evidence +----------------------------------------- -This repository contains supporting evidence that the twisted Edwards curve --x^2 + y^2 = 1 - (10240/10241).x^2.y^2 of rational points over -GF(52435875175126190479447740508185965837690552500527637822603658699938581184513), -[also called "Jubjub"](https://z.cash/technology/jubjub.html), -satisfies the [SafeCurves criteria](https://safecurves.cr.yp.to/index.html). +This repository contains supporting evidence that the amicable pair of +prime-order curves: -The script ``verify.sage`` is based on -[this script from the SafeCurves site](https://safecurves.cr.yp.to/verify.html), -modified +* Ep : y^2 = x^3 + 5 over GF(p) of order q, called Tweedledum; +* Eq : y^2 = x^3 + 5 over GF(q) of order p, called Tweedledee; -* to support twisted Edwards curves; -* to generate a file 'primes' containing the primes needed for primality proofs, - if it is not already present; -* to change the directory in which Pocklington proof files are generated - (``proof/`` rather than ``../../../proof``), and to create that directory - if it does not exist. +with + +* p = 57896044618658097711785492504343953925989756877607163761872965584918954377217 +* q = 57896044618658097711785492504343953925989756877607147991657089165100807356417 + +satisfy *some* of the [SafeCurves criteria](https://safecurves.cr.yp.to/index.html). + +The criteria that are *not* satisfied are, in summary: + +* large CM discriminant (both curves have CM discriminant 3, as a consequence of how + they were constructed); +* completeness (complete formulae are possible, but not according to the Safe curves + criterion); +* ladder support (not possible for prime-order curves); +* Elligator 2 support (indistinguishability is possible using + [Elligator Squared](https://ifca.ai/pub/fc14/paper_25.pdf), but not using Elligator 2); +* twist security; +* rigidity. Prerequisites: * apt-get install sagemath * pip install sortedcontainers -Run ``sage verify.sage .``, or ``./run.sh`` to also print out the results. - -Note that the "rigidity" criterion cannot be checked automatically. +Run ``sage verify.sage Ep`` and ``sage verify.sage Eq``; or ``./run.sh`` to run both +and also print out the results.