Models of Elliptic Curves

Similar documents
CORRESPONDENCE BETWEEN ELLIPTIC CURVES IN EDWARDS-BERNSTEIN AND WEIERSTRASS FORMS

Inverted Edwards coordinates

Edwards Curves and the ECM Factorisation Method

Edwards coordinates for elliptic curves, part 1

Addition laws on elliptic curves. D. J. Bernstein University of Illinois at Chicago. Joint work with: Tanja Lange Technische Universiteit Eindhoven

Side-channel attacks and countermeasures for curve based cryptography

Introduction to Arithmetic Geometry Fall 2013 Lecture #23 11/26/2013

Introduction to Arithmetic Geometry

Structure of elliptic curves and addition laws

Elliptic Curves and Public Key Cryptography (3rd VDS Summer School) Discussion/Problem Session I

A normal form for elliptic curves in characteristic 2

Comparison of Elliptic Curve and Edwards Curve

ECM using Edwards curves

Twisted Hessian curves

Elliptic curves - Edwards curves

Elliptic curves in Huff s model

A New Model of Binary Elliptic Curves with Fast Arithmetic

2004 ECRYPT Summer School on Elliptic Curve Cryptography

ECM using Edwards curves

Elliptic Curves and Public Key Cryptography

LECTURE 7, WEDNESDAY

Elliptic Curves Spring 2013 Lecture #12 03/19/2013

A note on López-Dahab coordinates

Hyperelliptic Curve Cryptography

Pairing computation on Edwards curves with high-degree twists

Performance evaluation of a new coordinate system for elliptic curves

Pairing Computation on Elliptic Curves of Jacobi Quartic Form

Elliptic curves. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J. Bernstein

Cyclic Groups in Cryptography

Elliptic curves and modularity

Twisted Jacobi Intersections Curves

Parameterization of Edwards curves on the rational field Q with given torsion subgroups. Linh Tung Vo

Elliptic Curves and the abc Conjecture

Public-key Cryptography: Theory and Practice

Starfish on Strike. University of Illinois at Chicago, Chicago, IL , USA

Topics in Number Theory: Elliptic Curves

Constructing genus 2 curves over finite fields

Elliptic curves over function fields 1

Algorithmic Number Theory in Function Fields

Abelian Varieties and Complex Tori: A Tale of Correspondence

PARAMETRIZATIONS FOR FAMILIES OF ECM-FRIENDLY CURVES

Public-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.

VARIETIES WITHOUT EXTRA AUTOMORPHISMS I: CURVES BJORN POONEN

THE MORDELL-WEIL THEOREM FOR Q

Elliptic Curves and Elliptic Functions

Hyperelliptic curves

Selecting Elliptic Curves for Cryptography Real World Issues

Background of Pairings

Faster Group Operations on Elliptic Curves

INVERTED BINARY EDWARDS COORDINATES (MAIRE MODEL OF AN ELLIPTIC CURVE)

Arithmetic Progressions on Algebraic Curves

Fast Point Multiplication on Elliptic Curves Without Precomputation

Quadratic points on modular curves

Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

arxiv: v1 [math.ag] 7 Apr 2015

Alternative Models: Infrastructure

Enumerating Curves of Genus 2 Over Finite Fields

LECTURE 2 FRANZ LEMMERMEYER

Twisted Edwards Curves Revisited

Elliptic Curves over Q

On the Torsion Subgroup of an Elliptic Curve

Elliptic Curves: An Introduction

Topics in Algebraic Geometry

The group law on elliptic curves

Elliptic Curves and Mordell s Theorem

Algebraic Curves and Riemann Surfaces

Common Divisors of Elliptic Divisibility Sequences over Function Fields

div(f ) = D and deg(d) = deg(f ) = d i deg(f i ) (compare this with the definitions for smooth curves). Let:

ELLIPTIC CURVES AND INTEGER FACTORIZATION

ALGEBRAIC GEOMETRY I, FALL 2016.

Faster pairing computation in Edwards coordinates

Fall 2004 Homework 7 Solutions

Rational Points on Curves

arxiv: v1 [math.nt] 31 Dec 2011

Lecture 2: Elliptic curves

Theorem 6.1 The addition defined above makes the points of E into an abelian group with O as the identity element. Proof. Let s assume that K is

Double-base scalar multiplication revisited

Efficient arithmetic on elliptic curves in characteristic 2

Efficient Arithmetic on Elliptic and Hyperelliptic Curves

Algebraic geometry codes

Addition in the Jacobian of non-hyperelliptic genus 3 curves and rationality of the intersection points of a line with a plane quartic

Elliptic Curve Triangle Parametrization

ECM at Work. Joppe W. Bos and Thorsten Kleinjung. Laboratory for Cryptologic Algorithms EPFL, Station 14, CH-1015 Lausanne, Switzerland 1 / 14

Elliptic and Hyperelliptic Curve Cryptography

(which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography)

THE JACOBIAN AND FORMAL GROUP OF A CURVE OF GENUS 2 OVER AN ARBITRARY GROUND FIELD E. V. Flynn, Mathematical Institute, University of Oxford

Periodic orbits of planar integrable birational maps.

Number Theory in Cryptology

2.1 Affine and Projective Coordinates

Complex Algebraic Geometry: Smooth Curves Aaron Bertram, First Steps Towards Classifying Curves. The Riemann-Roch Theorem is a powerful tool

Resolution of Singularities in Algebraic Varieties

Periodic continued fractions and elliptic curves over quadratic fields arxiv: v2 [math.nt] 25 Nov 2014

p-adic Analysis and Rational Points on Curves Christian Hokaj Advisor: Andrei Jorza

MOTIVIC ANALYTIC NUMBER THEORY

Arithmetic of Hyperelliptic Curves

Fully Deterministic ECM

Riemann s goal was to classify all complex holomorphic functions of one variable.

FIRST STEPS IN THE GEOMETRY OF CURVES

ABEL S THEOREM BEN DRIBUS

ON A FAMILY OF ELLIPTIC CURVES

Transcription:

Models of Elliptic Curves Daniel J. Bernstein Tanja Lange University of Illinois at Chicago and Technische Universiteit Eindhoven djb@cr.yp.to tanja@hyperelliptic.org 26.03.2009 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 1

Elliptic curves I Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. How to turn this into an equation? How to use this definition for computations involving elliptic curves? D. J. Bernstein & T. Lange Models of Elliptic Curves p. 2

Elliptic curves I Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. How to turn this into an equation? How to use this definition for computations involving elliptic curves? Use Riemann-Roch theorem! This implies l(d) deg(d) g + 1, with equality if deg(d) > 2g 2 where L(D) = {f K(C) div(f) D}, l(d) = dim(l(d)) and C/K is a curve of genus g. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 2

Elliptic curves I Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. How to turn this into an equation? How to use this definition for computations involving elliptic curves? Use Riemann-Roch theorem! This implies l(d) deg(d) g + 1, with equality if deg(d) > 2g 2= 2 1 2 = 0 where L(D) = {f K(C) div(f) D}, l(d) = dim(l(d)) and C/K is a curve of genus g. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 2

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, l(2p ) = deg(2p ) 1 + 1 = 2, x L(2P )\K, D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, l(2p ) = deg(2p ) 1 + 1 = 2, x L(2P )\K, l(3p ) = deg(3p ) 1 + 1 = 3, y L(3P )\L(2P ), D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, l(2p ) = deg(2p ) 1 + 1 = 2, x L(2P )\K, l(3p ) = deg(3p ) 1 + 1 = 3, y L(3P )\L(2P ), l(4p ) = 4, L(4P ) = 1, x, y, x 2, D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, l(2p ) = deg(2p ) 1 + 1 = 2, x L(2P )\K, l(3p ) = deg(3p ) 1 + 1 = 3, y L(3P )\L(2P ), l(4p ) = 4, L(4P ) = 1, x, y, x 2, l(5p ) = 5, L(5P ) = 1, x, y, x 2, xy, D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Elliptic curves II Geometric definition: An elliptic curve E/K is a smooth, projective curve of genus 1 with a K-rational point. Call this point P. Riemann-Roch theorem for g = 1 gives equality for deg(d) > 0, i.e. l(d) = deg(d) g + 1, and thus l(p ) = deg(p ) 1 + 1 = 1, l(2p ) = deg(2p ) 1 + 1 = 2, x L(2P )\K, l(3p ) = deg(3p ) 1 + 1 = 3, y L(3P )\L(2P ), l(4p ) = 4, L(4P ) = 1, x, y, x 2, l(5p ) = 5, L(5P ) = 1, x, y, x 2, xy, l(6p ) = 6, {1, x, y, x 2, xy, x 3, y 2 } are linearly dependent. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 3

Weierstrass form l(6p ) = 6, {1, x, y, x 2, xy, x 3, y 2 } are linearly dependent, i.e. there exist a 1, a 2, a 3, a 4, a 6 K with E : y 2 + (a 1 x + a 3 )y = x 3 + a 2 x 2 + a 4 x + a 6 so that the equation is nonsingular. (Can make equation monic in y 2 and x 3.) This form is called Weierstrass form and is the standard normal form of elliptic curves. Applications in cryptography, the elliptic curve method of factorization, elliptic curve primality proving, etc. use that points on curve form a group. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 4

Arithmetic on Weierstrass curves Divisor class group (of degree 0), i.e. divisors of degree 0 modulo principal divisors, is way to define a group from a given curve. Divisors are equivalent if they differ by a principal divisor. Turn the curve into an abelian group by using isomorphism between divisor class group and points. Each divisor class has representative P P or 0; assign point D + P, i.e. P P + P = P or 0 + P = P. Divisor class arithmetic translates to well-known geometric addition formulas. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 5

Chord-and-tangent method E : y 2 = x 3 + a 4 x + a 6, a i IF q Line y = λx + µ has slope P Q S λ = y Q y P x Q x P. Equating gives (λx + µ) 2 = x 3 + a 4 x + a 6. This equation has 3 solutions, the x-coordinates of P, Q and S, thus (x x P )(x x Q )(x x S ) = x 3 λ 2 x 2 + (a 4 2λµ)x + a 6 µ 2 x S = λ 2 x P x Q D. J. Bernstein & T. Lange Models of Elliptic Curves p. 6

Chord-and-tangent method E : y 2 = x 3 + a 4 x + a 6, a i IF q P Q P Q S Point P is on line, thus and y P = λx P + µ, i.e. µ = y P λx P, y S = λx S + µ = λx S + y P λx P = λ(x S x P ) + y P Point P Q has the same x-coordinate as S but negative y-coordinate: x P Q = λ 2 x P x Q, y P Q = λ(x P x P Q ) y P D. J. Bernstein & T. Lange Models of Elliptic Curves p. 6

Chord-and-tangent method E : y 2 = x 3 + a 4 x + a 6, a i IF q P [ 2]P Q P Q When doubling, use tangent at P. Compute slope λ via partial derivatives of curve equation: [2]P S λ = 3x2 P +a 4 2y P. Remaining computation identical to addition. x [2]P = λ 2 2x P, y [2]P = λ(x P x [2]P ) y P D. J. Bernstein & T. Lange Models of Elliptic Curves p. 6

Chord-and-tangent method P [ 2]P Q [2]P S E : y 2 = x 3 + a 4 x + a 6, a i IF q P Q Tangent at Q is vertical x = x Q. When adding P Q and S, connecting line is vertical. Third point online is P, a point infinitely far up on the y-axis: [2]Q = P ; (P Q) S = P. P P = P ; P P = P. P is neutral element; (x 1, y 1 ) = (x 1, y 1 ). D. J. Bernstein & T. Lange Models of Elliptic Curves p. 6

Chord-and-tangent method P [ 2]P Q [2]P S E : y 2 = x 3 + a 4 x + a 6, a i IF q P Q In general, for (x P, y P ) (x Q, y Q ): (x P, y P ) (x Q, y Q ) = = (x P Q, y P Q ) = = (λ 2 x P x Q, λ(x P x P Q ) y P ), where { (y Q y P )/(x Q x P ) if x P x Q, λ = (3x 2 P + a 4)/(2y P ) if P = Q... and all the other cases... P + P = P ; P + P = P ; P + P = P ; P + ( P ) = P. Total of 6 different cases. Not much better in projective coordinates. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 6

Jacobi quartic Other curve shapes C : Y 2 Z 2 = X 4 + 2aX 2 Z 2 + Z 4 sage: x,y,z = PolynomialRing(QQ, 3, names= x,y,z ).gens() sage: C = Curve(yˆ2*zˆ2-(xˆ4-4*xˆ2*zˆ2+zˆ4)) sage: C.geometric_genus() 1 sage: C.arithmetic_genus() 3 Point (0 : 1 : 1) C(K), so C birationally equivalent to elliptic curve. Affine part is nonsingular but point at infinity is singular. With (x, y) also (±x, ±y) on curve; nontrivial map. How to define group law? What other shapes are there? D. J. Bernstein & T. Lange Models of Elliptic Curves p. 7

Newton Polygons, odd characteristic Short Weierstrass y 2 = x 3 + ax + b Montgomery by 2 = x 3 + ax 2 + x Jacobi quartic y 2 = x 4 + 2ax 2 + 1 Hessian x 3 + y 3 + 1 = 3dxy Edwards x 2 + y 2 = 1 + dx 2 y 2 Number of integer points inside convex hull spanned by the exponents of the monomials gives the genus of the curve. All these curves generically have genus 1. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 8

Edwards curves because shape does matter Let k be a field with 2 0. Let d k with d 0, 1. Edwards curve: {(x, y) k k x 2 + y 2 = 1 + dx 2 y 2 } y Generalization covers more curves over k. Associative operation on most points (x 1, y 1 ) + (x 2, y 2 ) = (x 3, y 3 ) defined by Edwards addition law x x 3 = x 1y 2 + y 1 x 2 1 + dx 1 x 2 y 1 y 2 and y 3 = y 1y 2 x 1 x 2 1 dx 1 x 2 y 1 y 2. Neutral element is (0, 1). (x 1, y 1 ) = ( x 1, y 1 ). (0, 1) has order 2; (1, 0) and ( 1, 0) have order 4. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 9

Relationship to elliptic curves Every elliptic curve with point of order 4 is birationally equivalent to an Edwards curve. Let P 4 = (u 4, v 4 ) have order 4 and shift u s.t. 2P 4 = (0, 0). Then Weierstrass form: Define d = 1 (4u 3 4 /v2 4 ). v 2 = u 3 + (v 2 4/u 2 4 2u 4 )u 2 + u 2 4u. The coordinates x = v 4 u/(u 4 v), y = (u u 4 )/(u + u 4 ) satisfy x 2 + y 2 = 1 + dx 2 y 2. Inverse map u = u 4 (1 + y)/(1 y), v = v 4 u/(u 4 x). Finitely many exceptional points. Exceptional points have v(u + u 4 ) = 0. Addition on Edwards and Weierstrass corresponds. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 10

Nice features of the addition law Neutral element of addition law is affine point, this avoids special routines (for (0, 1) one of the inputs or the result). Addition law is symmetric in both inputs. ( ) x1 y 2 + y 1 x 2 y 1 y 2 x 1 x 2 P + Q =,. 1 + dx 1 x 2 y 1 y 2 1 dx 1 x 2 y 1 y 2 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 11

Nice features of the addition law Neutral element of addition law is affine point, this avoids special routines (for (0, 1) one of the inputs or the result). Addition law is symmetric in both inputs. ( ) x1 y 2 + y 1 x 2 y 1 y 2 x 1 x 2 P + Q =,. 1 + dx 1 x 2 y 1 y 2 1 dx 1 x 2 y 1 y 2 ( ) x1 y 1 + y 1 x 1 y 1 y 1 x 1 x 1 [2]P =,. 1 + dx 1 x 1 y 1 y 1 1 dx 1 x 1 y 1 y 1 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 11

Nice features of the addition law Neutral element of addition law is affine point, this avoids special routines (for (0, 1) one of the inputs or the result). Addition law is symmetric in both inputs. ( ) x1 y 2 + y 1 x 2 y 1 y 2 x 1 x 2 P + Q =,. 1 + dx 1 x 2 y 1 y 2 1 dx 1 x 2 y 1 y 2 ( ) x1 y 1 + y 1 x 1 y 1 y 1 x 1 x 1 [2]P =,. 1 + dx 1 x 1 y 1 y 1 1 dx 1 x 1 y 1 y 1 No reason that the denominators should be 0. Addition law produces correct result also for doubling. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 11

Nice features of the addition law Neutral element of addition law is affine point, this avoids special routines (for (0, 1) one of the inputs or the result). Addition law is symmetric in both inputs. ( ) x1 y 2 + y 1 x 2 y 1 y 2 x 1 x 2 P + Q =,. 1 + dx 1 x 2 y 1 y 2 1 dx 1 x 2 y 1 y 2 ( ) x1 y 1 + y 1 x 1 y 1 y 1 x 1 x 1 [2]P =,. 1 + dx 1 x 1 y 1 y 1 1 dx 1 x 1 y 1 y 1 No reason that the denominators should be 0. Addition law produces correct result also for doubling. Unified group operations! D. J. Bernstein & T. Lange Models of Elliptic Curves p. 11

Nice features of the addition law Neutral element of addition law is affine point, this avoids special routines (for (0, 1) one of the inputs or the result). Addition law is symmetric in both inputs. ( ) x1 y 2 + y 1 x 2 y 1 y 2 x 1 x 2 P + Q =,. 1 + dx 1 x 2 y 1 y 2 1 dx 1 x 2 y 1 y 2 ( ) x1 y 1 + y 1 x 1 y 1 y 1 x 1 x 1 [2]P =,. 1 + dx 1 x 1 y 1 y 1 1 dx 1 x 1 y 1 y 1 No reason that the denominators should be 0. Addition law produces correct result also for doubling. Unified group operations! Having addition law work for doubling removes some checks from the code. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 11

Complete addition law Points at infinity blow up minimally over k( d), so if d is not a square in k, then there are no points at infinity. If d is not a square, the only exceptional points of the birational equivalence are P corresponding to (0, 1) and (0, 0) corresponding to (0, 1). If d is not a square the denominators 1 + dx 1 x 2 y 1 y 2 and 1 dx 1 x 2 y 1 y 2 are never 0; addition law is complete. Edwards addition law allows omitting all checks Neutral element is affine point on curve. Addition works to add P and P. Addition works to add P and P. Addition just works to add P and any Q. Only complete addition law in the literature. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 12

Fast addition law Very fast point addition 10M + 1S + 1D. Even faster with Extended Edwards coordinates (Hisil et al.). Dedicated doubling formulas need only 3M + 4S. Fastest scalar multiplication in the literature. For comparison: IEEE standard P1363 provides the fastest arithmetic on elliptic curves by using Jacobian coordinates on Weierstrass curves. Point addition 12M + 4S. Doubling formulas need only 4M + 4S. For more curve shapes, better algorithms (even for Weierstrass curves) and many more operations (mixed addition, re-addition, tripling, scaling,... ) see www.hyperelliptic.org/efd and the following competition. D. J. Bernstein & T. Lange Models of Elliptic Curves p. 13

Starring... D. J. Bernstein & T. Lange Models of Elliptic Curves p. 14

Weierstrass curve y 2 = x 3 0.4x + 0.7 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 15

Weierstrass curve y 2 = x 3 0.4x + 0.7 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 16

Jacobi quartic x 2 = y 4 1.9y 2 + 1 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 17

Jacobi quartic x 2 = y 4 1.9y 2 + 1 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 18

Hessian curve x 3 y 3 + 1 = 0.3xy D. J. Bernstein & T. Lange Models of Elliptic Curves p. 19

Hessian curve x 3 y 3 + 1 = 0.3xy D. J. Bernstein & T. Lange Models of Elliptic Curves p. 20

Edwards curve x 2 + y 2 = 1 300x 2 y 2 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 21

Edwards curve x 2 + y 2 = 1 300x 2 y 2 D. J. Bernstein & T. Lange Models of Elliptic Curves p. 22

The race zoom on Weierstrass and Edwards D. J. Bernstein & T. Lange Models of Elliptic Curves p. 23

Weierstrass vs. Edwards I D. J. Bernstein & T. Lange Models of Elliptic Curves p. 24

Weierstrass vs. Edwards II D. J. Bernstein & T. Lange Models of Elliptic Curves p. 25

Weierstrass vs. Edwards III D. J. Bernstein & T. Lange Models of Elliptic Curves p. 26

Weierstrass vs. Edwards IV D. J. Bernstein & T. Lange Models of Elliptic Curves p. 27

Weierstrass vs. Edwards V D. J. Bernstein & T. Lange Models of Elliptic Curves p. 28

all competitors... D. J. Bernstein & T. Lange Models of Elliptic Curves p. 29

All competitors I D. J. Bernstein & T. Lange Models of Elliptic Curves p. 30

All competitors II D. J. Bernstein & T. Lange Models of Elliptic Curves p. 31

All competitors III D. J. Bernstein & T. Lange Models of Elliptic Curves p. 32

All competitors IV D. J. Bernstein & T. Lange Models of Elliptic Curves p. 33

All competitors V D. J. Bernstein & T. Lange Models of Elliptic Curves p. 34

Read the full story at: hyperelliptic.org/efd D. J. Bernstein & T. Lange Models of Elliptic Curves p. 35

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback