Doubling a point on an elliptic curve
$begingroup$
I've a programming background and am just about to get into a project where Elliptic Curve Cryptography (ECC) is used. Although our libraries deal with the details I still like to do background reading so started with the ECC chapter of Understanding Cryptography. Everything was fine until I came upon this example of point doubling over $Z_{17}$:
I can't figure out how he gets $s$. For example the $(2cdot1)^{-1}(3cdot5^2+2)$ why does that evaluate to $2^{-1} cdot 9$? From looking at it I would have thought $(3cdot5^2+2)$ evaluates to $77$ so giving $2^{-1}cdot77$ or $77div2$ for the whole expression. Obviously the math doesn't work in the way I expect, is it something to do with the dot product not being normal multiplication? Or something else?
p.s. Sorry about formatting, I'm looking up how to do the Tex for the site now.
elliptic-curves
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
$endgroup$
|
show 3 more comments
$begingroup$
I've a programming background and am just about to get into a project where Elliptic Curve Cryptography (ECC) is used. Although our libraries deal with the details I still like to do background reading so started with the ECC chapter of Understanding Cryptography. Everything was fine until I came upon this example of point doubling over $Z_{17}$:
I can't figure out how he gets $s$. For example the $(2cdot1)^{-1}(3cdot5^2+2)$ why does that evaluate to $2^{-1} cdot 9$? From looking at it I would have thought $(3cdot5^2+2)$ evaluates to $77$ so giving $2^{-1}cdot77$ or $77div2$ for the whole expression. Obviously the math doesn't work in the way I expect, is it something to do with the dot product not being normal multiplication? Or something else?
p.s. Sorry about formatting, I'm looking up how to do the Tex for the site now.
elliptic-curves
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
$endgroup$
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
1
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
1
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
1
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44
|
show 3 more comments
$begingroup$
I've a programming background and am just about to get into a project where Elliptic Curve Cryptography (ECC) is used. Although our libraries deal with the details I still like to do background reading so started with the ECC chapter of Understanding Cryptography. Everything was fine until I came upon this example of point doubling over $Z_{17}$:
I can't figure out how he gets $s$. For example the $(2cdot1)^{-1}(3cdot5^2+2)$ why does that evaluate to $2^{-1} cdot 9$? From looking at it I would have thought $(3cdot5^2+2)$ evaluates to $77$ so giving $2^{-1}cdot77$ or $77div2$ for the whole expression. Obviously the math doesn't work in the way I expect, is it something to do with the dot product not being normal multiplication? Or something else?
p.s. Sorry about formatting, I'm looking up how to do the Tex for the site now.
elliptic-curves
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
$endgroup$
I've a programming background and am just about to get into a project where Elliptic Curve Cryptography (ECC) is used. Although our libraries deal with the details I still like to do background reading so started with the ECC chapter of Understanding Cryptography. Everything was fine until I came upon this example of point doubling over $Z_{17}$:
I can't figure out how he gets $s$. For example the $(2cdot1)^{-1}(3cdot5^2+2)$ why does that evaluate to $2^{-1} cdot 9$? From looking at it I would have thought $(3cdot5^2+2)$ evaluates to $77$ so giving $2^{-1}cdot77$ or $77div2$ for the whole expression. Obviously the math doesn't work in the way I expect, is it something to do with the dot product not being normal multiplication? Or something else?
p.s. Sorry about formatting, I'm looking up how to do the Tex for the site now.
elliptic-curves
elliptic-curves
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
edited Jun 27 '13 at 14:45
Peanut
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
asked Jun 27 '13 at 14:14
PeanutPeanut
15029
15029
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
1
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
1
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
1
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44
|
show 3 more comments
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
1
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
1
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
1
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
1
1
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
1
1
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
1
1
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44
|
show 3 more comments
1 Answer
1
active
oldest
votes
$begingroup$
All arithmetic is done modulo $17$, so
$$(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9bmod 17$$
is a congruence, not an equality in $mathbb{Q}$.
Moreover, $9cdot 9equiv 13 bmod 17$ because
$$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17,$$
or, equivalently,
$$9cdot 9equiv (-8)cdot (-8)equiv 64equiv 16cdot 4equiv -4equiv 13bmod 17.$$
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
$endgroup$
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "69"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f430836%2fdoubling-a-point-on-an-elliptic-curve%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
All arithmetic is done modulo $17$, so
$$(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9bmod 17$$
is a congruence, not an equality in $mathbb{Q}$.
Moreover, $9cdot 9equiv 13 bmod 17$ because
$$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17,$$
or, equivalently,
$$9cdot 9equiv (-8)cdot (-8)equiv 64equiv 16cdot 4equiv -4equiv 13bmod 17.$$
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
$endgroup$
add a comment |
$begingroup$
All arithmetic is done modulo $17$, so
$$(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9bmod 17$$
is a congruence, not an equality in $mathbb{Q}$.
Moreover, $9cdot 9equiv 13 bmod 17$ because
$$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17,$$
or, equivalently,
$$9cdot 9equiv (-8)cdot (-8)equiv 64equiv 16cdot 4equiv -4equiv 13bmod 17.$$
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
$endgroup$
add a comment |
$begingroup$
All arithmetic is done modulo $17$, so
$$(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9bmod 17$$
is a congruence, not an equality in $mathbb{Q}$.
Moreover, $9cdot 9equiv 13 bmod 17$ because
$$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17,$$
or, equivalently,
$$9cdot 9equiv (-8)cdot (-8)equiv 64equiv 16cdot 4equiv -4equiv 13bmod 17.$$
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
$endgroup$
All arithmetic is done modulo $17$, so
$$(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9bmod 17$$
is a congruence, not an equality in $mathbb{Q}$.
Moreover, $9cdot 9equiv 13 bmod 17$ because
$$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17,$$
or, equivalently,
$$9cdot 9equiv (-8)cdot (-8)equiv 64equiv 16cdot 4equiv -4equiv 13bmod 17.$$
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
answered Jun 27 '13 at 14:46
Álvaro Lozano-RobledoÁlvaro Lozano-Robledo
12.4k21839
12.4k21839
add a comment |
add a comment |
Thanks for contributing an answer to Mathematics Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f430836%2fdoubling-a-point-on-an-elliptic-curve%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
Are you familiar at all with modular arithmetic? $77=9$ in $mathbb{Z}_{17}$.
$endgroup$
– fretty
Jun 27 '13 at 14:21
1
$begingroup$
Yes, to be precise, the author should have written $(2cdot 1)^{-1}(3cdot 5^2+2)equiv 2^{-1}cdot 9 bmod 17$, and not just $=$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:23
$begingroup$
@ÁlvaroLozano-Robledo Thanks, can't believe it's that simple for that bit... So you have to apply the modulus operator the whole way through? So that bit is equivalent to $9cdot9$ because $9/2$ is 4.5 and $89mod17$ is 4 and you truncate in $Z$? Just not seeing how $9cdot9 = 13mod17$
$endgroup$
– Peanut
Jun 27 '13 at 14:35
1
$begingroup$
$9cdot 9 = 81 = 13 + 68 = 13 + 4cdot 17 equiv 13 bmod 17$.
$endgroup$
– Álvaro Lozano-Robledo
Jun 27 '13 at 14:39
1
$begingroup$
I asked nearly this identical question on Crypto crypto.stackexchange.com/questions/64456, and the answer there may also be worth looking at.
$endgroup$
– Brian M. Hunt
Dec 1 '18 at 13:44