EC Cryptography Tutorials - Herong's Tutorial Examples - Version 1.00, by Dr. Herong Yang
Reduced Point Additive Operation
This section describes what is the reduced point additive operation in algebraic format, which is the same as the original additive operation reduced by modular arithmetic of prime number p.
From the previous tutorial, we learned that the original additive operation based on the rule of chord operation failed to construct an Abelian group on a reduced elliptic curve.
Let's look at the algebraic equations for the additive operation presented earlier in the book again:
Original addition operation based rule of chord operation: For any two given points on the curve: P = (xP, yP) Q = (xQ, yQ) R = P + Q is a third point on the curve: R = (xR, yR) Where: xR = m2 - xP - xQ (8) yR = m(xP - xR) - yP (9) If P != Q, m is determined by: yP - yQ m = --------- (10) xP - xQ If P = Q, m is determined by: 3(xP)2 + a m = --------- (6) 2(yP)
The issue with this addition operation is that the resulting point R is not an integer point and it is not in the first region of [(0,0) ... (p-1,p-1)]!
One quick way to resolve the issue to apply the same modular arithmetic reduction as the reduced elliptic equation on coordinates (xR, yR) of the resulting point R. This will bring it into the first region as an integer point.
Reduced addition operation based rule of chord operation: For any two given points on the curve: P = (xP, yP) Q = (xQ, yQ) R = P + Q is a third point on the curve: R = (xR, yR) Where: xR = m2 - xP - xQ (mod p) (11) yR = m(xP - xR) - yP (mod p) (12) If P != Q, m is determined by: yP - yQ m = --------- (10) xP - xQ If P = Q, m is determined by: 3(xP)2 + a m = --------- (6) 2(yP)
If m is an integer, (xR, yR) of the resulting point R will be integers. Applying modular arithmetic reduction on integers is easy.
However, if m is rational number, (xR, yR) of the result point R will be rational numbers. Applying modular arithmetic reduction on rational numbers is tricky. We will discuss it in the next tutorial.
By the way, m will never be a true real number. Because P and Q are integer points and coefficients of the elliptic curve are integers. Equation (10) or (6) will only results to integers or rational numbers.
After reducing the resulting point to an integer point in the first region, we need to proof that it is still on the reduced elliptic curve. See next tutorials for more details.
Last update: 2019.
Table of Contents