**EC Cryptography Tutorials - Herong's Tutorial Examples** - v1.03, by Herong Yang

Elliptic Curves Reduced by Modular Arithmetic

This section describes elliptic curves reduced by modular arithmetic of prime numbers. We can find lots of more integer points on those reduced elliptic curves.

From previous sections, we see that finding integer points on elliptic curves are difficult. For example, there are only 4 valid integer points on the elliptic curve of (a,b) = (1,4):

Elliptic curve: y^{2}= x^{3}+ x + 4 Integer points on the curve in the range of < (1000000, 31622303) (x, y) = (0, 2) (x, y) = (0, -2) (x, y) = (4128, 265222) (x, y) = (4128, -265222)

One way to increase the number of valid integer points is to relax the elliptic curve equation with the modular arithmetic reduction, which can be defined as:

Element Set: All P = (x,y), such that: y^{2}= x^{3}+ ax + b (mod p) where: a and b are integers p is a prime number 4a^{3}+ 27b^{2}!= 0 x and y are integers

Now let's see if we can find more integer points on this relaxed elliptic curve using (a,b) = (1,4) and p = 23 as an example:

Elliptic curve: y^{2}= x^{3}+ x + 4 (mod 23) Or let l be the left hand side value, and r be the right hand side value: l = y^{2}(mod 23) r = x^{3}+ x + 4 (mod 23) l = r

To find all integer points, we can use the following algorithm:

1. Build the y-to-l map to find all unique values for the left hand side l, using y in (0, 1, 2, ..., 22) only. Other values of y will not generate any new l values, because of the modular reduction of 23.

Possible values of l = y^{2}(mod 23): l = 0*0 mod 23 = 0 l = 1*1 mod 23 = 1 l = 2*2 mod 23 = 4 l = 3*3 mod 23 = 9 l = 4*4 mod 23 = 16 l = 5*5 mod 23 = 2 l = 6*6 mod 23 = 13 l = 7*7 mod 23 = 3 l = 8*8 mod 23 = 18 l = 9*9 mod 23 = 12 l = 10*10 mod 23 = 8 l = 11*11 mod 23 = 6 l = 12*12 mod 23 = 6 l = 13*13 mod 23 = 8 l = 14*14 mod 23 = 12 l = 15*15 mod 23 = 18 l = 16*16 mod 23 = 3 l = 17*17 mod 23 = 13 l = 18*18 mod 23 = 2 l = 19*19 mod 23 = 16 l = 20*20 mod 23 = 9 l = 21*21 mod 23 = 4 l = 22*22 mod 23 = 1

So, we have a list of unique l values of: 0, 1, 2, 3, 4, 6, 8, 9, 12, 13, 16, 18.

2. Build the x-to-r map to find all unique values for the left hand side r, using x in (0, 1, 2, ..., 22) only. Other values of x will not generate any new l values, because of the modular reduction of 23.

Possible values of r = x^{3}+ x + 4 (mod 23): r = (0*0*0 + 0 + 4 ) mod 23 = 4 r = (1*1*1 + 1 + 4 ) mod 23 = 6 r = (2*2*2 + 2 + 4 ) mod 23 = 14 r = (3*3*3 + 3 + 4 ) mod 23 = 11 r = (4*4*4 + 4 + 4 ) mod 23 = 3 r = (5*5*5 + 5 + 4 ) mod 23 = 19 r = (6*6*6 + 6 + 4 ) mod 23 = 19 r = (7*7*7 + 7 + 4 ) mod 23 = 9 r = (8*8*8 + 8 + 4 ) mod 23 = 18 r = (9*9*9 + 9 + 4 ) mod 23 = 6 r = (10*10*10 + 10 + 4 ) mod 23 = 2 r = (11*11*11 + 11 + 4 ) mod 23 = 12 r = (12*12*12 + 12 + 4 ) mod 23 = 19 r = (13*13*13 + 13 + 4 ) mod 23 = 6 r = (14*14*14 + 14 + 4 ) mod 23 = 2 r = (15*15*15 + 15 + 4 ) mod 23 = 13 r = (16*16*16 + 16 + 4 ) mod 23 = 22 r = (17*17*17 + 17 + 4 ) mod 23 = 12 r = (18*18*18 + 18 + 4 ) mod 23 = 12 r = (19*19*19 + 19 + 4 ) mod 23 = 5 r = (20*20*20 + 20 + 4 ) mod 23 = 20 r = (21*21*21 + 21 + 4 ) mod 23 = 17 r = (22*22*22 + 22 + 4 ) mod 23 = 2

So, we have a list of unique r values of: 2, 3, 4, 5, 6, 9, 11, 12, 13, 14, 17, 18, 19, 20, 22.

3. Find all common values of l and r:

Possible common values of l and r: l = r in {2, 3, 4, 6, 9, 12, 13, 18}

4. Find all integer points (x,y), where x and y in {0, 1, 2, ..., 22} for each common value of l = r using the y-to-l map and the x-to-r map:

For l = r = 2: (x, y) = (10, 5) (x, y) = (10, 18) (x, y) = (14, 5) (x, y) = (14, 18) (x, y) = (22, 5) (x, y) = (22, 18) For l = r = 3: (x, y) = (4, 7) (x, y) = (4, 16) For l = r = 4: (x, y) = (0, 2) (x, y) = (0, 21) For l = r = 6: (x, y) = (1, 11) (x, y) = (1, 12) (x, y) = (9, 11) (x, y) = (9, 12) (x, y) = (13, 11) (x, y) = (13, 12) For l = r = 9: (x, y) = (7, 3) (x, y) = (7, 20) For l = r = 12: (x, y) = (11, 9) (x, y) = (11, 14) (x, y) = (17, 9) (x, y) = (17, 14) (x, y) = (18, 9) (x, y) = (18, 14) For l = r = 13: (x, y) = (15, 6) (x, y) = (15, 17) For l = r = 18: (x, y) = (8, 8) (x, y) = (8, 15) Total of 28 points!

Comparing this results with previous tutorial, we can see that reduced elliptic curves have many more integer points than original elliptic curves.

Table of Contents

Geometric Introduction to Elliptic Curves

Algebraic Introduction to Elliptic Curves

Abelian Group and Elliptic Curves

Discrete Logarithm Problem (DLP)

Generators and Cyclic Subgroups

►Reduced Elliptic Curve Groups

Converting Elliptic Curve Groups

Elliptic Curves in Integer Space

Python Program for Integer Elliptic Curves

►Elliptic Curves Reduced by Modular Arithmetic

Python Program for Reduced Elliptic Curves

Point Pattern of Reduced Elliptic Curves

Integer Points of First Region as Element Set

Reduced Point Additive Operation

Modular Arithmetic Reduction on Rational Numbers

Reduced Point Additive Operation Improved

What Is Reduced Elliptic Curve Group

Reduced Elliptic Curve Group - E_{23}(1,4)

Reduced Elliptic Curve Group - E_{97}(-1,1)

Reduced Elliptic Curve Group - E_{127}(-1,3)

Reduced Elliptic Curve Group - E_{1931}(443,1045)

Finite Elliptic Curve Group, E_{q}(a,b), q = p^{n}

tinyec - Python Library for ECC

ECDH (Elliptic Curve Diffie-Hellman) Key Exchange

ECDSA (Elliptic Curve Digital Signature Algorithm)