BADA55-VR-224

224-bit prime field Weierstrass curve.

BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf

y^2 \equiv x^3 + ax + b

Parameters

Name	Value
p0xffffffffffffffffffffffffffffffff000000000000000000000001	`0xffffffffffffffffffffffffffffffff000000000000000000000001`
a0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe	`0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe`
b0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e	`0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e`
n0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079	`0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079`
h0x01	`0x01`

Sources

How to manipulate curve standards: a white paper for the black hat

Characteristics

Seed:
0x3cc520e9434349df680a8f4bcadda648d693b2907b216ee55cb4853db68f9165
j-invariant:
11450457449819828946777336140389767534047289448477200563431370628766
Trace of Frobenius:
4923084803502059616306225508536201
Discriminant:
935864089427400871896117941325954830699778224086690880622369400880
Embedding degree:
3369993333393829974333376885877453218809139094745836479660569720335
CM-discriminant:
-83603022686129646234941616899021932478780905385709345662522537683123
Conductor:
1

SAGE

p = 0xffffffffffffffffffffffffffffffff000000000000000000000001
K = GF(p)
a = K(0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe)
b = K(0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e)
E = EllipticCurve(K, (a, b))
# No generator defined
E.set_order(0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079 * 0x01)

p = 0xffffffffffffffffffffffffffffffff000000000000000000000001
K = GF(p)
a = K(0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe)
b = K(0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e)
E = EllipticCurve(K, (a, b))
# No generator defined
E.set_order(0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079 * 0x01)

SAGE

PARI/GP

p = 0xffffffffffffffffffffffffffffffff000000000000000000000001
a = Mod(0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe, p)
b = Mod(0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e, p)
E = ellinit([a, b])
E[16][1] = 0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079 * 0x01
\\ No generator defined

p = 0xffffffffffffffffffffffffffffffff000000000000000000000001
a = Mod(0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe, p)
b = Mod(0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e, p)
E = ellinit([a, b])
E[16][1] = 0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079 * 0x01
\\ No generator defined

PARI/GP

JSON

{
  "name": "BADA55-VR-224",
  "desc": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
  "sources": [
    {
      "name": "How to manipulate curve standards: a white paper for the black hat",
      "url": "https://bada55.cr.yp.to/bada55-20150927.pdf"
    }
  ],
  "form": "Weierstrass",
  "field": {
    "type": "Prime",
    "p": "0xffffffffffffffffffffffffffffffff000000000000000000000001",
    "bits": 224
  },
  "params": {
    "a": {
      "raw": "0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe"
    },
    "b": {
      "raw": "0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e"
    }
  },
  "order": "0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079",
  "cofactor": "0x01",
  "characteristics": {
    "seed": "0x3cc520e9434349df680a8f4bcadda648d693b2907b216ee55cb4853db68f9165",
    "cm_disc": "-83603022686129646234941616899021932478780905385709345662522537683123",
    "conductor": "1",
    "discriminant": "935864089427400871896117941325954830699778224086690880622369400880",
    "j_invariant": "11450457449819828946777336140389767534047289448477200563431370628766",
    "embedding_degree": "3369993333393829974333376885877453218809139094745836479660569720335",
    "trace_of_frobenius": "4923084803502059616306225508536201"
  }
}

{
  "name": "BADA55-VR-224",
  "desc": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
  "sources": [
    {
      "name": "How to manipulate curve standards: a white paper for the black hat",
      "url": "https://bada55.cr.yp.to/bada55-20150927.pdf"
    }
  ],
  "form": "Weierstrass",
  "field": {
    "type": "Prime",
    "p": "0xffffffffffffffffffffffffffffffff000000000000000000000001",
    "bits": 224
  },
  "params": {
    "a": {
      "raw": "0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe"
    },
    "b": {
      "raw": "0xbada55ecfd9ca54c0738b8a6fb8cf4ccf84e916d83d6da1b78b622351e11ab4e"
    }
  },
  "order": "0xffffffffffffffffffffffffffff0d44ef1096b2b67b7a3dcee7b079",
  "cofactor": "0x01",
  "characteristics": {
    "seed": "0x3cc520e9434349df680a8f4bcadda648d693b2907b216ee55cb4853db68f9165",
    "cm_disc": "-83603022686129646234941616899021932478780905385709345662522537683123",
    "conductor": "1",
    "discriminant": "935864089427400871896117941325954830699778224086690880622369400880",
    "j_invariant": "11450457449819828946777336140389767534047289448477200563431370628766",
    "embedding_degree": "3369993333393829974333376885877453218809139094745836479660569720335",
    "trace_of_frobenius": "4923084803502059616306225508536201"
  }
}

JSON