BADA55-VR-256

256-bit prime field Weierstrass curve.

BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf

y^2 \equiv x^3 + ax + b

Parameters

Name	Value
p0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff	`0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff`
a0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc	`0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc`
b0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c	`0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c`
n0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91	`0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91`
h0x01	`0x01`

Sources

How to manipulate curve standards: a white paper for the black hat

Characteristics

Seed:
0x3adcc48e36f1d1926701417f101a75f000118a739d4686e77278325a825aa3c6
j-invariant:
53011694944572175249731922596414197672005972844972409667755097188583518525531
Trace of Frobenius:
426868306435604417333899392705351656559
Discriminant:
1213510910070433426369859440871031949676217484820401634187637795164186122186
Embedding degree:
4135431757512723170096337391050270483202116968173382492078561854148633792764
CM-discriminant:
-2321915750431602639951745777848759230392148833334080756496923484040850443763
Conductor:
11

SAGE

p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff
K = GF(p)
a = K(0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc)
b = K(0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c)
E = EllipticCurve(K, (a, b))
# No generator defined
E.set_order(0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91 * 0x01)

p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff
K = GF(p)
a = K(0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc)
b = K(0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c)
E = EllipticCurve(K, (a, b))
# No generator defined
E.set_order(0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91 * 0x01)

SAGE

PARI/GP

p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff
a = Mod(0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc, p)
b = Mod(0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c, p)
E = ellinit([a, b])
E[16][1] = 0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91 * 0x01
\\ No generator defined

p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff
a = Mod(0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc, p)
b = Mod(0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c, p)
E = ellinit([a, b])
E[16][1] = 0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91 * 0x01
\\ No generator defined

PARI/GP

JSON

{
  "name": "BADA55-VR-256",
  "desc": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
  "sources": [
    {
      "name": "How to manipulate curve standards: a white paper for the black hat",
      "url": "https://bada55.cr.yp.to/bada55-20150927.pdf"
    }
  ],
  "form": "Weierstrass",
  "field": {
    "type": "Prime",
    "p": "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
    "bits": 256
  },
  "params": {
    "a": {
      "raw": "0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"
    },
    "b": {
      "raw": "0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c"
    }
  },
  "order": "0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91",
  "cofactor": "0x01",
  "characteristics": {
    "seed": "0x3adcc48e36f1d1926701417f101a75f000118a739d4686e77278325a825aa3c6",
    "cm_disc": "-2321915750431602639951745777848759230392148833334080756496923484040850443763",
    "conductor": "11",
    "discriminant": "1213510910070433426369859440871031949676217484820401634187637795164186122186",
    "j_invariant": "53011694944572175249731922596414197672005972844972409667755097188583518525531",
    "embedding_degree": "4135431757512723170096337391050270483202116968173382492078561854148633792764",
    "trace_of_frobenius": "426868306435604417333899392705351656559"
  }
}

{
  "name": "BADA55-VR-256",
  "desc": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
  "sources": [
    {
      "name": "How to manipulate curve standards: a white paper for the black hat",
      "url": "https://bada55.cr.yp.to/bada55-20150927.pdf"
    }
  ],
  "form": "Weierstrass",
  "field": {
    "type": "Prime",
    "p": "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
    "bits": 256
  },
  "params": {
    "a": {
      "raw": "0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"
    },
    "b": {
      "raw": "0xbada55ecd8bbead3add6c534f92197deb47fceb9be7e0e702a8d1dd56b5d0b0c"
    }
  },
  "order": "0xffffffff00000000fffffffffffffffebedc2797003336661a49d76a903bdb91",
  "cofactor": "0x01",
  "characteristics": {
    "seed": "0x3adcc48e36f1d1926701417f101a75f000118a739d4686e77278325a825aa3c6",
    "cm_disc": "-2321915750431602639951745777848759230392148833334080756496923484040850443763",
    "conductor": "11",
    "discriminant": "1213510910070433426369859440871031949676217484820401634187637795164186122186",
    "j_invariant": "53011694944572175249731922596414197672005972844972409667755097188583518525531",
    "embedding_degree": "4135431757512723170096337391050270483202116968173382492078561854148633792764",
    "trace_of_frobenius": "426868306435604417333899392705351656559"
  }
}

JSON