# GF(2m) Elliptic Curve Calculator

 Help Status Entry Stack Stack Ops Base Binary Quaternary Octal Hexadecimal Galois Field Ops Reduction Polynomial Coordinate System Affine Projective Jacobian Lopez-Dahab Elliptic Curve Ops Elliptic Coefficient a2' Elliptic Coefficient a6' Storage Storage Ops

## Help

This Javascript applet performs binary extension Galois field and elliptic curve operations. Values are entered into the entry text box and pushed onto the stack. All operations are carried out via the stack. Values can also be saved in the storage area. Values are entered as scalars in the current base. Galois field operations can be carried out on scalars. Scalars can be assembled into points in the current coordinate system. Points are represented as comma separated values enclosed in parentheses. The point at infinity is represented as ∞. Elliptic curve operations can be performed on points.

Try the following examples from H. Cohen and G. Frey, Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman & Hall/CRC, 2006:

The following are examples of Galois Field operations. The base is hexadecimal. The reduction polynomial is 805:
• Reduction: 2D4 = 11902B (mod 805)
• Multiplication: A6A6 = 36 × 6F9
• Inversion: 702 = 1 / 173
The following table gives examples of elliptic curve operations: point adding, doubling and scalar multiplication, using two points, P and Q, in each of the four coordinate systems. a2' = 1 and a6' = 1CC:

 Coordinates P Q P + Q 2 × P 2FB × P Affine (420, 5B3) (4B8, 167) (724, 7B3) (14D, 4CB) (84, 475) Projective (64F, 5BA, 1C9) (4DD, 1F0, 3FA) (675, 6D5, 4D5) (4D5, 21E, 705) (582, 14, 543) Jacobian (4DA, 1F7, 701) (383, 5BA, 1E1) (12, 46B, 5F) (5B1, 417, 7D) (2F7, 572, 3E2) Lopez-Dahab (6BE, 15F, 7B3) (757, 3EF, 219) (7C5, 1D2, 3D2) (444, 4A0, 193) (2F, 265, 220)

### Status

• Text box – gives diagnostic messages
• Undo button – undo the last operation
• Redo button – undo the undo button

### Entry

The entry text box is only place where numbers can be entered. Select the entry text box and key in a number. Only digits and letters are allowed, depending on the current base. Values can be pasted from the clipboard or selected and copied to the clipboard.
• Text box – the place to key in numbers in the current base
• Push button – push the value in the entry text box onto the stack
• Pop button – pop the last value from the stack into the entry text box

### Stack

All operations are carried out via the stack. As in the old HP calculators, the accessible end of the stack is the bottom, so operands are pushed onto the stack and appear in their natural order when an operation is carried out. Values from the entry text box, variable text boxes and storage can be pushed onto and popped from the stack. For operations, operands are popped before and the result pushed afterward. A stack item must be selected in order to perform some stack operations.

### Stack Ops

The stack operations rearrange items on the stack in order to get them into position for other operations, for which operands are popped from and results are pushed onto the bottom of the stack.
• Drop – delete the last item from the bottom of the stack
• Dup – duplicate the last item and push it onto the bottom of the stack
• Swap – swap the last two items on the stack, reversing their order
• Over – copy the second last item and pushes it onto the bottom of the stack
• Rot – rotate the last three items, moving the third last item to the bottom of the stack
• Pick – copy the currently selected stack item and pushes it onto the bottom of the stack
• Roll – move the currently selected stack item to the bottom of the stack

### Base

The numerical base is used to represent all values. When the base is changed, all values are changed, including the value in the entry text box. Positive numbers are represented without leading zeroes. Negative numbers are not allowed.
• Binary – base 2
• Quaternary – base 4
• Octal – base 8

### Galois Field Ops

Galois field operations are performed on values on the stack. Operands are popped from and the result is pushed onto the bottom of the stack. All operands and results are scalars, except as noted below. Most of these binary extension field operations depend on the reduction polynomial. The half-trace is as in Cohen & Frey, but with c & y reversed and using the smallest y.
• Reduce – reduce the last value on the stack by the reduction polynomial
• Sqr – square the last value on the stack
• Mul – multiply the last two values on the stack
• → Point – assemble the scalars on the bottom of the stack into a point in the current coordinate system
• Inv – get the multiplicative inverse of the last value, producing a reduced result
• Div – divide the last two values, by inverting the last number and multiplying by the second last
• Sqrt – take the square root of the last value, producing a reduced result
• Trace – compute trace of the last value, producing a reduced result
• Half-Trace – compute half-trace of the last value, producing a reduced result

### Reduction Polynomial

The reduction polynomial is used for Galois field operations. The value encoded here in the current base is the binary representation of the coefficients of the polynomial.
• Text box – the encoded value of the reduction polynomial
• Push button – push the value from the reduction polynomial text box onto the stack
• Pop button – pop the last value from the stack into the reduction polynomial text box

### Coordinate System

A point is represented as two or three scalars in the current coordinate system. In the affine system, a point is represented as (x, y); the other systems use (x, y, z), where z is a divisor for x and y. When the coordinate system is changed, all points are changed to equivalent values in the new system. This is carried out such that the z value is unaltered, except when converting to the affine system. The point at infinity is represented as ∞ regardless of the coordinate system.
• Affine – (Ax, Ay): normal two-dimensional coordinate system
• Projective – (Px, Py, Pz) = (z·Ax, z·Ay, z), z ≠ 0
• Jacobian – (Jx, Jy, Jz) = (z²·Ax, z³·Ay, z), z ≠ 0
• Lopez-Dahab – (LDx, LDy, LDz) = (z·Ax, z²·Ay, z), z ≠ 0

### Elliptic Curve Ops

Elliptic curve operations are performed on values on the stack. Operands are popped from and results are pushed onto the bottom of the stack. All operands and results are points, except as noted below. Most of these operations depend on elliptic curve parameters a2' and a6'. Points must lie on the elliptic curve defined by the Weierstrass equation simplified for characteristic two: y² + xy = x³ + a2'x² + a6'. Addition is defined according to the Group Law in which the sum of two points is the additive inverse of a third, colinear point. Underlying operations are performed in the binary extension Galois field, using the reduction polynomial.
• ∞ – push the point at infinity onto the bottom of the stack
• Neg – get the additive inverse of the last value on the stack
• Dbl – double the last value on the stack
• Mul – perform scalar multiplication where the second last value on the stack is the scalar and the last value is the point
• → Scalar – separate the point on the bottom of the stack into its component scalars in the current coordinate system

### Elliptic Coefficient a2'

• Text box – the a2' value used in elliptic curve operations
• Push button – push the value in the a2' text box onto the stack
• Pop button – pop the last value from the stack into the a2' text box

### Elliptic Coefficient a6'

• Text box – the a6' value used in elliptic curve operations
• Push button – push the value in the a6' text box onto the stack
• Pop button – pop the last value from the stack into the a6' text box

### Storage

While all operations are performed via the stack, this storage area provides a place to put numbers, scalars and points, independent of the stack. A storage item or slot must be selected in order to perform storage operations. Note that there is an empty storage slot after the last full storage item. This empty slot may be selected to store a new item.

### Storage Ops

The storage operations rearrange items in the storage area, and move them to the stack.
• Del – delete the currently selected item
• Move ↑ – move the currently selected item up one line
• Move ↓ – move the currently selected item down one line
• Push – push the currently selected storage item onto the stack
• Pop – pop the last value from the stack to the currently selected storage slot