GF(2^m) Elliptic Curve Calculator

	Help
Status
Entry
Stack
Stack Ops
Base	Binary Quaternary Octal Hexadecimal
Galois Field Ops

Reduction Polynomial
Coordinate System	Affine Projective Jacobian Lopez-Dahab
Elliptic Curve Ops
Elliptic Coefficient a₂'
Elliptic Coefficient a₆'
Storage
Storage Ops

Help

This Javascript applet performs binary extension Galois field and elliptic curve operations. Values are entered into the entry text box and pushed onto the stack. All operations are carried out via the stack. Values can also be saved in the storage area. Values are entered as scalars in the current base. Galois field operations can be carried out on scalars. Scalars can be assembled into points in the current coordinate system. Points are represented as comma separated values enclosed in parentheses. The point at infinity is represented as ∞. Elliptic curve operations can be performed on points.

Try the following examples from H. Cohen and G. Frey, Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman & Hall/CRC, 2006:

The following are examples of Galois Field operations. The base is hexadecimal. The reduction polynomial is 805:

Reduction: 2D4 = 11902B (mod 805)
Multiplication: A6A6 = 36 × 6F9
Inversion: 702 = 1 / 173

The following table gives examples of elliptic curve operations: point adding, doubling and scalar multiplication, using two points, P and Q, in each of the four coordinate systems. a₂' = 1 and a₆' = 1CC:

Coordinates	P	Q	P + Q	2 × P	2FB × P
Affine	(420, 5B3)	(4B8, 167)	(724, 7B3)	(14D, 4CB)	(84, 475)
Projective	(64F, 5BA, 1C9)	(4DD, 1F0, 3FA)	(675, 6D5, 4D5)	(4D5, 21E, 705)	(582, 14, 543)
Jacobian	(4DA, 1F7, 701)	(383, 5BA, 1E1)	(12, 46B, 5F)	(5B1, 417, 7D)	(2F7, 572, 3E2)
Lopez-Dahab	(6BE, 15F, 7B3)	(757, 3EF, 219)	(7C5, 1D2, 3D2)	(444, 4A0, 193)	(2F, 265, 220)

Status

Text box – gives diagnostic messages
Undo button – undo the last operation
Redo button – undo the undo button

Entry

The entry text box is only place where numbers can be entered. Select the entry text box and key in a number. Only digits and letters are allowed, depending on the current base. Values can be pasted from the clipboard or selected and copied to the clipboard.

Text box – the place to key in numbers in the current base
Push button – push the value in the entry text box onto the stack
Pop button – pop the last value from the stack into the entry text box

Stack

All operations are carried out via the stack. As in the old HP calculators, the accessible end of the stack is the bottom, so operands are pushed onto the stack and appear in their natural order when an operation is carried out. Values from the entry text box, variable text boxes and storage can be pushed onto and popped from the stack. For operations, operands are popped before and the result pushed afterward. A stack item must be selected in order to perform some stack operations.

Stack Ops

The stack operations rearrange items on the stack in order to get them into position for other operations, for which operands are popped from and results are pushed onto the bottom of the stack.

Drop – delete the last item from the bottom of the stack
Dup – duplicate the last item and push it onto the bottom of the stack
Swap – swap the last two items on the stack, reversing their order
Over – copy the second last item and pushes it onto the bottom of the stack
Rot – rotate the last three items, moving the third last item to the bottom of the stack
Pick – copy the currently selected stack item and pushes it onto the bottom of the stack
Roll – move the currently selected stack item to the bottom of the stack

Base

The numerical base is used to represent all values. When the base is changed, all values are changed, including the value in the entry text box. Positive numbers are represented without leading zeroes. Negative numbers are not allowed.

Binary – base 2
Quaternary – base 4
Octal – base 8
Hexadecimal – base 16

Galois Field Ops

Galois field operations are performed on values on the stack. Operands are popped from and the result is pushed onto the bottom of the stack. All operands and results are scalars, except as noted below. Most of these binary extension field operations depend on the reduction polynomial. The half-trace is as in Cohen & Frey, but with c & y reversed and using the smallest y.

Reduce – reduce the last value on the stack by the reduction polynomial
Add – add the last two values on the stack
Sqr – square the last value on the stack
Mul – multiply the last two values on the stack
→ Point – assemble the scalars on the bottom of the stack into a point in the current coordinate system
Inv – get the multiplicative inverse of the last value, producing a reduced result
Div – divide the last two values, by inverting the last number and multiplying by the second last
Sqrt – take the square root of the last value, producing a reduced result
Trace – compute trace of the last value, producing a reduced result
Half-Trace – compute half-trace of the last value, producing a reduced result

Reduction Polynomial

The reduction polynomial is used for Galois field operations. The value encoded here in the current base is the binary representation of the coefficients of the polynomial.

Text box – the encoded value of the reduction polynomial
Push button – push the value from the reduction polynomial text box onto the stack
Pop button – pop the last value from the stack into the reduction polynomial text box

Coordinate System

A point is represented as two or three scalars in the current coordinate system. In the affine system, a point is represented as (x, y); the other systems use (x, y, z), where z is a divisor for x and y. When the coordinate system is changed, all points are changed to equivalent values in the new system. This is carried out such that the z value is unaltered, except when converting to the affine system. The point at infinity is represented as ∞ regardless of the coordinate system.

Affine – (A_x, A_y): normal two-dimensional coordinate system
Projective – (P_x, P_y, P_z) = (z·A_x, z·A_y, z), z ≠ 0
Jacobian – (J_x, J_y, J_z) = (z²·A_x, z³·A_y, z), z ≠ 0
Lopez-Dahab – (LD_x, LD_y, LD_z) = (z·A_x, z²·A_y, z), z ≠ 0

Elliptic Curve Ops

Elliptic curve operations are performed on values on the stack. Operands are popped from and results are pushed onto the bottom of the stack. All operands and results are points, except as noted below. Most of these operations depend on elliptic curve parameters a₂' and a₆'. Points must lie on the elliptic curve defined by the Weierstrass equation simplified for characteristic two: y² + xy = x³ + a₂'x² + a₆'. Addition is defined according to the Group Law in which the sum of two points is the additive inverse of a third, colinear point. Underlying operations are performed in the binary extension Galois field, using the reduction polynomial.

∞ – push the point at infinity onto the bottom of the stack
Neg – get the additive inverse of the last value on the stack
Dbl – double the last value on the stack
Add – add the last two values on the stack
Mul – perform scalar multiplication where the second last value on the stack is the scalar and the last value is the point
→ Scalar – separate the point on the bottom of the stack into its component scalars in the current coordinate system

Elliptic Coefficient a₂'

Text box – the a₂' value used in elliptic curve operations
Push button – push the value in the a₂' text box onto the stack
Pop button – pop the last value from the stack into the a₂' text box

Elliptic Coefficient a₆'

Text box – the a₆' value used in elliptic curve operations
Push button – push the value in the a₆' text box onto the stack
Pop button – pop the last value from the stack into the a₆' text box

Storage

While all operations are performed via the stack, this storage area provides a place to put numbers, scalars and points, independent of the stack. A storage item or slot must be selected in order to perform storage operations. Note that there is an empty storage slot after the last full storage item. This empty slot may be selected to store a new item.

Storage Ops

The storage operations rearrange items in the storage area, and move them to the stack.

Del – delete the currently selected item
Move ↑ – move the currently selected item up one line
Move ↓ – move the currently selected item down one line
Push – push the currently selected storage item onto the stack
Pop – pop the last value from the stack to the currently selected storage slot

GF(2m) Elliptic Curve Calculator

GF(2^m) Elliptic Curve Calculator