Join Log in
Score:0
avatar Crypto

Practical check the point is on the Curve

cn flag
Renard

The curve I am using is secp256r1. Its formulae is

$y^2 == x^3 + a\cdot x + b$

$a$ = 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc (115792089210356248762697446949407573530086143415290314195533631308867097853948)

$b$ = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b (41058363725152142129326129780047268409114441015993725554835256314039467401291)

And I am checking the base point $G$:

$G_x$ = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 (48439561293906451759052585252797914202762949526041747995844080717082404635286)

$G_y$ = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 (36134250956749795798585127919587881956611106672985015071877198253568414405109)

Calculating left side $y^2$ gives me:

1305684092205373533040221077691077339148521389884908815529498583727542773586739078600732747106020956683600164371063053787771205051084393085089418365301881

Calculating right side $x^3 + a\cdot x + b$ gives:

113658155427813365024510503555061841058107074695539734801914243855899581676106121216742031186749037217068373713699401633275460693094202620308271598867055040123401752346577561684789671973397929725392419990583281258891711488349384075

Left and right sides are not equal.

What I am doing wrong in my calculations?

57
0 + 0
kelalaka avatar
in flag
kelalaka
Does this answer your question? [Verify that a point belongs to secp256r1](https://crypto.stackexchange.com/questions/90151/verify-that-a-point-belongs-to-secp256r1) Exactly the same reason.
2
Reply
cn flag
Renard
@kelalaka, yes if I performed mod with p on both sides and it goes equal. It works with base point and other constant points on the curve. But I got a problem with points calculated with scalar multiplication. I asked the question in another thread. Now digging in into my implementation of scalar multiplication operation to identify what is wrong.
0
Reply
Score:1
poncho avatar Crypto
my flag
poncho

What I am doing wrong in my calculations?

The actual equation may be expressed as:

$$y^2 \equiv x^3 + ax + b \pmod p$$

where $p$ is the characteristic of the field that P256 uses. When working in this field, we usually understand that we're in $GF(p)$ and not $\mathbb{Z}$ (and so we don't need to write out the modulus), however it is important that we realize that it's there.

When don't you reduce each side modulus $p$ and see if it then works.

When I work with P256 computations, I typically use a subsystem that does the modular reduction at each step (addition, multiplication); in that case, it just doesn't come up.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.