20121106 
Oct 2012
Altona Victoria
2^{2}×3 Posts 
Elliptic curve arithmetic
I am trying to locate the parts of gmpecm which deal with elliptic curve arithmetic such as addition and subtraction of points on curves. I can't find any reference to these in the documentation and have also looked through the various .c and .h files without success. Can anyone point me in the right direction please?

20121106 
"Nancy"
Aug 2002
Alexandria
2,467 Posts 
Some functions for arithmetic on curves in Montgomery form are in ecm.c, some functions for curves in Weierstrass form are in ecm2.c. The latter do batched additions, however, to save modular inverses.

20121107 
Oct 2012
Altona Victoria
2^{2}×3 Posts 
Thanks for that. I think I have located the relevant functions. As far as I can tell they are for special values of the curve parameters. For example the function add3 seems to apply to curves of the form gy^2 = x^3 + x. I can't work out what form of equation the doubling function 'duplicate' operates on. The value obtained for x2 suggests the curve is x^3 + x but the z2 value suggests otherwise.

20121107 
"Nancy"
Aug 2002
Alexandria
100110100011_{2} Posts 
Those functions operate on points on curves in Montgomery form. Those are in projective coordinates, so a point consists of the coordinates (x,y,z), but the arithmetic omits the ycoordinate and works only with (x:z). Montgomery's thesis is probably the best source for background on how arithmetic on curves of his form works, you can find it at http://research.microsoft.com/enus/...mon/thesis.pdf

20121107 
Oct 2012
Altona Victoria
2^{2}×3 Posts 
Yes I understand about Montgomery coordinates. I may be on the wrong track but add3 and duplicate appear to be implementations of the addh function as described by Crandall and POmerance. However the curve parameter a b c don't appear in add3 so presumably a particular choice of curve is being used. The same applies to the calculation of x2 in duplicate but not to z2.

20121108 
"Nancy"
Aug 2002
Alexandria
2467_{10} Posts 
Addition of points in Montgomery form does not use the curve parameter explicitly because that is implicit from the two input points and their difference (all of which are known to be on the curve) which are the inputs to add3(). The add3() function is a direct implementation of Equation (2.3.4) in Montgomery's thesis.

20121108 
Oct 2012
Altona Victoria
2^{2}·3 Posts 
ok thanks for clearing that point up.I'll have a look at the thesis.

