github.com/ethereum/go-ethereum@v1.16.1/crypto/secp256k1/libsecp256k1/sage/secp256k1_params.sage

github.com/ethereum/go-ethereum@v1.16.1/crypto/secp256k1/libsecp256k1/sage/secp256k1_params.sage (about)

     1  """Prime order of finite field underlying secp256k1 (2^256 - 2^32 - 977)"""
     2  P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
     3  
     4  """Finite field underlying secp256k1"""
     5  F = FiniteField(P)
     6  
     7  """Elliptic curve secp256k1: y^2 = x^3 + 7"""
     8  C = EllipticCurve([F(0), F(7)])
     9  
    10  """Base point of secp256k1"""
    11  G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
    12  if int(G[1]) & 1:
    13      # G.y is even
    14      G = -G
    15  
    16  """Prime order of secp256k1"""
    17  N = C.order()
    18  
    19  """Finite field of scalars of secp256k1"""
    20  Z = FiniteField(N)
    21  
    22  """ Beta value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
    23  BETA = F(2)^((P-1)/3)
    24  
    25  """ Lambda value of secp256k1 non-trivial endomorphism: lambda * (x, y) = (beta * x, y)"""
    26  LAMBDA = Z(3)^((N-1)/3)
    27  
    28  assert is_prime(P)
    29  assert is_prime(N)
    30  
    31  assert BETA != F(1)
    32  assert BETA^3 == F(1)
    33  assert BETA^2 + BETA + 1 == 0
    34  
    35  assert LAMBDA != Z(1)
    36  assert LAMBDA^3 == Z(1)
    37  assert LAMBDA^2 + LAMBDA + 1 == 0
    38  
    39  assert Integer(LAMBDA)*G == C(BETA*G[0], G[1])