this is a pre-built version of the
application so let's go ahead and run it
and do all the operations that are
needed for this demo and then I will go
over what just happened
now this is the equation of an elliptic
curve over prime fields so we perform
all operations in mod p where p is
prime and we want the values of x and y
that result in this equation being
satisfied so for x is equal to zero we
end up with this result and we have this
result here and here so we end up with
those two points satisfying the equation
and for x is 3 we end up with this
value and it is the same here and here
so we end up with those two points also
satisfying the equation so we found 19
points that satisfy this equation
including the point at infinity o and
we have a theorem that says that if we
have a finite cyclic group with prime
order then all elements meaning all
points in this case in that group are
generators of that group meaning all
those points are primitive elements so
if we pick any point here it will end up
generating the entire group and we
picked this point (5, 1)
and it ended up generating the entire
group three times so each column is the
entire group being generated so we did
57 hops and we can see the cyclic
behavior here so (5,1) is repeated here
and (6, 3) is repeated here etc now if
we had a huge number of points in the
cyclic group then we would not be able
to do this since it would take forever
with slow hopping so here we did fast
hopping using the double and add
algorithm and I will go over how this
works while writing and test running
the application so here we are doing 13
hops and we ended up at this point
so 13G this is the point 16 and 4
and G is the generator point (5, 1)
now before proceeding with the code
let's do a quick introduction so this is
the Weierstrass equation for elliptic
curve E over a field F and we will be
using this reduced form of that equation
so y^2 is equal to x^3 + ax + b and initially we will use F as
the field of real numbers and then to do
cryptography we will use F as the field
of integers in mod p and those two
curves are singular so we don't want to
use a singular curve and a singular
curve is when the discriminant Delta is
0 so this value is 0 and a singular
curve has repeated roots so we want to
use a elliptic curve with distinct
roots like those 2 this one and this
one now looking at elliptic curves
we can make the following observations
one that elliptic curve will always be
symmetric about the x-axis so if we have
point P with coordinates x and y that
satisfies the equation of the curve then
point - P with coordinates x and
-y satisfies this equation also and
second we can observe that non
vertical non tangent line will
always intersect the curve in three
places so given two points for example P
and
Q here we can construct a third point
and we can make the third observation
that non vertical tangent line will
always intersect the curve in a second
place here so given one point on
the curve and a tangent at that point
then we can construct a second point and
we can also observe that a vertical line
will never intersect the curve in three
places and we can potentially take
advantage of that fact in finding or
defining a neutral element now we take
advantage of our first and our second
observations so the symmetry about the x
axis and the non vertical non tangent line
always intersecting the curve in three
places so starting from two points we
can generate many points on the curve so
given two distinct point on the curve
and the line joining them let the (x0, y0)
be the third intersection point of the
curve with the line then we define
addition of two points as P plus Q is
equal to (x0, -y0)
and we also take advantage of our first
and our third observation so the
symmetry and the non vertical tangent
line intersecting the curve in a second
place so this means that starting from
one point we can generate many points on
the curve so given P is any point on the
curve with the tangent line to the curve
at P let the (x0, y0) be the intersection
point of the curve with the line then we
define
point doubling as P + P is equal to 2
P is equal to (x0, -y0)
and we also take advantage of our 4th
observation that a vertical line will
never intersect the curve in three
places so we define a neutral element
O as an abstract point at infinity so
O is visualized as located toward plus
infinity or minus infinity along the y
axis and we also take advantage of our
first and our 4th observations and the
fact that - P is the inverse of any
group element the P so this means that P
+ -P is equal to O now those
are the equations for elliptic curve
point addition and elliptic curve
point doubling and I derived those
equations in a previous quick tutorial
so we want to add the two points P and Q
and P with coordinates (x1, y1) and Q
with coordinates (x2, y2)
so we end up with Point R with
coordinates (xR,  yR) where xR is equal to
x3 and yR is equal to -y3 and (x3, y3)
is the third intersection point of
the curve with the line and here in
the case of point doubling we have P
and Q are the same point so (x1, y1) and (x2, y2)
are the same and we have (x3, y3)
as the second intersection point so 2P
is equal to R with coordinates (xR,yR)
and xR is equal to x3 and yR is equal
to -y3 so the equations for xR and
yR are are the same for point
addition and point doubling and S is the
slope so it's equal to y2 - y1 over
x2 - x1 for point the addition and
for point doubling S is equal to 3x1^2
+ a over 2y1 and s here
is the slope of the tangent line through
P( x1, y1) now we know that a group is a
set with one operation and a
corresponding inverse operation so if
that operation is addition then the
corresponding inverse operation is
subtraction and if that operation is
multiplication
then the corresponding inverse operation
is division meaning multiplication with
an inverse element now in order to have
all four arithmetic operations meaning
addition subtraction multiplication and
division in one place we need a field
meaning a set with an add group and a
multiply group so a field F is a set of
elements such that all elements of F form
an additional group with the plus as the
group operations and 0 as the neutral
element and all elements of F except
0 form a multiplication group with
multiplication group operation and 1 as
the neutral element and when mixing both
group operations then the distributive
law does hold so a*(b+c)
is equal to a*b + a*c for all a, b,c in F now suppose
that G is a set of points on E including
the point at infinity and E is any
elliptic curve defined over any field F
now for all points A, B and C in G then
the group operation is closed meaning
A+B is equal to C and they are all in
G and the group operation is associative
so A+(B+C) is equal to (A+B)+C
and we prove it here so A+(B+C)
so if we take B + C from
here we end up with this point and then
A+(B+C) we have this
intersection point and we end up with
this point as A+( B + C) and here
(A+B) gives us this point here A+B
and the from here to C we end up with
this intersection point and with this
point (A+B) + C and those two
points are the same and there is a group
identity element
so (A+ O) is equal to (O+A) is
equal to A and for all points A in G
there exists -A in G called the inverse
of a where A + -A is equal to
-A + A is equal to O and the
group operation is commutative so
(A+B) is equal to (B+A) and G meaning
the set of points on E including the
point at infinity form an abelian group
now to do cryptography we need to use
curve over a finite field for example a
prime field where all arithmetic is
performed in mode prime number p so
an elliptic curve over Zp where p is
bigger than 3 is the set of all pairs (x,y)
in Zp such that y squared is
congruent to X cube + ax + b in
mod p and a and b are in Zp and
O is an imaginary point at infinity and
this equation is different than 0 in
mod p so we end up with this elliptic
curve point addition and this elliptic curve
point doubling so now we have mod p here
which we did not have here when we where
over the real numbers I will start by
creating a new project
and here we will have three classes
and this will contain the elliptic
curve logic including point addition
and doubling and this class will
represent a point on the curve and this
one will drive the application so it
will have a main method
now here we will need three static
methods one to handle the pickup of the
elliptic curve so the values for a b and
p for the curve and this one to
handle the pickup of the generator point
coordinates and this one to handle the
number of point hops and if it is slow
hopping or fast hopping using
the double and add algorithm and we
end up calling those methods from here
so here we are picking up the elliptic
curve by calling the handle elliptic
curve input and here we are prompting
the user to select what they want to do
is it slow hopping or fast hopping using
the double and add algorithm and we
call handle point hopping input from
here the user selected slow or if he
selected fast hopping from here
and here for convenience let's
specify those static values
and we want to use non singular curves so
we want to avoid singular ones and
this is the case when a curve is
singular if this is equal to zero so we
check for that in this static method
and we want to keep track for the values
for a b and p for the curve and we
use the constructor to initialize those
so now we can go back to the driver
class and have this method finished
coding
so here we are checking if the elliptic
curve is non-singular and in that case
we instantiate that curve so here the
curve to be instantiated is
non-singular and we display this in the
case we have a singular elliptic curve
and here we handle the pick up of the
generator point and making sure that
what was entered by the user is a point
that is on the curve and here we
prompted the user for a b and p and
picked up those values and we returned the
instantiated elliptic curve and we
will have two methods here one for slow
hopping so slow multiply given the
number of hops and this method can only
be used with small cyclic subgroups
and this one for fast hopping using
the double and add algorithm now a point
on the curve will have x and y
coordinates and they are initialized in
the constructor and those are get
methods and let's define the point at
infinity as having a huge y-coordinate
and this is the equals and the toString
methods for this class so here we are
checking if the passed in point and this
point are the same and here we are
checking if we have points at
Infinity and this returns the x and y
coordinates for this point now those are
the equations for point addition and
point doubling so this is the slope
and this is xR and yR in both cases
and those two methods implement those
equations so this one does point
addition and this one point doubling
and we returned the new point in both
cases which is the result of adding two
points or doubling a point and this
is toString method for this class and
those methods handle display so this one
handles display of the point
matching table and this one displaying
all the points that are on the curve and
this one displaying the result of point
hopping and this method handles
finding all the points that are on the
curve and this can only be used with
small number of points otherwise it
would go forever so we are comparing the
left side and the right side of the
elliptic curve equation and finding the
points where both sides of the equation
are equal and returning all the points
that we find including the point at
infinity and this is a helper method to
count the number of points that are on
the curve and this is the equation for
the elliptic curve y squared is
congruent to x cube + ax + b in
mod p so if we want to determine if a
point is on the curve then we check both
sides of that equation
so y squared in mod p and x
cube + ax + b in mod p
and this method checks to see if point
G and point T are inverse of each
other so they are symmetric about the x axis
and let's have generator point as an
instance variable and it gets updated in
this method given the user input so now
let's go back here and finish up this
method
so we are prompting the user for the x
and y coordinates of the generator point
and updating the elliptic curve with
that point now before proceeding with
finishing the code let's go over this
elliptic curve y square is congruent to
x cube + 2x + 3 in mod 97
so we found a hundred points
satisfying this equation
which means that the order of the
elliptic curve is a hundred and here we are
using this generator point (3, 6) and
those are the cyclic groups or this is
the cyclic group that it is generating so
it has five points and it is repeating
so n the subgroup size is 5 and the
cofactor n is the order of E over n and
this would be the cofactor
so now let's go up here and actually go
here and add n and the order of E and the
cofactor h and let's add a get method
for n and if we go back to the
constructor
we'll find all the points that are on
the curve and count the number of points
on the curve this would be the order of
E and then we display all those points
and let's add this method that will give
us n so count number of points in
cyclic subgroup given the generator
point so now going to the update method
here we can specify the value for the
generator point and for n and for h and
this will implement the slow hopping
and this one it implements the double
and add algorithm to do fast
hopping
so we turn the number of hops to
binary and if we have 1 then we add
after doubling and this should do it for
this class
and this method here handles the point
hopping
so we prompt the user for the number of
point hops d and if they already have
selected slow hopping then we call
this method otherwise we do fast
hopping with the double and add algorithm
and this should do it for this class
and finally let's go ahead and test
run the application so let's try this
curve where this is the value for a and
this is for b and this is the value for p
and for x is 0 we end up with this value
and we end up with this value here for y
is 7 and here for y is 22 so we have
those two points satisfying the equation
of the curve so we end up with 37 points
satisfying this elliptic curve equation
including the point at infinity O and
let's use this as a generator point so
it generates the entire group so the
cofactor h is 1 so n is 37 and the order
of E or the number of points on the
curve is 37 so if we do slow hopping and
maybe 100 hops
so at the hundred hop we end up at this point (5, 7)
and we can see the cyclic behavior here
so each one of those columns here and
here and here is generating the entire
group so let's try fast hopping and
maybe do 32 hops
so we end up here using the double and
add algorithm
and let's try 33 hops also
just to show here the adding behavior so
we end up at this point
and let's change the curve and let's
show that we are checking if the curve
is singular so here we detected that we
have a singular curve and let's try
this one
so we generated 42 points or we have 42
points that satisfy this equation and if
we try this generator point and do slow
hopping and maybe 25 hops so we have
7 points in the subgroup and the order
of E was 42 and the cofactor is the
order of E over n which is 6 so if we do
fast hoping and let's go with 6 hops
so we end up here
so we had that points on an elliptic
curve plus the point at Infinity
have cyclic subgroups and this is where
this sub group here come from or cyclic
sub group here
and if we have a finite cyclic group
with a prime order then all the points
on the elliptic curve form a cyclic
group and this is where
it applies so here all the point form a
cyclic group
