Montgomery normal form: Difference between revisions
Montgomery "curves" |
m spacing |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Normal forms]] | |||
[[Image:Elliptic-curve-2.svg|frame|left|Elliptic curve in '''Montgomery normal form''' with <math>A=-2</math> and <math>B=\frac49</math>.]] | |||
== The normal form == | == The normal form == | ||
| Line 5: | Line 7: | ||
:<math>By^2=x^3+Ax^2+x</math> | :<math>By^2=x^3+Ax^2+x</math> | ||
It has in common with the [[Weierstraß normal form]] the same important property of being symmetric about the ''x''-axis, and hence it is just as useful and possibly more convenient in some cases for computing the [[point group operation]] by using many if not most of the same techniques. | It has in common with the [[Weierstraß normal form]] the same important property of being symmetric about the ''x''-axis, and hence it is just as useful and possibly more convenient or efficient in some cases for computing the [[point group operation]] by using many if not most of the same techniques. | ||
== What is a Montgomery curve? == | == What is a Montgomery curve? == | ||
| Line 17: | Line 19: | ||
:<math>By^2=(x+C)^3 + A (x+C)^2 + (x+C)</math> | :<math>By^2=(x+C)^3 + A (x+C)^2 + (x+C)</math> | ||
This is a simple ''y''-axis scaling together with an ''x''-axis shift which preserves the exact same geometry and group structure among the rational points as the curve would have in [[Weierstraß normal form]], even in a finite field as the case may be, which is in all probability well understood, notwithstanding a certain presumptuousness or overexuberance in the nuts-and-bolts applications of so-called [[Montgomery arithmetic]] directly to modern-day [[strong cryptography]] together with a certain degree of ignorance of traditional or long-standing classical mathematical literature of the Victorian era. | |||
Latest revision as of 06:12, 29 December 2024
The normal form
The Montgomery normal form[1] of an elliptic curve is a slightly different normalization from that of Weierstraß.
It has in common with the Weierstraß normal form the same important property of being symmetric about the x-axis, and hence it is just as useful and possibly more convenient or efficient in some cases for computing the point group operation by using many if not most of the same techniques.
What is a Montgomery curve?
The concept of a Montgomery curve[2][3] is very curious, if that is at all the intention to imply that some elliptic curves with rational coefficients are Montgomery and others are not. Because any elliptic curve described by a Weierstraß equation with rational coefficients a and b
may be transformed by simple rational operations into a so-called “Montgomery curve” with rational A, B, and C.
This is a simple y-axis scaling together with an x-axis shift which preserves the exact same geometry and group structure among the rational points as the curve would have in Weierstraß normal form, even in a finite field as the case may be, which is in all probability well understood, notwithstanding a certain presumptuousness or overexuberance in the nuts-and-bolts applications of so-called Montgomery arithmetic directly to modern-day strong cryptography together with a certain degree of ignorance of traditional or long-standing classical mathematical literature of the Victorian era.
- ↑ Peter L. Montgomery. “Speeding the Pollard and elliptic curve methods of factorization.” Mathematics of Computation, vol. 48, no. 177, Jan 1987, pp. 243-264. https://www.ams.org/journals/mcom/1987-48-177/S0025-5718-1987-0866113-7/
- ↑ Craig Costello and Benjamin Smith. “Montgomery curves and their arithmetic: The case of large characteristic fields.” Cryptology ePrint Archive, vol. 2017, no. 212. https://eprint.iacr.org/2017/212
- ↑ Daniel J. Bernstein and Tanja Lange. “Montgomery curves and the Montgomery ladder.” Cryptology ePrint Archive, vol. 2017, no. 293. https://eprint.iacr.org/2017/293
