\h.SSKJr SSKJr SSKJrJrJr SSKJ r SSK J r J r SSK Jr "SS 5rS S jrSS jrg ))log)_randint)gcdinvertsqrt)as_int)sieve primerange)isprimec6\rSrSrSrSrSrSrSrSr Sr g ) PointaLMontgomery form of Points in an elliptic curve. In this form, the addition and doubling of points does not need any y-coordinate information thus decreasing the number of operations. Using Montgomery form we try to perform point addition and doubling in least amount of multiplications. The elliptic curve used here is of the form (E : b*y**2*z = x**3 + a*x**2*z + x*z**2). The a_24 parameter is equal to (a + 2)/4. References ========== .. [1] Kris Gaj, Soonhak Kwon, Patrick Baier, Paul Kohlbrenner, Hoang Le, Mohammed Khaleeluddin, Ramakrishna Bachimanchi, Implementing the Elliptic Curve Method of Factoring in Reconfigurable Hardware, Cryptographic Hardware and Embedded Systems - CHES 2006 (2006), pp. 119-133, https://doi.org/10.1007/11894063_10 https://www.hyperelliptic.org/tanja/SHARCS/talks06/Gaj.pdf c4XlX lX0lX@lg)z Initial parameters for the Point class. Parameters ========== x_cord : X coordinate of the Point z_cord : Z coordinate of the Point a_24 : Parameter of the elliptic curve in Montgomery form mod : modulus N)x_cordz_corda_24mod)selfrrrrs I/var/www/auris/envauris/lib/python3.13/site-packages/sympy/ntheory/ecm.py__init__Point.__init__(s   cURUR:wdURUR:wagURUR-UR-URUR-UR-:H$)z=Two points are equal if X/Z of both points are equal Frrrr)rothers r__eq__ Point.__eq__9sb 99 "dhh%))&;{{U\\)DHH4 LL4;; & 12 2rcURUR- URUR--nURUR-URUR- -nX4-X4- peURU-U-UR-nURU-U-UR-n[XxURUR5$)a Add two points self and Q where diff = self - Q. Moreover the assumption is self.x_cord*Q.x_cord*(self.x_cord - Q.x_cord) != 0. This algorithm requires 6 multiplications. Here the difference between the points is already known and using this algorithm speeds up the addition by reducing the number of multiplication required. Also in the mont_ladder algorithm is constructed in a way so that the difference between intermediate points is always equal to the initial point. So, we always know what the difference between the point is. Parameters ========== Q : point on the curve in Montgomery form diff : self - Q Examples ======== >>> from sympy.ntheory.ecm import Point >>> p1 = Point(11, 16, 7, 29) >>> p2 = Point(13, 10, 7, 29) >>> p3 = p2.add(p1, p1) >>> p3.x_cord 23 >>> p3.z_cord 17 )rrrrr) rQdiffuvaddsubtrrs rr$ Point.addAs<[[4;; &AHH)< = [[4;; &AHH)< =E15Ts"S(4883t#d*TXX5VTYY99rch[URUR-SUR5n[URUR- SUR5nX- nX-UR-nX2URU---UR-n[ XEURUR5$)z Doubles a point in an elliptic curve in Montgomery form. This algorithm requires 5 multiplications. Examples ======== >>> from sympy.ntheory.ecm import Point >>> p1 = Point(11, 16, 7, 29) >>> p2 = p1.double() >>> p2.x_cord 13 >>> p2.z_cord 10 )powrrrrr)rr"r#r!rrs rdouble Point.doublefs  dkk)1dhh 7  dkk)1dhh 7utxx499T>)*TXX5VTYY99rcUnUR5n[U5SSHMnUS:Xa#URX 5nUR5nM,URX05nUR5nMO U$)av Scalar multiplication of a point in Montgomery form using Montgomery Ladder Algorithm. A total of 11 multiplications are required in each step of this algorithm. Parameters ========== k : The positive integer multiplier Examples ======== >>> from sympy.ntheory.ecm import Point >>> p1 = Point(11, 16, 7, 29) >>> p3 = p1.mont_ladder(3) >>> p3.x_cord 23 >>> p3.z_cord 17 N1)r*binr$)rkr Ris r mont_ladderPoint.mont_ladder}sf.  KKMQAc EE!NHHJEE!NHHJ rrN) __name__ __module__ __qualname____firstlineno____doc__rrr$r*r3__static_attributes__rrrrs!,"2#:J:. rrNc b[U5n[[U5US-S- 5n[R"U5 S/U-nS/U-nSn [ SUS-5H$n U [ U [[X555-n M& /n [USU--USU--SU-5HSn [ U SU-- U SU--5V s1sHn [X- 5S- iM nn U R[U55 MU [U5GHtnU"SUS- 5nUS-S- U-nSU-U-n[ USU5n[ UU- SU5SU-U--[SU-U-U5-U-n[!U[ USU5UU5nUR#U 5n[UR$U5nUS:wa UU:waUs $UU:XaMUUS'UR'5nUR)UU5US'USR*USR$-U-US'USR*USR$-U-US'[SU5HInUUS- R)UUUS- 5UU'UUR*UUR$-U-UU'MK SnUR#SU-5nUR#USU-- 5nUR#USU--5nU HnUR*UR$-U-nUHMnUR*UUR*- UR$UUR$--U- UU-nUU-U-nMO UUR)UU5nnM [UU5nUS:wdGMjUU:wdGMsUs $ g s sn f![a# [SU-U-U5nUU:XaGMUss $f=f) aeReturns one factor of n using Lenstra's 2 Stage Elliptic curve Factorization with Suyama's Parameterization. Here Montgomery arithmetic is used for fast computation of addition and doubling of points in elliptic curve. Explanation =========== This ECM method considers elliptic curves in Montgomery form (E : b*y**2*z = x**3 + a*x**2*z + x*z**2) and involves elliptic curve operations (mod N), where the elements in Z are reduced (mod N). Since N is not a prime, E over FF(N) is not really an elliptic curve but we can still do point additions and doubling as if FF(N) was a field. Stage 1 : The basic algorithm involves taking a random point (P) on an elliptic curve in FF(N). The compute k*P using Montgomery ladder algorithm. Let q be an unknown factor of N. Then the order of the curve E, |E(FF(q))|, might be a smooth number that divides k. Then we have k = l * |E(FF(q))| for some l. For any point belonging to the curve E, |E(FF(q))|*P = O, hence k*P = l*|E(FF(q))|*P. Thus kP.z_cord = 0 (mod q), and the unknownn factor of N (q) can be recovered by taking gcd(kP.z_cord, N). Stage 2 : This is a continuation of Stage 1 if k*P != O. The idea utilize the fact that even if kP != 0, the value of k might miss just one large prime divisor of |E(FF(q))|. In this case we only need to compute the scalar multiplication by p to get p*k*P = O. Here a second bound B2 restrict the size of possible values of p. Parameters ========== n : Number to be Factored. Assume that it is a composite number. B1 : Stage 1 Bound. Must be an even number. B2 : Stage 2 Bound. Must be an even number. max_curve : Maximum number of curves generated Returns ======= integer | None : a non-trivial divisor of ``n``. ``None`` if not found References ========== .. [1] Carl Pomerance, Richard Crandall, Prime Numbers: A Computational Perspective, 2nd Edition (2005), page 344, ISBN:978-0387252827 r(r rr-N)rminrr extendr r)intrrangeabsappendlistrZeroDivisionErrorrrr3rr*r$r)nB1B2 max_curveseedrandintDbetaSr0p deltas_listrqdeltas_sigmar"r#u_3a24gr Q2dWTr1alphadeltafs r_ecm_one_factorrcsdtnG DHbAgk"A LLO 37D aA A 26 " SCB O $$#K 2!8R!A#Xqs ++5a!A#gq1Q3w+GH+Ga#ae*/+GH4<(, 9 1q5! AX\Q  uWM!Ql  a!eQ"AaC!G,VBsF1Ha-@@1DC #s1a|S! , MM!  !  6a1fH !V ! XXZvva|!Q4;;qt{{*a/QQ4;;qt{{*a/Qq!AQU8<<Aa!eH-AaDt{{1Q4;;.!3DG  MM!A#  MM"qs( # MM"qs( #!FXXahh&!+EXX%/XX%/1389;?;GqSAI  aeeAqkqAq" 1I 6a1fH{I ! AcE!GQAAvH  s=M<3/N"N.'N.-N.c^^^ ^ ^ SSKJm [U5nUS-S:wd US-S:wa [S5eSm[ 5m [ R "ST5H6nX-S:XdM T RU5 X-S:XdM(X-nX-S:XaMM8 /m UUU U U 4Sjm T "U5 T (aFT R5n[XX#U5nUc [S5eT "U5 T "X-5 T (aMFT $) aPerforms factorization using Lenstra's Elliptic curve method. This function repeatedly calls ``_ecm_one_factor`` to compute the factors of n. First all the small factors are taken out using trial division. Then ``_ecm_one_factor`` is used to compute one factor at a time. Parameters ========== n : Number to be Factored B1 : Stage 1 Bound. Must be an even number. B2 : Stage 2 Bound. Must be an even number. max_curve : Maximum number of curves generated seed : Initialize pseudorandom generator Examples ======== >>> from sympy.ntheory import ecm >>> ecm(25645121643901801) {5394769, 4753701529} >>> ecm(9804659461513846513) {4641991, 2112166839943} r )_perfect_powerr(rzboth bounds must be even順c>[U5(aTRU5 gT"UT5=n(a T"US5$TRU5 g)Nr)r r$rF)mresultTF_LIMITrecheckfactorsqueues rrkecm..checkMsF 1:: KKN #Ax0 06 0# # QrzIncrease the bounds) factor_rer ValueErrorsetr r r$poprc) rIrJrKrLrMprimefactorrjrerkrlrms @@@@@recmru's2(q A Av{b1fk344HeG!!!X. 9> KK )q. )q./ E !H  IIK t< >23 3 f  ak % Nr)'rfN)rvrfrwi)mathrsympy.core.randomrsympy.external.gmpyrrrsympy.utilities.miscrgenerater r primetestr rrcrur;rrr~s3&11''LL^DN5r