-
Notifications
You must be signed in to change notification settings - Fork 42
Home
gionasoldati edited this page Oct 2, 2018
·
21 revisions
The aim of this section is to establish a common nomenclature to be used among the members of the institute. Our aim is to create a logic and self-consistent nomenclature to help learning.
- Prime numbers: the lowercase letter p should represent an odd prime number;
- Fields: for a general field the letter K should be used, while the finite field of order q = p^k, where p is an odd prime and k an integer, should be represented as F_q. For a fixed order q, the finite field F_q is unique up to isomorphisms, i.e. the same field admits different representations. When dealing with F_p we can use the isomorphism with the set of natural numbers modulo p (Z_p);
- Elliptic curves: in general an elliptic curve is denoted by E(K), which represents the set of points satisfying the generalized Weierstrass equation with coefficients in K plus the point at infinity. Lowercase letters are used to denote scalars, while the uppercase equivalent denotes the linked EC point, e.g. qG = Q = (x_Q, y_Q). The coordinates of an EC point should be represented as in the previous example.
For what concerns our purposes K will always be a prime finite field (F_p). In this case we can define an elliptic curve entirely through the so called elliptic curve domain parameters: T = (a, b, p, G, n, h).
- a and b defines the Weierstrass equation y^2 = x^3 + ax + b;
- p determines the finite field over which the curve is defined E(F_p): y^2 = x^3 + ax + b (mod p);
- G is a generator of a cyclic subgroup of E(F_p);
- n is the order of the cyclic subgroup determined by G;
- h is the so called cofactor, computed as h = |E(F_p)| / n.
- Elliptic curves' key pair: the pair of private and public key should be denoted as {q, Q}, where Q = qG. If more pairs are needed subscripts should be used;
- Signature algorithms (ECDSA and Schnorr): || denotes concatenation of bytes string, the conversion functions should be written extensively (hash(), bytes(), int(), etc.), the cryptographically secure nonce should be denoted by k and the equivalent EC point with K = (x_K, y_K);