p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffffa = p-3b

1. p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff
2. a = p-3
3. b = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b
4. r = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551
5. x = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
6. y = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5
7.  
8. class CurveFp(object):
9. def __init__(self, p, a, b):
10. assert 3 == p % 4
11. self.__p = p
12. self.__a = a
13. self.__b = b
14.  
15. def p(self):
16. return self.__p
17.  
18. def a(self):
19. return self.__a
20.  
21. def b(self):
22. return self.__b
23.  
24. def contains_point(self, x, y):
25. return (y * y - (x * x * x + self.__a * x + self.__b)) % self.__p == 0
26.  
27. def complete_point(self, x):
28. y = square_roots(x * x * x + self.__a * x + self.__b, self.__p)
29. y = y[0]
30. if self.contains_point(x, y):
31. return Point(self, x, y)
32. else:
33. return INFINITY
34.  
35. class Point(object):
36. def __init__(self, curve, x, y, order=None):
37. self.__curve = curve
38. self.__x = x
39. self.__y = y
40. self.__order = order
41. if order:
42. assert self * order == INFINITY
43.  
44. def __add__(self, other):
45. if other == INFINITY:
46. return self
47. if self == INFINITY:
48. return other
49. assert self.__curve == other.__curve
50. if self.__x == other.__x:
51. if (self.__y + other.__y) % self.__curve.p() == 0:
52. return INFINITY
53. else:
54. return self.double()
55.  
56. p = self.__curve.p()
57. l = ((other.__y - self.__y) * inverse_mod(other.__x - self.__x, p)) % p
58. x3 = (l * l - self.__x - other.__x) % p
59. y3 = (l * (self.__x - x3) - self.__y) % p
60. return Point(self.__curve, x3, y3)
61.  
62. def __mul__(self, other):
63. def leftmost_bit(x):
64. assert x > 0
65. result = 1L
66. while result <= x:
67. result = 2 * result
68. return result / 2
69.  
70. e = other
71. if self.__order:
72. e = e % self.__order
73. if e == 0:
74. return INFINITY
75. if self == INFINITY:
76. return INFINITY
77. assert e > 0
78. e3 = 3 * e
79. negative_self = Point(self.__curve, self.__x, -self.__y, self.__order)
80. i = leftmost_bit(e3) / 2
81. result = self
82. while i > 1:
83. result = result.double()
84. if (e3 & i) != 0 and (e & i) == 0:
85. result = result + self
86. if (e3 & i) == 0 and (e & i) != 0:
87. result = result + negative_self
88. i = i / 2
89. return result
90.  
91. def __rmul__(self, other):
92. return self * other
93.  
94. def __str__(self):
95. if self == INFINITY:
96. return "infinity"
97. return "(%d,%d)" % (self.__x, self.__y)
98.  
99. def double(self):
100. if self == INFINITY:
101. return INFINITY
102.  
103. p = self.__curve.p()
104. a = self.__curve.a()
105. l = ((3 * self.__x * self.__x + a) *
106. inverse_mod(2 * self.__y, p)) % p
107. x3 = (l * l - 2 * self.__x) % p
108. y3 = (l * (self.__x - x3) - self.__y) % p
109. return Point(self.__curve, x3, y3)
110.  
111. def x(self):
112. return self.__x
113.  
114. def y(self):
115. return self.__y
116.  
117. def curve(self):
118. return self.__curve
119.  
120. def order(self):
121. return self.__order
122.  
123. def inverse_mod(a, m):
124. if a < 0 or m <= a:
125. a = a % m
126. c, d = a, m
127. uc, vc, ud, vd = 1, 0, 0, 1
128. while c != 0:
129. q, c, d = divmod(d, c) + (c, )
130. uc, vc, ud, vd = ud - q * uc, vd - q * vc, uc, vc
131. assert d == 1
132. if ud > 0:
133. return ud
134. else:
135. return ud + m
136.  
137. #square roots for moduli 3 (mod 4)
138. def square_roots(a, m):
139. s = pow(a, (m + 1) / 4, m)
140. return s, m - s
141.  
142. INFINITY = Point(None, None, None)
143.  
144. def urandom(size):
145. return '\x04'*size; # chosen by fair dice roll
146. # guaranteed to be random
147.  
148. class Signature(object):
149. def __init__(self, r, s):
150. self.r = r
151. self.s = s
152. def __str__(self):
153. return '(' + str(self.r) + ',' + str(self.s) + ')'
154.  
155. class Public_key(object):
156. def __init__(self, generator, point):
157. self.curve = generator.curve()
158. self.generator = generator
159. self.point = point
160. n = generator.order()
161. if not n:
162. raise RuntimeError, "Generator point must have order."
163.  
164. def verifies(self, hash_digest, signature):
165. try:
166. G = self.generator
167. n = G.order()
168. r = signature.r
169. s = signature.s
170. if r < 1 or r > n-1: return False
171. if s < 1 or s > n-1: return False
172. c = inverse_mod(s, n)
173. u1 = (hash_digest * c) % n
174. u2 = (r * c) % n
175. xy = u1 * G + u2 * self.point
176. v = xy.x() % n
177. return v == r
178. except:
179. return False
180.  
181. def __str__(self):
182. return str(self.point)
183.  
184. class Private_key(object):
185. def __init__(self, public_key, secret_multiplier):
186. self.public_key = public_key
187. self.secret_multiplier = secret_multiplier
188.  
189. def sign(self, hash_digest, k):
190. G = self.public_key.generator
191. n = G.order()
192. k = k % n
193. p1 = k * G
194. r = p1.x()
195. if r == 0: raise RuntimeError, "amazingly unlucky random number r"
196. s = ( inverse_mod(k, n) * (hash_digest + (self.secret_multiplier * r) % n) ) % n
197. if s == 0: raise RuntimeError, "amazingly unlucky random number s"
198. return Signature(r, s)