| Aurel Page on Fri, 18 Jul 2025 14:57:39 +0200 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: What's the code for doing the reverse of this code over the altbn128 curve |
Dear Laël, What you are looking for is ffinvmap: ? mapi = ffinvmap(map); ? twisti(pt) = [ffmap(mapi,pt[1]/w^2), ffmap(mapi,pt[2]/w^3)]; ? pt3 = twisti(pt2); ? pt3 == pt %15 = 1 Cheers, Aurel On 18/07/2025 14:12, Laël Cellier wrote:
The altbn254 curve is defined here : https://github.com/ethereum/EIPs/blob/master/EIPS/eip-197.md#definition-of-the-groupsThis is the code responsible for mapping points from F_p² to F_p¹² :p=21888242871839275222246405745257275088696311157297823662689037894645226208583;i=ffgen((i^2+1)*Mod(1,p));X=11559732032986387107991004021392285783925812861821192530917403151452391805634*i+10857046999023057135944570762232829481370756359578518086990519993285655852781; Y=4082367875863433681332203403145435568316851327593401208105741076214120093531*i+8495653923123431417604973247489272438418190587263600148770280649306958101930;pt = [X,Y];\\ then define the target field, the target curve and the map from Fp[i] to Fp[w]:w=ffgen((w^12 - 18 * w^6 + 82)*Mod(1,p)); E2 = ellinit([0,3],w); map = ffembed(i,w); \\ define the isomorphism: twist(pt)= [ffmap(map,pt[1])*w^2, ffmap(map,pt[2])*w^3]; \\ apply to pt pt2=twist(pt); \\ check ellisoncurve(E2,pt2) %11 = 1 \\ success!But now given a valid pt2 over the curve E2, how to ffmap it back to pt over the curve defined over the i finite field ?Of course, I understand this can only happen if pt has the suitable order of |21888242871839275222246405745257275088548364400416034343698204186575808495617|.