## Public key of Elliptic Curve Digital Signature Algorithm

How do I compute my public key, if my private key for ECDSA in SHA-1 is equals to ab2c34b85dd576112f34?

where: x = 54545578718895168534326250603453777594175500187 y = 35454270510029780865563085577751305070431844712 p = 12121157920892373161954235709850086879078532645  

## {t,n}-threshold ECDSA (elliptic curve digital signature algorithm)

In a nutshell what is {t,n}-threshold ECDSA (elliptic curve digital signature algorithm) and why is it fast and safe?

## Counting elliptic curves by discriminant

Enumerating elliptic curves $$E/\mathbb{Q}$$ sorted by (the absolute value of) their minimal discriminants is a difficult open problem, as is the (likely easier) problem of counting elliptic curves $$E/\mathbb{Q}$$ given by a minimal Weierstrass model $$E_{A,B} : y^2 = x^3 + Ax + B$$, ordered by the model discriminant $$\Delta(E_{A,B}) = -16(4A^3 + 27B^2)$$.

For the question, it is not too hard to show that the number of curves $$E$$ with $$|\Delta(E_{A,B})| \leq X$$ is $$O(X)$$. Counting elliptic curves by their minimal Weierstrass models is essentially equivalent to counting monogenic cubic rings by discriminant, and the number of monic cubic rings of discriminant bounded by $$X$$ is surely less than the number of cubic rings having discriminant bounded by $$X$$, and the number of cubic rings having discriminant bounded by $$X$$ is $$O(X)$$ by the Davenport-Heilbronn theorem.

I am asking about whether there is any improvement over this bound: is it known that

$$\displaystyle N(X) = \#\{E_{A,B} : 16|4A^3 + 27B^2| \leq X\} = o(X)?$$

## Is every positive integer the rank of an elliptic curve over some number field?

For every positive integer $$n$$, is there some number field $$K$$ and elliptic curve $$E/K$$ such that $$E(K)$$ has rank $$n$$?

It’s easy to show that the set of such $$n$$ is unbounded. But can one show that every positive integer is the rank of some elliptic curve over a number field?

The analogous question for a fixed number field is expected to have a negative answer (c.f. e.g., this question) but is still conjectural. But I wonder if one might be able to prove a positive answer to the question I asked above.

## Constructing elliptic curves defined over $\mathbb{Q}$ with fixed complex multiplication

I have the following problem: we know that for a field $$\kappa$$ of characteristic $$0$$ usually an elliptic curve $$E$$ defined over $$\kappa$$ is such that $$End(E)\cong \mathbb{Z}$$. This means that one cannot hope to find an elliptic curve with complex multiplication choosing it “randomly”.

Suppose that i want to produce and elliptic curve over $$\mathbb{Q}$$ whose $$End(E)$$ is and order in $$\mathbb{Q}(\sqrt{-D})$$: what are the methods currently known to do it? Is it possible to write explicitly the isogeny corresponding to $$\sqrt{-D}$$? (If it is in $$End(E)$$ and $$D$$ is not so large).

## Isomorphism of the $\ell$-adic Tate module of an elliptic curve with CM

Let $$E$$ be an elliptic curve over $$K$$ (totally real number field) with complex multiplication by the field $$L$$. Let $$\psi$$ be the Grössencharacter associated to $$E$$, assume that $$\psi$$ of type $$(-r,0)$$ (i.e., the restriction of $$\psi$$ to the archimedian part $$\mathbb{C}^\times$$ of the idele group of $$K$$ has the form $$z\mapsto z^{-r}$$). Set $$V_{\ell}(\psi):=H^{1,\text{ét}}(E(\mathbb{C})\otimes_L\overline{\mathbb{Q}},\mathbb{Q}_\ell)^{\otimes r}\otimes_{K\otimes\mathbb{Q}_\ell}L_{\tilde{\ell}}$$ where $$\otimes r$$ is taken over $$K\otimes\mathbb{Q}_\ell$$.

My question is: How to prove that the $$\ell$$-adic Tate module $$V_\ell(E)$$ is isomorphic to $$V_{\ell}(\psi)\oplus\imath V_{\ell}(\psi)$$ as representations of $$G_K$$, where $$\imath\in G_K$$ is the complex conjugation. (References would be appreciated).

## Elliptic Curve searchable encryption for message delivery

I need a simple message scheme where a sender can send a private message to a receiver using a public database and without relieving who the receiver. All parties have an Elliptic Curve public and private key pair.

Is there a searchable encryption scheme for this? I imagine the sender can encrypt the recipient’s public key (like a “to” field) with the recipient’s public key and store that as a searchable token attached to the message. The receiver can use their private key to construct a search token and send that to the server. The server searches the cipher text to fetch message. The server should not not known which record was returned.

Some sort of paging or multi-message support will be needed as more than one message may be sent. The heavy lifting should be done on the server, the clients are limited in bandwidth and network. This will be a large data-set.

Am I on the right track here with searchable encryption? It looks like homomorphic encryption is over-kill. I’m not sure how to solve the paging problem or if this searchable encryption is mature enough for the task.

## Expressing a torsion point of an elliptic curve as a combination of the generators

I’m facing the following problem: Suppose that we have a finite field $$\mathbb{F}_p$$ and an elliptic curve $$E$$ defined over it. Suppose that for $$m\in \mathbb{Z}$$ not multiple of the characteristic of the base field. So we have an isomorphism $$E[m]\longleftrightarrow (\mathbb{Z}/m\mathbb{Z})^2$$ Suppose we know that $$E[m]\subset E(\mathbb{F}_q)$$ where $$q$$ is a power of $$p$$. Suppose also that we have given generators $$P,Q\in E[m]$$ and a third point $$R\in E[m]$$. I want to find $$a,b \in [0,m-1]$$ for which $$R=aP+bQ$$ What is the computational cost of this problem? The most efficient algorithm i’m thinking about consists of trying to solve a lot of ECDLP $$R-aP=bQ$$ where $$a\in [0,m-1]$$. This of course has a computational cost $$O(m\sqrt{m})$$ since for the single ECDLP there are algorithm with computational cost $$O(\sqrt{m})$$. Thanks to all for your time.

## Elliptic Curve – Classification

How do I classify the types of the elliptic curve $$y^2=ax^3+bx^2+cx+d$$ by the coefficients $$a$$, $$b$$, $$c$$ and $$d$$? Thank you.

## Solving $(u-x_1)^{1/3}+ (u-x_2)^{1/3}+ (u-x_3)^{1/3} = {v}^{1/3}$ with elliptic curves

Let $$x_1$$,$$x_2$$,$$x_3$$ be the roots of the cubic $$x^3+px+q$$ over $$\mathbb Q$$, the idea is that rational solutions $$(u,v)$$ of the equation

$$(u-x_1)^{1/3}+ (u-x_2)^{1/3}+ (u-x_3)^{1/3} = {v}^{1/3} \quad (1)$$

actually form an affine plane algebraic curve, which can be constructed as follows. First, consider the variety $$V$$ lieing in the afiine space $$\mathbb A^8\langle u,v,x_1,x_2,x_3,y_1,y_2,y_3\rangle$$ over the function field $$\mathbb Q(p,q)$$, V: \left\{ \begin{aligned} &x_1+x_2+x_3=0 , \ &x_1 x_2 + x_2 x_3+x_1 x_3 =p,\ &x_1 x_2 x_3 =-q, \ &y_1^3= u-x_1,\ &y_2^3= u-x_2,\ &y_3^3= u-x_3,\ & (y_1 +y_2 +y_3 )^3 = v .\ \end{aligned} \right.

Next, define our curve $$C$$ as the image of $$V$$ under the map $$f : V \to \mathbb A^2 \langle x,y \rangle$$ given by $$(u,v,x_1,x_2,x_3,y_1,y_2,y_3) \mapsto (u,v)$$. We can get an explicit equation for $$C$$ with the aid of Magma Calculator:

> F<p,q>:=FunctionField(Rationals(),2); > A8<x1,x2,x3,y1,y2,y3,u,v>:=AffineSpace(F,8); > V:=Scheme(A8,[x1+x2+x3, x1*x2+x2*x3+x3*x1-p, x1*x2*x3+q, > u-x1-y1^3, u-x2-y2^3, u-x3-y3^3, (y1+y2+y3)^3-v]); > A2<x,y>:=AffineSpace(F,2); > f:=map<V->A2|[u,v]>; > C:=Image(f); C; Scheme over Multivariate rational function field of rank 2 over Rational Field defined by x^7*y^2 - 1/27*x^6*y^3 + 1/9*x^5*y^4 + 11/9*p*x^5*y^2 - q*x^5*y - 1/243*x^4*y^5     - 13/27*p*x^4*y^3 + 11/9*q*x^4*y^2 + 2/9*p^2*x^4*y + 1/243*x^3*y^6 +     46/243*p*x^3*y^4 - 16/27*q*x^3*y^3 + 7/27*p^2*x^3*y^2 - 5/9*p*q*x^3*y -     1/27*p^3*x^3 - 1/6561*x^2*y^7 - 10/729*p*x^2*y^5 - 8/243*q*x^2*y^4 -     73/243*p^2*x^2*y^3 + 26/27*p*q*x^2*y^2 + (1/9*p^3 - 7/9*q^2)*x^2*y -     1/9*p^2*q*x^2 + 1/19683*x*y^8 + 35/6561*p*x*y^6 - 7/729*q*x*y^5 +     29/243*p^2*x*y^4 - 155/243*p*q*x*y^3 + (-1/9*p^3 + 19/27*q^2)*x*y^2 +     2/9*p^2*q*x*y - 1/9*p*q^2*x - 1/531441*y^9 + 1/6561*p*y^7 + 53/6561*q*y^6 -     1/243*p^2*y^5 + 20/243*p*q*y^4 + (1/27*p^3 - 28/243*q^2)*y^3 - 1/9*p^2*q*y^2     + 1/9*p*q^2*y - 1/27*q^3 

Note that although the map $$f$$ is not invertible, the bijection between rational solutions of equation $$(1)$$ and rational points on the curve $$C$$ is obvious: $$(u,v) \longleftrightarrow (x,y)$$. Futher, by using formulas in this answer, one can build a rational map (which will be denoted by $$\varphi$$) from the elliptic curve $$E: e^2=d^3+27p^3+\frac{729}4q^2$$ to the curve $$C$$:

> A<d,e>:=AffineSpace(F,2); > E := Curve(A,[-e^2+d^3+27*p^3+(729/4)*q^2]);  > u:=(1/9*d^6*e - 27/2*q*d^6 - p*d^5*e - 243/2*p*q*d^5 + (-12*p^3 - >     81*q^2)*d^3*e + (-1458*p^3*q - 19683/2*q^3)*d^3 + (216*p^4 + >     1458*p*q^2)*d^2*e + (-2592*p^6 - 34992*p^3*q^2 - 118098*q^4)*e)/(d^7 >     + 9*p*d^6 + 81*p^2*d^5 + (216*p^3 + 1458*q^2)*d^4 + (972*p^4 + >     6561*p*q^2)*d^3 + (11664*p^6 + 157464*p^3*q^2 + 531441*q^4)*d); > w:=(1/9*d^6*e + 27/2*q*d^6 + 2*p*d^5*e + (-12*p^3 - 81*q^2)*d^3*e + >     (1458*p^3*q + 19683/2*q^3)*d^3 + (-432*p^4 - 2916*p*q^2)*d^2*e + >     (-2592*p^6 - 34992*p^3*q^2 - 118098*q^4)*e)/(d^7 >     + 9*p*d^6 + 81*p^2*d^5 + (216*p^3 + 1458*q^2)*d^4 + (972*p^4 + >     6561*p*q^2)*d^3 + (11664*p^6 + 157464*p^3*q^2 + 531441*q^4)*d); > m:= e*( d^5 + 12*p*d^4 + 54*p^2*d^3 + (108*p^3 + 729*q^2)*d^2 +  > (-648*p^4 -    4374*p*q^2)*d) + >     81/2*q*d^5 + (4374*p^3*q + 59049/2*q^3)*d^2; > n:=d^6 + 9*p*d^5 + 81*p^2*d^4 + >     (216*p^3 + 1458*q^2)*d^3 + (972*p^4 + 6561*p*q^2)*d^2 +  > (11664*p^6 +    157464*p^3*q^2 + 531441*q^4); > phi:=map<E-> C | [u, 3*u+3*m/n-3*w]>;   > time Image(phi) eq C; true Time: 66.680 

If we pick the point $$P:=(-3p,\frac{27}2 q)$$ on $$E$$, it can be verified that the preimage of the point $$\varphi(nP) \in C$$ has cardinality $$1$$ for all $$n\in \mathbb Z$$ such that $$|n|<5$$. It thus seems plausible that the map $$\varphi : E \to C$$ is a birational isomorphism; hence the questions:

1. Is it possible to find the inverse of the map $$\varphi$$?
2. How can we transform the curve $$C$$ into Weierstrass normal form without knowing about $$E$$ in advance?