Request for a more detailed explanation of the mathematical principles behind the elliptic curve in the code

[Shuangcheng-Ni]

I am a newbie in cryptography, so I hope you can explain the principles of the elliptic curve to me in more detail.

It seems that the base point $(\text{0x56fdcbc6a27acee0cc2996e0096ae74feb1acf220a2341b898b549440297b8cc},\ \text{0x20da32e8afc90b7cf0e76bde44496b4d0794054e6ea60f388682463132f931a7})$ is not on curve $y^2 + xy \equiv x^3 + 161 \pmod{\text{0x0001026dd85081b82314691ced9bbec30547840e4bf72d8b5e0d258442bbcd31}}$ (i.e. $y^2 + xy \pmod{p} \ne x^3 + 161 \pmod{p}$). I am wondering if I misunderstood anything.

Besides, could you provide proof of these formulas?

• point doubling: $\lambda = \frac{y_1}{x_1} + x_1$, $x = \lambda^2 + \lambda + a$, $y = x_1^2 + (\lambda + 1)x$
• point addition: $\lambda = \frac{y_1 + y_2}{x_1 + x_2}$, $x = \lambda^2 + \lambda + x_1 + x_2 + a$, $y = \lambda(x + x_1) + x + y_1$

You might explain these in either English or Chinese.

[pudding0503]

在 WinRarConfig.hpp 文件中 435~456 行有：

    static inline const EllipticCurveGF2m<GaloisField<GF2p15p17Traits>>::Point G = Curve.GetPoint(
        {
            GaloisFieldInitByElement{},
            {
                0x38CC, 0x052F, 0x2510, 0x45AA,
                0x1B89, 0x4468, 0x4882, 0x0D67,
                0x4FEB, 0x55CE, 0x0025, 0x4CB7,
                0x0CC2, 0x59DC, 0x289E, 0x65E3,
                0x56FD
            }
        },
        {
            GaloisFieldInitByElement{},
            {
                0x31A7, 0x65F2, 0x18C4, 0x3412,
                0x7388, 0x54C1, 0x539B, 0x4A02,
                0x4D07, 0x12D6, 0x7911, 0x3B5E,
                0x4F0E, 0x216F, 0x2BF2, 0x1974,
                0x20DA
            }
        }
    );

猜测这个可能才是基点 G：

Gx: 38CC052F251045AA1B89446848820D674FEB55CE00254CB70CC259DC289E65E356FD
Gy: 31A765F218C43412738854C1539B4A024D0712D679113B5E4F0E216F2BF2197420DA

此外，0x1026dd85081b82314691ced9bbec30547840e4bf72d8b5e0d258442bbcd31 应该不是复合域 GF2p15p17 的域模，域模应该是别的值，我目前没找到。