Revisions to Is it possible to find a ($2^n$)th root of unity in the scalar field of the Edwards curve on BLS12-377?

working in the base field of BLS12-377

edited Oct 27 at 10:28

150.9k
13
327
631

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two $2^n$^th root of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

Things are different working in the base field of BLS12-377, that is working in $\mathbb F_q$ with $q$ the prime 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001: now we have $2^{\min(n,47)}$ roots. Part of the argument for this is $q\equiv1\pmod{2^{47}}$ and $q\not\equiv1\pmod{2^{48}}$. It's easy to compute such roots (if only by using Tonelli-Shanks repeatedly).

How would I go about implementing NTT for this curve?

I don't know.

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two $2^n$^th root of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

How would I go about implementing NTT for this curve?

I don't know.

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two $2^n$^th root of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

Things are different working in the base field of BLS12-377, that is working in $\mathbb F_q$ with $q$ the prime 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001: now we have $2^{\min(n,47)}$ roots. Part of the argument for this is $q\equiv1\pmod{2^{47}}$ and $q\not\equiv1\pmod{2^{48}}$. It's easy to compute such roots (if only by using Tonelli-Shanks repeatedly).

How would I go about implementing NTT for this curve?

I don't know.

Polish

Source Link

edited Oct 27 at 9:56

fgrieu ♦

150.9k
13
327
631

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two square roots$2^n$^th root of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

How would I go about implementing NTT for this curve?

I don't know.

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two square roots of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

How would I go about implementing NTT for this curve?

I don't know.

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two $2^n$^th root of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

How would I go about implementing NTT for this curve?

I don't know.

Source Link

answered Oct 27 at 9:50

fgrieu ♦

150.9k
13
327
631

Is it possible to find a $2^n$^th root of unity in the scalar field of the Edwards curve on BLS12-377?

Yes that is possible, but probably not what's really wanted: for any strictly positive integer $n$, the only two square roots of unity in this field are $1$ and $r-1$.

Argument: Such root of unity is a solution $x\in\mathbb F_r$ to the equation $x^{\left(2^n\right)}\equiv 1\pmod r$ with $r$ the prime 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff.

$x=1$ and $x=r-1$ are solutions, because they are solutions to $x^2\equiv 1\pmod r$, and then $1^{\left(2^{n-1}\right)}\equiv 1\pmod r$. And there are no others solutions, because $x=1$ and $x=r-1$ are the only solutions to $x^2\equiv 1\pmod r$, and there are no solutions to $x^2\equiv r-1\pmod r$, because the Legendre symbol $\left(\frac{r-1}r\right)=-1$, because $(r-1)/2$ is an odd integer.

How would I go about implementing NTT for this curve?

I don't know.

Stack Exchange Network

Return to Answer