Montgomery curve

In mathematics the Montgomery curve is a form of elliptic curve, different from the usual Weierstrass form, introduced by Peter L. Montgomery in 1987. It is used for certain computations, and in particular in different cryptography applications. In mathematics the Montgomery curve is a form of elliptic curve, different from the usual Weierstrass form, introduced by Peter L. Montgomery in 1987. It is used for certain computations, and in particular in different cryptography applications. A Montgomery curve over a field K is defined by the equation for certain A, B ∈ K and with B(A2 − 4) ≠ 0. Generally this curve is considered over a finite field K (for example, over a finite field of q elements, K = Fq) with characteristic different from 2 and with A ∈ K ∖ {−2, 2}, B ∈ K ∖ {0}, but they are also considered over the rationals with the same restrictions for A and B. It is possible to do some 'operations' between the points of an elliptic curve: 'adding' two points P , Q {displaystyle P,Q} consists of finding a third one R {displaystyle R} such that R = P + Q {displaystyle R=P+Q} ; 'doubling' a point consists of computing [ 2 ] P = P + P {displaystyle P=P+P} (For more information about operations see The group law) and below. A point P = ( x , y ) {displaystyle P=(x,y)} on the elliptic curve in the Montgomery form B y 2 = x 3 + A x 2 + x {displaystyle By^{2}=x^{3}+Ax^{2}+x} can be represented in Montgomery coordinates P = ( X : Z ) {displaystyle P=(X:Z)} , where P = ( X : Z ) {displaystyle P=(X:Z)} are projective coordinates and x = X / Z {displaystyle x=X/Z} for Z ≠ 0 {displaystyle Z eq 0} . Notice that this kind of representation for a point loses information: indeed, in this case, there is no distinction between the affine points ( x , y ) {displaystyle (x,y)} and ( x , − y ) {displaystyle (x,-y)} because they are both given by the point ( X : Z ) {displaystyle (X:Z)} . However, with this representation it is possible to obtain multiples of points, that is, given P = ( X : Z ) {displaystyle P=(X:Z)} , to compute [ n ] P = ( X n : Z n ) {displaystyle P=(X_{n}:Z_{n})} . Now, considering the two points P n = [ n ] P = ( X n : Z n ) {displaystyle P_{n}=P=(X_{n}:Z_{n})} and P m = [ m ] P = ( X m : Z m ) {displaystyle P_{m}=P=(X_{m}:Z_{m})} : their sum is given by the point P m + n = P m + P n = ( X m + n : Z m + n ) {displaystyle P_{m+n}=P_{m}+P_{n}=(X_{m+n}:Z_{m+n})} whose coordinates are: If m = n {displaystyle m=n} , then the operation becomes a 'doubling'; the coordinates of [ 2 ] P n = P n + P n = P 2 n = ( X 2 n : Z 2 n ) {displaystyle P_{n}=P_{n}+P_{n}=P_{2n}=(X_{2n}:Z_{2n})} are given by the following equations: