DiSSECT: Distinguisher of Standard & Simulated Elliptic Curves via Traits
DiSSECT is, to the best of our knowledge, the largest publicly available database of standardized elliptic curves (taken from our sister project) and offers generation of simulated curves according to the mentioned standards. The tool contains over 20 tests (which we call traits), each computing curve properties, ranging from classical algebraic ones to unconventional ones and those connected to implementations. After obtaining their empirical distributions, the traits allow us to compare the simulated curves to the standard ones. Finally, DiSSECT provides an easy-to-use interface for implementations of custom traits and their interactive visualization via Jupyter notebook.
DiSSECT is written in Python 3 and imports the SageMath library. The database of the standardized elliptic curves as well as the simulated ones with the results of the traits, including the visualization, can be found at https://dissect.crocs.fi.muni.cz/. DiSSECT is open-source and we welcome any collaborators who have an idea for a new trait, new simulation method, or just want to contribute in another way.
Authors
- Vladimír Sedláček
- Vojtěch Suchánek
- Antonín Dufka
Thanks to Ján Jančár for help with the curve database and CRoCS members for fruitful discussions. Computational resources were supplied by the project "e-Infrastruktura CZ" (e-INFRA LM2018140) provided within the program Projects of Large Research, Development and Innovations Infrastructures.
Setup
Using virtual environment:
- Clone with
git clone --recurse-submodules https://github.com/crocs-muni/DiSSECT.git - Create virtual environment for python in sage:
sage --python3 -m venv --system-site-packages environment - Activate the environment:
source environment/bin/activate - Run
pip install --editable .in DiSSECT folder
Alternatively without virtual environment (not recommended):
From the root directory, run sage --python3 setup.py develop --user to initialize the project.
Running the curve traits
To feed the trait results directly to a local MongoDB database, run ./run.py -n <trait_name> -c <curve_type> [-b <max_bit_length>] [-v] [-a <allowed cofactors>].
Alternatively, to get results as JSON files, run ./run_traits.py in directory traits. Use the -h flag to get the help menu. To merge the results of a trait (
a05 in this case) into single file, run ./merge_trait_results.py -n a05.
Example usage
To run trait a05 on all standard curves of bitsizes up to 192 with cofactor 1 or 2 in verbose mode using 3 cores and 100
jobs, run ./run_traits.py -n a05 -c std -v -b 192 -a 1 2 -t 3 -j 100.
Supported curve sets
- std: all standard curves
- sim: all simulated curves
- sample: curves secp112r1, secp192r1, secp256r1
- all: all curves in the database
Overview of available traits
| name | description | implemented | computed* | time req.** | memory req.*** |
|---|---|---|---|---|---|
| a01 | group stucture of the curve in field extensions | ✅ | ❌ | high | low |
| a02 | factorization of the CM discriminant | ✅ | ✅ | high | medium |
| a03 | factorization of the quadratic twist cardinality | ✅ | ✅ | high | medium |
| a04 | factorizations of |
✅ | ✅ | high | high |
| a05 | field extensions containing nontrivial/full |
✅ | ✅ | medium | low |
| a06 | factorizations of ratios of CM discriminants in extension fields and base fields | ✅ | ✅ | high | medium |
| a07 | embedding degree | ✅ | ✅ | medium | low |
| a08 | class number of the maximal order of the endomorphism ring | ✅ | ✅ | high | low |
| a12 | multiplicative orders of small primes modulo curve order | ✅ | ✅ | medium | medium |
| a22 | factorizations of small division polynomials | ✅ | ✅ | high | high |
| a23 | volcano depth and crater degree in the |
✅ | ✅ | low | low |
| a24 | field extensions containing nontrivial/full number of |
✅ | ✅ | medium | low |
| a25 | trace in field extensions and its factorization | ✅ | ✅ | low | low |
| a28 | Number of j-invariants adjacent to the curve by l-isogeny | ✅ | ✅ | medium | low |
| a29 | Torsion order of the lift of E to curve over Q | ✅ | ✅ | low | low |
| i04 | number of points with low Hamming weight | ✅ | ✅ | medium | low |
| i06 | square parts of |
✅ | ✅ | low | low |
| i07 | distance of |
✅ | ✅ | low | low |
| i08 | bit length of small inverted generator multiples | ✅ | ✅ | low | low |
| i13 |
|
✅ | ✅ | low | low |
| i14 | overlap in curve coefficients | ✅ | ✅ | low | low |
| i15 | curve coefficients in Weierstrass form | ✅ | ✅ | low | low |
Notation:
* on sim and std curves with at most 256 bits and cofactor 1
** this is very rough and subjective
*** on the above dataset: low is <100 MB, medium is 100-500 MB, high is >500 MB (measuring JSONs)
Overview of planned traits
| name | description | fully specified |
|---|---|---|
| a09 | existence of pairing-friendly cycles | ❌ |
| a10 | existence of factorization bases | ❌ |
| a11 | minimal codewords in elliptic codes | ❌ |
| a13 | images of points under pairings | ❌ |
| a14 | conductor and modularity | ❌ |
| a15 | the lattice associated to the curve over |
❌ |
| a16 | the Neron model | ❌ |
| a17 | the L-series | ❌ |
| a18 | the invariant differential | ❌ |
| a19 | local heights | ❌ |
| a20 |
|
❌ |
| a21 | Galois groups of various polynomials | ❌ |
| a26 | lifts of curves to other fields | ❌ |
| a27 | distribution and sizes of isogeny classes | ❌ |
| i01 | curves under parameter bitflips | ❌ |
| i02 | curves with the same |
❌ |
| i03 | the number of modular reductions in various computations | ❌ |
| i05 | vulnerability against |
❌ |
| s01 | statistical properties of scalar multiplication | ❌ |
| s02 | distribution of point coordinates in various intervals | ❌ |
| s03 | properties of other curve models | ❌ |
| s04 | modular polynomials in given |
❌ |
| s05 | images of points under isogenies | ❌ |
| s06 | summation polynomials | ❌ |
| s07 | distributions of curves with similar properties | ❌ |
| s08 | properties of the function shifting a point by the generator | ❌ |
Unit tests
Run sage --python3 -m unittest discover in directory traits/unit_tests/. Only unit tests starting with test will
be run; those starting with local have to be run manually (as they require resources not available on the server).
Parameters and structure
From directory traits, parameter files can be (re)generated by sage --python3 params.py and structure files can be (
re)generated by sage --python3 traits/traits_structures.py -t all (both of these are already done during the setup).
Importing curves or results to a local database
After setting up a local database with MongoDB, you can run python3 utils/database_handler.py curves [database_uri] <curve_files...> to import curves from individual JSON files, or python3 utils/database_handler.py curves [database_uri] all to import all curves from their presumed directories.
Similarly, you can run python3 utils/database_handler.py results [database_uri] <trait_name> <results_file> to import trait results from a JSON file, or python3 utils/database_handler.py results [database_uri] <trait_name> auto to auto-import from the presumed location, or even python3 utils/database_handler.py results [database_uri] all to do this for all traits.