# Welcome to Jupyter

This is just a **plain Python 2** notebook, no SageMath whatsoever!

To know what kernel you are running, look in the menu bar at the top right corner.

**Windows users:** to open a Jupyter notebook in the SageMath virtual appliance, do the following:

- Hit the `Right Ctrl + F1` keys,
- Login with username `sage` and password `sage`
- Type the following command:

  ~~~
  BROWSER=chromium-browser DISPLAY=:0 sage --notebook ipython
  ~~~
- Hit the `Right Ctrl + F7` keys,
- Start a new *Python 2* notebook (or start a *Sage* notebook directly if you want to skip the next 4 cells).

In [1]:
1+1

2

In [2]:
20/3

6

In [3]:
20.0 / 3 

6.666666666666667

In [4]:
type(20.0 / 3)

float

## Let's load the SageMath kernel

In the menu, select **Kernel → Change kernel → Sage 6.x**.

Alternatively, you can run the following *magic command* to use SageMath inside a python kernel.

In [5]:
%load_ext sage

In [6]:
1+1

2

In [7]:
20/3

20/3

In [8]:
type(20.0 / 3)

<type 'sage.rings.real_mpfr.RealNumber'>

## Algebraic structures

In [9]:
ZZ, QQ, RR, CC

(Integer Ring,
 Rational Field,
 Real Field with 53 bits of precision,
 Complex Field with 53 bits of precision)

In [10]:
Zmod(30)

Ring of integers modulo 30

In [11]:
GF(31)

Finite Field of size 31

### Most algebraic structures are organised as parent/elements

In [12]:
GF(17).list()

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]

In [13]:
a = 2

In [14]:
a.parent()

Integer Ring

In [15]:
ZZ is a.parent()

True

In [16]:
a.is_unit()

False

### Conversions

In [17]:
b = QQ(a)

In [18]:
b == a

True

In [19]:
b.parent()

Rational Field

In [20]:
b.is_unit()

True


## Working with notebooks

Notebooks are not referentially transparent

In [21]:
a, b = 2, 3

In [22]:
c = a + b

In [23]:
c

5

### Exploring objects

Completion

In [24]:
ZZ.<tab>

SyntaxError: invalid syntax (<ipython-input-24-00bfcbadca85>, line 1)

Documentation

In [None]:
ZZ.cardinality?

Source code

In [None]:
ZZ.cardinality??

## Polynomial rings

Sage has a special name `x` used for symbolic calculus

In [25]:
a = x^2 - 1
a

x^2 - 1

In [26]:
b = (x-1)*(x+1)
b

(x + 1)*(x - 1)

In [27]:
a == b

x^2 - 1 == (x + 1)*(x - 1)

In [28]:
bool(a == b)

True

### `x` is just a variable name

In [29]:
x = 2

In [30]:
x^2 - 1

3

In [31]:
x = SR.var('x')
a = x^2 - 1
a

x^2 - 1

In [32]:
a(x=3)

8

In [33]:
a - b

-(x + 1)*(x - 1) + x^2 - 1

In [34]:
(a-b).expand()

0

In [35]:
x.parent()

Symbolic Ring

### Forget about `x`!

We don't need symbolic calculus, we need **polynomials**

In [36]:
QQ['x']

Univariate Polynomial Ring in x over Rational Field

In [37]:
R.<x> = QQ[]
R

Univariate Polynomial Ring in x over Rational Field

In [38]:
a = x^2 - 1
a

x^2 - 1

In [39]:
a.parent()

Univariate Polynomial Ring in x over Rational Field

In [40]:
b = (x-1)*(x+1)
b

x^2 - 1

In [41]:
a == b

True

## Finite fields

In [42]:
p = next_prime(2^20)
R.<x> = GF(p)[]
R

Univariate Polynomial Ring in x over Finite Field of size 1048583

In [43]:
P = R.irreducible_element(20)
P

x^20 + x^19 + 1048569*x^18 + 1048575*x^17 + 99*x^16 + 44*x^15 + 1048224*x^14 + 1048469*x^13 + 907*x^12 + 268*x^11 + 1047424*x^10 + 1048551*x^9 + 1552*x^8 + 299*x^7 + 1047653*x^6 + 1047736*x^5 + 3036*x^4 + 38*x^3 + 172*x^2 + 1048279*x + 991

In [44]:
K.<z> = GF(p^20, modulus=P)
K

Finite Field in z of size 1048583^20

In [45]:
z^20

1048582*z^19 + 14*z^18 + 8*z^17 + 1048484*z^16 + 1048539*z^15 + 359*z^14 + 114*z^13 + 1047676*z^12 + 1048315*z^11 + 1159*z^10 + 32*z^9 + 1047031*z^8 + 1048284*z^7 + 930*z^6 + 847*z^5 + 1045547*z^4 + 1048545*z^3 + 1048411*z^2 + 304*z + 1047592

### If we don't care about the moduls

In [46]:
L.<z> = GF(p^2)
L

Finite Field in z of size 1048583^2

In [47]:
L.modulus()

x^2 + x + 1

In [48]:
z.multiplicative_order()

3

In [49]:
z^3

1

In [50]:
e = L.primitive_element()
e.multiplicative_order()

1099526307888

In [51]:
e

z + 5

In [52]:
e.minpoly()

x^2 + 1048574*x + 21

In [53]:
z.log(e)

366508769296

## Elliptic curves

In [54]:
E = EllipticCurve([1,2])
E

Elliptic Curve defined by y^2 = x^3 + x + 2 over Rational Field

In [55]:
E.j_invariant()

432/7

In [56]:
E.torsion_order()

4

In [57]:
E.torsion_points()

[(-1 : 0 : 1), (0 : 1 : 0), (1 : -2 : 1), (1 : 2 : 1)]

In [58]:
G = E.torsion_subgroup()
G

Torsion Subgroup isomorphic to Z/4 associated to the Elliptic Curve defined by y^2 = x^3 + x + 2 over Rational Field

In [59]:
G.gens()

((1 : 2 : 1),)

### Elliptic curves over finite fields

In [60]:
E = EllipticCurve(GF(p), [0,1,0,2,3])
E

Elliptic Curve defined by y^2 = x^3 + x^2 + 2*x + 3 over Finite Field of size 1048583

In [61]:
E.cardinality().factor()

3^3 * 7 * 23 * 241

In [62]:
P = E.random_point()
Q = E.lift_x(123)
P, Q

((495225 : 871077 : 1), (123 : 70573 : 1))

In [63]:
P+Q

(20444 : 800903 : 1)

In [64]:
Q.order().factor()

3^3 * 23 * 241

In [65]:
R = 9*23*241*Q
R

(1048581 : 818907 : 1)

In [66]:
R.order()

3

In [67]:
R.division_points(7)

[(12047 : 636225 : 1),
 (342762 : 743217 : 1),
 (560905 : 986668 : 1),
 (863623 : 647722 : 1),
 (941790 : 460872 : 1),
 (956483 : 603270 : 1),
 (1048581 : 818907 : 1)]

### Cryptographic size

If you want to count the number of points of elliptic curves of cryptographic size, you need to install an optional package.

- Make sure that you have a stable connection to the internet,

- In a shell, type

  ~~~
  sage -i database_pari
  ~~~

  Alternatively, you can evaluate the cell below.

- Wait until installation is done, then restart SageMath.

In [None]:
!sage -i database_pari

## Isogenies

In [68]:
phi = E.isogeny([R])
phi

Isogeny of degree 3 from Elliptic Curve defined by y^2 = x^3 + x^2 + 2*x + 3 over Finite Field of size 1048583 to Elliptic Curve defined by y^2 = x^3 + x^2 + 1048485*x + 343 over Finite Field of size 1048583

In [69]:
S = phi(P)
S

(379238 : 23241 : 1)

In [70]:
S.parent()

Abelian group of points on Elliptic Curve defined by y^2 = x^3 + x^2 + 1048485*x + 343 over Finite Field of size 1048583

In [71]:
phi(R)

(0 : 1 : 0)

In [72]:
phi.rational_maps()

((x^3 + 4*x^2 + 24*x + 20)/(x^2 + 4*x + 4),
 (x^3*y + 6*x^2*y - 8*x*y + 8*y)/(x^3 + 6*x^2 + 12*x + 8))

In [73]:
phi.kernel_polynomial()

x + 2

In [74]:
phi.kernel_polynomial()(R[0])

0

### Pairings

In [75]:
L.<z> = GF(p^2)
EE = E.change_ring(L)
EE

Elliptic Curve defined by y^2 = x^3 + x^2 + 2*x + 3 over Finite Field in z of size 1048583^2

In [76]:
EE.cardinality().factor()

3^4 * 7 * 19 * 23 * 241 * 18413

In [77]:
T = EE.lift_x(912851*z + 87136)
T.order()

3

In [78]:
w = T.weil_pairing(EE(R), 3)
w

1048582*z + 1048582

In [79]:
w.multiplicative_order()

3

In [80]:
T.weil_pairing(2*T, 3)

1