Getting Core dumped in Sage code for weil-pairing

Harish SP

unread,

Nov 29, 2016, 5:25:24 AM11/29/16

to sage-support

I was trying a sage code for weil pairing , and I got the following error message:

'/usr/lib/sagemath/local/bin/sage-python: line 2: 15172 Segmentation fault (core dumped) sage -python "$@"' '

Here is the code for weil-pairing:

# Weil Pairing Example

# Example 5.43 in IMC

# E: y^2 = x^3 + 30x + 34 mod 631

p = 631

a = 30

b = 34

E = EllipticCurve(GF(p), [a, b])

print E

P = E((36, 60))

Q = E((121, 387))

n = 5

S = E((0, 36))

print "P =", P.xy()

print "Q =", Q.xy()

print "#P = #Q =", n

var('x y')

def g(P, Q):

(x_P, y_P) = P.xy()

(x_Q, y_Q) = Q.xy()

if x_P == x_Q and y_P + y_Q == 0:

return x - x_P

if P == Q:

slope = (3 * x_P^2 + a)/(2 * y_P)

else:

slope = (y_P - y_Q)/(x_P - x_Q)

return (y - y_P - slope * (x - x_P))/(x + x_P + x_Q - slope^2)

def miller(m, P):

m = bin(m)[3:]

n = len(m)

T = P

f = 1

for i in range(n):

f = f^2 * g(T, T)

T = T + T

if int(m[i]) == 1:

f = f * g(T, P)

T = T + P

return f

def eval_miller(P, Q):

f = miller(n, P)

(x1, y1) = Q.xy()

return f(x = x1, y = y1)

def weil_pairing(P, Q, S):

num = eval_miller(P, Q+S)/eval_miller(P, S)

den = eval_miller(Q, P-S)/eval_miller(Q, -S)

return (num/den)

e = weil_pairing(P, Q, S)

print "e(P, Q) =", e

# e^n = 1

print "e(P, Q)^n =", e^n

P3 = P * 3

Q4 = Q * 4

e12 = weil_pairing(P3, Q4, S)

print "[3]P =", P3.xy()

print "[4]Q =", Q4.xy()

print "e([3]P, [4]Q) =", e12

print "e(P, Q)^12 =", e^12

Please help me

John Cremona

unread,

Nov 29, 2016, 5:36:49 AM11/29/16

to SAGE support

You are asking for help in debugging your own Weil pairing code. Why
not use the Weil pairing code implemented in Sage?

In your example

sage: P.weil_pairing(Q,5)
242
sage: _^5
1

(since P and Q have order 5 the result is a 5th root of unity in the field).

I don't have time to debug your code but you should be able to write
it using genuine polynomials; your var('x') etc give symbolic objects
which are not good to use over a finite field.

John Cremona

> --
> You received this message because you are subscribed to the Google Groups
> "sage-support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sage-support...@googlegroups.com.
> To post to this group, send email to sage-s...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-support.
> For more options, visit https://groups.google.com/d/optout.

slelievre

unread,

Nov 29, 2016, 10:25:35 AM11/29/16

to sage-support

2016-11-29 11:36:49 UTC+1, John Cremona:

> You are asking for help in debugging your own Weil pairing code. Why
> not use the Weil pairing code implemented in Sage?
>
> In your example
>
> sage: P.weil_pairing(Q,5)
> 242
> sage: _^5
> 1
>
> (since P and Q have order 5 the result is a 5th root of unity in the field).
>
> I don't have time to debug your code but you should be able to write
> it using genuine polynomials; your var('x') etc give symbolic objects
> which are not good to use over a finite field.
>
> John Cremona

Excellent answer, John!

Regarding debugging, the question was also posted at ask-sage

and I aswered there with

- a fix to the original poster's code

- a minimal example triggering the segfault

The segfault boils down to a problem when dividing symbolic

expressions involving finite field elements.

See Ask Sage:

https://ask.sagemath.org/question/35770/getting-code-dumped-error-in-sage-code-for-weil-pairing/

Ralf Stephan

unread,

Nov 30, 2016, 2:00:18 AM11/30/16

to sage-support

On Tuesday, November 29, 2016 at 4:25:35 PM UTC+1, slelievre wrote:

The segfault boils down to a problem when dividing symbolic
expressions involving finite field elements.