[HN Gopher] The Animated Elliptic Curve
___________________________________________________________________
The Animated Elliptic Curve
Author : metadat
Score : 128 points
Date : 2022-06-16 18:00 UTC (5 hours ago)
(HTM) web link (curves.ulfheim.net)
(TXT) w3m dump (curves.ulfheim.net)
| tptacek wrote:
| My broken record take on this stuff is that whatever value there
| is in visualizing elliptic curves, there's more intuition to
| build just by playing with the curve formulae directly (it's
| pretty basic math) and seeing how the operations work in code. I
| don't have the math background to back this up but my
| understanding of the group rules is that they're --- at least for
| the application we're using them in --- a little arbitrary.
| hutchisonc wrote:
| For what it's worth, in the math context (not thinking about
| applications), the group law is extremely natural. Every
| variety has an associated group called the Picard group tells
| you something about geometry of the variety. But for elliptic
| curves, it turns out there is a bijection between the complex
| points on the curve and the elements of (the degree 0 subgroup
| of) its Picard group, so it inherits the group structure this
| way. This is the same group structure as the usual one defined
| explicitly. I might write more about this when I get home.
| tptacek wrote:
| Yes please.
| whatshisface wrote:
| That's true for people whose verbal intelligence exceeds their
| spatial intelligence but might not be true for everybody. As
| for the importance of understanding eliptic curves... perhaps
| people would be best served by thinking of them as a black box
| discrete logarithm problem.
| alpineidyll3 wrote:
| Beautiful
| syncsynchalt wrote:
| Author here, let me know if there are any questions or comments!
| sadjad wrote:
| Great article and great visuals! One very minor missing detail
| is how the base point P is picked.
| syncsynchalt wrote:
| Ah, I tried to trim the page down as much as possible, but
| there's a million tangents like this I could have gone down.
|
| Each point that you pick is going to have a different number
| of times it can be added to itself before it lands on a point
| that has the same x-value but different y-value, and then the
| "point addition" operation draws a vertical line and the
| point goes to infinity. The number of times you can add a
| point to itself before it happens and the cycle resets is
| called the point's "order".
|
| Most of the points on the graph will repeat themselves after
| less than a dozen times. The one I picked repeats itself
| after 72 points, which is great because that's every point on
| the curve. I chose it by writing a little program that tried
| each point and returned the best one.
|
| Compare that to a "real" curve like Curve25519: it has the
| base point at x=9 and can repeat itself over 2^252 times
| before repeating. The author of that curve used a different
| technique to find the point's order (obviously he didn't try
| adding the point to itself a trillion^6 times) but the idea's
| the same.
| mathgenius wrote:
| > associative: addition of additions has the same result as
| adding the points individually
|
| You should mention the generic rule: P+(Q+R) = (P+Q)+R, even if
| it's much more tricky to show than P+(P+P)=(P+P)+P.
| syncsynchalt wrote:
| Good idea, let me tweak that...
|
| (pushed)
| 2mol wrote:
| This is really great! I was fortunate enough to do my master's
| under a professor who included these visual representations in
| his lectures. I loved enough to write my thesis on the next
| step generalization, hyperelliptic curves.
|
| You might be interested in the fact that a variant of this
| visual representation still works:
| https://www.juricho.me/files/masterarbeit-hyperelliptic_curv...
| red_trumpet wrote:
| Nice work!
|
| As an algebraic geometer, I have a minor correction: The
| graphic "examples of elliptic curves" features the singular
| curve y^2 = x^3. This is not an elliptic curves, because by
| definition elliptic curves are smooth.
| syncsynchalt wrote:
| Good spotting. I actually based that animation on the grid of
| sample curves at https://en.wikipedia.org/wiki/Elliptic_curve
| , which includes A=B=0 in the illustration but makes the
| point it's not a valid curve.
|
| I didn't think anyone would notice/care, but I'll tweak it to
| skip over that example.
| proofrock wrote:
| Very nice work! Useful and informative. I'll spread it at work.
| acer4666 wrote:
| It's great! Minor correction: "In real numbers there are two
| square roots for EVERY non-zero number. The same is true in
| Fp...." "...only half the non-zero members of Fp have square
| roots"
| syncsynchalt wrote:
| Took me a few re-reads to see what you mean. Will fix!
| sbf501 wrote:
| In the past 5 years I've seen maybe a dozen "how elliptic curves
| work", but this is the first to actually illustrate how they work
| on a small field. I think that's key to understanding, seeing it
| in a small enough field that you can literally see all of the
| points. Nicely done.
|
| If you want to keep going, as an advanced beginner I'd like to
| see:
|
| Arbitrary bigint math - how do you do Exp/Sqrt with arbitrary
| sized ints? (I'm familiar with two crypto libs that do this, and
| MPIs & branches confuse me).
|
| Second: why is C25519 faster than SecP256R1 or BrainPool? maybe
| some insight there? (Isn't Ed25519 the signature name? and X25519
| the ECDH name?)
|
| Greedy of me, but thanks!
| syncsynchalt wrote:
| > this is the first to actually illustrate how they work on a
| small field
|
| That means a lot, thanks! That was my design goal with the
| page: figuring out the best way to get the idea across
| _without_ the user having to read a lot of text and stare at
| the wall until they got it.
|
| I've been casting around for the next idea to do a
| visualization of, adding yours to the list.
|
| (as for a partial answer your second question: the answer is
| going to be that Montgomery curves like Curve25519 have a
| method [Montgomery ladder] to quickly and timing-safely
| calculate only the x values of point multiplication. Faster
| _and_ more likely to be implemented securely than NIST curves,
| by design. Unfortunately I don't know the details of BrainPool,
| yet?)
|
| Yes, Curve25519 is the curve itself (and associate params),
| Ed25519 is the signature system implemented on top of C25519,
| and X25519 is the ECDHE mechanism implemented on top of C25519.
| This page talks mostly about the C and a little of the X, and
| doesn't go into Ed.
| phailhaus wrote:
| This visualization is incredible. In ten seconds, it gave me a
| stronger intuition for why cyclic groups are so important than
| when I took abstract algebra and cryptography in college. Thank
| you!
___________________________________________________________________
(page generated 2022-06-16 23:00 UTC)