Sage: Difference between revisions
(38 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Links == |
|||
* [http://www.sagemath.org/ Sage website] |
|||
;Manual |
|||
* Use command <code>search_src(...)</code> from Sage |
|||
* Use command <code>hg_sage.serve()</code> from Sage console |
|||
* [http://www.sagemath.org/doc/index.html Sage reference documentation] |
|||
;Tutorials |
|||
* http://doc.sagemath.org/html/en/a_tour_of_sage/index.html |
|||
* http://www-rohan.sdsu.edu/~mosulliv/sagetutorial/sagecalc.html |
|||
* http://www.sagemath.org/doc/reference/calculus/sage/calculus/calculus.html |
|||
;Examples |
|||
* [http://www.sagemath.org/doc/reference/polynomial_rings/sage/rings/polynomial/polynomial_modn_dense_ntl.html#sage.rings.polynomial.polynomial_modn_dense_ntl.small_roots small_roots documentation] — Nice example on how to manipulate polynomials, primes, etc. |
|||
== Installation == |
== Installation == |
||
=== Upgrade === |
|||
'''DID NOT WORK WITH 6.1 → 6.10''' — Upgrade sage with: |
|||
<source lang=bash> |
|||
sage -upgrade |
|||
</source> |
|||
=== Sage 6.10 === |
|||
<source lang=bash> |
|||
tar -xvjf sage-6.10-Ubuntu_14.04-x86_64.tar.bz2 |
|||
cd SageMath/ |
|||
./sage |
|||
</source> |
|||
To start, <code>./sage -notebook</code> |
|||
=== Sage 6.0 === |
|||
Installing Sage 6.0 compiled for Ubuntu 10.04 (also works on Ubuntu 12.04): |
|||
<source lang=bash> |
|||
#better install it as standard user (or create a custom user for sage) |
|||
tar -xv --lzma -f ~/tmp/sage/sage-6.0-x86_64-Linux-Ubuntu_10.04_x86_64.tar.lzma |
|||
mv sage-6.0-x86_64-Linux sage-6.0 |
|||
sudo ln -s /data/sage-6.0 /sage |
|||
</source> |
|||
=== Sage 4.2.1 === |
=== Sage 4.2.1 === |
||
* Installing '''Sage 4.2.1''', '''Ubuntu 9.10 32bit i686''', on '''Ubuntu Jaunty 9.04'''. |
* Installing '''Sage 4.2.1''', '''Ubuntu 9.10 32bit i686''', on '''Ubuntu Jaunty 9.04'''. |
||
<source lang="bash"> |
|||
#better install it as standard user (or create a custom user for sage) |
#better install it as standard user (or create a custom user for sage) |
||
tar -xv --lzma -f sage-4.2.1-linux-Ubuntu_9.10-i686-Linux.tar.lzma |
tar -xv --lzma -f sage-4.2.1-linux-Ubuntu_9.10-i686-Linux.tar.lzma |
||
mv sage-4.2.1-linux-Ubuntu_9.10-i686-Linux sage-4.2.1 |
mv sage-4.2.1-linux-Ubuntu_9.10-i686-Linux sage-4.2.1 |
||
sudo ln -s /mnt/data/sage-4.2.1 /sage |
sudo ln -s /mnt/data/sage-4.2.1 /sage |
||
</source> |
</source> |
||
* Sage complains that <tt>version `GLIBCXX_3.4.11' not found (required by /sage/local/lib/libgmpxx.so.3)</tt>. Fix is to install locally a more up-to-date version of libstdc++ (see [http://groups.google.com/group/sage-devel/browse_thread/thread/1b05c73e974bfa07/ab0393f1b002de09?lnk=raot]): |
* Sage complains that <tt>version `GLIBCXX_3.4.11' not found (required by /sage/local/lib/libgmpxx.so.3)</tt>. Fix is to install locally a more up-to-date version of libstdc++ (see [http://groups.google.com/group/sage-devel/browse_thread/thread/1b05c73e974bfa07/ab0393f1b002de09?lnk=raot]): |
||
<source lang="bash"> |
|||
cd /sage/local/lib |
cd /sage/local/lib |
||
wget http://sage.math.washington.edu/home/wstein/tmp/fedora11/libstdc++.so.6.0.12 |
wget http://sage.math.washington.edu/home/wstein/tmp/fedora11/libstdc++.so.6.0.12 |
||
ln -s libstdc++.so.6.0.12 libstdc++.so.6 |
ln -s libstdc++.so.6.0.12 libstdc++.so.6 |
||
</source> |
</source> |
||
=== Sage 3.2.1 === |
=== Sage 3.2.1 === |
||
Line 37: | Line 78: | ||
</source> |
</source> |
||
== |
== Starting Sage == |
||
The ''Notebook'' is the html interface to Sage. It is launched with the command <tt>notebook</tt> (see also ([http://www.sagemath.org/doc/reference/sage/server/notebook/notebook.html The Sage Notebook object]). |
|||
<source lang="python"> |
|||
m=0x1234; print m # Convert hex to decimal |
|||
print hex(m) # Convert decimal to hex |
|||
</source> |
|||
;Sage 6.0 |
|||
== Notebook == |
|||
<source lang="bash"> |
|||
Notebook is the html interface to Sage. It is launched with the command <tt>notebook</tt> (see also ([http://www.sagemath.org/doc/reference/sage/server/notebook/notebook.html The Sage Notebook object]). |
|||
% sage |
|||
sage> notebook(interface='',port=8000) # To make notebook available on port 8000, even to remote computer |
|||
sage> notebook(interface='',port=8000, require_login=False) # No login necessary |
|||
sage> notebook? # Get help on notebook |
|||
% sage -notebook "interface=localhost" "port=8000" "open_viewer=False" # Launch notebook from command-line |
|||
% sage -notebook "interface=''" "port=8000" "open_viewer=False" # Launch notebook from command-line, even to remote computer - BEWARE no security! |
|||
</source> |
|||
;Sage 4.1 |
|||
<source lang="bash"> |
<source lang="bash"> |
||
% sage |
% sage |
||
Line 54: | Line 101: | ||
% sage -notebook "address=localhost" "port=8000" "open_viewer=False" # Launch notebook from command-line |
% sage -notebook "address=localhost" "port=8000" "open_viewer=False" # Launch notebook from command-line |
||
% sage -notebook "address=''" "port=8000" "open_viewer=False" # Launch notebook from command-line, even to remote computer - BEWARE no security! |
% sage -notebook "address=''" "port=8000" "open_viewer=False" # Launch notebook from command-line, even to remote computer - BEWARE no security! |
||
</source> |
|||
To run Sage with a non-standard browser: |
|||
<source lang="bash"> |
|||
env SAGE_BROWSER=opera /usr/bin/sage -notebook |
|||
</source> |
|||
== Reference == |
|||
=== Python === |
|||
See [[Python]] on this wiki. |
|||
=== Basic === |
|||
<source lang=python> |
|||
print "a<b:",bool(a<b) # Don't add surrounding parenthesis |
|||
print "n=",hex(n) |
|||
# Using expression |
|||
a=sqrt(2) |
|||
print a # 'sqrt(2)' |
|||
print type(a) # '<type 'sage.symbolic.expression.Expression'>' |
|||
print a.n() # Print numerical value of a |
|||
print a.n(digits=20) # Print numerical value of a, with 20 accurate digits |
|||
print a.n(prec=64) # Print numerical value of a, with 64-bit precision |
|||
# Hexadecimal |
|||
m=0x1234; print m # Convert hex to decimal |
|||
print hex(m) # Convert decimal to hex (only for Integers) |
|||
# Conversion |
|||
K = ZZ.random_element(0, 2^128) |
|||
print "K = ",hex(K) # Member of ZZ are <type 'sage.rings.integer.Integer'> |
|||
Rho = [0]*Rhobits # This is a <type 'list'> |
|||
Rho = ZZ(Rho,2) # ... now convert it to <type 'sage.rings.integer.Integer'> |
|||
Rho = list(Integer.binary(Rho)) # ... and back to list |
|||
ZmodN = Zmod(128) |
|||
R = ZmodN.random_element() # A '<type 'sage.rings.finite_rings.integer_mod.IntegerMod_gmp'>) |
|||
Integer(R) # ... convert to standard Integer |
|||
# Range |
|||
range(10) # [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] |
|||
range(5, 10) # [5, 6, 7, 8, 9] |
|||
range(0, 10, 3) # [0, 3, 6, 9] |
|||
# List |
|||
print mylist[1:10] # Extract a sublist |
|||
mylist = [f(i) for i in range(10)] # Create a list |
|||
</source> |
|||
=== Arithmetics === |
|||
http://www.sagemath.org/doc/reference/misc/sage/rings/arith.html |
|||
<source lang=python> |
|||
# ----- INVERSE modular |
|||
s=Mod(s2-s1,n); 1/s # Using 'Mod' |
|||
ZmodN=Zmod(n); ZmodN(1/s) # Using inverse in the Integers modulo n ring |
|||
s=inverse_mod(s2-s1,n) # Using 'inverse_mod' |
|||
# ----- Modular EXPONENTATION |
|||
ZmodN = Zmod(N) |
|||
C = ZmodN(M)^e # Using 'Zmod' ring |
|||
print "C = ",hex(Integer(C)) |
|||
C=power_mod(M,e,N) # Using 'power_mod' builtin |
|||
def modexp(a, b, n): |
|||
d=1 |
|||
for i in list(Integer.binary(b)): |
|||
d = mod(d*d,n) |
|||
if Integer(i)== 1: |
|||
d = mod(d*a,n) |
|||
return Integer(d) |
|||
SIGN = modexp(m, d, n) # Using own function |
|||
# ----- Chinese Remainder Theorem |
|||
crt([13, 20], [100, 301]) # Return x s.t. x=13 mod 100, x=20 mod 301 |
|||
# ----- Other |
|||
next_prime(p) # Return smallest prime > p |
|||
random_prime(pmax,None,pmin) # Random prime [pmin,pmax] - see doc for meaning of None |
|||
euler_phi(47*53) # Euler's phi function |
|||
odd_part(n) # Return n/2^k, with k as large as possible |
|||
</source> |
|||
=== Polynomials === |
|||
<source lang=python> |
|||
ZmodN = Zmod(N) |
|||
P.<x> = PolynomialRing(ZmodN) |
|||
f = (ZmodN(Rho)*2^Kbits + x)^e - ZmodN(C) # Define our polynomial - must use elt from the ring |
|||
f.small_roots()[0] # Find f's small roots (using Coppersmith's theorem) |
|||
g = f.monic() # Return f divided by its leading coef, such that g is monic |
|||
</source> |
|||
=== Structures === |
|||
; [http://www.sagemath.org/doc/reference/rings_standard/sage/rings/integer_ring.html Ring Z of Integers] ([http://www.sagemath.org/doc/reference/rings_standard/sage/rings/integer.html elements of Z]) |
|||
<source lang=python> |
|||
Z = IntegerRing(); Z # Integer Ring |
|||
ZZ==IntegerRing() # true - 'ZZ' is already defined |
|||
ZZ.random_element(min,max) # A random element min <= x < max |
|||
</source> |
|||
; [http://www.sagemath.org/doc/reference/rings_standard/sage/rings/finite_rings/integer_mod_ring.html Ring Z/nZ of integers modulo n] ([http://www.sagemath.org/doc/reference/rings_standard/sage/rings/finite_rings/integer_mod.html Elements of Z/nZ]) |
|||
<source lang=python> |
|||
IntegerModRing(15) # Ring of integers modulo 15 |
|||
Integers(15) # ... idem (synomym) |
|||
Zmod(15) # ... idem (synomym) |
|||
Integers() is Integers(0) is ZZ # Integers() is the Ring Z of Integers |
|||
type(IntegerModRing(2^31-1).an_element()) # type of an element |
|||
</source> |
|||
=== Calculus === |
|||
* http://doc.sagemath.org/html/en/prep/Symbolics-and-Basic-Plotting.html |
|||
<source lang=python> |
|||
f(x)=(x-1)^3 |
|||
f.show() |
|||
f(x).show() |
|||
</source> |
|||
Use <code>expand</code> to expand the function object: |
|||
<source lang=python> |
|||
f.expand() |
|||
expand(f) # idem |
|||
</source> |
|||
... we can also expand the expression: |
|||
<source lang=python> |
|||
f(x).expand() |
|||
expand(f(x)) # idem |
|||
</source> |
|||
Use <code>factor</code> to factorize: |
|||
<source lang=python> |
|||
f(x).factor() |
|||
factor(f(x)) # idem |
|||
</source> |
|||
Use <code>simplify_full</code> to simplify an expression: |
|||
<source lang=python> |
|||
z = ((x - 1)^(3/2) - (x + 1)*sqrt(x - 1))/sqrt((x - 1)*(x + 1)) |
|||
z.simplify_full() |
|||
</source> |
|||
Type <code>simplify</code> then TAB to see other available methods in sage. |
|||
Use <code>solve</code> to solve an expression |
|||
<source lang=python> |
|||
a,b,c=var('a,b,c') |
|||
show(solve(a*x^2+b*x+c,x)) |
|||
</source> |
|||
... also for system of equations: |
|||
<source lang=python> |
|||
x,y=var('x,y') |
|||
solve([x+y==2,x+2*y==2],x,y) # Note that we use == for the equal sign |
|||
</source> |
|||
<code>solve</code> also works for non-linear equations: |
|||
<source lang=python> |
|||
solve([x^2==1,x^3==1],x) |
|||
</source> |
|||
=== Plotting === |
|||
* [http://doc.sagemath.org/html/en/prep/Advanced-2DPlotting.html Tutorial for Advanced 2d Plotting] |
|||
* [http://doc.sagemath.org/html/en/reference/plotting/index.html 2D Graphics] |
|||
:* [http://doc.sagemath.org/html/en/reference/plotting/sage/plot/plot.html 2D Plotting] |
|||
:* [http://doc.sagemath.org/html/en/reference/plotting/sage/plot/graphics.html Graphics object] |
|||
<source lang=python> |
|||
plot(x^2, (x,-2,2)) # Plot a simple quadratic function |
|||
plot(x^2, (x,-2,2), color='purple') # ... idem with color |
|||
plot(x^2, (x,-2,2), gridlines=true) # ... idem with grid (see Graphics object help) |
|||
plot(x^2, (x,-2,2), aspect_ratio=1.0) # ... to have an orthonormal grid |
|||
plot? # Some help |
|||
plot.options # default plot options |
|||
</source> |
|||
To combine graphs: |
|||
<source lang=python> |
|||
g1 = plot(x^2, (x,-2,2), color='blue') |
|||
g2 = plot((x-1)^2+2, (x,-2,2), color='red') |
|||
g1+g2 # Show both graphs together |
|||
</source> |
|||
== Tips == |
|||
;Don't print carriage return in Notebook [http://ask.sagemath.org/question/698/carriage-return-and-notebook-cell-output] |
|||
<source lang=python> |
|||
for i in range(10): |
|||
print i, # Use comma and flush |
|||
sys.stdout.flush() # might require 'import sys' |
|||
print '' |
|||
</source> |
|||
;Print long output lines (>72 characters) without breaks |
|||
* Click on the left of the line that is broken up [http://osdir.com/ml/sage-support/2013-05/msg00093.html] |
|||
* Maybe there is a way to do this programmatically (see <code>Cell.word_wrap_cols()</code> and <code>Cell.set_cell_output_type</code>) |
|||
* Or change the default word wrap settings permanently for the whole notebook.<br>For this, logged in as ''admin'', go to ''Settings''→''Notebook settings'', and edit ''Number of word-wrap columns'' (default <ode>72</code>). |
|||
== Example of use == |
|||
=== Breaking ECDSA === |
|||
<source lang=python> |
|||
# This sheet is an attempt to break the hack-lu 2011 challenge (helping Phil Teuwen) |
|||
# We can ask an Oracle server to sign arbitrary message using ECDSA. |
|||
# Here are two requests: |
|||
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011. |
|||
# Your message is 0. |
|||
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xdb8ddb3018aad092b27aa3f5cd1b47583625e32c4a0ce7d8) |
|||
# This is the signature generation machine. |
|||
# Using secp192r1, SHA-1. |
|||
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011. |
|||
# Your message is 1. |
|||
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0x8036ff32c0d04a924b9c19d2489285a15876cc7e3817cfa) |
|||
# This is the signature generation machine. |
|||
# Using secp192r1, SHA-1. |
|||
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011. |
|||
# Your message is 2. |
|||
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xa923210c2bd3d5e97cc1ab6021230f6fb49f9b42bee19e4a) |
|||
# We see that both messages have the same r, which is bad for the security of secp192r1 |
|||
# See ECDSA page on Wikipedia: |
|||
# - First compute k=(z2-z1)/(s2-s1) mod n, |
|||
# - then da=(s1.k-z1)/r1 mod n |
|||
# |
|||
# On Wikipedia page on ECC, we have a link to NIST's recommended curve |
|||
# http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf |
|||
# We can get the value of the curve order (value r in the PDF document, but value n above) |
|||
(r1, s1) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0x8036ff32c0d04a924b9c19d2489285a15876cc7e3817cfa) |
|||
(r2, s2) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xa923210c2bd3d5e97cc1ab6021230f6fb49f9b42bee19e4a) |
|||
# n is the order of the curve (from NIST doc) |
|||
n = 6277101735386680763835789423176059013767194773182842284081L |
|||
#1st message is "1", 2nd message is "2" |
|||
#SHA-1, without Carriage return |
|||
z1=0x356a192b7913b04c54574d18c28d46e6395428ab |
|||
z2=0xda4b9237bacccdf19c0760cab7aec4a8359010b0 |
|||
s_inv=inverse_mod(s2-s1,n) |
|||
k=Mod((z2-z1)*s_inv,n) |
|||
k |
|||
#Compute private key from (r1,s1) |
|||
dA=Mod(Mod(s1*k-z1,n)*inverse_mod(r1,n),n) |
|||
dA |
|||
#Compute private key from (r2,s2) |
|||
Mod(Mod(s2*k-z2,n)*inverse_mod(r2,n),n) |
|||
</source> |
</source> |
Latest revision as of 01:46, 29 December 2015
Links
- Manual
- Use command
search_src(...)
from Sage - Use command
hg_sage.serve()
from Sage console - Sage reference documentation
- Tutorials
- http://doc.sagemath.org/html/en/a_tour_of_sage/index.html
- http://www-rohan.sdsu.edu/~mosulliv/sagetutorial/sagecalc.html
- http://www.sagemath.org/doc/reference/calculus/sage/calculus/calculus.html
- Examples
- small_roots documentation — Nice example on how to manipulate polynomials, primes, etc.
Installation
Upgrade
DID NOT WORK WITH 6.1 → 6.10 — Upgrade sage with:
sage -upgrade
Sage 6.10
tar -xvjf sage-6.10-Ubuntu_14.04-x86_64.tar.bz2
cd SageMath/
./sage
To start, ./sage -notebook
Sage 6.0
Installing Sage 6.0 compiled for Ubuntu 10.04 (also works on Ubuntu 12.04):
#better install it as standard user (or create a custom user for sage)
tar -xv --lzma -f ~/tmp/sage/sage-6.0-x86_64-Linux-Ubuntu_10.04_x86_64.tar.lzma
mv sage-6.0-x86_64-Linux sage-6.0
sudo ln -s /data/sage-6.0 /sage
Sage 4.2.1
- Installing Sage 4.2.1, Ubuntu 9.10 32bit i686, on Ubuntu Jaunty 9.04.
#better install it as standard user (or create a custom user for sage)
tar -xv --lzma -f sage-4.2.1-linux-Ubuntu_9.10-i686-Linux.tar.lzma
mv sage-4.2.1-linux-Ubuntu_9.10-i686-Linux sage-4.2.1
sudo ln -s /mnt/data/sage-4.2.1 /sage
- Sage complains that version `GLIBCXX_3.4.11' not found (required by /sage/local/lib/libgmpxx.so.3). Fix is to install locally a more up-to-date version of libstdc++ (see [1]):
cd /sage/local/lib
wget http://sage.math.washington.edu/home/wstein/tmp/fedora11/libstdc++.so.6.0.12
ln -s libstdc++.so.6.0.12 libstdc++.so.6
Sage 3.2.1
Install instruction for Ubuntu - using binary image sage-3.2.1-ubuntu_32bit-xeon-i686-Linux.tar.gz. Script below will install sage in /usr/local/sage-3.2.1, and create a copy of sage in path /usr/local/bin.
# (as root)
% cd /usr/local
% tar -xvzf .../sage-3.2.1-ubuntu_32bit-xeon-i686-Linux.tar.gz
% mv sage-3.2.1-Ubuntu-x86_64-opteron-x86_64-Linux sage-3.2.1
% chmod a+rX -R sage-3.2.1
% cp /usr/local/sage-3.2.1/sage /usr/local/bin
% vi /usr/local/bin/sage
# --> change SAGE_ROOT to /usr/local/sage-3.2.1
After installation, launch sage from root again because Sage needs to update some links, create files, etc...
% sage
Starting Sage
The Notebook is the html interface to Sage. It is launched with the command notebook (see also (The Sage Notebook object).
- Sage 6.0
% sage
sage> notebook(interface='',port=8000) # To make notebook available on port 8000, even to remote computer
sage> notebook(interface='',port=8000, require_login=False) # No login necessary
sage> notebook? # Get help on notebook
% sage -notebook "interface=localhost" "port=8000" "open_viewer=False" # Launch notebook from command-line
% sage -notebook "interface=''" "port=8000" "open_viewer=False" # Launch notebook from command-line, even to remote computer - BEWARE no security!
- Sage 4.1
% sage
sage> notebook(address='',port=8000) # To make notebook available on port 8000, even to remote computer
sage> notebook(address='',port=8000, require_login=False) # No login necessary
sage> notebook? # Get help on notebook
% sage -notebook "address=localhost" "port=8000" "open_viewer=False" # Launch notebook from command-line
% sage -notebook "address=''" "port=8000" "open_viewer=False" # Launch notebook from command-line, even to remote computer - BEWARE no security!
To run Sage with a non-standard browser:
env SAGE_BROWSER=opera /usr/bin/sage -notebook
Reference
Python
See Python on this wiki.
Basic
print "a<b:",bool(a<b) # Don't add surrounding parenthesis
print "n=",hex(n)
# Using expression
a=sqrt(2)
print a # 'sqrt(2)'
print type(a) # '<type 'sage.symbolic.expression.Expression'>'
print a.n() # Print numerical value of a
print a.n(digits=20) # Print numerical value of a, with 20 accurate digits
print a.n(prec=64) # Print numerical value of a, with 64-bit precision
# Hexadecimal
m=0x1234; print m # Convert hex to decimal
print hex(m) # Convert decimal to hex (only for Integers)
# Conversion
K = ZZ.random_element(0, 2^128)
print "K = ",hex(K) # Member of ZZ are <type 'sage.rings.integer.Integer'>
Rho = [0]*Rhobits # This is a <type 'list'>
Rho = ZZ(Rho,2) # ... now convert it to <type 'sage.rings.integer.Integer'>
Rho = list(Integer.binary(Rho)) # ... and back to list
ZmodN = Zmod(128)
R = ZmodN.random_element() # A '<type 'sage.rings.finite_rings.integer_mod.IntegerMod_gmp'>)
Integer(R) # ... convert to standard Integer
# Range
range(10) # [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]
range(5, 10) # [5, 6, 7, 8, 9]
range(0, 10, 3) # [0, 3, 6, 9]
# List
print mylist[1:10] # Extract a sublist
mylist = [f(i) for i in range(10)] # Create a list
Arithmetics
http://www.sagemath.org/doc/reference/misc/sage/rings/arith.html
# ----- INVERSE modular
s=Mod(s2-s1,n); 1/s # Using 'Mod'
ZmodN=Zmod(n); ZmodN(1/s) # Using inverse in the Integers modulo n ring
s=inverse_mod(s2-s1,n) # Using 'inverse_mod'
# ----- Modular EXPONENTATION
ZmodN = Zmod(N)
C = ZmodN(M)^e # Using 'Zmod' ring
print "C = ",hex(Integer(C))
C=power_mod(M,e,N) # Using 'power_mod' builtin
def modexp(a, b, n):
d=1
for i in list(Integer.binary(b)):
d = mod(d*d,n)
if Integer(i)== 1:
d = mod(d*a,n)
return Integer(d)
SIGN = modexp(m, d, n) # Using own function
# ----- Chinese Remainder Theorem
crt([13, 20], [100, 301]) # Return x s.t. x=13 mod 100, x=20 mod 301
# ----- Other
next_prime(p) # Return smallest prime > p
random_prime(pmax,None,pmin) # Random prime [pmin,pmax] - see doc for meaning of None
euler_phi(47*53) # Euler's phi function
odd_part(n) # Return n/2^k, with k as large as possible
Polynomials
ZmodN = Zmod(N)
P.<x> = PolynomialRing(ZmodN)
f = (ZmodN(Rho)*2^Kbits + x)^e - ZmodN(C) # Define our polynomial - must use elt from the ring
f.small_roots()[0] # Find f's small roots (using Coppersmith's theorem)
g = f.monic() # Return f divided by its leading coef, such that g is monic
Structures
Z = IntegerRing(); Z # Integer Ring
ZZ==IntegerRing() # true - 'ZZ' is already defined
ZZ.random_element(min,max) # A random element min <= x < max
IntegerModRing(15) # Ring of integers modulo 15
Integers(15) # ... idem (synomym)
Zmod(15) # ... idem (synomym)
Integers() is Integers(0) is ZZ # Integers() is the Ring Z of Integers
type(IntegerModRing(2^31-1).an_element()) # type of an element
Calculus
f(x)=(x-1)^3
f.show()
f(x).show()
Use expand
to expand the function object:
f.expand()
expand(f) # idem
... we can also expand the expression:
f(x).expand()
expand(f(x)) # idem
Use factor
to factorize:
f(x).factor()
factor(f(x)) # idem
Use simplify_full
to simplify an expression:
z = ((x - 1)^(3/2) - (x + 1)*sqrt(x - 1))/sqrt((x - 1)*(x + 1))
z.simplify_full()
Type simplify
then TAB to see other available methods in sage.
Use solve
to solve an expression
a,b,c=var('a,b,c')
show(solve(a*x^2+b*x+c,x))
... also for system of equations:
x,y=var('x,y')
solve([x+y==2,x+2*y==2],x,y) # Note that we use == for the equal sign
solve
also works for non-linear equations:
solve([x^2==1,x^3==1],x)
Plotting
plot(x^2, (x,-2,2)) # Plot a simple quadratic function
plot(x^2, (x,-2,2), color='purple') # ... idem with color
plot(x^2, (x,-2,2), gridlines=true) # ... idem with grid (see Graphics object help)
plot(x^2, (x,-2,2), aspect_ratio=1.0) # ... to have an orthonormal grid
plot? # Some help
plot.options # default plot options
To combine graphs:
g1 = plot(x^2, (x,-2,2), color='blue')
g2 = plot((x-1)^2+2, (x,-2,2), color='red')
g1+g2 # Show both graphs together
Tips
- Don't print carriage return in Notebook [2]
for i in range(10):
print i, # Use comma and flush
sys.stdout.flush() # might require 'import sys'
print ''
- Print long output lines (>72 characters) without breaks
- Click on the left of the line that is broken up [3]
- Maybe there is a way to do this programmatically (see
Cell.word_wrap_cols()
andCell.set_cell_output_type
) - Or change the default word wrap settings permanently for the whole notebook.
For this, logged in as admin, go to Settings→Notebook settings, and edit Number of word-wrap columns (default <ode>72).
Example of use
Breaking ECDSA
# This sheet is an attempt to break the hack-lu 2011 challenge (helping Phil Teuwen)
# We can ask an Oracle server to sign arbitrary message using ECDSA.
# Here are two requests:
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011.
# Your message is 0.
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xdb8ddb3018aad092b27aa3f5cd1b47583625e32c4a0ce7d8)
# This is the signature generation machine.
# Using secp192r1, SHA-1.
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011.
# Your message is 1.
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0x8036ff32c0d04a924b9c19d2489285a15876cc7e3817cfa)
# This is the signature generation machine.
# Using secp192r1, SHA-1.
# 87.64.72.220 connected at Tue Sep 13 19:59:39 2011.
# Your message is 2.
# (r, s) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xa923210c2bd3d5e97cc1ab6021230f6fb49f9b42bee19e4a)
# We see that both messages have the same r, which is bad for the security of secp192r1
# See ECDSA page on Wikipedia:
# - First compute k=(z2-z1)/(s2-s1) mod n,
# - then da=(s1.k-z1)/r1 mod n
#
# On Wikipedia page on ECC, we have a link to NIST's recommended curve
# http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
# We can get the value of the curve order (value r in the PDF document, but value n above)
(r1, s1) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0x8036ff32c0d04a924b9c19d2489285a15876cc7e3817cfa)
(r2, s2) = (0x794be184a2e180978baadfa0561ec7870ce5849bad28ed6a, 0xa923210c2bd3d5e97cc1ab6021230f6fb49f9b42bee19e4a)
# n is the order of the curve (from NIST doc)
n = 6277101735386680763835789423176059013767194773182842284081L
#1st message is "1", 2nd message is "2"
#SHA-1, without Carriage return
z1=0x356a192b7913b04c54574d18c28d46e6395428ab
z2=0xda4b9237bacccdf19c0760cab7aec4a8359010b0
s_inv=inverse_mod(s2-s1,n)
k=Mod((z2-z1)*s_inv,n)
k
#Compute private key from (r1,s1)
dA=Mod(Mod(s1*k-z1,n)*inverse_mod(r1,n),n)
dA
#Compute private key from (r2,s2)
Mod(Mod(s2*k-z2,n)*inverse_mod(r2,n),n)