Trac #34787: streamline .set_order() methods for elliptic curves and points

Release Manager · Release Manager · commit 446b62091272 · 2022-12-13T22:44:33.000+01:00
Elliptic curves and points have `.set_order()` methods to supply the order to Sage's algorithms instead of computing it. However, `.set_order()` for curves currently has a `num_checks=` keyword argument instead of the usual `check=` flag, and `.set_order()` for points does not have either argument and simply runs checks unconditionally. In this patch we add `check=` arguments to both methods. Moreover, we make `.set_order()` work for points over general fields, where order- computation algorithms are not available at the moment. URL: https://trac.sagemath.org/34787 Reported by: lorenz Ticket author(s): Lorenz Panny Reviewer(s): Kwankyu Lee
diff --git a/src/sage/schemes/elliptic_curves/ell_finite_field.py b/src/sage/schemes/elliptic_curves/ell_finite_field.py
@@ -955,25 +955,27 @@ def abelian_group(self):
         if len(gens) == 2:
 
             P, Q = gens
-            n = self.cardinality()      # cached
-            n1 = P.order()              # cached
+            n = self.cardinality()              # cached
+            n1 = P.order()                      # cached
             n2 = n//n1
-            assert not n1 * Q           # PARI should guarantee this
+            assert not n1 * Q                   # PARI should guarantee this
 
             k = n1.prime_to_m_part(n2)
-            Q *= k                      # don't need; kill that part
+            Q *= k                              # don't need; kill that part
             nQ = n2 * generic.order_from_multiple(n2*Q, n1//k//n2)
 
             S = n//nQ * P
             T = n2 * Q
-            S.set_order(nQ//n2)         # for .discrete_log()
+            S.set_order(nQ//n2, check=False)    # for .discrete_log()
             x = S.discrete_log(T)
             Q -= x * n1//nQ * P
 
-            Q.set_order(n2)             # verifies n2*Q == 0
+            assert not n2 * Q                   # by construction
+            Q.set_order(n2, check=False)
+
             gens = P, Q
 
-        orders = [T.order() for T in gens]  # cached
+        orders = [T.order() for T in gens]      # cached
 
         self.gens.set_cache(gens)
         return AdditiveAbelianGroupWrapper(self.point_homset(), gens, orders)
@@ -1155,7 +1157,7 @@ def is_ordinary(self, proof=True):
         """
         return not is_j_supersingular(self.j_invariant(), proof=proof)
 
-    def set_order(self, value, num_checks=8):
+    def set_order(self, value, *, check=True, num_checks=8):
         r"""
         Set the value of self._order to value.
 
@@ -1167,9 +1169,12 @@ def set_order(self, value, num_checks=8):
         - ``value`` -- integer in the Hasse-Weil range for this
           curve.
 
-        - ``num_checks`` (integer, default: 8) -- number of times to
-          check whether value*(a random point on this curve) is
-          equal to the identity.
+        - ``check`` (boolean, default: ``True``) -- whether or
+          not to run sanity checks on the input.
+
+        - ``num_checks`` (integer, default: 8) -- if ``check`` is
+          ``True``, the number of times to check whether ``value``
+          times a random point on this curve equals the identity.
 
         OUTPUT:
 
@@ -1267,16 +1272,17 @@ def set_order(self, value, num_checks=8):
         """
         value = Integer(value)
 
-        # Is value in the Hasse range?
-        q = self.base_field().order()
-        a,b = Hasse_bounds(q,1)
-        if not a <= value <= b:
-            raise ValueError('Value %s illegal (not an integer in the Hasse range)' % value)
-        # Is value*random == identity?
-        for i in range(num_checks):
-            G = self.random_point()
-            if value * G != self(0):
-                raise ValueError('Value %s illegal (multiple of random point not the identity)' % value)
+        if check:
+            # Is value in the Hasse range?
+            q = self.base_field().order()
+            a,b = Hasse_bounds(q,1)
+            if not a <= value <= b:
+                raise ValueError('Value %s illegal (not an integer in the Hasse range)' % value)
+            # Is value*random == identity?
+            for i in range(num_checks):
+                G = self.random_point()
+                if value * G != self(0):
+                    raise ValueError('Value %s illegal (multiple of random point not the identity)' % value)
 
         # TODO: It might help some of PARI's algorithms if we
         # could copy this over to the .pari_curve() as well.
diff --git a/src/sage/schemes/elliptic_curves/ell_point.py b/src/sage/schemes/elliptic_curves/ell_point.py
@@ -484,8 +484,13 @@ def order(self):
             sage: E(0).order() == 1
             True
         """
+        try:
+            return self._order
+        except AttributeError:
+            pass
         if self.is_zero():
-            return Integer(1)
+            self._order = Integer(1)
+            return self._order
         raise NotImplementedError("Computation of order of a point "
                                   "not implemented over general fields.")
 
@@ -1173,7 +1178,7 @@ def _divide_out(self, p):
             pts = Q.division_points(p)
         return (Q, k)
 
-    def set_order(self, value):
+    def set_order(self, value, *, check=True):
         r"""
         Set the value of self._order to value.
 
@@ -1194,7 +1199,7 @@ def set_order(self, value):
 
         ::
 
-            sage: E = EllipticCurve(GF(7), [0, 1]) # This curve has order 6
+            sage: E = EllipticCurve(GF(7), [0, 1])  # This curve has order 12
             sage: G = E(5, 0)
             sage: G.set_order(2)
             sage: 2*G
@@ -1222,7 +1227,7 @@ def set_order(self, value):
 
         It is an error to pass a `value` equal to `0`::
 
-            sage: E = EllipticCurve(GF(7), [0, 1]) # This curve has order 6
+            sage: E = EllipticCurve(GF(7), [0, 1])  # This curve has order 12
             sage: G = E.random_point()
             sage: G.set_order(0)
             Traceback (most recent call last):
@@ -1237,7 +1242,7 @@ def set_order(self, value):
         order of this point. How unlikely is determined by the factorization of
         the actual order, and the actual group structure::
 
-            sage: E = EllipticCurve(GF(7), [0, 1]) # This curve has order 6
+            sage: E = EllipticCurve(GF(7), [0, 1])  # This curve has order 12
             sage: G = E(5, 0)   # G has order 2
             sage: G.set_order(11)
             Traceback (most recent call last):
@@ -1248,7 +1253,7 @@ def set_order(self, value):
         of interest". For instance, the order can be set to a multiple the
         actual order::
 
-            sage: E = EllipticCurve(GF(7), [0, 1]) # This curve has order 6
+            sage: E = EllipticCurve(GF(7), [0, 1])  # This curve has order 12
             sage: G = E(5, 0)   # G has order 2
             sage: G.set_order(8)
             sage: G.order()
@@ -1260,15 +1265,16 @@ def set_order(self, value):
         """
         value = Integer(value)
 
-        E = self.curve()
-        q = E.base_ring().order()
-        if value <= 0:
-            raise ValueError('Value %s illegal for point order' % value)
-        low, hi = Hasse_bounds(q)
-        if value > hi:
-            raise ValueError('Value %s illegal: outside max Hasse bound' % value)
-        if value * self != E(0):
-            raise ValueError('Value %s illegal: %s * %s is not the identity' % (value, value, self))
+        if check:
+            if value <= 0:
+                raise ValueError('Value %s illegal for point order' % value)
+            E = self.curve()
+            q = E.base_ring().cardinality()
+            low, hi = Hasse_bounds(q)
+            if value > hi:
+                raise ValueError('Value %s illegal: outside max Hasse bound' % value)
+            if value * self != E(0):
+                raise ValueError('Value %s illegal: %s * %s is not the identity' % (value, value, self))
         self._order = value
 
     # #############################  end  ################################
