; using sect233k1; define curve T = (m,f(x),a,b,G,n,h), where; m = 233 and f

1. ; using sect233k1
2. ; define curve T = (m,f(x),a,b,G,n,h), where
3. ; m = 233 and finite field F(2^233) is defined by:
4. ; f(x) = x^233 + x^74 + 1
5. ; = curve E: y^2 + xy = ax^2 + b defined by:
6. ; a = 0000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7. ; b = 0000 00000000 00000000 00000000 00000000 00000000 00000000 00000001
8. ; G(comp) = 020172 32BA853A 7E731AF1 29F22FF4 149563A4 19C26BF5 0A4C9D6E EFAD6126
9. ; G(ucomp) = 04 017232BA 853A7E73 1AF129F2 2FF41495 63A419C2 6BF50A4C 9D6EEFAD 6126'01DB 537DECE8 19B7F70F 555A67C4 27A8CD9B F18AEB9B 56E0C110 56FAE6A3
10. ; n = 80 00000000 00000000 00000000 00069D5B B915BCD4 6EFB1AD5 F173ABDF
11. ; h = 01
12. ; ## KEYGEN ## generate key pair (d, Q)
13. ; d is secret. Assert d in range [1, n-1] (random).
14. ; Q = d*G
15. ; output (d, Q)
16. ; ## PUBKEY VALID ##
17. ; assert Q != infinity point
18. ; assert xQ, yQ are of degree <= m-1
19. ; assert nQ = infinity point
20. ; if h = 1, skip final assertion
21. ; ## SECRET COMPUTE ##
22. ; inputs:
23. ; private key d(alice) associated with T(alice)
24. ; public key Q(bob) associated with T(bob)
25. ; P = (x, y) = h * d(alice) * Q(bob)
26. ; if P = infinite point, invalid
27. ; output x as shared secret field
28. ; (optional, but recommended) pass x to a KDF to generate symmetric key
29.