Million Dollar Curve

3 min read Original article ↗

After the 13th of October, 2015, all the draws have taken place and anybody can update the list of the 220 draws on which we committed. The full list of results is available here: draws.txt. Here is an excerpt: 


# Start date (t3): 2015-10-01
# Target Entropy: 8192

# Draw Id                       m  n  draw
2015-10-01_au_powerball         6  40 3,5,16,17,27,40
2015-10-01_br_quina             5  80 23,32,56,76,77
2015-10-01_ca_daily_keno_midday 20 70 15,17,18,19,21,27,28,29,33,38,41,49,50,54,56,58,59,65,69,70
2015-10-01_ca_daily_keno_night  20 70 1,4,7,11,19,20,29,30,32,33,34,40,41,45,46,48,50,53,54,58
2015-10-01_de_keno              20 70 5,9,19,20,21,23,25,27,33,35,38,43,49,52,55,56,58,59,65,70
2015-10-01_es_bonoloto          6  49 6,10,18,20,40,41
2015-10-01_es_la_primitiva      6  49 11,17,30,39,45,49
2015-10-01_fr_keno_midday       20 70 1,2,4,9,12,16,20,29,36,38,43,46,47,52,53,57,60,65,68,69
2015-10-01_fr_keno_night        20 70 1,4,5,6,10,11,13,17,22,27,38,39,41,42,43,48,51,53,58,62
2015-10-01_it_super_enalotto    6  90 2,17,21,49,69,74
...
2015-10-13_br_quina             5  80 6,13,35,46,49
2015-10-13_ca_daily_keno_midday 20 70 1,3,11,14,15,16,19,25,30,35,43,47,50,52,53,55,57,58,61,62
2015-10-13_ca_daily_keno_night  20 70 3,4,10,12,17,19,20,22,23,28,31,32,36,45,46,47,60,65,68,70
2015-10-13_de_keno              20 70 4,10,13,20,28,32,40,42,43,44,46,47,52,54,58,63,64,66,67,70
2015-10-13_es_bonoloto          6  49 11,19,32,35,39,44
2015-10-13_eu_euromillions      5  50 12,15,26,29,47

From this file anyone can execute the script 01_draws_to_seed.py on which we committed, in order to extract entropy and compute the seed:

This produces the JSON file in_02.json (available here) contains the following parameters:


approx_seed_entropy = 8223
lone_bits           = 10
seed                = 1664436082852779444802442192988970575531930397222494321228063629864557961728803883926094550385167058026090587442804992621666228031824850408977931653953205224907452192448402947670055261150764551727944796583924695849500240128137466901314993974704108255639919385356455453617053087121025389652870978012187565785575464644714958917678079274569379823362558091467611799751193407675046826807548694116669844166972705365969552771149984160062544074389146982409243075813736699100075589396723882917071122015731981374614095302089754494985407927832926024234836396358084285809717464826379318750876768993887869840031466090921436832230498035339095298529291587853714219329774235775210961379127330113823477598764527438778847626145011633782593212645562064448659471877722480871999974702080179183834126740699517184521454943938035113938692998317616147636425414962743790714831677740118246878312210571012425841034033128661986723276972882209299270350199282190617841430606201104803753345366988416652963111938108353169079015641546969256318597263496182315932504553869628818983731124877921578768421573130326980198457985853933167041178401907899567953650045468446161244047687507035837811771600202409909526557843389429455601479289633348882813556807503769979728957591763637621737145956120815220344555748920676312816814656460166181343305464690936269322579570407807762636457326224984914613872538193178504113292256360371831014862510954694946783505875916871595421574730030018201003626509323351542883853608834849092416755445122210741037507932150659416521202870433052456864432922150184966576408871635089341598440450145024174442340774136708941993724850490599222135355391720073383074540738447294180965530961137799570246200068162112468745891496003006169621316053393275704733196781368570411976629532995051915685204926483953406664939370869964416695536624121769396683994351915735775797639217795093078385321306543055120144565661953122858193755809973160189059524656983365610112983211718256501009825173809999924357509149066306953519903416637248043489493183726451360472341666092059964278878276574420041448907840407445249481718650690416690775758933245281009973900311691502576296253316680849678468235039210114017450884506944754770897523525941138413734814028885865857866444976690953612864968929784638694658289257251181357074750560995592810208579415743638539558225063210137757410358643416635839606812394994891101077266204256187787492062451504528393807321466708332847566242091400223420779877679952622051662350002253651495133907341754
seed_upper_bound    = 4078760853137366152565665359692641039385592116341792872174798293528730262505604856319984891330326499724588304315794346056827503608640844582004272617182928864730734193080477046244934560445194888018926038312523778544581999220598232461784026472137408919884797239288514956084013173341120259946951032471347862933908049519338819085102396116540035985609568910996351733394837041133831507469134335187139469760120261847923343499519578444590415470483381011336125873301787848247709938136258591551456285922915975926764694558075000354349419311367522811408768994613285440887109567797862891121077183005290727585879502584733529754489120189587944482660578728381733205292149488895964956969710417847950557953655800264098812806856466959112148876651995406206966050775213683808859958755812475416154322120830140661273887276848635151983587529184272984574556667043624065090410875990380572588107168689382535001627304696050578210355907340666453558982971202255333432775066898676327161853623859679786270428734392966386543639164091424740538368536165400286507871533582157790871675410027382485168692604395871565299251138312714475762573808959818134553603071816832386859763429380550095983034986058417000612156642929612826563488839685279016609385318784084049942605080191498002919729562400190864894127088678948576410389436282889357468591916375683532741581763651636102277026910781851214197515177481112220139710899345903260327834754682153619235021280611826160386317317328661616704836140532491691386237112388826910843914553456570679510755548742185380127658616175054047136422029049104417360642770872815660646361135507253674090997828130247154987646923171770730495701379970962903467568032213361012558458938060621275945410710110443526088103376767068521669280446083222824945458107842332647677069633044260420967869635123892580747798068962208928960074912924697779520324760635130691381310240967401765086313970825010189295113753045997872481740966507003742742832417209416256025942964664848830188760574594066885788122685263106441535957491546516097644214950870199400377916215850401801148959152950297778724814834581397128318128091443452181468211989958420501734609756372909906023306986860868954878220677807462827469559365944814758907124374137189565747715802421313738221471257545427485769197245808006977353378799330644960247109710084437262010321614667307967351935919867699325447057426780624404603270164990858292195087155389512414721474560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

This JSON we obtained can now be used as an input the the first script provided by the committed Design:

As explained in the technical paper and in the Source code section of this website, this script generates two strong strong primes of 2048 bits (at least) and a starting point for the BBS PRNG. It saves these results the JSON file in_03.json available here, with the following results: 


bbs_p = 35996412491659794106448678139203938249319697793346228632758700385153828129222749516077912753343035129789819747816348453087580050481996153995521308039730936961618334905667713791346937674536432092801009873985890146457492187047606448036554590564796981762282692096900641341020117017885420307506471120134152019935744189317325819234436421439715327857275211487684243785270234661937364552442351195200733126410361318413535774155794766283380974477515359668232245678657176490984667263872574921785081459817762257992362678454589660781072420366409686780905394019828621484459905747476774917671346051159496277702425357569133770443119
bbs_q = 30315858869239431089212426514783714062428473234435833692057820645959694566008634325041433180776896793285445888034627949706231004647893532536024771869124634392824449630944436227669260567061622692804476138599018096428493105738397355007990979053630728062311300025984776092617287790160254448606785404410421995726235326915743414650055648079666247870233079356651945395857036418250763093029380246643546664785718151008002877713894928073721216341320396221599090958437786830763819867002491028083039229220195943232749087198595707235991378178782441122374868962214544288908100679420248140749400244100103512014551094178606281398127
bbs_s = 18476426484133019619998234396934849051966797182536070934506269854004374204414136339314377524571231797390359179695957049688508697050157500214667193474820494653369134031708114847593144064625415532686231461386488622149871002216153721536130644578728635711394588600500832804852689345505588408177295103694098702331375837758368406095112432947707310011873806823384013560875404650395910416660196334382526154266971128648615654982055521502794313048094309540419504951302162746456649418700812060831427876891970165668060726241688197548728249239884217479590511603628877205033352497364354469143120798218913543911839860000097598329037494350535649378407580398643700122323369548041629677121721973753511494261644724003034028338651573419655204199846776134666189017880004663596460410032954382086307747756870889896894524260105011340917794046775756652937089267415768365147537020349548255221010874106356366998440915763901915123853642601607553756397146899127153931718082422816549057021341447091544410200586397764184633299229883062636542402843211347084313695101888396936147476602127101258995255751180194010017332444760927624323897059669055522613843653741214924538943210013162984710377440648716185527119859749450609782543570111304936910079063707774290435862746

Using these parameters, anyone can execute the second script provided by the Design, in order to generate the 256-bit prime \(p\) defining the finite field for the Three Cents Curve:

This generates a JSON file named in_04.json specifying the prime we were looking for, as well as an updated state of the BBS PRNG. The file is available here, it contains the following results: 

bbs_p = 35996412491659794106448678139203938249319697793346228632758700385153828129222749516077912753343035129789819747816348453087580050481996153995521308039730936961618334905667713791346937674536432092801009873985890146457492187047606448036554590564796981762282692096900641341020117017885420307506471120134152019935744189317325819234436421439715327857275211487684243785270234661937364552442351195200733126410361318413535774155794766283380974477515359668232245678657176490984667263872574921785081459817762257992362678454589660781072420366409686780905394019828621484459905747476774917671346051159496277702425357569133770443119
bbs_q = 30315858869239431089212426514783714062428473234435833692057820645959694566008634325041433180776896793285445888034627949706231004647893532536024771869124634392824449630944436227669260567061622692804476138599018096428493105738397355007990979053630728062311300025984776092617287790160254448606785404410421995726235326915743414650055648079666247870233079356651945395857036418250763093029380246643546664785718151008002877713894928073721216341320396221599090958437786830763819867002491028083039229220195943232749087198595707235991378178782441122374868962214544288908100679420248140749400244100103512014551094178606281398127
bbs_s = 16231249049289512183816108274139410008959347871291657480241802255571614754777066194725352335563239959933548478062079522271990145699776322456398385700223125565569257249758201487125056248913059978410072798926972267808251247173058791746560537593858664276102129052592952950327611814240424713850191447417636663531641397215846024226609699275919847744016594863529001030951393681091784144561701636056734226990419608829565443727396180437528093169529171743378973271256572695803016611472151850312477890344457296387863326098536333877357302652175539293031823984410244560554546550672398522518623206389657545780138501006919050268721753696332886298203438679845296041259359332435756266592470651896950183346866887144681521429757183980122188623006646503186966559592632414784945403544702360536821125889716509251163306415155154150553139559189980979605453545858460054316575152784881467825030802940550344251225733031611421609669883678178934480349237244199614711901351540034563328973484524695768320106795632767954597859635858794796783991377252578300266399421088724523375073422668086490862267546327476362499803034251505650131538267136074401723559119467940653489794522406722813658363856847025074467194006481609878829631103051152964731001602596537283064429604
p     = 91246932342305152449750051429713245449807489613263384851830108981264650686779

Using these parameters, anyone can execute the third script provided by the Design, in order to generate the Edwards curve and the base point:

This generates a JSON file named out.json specifying all the remaining parameters of the Three Cents Curve. Those parameters are obtained after 13879 bad candidates. The out.json file is available here, it contains (among others) the following parameters: 


base_point_x           = 37757004397508297461488232022133215112657762713920729625869178332980531926037
base_point_y           = 78446303868801273512921965105183307537468280825605151126468994204353829363786,
candidate_nbr          = 13880
cardinality            = 91246932342305152449750051429713245449776357953969544416800235471101452818604
cardinality_twist      = 91246932342305152449750051429713245449838621272557225286859982491427848554956
d                      = 83729813207862236689454561512349386173963508197506719807406274769840427582251
discriminant           = -91004637289708212066283662649310061398127799680941464991704514056966882295035
embedding_degree       = 22811733085576288112437512857428311362444089488492386104200058867775363204650
embedding_degree_twist = 22811733085576288112437512857428311362459655318139306321714995622856962138738
p                      = 91246932342305152449750051429713245449807489613263384851830108981264650686779
trace                  = 31131659293840435029873510163197868176