Problem Statement

Elliptic curves   are sometimes used in   cryptography   as a way to perform   digital signatures. The purpose of this task is to implement a simplified (without modular arithmetic) version of the elliptic curve arithmetic which is required by the   elliptic curve DSA   protocol. In a nutshell, an elliptic curve is a bi-dimensional curve defined by the following relation between the x and y coordinates of any point on the curve: a and b are arbitrary parameters that define the specific curve which is used.
For this particular task, we'll use the following parameters: The most interesting thing about elliptic curves is the fact that it is possible to define a   group   structure on it.
To do so we define an   internal composition   rule with an additive notation +,   such that for any three distinct points P, Q and R on the curve, whenever these points are aligned, we have: Here   0   (zero)   is the infinity point,   for which the x and y values are not defined.   It's basically the same kind of point which defines the horizon in   projective geometry.
We'll also assume here that this infinity point is unique and defines the   neutral element   of the addition. This was not the definition of the addition, but only its desired property.   For a more accurate definition, we proceed as such: Given any three aligned points P, Q and R,   we define the sum   S = P + Q   as the point (possibly the infinity point) such that   S, R   and the infinity point are aligned. Considering the symmetry of the curve around the x-axis, it's easy to convince oneself that two points S and R can be aligned with the infinity point if and only if S and R are symmetric of one another towards the x-axis   (because in that case there is no other candidate than the infinity point to complete the alignment triplet). S is thus defined as the symmetric of R towards the x axis. The task consists in defining the addition which, for any two points of the curve, returns the sum of these two points.   You will pick two random points on the curve, compute their sum and show that the symmetric of the sum is aligned with the two initial points. You will use the a and b parameters of secp256k1, i.e. respectively zero and seven. Hint:   You might need to define a "doubling" function, that returns P+P for any given point P. Extra credit:   define the full elliptic curve arithmetic (still not modular, though) by defining a "multiply" function that returns, for any point P and integer n,   the point P + P + ... + P     (n times).

Let's start with the solution:

import "./fmt" for Fmt

var C = 7

class Pt {
    static zero { Pt.new(1/0, 1/0) }

    construct new(x, y) {
        _x = x
        _y = y
    }

    x { _x }
    y { _y }

    static fromNum(n) { Pt.new((n*n - C).cbrt, n) }

    isZero { x > 1e20 || x < -1e20 }

    double {
        if (isZero) return this
        var l = 3 * x * x / (2 * y)
        var t = l*l - 2*x
        return Pt.new(t, l*(x - t) - y)
    }

    - { Pt.new(x, -y) }

    +(other) {
        if (other.type != Pt) Fiber.abort("Argument must be a Pt object.")
        if (x == other.x && y == other.y) return double
        if (isZero) return other
        if (other.isZero) return this
        var l = (other.y - y) / (other.x - x)
        var t = l*l - x - other.x
        return Pt.new(t, l*(x-t) - y)
    }

    *(n) {
        if (n.type != Num || !n.isInteger) {
            Fiber.abort("Argument must be an integer.")
        }
        var r = Pt.zero
        var p = this
        var i = 1
        while (i <= n) {
            if ((i & n) != 0) r = r + p
            p = p.double
            i = i << 1
        }
        return r
    }

    toString { isZero ? "Zero" : Fmt.swrite("($0.3f, $0.3f)", x, y) }
}

var a = Pt.fromNum(1)
var b = Pt.fromNum(2)
var c = a + b
var d = -c
System.print("a         = %(a)")
System.print("b         = %(b)")
System.print("c = a + b = %(c)")
System.print("d = -c    = %(d)")
System.print("c + d     = %(c + d)")
System.print("a + b + d = %(a + b + d)")
System.print("a * 12345 = %(a * 12345)")