Hello how to resolve the equation (z≥y)² + X = 0 + 1‰, I tried but it seems impossible, or at least very difficult. 176.183.128.157 (talk) 13:31, 4 July 2025 (UTC)[reply]

This is not a well-formed equation. It is a meaningless sequence of symbols. Where did this come from?  ​‑‑Lambiam 15:29, 4 July 2025 (UTC)[reply]

Consider the free (non-commutative) algebra ${\displaystyle A}$ generated by ${\displaystyle u,u',u'',u^{(3)},...}$. Define a derivation ${\displaystyle D}$ on ${\displaystyle A}$ on generators by ${\displaystyle D(u^{(n)})=u^{(n+1)}}$. Obviously there exists a (non-unique) linear operator ${\displaystyle L}$ such that ${\displaystyle Ly=0}$ if and only if ${\displaystyle y=Dx}$ for some ${\displaystyle x\in A}$. But is there a canonical choice of ${\displaystyle L}$? Does it have something resembling a formula? (For example, we would have ${\displaystyle L(uu'+u'u)=0}$ whereas ${\displaystyle L(2uu')\neq 0}$.) Tito Omburo (talk) 19:59, 4 July 2025 (UTC)[reply]

What kind of object is ${\displaystyle u}$ suppose to be here? Also, algebra over what? 173.79.19.248 (talk) 15:56, 5 July 2025 (UTC)[reply]

Free algebra over rationals generated by symbols u,u', etc. (So the linear span of all finite words in the ${\displaystyle u^{(n)}}$). Tito Omburo (talk) 16:06, 5 July 2025 (UTC)[reply]

I see, just noncommuting formal symbols. And you want ${\displaystyle L:A\to A}$? Or you don't care what the codomain of L is? 173.79.19.248 (talk) 18:31, 5 July 2025 (UTC)[reply]

Don't care about codomain, but ${\displaystyle A}$ would be preferable. Tito Omburo (talk) 19:38, 5 July 2025 (UTC)[reply]

I think the following thing (or something very much like it) works: for each monomial ${\displaystyle {\bf {u}}=u^{(k_{1})}u^{(k_{2})}\cdots u^{(k_{m})}}$, define ${\displaystyle L({\bf {u}})=(-1)^{k_{1}}\sum _{(a_{2},\ldots ,a_{m})\in \mathbb {Z} _{\geq 0}^{m}:a_{2}+\ldots +a_{m}=k_{1}}{\frac {k_{1}!}{a_{2}!\cdots a_{m}!}}u\cdot u^{(k_{2}+a_{2})}\cdots u^{(k_{m}+a_{m})}}$, and extend by linearity. (In particular we get ${\displaystyle L(u^{(k)})=0}$ for ${\displaystyle k>0}$ because it's an empty sum, and we get that L is the identity on monomials whose first factor is u.) The key idea (to my mind) is that although the whole thing is infinite-dimensional, the only relations to worry about take place between monomials with a fixed number of factors and fixed "degree" (total number of derivatives applied). 173.79.19.248 (talk) 21:15, 5 July 2025 (UTC)[reply]

Anyhow to prove that this works, go as follows: let ${\displaystyle V_{m,\ell }}$ be the space spanned by the monomials ${\displaystyle u^{(k_{1})}\cdots u^{(k_{m})}}$ of length m having total "degree" ${\displaystyle \ell =k_{1}+\ldots +k_{m}}$. Then ${\displaystyle \dim(V_{m,\ell })={\binom {m+\ell -1}{m-1}}}$ by standard combinatorics. The image of my map L when restricted to ${\displaystyle V_{m,\ell }}$ is at least ${\displaystyle {\binom {m+\ell -2}{m-2}}}$ because there are this many monomials whose first factor is ${\displaystyle u=u^{(0)}}$, all of which are fixed by L. Then by rank-nullity it would suffice to show that ${\displaystyle D(V_{m,\ell -1})}$ is a subspace of ${\displaystyle V_{m,\ell }}$ of dimension ${\displaystyle {\binom {m+\ell -2}{m-1}}={\binom {m+\ell -1}{m-1}}-{\binom {m+\ell -2}{m-2}}}$, and that the restriction of L to this subset is identically 0. I haven't carefully done this but I don't think it could be too hard. 173.79.19.248 (talk) 02:12, 6 July 2025 (UTC)[reply]

Thanks, this seems right. Tito Omburo (talk) 13:04, 6 July 2025 (UTC)[reply]

Interesting number paradox: " for example, the smallest natural number that does not appear in an entry of the On-Line Encyclopedia of Integer Sequences (OEIS) was originally found to be 11630 on 12 June 2009. The number fitting this definition later became 12407 from November 2009 until at least November 2011, then 13794 as of April 2012, until it appeared in sequence OEIS: A218631 as of 3 November 2012. Since November 2013, that number was 14228, at least until 14 April 2014. In May 2021, the number was 20067." But now 20067 already appears in an entry of (sequence A379570 in the OEIS), so currently what is the smallest number not appearing in an entry of an OEIS sequence? 59.126.168.120 (talk) 18:35, 5 July 2025 (UTC)[reply]

I think it is hard to tell now. Years ago you could download the database and check it. As far as I know, you can't easily download the database now. I'd like to know if you can download it. Bubba73 ^{You talkin' to me?} 20:15, 5 July 2025 (UTC)[reply]

Ran a quick Python script using OEIS's search API to check whether each successive number appears in an OEIS sequence, it appears the first value to not appear in any OEIS sequence is 20990. GalacticShoe (talk) 20:17, 5 July 2025 (UTC)[reply]

The next values up to 30000 to not appear in any sequences are 22978, 23543, 24085, 24555, 26301, 27266, 27988, 28330, 28353, 28466, 28869, 28946, 29653, 29962. GalacticShoe (talk) 21:01, 5 July 2025 (UTC)[reply]

Thanks for that. Your script accesses the OEIS files over the internet, right? I'd really like to be able to download a copy of the files. Bubba73 ^{You talkin' to me?} 00:05, 6 July 2025 (UTC)[reply]

Unfortunately my script doesn't download the whole database, it only makes a call to OEIS itself which then provides a short "sample" of the sequences containing said number (each call is capped at 10 sequences at a time so as not to overwhelm the caller, but there is an option to retrieve more sequences.) However, I did find OEIS's "compressed versions" section which contains a couple of files, one of which has all the sequences and their A-numbers, the other of which has all the sequences' names and their A-numbers.

If that is not sufficient, there should be a way to download all the entry information programmatically by querying every individual sequence entry, but given the number of network calls it would need, it seems like it would end up taking a rather long time. GalacticShoe (talk) 00:32, 6 July 2025 (UTC)[reply]

Thanks, I didn't know about those files. I just downloaded them - I think they will suffice for what I want to do. Bubba73 ^{You talkin' to me?} 02:22, 6 July 2025 (UTC)[reply]

Well, (sequence A216380 in the OEIS) is (A216363(n) - 1)/118, and A216363 is related to the number 59 instead of 118, so please create an OEIS sequence of (A216363(n) - 1)/59 so that 20990 can appear. 59.126.168.120 (talk) 07:23, 6 July 2025 (UTC)[reply]

That sequence would be redundant, since the point is that all such numbers are congruent to 1 mod 118 (2 * 59), but you can submit it if you so want. GalacticShoe (talk) 17:46, 6 July 2025 (UTC)[reply]

I'm confused; doesn't every natural number appear in (sequence A000027 in the OEIS)? What do you mean by "appear"? --RDBury (talk) 02:18, 6 July 2025 (UTC)[reply]

Quoting from the article: (This definition of uninteresting is possible only because the OEIS lists only a finite number of terms for each entry.^[1] For instance, OEIS: A000027 is the sequence of all natural numbers, and if continued indefinitely would contain all positive integers. As it is, the sequence is recorded in its entry only as far as 77.) 173.79.19.248 (talk) 02:30, 6 July 2025 (UTC)[reply]

Yes, but if I change the definition to “appear in the first 100 terms (ignore the offset) of the sequence, what will be the result? (I know that there are many OEIS sequences such that there are unknown terms in the first 100 terms, such as OEIS: A000679(11) and OEIS: A000105(51) and OEIS: A000022(61) and OEIS: A240234(13) and OEIS: A347773(26), but none of these five can be 20990 or a number < 20990) 59.126.168.120 (talk) 20:04, 6 July 2025 (UTC)[reply]

Please stop adding your original research to the encyclopedia, and please stop over-emphasizing the OEIS at Interesting number paradox (where it is a minor illustration, not related in any important way to the encyclopedic subject of the article). 173.79.19.248 (talk) 23:28, 7 July 2025 (UTC)[reply]

I found that 20990 = 10989 + 10001, and 10989 is the period of 1/91 (which has only period 6) (thus the period length of 1/10989 is also only 6) (10989 is a divisor of the repunit R6) and gives the first record number in (sequence A004290 in the OEIS) not of the form 111…111000…000 (see (sequence A268609 in the OEIS) and (sequence A268610 in the OEIS)), also, 10001 is 10^4+1 and is a divisor of the repunit R8, thus the period length of 1/10001 is only 8, thus I think that the number 20990 = 10989 + 10001 is really interesting in decimal (base 10). 59.126.168.120 (talk) 21:33, 17 July 2025 (UTC)[reply]

Xayahrainie43, you are banned from the English-language Wikipedia; it is completely inappropriate for you to continue editing here. Have some basic decency and respect the rules of this community. 157.147.252.96 (talk) 12:32, 18 July 2025 (UTC)[reply]

According to this paper page 248 and unlike it’s title subject, it’s possible to invert a pairing on ʙɴ curves if exponentiation inversion is easy… But what about cases where final exponentiation isn’t needed ? Like ate pairing where both ${\displaystyle \mathbb {G} _{1}}$ and ${\displaystyle \mathbb {G} _{2}}$ have the same prime order ?

Is it also possible to modify the algorithm for ꜰᴀᴘɪ‒1 inversion ? 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 11:12, 7 July 2025 (UTC)[reply]

Simple question : given modulus : 21888242871839275222246405745257275088548364400416034343698204186575808495617^12 How to generate an anomalous curve for this given modulus ? Even a twisted one ? 21:06, 7 July 2025 (UTC) 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 21:06, 7 July 2025 (UTC)[reply]

Can it be appropriate to use ! in an exponent? For example, if you want to write 10³⁶²⁸⁸⁰ with fewer digits, is 10^9! considered appropriate? All I could find was Exponential factorial; my maths knowledge is limited, but it seems to be unrelated. Nyttend (talk) 07:38, 9 July 2025 (UTC)[reply]

Mathematical notation is supposed to be compositional. It is also often ambiguous, requiring brackets (for grouping) or contextual information. But 10^9! means, unambiguously, 10 raised to the power 9!. (An example requiring brackets is (3!)! = 6! = 720; the notation 3!! denotes the "double factorial": 3!! = 3 · 1 = 3.)  ​‑‑Lambiam 08:24, 9 July 2025 (UTC)[reply]

A statement found hidden in the article Symbols of grouping:

A superscript is understood to be grouped as long as it continues in the form of a superscript. ... For example, in x²⁺³, it is understood that the 2+3 is grouped, and that the exponent is the sum of 2 and 3.

Indeed, (x²)⁺³ would mean x^(2×3), not x⁽²⁺³⁾. Since (10⁹)^! is meaningless, this rule is not needed for disambiguating 10^9!. ‑‑Lambiam 11:12, 9 July 2025 (UTC)[reply]

My knowledge is limited enough that I don't understand how your answer is relevant; sorry. Are you saying that it's appropriate, or inappropriate, or ambiguous? Nyttend (talk) 11:40, 9 July 2025 (UTC)[reply]

It's appropriate and unambiguous. --Wrongfilter (talk) 12:09, 9 July 2025 (UTC)[reply]

Thank you! Sorry for having to request an explanation of the explanation. Nyttend (talk) 20:43, 10 July 2025 (UTC)[reply]

I'm sorry I wasn't clearer. In hindsight, I should have started by saying it is fine before embarking on a complicated explanation of why it is fine.  ​‑‑Lambiam 21:22, 10 July 2025 (UTC)[reply]

While drawing this diagram, I found from http://www.geoastro.de/SolsticeAzimuth/index.html a formula to calculate the azimuth angle of sunrise during the summer solstice at a given latitude:

cos(az) = sin(eps) / cos(latitude)

When the latitude exceeds 90° – eps (Earth's axial tilt), sin(eps) / cos(latitude) exceeds 1 so arccos fails. What actually happens then? Cheers, cmɢʟee⎆τaʟκ 12:10, 11 July 2025 (UTC)[reply]

You are then north of the Arctic Circle. The sun – more precisely, the centre of the apparent solar disk, not taking atmospheric refraction into account – stays the whole day above the horizon, so there is no sunrise. See also the image at Arctic Circle § Midnight sun and polar night.  ​‑‑Lambiam 12:28, 11 July 2025 (UTC)[reply]

Good observation, thanks cmɢʟee⎆τaʟκ 12:53, 11 July 2025 (UTC)[reply]

Is there any even positive integer whose all powers can be written as 3xy+-(x + y) with x > 0, y > 0? 1.168.124.92 (talk) 17:32, 11 July 2025 (UTC)[reply]

A positive even number ${\displaystyle r}$ can be written as ${\displaystyle 3xy+x+y}$ with positive ${\displaystyle x,y}$ iff ${\displaystyle 3r+1}$ has a nontrivial divisor congruent to ${\displaystyle 1\!\!{\pmod {6}}}$, and it can be written as ${\displaystyle 3xy-x-y}$ with positive ${\displaystyle x,y}$ iff ${\displaystyle 3r+1}$ has a nontrivial divisor congruent to ${\displaystyle 5\!\!{\pmod {6}}}$. Since all nontrivial divisors of ${\displaystyle 3r+1}$ must be of one of those forms, any positive even ${\displaystyle r}$ can be written as ${\displaystyle 3xy\pm (x+y)}$ if and only if ${\displaystyle 3r+1}$ has a nontrivial divisor, that is, it is composite. This question is pretty much equivalent then to asking if there is some even ${\displaystyle n}$ such that ${\displaystyle 3n^{k}+1}$ is composite for all ${\displaystyle k\geq 1}$. In other words, is ${\displaystyle 3}$ a Sierpiński number in any even base? GalacticShoe (talk) 18:41, 11 July 2025 (UTC)[reply]

We previously discussed this in Wikipedia:Reference desk/Archives/Mathematics/2023 December 11#Does such prime always exists?, and I'm fairly sure the answer remains "we don't know." I would wager that all known Riesel/Sierpinski-type sequences are either achieved through a covering set or through factorization. Since ${\displaystyle 3}$ is a Mersenne number, we can't use the former approach, and there is evidently no factorization for the latter approach either. GalacticShoe (talk) 18:51, 11 July 2025 (UTC)[reply]

Interesting response. Thanks! Tito Omburo (talk) 19:46, 11 July 2025 (UTC)[reply]

Simple question : everything is in the title : Pairings allows transferring the ᴇᴄᴅʟᴘ to finite field ᴅʟᴘ and I want to do the reverse : the aim isn’t to find a secret point but to transfer the finite field ᴅʟᴘ to the ᴇᴄᴅʟᴘ (which sounds easier). If there’s a way to do it, (maybe through weil pairing inversion) how to do it ?

The relevant papers are https://eprint.iacr.org/2019/385.pdf and https://www.sciencedirect.com/science/article/pii/S1071579707000834/pdf?md5=d985e8c200fba1830ffb8841b0ec7b4f&pid=1-s2.0-S1071579707000834-main.pdf 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 22:51, 12 July 2025 (UTC)[reply]

Why does ECDLP sound easier? I thought it being harder was kind of the point of ECC... Sesquilinear (talk) 23:06, 13 July 2025 (UTC)[reply]

The idea is to lift the ꜰꜰᴅʟᴘ to a weak curve… I’m meaning weak not only by being SuperSingular 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 14:57, 14 July 2025 (UTC)[reply]

Is there a reason why you've been posting several elliptic-curve-related questions here over the past few months? Duckmather (talk) 18:25, 17 July 2025 (UTC)[reply]

That I’m working on elliptic curve problems and thus here a place where I can and did get some responses ? 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 07:19, 18 July 2025 (UTC)[reply]

I was reading this paper. The almost principal minor (ᴀᴘᴍ) case sounds to yield a subexponential algorithm for solving the ᴇᴄᴅʟᴘ both in number of matrices rows and kernel counts, yet they talk about using a supercomputer for achieving the result of their paper where an older version of their source code can be found here.

So given finite field size, what’s the estimated complexity of the whole algorithm in the best design scenario ? 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 11:48, 15 July 2025 (UTC)[reply]

Can bins in histograms have different widths? In different-width histograms, values are signified by area of bins rather than height, width of bins signify range of values belonging to each bin (the larger the range, the wider the bin), and height of bins signify value divided by range. None of histogram makers I have found on the web have an option to make histograms with different-width bins. --40bus (talk) 12:07, 15 July 2025 (UTC)[reply]

Google "histogram unequal class width" or "histogram uneven bin width" for loads of options. Whether that's a good idea depends on what you're trying to do. For most variables it would make the visual interpretation of the histogram harder than necessary. For age groups (e.g. [0,18), [18, 65], (65, ∞)) it would be quite useful (but then one wouldn't normally plot that on a linear age axis, so not a good example..). --Wrongfilter (talk) 12:26, 15 July 2025 (UTC)[reply]

A search for "frequency density" gives several tutorial examples of different-width histograms ([1], [2], [3], [4]), including one by age groups ([5]).  ​‑‑Lambiam 04:56, 16 July 2025 (UTC)[reply]

If a ≠ b, a^b and b^a are both algebraic numbers, must a and b be algebraic numbers? 59.126.168.120 (talk) 19:21, 15 July 2025 (UTC)[reply]

The numbers ${\displaystyle 0^{\pi }}$ and ${\displaystyle \pi ^{0}}$ are both algebraic. Excluding such trivial counterexamples, consider the system of equations ${\displaystyle x^{y}=2,y^{x}=3.}$ It is solved by ${\displaystyle x=1.36280\,{\cdot \cdot \cdot }\,,y=2.23925\,{\cdot \cdot \cdot }\,.}$ It will be astounding, should these values prove to be algebraic.  ​‑‑Lambiam 06:07, 16 July 2025 (UTC)[reply]

By the Gelfond-Schneider theorem, if a and b are both algebraic numbers other than 0 or 1, and b is irrational, then ${\displaystyle a^{b}}$ is transcendental. Therefore, should ${\displaystyle a^{b},b^{a},a,b}$ be all algebraic and a and b be both other than 0 or 1, then a and b must both be rational. Conversely, if a and b are both rational, then clearly both ${\displaystyle a^{b}}$ and ${\displaystyle b^{a}}$ are algebraic. I conjecture this is the only possibility. Duckmather (talk) 18:24, 17 July 2025 (UTC)[reply]

Is there any application that uses thirds, sixths and twelfths of metric units? Most metric units are in base 10, and do not divide evenly by these numbers. Are there any metric units (other than units of time) that are not in base 10, and divide evenly by these numbers? --40bus (talk) 11:26, 17 July 2025 (UTC)[reply]

Units of measure, including the metric units, are not numbers and are not "in a base". Numbers come into play when reporting the value of a physical quantity. Such values are presented in two parts: a numerical value together with a unit of measurement. The numerical value is customarily presented using decimal numbers (and the SI system prescribes their use), but this is independent of the system of units used.  ​‑‑Lambiam 20:21, 17 July 2025 (UTC)[reply]

Given the curve’s specifications, and the following code :

#set up the F_p^2 = F_p[i] / (i^2 + 1) field
p=21888242871839275222246405745257275088696311157297823662689037894645226208583
F2.<z2> = GF(p^2,modulus=x^2+1)
ec = EllipticCurve([F2(0),F2(3/(9+z2))]) # set up the curve over F_p^2 = F_p[i] / (i^2 + 1)​
X,Y = ( # set up the generator
21280594949518992153305586783242820682644996932183186320680800072133486887432 * z2 +
150879136433974552800030963899771162647715069685890547489132178314736470662,
1081836006956609894549771334721413187913047383331561601606260283167615953295 * z2 +
11434086686358152335540554643130007307617078324975981257823476472104616196090
)
pt = ec([X,Y,1])
#declare the isomorphsim to map the point to F_p¹²
G2.<w2> = GF(p^2,modulus=x^2-18*x+82)
F12.<z12> = GF(p^12,modulus=x^12-18*x^6+82)
X1=(X[0]-X[1]*9) + (X[1])*w2
Y1=(Y[0]-Y[1]*9) + (Y[1])*w2
print(Y1^2-X1^3-3/w2)
X2=X1[0] + X1[1]*z12^6
Y2=Y1[0] + Y1[1]*z12^6
print(Y2^2-X2^3-3/z12^6)
X3 = X2*z12^2
Y3 = Y2*z12^3
ec12 = EllipticCurve([F12(0),F12(3)]) # declare the F_p¹² curve linked to the isomorphism.
P0=ec12(X3,Y3) # X3 and Y3 represent the converted generator coordinates. See https://github.com/ethereum/py_pairing/blob/dd5ede17919c2afd042e4fbb7fda06d250df09be/py_ecc/bn128/bn128_curve.py#L100

but this is for mapping a point to the ${\displaystyle y=x^{3}+3}$ curve defined over ${\displaystyle \mathbb {F} _{p}^{12}}$. How to perform the reverse by going from ${\displaystyle \mathbb {F} _{p}^{12}}$ to the curve defined as ${\displaystyle {\frac {Y^{2}=X^{3}+3}{i+9}}}$ over the field ${\displaystyle \mathbb {F} _{p}^{2}={\frac {F_{p}[i]}{i^{2}+1}}}$ 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 15:54, 17 July 2025 (UTC)[reply]

Where are you getting this 254 and 12th power from? Neither of those are described above; they all mention altbn128, not 254, and the base field and its quadratic extension, not a 12th power extension Sesquilinear (talk) 18:28, 17 July 2025 (UTC)[reply]

${\displaystyle \mathbb {F} _{p}^{12}}$ is the field’s for pairings because of the embedding degree while the curve over ${\displaystyle \mathbb {F} _{p}^{2}={\frac {F_{p}[i]}{i^{2}+1}}}$ is used as notation for point compression. There’re different bn128 curves wearing the same name, hence the one used with cryptocurrencies is sometimes labelled as altbn254. Everything is written in the specifications here. According to the implementation at https://github.com/ethereum/py_pairing/blob/dd5ede17919c2afd042e4fbb7fda06d250df09be/py_ecc/bn128/bn128_curve.py#L100 the mapping although only implemented for going from ${\displaystyle \mathbb {F} _{p}^{12}}$ to the curve defined as ${\displaystyle \mathbb {F} _{p}^{2}={\frac {F_{p}[i]}{i^{2}+1}}}$ is an isomorphism which suggest that doing in the other direction is possible and my question is to do it in SageMath. 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 20:00, 17 July 2025 (UTC)[reply]

Okay, I think I see the confusion. The Ethereum spec there is quite terse and jumps through the intermediate steps assuming you already know them.

My exercise for you is: describe as many groups relevant to the pairing and its implementation as you can, and tell me how many you think are isomorphic to each other, as well as which ones will be strict subgroups of each other; this last part is the most important part and I don't think you'll be able to understand anything in elliptic curve cryptography without being able to tell me that last part. Sesquilinear (talk) 20:52, 17 July 2025 (UTC)[reply]

This is about maths : as shown by https://github.com/ethereum/py_pairing/blob/dd5ede17919c2afd042e4fbb7fda06d250df09be/py_ecc/bn128/bn128_curve.py#L100, you need to map points to embedding field in order to perform the pairings.

As for the isomorphism : as you said the specification don’t define it so I fail to understand it fully… I can’t explain it to you as a result. I’m asking the result in SageMath, but I would be unable to explain it mathematically too. The isomorphism is between ec12 = EllipticCurve([F12(0),F12(3)]) and EllipticCurve([F2(0),F2(3/(9+z2))]). This is shown by the code I wrote : but how it works ? I don’t understand fully (again). 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 22:04, 17 July 2025 (UTC)[reply]

Explain, in your own words, what the groups involved are. Sesquilinear (talk) 22:10, 17 July 2025 (UTC)[reply]

Actually, I'll be more explicit on one point. The G1 and G2 they imply an isomorphism between aren't the full groups of elements of the elliptic curves over the given fields. Indeed, with Hasse's theorem on elliptic curves you can show that's impossible for a curve over ${\displaystyle F_{p}}$ and a curve over ${\displaystyle F_{p^{2}}}$ when ${\displaystyle p}$ is big enough. Sesquilinear (talk) 23:13, 17 July 2025 (UTC)[reply]

The curve over contains ${\displaystyle \mathbb {F} _{p}^{12}}$ contains 21888242871839275222246405745257275088548364400416034343698204186575808495617 has a subgroup/suborder. By reverse mapping, I’m also talking about points being in such correct subgroup. For the other finite fields, the specification the order is 21888242871839275222246405745257275088548364400416034343698204186575808495617 directly. I’m not wanting to map between ${\displaystyle \mathbb {G} _{1}}$ and ${\displaystyle \mathbb {G} _{2}}$. 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 06:44, 18 July 2025 (UTC)[reply]

Have all of your elliptic curve related questions been an attempt to solve the discrete logarithm problem for this zero knowledge proof system? Sesquilinear (talk) 06:33, 18 July 2025 (UTC)[reply]

In the case of this question, this is for solving a class of diffie Hellman. Although looking unlikely : Satoh’s latest Miller’s inversion algorithm seems to work for weil_pairing inversion (resulting root of unity of finite field elements in my case do satisfy the required unprobable criteria for the algorithm). The algorithm outputs a ${\displaystyle \mathbb {G} _{2}}$ point having the 21888242871839275222246405745257275088548364400416034343698204186575808495617 order that need to be mapped back from the ec12 curve to the ec curve of the SageMath code. 2A01:E0A:ACF:90B0:0:0:A03F:E788 (talk) 07:01, 18 July 2025 (UTC)[reply]

Are there any web programs that can calculate last 100 or more digits of tetrational numbers, even power towers of 100 or more numbers? --40bus (talk) 04:31, 18 July 2025 (UTC)[reply]