def findGenPoint(prime, A, EC, N): 
    Fp = GF(prime)
    for uInt in range(1, 1001):
        u = Fp(uInt) 
        v2 = u^3+A*u^2+u 
        if not v2.is_square():
            continue
        v = v2.sqrt()
        
        point = EC([u, v]) 
        pointOrder = point.order()
        if pointOrder == N:
            return point

def findBasePoint(EC, h, u, v):
    return h*EC([u, v])

# Generator and base points of Baby Jubjub in Montgomery form
prime = 52435875175126190479447740508185965837690552500527637822603658699938581184513
l = 6554484396890773809930967563523245729705921265872317281365359162392183254199
Fp = GF(prime)
EC = EllipticCurve(GF(prime), [0,40962,0,1,0])
A = 40962
B = 1
n = 52435875175126190479447740508185965837647370126978538250922873299137466033592
h = 8
gen_u, gen_v, gen_w = findGenPoint(prime, A, EC, n)
base_u , base_v, base_w = findBasePoint(EC, h, gen_u, gen_v)

print(gen_u, gen_v)
print(base_u, base_v)

def mont_to_ted(u, v, prime):
    Fp = GF(prime)
    x = Fp(u / v)
    y = Fp((u-1)/(u+1))
    return(x, y)

def ted_to_mont(x, y , prime):
    Fp = GF(prime)
    u = Fp((1 + y )/ ( 1 - y))
    v = Fp((1 + y ) / ( (1 - y) * x))
    return(u, v)

def is_on_ted(x, y, prime, a, d):
    Fp = GF(prime)
    return Fp(a*(x**2) + y**2 - 1 - d*(x**2)*(y**2)) == 0

# Conversion of Baby Jubjub to twisted Edwards
a = Fp((A+2)/B)
d = Fp((A-2)/B)
print("a/d:")
print(a)
print(d)

# Check we have a safe twist and discriminant != 0
assert(not d.is_square())
assert(a*d*(a-d)!=0)

# Conversion of generator to twisted Edwards
gen_x, gen_y = mont_to_ted(gen_u, gen_v, prime)
assert(is_on_ted(gen_x , gen_y , prime , a , d))

# Sanity check: the inverse map returns the original point in Montgomery
u , v = ted_to_mont(gen_x, gen_y, prime)
assert (u == gen_u)
assert (v == gen_v)

# Conversion of base point to twisted Edwards
base_x , base_y = mont_to_ted(base_u , base_v , prime)
assert(is_on_ted(base_x ,base_y , prime , a , d))

print("twisted Edward")
print(gen_x, gen_y)
print(base_x, base_y)