Hash to curve as defined in the standard #377
Conversation
The current implementation is not compatible with the current definition of the standard. This PR provides a hash-to-curve implementation as defined in draft-irtf-cfrg-hash-to-curve-12. * Implementation of `hash_to_field` as defined in the standard * Implementation of `hash_to_curve` as defined in the standard, by changing the mechanism over which we chose the sign. * For the point above, had to change the `elligator_encode` to return whether `eps` is a square or not (required for `hash_to_curve`). * Included test vectors of the draft. * Included `FieldElement::from_bytes_wide(bytes: &u8; 64])` to reduce integers encoded in 64 bytes.
|
I see in #438 that the function |
|
Yes, thank u for following up. I do want to merge this but I haven't gotten a chance to do a proper review. We really need to get to a 4.0 release, so I think this might have to wait until 4.1. Thank you so much for this contribution. I promise it will get the attention it deserves. |
|
Great, thanks! And whenever you think you have time, you can ping me here, and I'll rebase (as there's been some changes in the hashing functions) and make sure it follows the latest version of the standard 👍 Thanks for working on this 🙏 |
|
It would also be interesting if someone could attempt to impl the |
|
Happy to do it 👍 given that there is no rush, I should be able to dedicate a few cycles in a reasonable amount of time. |
The current implementation is not compatible with the current definition of the standard. This PR provides a hash-to-curve implementation as defined in draft-irtf-cfrg-hash-to-curve-12.
hash_to_fieldas defined in the standardhash_to_curveas defined in the standard, by changing the mechanism over which we chose the sign.elligator_encodeto return whetherepsis a square or not (required forhash_to_curve).FieldElement::from_bytes_wide(bytes: &u8; 64])to reduce integers encoded in 64 bytes.