diff --git a/include/nil/crypto3/hash/detail/h2c/ep.hpp b/include/nil/crypto3/hash/detail/h2c/ep.hpp new file mode 100644 index 0000000..1f6adfb --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/ep.hpp @@ -0,0 +1,131 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_HASH_TO_CURVE_HPP +#define CRYPTO3_HASH_HASH_TO_CURVE_HPP + +#include +#include +#include + +#include +#include + +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + using namespace boost::multiprecision; + + template + struct ep_map { + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + typedef typename suite_type::modular_type modular_type; + typedef typename modular_type::backend_type modular_adaptor_type; + typedef typename suite_type::modular_backend modular_backend; + + typedef boost::multiprecision::backends::modular_params modular_params_type; + + typedef typename suite_type::hash_type hash_type; + + constexpr static std::size_t m = suite_type::m; + constexpr static std::size_t L = suite_type::L; + constexpr static std::size_t k = suite_type::k; + + // Sometimes hash is 512 bits, while the group element is 256 or 381 bits. + // In these cases we take the number module the modulus of the group. + typedef typename boost::multiprecision::cpp_int_modular_backend modular_backend_of_hash_size; + + constexpr static const modular_params_type p_modulus_params = suite_type::p.backend(); + + typedef expand_message_xmd expand_message_ro; + // typedef expand_message_xof expand_message_nu; + + static_assert(m == 1, "underlying field has wrong extension"); + + template::value && + std::is_same::value>::type> + static inline group_value_type hash_to_curve(const InputType &msg, const DstType &dst) { + auto u = hash_to_field<2, expand_message_ro>(msg, dst); + group_value_type Q0 = map_to_curve::process(u[0]); + group_value_type Q1 = map_to_curve::process(u[1]); + return clear_cofactor(Q0 + Q1); + } + + // template::value>::type> + // static inline group_value_type encode_to_curve(const InputType &msg) { + // auto u = hash_to_field<1>(msg); + // group_value_type Q = map_to_curve(u[0]); + // return clear_cofactor(Q); + // } + + // private: + template::value && + std::is_same::value>::type> + static inline std::array hash_to_field(const InputType &msg, + const DstType &dst) { + std::array uniform_bytes {0}; + expand_message_type::process(N * m * L, msg, dst, uniform_bytes); + + number e; + std::array coordinates; + std::array result; + for (std::size_t i = 0; i < N; i++) { + for (std::size_t j = 0; j < m; j++) { + auto elm_offset = L * (j + i * m); + import_bits(e, uniform_bytes.begin() + elm_offset, + uniform_bytes.begin() + elm_offset + L); + + // Sometimes hash is 512 bits, while the group element is 256 or 381 bits. + // In these cases we take the number module the modulus of the group. + e %= p_modulus_params.get_mod(); + + coordinates[j] = modular_type(modular_adaptor_type( + modular_backend(e.backend()), p_modulus_params)); + } + result[i] = field_value_type(coordinates[0]); + } + + return result; + } + + static inline group_value_type clear_cofactor(const group_value_type &R) { + return R * suite_type::h_eff; + } + }; + } // namespace hashes + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_HASH_TO_CURVE_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/ep2.hpp b/include/nil/crypto3/hash/detail/h2c/ep2.hpp new file mode 100644 index 0000000..1096d19 --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/ep2.hpp @@ -0,0 +1,118 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_HASH_TO_CURVE2_HPP +#define CRYPTO3_HASH_HASH_TO_CURVE2_HPP + +#include +#include +#include + +#include + +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + using namespace boost::multiprecision; + + template + struct ep2_map { + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + typedef typename suite_type::modular_type modular_type; + typedef typename modular_type::backend_type modular_adaptor_type; + typedef typename suite_type::modular_backend modular_backend; + + typedef boost::multiprecision::backends::modular_params modular_params_type; + + typedef typename suite_type::hash_type hash_type; + + constexpr static std::size_t m = suite_type::m; + constexpr static std::size_t L = suite_type::L; + constexpr static std::size_t k = suite_type::k; + + // Sometimes hash is 512 bits, while the group element is 256 or 381 bits. + // In these cases we take the number module the modulus of the group. + typedef typename boost::multiprecision::cpp_int_modular_backend modular_backend_of_hash_size; + + typedef expand_message_xmd expand_message_ro; + // typedef expand_message_xof expand_message_nu; + constexpr static const modular_params_type p_modulus_params = suite_type::p.backend(); + + static_assert(m == 2, "underlying field has wrong extension"); + + template::value && + std::is_same::value>::type> + static inline group_value_type hash_to_curve(const InputType &msg, const DstType &dst) { + auto u = hash_to_field<2, expand_message_ro>(msg, dst); + group_value_type Q0 = map_to_curve::process(u[0]); + group_value_type Q1 = map_to_curve::process(u[1]); + return clear_cofactor(Q0 + Q1); + } + // private: + template::value && + std::is_same::value>::type> + static inline std::array hash_to_field(const InputType &msg, + const DstType &dst) { + std::array uniform_bytes {0}; + expand_message_type::process(N * m * L, msg, dst, uniform_bytes); + + number e; + std::array coordinates; + std::array result; + for (std::size_t i = 0; i < N; i++) { + for (std::size_t j = 0; j < m; j++) { + auto elm_offset = L * (j + i * m); + import_bits(e, uniform_bytes.begin() + elm_offset, + uniform_bytes.begin() + elm_offset + L); + // Sometimes hash is 512 bits, while the group element is 256 or 381 bits. + // In these cases we take the number module the modulus of the group. + e %= p_modulus_params.get_mod(); + coordinates[j] = modular_type(modular_adaptor_type( + modular_backend(e.backend()), p_modulus_params)); + } + result[i] = field_value_type(coordinates[0], coordinates[1]); + } + + return result; + } + + static inline group_value_type clear_cofactor(const group_value_type &R) { + return R * suite_type::h_eff; + } + }; + } // namespace hashes + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_HASH_TO_CURVE2_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/h2c_expand.hpp b/include/nil/crypto3/hash/detail/h2c/h2c_expand.hpp new file mode 100644 index 0000000..53ea826 --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/h2c_expand.hpp @@ -0,0 +1,162 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_H2C_EXPAND_HPP +#define CRYPTO3_HASH_H2C_EXPAND_HPP + +#include +#include + +#include + +#include + +#include +#include + +#include +#include +#include + +#include +#include +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + using namespace nil::crypto3::detail; + template::value>::type> + class expand_message_xmd { + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-5.4.1 + BOOST_STATIC_ASSERT_MSG(HashType::block_bits % 8 == 0, "r_in_bytes is not a multiple of 8"); + BOOST_STATIC_ASSERT_MSG(HashType::digest_bits % 8 == 0, "b_in_bytes is not a multiple of 8"); + BOOST_STATIC_ASSERT_MSG(HashType::digest_bits >= 2 * k, + "k-bit collision resistance is not fulfilled"); + + constexpr static const std::size_t b_in_bytes = HashType::digest_bits / 8; + constexpr static const std::size_t r_in_bytes = HashType::block_bits / 8; + + constexpr static const std::array Z_pad {0}; + + public: + template::value && + std::is_same::value && + std::is_same::value>::type> + static inline void process(const std::size_t len_in_bytes, const InputMsgType &msg, + const InputDstType &dst, OutputType &uniform_bytes) { + BOOST_CONCEPT_ASSERT((boost::SinglePassRangeConcept)); + BOOST_CONCEPT_ASSERT((boost::SinglePassRangeConcept)); + BOOST_CONCEPT_ASSERT((boost::SinglePassRangeConcept)); + BOOST_CONCEPT_ASSERT((boost::WriteableRangeConcept)); + + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-5.4.1 + BOOST_ASSERT(len_in_bytes < 0x10000); + BOOST_ASSERT(std::distance(dst.begin(), dst.end()) >= 16 && + std::distance(dst.begin(), dst.end()) <= 255); + BOOST_ASSERT( + std::size_t(std::distance(uniform_bytes.begin(), uniform_bytes.end())) >= len_in_bytes); + + const std::array l_i_b_str = { + static_cast(len_in_bytes >> 8u), + static_cast(len_in_bytes % 0x100)}; + const std::size_t ell = static_cast(len_in_bytes / b_in_bytes) + + static_cast(len_in_bytes % b_in_bytes != 0); + + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-5.4.1 + BOOST_ASSERT(ell <= 255); + + // TODO: use accumulators when they will be fixed + // accumulator_set b0_acc; + // hash(Z_pad, b0_acc); + // hash(msg, b0_acc); + // hash(l_i_b_str, b0_acc); + // hash(std::array {0}, b0_acc); + // hash(dst, b0_acc); + // hash(std::array {static_cast(dst.size())}, + // b0_acc); typename HashType::digest_type b0 = + // accumulators::extract::hash(b0_acc); + std::vector msg_prime; + msg_prime.insert(msg_prime.end(), Z_pad.begin(), Z_pad.end()); + msg_prime.insert(msg_prime.end(), msg.begin(), msg.end()); + msg_prime.insert(msg_prime.end(), l_i_b_str.begin(), l_i_b_str.end()); + msg_prime.insert(msg_prime.end(), static_cast(0)); + msg_prime.insert(msg_prime.end(), dst.begin(), dst.end()); + msg_prime.insert(msg_prime.end(), + static_cast(std::distance(dst.begin(), dst.end()))); + typename HashType::digest_type b0 = hash(msg_prime); + + // TODO: use accumulators when they will be fixed + // accumulator_set bi_acc; + // hash(b0, bi_acc); + // hash(std::array {1}, bi_acc); + // hash(dst, bi_acc); + // hash(std::array {static_cast(dst.size())}, + // bi_acc); typename HashType::digest_type bi = + // accumulators::extract::hash(bi_acc); std::copy(bi.begin(), bi.end(), + // uniform_bytes.begin()); + std::vector b_i_str; + b_i_str.insert(b_i_str.end(), b0.begin(), b0.end()); + b_i_str.insert(b_i_str.end(), static_cast(1)); + b_i_str.insert(b_i_str.end(), dst.begin(), dst.end()); + b_i_str.insert(b_i_str.end(), + static_cast(std::distance(dst.begin(), dst.end()))); + typename HashType::digest_type bi = hash(b_i_str); + std::copy(bi.begin(), bi.end(), uniform_bytes.begin()); + + typename HashType::digest_type xored_b; + for (std::size_t i = 2; i <= ell; i++) { + // TODO: use accumulators when they will be fixed + // accumulator_set bi_acc; + // strxor(b0, bi, xored_b); + // hash(xored_b, bi_acc); + // hash(std::array {static_cast(i)}, bi_acc); + // hash(dst, bi_acc); + // hash(std::array {static_cast(dst.size())}, + // bi_acc); + // bi = accumulators::extract::hash(bi_acc); + // std::copy(bi.begin(), bi.end(), uniform_bytes.begin() + (i - 1) * b_in_bytes); + nil::crypto3::algebra::strxor(b0, bi, xored_b); + std::vector b_i_str; + b_i_str.insert(b_i_str.end(), xored_b.begin(), xored_b.end()); + b_i_str.insert(b_i_str.end(), static_cast(i)); + b_i_str.insert(b_i_str.end(), dst.begin(), dst.end()); + b_i_str.insert(b_i_str.end(), + static_cast(std::distance(dst.begin(), dst.end()))); + bi = hash(b_i_str); + std::copy(bi.begin(), bi.end(), uniform_bytes.begin() + (i - 1) * b_in_bytes); + } + } + }; + } // namespace haseh + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_H@C_EXPAND_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/h2c_iso_map.hpp b/include/nil/crypto3/hash/detail/h2c/h2c_iso_map.hpp new file mode 100644 index 0000000..edbfd4d --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/h2c_iso_map.hpp @@ -0,0 +1,244 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_HASH_TO_CURVE_ISO_MAP_HPP +#define CRYPTO3_HASH_HASH_TO_CURVE_ISO_MAP_HPP + +#include + +#include + +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + using namespace nil::crypto3::algebra::curves; + template + class iso_map; + + // 11-isogeny map for BLS12-381 G1 + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-E.2 + template<> + class iso_map> { + typedef typename bls12_381::g1_type<> group_type; + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + typedef typename suite_type::integral_type integral_type; + + // TODO: change integral_type on field_value_type when constexpr will be finished + constexpr static std::array k_x_num = { + 0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7_cppui_modular381, + 0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb_cppui_modular381, + 0xd54005db97678ec1d1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0_cppui_modular381, + 0x1778e7166fcc6db74e0609d307e55412d7f5e4656a8dbf25f1b33289f1b330835336e25ce3107193c5b388641d9b6861_cppui_modular381, + 0xe99726a3199f4436642b4b3e4118e5499db995a1257fb3f086eeb65982fac18985a286f301e77c451154ce9ac8895d9_cppui_modular381, + 0x1630c3250d7313ff01d1201bf7a74ab5db3cb17dd952799b9ed3ab9097e68f90a0870d2dcae73d19cd13c1c66f652983_cppui_modular381, + 0xd6ed6553fe44d296a3726c38ae652bfb11586264f0f8ce19008e218f9c86b2a8da25128c1052ecaddd7f225a139ed84_cppui_modular381, + 0x17b81e7701abdbe2e8743884d1117e53356de5ab275b4db1a682c62ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e_cppui_modular381, + 0x80d3cf1f9a78fc47b90b33563be990dc43b756ce79f5574a2c596c928c5d1de4fa295f296b74e956d71986a8497e317_cppui_modular381, + 0x169b1f8e1bcfa7c42e0c37515d138f22dd2ecb803a0c5c99676314baf4bb1b7fa3190b2edc0327797f241067be390c9e_cppui_modular381, + 0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7b_cppui_modular381, + 0x6e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229_cppui_modular381}; + + constexpr static std::array k_x_den = { + 0x8ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c_cppui_modular381, + 0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff_cppui_modular381, + 0xb2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19_cppui_modular381, + 0x3425581a58ae2fec83aafef7c40eb545b08243f16b1655154cca8abc28d6fd04976d5243eecf5c4130de8938dc62cd8_cppui_modular381, + 0x13a8e162022914a80a6f1d5f43e7a07dffdfc759a12062bb8d6b44e833b306da9bd29ba81f35781d539d395b3532a21e_cppui_modular381, + 0xe7355f8e4e667b955390f7f0506c6e9395735e9ce9cad4d0a43bcef24b8982f7400d24bc4228f11c02df9a29f6304a5_cppui_modular381, + 0x772caacf16936190f3e0c63e0596721570f5799af53a1894e2e073062aede9cea73b3538f0de06cec2574496ee84a3a_cppui_modular381, + 0x14a7ac2a9d64a8b230b3f5b074cf01996e7f63c21bca68a81996e1cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e_cppui_modular381, + 0xa10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641_cppui_modular381, + 0x95fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a_cppui_modular381}; + + constexpr static std::array k_y_num = { + 0x90d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33_cppui_modular381, + 0x134996a104ee5811d51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696_cppui_modular381, + 0xcc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6_cppui_modular381, + 0x1f86376e8981c217898751ad8746757d42aa7b90eeb791c09e4a3ec03251cf9de405aba9ec61deca6355c77b0e5f4cb_cppui_modular381, + 0x8cc03fdefe0ff135caf4fe2a21529c4195536fbe3ce50b879833fd221351adc2ee7f8dc099040a841b6daecf2e8fedb_cppui_modular381, + 0x16603fca40634b6a2211e11db8f0a6a074a7d0d4afadb7bd76505c3d3ad5544e203f6326c95a807299b23ab13633a5f0_cppui_modular381, + 0x4ab0b9bcfac1bbcb2c977d027796b3ce75bb8ca2be184cb5231413c4d634f3747a87ac2460f415ec961f8855fe9d6f2_cppui_modular381, + 0x987c8d5333ab86fde9926bd2ca6c674170a05bfe3bdd81ffd038da6c26c842642f64550fedfe935a15e4ca31870fb29_cppui_modular381, + 0x9fc4018bd96684be88c9e221e4da1bb8f3abd16679dc26c1e8b6e6a1f20cabe69d65201c78607a360370e577bdba587_cppui_modular381, + 0xe1bba7a1186bdb5223abde7ada14a23c42a0ca7915af6fe06985e7ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30_cppui_modular381, + 0x19713e47937cd1be0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183e416389e61031bf3a5cce3fbafce813711ad011c132_cppui_modular381, + 0x18b46a908f36f6deb918c143fed2edcc523559b8aaf0c2462e6bfe7f911f643249d9cdf41b44d606ce07c8a4d0074d8e_cppui_modular381, + 0xb182cac101b9399d155096004f53f447aa7b12a3426b08ec02710e807b4633f06c851c1919211f20d4c04f00b971ef8_cppui_modular381, + 0x245a394ad1eca9b72fc00ae7be315dc757b3b080d4c158013e6632d3c40659cc6cf90ad1c232a6442d9d3f5db980133_cppui_modular381, + 0x5c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b_cppui_modular381, + 0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b604_cppui_modular381}; + + constexpr static std::array k_y_den = { + 0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1_cppui_modular381, + 0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d_cppui_modular381, + 0x58df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2_cppui_modular381, + 0x16b7d288798e5395f20d23bf89edb4d1d115c5dbddbcd30e123da489e726af41727364f2c28297ada8d26d98445f5416_cppui_modular381, + 0xbe0e079545f43e4b00cc912f8228ddcc6d19c9f0f69bbb0542eda0fc9dec916a20b15dc0fd2ededda39142311a5001d_cppui_modular381, + 0x8d9e5297186db2d9fb266eaac783182b70152c65550d881c5ecd87b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac_cppui_modular381, + 0x166007c08a99db2fc3ba8734ace9824b5eecfdfa8d0cf8ef5dd365bc400a0051d5fa9c01a58b1fb93d1a1399126a775c_cppui_modular381, + 0x16a3ef08be3ea7ea03bcddfabba6ff6ee5a4375efa1f4fd7feb34fd206357132b920f5b00801dee460ee415a15812ed9_cppui_modular381, + 0x1866c8ed336c61231a1be54fd1d74cc4f9fb0ce4c6af5920abc5750c4bf39b4852cfe2f7bb9248836b233d9d55535d4a_cppui_modular381, + 0x167a55cda70a6e1cea820597d94a84903216f763e13d87bb5308592e7ea7d4fbc7385ea3d529b35e346ef48bb8913f55_cppui_modular381, + 0x4d2f259eea405bd48f010a01ad2911d9c6dd039bb61a6290e591b36e636a5c871a5c29f4f83060400f8b49cba8f6aa8_cppui_modular381, + 0xaccbb67481d033ff5852c1e48c50c477f94ff8aefce42d28c0f9a88cea7913516f968986f7ebbea9684b529e2561092_cppui_modular381, + 0xad6b9514c767fe3c3613144b45f1496543346d98adf02267d5ceef9a00d9b8693000763e3b90ac11e99b138573345cc_cppui_modular381, + 0x2660400eb2e4f3b628bdd0d53cd76f2bf565b94e72927c1cb748df27942480e420517bd8714cc80d1fadc1326ed06f7_cppui_modular381, + 0xe0fa1d816ddc03e6b24255e0d7819c171c40f65e273b853324efcd6356caa205ca2f570f13497804415473a1d634b8f_cppui_modular381}; + + public: + static inline group_value_type process(const group_value_type &ci) { + field_value_type x_num = field_value_type::zero(); + field_value_type x_den = field_value_type::zero(); + field_value_type y_num = field_value_type::zero(); + field_value_type y_den = field_value_type::zero(); + + std::vector xi_powers = [&ci]() { + std::vector xi_powers {field_value_type::one()}; + for (std::size_t i = 0; i < 15; i++) { + xi_powers.emplace_back(xi_powers.back() * ci.X); + } + return xi_powers; + }(); + + for (std::size_t i = 0; i < k_x_den.size(); i++) { + x_den += field_value_type(k_x_den[i]) * xi_powers[i]; + } + x_den += xi_powers[k_x_den.size()]; + + for (std::size_t i = 0; i < k_y_den.size(); i++) { + y_den += field_value_type(k_y_den[i]) * xi_powers[i]; + } + y_den += xi_powers[k_y_den.size()]; + + if (x_den.is_zero() || y_den.is_zero()) { + return group_value_type::one(); + } + + for (std::size_t i = 0; i < k_x_num.size(); i++) { + x_num += field_value_type(k_x_num[i]) * xi_powers[i]; + } + + for (std::size_t i = 0; i < k_y_num.size(); i++) { + y_num += field_value_type(k_y_num[i]) * xi_powers[i]; + } + return group_value_type(x_num * x_den.inversed(), ci.Y * y_num * y_den.inversed(), field_value_type::one()); + } + }; + + // 3-isogeny map for BLS12-381 G2 + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-E.3 + template<> + class iso_map> { + typedef typename bls12_381::g2_type<> group_type; + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + typedef typename suite_type::integral_type integral_type; + + // TODO: change integral_type on field_value_type when constexpr will be finished + constexpr static std::array, 4> k_x_num = { + {{{0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6_cppui_modular381, + 0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6_cppui_modular381}}, + {{0, + 0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71a_cppui_modular381}}, + {{0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71e_cppui_modular381, + 0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38d_cppui_modular381}}, + {{0x171d6541fa38ccfaed6dea691f5fb614cb14b4e7f4e810aa22d6108f142b85757098e38d0f671c7188e2aaaaaaaa5ed1_cppui_modular381, + 0}}}}; + + constexpr static std::array, 2> k_x_den = { + {{{0, + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63_cppui_modular381}}, + {{0xc, + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f_cppui_modular381}}}}; + + constexpr static std::array, 4> k_y_num = { + {{{0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706_cppui_modular381, + 0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706_cppui_modular381}}, + {{0, + 0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97be_cppui_modular381}}, + {{0x11560bf17baa99bc32126fced787c88f984f87adf7ae0c7f9a208c6b4f20a4181472aaa9cb8d555526a9ffffffffc71c_cppui_modular381, + 0x8ab05f8bdd54cde190937e76bc3e447cc27c3d6fbd7063fcd104635a790520c0a395554e5c6aaaa9354ffffffffe38f_cppui_modular381}}, + {{0x124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10_cppui_modular381, + 0}}}}; + + constexpr static std::array, 3> k_y_den = { + {{{0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb_cppui_modular381, + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb_cppui_modular381}}, + {{0, + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa9d3_cppui_modular381}}, + {{0x12, + 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa99_cppui_modular381}}}}; + + public: + static inline group_value_type process(const group_value_type &ci) { + field_value_type x_num = field_value_type::zero(); + field_value_type x_den = field_value_type::zero(); + field_value_type y_num = field_value_type::zero(); + field_value_type y_den = field_value_type::zero(); + + std::vector xi_powers = [&ci]() { + std::vector xi_powers {field_value_type::one()}; + for (std::size_t i = 0; i < 3; i++) { + xi_powers.emplace_back(xi_powers.back() * ci.X); + } + return xi_powers; + }(); + + for (std::size_t i = 0; i < k_x_den.size(); i++) { + x_den += field_value_type(k_x_den[i][0], k_x_den[i][1]) * xi_powers[i]; + } + x_den += xi_powers[k_x_den.size()]; + + for (std::size_t i = 0; i < k_y_den.size(); i++) { + y_den += field_value_type(k_y_den[i][0], k_y_den[i][1]) * xi_powers[i]; + } + y_den += xi_powers[k_y_den.size()]; + + if (x_den.is_zero() || y_den.is_zero()) { + return group_value_type::one(); + } + + for (std::size_t i = 0; i < k_x_num.size(); i++) { + x_num += field_value_type(k_x_num[i][0], k_x_num[i][1]) * xi_powers[i]; + } + + for (std::size_t i = 0; i < k_y_num.size(); i++) { + y_num += field_value_type(k_y_num[i][0], k_y_num[i][1]) * xi_powers[i]; + } + return group_value_type(x_num * x_den.inversed(), ci.Y * y_num * y_den.inversed(), field_value_type::one()); + } + }; + } //namespace hashes + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_HASH_TO_CURVE_ISO_MAP_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/h2c_m2c.hpp b/include/nil/crypto3/hash/detail/h2c/h2c_m2c.hpp new file mode 100644 index 0000000..c4869b8 --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/h2c_m2c.hpp @@ -0,0 +1,107 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_MAP_TO_CURVE_HPP +#define CRYPTO3_HASH_MAP_TO_CURVE_HPP + +#include +#include +#include + +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + template + struct m2c_simple_swu { + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + + static inline group_value_type process(const field_value_type &u) { + // TODO: We assume that Z meets the following criteria -- correct for predefined suites, + // but wrong in general case + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-6.6.2 + // Preconditions: + // 1. Z is non-square in F, + // 2. Z != -1 in F, + // 3. the polynomial g(x) - Z is irreducible over F, and + // 4. g(B / (Z * A)) is square in F. + static const field_value_type one = field_value_type::one(); + + field_value_type tv1 = + (suite_type::Z.pow(2) * u.pow(4) + suite_type::Z * u.pow(2)).inversed(); + field_value_type x1 = (-suite_type::Bi * suite_type::Ai.inversed()) * (one + tv1); + if (tv1.is_zero()) { + x1 = suite_type::Bi * (suite_type::Z * suite_type::Ai).inversed(); + } + field_value_type gx1 = x1.pow(3) + suite_type::Ai * x1 + suite_type::Bi; + field_value_type x2 = suite_type::Z * u.pow(2) * x1; + field_value_type gx2 = x2.pow(3) + suite_type::Ai * x2 + suite_type::Bi; + field_value_type x, y; + if (gx1.is_square()) { + x = x1; + y = gx1.sqrt(); + } else { + x = x2; + y = gx2.sqrt(); + } + if (sgn0(u) != sgn0(y)) { + y = -y; + } + return group_value_type(x, y, one); + } + }; + + template + struct m2c_simple_swu_zeroAB { + typedef h2c_suite suite_type; + + typedef typename suite_type::group_value_type group_value_type; + typedef typename suite_type::field_value_type field_value_type; + + static inline group_value_type process(const field_value_type &u) { + group_value_type ci = m2c_simple_swu::process(u); + return iso_map::process(ci); + } + }; + + template + struct map_to_curve; + + template<> + struct map_to_curve> + : m2c_simple_swu_zeroAB> { }; + + template<> + struct map_to_curve> + : m2c_simple_swu_zeroAB> { }; + } // namespace hashes + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_MAP_TO_CURVE_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/h2c_sgn0.hpp b/include/nil/crypto3/hash/detail/h2c/h2c_sgn0.hpp new file mode 100644 index 0000000..6fd7130 --- /dev/null +++ b/include/nil/crypto3/hash/detail/h2c/h2c_sgn0.hpp @@ -0,0 +1,62 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_HASH_HASH_TO_CURVE_UTILS_HPP +#define CRYPTO3_HASH_HASH_TO_CURVE_UTILS_HPP + +#include +#include + +namespace nil { + namespace crypto3 { + namespace hashes { + using namespace nil::crypto3::algebra::fields::detail; + + template + inline bool sgn0(const element_fp &e) { + using modular_type = typename FieldParams::modular_type; + + static const modular_type two = typename modular_type::backend_type(2u); + + return static_cast(e.data % two); + } + + template + inline bool sgn0(const element_fp2 &e) { + using underlying_type = typename element_fp2::underlying_type; + using modular_type = typename FieldParams::modular_type; + + static const modular_type two = typename modular_type::backend_type(2u); + + modular_type sign_0 = e.data[0].data % two; + bool zero_0 = e.data[0].data.is_zero(); + modular_type sign_1 = e.data[1].data % two; + return static_cast(sign_0) || (zero_0 && static_cast(sign_1)); + } + } // namespace hashes + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_HASH_HASH_TO_CURVE_UTILS_HPP diff --git a/include/nil/crypto3/hash/detail/h2c/h2c_suites.hpp b/include/nil/crypto3/hash/detail/h2c/h2c_suites.hpp index a5568aa..06b1113 100644 --- a/include/nil/crypto3/hash/detail/h2c/h2c_suites.hpp +++ b/include/nil/crypto3/hash/detail/h2c/h2c_suites.hpp @@ -1,6 +1,6 @@ //---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin // // MIT License // @@ -23,34 +23,47 @@ // SOFTWARE. //---------------------------------------------------------------------------// -#ifndef CRYPTO3_HASH_H2C_SUITES_HPP -#define CRYPTO3_HASH_H2C_SUITES_HPP +#ifndef CRYPTO3_HASH_HASH_TO_CURVE_SUITES_HPP +#define CRYPTO3_HASH_HASH_TO_CURVE_SUITES_HPP + +#include + +#include +#include #include -#include #include -#include #include -#include - namespace nil { namespace crypto3 { namespace hashes { - template + using namespace nil::crypto3::algebra::curves; + template struct h2c_suite; - template - struct h2c_suite> { - typedef algebra::curves::bls12_381 curve_type; - typedef typename algebra::curves::bls12_381::g1_type group_type; + template<> + struct h2c_suite> { + typedef bls12_381 curve_type; + typedef typename bls12_381::g1_type<> group_type; + typedef hashes::sha2<256> hash_type; typedef typename group_type::value_type group_value_type; typedef typename group_type::field_type::integral_type integral_type; typedef typename group_type::field_type::modular_type modular_type; + typedef typename group_type::field_type::modular_backend modular_backend; typedef typename group_type::field_type field_type; - typedef typename field_type::value_type field_value_type; + typedef typename group_type::field_type::value_type field_value_type; + + // BLS12381G1_XMD:SHA-256_SSWU_RO_ + constexpr static std::array suite_id = { + 66, 76, 83, 49, 50, 51, 56, 49, 71, 49, 95, 88, 77, 68, 58, 83, + 72, 65, 45, 50, 53, 54, 95, 83, 83, 87, 85, 95, 82, 79, 95}; + constexpr static integral_type p = curve_type::base_field_type::modulus; + constexpr static std::size_t m = 1; + constexpr static std::size_t k = 128; + constexpr static std::size_t L = 64; constexpr static inline const field_value_type Ai = field_value_type( 0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d_cppui_modular381); @@ -60,25 +73,42 @@ namespace nil { constexpr static integral_type h_eff = 0xd201000000010001_cppui_modular381; }; - template - struct h2c_suite> { - typedef algebra::curves::bls12_381 curve_type; - typedef typename algebra::curves::bls12_381::g2_type group_type; + template<> + struct h2c_suite> { + typedef bls12_381 curve_type; + typedef typename bls12_381::g2_type<> group_type; + typedef hashes::sha2<256> hash_type; typedef typename group_type::value_type group_value_type; typedef typename group_type::field_type::integral_type integral_type; typedef typename group_type::field_type::modular_type modular_type; + typedef typename group_type::field_type::modular_backend modular_backend; typedef typename group_type::field_type field_type; - typedef typename field_type::value_type field_value_type; + typedef typename group_type::field_type::value_type field_value_type; + + // BLS12381G2_XMD:SHA-256_SSWU_RO_ + constexpr static std::array suite_id = { + 0x42, 0x4c, 0x53, 0x31, 0x32, 0x33, 0x38, 0x31, 0x47, 0x32, 0x5f, + 0x58, 0x4d, 0x44, 0x3a, 0x53, 0x48, 0x41, 0x2d, 0x32, 0x35, 0x36, + 0x5f, 0x53, 0x53, 0x57, 0x55, 0x5f, 0x52, 0x4f, 0x5f}; + constexpr static integral_type p = curve_type::base_field_type::modulus; + constexpr static std::size_t m = 2; + constexpr static std::size_t k = 128; + constexpr static std::size_t L = 64; constexpr static inline field_value_type Ai = field_value_type(0u, 240u); constexpr static inline field_value_type Bi = field_value_type(1012u, 1012u); + +#if BOOST_COMP_GNUC constexpr static inline field_value_type Z = []() { return -field_value_type(2u, 1u); }(); +#else + constexpr static inline field_value_type Z = -field_value_type(2u, 1u); +#endif constexpr static inline auto h_eff = 0xbc69f08f2ee75b3584c6a0ea91b352888e2a8e9145ad7689986ff031508ffe1329c2f178731db956d82bf015d1212b02ec0ec69d7477c1ae954cbc06689f6a359894c0adebbf6b4e8020005aaa95551_cppui_modular636; }; } // namespace hashes - } // namespace crypto3 + } // namespace crypto3 } // namespace nil -#endif // CRYPTO3_HASH_H2C_SUITES_HPP +#endif // CRYPTO3_HASH_HASH_TO_CURVE_SUITES_HPP diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 1602fb9..ea65cd9 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -87,6 +87,7 @@ set(TESTS_NAMES "static_digest" "tiger" "poseidon" + "hash_to_curve" ) # "reinforced_concrete") # fails diff --git a/test/hash_to_curve.cpp b/test/hash_to_curve.cpp new file mode 100644 index 0000000..6a6ab08 --- /dev/null +++ b/test/hash_to_curve.cpp @@ -0,0 +1,550 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2020-2021 Mikhail Komarov +// Copyright (c) 2020-2021 Ilias Khairullin +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#define BOOST_TEST_MODULE curves_algebra_test + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +#include + +#include + +#include +#include +#include +#include +#include +#include + +using namespace boost::multiprecision; +using namespace nil::crypto3; +using namespace nil::crypto3::algebra; +using namespace nil::crypto3::algebra::curves::detail; +using namespace nil::crypto3::algebra::curves; +using namespace nil::crypto3::hashes; + +namespace boost { + namespace test_tools { + namespace tt_detail { + template class P, typename K, typename V> + struct print_log_value> { + void operator()(std::ostream &, P const &) { + } + }; + } // namespace tt_detail + } // namespace test_tools +} // namespace boost + +template::value && + std::is_same::value && + std::is_same::value>::type> +void check_expand_message(std::size_t len_in_bytes, const DstType &dst, const MsgType &msg, const ResultType &result) { + auto result_compare = [&result](auto my_result) { + if (result.size() != my_result.size()) { + return false; + } + bool ret = true; + for (std::size_t i = 0; i < result.size(); i++) { + ret &= result[i] == my_result[i]; + } + return ret; + }; + std::vector uniform_bytes(len_in_bytes, 0); + Expander::template process(len_in_bytes, msg, dst, uniform_bytes); + BOOST_CHECK(result_compare(uniform_bytes)); +} + +template::value>::type> +void check_hash_to_field_ro(const std::string &msg_str, + const std::array &result, + const DstType &dst) { + std::vector msg(msg_str.begin(), msg_str.end()); + auto u = H2CType::template hash_to_field(msg, dst); + for (std::size_t i = 0; i < N; i++) { + BOOST_CHECK_EQUAL(u[i], result[i]); + } +} + +template::value>::type> +void check_hash_to_curve(const std::string &msg_str, const GroupValueType &expected, const DstType &dst) { + std::vector msg(msg_str.begin(), msg_str.end()); + GroupValueType result = H2CType::hash_to_curve(msg, dst); + BOOST_CHECK_EQUAL(result, expected); +} + +BOOST_AUTO_TEST_SUITE(h2c_manual_tests) + +BOOST_AUTO_TEST_CASE(expand_message_xmd_sha256_test) { + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-K.1 + using hash_type = hashes::sha2<256>; + using expand_message = expand_message_xmd<128, hash_type>; + + std::string DST_str("QUUX-V01-CS02-with-expander"); + std::vector DST(DST_str.begin(), DST_str.end()); + + // {len_in_bytes, msg, uniform_bytes} + using samples_type = std::vector, std::vector>>; + samples_type samples { + {0x20, {}, {0xf6, 0x59, 0x81, 0x9a, 0x64, 0x73, 0xc1, 0x83, 0x5b, 0x25, 0xea, 0x59, 0xe3, 0xd3, 0x89, 0x14, + 0xc9, 0x8b, 0x37, 0x4f, 0x9, 0x70, 0xb7, 0xe4, 0xc9, 0x21, 0x81, 0xdf, 0x92, 0x8f, 0xca, 0x88}}, + {0x20, {0x61, 0x62, 0x63}, {0x1c, 0x38, 0xf7, 0xc2, 0x11, 0xef, 0x23, 0x33, 0x67, 0xb2, 0x42, + 0xd, 0x4, 0x79, 0x8f, 0xa4, 0x69, 0x80, 0x80, 0xa8, 0x90, 0x10, + 0x21, 0xa7, 0x95, 0xa1, 0x15, 0x17, 0x75, 0xfe, 0x4d, 0xa7}}, + {0x20, + {0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39}, + {0x8f, 0x7e, 0x7b, 0x66, 0x79, 0x1f, 0xd, 0xa0, 0xdb, 0xb5, 0xec, 0x7c, 0x22, 0xec, 0x63, 0x7f, + 0x79, 0x75, 0x8c, 0xa, 0x48, 0x17, 0xb, 0xfb, 0x7c, 0x46, 0x11, 0xbd, 0x30, 0x4e, 0xce, 0x89}}, + {0x20, + {0x71, 0x31, 0x32, 0x38, 0x5f, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71}, + {0x72, 0xd5, 0xaa, 0x5e, 0xc8, 0x10, 0x37, 0xd, 0x1f, 0x0, 0x13, 0xc0, 0xdf, 0x2f, 0x1d, 0x65, + 0x69, 0x94, 0x94, 0xee, 0x2a, 0x39, 0xf7, 0x2e, 0x17, 0x16, 0xb1, 0xb9, 0x64, 0xe1, 0xc6, 0x42}}, + {0x20, + {0x61, 0x35, 0x31, 0x32, 0x5f, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61}, + {0x3b, 0x8e, 0x70, 0x4f, 0xc4, 0x83, 0x36, 0xac, 0xa4, 0xc2, 0xa1, 0x21, 0x95, 0xb7, 0x20, 0x88, + 0x2f, 0x21, 0x62, 0xa4, 0xb7, 0xb1, 0x3a, 0x9c, 0x35, 0xd, 0xb4, 0x6f, 0x42, 0x9b, 0x77, 0x1b}}, + {0x80, {}, {0x8b, 0xcf, 0xfd, 0x1a, 0x3c, 0xae, 0x24, 0xcf, 0x9c, 0xd7, 0xab, 0x85, 0x62, 0x8f, 0xd1, 0x11, + 0xbb, 0x17, 0xe3, 0x73, 0x9d, 0x3b, 0x53, 0xf8, 0x95, 0x80, 0xd2, 0x17, 0xaa, 0x79, 0x52, 0x6f, + 0x17, 0x8, 0x35, 0x4a, 0x76, 0xa4, 0x2, 0xd3, 0x56, 0x9d, 0x6a, 0x9d, 0x19, 0xef, 0x3d, 0xe4, + 0xd0, 0xb9, 0x91, 0xe4, 0xf5, 0x4b, 0x9f, 0x20, 0xdc, 0xde, 0x9b, 0x95, 0xa6, 0x68, 0x24, 0xcb, + 0xdf, 0x6c, 0x1a, 0x96, 0x3a, 0x19, 0x13, 0xd4, 0x3f, 0xd7, 0xac, 0x44, 0x3a, 0x2, 0xfc, 0x5d, + 0x9d, 0x8d, 0x77, 0xe2, 0x7, 0x1b, 0x86, 0xab, 0x11, 0x4a, 0x9f, 0x34, 0x15, 0x9, 0x54, 0xa7, + 0x53, 0x1d, 0xa5, 0x68, 0xa1, 0xea, 0x8c, 0x76, 0x8, 0x61, 0xc0, 0xcd, 0xe2, 0x0, 0x5a, 0xfc, + 0x2c, 0x11, 0x40, 0x42, 0xee, 0x7b, 0x58, 0x48, 0xf5, 0x30, 0x3f, 0x6, 0x11, 0xcf, 0x29, 0x7f}}, + {0x80, + {0x61, 0x62, 0x63}, + {0xfe, 0x99, 0x4e, 0xc5, 0x1b, 0xda, 0xa8, 0x21, 0x59, 0x80, 0x47, 0xb3, 0x12, 0x1c, 0x14, 0x9b, + 0x36, 0x4b, 0x17, 0x86, 0x6, 0xd5, 0xe7, 0x2b, 0xfb, 0xb7, 0x13, 0x93, 0x3a, 0xcc, 0x29, 0xc1, + 0x86, 0xf3, 0x16, 0xba, 0xec, 0xf7, 0xea, 0x22, 0x21, 0x2f, 0x24, 0x96, 0xef, 0x3f, 0x78, 0x5a, + 0x27, 0xe8, 0x4a, 0x40, 0xd8, 0xb2, 0x99, 0xce, 0xc5, 0x60, 0x32, 0x76, 0x3e, 0xce, 0xef, 0xf4, + 0xc6, 0x1b, 0xd1, 0xfe, 0x65, 0xed, 0x81, 0xde, 0xca, 0xff, 0xf4, 0xa3, 0x1d, 0x1, 0x98, 0x61, + 0x9c, 0xa, 0xa0, 0xc6, 0xc5, 0x1f, 0xca, 0x15, 0x52, 0x7, 0x89, 0x92, 0x5e, 0x81, 0x3d, 0xcf, + 0xd3, 0x18, 0xb5, 0x42, 0xf8, 0x79, 0x94, 0x41, 0x27, 0x1f, 0x4d, 0xb9, 0xee, 0x3b, 0x80, 0x92, + 0xa7, 0xa2, 0xe8, 0xd5, 0xb7, 0x5b, 0x73, 0xe2, 0x8f, 0xb1, 0xab, 0x6b, 0x45, 0x73, 0xc1, 0x92}}, + {0x80, + {0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39}, + {0xc9, 0xec, 0x79, 0x41, 0x81, 0x1b, 0x1e, 0x19, 0xce, 0x98, 0xe2, 0x1d, 0xb2, 0x8d, 0x22, 0x25, + 0x93, 0x54, 0xd4, 0xd0, 0x64, 0x3e, 0x30, 0x11, 0x75, 0xe2, 0xf4, 0x74, 0xe0, 0x30, 0xd3, 0x26, + 0x94, 0xe9, 0xdd, 0x55, 0x20, 0xdd, 0xe9, 0x3f, 0x36, 0x0, 0xd8, 0xed, 0xad, 0x94, 0xe5, 0xc3, + 0x64, 0x90, 0x30, 0x88, 0xa7, 0x22, 0x8c, 0xc9, 0xef, 0xf6, 0x85, 0xd7, 0xea, 0xac, 0x50, 0xd5, + 0xa5, 0xa8, 0x22, 0x9d, 0x8, 0x3b, 0x51, 0xde, 0x4c, 0xcc, 0x37, 0x33, 0x91, 0x7f, 0x4b, 0x95, + 0x35, 0xa8, 0x19, 0xb4, 0x45, 0x81, 0x48, 0x90, 0xb7, 0x2, 0x9b, 0x5d, 0xe8, 0x5, 0xbf, 0x62, + 0xb3, 0x3a, 0x4d, 0xc7, 0xe2, 0x4a, 0xcd, 0xf2, 0xc9, 0x24, 0xe9, 0xfe, 0x50, 0xd5, 0x5a, 0x6b, + 0x83, 0x2c, 0x8c, 0x84, 0xc7, 0xf8, 0x24, 0x74, 0xb3, 0x4e, 0x48, 0xc6, 0xd4, 0x38, 0x67, 0xbe}}, + {0x80, + {0x71, 0x31, 0x32, 0x38, 0x5f, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, + 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71, 0x71}, + {0x48, 0xe2, 0x56, 0xdd, 0xba, 0x72, 0x20, 0x53, 0xba, 0x46, 0x2b, 0x2b, 0x93, 0x35, 0x1f, 0xc9, + 0x66, 0x2, 0x6e, 0x6d, 0x6d, 0xb4, 0x93, 0x18, 0x97, 0x98, 0x18, 0x1c, 0x5f, 0x3f, 0xee, 0xa3, + 0x77, 0xb5, 0xa6, 0xf1, 0xd8, 0x36, 0x8d, 0x74, 0x53, 0xfa, 0xef, 0x71, 0x5f, 0x9a, 0xec, 0xb0, + 0x78, 0xcd, 0x40, 0x2c, 0xbd, 0x54, 0x8c, 0xe, 0x17, 0x9c, 0x4e, 0xd1, 0xe4, 0xc7, 0xe5, 0xb0, + 0x48, 0xe0, 0xa3, 0x9d, 0x31, 0x81, 0x7b, 0x5b, 0x24, 0xf5, 0xd, 0xb5, 0x8b, 0xb3, 0x72, 0xf, + 0xe9, 0x6b, 0xa5, 0x3d, 0xb9, 0x47, 0x84, 0x21, 0x20, 0xa0, 0x68, 0x81, 0x6a, 0xc0, 0x5c, 0x15, + 0x9b, 0xb5, 0x26, 0x6c, 0x63, 0x65, 0x8b, 0x4f, 0x0, 0xc, 0xbf, 0x87, 0xb1, 0x20, 0x9a, 0x22, + 0x5d, 0xef, 0x8e, 0xf1, 0xdc, 0xa9, 0x17, 0xbc, 0xda, 0x79, 0xa1, 0xe4, 0x2a, 0xcd, 0x80, 0x69}}, + {0x80, + {0x61, 0x35, 0x31, 0x32, 0x5f, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, + 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61}, + {0x39, 0x69, 0x62, 0xdb, 0x47, 0xf7, 0x49, 0xec, 0x3b, 0x50, 0x42, 0xce, 0x24, 0x52, 0xb6, 0x19, + 0x60, 0x7f, 0x27, 0xfd, 0x39, 0x39, 0xec, 0xe2, 0x74, 0x6a, 0x76, 0x14, 0xfb, 0x83, 0xa1, 0xd0, + 0x97, 0xf5, 0x54, 0xdf, 0x39, 0x27, 0xb0, 0x84, 0xe5, 0x5d, 0xe9, 0x2c, 0x78, 0x71, 0x43, 0xd, + 0x6b, 0x95, 0xc2, 0xa1, 0x38, 0x96, 0xd8, 0xa3, 0x3b, 0xc4, 0x85, 0x87, 0xb1, 0xf6, 0x6d, 0x21, + 0xb1, 0x28, 0xa1, 0xa8, 0x24, 0xd, 0x5b, 0xc, 0x26, 0xdf, 0xe7, 0x95, 0xa1, 0xa8, 0x42, 0xa0, + 0x80, 0x7b, 0xb1, 0x48, 0xb7, 0x7c, 0x2e, 0xf8, 0x2e, 0xd4, 0xb6, 0xc9, 0xf7, 0xfc, 0xb7, 0x32, + 0xe7, 0xf9, 0x44, 0x66, 0xc8, 0xb5, 0x1e, 0x52, 0xbf, 0x37, 0x8f, 0xba, 0x4, 0x4a, 0x31, 0xf5, + 0xcb, 0x44, 0x58, 0x3a, 0x89, 0x2f, 0x59, 0x69, 0xdc, 0xd7, 0x3b, 0x3f, 0xa1, 0x28, 0x81, 0x6e}}}; + + for (const auto &s : samples) { + check_expand_message(std::get<0>(s), DST, std::get<1>(s), std::get<2>(s)); + } +} + +BOOST_AUTO_TEST_CASE(hash_to_field_bls12_381_g1_h2c_sha256_test) { + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-J.9.1 + using curve_type = bls12_381; + using group_type = typename curve_type::g1_type<>; + using h2c_type = ep_map; + typedef typename group_type::field_type::value_type field_value_type; + typedef typename group_type::field_type::integral_type integral_type; + + std::string default_tag_str = "QUUX-V01-CS02-with-"; + std::vector dst(default_tag_str.begin(), default_tag_str.end()); + dst.insert(dst.end(), h2c_type::suite_type::suite_id.begin(), h2c_type::suite_type::suite_id.end()); + + using samples_type = std::vector>>; + samples_type samples = { + {"", + {field_value_type(integral_type("1790030616568561980207134218344899338736900885118493183248255875682123737756800" + "213955590674957414534085508415116879")), + field_value_type(integral_type("2474702583317621523708233292803940741700450584532633563728739973751669085848991" + "00434893060702108665825589810322121"))}}, + {"abc", + {field_value_type(integral_type("2088728490498894818688784437928579501848367107744050576780266498473771518428420" + "173373487118890161663886009635645777")), + field_value_type(integral_type("3213892493831086209316960640873433141017158792584421675273329354360198845384332" + "7878077294514665889481436558332217"))}}, + {"abcdef0123456789", + {field_value_type(integral_type("9505970308164648217789710156734861296414103440788614747505275085378045493860586" + "12983484048401731236595379325781716")), + field_value_type(integral_type("1979385000937648348925653198641340374887185657649818450486460034420643425685140" + "133042050299078521896600910613745210"))}}, + {"q128_" + "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" + "qqqqqqqqqqqqqqqqqqq", + {field_value_type(integral_type("1565983848840546529547071507571383550794102107851138573768250148104411885455485" + "95465313883035731540725116276838022")), + field_value_type(integral_type("1709027689043323463259398100486189187238532958310276339146988040422594808842792" + "053521671901476006506290292962489454"))}}, + {"a512_" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + {field_value_type(integral_type("1625704516324785166230868561544190006281306318060308039760768255839116494270087" + "378351796462565313509233883467016390")), + field_value_type(integral_type("8973476190440398924261230730510508241136153370908604317306021021786458550458325" + "65883684732229117125155988066429111"))}} + // {"", {field_value_type(integral_type("")), field_value_type(integral_type(""))}} + }; + + for (auto &s : samples) { + check_hash_to_field_ro<2, h2c_type>(std::get<0>(s), std::get<1>(s), dst); + } +} + +BOOST_AUTO_TEST_CASE(hash_to_field_bls12_381_g2_h2c_sha256_test) { + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-J.10.1 + using curve_type = bls12_381; + using group_type = typename curve_type::g2_type<>; + using h2c_type = ep2_map; + typedef typename group_type::field_type::value_type field_value_type; + typedef typename group_type::field_type::integral_type integral_type; + + std::string default_tag_str = "QUUX-V01-CS02-with-"; + std::vector dst(default_tag_str.begin(), default_tag_str.end()); + dst.insert(dst.end(), h2c_type::suite_type::suite_id.begin(), h2c_type::suite_type::suite_id.end()); + + using samples_type = std::vector>>; + samples_type samples = { + {"", + {field_value_type(integral_type("5938684483100054485611722523870295163604099457864574398759743150316400213898356" + "49561235021338510064922970633805048"), + integral_type("8673753094890675127974598608873659518770540387638184480573261903027016498888499" + "97836339069389536967202878289851290")), + field_value_type(integral_type("4578897045199488434740260225626419694433157155954591591128744980829534319713238" + "09145630315884223143822925947137684"), + integral_type("3132697209754082586339430915081913810572071485832539443682634025529375380328136" + "128542015469873094481703191673087029"))}}, + {"abc", + {field_value_type(integral_type("3381151350286428005095780827831774583653641216459357823974407145557165174365389" + "989442078766443621078367363453769585"), + integral_type("2741746953704442638534180707453397316404679193551841082537168795196953970699630" + "34977795744692362177212201505728989")), + field_value_type(integral_type("3761918608077574755256083960277010506684793456226386707192711779006489497410866" + "269311252402421709839991039401264868"), + integral_type("1342131492846344403298252211066711749849099599627623100864413228392326132610002" + "371925674088601653350525231531947366"))}}, + {"abcdef0123456789", + {field_value_type(integral_type("4736756665618245326244300857865191860224326611904114213007749037224882541543738" + "95989233527517731907580580706354657"), + integral_type("9520540557415691916362510867127307131683791692159959526594533787977337613244945" + "87640793580119096894387397115436943")), + field_value_type(integral_type("3574336717567028224405133950386477048284620456829914449302272757384276784667241" + "972055005113408837488328262928878231"), + integral_type("2365602345707797244937763470382803726723577073883311775921418854730692345417958" + "26215789679703490403053611203549557"))}}, + {"q128_" + "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" + "qqqqqqqqqqqqqqqqqqq", + {field_value_type(integral_type("3608131929677217503005188861991391449980483387988256142839334881042292007389752" + "19634991234987258997592645316502099"), + integral_type("5009904385311786096049606538586133897401985944525938049981086917265658825017777" + "15476408413735192405455364595747963")), + field_value_type(integral_type("1414201600433038156752401103621159164529164806638579329495300394501933973057103" + "319123042671630779248244072674138005"), + integral_type("2580989994757912640015815541704972436791025324967858519264081257257405036397177" + "981572950833626047365407639272235247"))}}, + {"a512_" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + {field_value_type(integral_type("3854656460966118202185202795415969034444473478700041637108073179423449626727403" + "291696647010132509133525205314259253"), + integral_type("2873494353363126311409085895530381085174075451844000378947122252646711114869905" + "923958066527312260237781765269081913")), + field_value_type(integral_type("2218682278840147973132952196327912255143646871258838127959845658885016361690895" + "544274403462155614933990666846598837"), + integral_type("2692054640040186323570630735219910885988179020142391687801930252786130591827501" + "100656577702624784849458500251540952"))}}, + + // {"", + // {field_value_type(integral_type(""), + // integral_type("")), + // field_value_type(integral_type(""), + // integral_type(""))}}, + }; + + for (auto &s : samples) { + check_hash_to_field_ro<2, h2c_type>(std::get<0>(s), std::get<1>(s), dst); + } +} + +BOOST_AUTO_TEST_CASE(hash_to_curve_bls12_381_g1_h2c_sha256_test) { + using curve_type = bls12_381; + using group_type = typename curve_type::g1_type<>; + using h2c_type = ep_map; + typedef typename group_type::value_type group_value_type; + typedef typename group_type::field_type::integral_type integral_type; + + std::string default_tag_str = "QUUX-V01-CS02-with-"; + std::vector dst(default_tag_str.begin(), default_tag_str.end()); + dst.insert(dst.end(), h2c_type::suite_type::suite_id.begin(), h2c_type::suite_type::suite_id.end()); + + using samples_type = std::vector>; + samples_type samples { + {"", group_value_type(integral_type("7943115757214008313629570493037810448520063234226241118933528595574500083086" + "20925451441746926395141598720928151969"), + integral_type("1343412193624222137939591894701031123123641958980729764240763391191550653712" + "890272928110356903136085217047453540965"), + 1u)}, + {"abc", group_value_type(integral_type("5137384602176159439212852477034485676478758747455673727961641554723831277" + "56567780059136521508428662765965997467907"), + integral_type("1786897908129645780825838873875416513994655004408749907941296449131605892" + "957529391590865627492442562626458913769565"), + 1u)}, + {"abcdef0123456789", group_value_type(integral_type("275162876137213708468320729543710526816637518402774837215695" + "2770986741873369176463286511518644061904904607431667096"), + integral_type("563036982304416203921640398061260377444881693369806087719971" + "277317609936727208012968659302318886963927918562170633"), + 1u)}, + {"q128_" + "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" + "qqqqqqqqqqqqqqqqqqq", + group_value_type(integral_type("33804326948876744397730824181920837205847480807049591729785862299214753152204341" + "65460350679208315690319508336723080"), + integral_type("36985267390728644087495710822706285617644155774454041155969909198015237931383482" + "54443092179877354467167123794222392"), + 1u)}, + {"a512_" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + group_value_type(integral_type("12569674255428230696945135509180256894900364785011816005259446539528461008878487" + "29514132077573887342346961531624702"), + integral_type("88037208240369454347695990925650426721558805545001688510379770085674653213458594" + "2561958795215862304181527267736264"), + 1u)}, + // {"", + // group_value_type( + // integral_type(""), + // integral_type(""), + // 1)}, + }; + + for (auto &s : samples) { + check_hash_to_curve(std::get<0>(s), std::get<1>(s), dst); + } +} + +BOOST_AUTO_TEST_CASE(hash_to_curve_bls12_381_g2_h2c_sha256_test) { + // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#appendix-J.10.1 + using curve_type = bls12_381; + using group_type = typename curve_type::g2_type<>; + using h2c_type = ep2_map; + typedef typename group_type::value_type group_value_type; + typedef typename group_type::field_type::value_type field_value_type; + typedef typename group_type::field_type::integral_type integral_type; + + std::string default_tag_str = "QUUX-V01-CS02-with-"; + std::vector dst(default_tag_str.begin(), default_tag_str.end()); + dst.insert(dst.end(), h2c_type::suite_type::suite_id.begin(), h2c_type::suite_type::suite_id.end()); + + using samples_type = std::vector>; + samples_type samples { + {"", group_value_type(field_value_type(integral_type("19354805336845174941142151562851080662656573665208680741935" + "4395577367693778571452628423727082668900187036482254730"), + integral_type("89193000964309942330810277795125089969455920364772498836102" + "2851024990473423938537113948850338098230396747396259901")), + field_value_type(integral_type("77171727205583415237828170597267125700535714547880090837365" + "9404991537354153455452961747174765859335819766715637138"), + integral_type("28103101185821266340411334541807053043930791391032529565024" + "04531123692847658283858246402311867775854528543237781718")), + field_value_type::one())}, + {"abc", + group_value_type(field_value_type(integral_type("424958340463073975547762735517193206833255107941790909009827635" + "556634414746056077714431786321247871628515967727334"), + integral_type("301867980397012787726282639381447252855741350432919474049536385" + "2840690589001358162447917674089074634504498585239512")), + field_value_type(integral_type("362130818512839545988899552652712755661476860447213217606042330" + "2734876099689739385100475320409412954617897892887112"), + integral_type("102447784096837908713257069727879782642075240724579670654226801" + "345708452018676587771714457671432122751958633012502")), + field_value_type::one())}, + {"abcdef0123456789", + group_value_type(field_value_type(integral_type("278579072823914661770244330824853538101603574852069839969013232" + "5213972292102741627498014391457605127656937478044880"), + integral_type("385570939363183188091016781827643518714796337112619879965480309" + "9743427431977934703201153169947378798970358200024876")), + field_value_type(integral_type("821938378705205565995357931232097952117504537366318395539093959" + "918654729488074273868834599496909844419980823111624"), + integral_type("180242033557577995098293558042145430208756792638522270794752735" + "3462942499437987207287862072369052390195154530059198")), + field_value_type::one())}, + {"q128_" + "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" + "qqqqqqqqqqqqqqqqqqq", + group_value_type(field_value_type(integral_type("394904109851368845549123118074972479469719294319673003085328501" + "1755806989731870696216017360514887069032515603535834"), + integral_type("141689369450613197680900293521221631713294194257076384932306538" + "1335907430566747765697423320407614734575486820936593")), + field_value_type(integral_type("322745371086383503299296260585144940139139935513544272889379018" + "6263669279022343042444878900124369614767241382891922"), + integral_type("149873883407375987188646612293399676447188951453282792720277792" + "2460876335493588931070034160657995151627624577390178")), + field_value_type::one())}, + {"a512_" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + group_value_type(field_value_type(integral_type("254155017921606149907129844368549510385368618440139550318910532" + "874259603395336903946742408725761795820224536519988"), + integral_type("276843145929673042677916621854414979160158598623313058301150172" + "7704972362141149700714785450629498506208393873593705")), + field_value_type(integral_type("175533934474433745731856511606202566998475061793772124522071142" + "5551575490663761638802010265668157125441634554205566"), + integral_type("560643043433789571968941329642646582974304556331567393300563909" + "451776257854214387388500126524984624222885267024722")), + field_value_type::one())}, + // {"", + // group_value_type( + // field_value_type(integral_type(""), + // integral_type("")), + // field_value_type(integral_type(""), + // integral_type("")), + // field_value_type::one())}, + }; + + for (auto &s : samples) { + check_hash_to_curve(std::get<0>(s), std::get<1>(s), dst); + } +} + +BOOST_AUTO_TEST_SUITE_END()