Address a couple of TODOs

davxy · Jul 10, 2024 · 2d20d43 · 2d20d43
1 parent c0b498b
commit 2d20d43
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 14 deletions.
diff --git a/src/arkworks/elligator2.rs b/src/arkworks/elligator2.rs
@@ -5,12 +5,7 @@
 //! - Elligator2 hash-to-curve for Bandersnatch: https://github.com/arkworks-rs/algebra/pull/758
 
 use ark_ec::{
-    hashing::{
-        // TODO: this looks identical to the one introduced by #659
-        curve_maps::swu::parity,
-        map_to_curve_hasher::MapToCurve,
-        HashToCurveError,
-    },
+    hashing::{curve_maps::swu::parity, map_to_curve_hasher::MapToCurve, HashToCurveError},
     twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig},
 };
 use ark_ff::{Field, One, Zero};

diff --git a/src/codec.rs b/src/codec.rs
@@ -32,7 +32,7 @@ impl<S: Suite> Codec<S> for ArkworksCodec {
     }
 
     fn point_decode(buf: &[u8]) -> Result<AffinePoint<S>, Error> {
-        AffinePoint::<S>::deserialize_compressed_unchecked(buf).map_err(|e| e.into())
+        AffinePoint::<S>::deserialize_compressed_unchecked(buf).map_err(Into::into)
     }
 
     fn scalar_encode(sc: &ScalarField<S>, buf: &mut Vec<u8>) {

diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs
@@ -136,7 +136,6 @@ pub mod edwards {
         fn data_to_point(data: &[u8]) -> Option<AffinePoint> {
             // "XMD" for expand_message_xmd (Section 5.3.1).
             // "RO" for random oracle (Section 3 - hash_to_curve method)
-            // TODO: prepend `encode_to_curve_salt` (i.e. pk)
             let h2c_suite_id = b"Bandersnatch_XMD:SHA-512_ELL2_RO_";
             utils::hash_to_curve_ell2_rfc_9380::<Self>(data, h2c_suite_id)
         }

diff --git a/src/utils.rs b/src/utils.rs
@@ -89,12 +89,15 @@ pub fn hash_to_curve_tai_rfc_9381<S: Suite>(data: &[u8]) -> Option<AffinePoint<S
     for ctr in 0..=255 {
         buf[ctr_pos] = ctr;
 
-        let mut hash = hash::<S::Hasher>(&buf).to_vec();
+        let mut buf = hash::<S::Hasher>(&buf).to_vec();
+        // TODO: remove this hack at some point!
+        // Maybe we can just leave `buf` "as-is", and introduce a default behavior in
+        // `point_decode` where, if flag is missing, then use the default one (e.g. 0x02).
         if S::Codec::BIG_ENDIAN {
-            hash.insert(0, 0x02);
+            buf.insert(0, 0x02);
         }
 
-        if let Ok(pt) = codec::point_decode::<S>(&hash[..]) {
+        if let Ok(pt) = codec::point_decode::<S>(&buf[..]) {
             let pt = pt.clear_cofactor();
             if !pt.is_zero() {
                 return Some(pt);
@@ -144,7 +147,7 @@ where
     Some(res)
 }
 
-/// Challenge generation according to RFC 9381 section 5.4.3.
+/// Challenge generation according to RFC-9381 section 5.4.3.
 pub fn challenge_rfc_9381<S: Suite>(pts: &[&AffinePoint<S>], ad: &[u8]) -> ScalarField<S> {
     const DOM_SEP_START: u8 = 0x02;
     const DOM_SEP_END: u8 = 0x00;
@@ -158,7 +161,7 @@ pub fn challenge_rfc_9381<S: Suite>(pts: &[&AffinePoint<S>], ad: &[u8]) -> Scala
     ScalarField::<S>::from_be_bytes_mod_order(hash)
 }
 
-/// Point to a hash according to RFC 9381 section <TODO>.
+/// Point to a hash according to RFC-9381 section 5.2.
 pub fn point_to_hash_rfc_9381<S: Suite>(pt: &AffinePoint<S>) -> HashOutput<S> {
     const DOM_SEP_START: u8 = 0x03;
     const DOM_SEP_END: u8 = 0x00;
@@ -168,7 +171,7 @@ pub fn point_to_hash_rfc_9381<S: Suite>(pt: &AffinePoint<S>) -> HashOutput<S> {
     hash::<S::Hasher>(&buf)
 }
 
-/// Nonce generation according to RFC 9381 section 5.4.2.2.
+/// Nonce generation according to RFC-9381 section 5.4.2.2.
 ///
 /// This procedure is based on section 5.1.6 of RFC 8032: "Edwards-Curve Digital
 /// Signature Algorithm (EdDSA)".