From ace3e25aa572ac27821505c9782ec33a98c8c546 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Thu, 6 Jun 2024 15:45:24 +0200 Subject: [PATCH] Implement Ell2 as general utility --- src/arkworks/elligator2.rs | 4 ++-- src/suites/bandersnatch.rs | 25 +++++++++++++++---------- src/utils.rs | 29 +++++++++++++++++++++++++++-- 3 files changed, 44 insertions(+), 14 deletions(-) diff --git a/src/arkworks/elligator2.rs b/src/arkworks/elligator2.rs index 40a9e62..50147ab 100644 --- a/src/arkworks/elligator2.rs +++ b/src/arkworks/elligator2.rs @@ -8,8 +8,7 @@ use ark_ec::{ hashing::{ // TODO: this looks identical to the one introduced by #659 curve_maps::swu::parity, - map_to_curve_hasher::{MapToCurve, MapToCurveBasedHasher}, - HashToCurve, + map_to_curve_hasher::MapToCurve, HashToCurveError, }, twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig}, @@ -148,6 +147,7 @@ impl MapToCurve> for Elligator2Map

{ #[cfg(test)] mod tests { use super::*; + use ark_ec::hashing::{map_to_curve_hasher::MapToCurveBasedHasher, HashToCurve}; use ark_ff::{field_hashers::DefaultFieldHasher, Fp64, MontBackend, MontFp}; use sha2::Sha256; diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs index 9db9a98..7cee30a 100644 --- a/src/suites/bandersnatch.rs +++ b/src/suites/bandersnatch.rs @@ -162,14 +162,6 @@ pub mod edwards { ); } - use ark_ec::hashing::HashToCurve; - - pub type Elligator2MapToCurve = ark_ec::hashing::map_to_curve_hasher::MapToCurveBasedHasher< - ark_ec::twisted_edwards::Projective, - ark_ff::field_hashers::DefaultFieldHasher, - arkworks::elligator2::Elligator2Map, - >; - #[cfg(feature = "ring")] mod ring_defs { use super::*; @@ -206,10 +198,23 @@ pub mod edwards { #[test] fn test_elligator2_hash_to_curve() { - let hasher = Elligator2MapToCurve::new(b"dom").unwrap(); - let point = hasher.hash(b"foo").unwrap(); + let point = + utils::hash_to_curve_ell2_rfc_9380::(b"foo").unwrap(); assert!(point.is_on_curve()); assert!(point.is_in_correct_subgroup_assuming_on_curve()); + + { + use ietf::{Prover, Verifier}; + + let secret = Secret::from_seed(b"asd"); + let public = secret.public(); + let input = Input::from(point); + let output = secret.output(input); + + let proof = secret.prove(input, output, b"foo"); + let result = public.verify(input, output, b"foo", &proof); + assert!(result.is_ok()); + } } } diff --git a/src/utils.rs b/src/utils.rs index 36900e3..ec7e16b 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -1,7 +1,8 @@ use crate::{AffinePoint, HashOutput, ScalarField, Suite}; +use ark_ec::AffineRepr; use ark_ff::PrimeField; -use digest::Digest; +use digest::{Digest, FixedOutputReset}; #[cfg(not(feature = "std"))] use ark_std::vec::Vec; @@ -73,7 +74,9 @@ pub fn hash_to_curve_tai_rfc_9381( const DOM_SEP_FRONT: u8 = 0x01; const DOM_SEP_BACK: u8 = 0x00; - let mod_size = <<::BaseField as Field>::BasePrimeField as PrimeField>::MODULUS_BIT_SIZE as usize / 8; + let mod_size = < as Field>::BasePrimeField as PrimeField>::MODULUS_BIT_SIZE + as usize + / 8; if S::Hasher::output_size() < mod_size { return None; } @@ -100,6 +103,28 @@ pub fn hash_to_curve_tai_rfc_9381( None } +pub fn hash_to_curve_ell2_rfc_9380(data: &[u8]) -> Option> +where + ::Hasher: Default + Clone + FixedOutputReset + 'static, + crate::CurveConfig: ark_ec::twisted_edwards::TECurveConfig, + crate::CurveConfig: crate::arkworks::elligator2::Elligator2Config, + crate::arkworks::elligator2::Elligator2Map>: + ark_ec::hashing::map_to_curve_hasher::MapToCurve< as AffineRepr>::Group>, +{ + use ark_ec::hashing::HashToCurve; + const SEC_PARAM: usize = 128; + + let hasher = ark_ec::hashing::map_to_curve_hasher::MapToCurveBasedHasher::< + as AffineRepr>::Group, + ark_ff::field_hashers::DefaultFieldHasher<::Hasher, SEC_PARAM>, + crate::arkworks::elligator2::Elligator2Map>, + >::new(b"") + .ok()?; + + let res = hasher.hash(data).ok()?; + Some(res) +} + /// Challenge generation according to RFC 9381 section 5.4.3. pub fn challenge_rfc_9381(pts: &[&AffinePoint], ad: &[u8]) -> ScalarField { const DOM_SEP_START: u8 = 0x02;