tornado-packages/noble-curves
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

h2c: move params validation. add experimental hash_to_ristretto255

Browse Source
This commit is contained in:
Paul Miller 2023-02-27 14:07:24 +00:00
parent 3e90930e9d
commit 088edd0fbb
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/abstract/hash-to-curve.ts
View File

@ -126,6 +126,13 @@ export function expand_message_xof(
* @returns [u_0, ..., u_(count - 1)], a list of field elements.
*/
export function hash_to_field(msg: Uint8Array, count: number, options: Opts): bigint[][] {
validateObject(options, {
DST: 'string',
p: 'bigint',
m: 'isSafeInteger',
k: 'isSafeInteger',
hash: 'hash',
});
const { p, k, m, hash, expand, DST: _DST } = options;
isBytes(msg);
isNum(count);
@ -191,13 +198,6 @@ export function createHasher<T>(
mapToCurve: MapToCurve<T>,
def: Opts & { encodeDST?: UnicodeOrBytes }
) {
validateObject(def, {
DST: 'string',
p: 'bigint',
m: 'isSafeInteger',
k: 'isSafeInteger',
hash: 'hash',
});
if (typeof mapToCurve !== 'function') throw new Error('mapToCurve() must be defined');
return {
// Encodes byte string to elliptic curve

16
src/ed25519.ts
View File

@ -13,6 +13,7 @@ import {
ensureBytes,
} from './abstract/utils.js';
import * as htf from './abstract/hash-to-curve.js';
import { AffinePoint } from './abstract/curve.js';
/**
* ed25519 Twisted Edwards curve with following addons:
@ -309,6 +310,11 @@ export class RistrettoPoint {
// Private property to discourage combining ExtendedPoint + RistrettoPoint
// Always use Ristretto encoding/decoding instead.
constructor(private readonly ep: ExtendedPoint) {}
static fromAffine(ap: AffinePoint<bigint>) {
return new RistrettoPoint(ed25519.ExtendedPoint.fromAffine(ap))
}
/**
* Takes uniform output of 64-bit hash function like sha512 and converts it to `RistrettoPoint`.
* The hash-to-group operation applies Elligator twice and adds the results.
@ -427,3 +433,13 @@ export class RistrettoPoint {
return new RistrettoPoint(this.ep.multiplyUnsafe(scalar));
}
}
// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/14/
// Appendix B. Hashing to ristretto255
export const hash_to_ristretto255 = (msg: Uint8Array, options: htf.htfBasicOpts) => {
const d = options.DST;
const DST = typeof d === 'string' ? utf8ToBytes(d) : d;
const uniform_bytes = htf.expand_message_xmd(msg, DST, 64, sha512);
const P = RistrettoPoint.hashToCurve(uniform_bytes)
return P;
};