From 6a71548dde2e42faf7e24b3fa7e57b1604bb4a1c Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Fri, 26 Jun 2020 17:19:23 +0900
Subject: [PATCH] sswuG1

---
 include/mcl/mapto_wb19.hpp | 65 ++++++++++++++++++++++++++++++++++++++
 test/mapto_wb19_test.cpp   | 39 +++++++++++++++++++++--
 2 files changed, 101 insertions(+), 3 deletions(-)

diff --git a/include/mcl/mapto_wb19.hpp b/include/mcl/mapto_wb19.hpp
index 970d37d..113cbbd 100644
--- a/include/mcl/mapto_wb19.hpp
+++ b/include/mcl/mapto_wb19.hpp
@@ -80,6 +80,8 @@ struct MapToG2_WB19 {
 	Fp2 xden[3];
 	Fp2 ynum[4];
 	Fp2 yden[4];
+	Fp g1A, g1B, g1c1, g1c2;
+	int g1Z;
 	int draftVersion_;
 	void setDraftVersion(int draftVersion)
 	{
@@ -132,6 +134,21 @@ struct MapToG2_WB19 {
 		etas[3].b = ev3;
 		init_iso();
 		draftVersion_ = 5;
+		{
+			const char *A = "0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d";
+			const char *B = "0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0";
+			const char *c1 = "0x680447a8e5ff9a692c6e9ed90d2eb35d91dd2e13ce144afd9cc34a83dac3d8907aaffffac54ffffee7fbfffffffeaaa";
+			const char *c2 = "0x3d689d1e0e762cef9f2bec6130316806b4c80eda6fc10ce77ae83eab1ea8b8b8a407c9c6db195e06f2dbeabc2baeff5";
+			g1A.setStr(&b, A);
+			assert(b); (void)b;
+			g1B.setStr(&b, B);
+			assert(b); (void)b;
+			g1c1.setStr(&b, c1);
+			assert(b); (void)b;
+			g1c2.setStr(&b, c2);
+			assert(b); (void)b;
+			g1Z = 11;
+		}
 	}
 	void init_iso()
 	{
@@ -256,6 +273,54 @@ struct MapToG2_WB19 {
 		if (!x.b.isZero()) return false;
 		return false;
 	}
+	// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-07#appendix-D.3.5
+	void sswuG1(Fp& xn, Fp& xd, Fp& y, const Fp& u) const
+	{
+		const Fp& A = g1A;
+		const Fp& B = g1B;
+		const Fp& c1 = g1c1;
+		const Fp& c2 = g1c2;
+		const int Z = g1Z;
+		Fp u2, u2Z, t, t2, t3;
+
+		Fp::sqr(u2, u);
+		Fp::mulUnit(u2Z, u2, Z);
+		Fp::sqr(t, u2Z);
+		Fp::add(xd, t, u2Z);
+		if (xd.isZero()) {
+			Fp::mulUnit(xd, A, Z);
+			xn = B;
+		} else {
+			Fp::add(xn, xd, Fp::one());
+			xn *= B;
+			xd *= A;
+			Fp::neg(xd, xd);
+		}
+		Fp::sqr(t, xd);
+		Fp::mul(t2, t, xd);
+		t *= A;
+		Fp::sqr(t3, xn);
+		t3 += t;
+		t3 *= xn;
+		Fp::mul(t, t2, B);
+		t3 += t;
+		Fp::sqr(y, t2);
+		Fp::mul(t, t3, t2);
+		y *= t;
+		Fp::pow(y, y, c1);
+		y *= t;
+		Fp::sqr(t, y);
+		t *= t2;
+		if (t != t3) {
+			xn *= u2Z;
+			y *= c2;
+			y *= u2;
+			y *= u;
+		}
+		if (sgn0(u) != sgn0(y)) {
+			Fp::neg(y, y);
+		}
+	}
 	// https://github.com/algorand/bls_sigs_ref
 	void osswu2_help(Point& P, const Fp2& t) const
 	{
diff --git a/test/mapto_wb19_test.cpp b/test/mapto_wb19_test.cpp
index 3dbf8f9..82d4a9c 100644
--- a/test/mapto_wb19_test.cpp
+++ b/test/mapto_wb19_test.cpp
@@ -1065,9 +1065,42 @@ void testEth2phase0()
 }
 
 template<class T>
-void testHashToG1(const T& mapto)
+void testSswuG1(const T& mapto)
 {
-	(void)mapto;
+	const struct {
+		const char *u;
+		const char *xn;
+		const char *xd;
+		const char *y;
+	} tbl[] = {
+		{
+			"0",
+			"2906670324641927570491258158026293881577086121416628140204402091718288198173574630967936031029026176254968826637280",
+			"134093699507829814821517650980559345626771735832728306571853989028117161444712301203928819168120125800913069360447",
+			"883926319761702754759909536142450234040420493353017578303105057331414514426056372828799438842649753623273850162620",
+		},
+		{
+			"1",
+			"1899737305729263819017890260937734483867440857300594896394519620134021106669873067956151260450660652775675911846846",
+			"2393285161127709615559578013969192009035621989946268206469810267786625713154290249995541799111574154426937440234423",
+			"930707443353688021592152842018127582116075842630002779852379799673382026358889394936840703051493045692645732041175",
+		},
+		{
+			"2445954111132780748727614926881625117054159133000189976501123519233969822355358926084559381412726536178576396564099",
+			"1380948948858039589493865757655255282539355225819860723137103295095584615993188368169864518071716731687572756871254",
+			"3943815976847699234459109633672806041428347164453405394564656059649800794974863796342327007702642595444543195342842",
+			"2822129059347872230939996033946474192520362213555773694753196763199812747558444338256205967106315253391997542043187",
+		},
+	};
+	for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+		Fp u;
+		u.setStr(tbl[i].u);
+		Fp xn, xd, y;
+		mapto.sswuG1(xn, xd, y, u);
+		CYBOZU_TEST_EQUAL(xn.getStr(), tbl[i].xn);
+		CYBOZU_TEST_EQUAL(xd.getStr(), tbl[i].xd);
+		CYBOZU_TEST_EQUAL(y.getStr(), tbl[i].y);
+	}
 }
 
 CYBOZU_TEST_AUTO(test)
@@ -1092,5 +1125,5 @@ CYBOZU_TEST_AUTO(test)
 	testHashToFp2v6(mapto);
 	testHashToFp2v7(mapto);
 	testEth2phase0();
-	testHashToG1(mapto);
+	testSswuG1(mapto);
 }