From 730c50d4eaff1e0d685a92ac8c896e873749471b Mon Sep 17 00:00:00 2001 From: MITSUNARI Shigeo Date: Mon, 6 Jul 2020 18:17:43 +0900 Subject: [PATCH] remove old eth hash-functions --- api.md | 10 +- ffi/go/mcl/mcl.go | 6 - include/mcl/bn.h | 13 +- include/mcl/bn.hpp | 40 +-- include/mcl/curve_type.h | 8 +- include/mcl/fp.hpp | 2 - include/mcl/impl/bn_c_impl.hpp | 5 - include/mcl/mapto_wb19.hpp | 38 +-- src/fp.cpp | 35 -- test/bls12_test.cpp | 43 --- test/bn_c_test.hpp | 69 ---- test/mapto_wb19_test.cpp | 598 +-------------------------------- 12 files changed, 16 insertions(+), 851 deletions(-) diff --git a/api.md b/api.md index 5249826..0045b7a 100644 --- a/api.md +++ b/api.md @@ -1,13 +1,9 @@ # C API -## New features +## News -``` -void mclBn_setOriginalG2cofactor(int enable); -``` -Use faster multiplication of `G2` with cofactor if `enable = 1`. -This is enabled if `mclBn_setMapToMode(MCL_MAP_TO_MODE_ETH2)`. -if `enable = 0`, then [the fast algorithm (mulByCofactorBLS12)](https://github.com/herumi/mcl/blob/master/include/mcl/bn.hpp#L463) is used. +APIs for old ethreum hash functions are removed. +`mclBn_setMapToMode` supports only `MCL_MAP_TO_MODE_ETH2`. ## Minimum sample diff --git a/ffi/go/mcl/mcl.go b/ffi/go/mcl/mcl.go index c9658af..97f0c7d 100644 --- a/ffi/go/mcl/mcl.go +++ b/ffi/go/mcl/mcl.go @@ -123,12 +123,6 @@ func SetETHserialization(enable bool) { C.mclBn_setETHserialization(bool2Cint(enable)) } -// SetOriginalG2cofactor -- true if BLS_ETH is defined -func SetOriginalG2cofactor(enable bool) { - // #nosec - C.mclBn_setOriginalG2cofactor(bool2Cint(enable)) -} - // SetMapToMode -- func SetMapToMode(mode int) error { // #nosec diff --git a/include/mcl/bn.h b/include/mcl/bn.h index 04d12ae..1396d6b 100644 --- a/include/mcl/bn.h +++ b/include/mcl/bn.h @@ -201,19 +201,8 @@ MCLBN_DLL_API void mclBn_setETHserialization(int enable); MCLBN_DLL_API int mclBn_getETHserialization(void); /* - use original g2cofactor - @param enable [in] 1:enable, 0:disable(default) - use faster algorithm for multiplication of G2 with g2cofactor if enable - The constant is 0x204d0ec030004ec0600000002fffffffd times original g2cofacotr - @see MapTo::mulByCofactorBLS12 -*/ -MCLBN_DLL_API void mclBn_setOriginalG2cofactor(int enable); - -/* - set map-to-function to mode (defalt:MCL_MAP_TO_MODE_ORIGINAL) - https://github.com/ethereum/eth2.0-specs/blob/dev/specs/bls_signature.md#modular_squareroot + set map-to-function to mode (only support MCL_MAP_TO_MODE_HASH_TO_CURVE_07) return 0 if success else -1 - @note call mclBn_setOriginalG2cofactor(true) if MCL_MAP_TO_MODE_ETH2 */ MCLBN_DLL_API int mclBn_setMapToMode(int mode); diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index 7a19d0b..13e43e9 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -500,37 +500,18 @@ struct MapTo { switch (mode) { case MCL_MAP_TO_MODE_ORIGINAL: case MCL_MAP_TO_MODE_TRY_AND_INC: - case MCL_MAP_TO_MODE_ETH2: +// case MCL_MAP_TO_MODE_ETH2: mapToMode_ = mode; return true; break; - case MCL_MAP_TO_MODE_HASH_TO_CURVE_05: - mapToMode_ = mode; - mapTo_WB19_.setDraftVersion(5); - return true; - break; - case MCL_MAP_TO_MODE_HASH_TO_CURVE_06: - mapToMode_ = mode; - mapTo_WB19_.setDraftVersion(6); - return true; - break; case MCL_MAP_TO_MODE_HASH_TO_CURVE_07: mapToMode_ = mode; - mapTo_WB19_.setDraftVersion(7); return true; break; default: return false; } } - void setOriginalG2cofactor(bool enable) - { - if (type_ == BLS12type) { - useOriginalG2cofactor_ = enable; - } else { - useOriginalG2cofactor_ = false; - } - } /* if type == STD_ECtype, then cofactor, z are not used. */ @@ -551,7 +532,7 @@ struct MapTo { template bool mapToEc(G& P, const F& t) const { - if (mapToMode_ == MCL_MAP_TO_MODE_TRY_AND_INC || mapToMode_ == MCL_MAP_TO_MODE_ETH2) { + if (mapToMode_ == MCL_MAP_TO_MODE_TRY_AND_INC) { naiveMapTo(P, t); } else { if (!calcBN(P, t)) return false; @@ -594,19 +575,11 @@ struct MapTo { } bool calc(G2& P, const Fp2& t, bool fast = false) const { - if (mapToMode_ == MCL_MAP_TO_MODE_WB19 || mapToMode_ >= MCL_MAP_TO_MODE_HASH_TO_CURVE_06) { + if (mapToMode_ == MCL_MAP_TO_MODE_HASH_TO_CURVE_07) { mapTo_WB19_.opt_swu2_map(P, t); return true; } if (!mapToEc(P, t)) return false; - if (mapToMode_ == MCL_MAP_TO_MODE_ETH2) { - Fp2 negY; - Fp2::neg(negY, P.y); - int cmp = Fp::compare(P.y.b, negY.b); - if (!(cmp > 0 || (cmp == 0 && P.y.a > negY.a))) { - P.y = negY; - } - } mulByCofactor(P, fast); return true; } @@ -2027,15 +2000,8 @@ inline void millerLoopVec(Fp12& f, const G1* Pvec, const G2* Qvec, size_t n) } } -inline void setOriginalG2cofactor(bool enable) -{ - BN::nonConstParam.mapTo.setOriginalG2cofactor(enable); -} inline bool setMapToMode(int mode) { - if (mode == MCL_MAP_TO_MODE_ETH2) { - setOriginalG2cofactor(true); - } return BN::nonConstParam.mapTo.setMapToMode(mode); } inline int getMapToMode() diff --git a/include/mcl/curve_type.h b/include/mcl/curve_type.h index dae261c..454f8d8 100644 --- a/include/mcl/curve_type.h +++ b/include/mcl/curve_type.h @@ -44,10 +44,10 @@ enum { enum { MCL_MAP_TO_MODE_ORIGINAL, // see MapTo::calcBN MCL_MAP_TO_MODE_TRY_AND_INC, // try-and-incremental-x - MCL_MAP_TO_MODE_ETH2, // old eth2.0 spec - MCL_MAP_TO_MODE_WB19, // used in new eth2.0 spec - MCL_MAP_TO_MODE_HASH_TO_CURVE_05 = MCL_MAP_TO_MODE_WB19, // draft-irtf-cfrg-hash-to-curve-05 - MCL_MAP_TO_MODE_HASH_TO_CURVE_06, // draft-irtf-cfrg-hash-to-curve-06 + MCL_MAP_TO_MODE_ETH2, // (deprecated) old eth2.0 spec + MCL_MAP_TO_MODE_WB19, // (deprecated) used in new eth2.0 spec + MCL_MAP_TO_MODE_HASH_TO_CURVE_05 = MCL_MAP_TO_MODE_WB19, // (deprecated) draft-irtf-cfrg-hash-to-curve-05 + MCL_MAP_TO_MODE_HASH_TO_CURVE_06, // (deprecated) draft-irtf-cfrg-hash-to-curve-06 MCL_MAP_TO_MODE_HASH_TO_CURVE_07, // draft-irtf-cfrg-hash-to-curve-07 MCL_MAP_TO_MODE_HASH_TO_CURVE = MCL_MAP_TO_MODE_HASH_TO_CURVE_07 // the latset version }; diff --git a/include/mcl/fp.hpp b/include/mcl/fp.hpp index cfe40e9..a0af747 100644 --- a/include/mcl/fp.hpp +++ b/include/mcl/fp.hpp @@ -80,8 +80,6 @@ void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6]); // draft-07 outSize = 128 or 256 void expand_message_xmd(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize); -void expand_message_xmd06(uint8_t out[256], const void *msg, size_t msgSize, const void *dst, size_t dstSize); - namespace local { inline void byteSwap(void *x, size_t n) diff --git a/include/mcl/impl/bn_c_impl.hpp b/include/mcl/impl/bn_c_impl.hpp index 52eaa50..1cca838 100644 --- a/include/mcl/impl/bn_c_impl.hpp +++ b/include/mcl/impl/bn_c_impl.hpp @@ -150,11 +150,6 @@ int mclBn_ethMsgToG2(mclBnG2 *out, const void *msg, size_t msgSize, const void * return mcl::bn::ethMsgToG2(*cast(out), msg, msgSize, dst, dstSize) ? 0 : -1; } -void mclBn_setOriginalG2cofactor(int enable) -{ - setOriginalG2cofactor(enable == 1); -} - //////////////////////////////////////////////// // set zero void mclBnFr_clear(mclBnFr *x) diff --git a/include/mcl/mapto_wb19.hpp b/include/mcl/mapto_wb19.hpp index 4ecaed9..cefd3ac 100644 --- a/include/mcl/mapto_wb19.hpp +++ b/include/mcl/mapto_wb19.hpp @@ -88,11 +88,6 @@ struct MapTo_WB19 { Fp g1yden[16]; mpz_class g1cofactor; int g1Z; - int draftVersion_; - void setDraftVersion(int draftVersion) - { - draftVersion_ = draftVersion; - } void init() { bool b; @@ -142,7 +137,6 @@ struct MapTo_WB19 { Fp::neg(etas[3].a, ev4); etas[3].b = ev3; init_iso3(); - draftVersion_ = 5; { const char *A = "0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d"; const char *B = "0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0"; @@ -385,15 +379,7 @@ struct MapTo_WB19 { } bool isNegSign(const Fp2& x) const { - if (draftVersion_ == 7) { - return sgn0(x); - } - // x.isNegative() <=> x > (p-1)/2 <=> x >= (p+1)/2 - if (x.b.isNegative()) return true; - if (!x.b.isZero()) return false; - if (x.a.isNegative()) return true; - if (!x.b.isZero()) return false; - return false; + return sgn0(x); } // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-07#appendix-D.3.5 void sswuG1(Fp& xn, Fp& xd, Fp& y, const Fp& u) const @@ -566,11 +552,7 @@ struct MapTo_WB19 { void hashToFp2(Fp2 out[2], const void *msg, size_t msgSize, const void *dst, size_t dstSize) const { uint8_t md[256]; - if (draftVersion_ == 6) { - mcl::fp::expand_message_xmd06(md, msg, msgSize, dst, dstSize); - } else { - mcl::fp::expand_message_xmd(md, sizeof(md), msg, msgSize, dst, dstSize); - } + mcl::fp::expand_message_xmd(md, sizeof(md), msg, msgSize, dst, dstSize); Fp *x = out[0].getFp0(); for (size_t i = 0; i < 4; i++) { bool b; @@ -581,22 +563,12 @@ struct MapTo_WB19 { void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize) const { Fp2 t[2]; - if (draftVersion_ == 5) { - hashToFp2old(t[0], msg, msgSize, 0, dst, dstSize); - hashToFp2old(t[1], msg, msgSize, 1, dst, dstSize); - } else { - hashToFp2(t, msg, msgSize, dst, dstSize); - } + hashToFp2(t, msg, msgSize, dst, dstSize); opt_swu2_map(out, t[0], &t[1]); } void msgToG2(G2& out, const void *msg, size_t msgSize) const { - const char *dst; - if (draftVersion_ == 5) { - dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_"; - } else { - dst = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_"; - } + const char *dst = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_"; map2curve_osswu2(out, msg, msgSize, dst, strlen(dst)); } void FpToG1(G1& out, const Fp& u0, const Fp *u1 = 0) const @@ -613,7 +585,6 @@ struct MapTo_WB19 { } void msgToG1(G1& out, const void *msg, size_t msgSize, const char *dst, size_t dstSize) const { - assert(draftVersion_ == 7); uint8_t md[128]; mcl::fp::expand_message_xmd(md, sizeof(md), msg, msgSize, dst, dstSize); Fp u[2]; @@ -626,7 +597,6 @@ struct MapTo_WB19 { } void msgToG1(G1& out, const void *msg, size_t msgSize) const { - assert(draftVersion_ == 7); const char *dst = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_"; const size_t dstSize = strlen(dst); msgToG1(out, msg, msgSize, dst, dstSize); diff --git a/src/fp.cpp b/src/fp.cpp index 343d242..ab09ff1 100644 --- a/src/fp.cpp +++ b/src/fp.cpp @@ -159,41 +159,6 @@ void hkdf_expand(uint8_t out[64], const uint8_t prk[32], char info[6]) cybozu::hmac256(out + 32, prk, 32, out, 32 + 6); } -void expand_message_xmd06(uint8_t out[256], const void *msg, size_t msgSize, const void *dst, size_t dstSize) -{ - const size_t len_in_bytes = 256; - const size_t mdSize = 32; - const size_t r_in_bytes = 64; - const size_t ell = len_in_bytes / mdSize; - static const uint8_t Z_pad[r_in_bytes] = {}; - assert(dstSize < 256); - // BE(len_in_bytes, 2) + BE(0, 1) + BE(dstSize, 1) - uint8_t buf[2 + 1 + 1] = { 1, 0, 0, uint8_t(dstSize) }; - uint8_t *const buf2 = buf + 2; // BE(0, 1) + BE(dstSize, 1) - cybozu::Sha256 h; - h.update(Z_pad, r_in_bytes); - h.update(msg, msgSize); - h.update(buf, sizeof(buf)); - uint8_t md[mdSize]; - h.digest(md, mdSize, dst, dstSize); - h.clear(); - buf2[0] = 1; - h.update(md, mdSize); - h.update(buf2, 2); - h.digest(out, mdSize, dst, dstSize); - uint8_t mdXor[mdSize]; - for (size_t i = 1; i < ell; i++) { - h.clear(); - for (size_t j = 0; j < mdSize; j++) { - mdXor[j] = md[j] ^ out[mdSize * (i - 1) + j]; - } - h.update(mdXor, mdSize); - buf2[0] = uint8_t(i + 1); - h.update(buf2, 2); - h.digest(out + mdSize * i, mdSize, dst, dstSize); - } -} - void expand_message_xmd(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize) { assert(outSize == 128 || outSize == 256); diff --git a/test/bls12_test.cpp b/test/bls12_test.cpp index df8b127..1ea0518 100644 --- a/test/bls12_test.cpp +++ b/test/bls12_test.cpp @@ -704,49 +704,6 @@ CYBOZU_TEST_AUTO(multi) CYBOZU_BENCH_C("naiveG2", 100, (BN::param.mapTo.naiveMapTo), Q, i++); } -CYBOZU_TEST_AUTO(eth2) -{ - if (BN::param.cp.curveType != MCL_BLS12_381) return; - Fp::setETHserialization(true); - Fr::setETHserialization(true); - setMapToMode(MCL_MAP_TO_MODE_ETH2); - Fr sec; - sec.setStr("0x47b8192d77bf871b62e87859d653922725724a5c031afeabc60bcef5ff665138"); - uint8_t msg[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 87, 33, 13, 72, 155, 73, 4, 185, 87, 46, 230, 247, 159, 191, 7, 148, 85, 120, 129, 175, 102, 169, 241, 139, 189, 44, 244, 68, 119, 60, 28, 101, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 225, 95, 237, 38, 188, 142, 181, 147, 233, 183, 232, 13, 219, 92, 94, 79, 19, 174, 172, 105, 133, 207, 4, 113, 115, 242, 140, 138, 44, 215, 244, 77 - }; - const uint8_t sigStr[] = { - 6, 239, 41, 231, 36, 30, 26, 28, 198, 15, 238, 50, 142, 50, 144, 192, 35, 213, 90, 103, 1, 219, 80, 14, 239, 171, 127, 145, 57, 26, 139, 135, 38, 253, 0, 36, 18, 30, 100, 99, 114, 129, 249, 7, 19, 127, 226, 104, 24, 123, 75, 172, 163, 99, 136, 233, 97, 148, 183, 58, 125, 83, 47, 110, 234, 107, 192, 152, 119, 141, 191, 211, 64, 69, 132, 97, 59, 91, 169, 218, 151, 213, 96, 46, 49, 253, 190, 146, 112, 184, 99, 135, 101, 41, 178, 84, 18, 210, 104, 251, 230, 10, 193, 72, 64, 52, 41, 52, 81, 12, 106, 12, 31, 250, 171, 222, 116, 82, 153, 227, 157, 225, 55, 196, 22, 100, 207, 162, 163, 65, 163, 112, 14, 234, 31, 243, 107, 2, 227, 249, 10, 187, 131, 10, 3, 211, 176, 25, 9, 1, 154, 245, 167, 74, 192, 135, 28, 44, 85, 238, 179, 95, 250, 20, 39, 137, 56, 40, 196, 66, 91, 125, 231, 240, 32, 204, 95, 9, 56, 38, 62, 180, 158, 95, 1, 58, 2, 126, 173, 200, 94, 46 - }; - (void)sigStr; - G1 gen; - gen.setStr("1 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569", 10); - Fp2 m; - CYBOZU_TEST_ASSERT(m.deserialize(msg, sizeof(msg)) > 0); - G2 Q; - mapToG2(Q, m); - - G2 sig = Q * sec; - const char *expectSig = "b9d1bf921b3dd048bdce38c2ceac2a2a8093c864881f2415f22b198de935ffa791707855c1656dc21a7af2d502bb46590151d645f062634c3b2cb79c4ed1c4a4b8b3f19f0f5c76965c651553e83d153ff95353735156eff77692f7a62ae653fb"; - CYBOZU_TEST_EQUAL(sig.getStr(mcl::IoSerializeHexStr), expectSig); - - CYBOZU_BENCH_C("mapToG2 org-cofactor", 1000, mapToG2, Q, m, false); - CYBOZU_BENCH_C("mapToG2 fast-cofactor", 1000, mapToG2, Q, m, true); - - Fp2 x; - x.a = 5; - x.b = 3; - const mpz_class& g2c = BN::param.mapTo.g2cofactor_; - const Fr& g2ca = getG2cofactorAdj(); - G2 Q1, Q2, Q3; - BN::param.mapTo.mapToEc(Q, x); - G2::mulGeneric(Q1, Q, g2c); - Q2 = Q; - BN::param.mapTo.mulByCofactor(Q2, true); - Q2 *= g2ca; - CYBOZU_TEST_EQUAL(Q1, Q2); -} - CYBOZU_TEST_AUTO(deserialize) { if (BN::param.cp.curveType != MCL_BLS12_381) return; diff --git a/test/bn_c_test.hpp b/test/bn_c_test.hpp index 0f87123..446f72e 100644 --- a/test/bn_c_test.hpp +++ b/test/bn_c_test.hpp @@ -669,75 +669,6 @@ void setFp2(mclBnFp2 *x, const Fp2Str& s) CYBOZU_TEST_EQUAL(mclBnFp_setStr(&x->d[1], s.b, strlen(s.b), 16), 0); } -CYBOZU_TEST_AUTO(eth_hash) -{ - int curveType = mclBn_getCurveType(); - if (curveType != MCL_BLS12_381) return; - { - const char *msg = "msg"; - uint8_t ctr = 0; - const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"; - const Fp2Str ys = { - "18df4dc51885b18ca0082a4966b0def46287930b8f1c0b673b11ac48d19c8899bc150d83fd3a7a1430b0de541742c1d4", - "14eef8ca34b82d065d187a3904cb313dbb44558917cc5091574d9999b5ecfdd5af2fa3aea6e02fb253bf4ae670e72d55" - }; - mclBnFp2 x, y; - CYBOZU_TEST_EQUAL(mclBn_ethMsgToFp2(&x, msg, strlen(msg), ctr, dst, strlen(dst)), 0); - setFp2(&y, ys); - CYBOZU_TEST_ASSERT(mclBnFp2_isEqual(&x, &y)); - } - { - const Fp2Str u0s = { - "0x004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7", - "0x0e2386c82713441bc3b06a460bd81850f4bf376ea89c80b18c0881e855c58dc8e83b2fd23af983f4786508e30c42af01", - }; - const Fp2Str u1s = { - "0x08a6a75e0a8d32f1e096f29047ea879dd34a5504218d7ce92c32c244786822fb73fbf708d167ad86537468249ec6df48", - "0x07016d0e5e13cd65780042c6f7b4c74ae1c58da438c99582696818b5c229895b893318dcb87d2a65e557d4ebeb408b70", - }; - const Fp2Str xs = { - "0x4861c41efcc5fc56e62273692b48da25d950d2a0aaffb34eff80e8dbdc2d41ca38555ceb8554368436aea47d16056b5", - "0x9db5217528c55d982cf05fc54242bdcd25f1ebb73372e00e16d8e0f19dc3aeabdeef2d42d693405a04c37d60961526a", - }; - const Fp2Str ys = { - "0x177d05b95e7879a7ddbd83c15114b5a4e9846fde72b2263072dc9e60db548ccbadaacb92cc4952d4f47425fe3c5e0172", - "0xfc82c99b928ed9df12a74f9215c3df8ae1e9a3fa54c00897889296890b23a0edcbb9653f9170bf715f882b35c0b4647", - }; - mclBnFp2 u0, u1, x, y; - setFp2(&u0, u0s); - setFp2(&u1, u1s); - setFp2(&x, xs); - setFp2(&y, ys); - mclBnG2 P; - mclBn_ethFp2ToG2(&P, &u0, &u1); - mclBnG2_normalize(&P, &P); - CYBOZU_TEST_ASSERT(mclBnFp2_isEqual(&P.x, &x)); - CYBOZU_TEST_ASSERT(mclBnFp2_isEqual(&P.y, &y)); - } - { - const char *msg = "msg"; - const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"; - const Fp2Str xs = { - "0xb1871d245d50ec4e5a3ac790628864d24655208812abc420b67a93c5afdd38111137f14ca0f844ddbf69809897ca941", - "0xa8b490ae1aac870b16b1a82db2e9653ec14485fc5f38c2ce2926c526537262061d4cd8bc62cc90e98235952a7fe7f13", - }; - const Fp2Str ys = { - "0x2c8e9f9d52870075ae5879be5a4994a16db6c93b34453d9c055eb058107a2d805cc307b0ba30144518fb36da5f97d12", - "0x344ce62d77dda0b4b509d5b5e6ef08f99c972fc0e5f0c25b25bb881384e85b8b1086043813e674f9bbc4b67dd47d9a7", - }; - const Fp2Str zs = { - "0x1515a4d612e48626000f998a220029380a47e9e6c69d497db804e2dfc3dbce5cfb000a559b64f50796f26ddc4cf3be2c", - "0x1796ee0f0b9b65802c90e3e1586034f3826ec3538c66525de298d1ff2f7a26f2ec553ec64e5989ed9841c4456d0bddd7", - }; - mclBnG2 P, Q; - mclBn_ethMsgToG2(&P, msg, strlen(msg), dst, strlen(dst)); - setFp2(&Q.x, xs); - setFp2(&Q.y, ys); - setFp2(&Q.z, zs); - CYBOZU_TEST_ASSERT(mclBnG2_isEqual(&P, &Q)); - } -} - #if MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE >= 6 CYBOZU_TEST_AUTO(badG2) { diff --git a/test/mapto_wb19_test.cpp b/test/mapto_wb19_test.cpp index 7528ce1..7cd6b2d 100644 --- a/test/mapto_wb19_test.cpp +++ b/test/mapto_wb19_test.cpp @@ -97,123 +97,6 @@ std::string toHexStr(const G2& P) return toHexStr(xy, 96); } -/* - z = sqrt(u/v) = (uv^7) (uv^15)^((p^2-9)/16) * root4 - return true if found -*/ -bool sqr_div(const MapTo& mapto, Fp2& z, const Fp2& u, const Fp2& v) -{ - Fp2 gamma, t1, t2; - Fp2::sqr(gamma, v); // v^2 - Fp2::sqr(t2, gamma); // v^4 - Fp2::mul(t1, u, v); // uv - t1 *= gamma; // uv^3 - t1 *= t2; // uv^7 - Fp2::sqr(t2, t2); // v^8 - t2 *= t1; - Fp2::pow(gamma, t2, mapto.sqrtConst); - gamma *= t1; - Fp2 candi; - for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(mapto.root4); i++) { - Fp2::mul(candi, gamma, mapto.root4[i]); - Fp2::sqr(t1, candi); - t1 *= v; - if (t1 == u) { - z = candi; - return true; - } - } - z = gamma; - return false; -} - -// Proj -void py_ecc_iso_map_G2(const MapTo& mapto, G2& Q, const E2& P) -{ - Fp2 zpows[3]; - zpows[0] = P.z; - Fp2::sqr(zpows[1], zpows[0]); - Fp2::mul(zpows[2], zpows[1], zpows[0]); - Fp2 mapvals[4]; - mapto.evalPoly(mapvals[0], P.x, zpows, mapto.xnum); - mapto.evalPoly(mapvals[1], P.x, zpows, mapto.xden); - mapto.evalPoly(mapvals[2], P.x, zpows, mapto.ynum); - mapto.evalPoly(mapvals[3], P.x, zpows, mapto.yden); - mapvals[1] *= P.z; - mapvals[2] *= P.y; - mapvals[3] *= P.z; - Fp2::mul(Q.z, mapvals[1], mapvals[3]); - Fp2::mul(Q.x, mapvals[0], mapvals[3]); - Fp2::mul(Q.y, mapvals[1], mapvals[2]); -} - -// https://github.com/ethereum/py_ecc -void py_ecc_optimized_swu_G2(const MapTo& mapto, E2& P, const Fp2& t) -{ - Fp2 t2, t2xi, t2xi2; - Fp2::sqr(t2, t); - mapto.mul_xi(t2xi, t2); - Fp2::sqr(t2xi2, t2xi); - Fp2 nume, deno; - // (t^2 * xi)^2 + (t^2 * xi) - Fp2::add(deno, t2xi2, t2xi); - Fp2::add(nume, deno, 1); - nume *= mapto.g2B; - if (deno.isZero()) { - mapto.mul_xi(deno, mapto.g2A); - } else { - deno *= -mapto.g2A; - } - Fp2 u, v; - { - Fp2 deno2, tmp, tmp1, tmp2; - Fp2::sqr(deno2, deno); - Fp2::mul(v, deno2, deno); - - Fp2::mul(u, mapto.g2B, v); - Fp2::mul(tmp, mapto.g2A, nume); - tmp *= deno2; - u += tmp; - Fp2::sqr(tmp, nume); - tmp *= nume; - u += tmp; - } - Fp2 candi; - bool success = sqr_div(mapto, candi, u, v); - P.y = candi; - candi *= t2; - candi *= t; - u *= t2xi2; - u *= t2xi; - bool success2 = false; - for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(mapto.etas); i++) { - Fp2 t1; - Fp2::mul(t1, mapto.etas[i], candi); - Fp2::sqr(t2, t1); - t2 *= v; - if (t2 == u && !success && !success2) { - P.y = t1; - success2 = true; - } - } - assert(success || success2); - if (!success) { - nume *= t2xi; - } - if (mapto.isNegSign(t) != mapto.isNegSign(P.y)) { - Fp2::neg(P.y, P.y); - } - P.y *= deno; - P.x = nume; - P.z = deno; -} -// Proj -void py_ecc_map_to_curve_G2(const MapTo& mapto, G2& out, const Fp2& t) -{ - E2 P; - py_ecc_optimized_swu_G2(mapto, P, t); - py_ecc_iso_map_G2(mapto, out, P); -} /* in : Proj [X:Y:Z] out : Jacobi [A:B:C] @@ -231,50 +114,6 @@ void toJacobi(G2& out, const G2& in) out.z = in.z; } -void py_ecc_hash_to_G2(const MapTo& mapto, G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize) -{ - Fp2 t1, t2; - hashToFp2old(t1, msg, msgSize, 0, dst, dstSize); - hashToFp2old(t2, msg, msgSize, 1, dst, dstSize); - G2 P1, P2; - py_ecc_map_to_curve_G2(mapto, P1, t1); - py_ecc_map_to_curve_G2(mapto, P2, t2); - toJacobi(P1, P1); - toJacobi(P2, P2); - P1 += P2; - mapto.clear_h2(out, P1); -} - -void ethMsgToG2test(const std::string& fileName) -{ - const char *dst = "\x02"; - printf("name=%s\n", fileName.c_str()); - std::ifstream ifs(fileName.c_str()); - Uint8Vec buf; - G2 out; - for (;;) { - std::string msg, zero, ret; - ifs >> msg >> zero >> ret; - if (zero != "00") break; - buf = fromHexStr(msg); - ethMsgToG2(out, buf.data(), buf.size(), dst, strlen(dst)); - std::string s = toHexStr(out); - CYBOZU_TEST_EQUAL(s, ret); - } -} - -void ethMsgToG2testAll(const std::string& dir) - try -{ - cybozu::FileList list = cybozu::GetFileList(dir); - for (size_t i = 0; i < list.size(); i++) { - const cybozu::FileInfo& info = list[i]; - ethMsgToG2test(dir + "/" + info.name); - } -} catch (...) { - printf("skip test because `%s` is not found\n", dir.c_str()); -} - void testHMAC() { const char *key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; @@ -286,254 +125,6 @@ void testHMAC() CYBOZU_TEST_EQUAL(out, expect); } -void testHashToFp2() -{ - const char *msg = "the message to be signed"; - const char *dst = "\x02"; - const char *outS = "0xe54bc0f2e26071a79ba5fe7ae5307d39cf5519e581e03b43f39a431eccc258fa1477c517b1268b22986601ee5caa5ea 0x17e8397d5e687ff7f915c23f27fe1ca2c397a7df91de8c88dc82d34c9188a3ef719f9f20436ea8a5fe7d509fbc79214d"; - Fp2 out, ok; - ok.setStr(outS); - ethMsgToFp2(out, msg, strlen(msg), 0, dst, strlen(dst)); - CYBOZU_TEST_EQUAL(out, ok); -} - -void ethMsgToG2test() -{ - const char *msg = "the message to be signed"; - const char *dst = "\x02"; - const PointStr outS = { - { - "0x29670bca15e948605ae32ac737b719f926bc8cb99e980bf0542cada47f71a9f299f4d8c332776da38c8768ea719911", - "0x111b35c14e065f0af7bb2697cba31bd21f629c0d42f75411340ae608df3bc2572b746935a788caa6ef10014ee02a0bf0", - }, - { - "0xe99fd88ee5bd8272483b498245a59b34a22d4820cdd564fc044510210e6d8da62752ac467dac6421b330b2f62385305", - "0x199c95bcff2d9ae3486d12892740a35904deddc63d33d1080d498fbe1ce468a8efeb9d62e183c71f0a3bf58422e2f1a2", - }, - { - "0x147428ea49f35d9864bfc6685e0651f340f1201082c9dce4b99c72d45bf2d4deda4dcb151cefdfd1dd224c8bb85c8a71", - "0x7a14a1a0a8a27423e5d912879fec8054ae95f035642e3806fa514b9f1dbbb2bc1144dac067c52305e60e8bc421ad5b4", - }, - }; - G2 out, ok; - set(ok, outS); - ethMsgToG2(out, msg, strlen(msg), dst, strlen(dst)); - CYBOZU_TEST_EQUAL(out, ok); -} - -template -void py_eccTest(const T& mapto) -{ - /* - testHashToBaseFP2 - https://github.com/status-im/nim-blscurve/blob/de64516a5933a6e8ebb01a346430e61a201b5775/blscurve/hash_to_curve.nim#L492 - */ - { - const char *msg = "msg"; - uint8_t ctr = 0; - const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_"; - const char *expect = "18df4dc51885b18ca0082a4966b0def46287930b8f1c0b673b11ac48d19c8899bc150d83fd3a7a1430b0de541742c1d4 14eef8ca34b82d065d187a3904cb313dbb44558917cc5091574d9999b5ecfdd5af2fa3aea6e02fb253bf4ae670e72d55"; - Fp2 x; - ethMsgToFp2(x, msg, strlen(msg), ctr, dst, strlen(dst)); - CYBOZU_TEST_EQUAL(toHexStr(x), expect); - } - { - const Fp2Str u0s = { - "0x004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7", - "0x0e2386c82713441bc3b06a460bd81850f4bf376ea89c80b18c0881e855c58dc8e83b2fd23af983f4786508e30c42af01", - }; - const Fp2Str u1s = { - "0x08a6a75e0a8d32f1e096f29047ea879dd34a5504218d7ce92c32c244786822fb73fbf708d167ad86537468249ec6df48", - "0x07016d0e5e13cd65780042c6f7b4c74ae1c58da438c99582696818b5c229895b893318dcb87d2a65e557d4ebeb408b70", - }; - // return value of opt_swu2_map in bls_sigs_ref/python-impl/opt_swu_g2.py - const Fp2Str xs = { - "0x4861c41efcc5fc56e62273692b48da25d950d2a0aaffb34eff80e8dbdc2d41ca38555ceb8554368436aea47d16056b5", - "0x9db5217528c55d982cf05fc54242bdcd25f1ebb73372e00e16d8e0f19dc3aeabdeef2d42d693405a04c37d60961526a", - }; - const Fp2Str ys = { - "0x177d05b95e7879a7ddbd83c15114b5a4e9846fde72b2263072dc9e60db548ccbadaacb92cc4952d4f47425fe3c5e0172", - "0xfc82c99b928ed9df12a74f9215c3df8ae1e9a3fa54c00897889296890b23a0edcbb9653f9170bf715f882b35c0b4647", - }; - Fp2 u0, u1, x, y; - set(u0, u0s); - set(u1, u1s); - set(x, xs); - set(y, ys); - G2 P; - ethFp2ToG2(P, u0, &u1); - P.normalize(); - CYBOZU_TEST_EQUAL(P.x, x); - CYBOZU_TEST_EQUAL(P.y, y); - } - { - // https://media.githubusercontent.com/media/ethereum/eth2.0-spec-tests/v0.10.1/tests/general/phase0/bls/sign/small/sign_case_11b8c7cad5238946/data.yaml - const char *secs = "47b8192d77bf871b62e87859d653922725724a5c031afeabc60bcef5ff665138"; - const char msg[33] = {}; - const PointStr sigs = { - { - "2293012529822761631014706649736058250445440108079005633865844964288531978383212702502746862140143627562812967825888", - "1475696770777687381853347234154288535008294218073605500048435508284141334771039537063168112498702685312150787094910", - }, - { - "1469299105114671507318396580458717074245984116935623233990667855919962974356517750849608590897738614199799891365360", - "2030012464923141446228430710552804525466499055365665031199510204412192520245701820596000835423160058948948207746066", - }, - { - "3767430478723640173773019527754919617225964135305264831468522226308636862085707682484234512649553124965049251340541", - "1620434249170283311052688271749383011546709139865619017626863134580828776106815964830529695055765742705622363756158", - } - }; - const char *expect = "b2deb7c656c86cb18c43dae94b21b107595486438e0b906f3bdb29fa316d0fc3cab1fc04c6ec9879c773849f2564d39317bfa948b4a35fc8509beafd3a2575c25c077ba8bca4df06cb547fe7ca3b107d49794b7132ef3b5493a6ffb2aad2a441"; - Fr sec; - sec.setStr(secs, 16); - G2 P1, P2, Q; - set(Q, sigs); - Q.deserializeHexStr(expect); - const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_"; - const size_t dstSize = strlen(dst); - const size_t msgSize = 32; - Fp2 t1, t2; - ethMsgToFp2(t1, msg, msgSize, 0, dst, dstSize); - ethMsgToFp2(t2, msg, msgSize, 1, dst, dstSize); - py_ecc_map_to_curve_G2(mapto, P1, t1); - py_ecc_map_to_curve_G2(mapto, P2, t2); - const PointStr ss = { - { - "1972340536407012813644167184956896760015950618902823780657111692209122974250648595689834944711427684709284318183285", - "2952312506825835541808570850755873891927945826649651965587037814445801597710562388482713867284483531575836668891717", - }, - { - "2802951456840474233717338518518040462806475389210379447165158098937491293557221993219251045678976553989024259770721", - "2695848095528813794114709219550802586214789808214026789183854152760661360110019071654047951530688159586363471282307", - }, - { - "1480478729322062079370070638002133449414477155913782123147952976030053267833796311564176542916706247537348236105579", - "3253481872910728113595595353980041952789112074899014850028493351493155577726278005524067083458491999010934020984031", - } - }; - toJacobi(P1, P1); - toJacobi(P2, P2); - P1 += P2; - G2 P11; - set(P11, ss); - toJacobi(P11, P11); - CYBOZU_TEST_EQUAL(P1, P11); - const PointStr clears = { - { - "1957332172874233660214089655571851577083897125827848734477574606688306573833007308344920242234605652569670194263389", - "1116411061540418343539740639798030171984762250397980084002067231825141620343376868772345493606425790045780405764984", - }, - { - "1009600579479639236035097803661439342927513547544039095581093451111718225564873663970283187908867141796447259993680", - "1036550257360332982249682819433119008785814033355112815293516573225867246356464383591412294871954385805192773093413", - }, - { - "1455356692682887406712747484663891805342757123109829795478648571883713143907445859929832639473694165616164972254859", - "625703068888812559481386371501827420717093467297957594257224036896125014497486535098535016737064365426613580045089", - }, - }; - set(P11, clears); - mapto.clear_h2(P1, P1); - toJacobi(P11, P11); - CYBOZU_TEST_EQUAL(P1, P11); - py_ecc_hash_to_G2(mapto, P1, msg, msgSize, dst, dstSize); - CYBOZU_BENCH_C("py_ecc_hash_to_G2", 1000, py_ecc_hash_to_G2, mapto, P1, msg, msgSize, dst, dstSize); - CYBOZU_TEST_EQUAL(P1, P11); - ethMsgToG2(P1, msg, msgSize, dst, dstSize); - CYBOZU_TEST_EQUAL(P1, P11); - set(P11, sigs); - toJacobi(P11, P11); - P1 *= sec; - CYBOZU_TEST_EQUAL(P1, P11); - CYBOZU_TEST_EQUAL(P1.serializeToHexStr(), expect); - } -} - -template -void testSign(const T& mapto) -{ - Fp H = -1; - H /= 2; - const size_t N = 4; - const Fp tbl[N] = { 0, 1, H, H + 1 }; - const int expect[N][N] = { - { 1, 1, 1, -1 }, - { 1, 1, 1, -1 }, - { 1, 1, 1, -1 }, - { -1, 1, 1, -1 }, - }; - Fp2 t; - for (size_t i = 0; i < N; i++) { - t.a = tbl[i]; - for (size_t j = 0; j < N; j++) { - t.b = tbl[j]; - CYBOZU_TEST_EQUAL(mapto.isNegSign(t), (expect[i][j] < 0)); - } - } -} - -template -void osswu2_helpTest(const T& mapto) -{ - const struct { - Fp2Str t; - Fp2Str x; - Fp2Str y; - Fp2Str z; - } tbl[] = { - { - { - "0xe54bc0f2e26071a79ba5fe7ae5307d39cf5519e581e03b43f39a431eccc258fa1477c517b1268b22986601ee5caa5ea", - "0x17e8397d5e687ff7f915c23f27fe1ca2c397a7df91de8c88dc82d34c9188a3ef719f9f20436ea8a5fe7d509fbc79214d", - }, - { - "0x11d568058220b1826cacde2e367beef98ea1edfde5fbf0491231b7ffdfc867e5269f9cfe65347c32ead182ba6b8c3ba1", - "0x19f2778213e671ac444b1b579bfdf4e7fabeed9626dc909ce243b60397a6b5f65af0fbbe02a43c1e289f28c927012da1", - }, - { - "0xfe17bc695a84ec060b6287a4e77a50f65ba8f2c6c433f8131036ddfe34e3071d1cb71c0000f6bcfada947b19d8588df", - "0xb76abd285945f787721e7e306895149523941586ac44f25a294c406a70ed570020992025aa307777cfe6c590567dfbe", - }, - { - "0x1910249ae63241608e013eb13578b9b3d96774d35e5732fc75efd17c212dd310d7f4016d6f212f62f33d34f10252e3e3", - "0xdcd076cea67c76a6d0594c8f30c8cd8e9ead24f90870f723228f2203a55e04a5517c426ea2c4bae9d37a11c3d0f1912", - }, - }, - { - { - "0x2a8663422cc279aa8591819195a62cfd57357b7bcb6f4a9174275c2e2e754fb23e2f8a444d0d164990dc03dcb95a129", - "0x15cf611083511955a70fdcc80cb08c6e22b8043a3038065251d4d3f82c6051bac4933e41d589514c42fba13f78f297ef", - }, - { - "0x74ee12dce0c9a8836017172b562ebe491273964dd63df71dea6eb778cd9040e8c9a7136e745013c1def93cc57ef0dae", - "0xedce8fa83a2435a796d207943b14ea4d1a9850e10a6c2035912f1c5bd579e9cabc54027b87a779af28f380cc5edc8a6", - }, - { - "0x11367627461d742b4afac12bd789f1437787f2dc675cf2c7896f004ab8480c06cd06589748d8b9791b4969763962f73c", - "0x101d8e4c1598e72d943dad4695cfa74236d5065345f1e62e62c75ca30cb0c41c3f6197d7c57d46e8cdd07845d77e1e34", - }, - { - "0x3952479e45a0826275c1481fbd78a2b4c5076b6a5cd4ad7e132c1ec460dcaef504943e2c6a969ba182e230da3850b4", - "0x13b8e64e2e233d1dc4506360c3bff93535642c2d3115c53c049e287e35c03212be882f0618cc50557e55b42be53e4893", - }, - }, - }; - for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) { - Fp2 t, x, y, z; - E2 P; - set(t, tbl[i].t); - set(x, tbl[i].x); - set(y, tbl[i].y); - set(z, tbl[i].z); - mapto.osswu2_help(P, t); - CYBOZU_TEST_EQUAL(P.x, x); - CYBOZU_TEST_EQUAL(P.y, y); - CYBOZU_TEST_EQUAL(P.z, z); -// CYBOZU_TEST_ASSERT(P.isValid()); - } -} - void addTest() { const struct Tbl { @@ -653,39 +244,6 @@ void iso3Test(const T& mapto) CYBOZU_TEST_EQUAL(Q1, Q2); } -void ethFp2ToG2test() -{ - const Fp2Str t1s = { - "0xafcfb20d836159f0cfb6f48c0ed808fd97a1cd1b9f1eb14451ff59e3884b1bf7665406cce673d434dde6933bdcf0ec9", - "0x36714c33fa9c79b0bb9ac963f57b2d2b2659e211893e64292ee2a8c1259b1a834a769782bae17202b537a1fe901c55e", - }; - const Fp2Str t2s = { - "0xb9a2f39af0cc3264348ed00845545e2ccbed59ea541c726c8429871f9a0917fb4f7e049ac739065eea8354a2d1b2d21", - "0xc8810a06deb536d70531352bd2a3aac7496e187a8fc102d800c5f8ed839bd64d7102197aeb2b6164d20ff920ff63afe", - }; - const PointStr t1t2s = { - { - "0x126b4982298792ed049850bb92b55d26c33a8e3139f9ca1a20821496c7396ce5ad9042b0da529e60ec9c3ff8e983befe", - "0x11c1d2f6a6a81e1f82dee2278968326e23e6ae469252a51d86673bd8fb333b7bca615b63a068692ff419c5f3e388797b", - }, - { - "0x92468e5829b26cc976aff103403b4b5304dd206228c6eb84ecf7b45709307390bf29dced39f9aa037b014ad6fb5a6e4", - "0x5bd54eef1fdade89c98ab5c27d3dd9e18868af4250ff3a49de71d060ab62b7be039a3b2a8ef0c870d9021f6eae22029", - }, - { - "0x154920adb9d857620c2835f4a5445bda35da53411710d559b18430f1b48c7cf2048cc275e0a9e01436d355f76fa0a9ec", - "0xccc404e5d17aa51f7669402916cf86587ce7cd9c657e90b05d7c8860940f741e62628df420d92c659d159d4b7683cce", - }, - }; - Fp2 t1, t2; - set(t1, t1s); - set(t2, t2s); - G2 P1, P2; - set(P1, t1t2s); - ethFp2ToG2(P2, t1, &t2); - CYBOZU_TEST_EQUAL(P1, P2); -} - void testVec(const char *file) { std::ifstream ifs(file); @@ -711,147 +269,6 @@ void testVec(const char *file) } } -template -void py_eccTest2(const T& mapto) -{ - Fp2Str ts = { - "1918231859236664604157448091070531325862162392395253569013354101088957561890652491757605826252839368362075816084620", - "1765592454498940438559713185757713516213027777891663285362602185795653989012303939547547418058658378320847225866857", - }; - PointStr out1s = { - { - "3927184272261705576225284664838663573624313247854459615864888213007837227449093837336748448846489186151562481034580", - "1903293468617299241460799312855927163610998535569367868293984916087966126786510088134190993502241498025510393259948", - }, - { - "3991322739214666504999201807778913642377537002372597995520099276113880862779909709825029178857593814896063515454176", - "2999367925154329126226224834594837693635617675385117964685771461463180146028553717562548600391126160503718637741311", - }, - { - "2578853905647618145305524664579860566455691148296386065391659245709237478565628968511959291772795541098532647163712", - "3910188857576114167072883940429120413632909260968721432280195359371907407125083761682822023489835923188989938783197", - }, - }; - PointStr out2s = { - { - "3257676086538823567761244186080544403330427395946948635449582231233180442322077484215757257097813156392664917178234", - "228537154970146118588036771068753907531432250550232803895899422656339347346840810590265440478956079727608969412311", - }, - { - "2211656311977487430400091470761449132135875543285725344573261083165139360734602590585740129428161178745780787382986", - "40258781102313547933704047733645277081466097003572358028270922475602169023300010845551344432311507156784289541037", - }, - { - "3554635405737095173231135338330740471713348364117258010850826274365262386961694608537862757803628655357449929362973", - "3305133470803621861948711123350198492693369595391902116552614265910644738630055172693143208260379598437272858586799", - }, - }; - Fp2 t; - set(t, ts); - E2 p, q; - py_ecc_optimized_swu_G2(mapto, p, t); - set(q, out1s); - CYBOZU_TEST_EQUAL(p.x, q.x); - CYBOZU_TEST_EQUAL(p.y, q.y); - CYBOZU_TEST_EQUAL(p.z, q.z); - G2 P, Q; - set(P, out2s); - py_ecc_map_to_curve_G2(mapto, Q, t); - CYBOZU_TEST_EQUAL(P, Q); -} - -template -void testHashToFp2v6(const T& mapto) -{ - const struct { - const char *msg; - const char *dst; - const Fp2Str s[2]; - } tbl[] = { - { - // from draft-irtf-cfrg-hash-to-curve/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json.swp - "abc", - "BLS12381G2_XMD:SHA-256_SSWU_RO_TESTGEN", - { - { - "0x0b7b2d371fc970671ddf7bc9ca4a70a1bd286af4487b497e460c0b44d405d73db576f8a08d59416cc976d4b1d0100775", - "0x0e86d0eb2d34c34fe8b2a1f2d999fa3dabcd504fdb4beb57e79756b08fd75b0a82660abc6026ecc4ccf327a522587b38", - }, - { - "0x10376d048c060df1c5017a363144c482892fe2ce0061094327b8bbe49a713ce795726aa23b5402a271e9f1e7b9b6c7ba", - "0x0117f2ea63015e192d759f11a658a002e06112147d90f00d7429722456b9a1c63fef2dbe8df13168e3bd40af2fb959f3", - }, - } - }, - { - "asdf", - "QUUX-V01-CS02", - { - { - "2036684013374073670470642478097435082393965905216073159069132582313283074894808330704754509140183015844408257838394", - "1442095344782436377607687657711937282361342321405422912347590889376773969332935605209326528060836557922932229521614", - }, - { - "712603160732423529538850938327197859251773848793464448294977148617985113767869616209273456982966659285651019780554", - "3549454379036632156704729135192770954406411172309331582430747991672599371642148666322072960024366511631069032927782", - }, - } - }, - { - "asdf", - "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_", - { - { - "1184058645632270717238802026167521675640665254051621677891229161275546248273726163051942698406031256547695641333159", - "2796840541941870488250990266864713579761728392052042558603386652320835698725612365412314296122895578014688997245820", - }, - { - "1432011693332698211658748968085869636612625272476301004513458304498234062483485462991424286092448663756703927705584", - "3596297820733241889565943496970554637589864863833863117721478512486741539397910569381754340032782454436609027606827", - }, - } - }, - }; - for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) { - const char *msg = tbl[i].msg; - const char *dst = tbl[i].dst; - const Fp2Str *expectStr = tbl[i].s; - Fp2 out[2]; - mapto.hashToFp2(out, msg, strlen(msg), dst, strlen(dst)); - Fp2 expect[2]; - for (int j = 0; j < 2; j++) { - set(expect[j], expectStr[j]); - CYBOZU_TEST_EQUAL(out[j], expect[j]); - } - if (i == 0) { - // from draft-irtf-cfrg-hash-to-curve/poc/vectors/BLS12381G2_XMD:SHA-256_SSWU_RO_.json.swp - const Fp2Str xys[] = { - { - "0x0b6d276d0bfbddde617a9ab4c175b07c9c4aecad2cdd6cc9ca541b61334a69c58680ef5692bbad03d2f572838df32b66", - "0x139e9d78ff6d9d163f979d14a64c5e57f82f1ef7e42ece338b571a9e92c0666f0f6bf1a5fc21e2d32bcb6432eab7037c", - }, - { - "0x022f9ee5d596d06c5f2f735c3c5f743978f79fd57bf7d4291e221227f490d3f276066de9f9edc89c57e048ef4cf0ef72", - "0x14dd23517516a80d1d840e34f51dfb76946c7670fca0f36ad8ec9bde4ea82dfae119a21b076519bcc1c00152989a4d45", - }, - }; - G2 P; - mapto.opt_swu2_map(P, out[0], &out[1]); - P.normalize(); - Fp2 t; - set(t, xys[0]); - CYBOZU_TEST_EQUAL(P.x, t); - set(t, xys[1]); - CYBOZU_TEST_EQUAL(P.y, t); - } - } - G2 P; - mcl::bn::hashAndMapToG2(P, "asdf", 4); - CYBOZU_BENCH_C("draft06 hashAndMapToG2", 1000, mcl::bn::hashAndMapToG2, P, "asdf", 4); - P.normalize(); -// printf("P=%s %s\n", P.x.getStr(10).c_str(), P.y.getStr(10).c_str()); -} - template void testHashToFp2v7(const T& mapto) { @@ -1225,24 +642,11 @@ CYBOZU_TEST_AUTO(test) { initPairing(mcl::BLS12_381); Fp::setETHserialization(true); - bn::setMapToMode(MCL_MAP_TO_MODE_WB19); + bn::setMapToMode(MCL_MAP_TO_MODE_HASH_TO_CURVE_07); const MapTo& mapto = BN::param.mapTo.mapTo_WB19_; - py_eccTest(mapto); - py_eccTest2(mapto); - osswu2_helpTest(mapto); addTest(); iso3Test(mapto); - testSign(mapto); - ethFp2ToG2test(); testHMAC(); - testHashToFp2(); - ethMsgToG2test(); - testVec("../misc/mapto/fips_186_3_B233.txt"); - testVec("../misc/mapto/misc.txt"); - ethMsgToG2testAll("../bls_sigs_ref/test-vectors/hash_g2/"); - bn::setMapToMode(MCL_MAP_TO_MODE_HASH_TO_CURVE_06); - testHashToFp2v6(mapto); - bn::setMapToMode(MCL_MAP_TO_MODE_HASH_TO_CURVE_07); testHashToFp2v7(mapto); testEth2phase0(); testSswuG1(mapto);