From fc1b24d5e13ca094c13a37cc911bdc13faad222a Mon Sep 17 00:00:00 2001 From: MITSUNARI Shigeo Date: Thu, 23 Jan 2020 09:16:16 +0900 Subject: [PATCH] add msgToG2 --- include/mcl/bn.hpp | 12 ++++++++++-- include/mcl/mapto_wb19.hpp | 13 +++++++------ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index a71a007..32f3928 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -332,7 +332,7 @@ struct MapTo { int type_; int mapToMode_; bool useOriginalG2cofactor_; - MapToG2_WB19 maptog2_wb19_; + MapToG2_WB19 mapToG2_WB19_; MapTo() : type_(0) , mapToMode_(MCL_MAP_TO_MODE_ORIGINAL) @@ -542,7 +542,7 @@ struct MapTo { break; case MCL_MAP_TO_MODE_WB19: mapToMode_ = mode; - maptog2_wb19_.init(); + mapToG2_WB19_.init(); return true; break; default: @@ -616,6 +616,10 @@ struct MapTo { } bool calc(G2& P, const Fp2& t, bool fast = false) const { + if (mapToMode_ == MCL_MAP_TO_MODE_WB19) { + mapToG2_WB19_.opt_swu2_map(P, t); + return true; + } if (!mapToEc(P, t)) return false; if (mapToMode_ == MCL_MAP_TO_MODE_ETH2) { Fp2 negY; @@ -2175,6 +2179,10 @@ inline void hashAndMapToG1(G1& P, const void *buf, size_t bufSize) } inline void hashAndMapToG2(G2& P, const void *buf, size_t bufSize) { + if (getMapToMode() == MCL_MAP_TO_MODE_WB19) { + BN::param.mapTo.mapToG2_WB19_.msgToG2(P, buf, bufSize); + return; + } Fp2 t; t.a.setHashOf(buf, bufSize); t.b.clear(); diff --git a/include/mcl/mapto_wb19.hpp b/include/mcl/mapto_wb19.hpp index ba6662b..2663fe2 100644 --- a/include/mcl/mapto_wb19.hpp +++ b/include/mcl/mapto_wb19.hpp @@ -9,14 +9,15 @@ */ // ctr = 0 or 1 or 2 -inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize, bool addZero = true) +inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize) { + const bool addZeroByte = false; // append zero byte to msg assert(ctr <= 2); const size_t degree = 2; uint8_t msg_prime[32]; // add '\0' at the end of dst // see. 5.3. Implementation of https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve - if (addZero) { + if (addZeroByte) { fp::hkdf_extract_addZeroByte(msg_prime, reinterpret_cast(dst), dstSize, reinterpret_cast(msg), msgSize); } else { fp::hkdf_extract(msg_prime, reinterpret_cast(dst), dstSize, reinterpret_cast(msg), msgSize); @@ -484,17 +485,17 @@ struct MapToG2_WB19 { iso3(P, Pp); clear_h2(P, P); } - void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize, bool addZero = true) const + void map2curve_osswu2(G2& out, const void *msg, size_t msgSize, const void *dst, size_t dstSize) const { Fp2 t1, t2; - hashToFp2(t1, msg, msgSize, 0, dst, dstSize, addZero); - hashToFp2(t2, msg, msgSize, 1, dst, dstSize, addZero); + hashToFp2(t1, msg, msgSize, 0, dst, dstSize); + hashToFp2(t2, msg, msgSize, 1, dst, dstSize); opt_swu2_map(out, t1, &t2); } void msgToG2(G2& out, const void *msg, size_t msgSize) const { const char *dst = "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_"; - map2curve_osswu2(out, msg, msgSize, dst, strlen(dst), false); + map2curve_osswu2(out, msg, msgSize, dst, strlen(dst)); } };