ep.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2020-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Ilias Khairullin <ilias@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 
26 #ifndef CRYPTO3_ALGEBRA_CURVES_HASH_TO_CURVE_HPP
27 #define CRYPTO3_ALGEBRA_CURVES_HASH_TO_CURVE_HPP
28 
29 #include <nil/crypto3/algebra/curves/detail/h2c/h2c_suites.hpp>
30 #include <nil/crypto3/algebra/curves/detail/h2c/h2c_m2c.hpp>
31 #include <nil/crypto3/algebra/curves/detail/h2c/h2c_expand.hpp>
32 
33 #include <type_traits>
34 
35 #include <nil/crypto3/multiprecision/cpp_int.hpp>
36 
37 namespace nil {
38  namespace crypto3 {
39  namespace algebra {
40  namespace curves {
41  namespace detail {
42  using namespace nil::crypto3::multiprecision;
43 
44  template<typename GroupType>
45  struct ep_map {
46  typedef h2c_suite<GroupType> suite_type;
47 
48  typedef typename suite_type::group_value_type group_value_type;
49  typedef typename suite_type::field_value_type field_value_type;
50  typedef typename suite_type::modular_type modular_type;
51  typedef typename suite_type::modular_backend modular_backend;
52 
53  typedef nil::crypto3::multiprecision::modular_params<modular_backend> modular_params_type;
54 
55  typedef typename suite_type::hash_type hash_type;
56 
57  constexpr static std::size_t m = suite_type::m;
58  constexpr static std::size_t L = suite_type::L;
59  constexpr static std::size_t k = suite_type::k;
60  constexpr static const modular_params_type p_modulus_params = suite_type::p;
61 
62  typedef expand_message_xmd<k, hash_type> expand_message_ro;
63  // typedef expand_message_xof<k, hash_type> expand_message_nu;
64 
65  static_assert(m == 1, "underlying field has wrong extension");
66 
67  template<typename InputType, typename DstType,
68  typename = typename std::enable_if<
69  std::is_same<std::uint8_t, typename InputType::value_type>::value &&
70  std::is_same<std::uint8_t, typename DstType::value_type>::value>::type>
71  static inline group_value_type hash_to_curve(const InputType &msg, const DstType &dst) {
72  auto u = hash_to_field<2, expand_message_ro>(msg, dst);
73  group_value_type Q0 = map_to_curve<GroupType>::process(u[0]);
74  group_value_type Q1 = map_to_curve<GroupType>::process(u[1]);
75  return clear_cofactor(Q0 + Q1);
76  }
77 
78  // template<typename InputType, typename = typename std::enable_if<std::is_same<
79  // std::uint8_t, typename InputType::value_type>::value>::type>
80  // static inline group_value_type encode_to_curve(const InputType &msg) {
81  // auto u = hash_to_field<1>(msg);
82  // group_value_type Q = map_to_curve(u[0]);
83  // return clear_cofactor(Q);
84  // }
85 
86  // private:
87  template<std::size_t N, typename expand_message_type, typename InputType, typename DstType,
88  typename = typename std::enable_if<
89  std::is_same<std::uint8_t, typename InputType::value_type>::value &&
90  std::is_same<std::uint8_t, typename DstType::value_type>::value>::type>
91  static inline std::array<field_value_type, N> hash_to_field(const InputType &msg,
92  const DstType &dst) {
93  std::array<std::uint8_t, N * m * L> uniform_bytes {0};
94  expand_message_type::process(N * m * L, msg, dst, uniform_bytes);
95 
96  cpp_int e;
97  std::array<modular_type, m> coordinates;
98  std::array<field_value_type, N> result;
99  for (std::size_t i = 0; i < N; i++) {
100  for (std::size_t j = 0; j < m; j++) {
101  auto elm_offset = L * (j + i * m);
102  import_bits(e, uniform_bytes.begin() + elm_offset,
103  uniform_bytes.begin() + elm_offset + L);
104  coordinates[j] = modular_type(e, p_modulus_params);
105  }
106  result[i] = field_value_type(coordinates[0]);
107  }
108 
109  return result;
110  }
111 
112  static inline group_value_type clear_cofactor(const group_value_type &R) {
113  return R * suite_type::h_eff;
114  }
115  };
116  } // namespace detail
117  } // namespace curves
118  } // namespace algebra
119  } // namespace crypto3
120 } // namespace nil
121 
122 #endif // CRYPTO3_ALGEBRA_CURVES_HASH_TO_CURVE_HPP
h2c_suites.hpp
nil::crypto3::algebra::curves::detail::expand_message_xmd
Definition: h2c_expand.hpp:57
h2c_expand.hpp
h2c_m2c.hpp
nil
Definition: pair.hpp:31
nil::crypto3::algebra::curves::detail::ep_map
Definition: ep.hpp:45
nil::crypto3::algebra::curves::detail::ep_map::modular_type
suite_type::modular_type modular_type
Definition: ep.hpp:50
nil::crypto3::algebra::curves::detail::ep_map::suite_type
h2c_suite< GroupType > suite_type
Definition: ep.hpp:46
nil::crypto3::algebra::curves::detail::ep_map::clear_cofactor
static group_value_type clear_cofactor(const group_value_type &R)
Definition: ep.hpp:112
nil::crypto3::algebra::curves::detail::ep_map::hash_to_field
static std::array< field_value_type, N > hash_to_field(const InputType &msg, const DstType &dst)
Definition: ep.hpp:91
nil::crypto3::algebra::curves::detail::ep_map::modular_params_type
nil::crypto3::multiprecision::modular_params< modular_backend > modular_params_type
Definition: ep.hpp:53
nil::crypto3::algebra::curves::detail::ep_map::hash_to_curve
static group_value_type hash_to_curve(const InputType &msg, const DstType &dst)
Definition: ep.hpp:71
nil::crypto3::algebra::curves::detail::ep_map::hash_type
suite_type::hash_type hash_type
Definition: ep.hpp:55
nil::crypto3::algebra::curves::detail::ep_map::group_value_type
suite_type::group_value_type group_value_type
Definition: ep.hpp:48
nil::crypto3::algebra::curves::detail::ep_map::expand_message_ro
expand_message_xmd< k, hash_type > expand_message_ro
Definition: ep.hpp:62
nil::crypto3::algebra::curves::detail::ep_map::modular_backend
suite_type::modular_backend modular_backend
Definition: ep.hpp:51
nil::crypto3::algebra::curves::detail::ep_map::field_value_type
suite_type::field_value_type field_value_type
Definition: ep.hpp:49
nil::crypto3::algebra::curves::detail::h2c_suite
Definition: algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_suites.hpp:48
nil::crypto3::algebra::curves::detail::map_to_curve
Definition: h2c_m2c.hpp:96