feat: implement the SSWU hash_to_curve for secp256k1 (#110)

* feat: add "iso_map" for secp256k1 h2c func * feat: update "simple_svdw_hash_to_curve" * refactor: update the "secp256k1" & "secp256r1" * refactor: add new "simple_svdw_hash_to_curve_with_iso_map" func * feat: add new curve "IsoSecp256k1" * feat: update the H2C logic of "Secp256k1" curve * fix: improve the "iso_map_secp256k1" func * chore: fmt * fix: roll back the "simple_svdw_map_to_curve" func signature * fix: rename the "simple_svdw_*" with "sswu_*" * chore: refactor the testing in "secp256k1" curve * refactor: create "utils" module & move "fe_from_str" * refactor: use "fe_from_str" in "hash_to_curve" module * fix: remove unnecessary func since we use projective coordinates * chore: move the "iso_map_secp256k1" * chore: fix the constants import * chore: fix the constants import (1) * chore: fix the type
privacy-scaling-explorations · Dec 22, 2023 · 534da5b · 534da5b
1 parent c7f8867
commit 534da5b
Show file tree

Hide file tree

Showing 7 changed files with 318 additions and 91 deletions.
diff --git a/src/hash_to_curve.rs b/src/hash_to_curve.rs
@@ -5,7 +5,10 @@ use pasta_curves::arithmetic::CurveExt;
 use static_assertions::const_assert;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
-use crate::ff_ext::Legendre;
+use crate::{
+    ff_ext::Legendre,
+    secp256k1::{iso_map_secp256k1, IsoSecp256k1, Secp256k1},
+};
 
 /// Hashes over a message and writes the output to all of `buf`.
 /// Modified from https://github.com/zcash/pasta_curves/blob/7e3fc6a4919f6462a32b79dd226cb2587b7961eb/src/hashtocurve.rs#L11.
@@ -87,7 +90,7 @@ fn hash_to_field<F: FromUniformBytes<64>>(
 
 // Implementation of <https://datatracker.ietf.org/doc/html/rfc9380#name-simplified-swu-method>
 #[allow(clippy::too_many_arguments)]
-pub(crate) fn simple_svdw_map_to_curve<C>(u: C::Base, z: C::Base) -> C
+pub(crate) fn sswu_map_to_curve<C>(u: C::Base, z: C::Base) -> C
 where
     C: CurveExt,
 {
@@ -151,8 +154,9 @@ where
     C::new_jacobian(x, y, one).unwrap()
 }
 
+// Implementation of <https://datatracker.ietf.org/doc/html/rfc9380#name-simplified-swu-method>
 #[allow(clippy::type_complexity)]
-pub(crate) fn simple_svdw_hash_to_curve<'a, C>(
+pub(crate) fn sswu_hash_to_curve<'a, C>(
     curve_id: &'static str,
     domain_prefix: &'a str,
     z: C::Base,
@@ -165,14 +169,30 @@ where
         let mut us = [C::Base::ZERO; 2];
         hash_to_field("SSWU", curve_id, domain_prefix, message, &mut us);
 
-        let [q0, q1]: [C; 2] = us.map(|u| simple_svdw_map_to_curve(u, z));
+        let [q0, q1]: [C; 2] = us.map(|u| sswu_map_to_curve::<C>(u, z));
 
         let r = q0 + &q1;
         debug_assert!(bool::from(r.is_on_curve()));
         r
     })
 }
 
+// Implementation of <https://datatracker.ietf.org/doc/html/rfc9380#name-simplified-swu-for-ab-0>
+#[allow(clippy::type_complexity)]
+pub(crate) fn sswu_hash_to_curve_secp256k1<'a>(
+    _curve_id: &'static str,
+    domain_prefix: &'a str,
+) -> Box<dyn Fn(&[u8]) -> Secp256k1 + 'a> {
+    Box::new(move |message| {
+        let rp = IsoSecp256k1::hash_to_curve(domain_prefix)(message);
+
+        let r = iso_map_secp256k1(rp);
+
+        debug_assert!(bool::from(r.is_on_curve()));
+        r
+    })
+}
+
 #[allow(clippy::too_many_arguments)]
 pub(crate) fn svdw_map_to_curve<C>(
     u: C::Base,

diff --git a/src/lib.rs b/src/lib.rs
@@ -14,6 +14,8 @@ pub mod secp256k1;
 pub mod secp256r1;
 pub mod secq256k1;
 
+pub mod utils;
+
 #[macro_use]
 mod derive;