Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests/bn254 vectors #203

Merged
merged 10 commits into from
Jun 6, 2022
Merged

Tests/bn254 vectors #203

merged 10 commits into from
Jun 6, 2022

Conversation

Tabaie
Copy link
Contributor

@Tabaie Tabaie commented May 31, 2022

No description provided.

@Tabaie Tabaie changed the base branch from master to develop May 31, 2022 16:25
@Tabaie
Copy link
Contributor Author

Tabaie commented Jun 2, 2022

Note on naming: (we've discussed it before but I think it is now clearer in the code)

  • mapToCurve is the raw underlying SdvW or SSWU map, taking in a field element and applying no isogeny or cofactor clearing. The other three guarantee their output to be in the cryptographic group (i.e. on the curve, with cofactor cleared)

  • MapToG maps a field element to the cryptographic group

  • EncodeToG maps a byte slice to the cryptographic group

  • HashToG maps a byte slice to the cryptographic group uniformly

All SSWU maps follow this scheme, along with BN254. The other SvdW's will follow it when we generify.

@Tabaie Tabaie requested a review from gbotrel June 2, 2022 18:08
@Tabaie Tabaie marked this pull request as ready for review June 2, 2022 18:08
@Tabaie Tabaie requested a review from yelhousni June 2, 2022 18:09
yelhousni
yelhousni requested changes Jun 3, 2022
View reviewed changes
Copy link
Collaborator

@yelhousni yelhousni left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM except for Svdw hash-to-g2 constants for BN254. If I'm not mistaken, the sage script in the standard (find_z_svdw(Fp2, 0, 3/(u+9)) where Fp2.<u>=GF(p^2,modulus=[1,0,1]) and p=0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) outputs Z=1 which is Z.A0=1 and not Z.A1=1. So the constants should be instead:

    Z.A0.SetString("1")
    c1.A0.SetString("19485874751759354771024239261021720505790618469301721065564631296452457478374")
    c1.A1.SetString("266929791119991161246907387137283842545076965332900288569378510910307636690")
    c2.A0.SetString("10944121435919637611123202872628637544348155578648911831344518947322613104291")
    c3.A0.SetString("2896050631867192331397261833972217924632033787908606332265566319765989907291")
    c3.A1.SetString("69234539592135073670822051309638369246835028322499721100120497037563571475")
    c4.A0.SetString("10499238450719652342378357227399831140106360636427411350395554762472100376473")
    c4.A1.SetString("6940174569119770192419592065569379906172001098655407502803841283667998553941")

I checked these locally and the tests pass except the test vectors of course which should be regenerated accordingly.

@Tabaie can you please double check this?

ecc/bn254/hash_to_g2.go Outdated Show resolved Hide resolved
@yelhousni yelhousni merged commit 67da2d1 into develop Jun 6, 2022
@yelhousni yelhousni deleted the tests/bn254-vectors branch June 6, 2022 11:01
@gbotrel gbotrel mentioned this pull request Aug 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yelhousni yelhousni yelhousni approved these changes

@gbotrel gbotrel gbotrel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Tabaie @gbotrel @yelhousni