Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash to G assumes data is in montgomery form #186

Closed
darcys22 opened this issue Aug 17, 2023 · 2 comments
Closed

Hash to G assumes data is in montgomery form #186

darcys22 opened this issue Aug 17, 2023 · 2 comments

Comments

@darcys22
Copy link

This code spans both the bls and mcl libraries but in bls/src/bls_c_impl.hpp this function that takes the binary of a hash and maps it to a point:

#ifndef BLS_MINIMUM_API
template<class G>
inline bool toG(G& Hm, const void *h, mclSize size)
{
    if (g_irtfHashAndMap) {
        hashAndMapToG(Hm, h, size);
        return true;
    }
    // backward compatibility
    Fp t;
    std::cout << "t is Mont: " << t.isMont() << '\n'; // Debugging line added here
    t.setArrayMask((const uint8_t *)h, size);
...
}

The debugging line returns this:

t is Mont: 1

The effects of this being that when setArrayMask is called:

	template<class S>
	void setArrayMask(const S *x, size_t n)
	{
		const size_t dstByte = sizeof(Unit) * op_.N;
		if (sizeof(S) * n > dstByte) {
			n = dstByte / sizeof(S);
		}
		bool b = fp::convertArrayAsLE(v_, op_.N, x, n);
		assert(b);
		(void)b;
		bint::maskN(v_, op_.N, op_.bitSize);
		if (bint::cmpGeN(v_, op_.p, op_.N)) {
			bint::maskN(v_, op_.N, op_.bitSize - 1);
		}
		toMont();
	}

The data going into v_ will be assumed to be already in montgomery form and the toMont() function will be a noop.

This might be a non-issue because the point that the data gets mapped to is somewhat arbitrary and as long as its consistent I don't think it cause issues. But when trying to match this behaviour in another non c++ library where we haven't got montgomery functions this has caused some difficulty.

Is there a way to set Fp to be not in montgomery form before this setArrayMask happens? (Calling fromMont() on the uninitialized t variable perhaps?) and will this cause issues in other places?
@herumi
Copy link
Owner

herumi commented Aug 18, 2023

The data going into v_ will be assumed to be already in montgomery form and the toMont() function will be a noop.

No, Fp::isMont() == true means that v_ must be in Montgomery form, so setArrayMask takes a given array and must convert it into a Montgomery form by calling toMont().
toMont() does nothing unless isMont() is true.
Then setArrayMask can set the same value whether isMont() is true or not.

@darcys22
Copy link
Author

My mistake! thanks for the clarification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@herumi @darcys22