Skip to content

Tests/bn254 vectors#203

Merged
yelhousni merged 10 commits intodevelopfrom
tests/bn254-vectors
Jun 6, 2022
Merged

Tests/bn254 vectors#203
yelhousni merged 10 commits intodevelopfrom
tests/bn254-vectors

Conversation

@Tabaie
Copy link
Copy Markdown
Contributor

@Tabaie Tabaie commented May 31, 2022

No description provided.

@Tabaie Tabaie changed the base branch from master to develop May 31, 2022 16:25
@Tabaie
Copy link
Copy Markdown
Contributor Author

Tabaie commented Jun 2, 2022

Note on naming: (we've discussed it before but I think it is now clearer in the code)

  • mapToCurve is the raw underlying SdvW or SSWU map, taking in a field element and applying no isogeny or cofactor clearing. The other three guarantee their output to be in the cryptographic group (i.e. on the curve, with cofactor cleared)

  • MapToG maps a field element to the cryptographic group

  • EncodeToG maps a byte slice to the cryptographic group

  • HashToG maps a byte slice to the cryptographic group uniformly

All SSWU maps follow this scheme, along with BN254. The other SvdW's will follow it when we generify.

@Tabaie Tabaie requested a review from gbotrel June 2, 2022 18:08
@Tabaie Tabaie marked this pull request as ready for review June 2, 2022 18:08
@Tabaie Tabaie requested a review from yelhousni June 2, 2022 18:09
yelhousni
yelhousni requested changes Jun 3, 2022
View reviewed changes
Copy link
Copy Markdown
Collaborator

@yelhousni yelhousni left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM except for Svdw hash-to-g2 constants for BN254. If I'm not mistaken, the sage script in the standard (find_z_svdw(Fp2, 0, 3/(u+9)) where Fp2.<u>=GF(p^2,modulus=[1,0,1]) and p=0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) outputs Z=1 which is Z.A0=1 and not Z.A1=1. So the constants should be instead:

    Z.A0.SetString("1")
    c1.A0.SetString("19485874751759354771024239261021720505790618469301721065564631296452457478374")
    c1.A1.SetString("266929791119991161246907387137283842545076965332900288569378510910307636690")
    c2.A0.SetString("10944121435919637611123202872628637544348155578648911831344518947322613104291")
    c3.A0.SetString("2896050631867192331397261833972217924632033787908606332265566319765989907291")
    c3.A1.SetString("69234539592135073670822051309638369246835028322499721100120497037563571475")
    c4.A0.SetString("10499238450719652342378357227399831140106360636427411350395554762472100376473")
    c4.A1.SetString("6940174569119770192419592065569379906172001098655407502803841283667998553941")

I checked these locally and the tests pass except the test vectors of course which should be regenerated accordingly.

@Tabaie can you please double check this?

@yelhousni yelhousni merged commit 67da2d1 into develop Jun 6, 2022
@yelhousni yelhousni deleted the tests/bn254-vectors branch June 6, 2022 11:01
@gbotrel gbotrel mentioned this pull request Aug 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yelhousni yelhousni yelhousni approved these changes

@gbotrel gbotrel gbotrel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tabaie @gbotrel @yelhousni