From 5be98ccd6e255f72b99fb063e41d40dc65000031 Mon Sep 17 00:00:00 2001 From: Davide Galassi Date: Wed, 10 Jul 2024 11:32:39 +0200 Subject: [PATCH] TAI hash to curve now uses Suite::Codec for decoding point (#25) --- ...dersnatch_ed_sha512_ell2_ietf_vectors.json | 6 --- ...natch_ed_sha512_ell2_pedersen_vectors.json | 6 --- ...ndersnatch_sw_sha512_tai_ietf_vectors.json | 6 --- ...snatch_sw_sha512_tai_pedersen_vectors.json | 6 --- data/ed25519_sha512_tai_ietf_vectors.json | 6 --- data/ed25519_sha512_tai_pedersen_vectors.json | 6 --- data/secp256_sha256_tai_ietf_vectors.json | 26 +++++------- ...p256_sha256_tai_ietf_vectors_rfc_9381.json | 12 +++--- ...secp256r1_sha256_tai_pedersen_vectors.json | 42 ++++++++----------- src/arkworks/elligator2.rs | 7 +--- src/codec.rs | 26 ++++++------ src/ietf.rs | 3 -- src/lib.rs | 8 +++- src/pedersen.rs | 9 ++-- src/ring.rs | 2 +- src/suites/bandersnatch.rs | 1 - src/testing.rs | 20 ++------- src/utils.rs | 19 +++++---- 18 files changed, 73 insertions(+), 138 deletions(-) diff --git a/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json b/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json index 414b65a..8c32dd2 100644 --- a/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json +++ b/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Bandersnatch_SHA-512_ELL2 - vector-1", - "flags": "00", "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17", "pk": "76adde367eebc8b21f7ef37e327243a77e34e30f9a211fda05409b49f16f3473", "alpha": "", @@ -14,7 +13,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-2", - "flags": "00", "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18", "pk": "a1b1da71cc4682e159b7da23050d8b6261eb11a3247c89b07ef56ccd002fd38b", "alpha": "0a", @@ -27,7 +25,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-3", - "flags": "00", "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15", "pk": "5ebfe047f421e1a3e1d9bbb163839812657bbb3e4ffe9856a725b2b405844cf3", "alpha": "", @@ -40,7 +37,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-4", - "flags": "00", "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14", "pk": "9d97151298a5339866ddd3539d16696e19e6b68ac731562c807fe63a1ca49506", "alpha": "73616d706c65", @@ -53,7 +49,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-5", - "flags": "00", "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407", "pk": "dc2de7312c2850a9f6c103289c64fbd76e2ebd2fa8b5734708eb2c76c0fb2d99", "alpha": "42616e646572736e6174636820766563746f72", @@ -66,7 +61,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-6", - "flags": "00", "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302", "pk": "decb0151cbeb49f76f10419ab6a96242bdc87baac8a474e5161123de4304ac29", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json b/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json index a667fec..9f1ffad 100644 --- a/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json +++ b/data/bandersnatch_ed_sha512_ell2_pedersen_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Bandersnatch_SHA-512_ELL2 - vector-1", - "flags": "00", "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17", "pk": "76adde367eebc8b21f7ef37e327243a77e34e30f9a211fda05409b49f16f3473", "alpha": "", @@ -18,7 +17,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-2", - "flags": "00", "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18", "pk": "a1b1da71cc4682e159b7da23050d8b6261eb11a3247c89b07ef56ccd002fd38b", "alpha": "0a", @@ -35,7 +33,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-3", - "flags": "00", "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15", "pk": "5ebfe047f421e1a3e1d9bbb163839812657bbb3e4ffe9856a725b2b405844cf3", "alpha": "", @@ -52,7 +49,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-4", - "flags": "00", "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14", "pk": "9d97151298a5339866ddd3539d16696e19e6b68ac731562c807fe63a1ca49506", "alpha": "73616d706c65", @@ -69,7 +65,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-5", - "flags": "00", "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407", "pk": "dc2de7312c2850a9f6c103289c64fbd76e2ebd2fa8b5734708eb2c76c0fb2d99", "alpha": "42616e646572736e6174636820766563746f72", @@ -86,7 +81,6 @@ }, { "comment": "Bandersnatch_SHA-512_ELL2 - vector-6", - "flags": "00", "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302", "pk": "decb0151cbeb49f76f10419ab6a96242bdc87baac8a474e5161123de4304ac29", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/bandersnatch_sw_sha512_tai_ietf_vectors.json b/data/bandersnatch_sw_sha512_tai_ietf_vectors.json index 312b32f..6260494 100644 --- a/data/bandersnatch_sw_sha512_tai_ietf_vectors.json +++ b/data/bandersnatch_sw_sha512_tai_ietf_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-1", - "flags": "00", "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17", "pk": "f55a48e6befa22dc42007ec6d5bf83620d8f794901f42b18c10a4f7a6176985280", "alpha": "", @@ -14,7 +13,6 @@ }, { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-2", - "flags": "00", "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18", "pk": "fd72a90d1eeba6733824e76bb31991b8108d6562756b85f244333e3c7205225200", "alpha": "0a", @@ -27,7 +25,6 @@ }, { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-3", - "flags": "00", "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15", "pk": "e30eae606d21dff460cdaecfc9bfcd2e319628ccc0242f3ca21f2d5c940ba41680", "alpha": "", @@ -40,7 +37,6 @@ }, { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-4", - "flags": "00", "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14", "pk": "2a00e5a32e2f097858a1a4a73cf5c2fb4e6d375a4ea4cc3ae3e91660eade850c80", "alpha": "73616d706c65", @@ -53,7 +49,6 @@ }, { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-5", - "flags": "00", "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407", "pk": "4f29d79a27b9545d7223431eb6a63776949454b16e2ac0b7a959304ce3e52b6a00", "alpha": "42616e646572736e6174636820766563746f72", @@ -66,7 +61,6 @@ }, { "comment": "Bandersnatch_SW_SHA-512_TAI - vector-6", - "flags": "00", "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302", "pk": "e58e8ba2e99035fb7ae11fa14e2a609d6d13679278dac63ebee64ca8612ffa1480", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json b/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json index 84334bf..03646b3 100644 --- a/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json +++ b/data/bandersnatch_sw_sha512_tai_pedersen_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Bandersnatch_SHA-512_TAI - vector-1", - "flags": "00", "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17", "pk": "f55a48e6befa22dc42007ec6d5bf83620d8f794901f42b18c10a4f7a6176985280", "alpha": "", @@ -18,7 +17,6 @@ }, { "comment": "Bandersnatch_SHA-512_TAI - vector-2", - "flags": "00", "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18", "pk": "fd72a90d1eeba6733824e76bb31991b8108d6562756b85f244333e3c7205225200", "alpha": "0a", @@ -35,7 +33,6 @@ }, { "comment": "Bandersnatch_SHA-512_TAI - vector-3", - "flags": "00", "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15", "pk": "e30eae606d21dff460cdaecfc9bfcd2e319628ccc0242f3ca21f2d5c940ba41680", "alpha": "", @@ -52,7 +49,6 @@ }, { "comment": "Bandersnatch_SHA-512_TAI - vector-4", - "flags": "00", "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14", "pk": "2a00e5a32e2f097858a1a4a73cf5c2fb4e6d375a4ea4cc3ae3e91660eade850c80", "alpha": "73616d706c65", @@ -69,7 +65,6 @@ }, { "comment": "Bandersnatch_SHA-512_TAI - vector-5", - "flags": "00", "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407", "pk": "4f29d79a27b9545d7223431eb6a63776949454b16e2ac0b7a959304ce3e52b6a00", "alpha": "42616e646572736e6174636820766563746f72", @@ -86,7 +81,6 @@ }, { "comment": "Bandersnatch_SHA-512_TAI - vector-6", - "flags": "00", "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302", "pk": "e58e8ba2e99035fb7ae11fa14e2a609d6d13679278dac63ebee64ca8612ffa1480", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/ed25519_sha512_tai_ietf_vectors.json b/data/ed25519_sha512_tai_ietf_vectors.json index b8670a5..16b0d1e 100644 --- a/data/ed25519_sha512_tai_ietf_vectors.json +++ b/data/ed25519_sha512_tai_ietf_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Ed25519_SHA-512_TAI - vector-1", - "flags": "00", "sk": "b48e913135c9b4f3b1f827e9078b194cc22e2081e8658a515961ee7f5b4e8206", "pk": "6df1619a1ef5fc4e53a03ddb1c26f568978415612eae3a3072370898bcd4ba21", "alpha": "", @@ -14,7 +13,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-2", - "flags": "00", "sk": "fc4722b3efeadcfa8b437f6e34f71c50a240bd2e66b958c5c17519cc9d936906", "pk": "bf512469e7f9b766bf5c75e47e84fda3ec887bd24d79b9165c19e01a88fe5ff2", "alpha": "0a", @@ -27,7 +25,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-3", - "flags": "00", "sk": "3ed3f4d0fadb42cb77d42a7ea57def2bad464bd1ae0c896dd077c04358415c04", "pk": "a9a4b61b52db164253147e0c5bd20852d7ab4763e996d0117febccbc7a1abbd6", "alpha": "", @@ -40,7 +37,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-4", - "flags": "00", "sk": "a665fa5af45ab71a60a6b667bc995423d5ee43197a5fd93b16f761cf0bdf0407", "pk": "0b33325148327641856fde36d56aaf2cb1e4959824bb0916517160d402973bc5", "alpha": "73616d706c65", @@ -53,7 +49,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-5", - "flags": "00", "sk": "9a150e5caf622cc949d95af8980d458b551ab394d52ba49759433b4d04d9f703", "pk": "cf2d35428c1e329dfbd5ce3a6aafd8cffe31c6a0685471f59f5cddec0725483a", "alpha": "42616e646572736e6174636820766563746f72", @@ -66,7 +61,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-6", - "flags": "00", "sk": "03cb98147455ef9db48d9f1ca758d8047f43ed4320909800d849522444b52502", "pk": "465a022ab19f37d3586489ae08808b23d39844fd321735d6573c089b12202d1a", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/ed25519_sha512_tai_pedersen_vectors.json b/data/ed25519_sha512_tai_pedersen_vectors.json index 90db043..96d20d2 100644 --- a/data/ed25519_sha512_tai_pedersen_vectors.json +++ b/data/ed25519_sha512_tai_pedersen_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "Ed25519_SHA-512_TAI - vector-1", - "flags": "00", "sk": "b48e913135c9b4f3b1f827e9078b194cc22e2081e8658a515961ee7f5b4e8206", "pk": "6df1619a1ef5fc4e53a03ddb1c26f568978415612eae3a3072370898bcd4ba21", "alpha": "", @@ -18,7 +17,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-2", - "flags": "00", "sk": "fc4722b3efeadcfa8b437f6e34f71c50a240bd2e66b958c5c17519cc9d936906", "pk": "bf512469e7f9b766bf5c75e47e84fda3ec887bd24d79b9165c19e01a88fe5ff2", "alpha": "0a", @@ -35,7 +33,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-3", - "flags": "00", "sk": "3ed3f4d0fadb42cb77d42a7ea57def2bad464bd1ae0c896dd077c04358415c04", "pk": "a9a4b61b52db164253147e0c5bd20852d7ab4763e996d0117febccbc7a1abbd6", "alpha": "", @@ -52,7 +49,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-4", - "flags": "00", "sk": "a665fa5af45ab71a60a6b667bc995423d5ee43197a5fd93b16f761cf0bdf0407", "pk": "0b33325148327641856fde36d56aaf2cb1e4959824bb0916517160d402973bc5", "alpha": "73616d706c65", @@ -69,7 +65,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-5", - "flags": "00", "sk": "9a150e5caf622cc949d95af8980d458b551ab394d52ba49759433b4d04d9f703", "pk": "cf2d35428c1e329dfbd5ce3a6aafd8cffe31c6a0685471f59f5cddec0725483a", "alpha": "42616e646572736e6174636820766563746f72", @@ -86,7 +81,6 @@ }, { "comment": "Ed25519_SHA-512_TAI - vector-6", - "flags": "00", "sk": "03cb98147455ef9db48d9f1ca758d8047f43ed4320909800d849522444b52502", "pk": "465a022ab19f37d3586489ae08808b23d39844fd321735d6573c089b12202d1a", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/secp256_sha256_tai_ietf_vectors.json b/data/secp256_sha256_tai_ietf_vectors.json index 87c4a34..12d723d 100644 --- a/data/secp256_sha256_tai_ietf_vectors.json +++ b/data/secp256_sha256_tai_ietf_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "secp256r1_SHA-256_TAI - vector-1", - "flags": "00", "sk": "1da0af1706a31185763837b33f1d90782c0a78bbe644a59c987ab3ff9c0b346e", "pk": "0279c7e97a3a7fd19265b046236c4216c19cc9a9e0f16b890295cffb5a1cc990f1", "alpha": "", @@ -14,7 +13,6 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-2", - "flags": "00", "sk": "9a4585773ce2ccd7a585c331d60a60d1e3b7d28cbb2ede3bc55445342f12f54b", "pk": "0218e11f9ef92fa3929aa8f078d2e73b58f0ac7d6f274e222b8515c7b0140138be", "alpha": "0a", @@ -27,20 +25,18 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-3", - "flags": "00", "sk": "86d9576498ea764b49243efeb05df625010438c6a55d5b578de4ff00c9b4c1db", "pk": "03a47366bc18483e02261117304cdf77cc95f234c16d11a8356dc4514a7adaf120", "alpha": "", "ad": "0b8c", - "h": "03b90c05c10ddbfdafda6a964012946641737f888b90c930abdd2454c568f73d70", - "gamma": "03c572767b190538c104182dfac985cd58430074f0db24305f4006d896c93b96c7", - "beta": "d06d1139d2f0199b36d48b8d4980421e3d98504442e475c1760dcbbd19d27543", - "proof_c": "4b5b11f3b418095a5d02f835a283cc99", - "proof_s": "78bd588629d7dbfa7909384fc55590443f7d72996655ca933bf5979ccf342e14" + "h": "02b90c05c10ddbfdafda6a964012946641737f888b90c930abdd2454c568f73d70", + "gamma": "02c572767b190538c104182dfac985cd58430074f0db24305f4006d896c93b96c7", + "beta": "478e767539cb216ca6c8a545cc4749ee08d90d7bca54d4d92286c90ae31ef31e", + "proof_c": "e8c2ce765ffa672f0c83213c3dc3cf86", + "proof_s": "4edec2aebfda44486302eb57c29f1b3074266b82a5b66069aea8d06e7480075f" }, { "comment": "secp256r1_SHA-256_TAI - vector-4", - "flags": "00", "sk": "c529ffad9a5ab61162b11d616b639e00586ba846746a197d4daf78b908ed4f08", "pk": "02d984ff7d61ba3a11d8ade6cea6ba949fba3bbcf841506cf8c3a7b6e1bd67b926", "alpha": "73616d706c65", @@ -53,20 +49,18 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-5", - "flags": "00", "sk": "719ec881a39ca062f09262ff75fc8a06d6cb91ad078c4d344723508c509c2de5", "pk": "02c8f77b17ec60330366b9e148dfa565a7c8d6a0768e5737786722e3c85a5ff054", "alpha": "42616e646572736e6174636820766563746f72", "ad": "", - "h": "039edace829d35ef117e135c8b81b5b00a0d3c9f24a349761fc07a7503bf048966", - "gamma": "02d7b9b206af6fae3a6225ef09701e965e5387a22eca8e1bc71c167cd53f66903a", - "beta": "0f4965be7ec48d075a0035d5d1874a05328cb9f1cbe6b4066813ebb38e46b101", - "proof_c": "ebc773f07f5a559bf176f57f83d5d80d", - "proof_s": "e0f386d45474ea6eb40ebf59e4c7e6695813b6bf4b7984db868e415d1d3432e9" + "h": "029edace829d35ef117e135c8b81b5b00a0d3c9f24a349761fc07a7503bf048966", + "gamma": "03d7b9b206af6fae3a6225ef09701e965e5387a22eca8e1bc71c167cd53f66903a", + "beta": "8ddb31c01a18db34fccd27e152d7691aab6fd377436e8d845448e00e031bf4c4", + "proof_c": "c75128a72db92539cb1a61d7c4468548", + "proof_s": "f98499f4b5e56a3e43cf6dff3c451426c419b01eb28bdeaa07a0f38d6a0db550" }, { "comment": "secp256r1_SHA-256_TAI - vector-6", - "flags": "00", "sk": "db43b75a9c05eb89ae926b7b1d5081e79def64a210f5b6bd0d0be3e99a9a7be7", "pk": "03c443ab7bbb42585044551b7efac1d9c3c8f007bdf0c325d35fde5417bbb8e11d", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/data/secp256_sha256_tai_ietf_vectors_rfc_9381.json b/data/secp256_sha256_tai_ietf_vectors_rfc_9381.json index 30a1d71..6279098 100644 --- a/data/secp256_sha256_tai_ietf_vectors_rfc_9381.json +++ b/data/secp256_sha256_tai_ietf_vectors_rfc_9381.json @@ -1,16 +1,16 @@ [ { - "comment": "secp256r1_sha256_tai - rfc-9381-vector-10 (Spec typos: gamma, h. Skip proof)", - "flags": "01", + "comment": "secp256r1_sha256_tai - rfc-9381-vector-10", + "flags": "00", "sk": "c9afa9d845ba75166b5c215767b1d6934e50c3db36e89b127b8a622b120f6721", "pk": "0360fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6", "alpha": "73616D706C65", "ad": "", - "h": "0372a877532e9ac193aff4401234266f59900a4a9e3fc3cfc6a4b7e467a15d06d4", - "gamma": "025b5c726e8c0e2c488a107c600578ee75cb702343c153cb1eb8dec77f4b5071b4", + "h": "0272a877532e9ac193aff4401234266f59900a4a9e3fc3cfc6a4b7e467a15d06d4", + "gamma": "035b5c726e8c0e2c488a107c600578ee75cb702343c153cb1eb8dec77f4b5071b4", "beta": "a3ad7b0ef73d8fc6655053ea22f9bede8c743f08bbed3d38821f0e16474b505e", - "proof_c": "", - "proof_s": "" + "proof_c": "a53f0a46f018bc2c56e58d383f2305e0", + "proof_s": "975972c26feea0eb122fe7893c15af376b33edf7de17c6ea056d4d82de6bc02f" }, { "comment": "secp256r1_sha256_tai - rfc-9381-vector-11", diff --git a/data/secp256r1_sha256_tai_pedersen_vectors.json b/data/secp256r1_sha256_tai_pedersen_vectors.json index e4857fe..1d061af 100644 --- a/data/secp256r1_sha256_tai_pedersen_vectors.json +++ b/data/secp256r1_sha256_tai_pedersen_vectors.json @@ -1,7 +1,6 @@ [ { "comment": "secp256r1_SHA-256_TAI - vector-1", - "flags": "00", "sk": "1da0af1706a31185763837b33f1d90782c0a78bbe644a59c987ab3ff9c0b346e", "pk": "0279c7e97a3a7fd19265b046236c4216c19cc9a9e0f16b890295cffb5a1cc990f1", "alpha": "", @@ -18,7 +17,6 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-2", - "flags": "00", "sk": "9a4585773ce2ccd7a585c331d60a60d1e3b7d28cbb2ede3bc55445342f12f54b", "pk": "0218e11f9ef92fa3929aa8f078d2e73b58f0ac7d6f274e222b8515c7b0140138be", "alpha": "0a", @@ -35,24 +33,22 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-3", - "flags": "00", "sk": "86d9576498ea764b49243efeb05df625010438c6a55d5b578de4ff00c9b4c1db", "pk": "03a47366bc18483e02261117304cdf77cc95f234c16d11a8356dc4514a7adaf120", "alpha": "", "ad": "0b8c", - "h": "03b90c05c10ddbfdafda6a964012946641737f888b90c930abdd2454c568f73d70", - "gamma": "03c572767b190538c104182dfac985cd58430074f0db24305f4006d896c93b96c7", - "beta": "d06d1139d2f0199b36d48b8d4980421e3d98504442e475c1760dcbbd19d27543", - "blinding": "267f2602fef66c7c5f478c119725d0949e6da40ba328a2ebd02b3022bea0da15", - "proof_pkb": "02e4b4be17a94323acb303b1608007ff2d618aa7c763d19cfcc1f8d169003d4d77", - "proof_r": "0302219065936edc9873404a33f9e1c050bdaf488836e80c08338f079d9d396a46", - "proof_ok": "0228eb7b416d1c8c3560c56e76801bead1cfad391296c9854fd618c86f4baa2ded", - "proof_s": "9b0f07867f5d5417b9bf396aeba563f41c7b815cb3167b4de7075d5651397ff8", - "proof_sb": "54744bc41c3149a203419f0b62645065f5144ed9c3d7c90d2337739c560d1357" + "h": "02b90c05c10ddbfdafda6a964012946641737f888b90c930abdd2454c568f73d70", + "gamma": "02c572767b190538c104182dfac985cd58430074f0db24305f4006d896c93b96c7", + "beta": "478e767539cb216ca6c8a545cc4749ee08d90d7bca54d4d92286c90ae31ef31e", + "blinding": "e4fea845f9e5d999420f0bd7522dad8e67514f6a8666c31c0670aad2cabbf64d", + "proof_pkb": "0304aa8ce127cbf59b9a35f86970d51ca309d2a4dd89677a58fcf0b2aa5d0c5b89", + "proof_r": "023ac777c2b8b40a88d2a9412a7ec916410d77047dfeaa1d9caf7284f386d34839", + "proof_ok": "0240f062739e3f6bcf7bb190823296b59113314364afcfb5a1adcceb6b0d417778", + "proof_s": "7d3e421f6d59bb5b1e67bd4e9f60395fb3d7ce004a8770d06811e7501b75cf22", + "proof_sb": "5b464636bd968da1cbe4489aef873275b1d4f88d26193c5e76aaf097adfaac2e" }, { "comment": "secp256r1_SHA-256_TAI - vector-4", - "flags": "00", "sk": "c529ffad9a5ab61162b11d616b639e00586ba846746a197d4daf78b908ed4f08", "pk": "02d984ff7d61ba3a11d8ade6cea6ba949fba3bbcf841506cf8c3a7b6e1bd67b926", "alpha": "73616d706c65", @@ -69,24 +65,22 @@ }, { "comment": "secp256r1_SHA-256_TAI - vector-5", - "flags": "00", "sk": "719ec881a39ca062f09262ff75fc8a06d6cb91ad078c4d344723508c509c2de5", "pk": "02c8f77b17ec60330366b9e148dfa565a7c8d6a0768e5737786722e3c85a5ff054", "alpha": "42616e646572736e6174636820766563746f72", "ad": "", - "h": "039edace829d35ef117e135c8b81b5b00a0d3c9f24a349761fc07a7503bf048966", - "gamma": "02d7b9b206af6fae3a6225ef09701e965e5387a22eca8e1bc71c167cd53f66903a", - "beta": "0f4965be7ec48d075a0035d5d1874a05328cb9f1cbe6b4066813ebb38e46b101", - "blinding": "7dd262a8e3c26c9d482e45a70b77d0468be3c43276b97f0a47ab9eb43e58528f", - "proof_pkb": "033b74e1df4e23a65eaf1ecd3aa67fb814db4bb95d6fa1b091517bece609a6d4dd", - "proof_r": "03c745db39af896f517b01dd7ce2474cad706d3277670c75d3ab5de8ae0435fc70", - "proof_ok": "033052d146359ff6a0d79adf804067c3ec75b0b4311f7c9ed8e6a88b1d0523196f", - "proof_s": "c4cb4fad698c0171bd18adf93d19b692f9eca7fd7abeebaf2e8a78e9d43e51ea", - "proof_sb": "e1d233dc531f740604db8f034b02960d60ea6ef2ad6021e2befe4ed528816695" + "h": "029edace829d35ef117e135c8b81b5b00a0d3c9f24a349761fc07a7503bf048966", + "gamma": "03d7b9b206af6fae3a6225ef09701e965e5387a22eca8e1bc71c167cd53f66903a", + "beta": "8ddb31c01a18db34fccd27e152d7691aab6fd377436e8d845448e00e031bf4c4", + "blinding": "0600b465346eca73621da1064065d4f926a45b264ecf108b52977af77c3a8012", + "proof_pkb": "02f68470b9073ada2829da484d8467b8cd04122b68d0f5392c254835985cddf573", + "proof_r": "03cdf7fe38bf14ea59d747216877ef48ec87b9889e7adb1301611089df4be5ff24", + "proof_ok": "0321e072c35510b1624d65f6fde7241cad651387fb423289ce707948b5ffcb38c8", + "proof_s": "e86155a67cf9b6e6cd390dfc261d9ed8aa9d3d8b25034e04f50d52a00fa7923f", + "proof_sb": "2c7f4943877f2929720f17ea313f8e84a407aac30d5ad8d9b27994b63de30853" }, { "comment": "secp256r1_SHA-256_TAI - vector-6", - "flags": "00", "sk": "db43b75a9c05eb89ae926b7b1d5081e79def64a210f5b6bd0d0be3e99a9a7be7", "pk": "03c443ab7bbb42585044551b7efac1d9c3c8f007bdf0c325d35fde5417bbb8e11d", "alpha": "42616e646572736e6174636820766563746f72", diff --git a/src/arkworks/elligator2.rs b/src/arkworks/elligator2.rs index d88f65b..e1f6756 100644 --- a/src/arkworks/elligator2.rs +++ b/src/arkworks/elligator2.rs @@ -5,12 +5,7 @@ //! - Elligator2 hash-to-curve for Bandersnatch: https://github.com/arkworks-rs/algebra/pull/758 use ark_ec::{ - hashing::{ - // TODO: this looks identical to the one introduced by #659 - curve_maps::swu::parity, - map_to_curve_hasher::MapToCurve, - HashToCurveError, - }, + hashing::{curve_maps::swu::parity, map_to_curve_hasher::MapToCurve, HashToCurveError}, twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig}, }; use ark_ff::{Field, One, Zero}; diff --git a/src/codec.rs b/src/codec.rs index fdd6a10..a6d9dc5 100644 --- a/src/codec.rs +++ b/src/codec.rs @@ -10,7 +10,7 @@ pub trait Codec { fn point_encode(pt: &AffinePoint, buf: &mut Vec); /// Point decode. - fn point_decode(buf: &[u8]) -> AffinePoint; + fn point_decode(buf: &[u8]) -> Result, Error>; /// Scalar encode fn scalar_encode(sc: &ScalarField, buf: &mut Vec); @@ -31,8 +31,8 @@ impl Codec for ArkworksCodec { pt.serialize_compressed(buf).unwrap(); } - fn point_decode(buf: &[u8]) -> AffinePoint { - AffinePoint::::deserialize_compressed(buf).unwrap() + fn point_decode(buf: &[u8]) -> Result, Error> { + AffinePoint::::deserialize_compressed_unchecked(buf).map_err(Into::into) } fn scalar_encode(sc: &ScalarField, buf: &mut Vec) { @@ -76,26 +76,28 @@ where buf.extend_from_slice(&tmp[..]); } - fn point_decode(buf: &[u8]) -> AffinePoint { + fn point_decode(buf: &[u8]) -> Result, Error> { use ark_ff::biginteger::BigInteger; use utils::SWMapping; type SWAffine = ark_ec::short_weierstrass::Affine; + if buf.len() == 1 && buf[0] == 0x00 { - return AffinePoint::::zero(); + return Ok(AffinePoint::::zero()); } - let mut tmp = buf.to_vec(); - tmp.reverse(); - let y_flag = tmp.pop().unwrap(); + let mut buf = buf.to_vec(); + buf.reverse(); + let y_flag = buf.pop().unwrap(); - let x = BaseField::::deserialize_compressed(&mut &tmp[..]).unwrap(); - let (y1, y2) = SWAffine::>::get_ys_from_x_unchecked(x).unwrap(); + let x = BaseField::::deserialize_compressed(&mut &buf[..])?; + let (y1, y2) = + SWAffine::>::get_ys_from_x_unchecked(x).ok_or(Error::InvalidData)?; let y = if ((y_flag & 0x01) != 0) == y1.into_bigint().is_odd() { y1 } else { y2 }; let sw = SWAffine::>::new_unchecked(x, y); - AffinePoint::::from_sw(sw) + Ok(AffinePoint::::from_sw(sw)) } fn scalar_encode(sc: &ScalarField, buf: &mut Vec) { @@ -118,7 +120,7 @@ pub fn point_encode(pt: &AffinePoint) -> Vec { } /// Point decoder wrapper using `Suite::Codec`. -pub fn point_decode(buf: &[u8]) -> AffinePoint { +pub fn point_decode(buf: &[u8]) -> Result, Error> { S::Codec::point_decode(buf) } diff --git a/src/ietf.rs b/src/ietf.rs index 7b4d5aa..ccc3938 100644 --- a/src/ietf.rs +++ b/src/ietf.rs @@ -205,9 +205,6 @@ pub mod testing { fn run(&self) { self.base.run(); - if self.base.flags & common::TEST_FLAG_SKIP_PROOF_CHECK != 0 { - return; - } let input = Input::::from(self.base.h); let output = Output::from(self.base.gamma); let sk = Secret::from_scalar(self.base.sk); diff --git a/src/lib.rs b/src/lib.rs index e8990d5..bd84179 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -59,7 +59,13 @@ pub enum Error { /// Verification error(s) VerificationFailure, /// Bad input data - BadInputData, + InvalidData, +} + +impl From for Error { + fn from(_err: ark_serialize::SerializationError) -> Self { + Error::InvalidData + } } /// Defines a cipher suite. diff --git a/src/pedersen.rs b/src/pedersen.rs index b8a33a1..e336bfa 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -199,9 +199,9 @@ pub mod testing { fn from_map(map: &common::TestVectorMap) -> Self { let base = common::TestVector::from_map(map); let blind = codec::scalar_decode::(&map.item_bytes("blinding")); - let pk_blind = codec::point_decode::(&map.item_bytes("proof_pkb")); - let r = codec::point_decode::(&map.item_bytes("proof_r")); - let ok = codec::point_decode::(&map.item_bytes("proof_ok")); + let pk_blind = codec::point_decode::(&map.item_bytes("proof_pkb")).unwrap(); + let r = codec::point_decode::(&map.item_bytes("proof_r")).unwrap(); + let ok = codec::point_decode::(&map.item_bytes("proof_ok")).unwrap(); let s = codec::scalar_decode::(&map.item_bytes("proof_s")); let sb = codec::scalar_decode::(&map.item_bytes("proof_sb")); let proof = Proof { @@ -250,9 +250,6 @@ pub mod testing { fn run(&self) { self.base.run(); - if self.base.flags & common::TEST_FLAG_SKIP_PROOF_CHECK != 0 { - return; - } let input = Input::::from(self.base.h); let output = Output::from(self.base.gamma); let sk = Secret::from_scalar(self.base.sk); diff --git a/src/ring.rs b/src/ring.rs index 4e7f7d2..1ddef72 100644 --- a/src/ring.rs +++ b/src/ring.rs @@ -178,7 +178,7 @@ where let domain_size = domain_size(ring_size); if pcs_params.powers_in_g1.len() < 3 * domain_size + 1 || pcs_params.powers_in_g2.len() < 2 { - return Err(Error::BadInputData); + return Err(Error::InvalidData); } // Keep only the required powers of tau. pcs_params.powers_in_g1.truncate(3 * domain_size + 1); diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs index d20e777..35a777a 100644 --- a/src/suites/bandersnatch.rs +++ b/src/suites/bandersnatch.rs @@ -136,7 +136,6 @@ pub mod edwards { fn data_to_point(data: &[u8]) -> Option { // "XMD" for expand_message_xmd (Section 5.3.1). // "RO" for random oracle (Section 3 - hash_to_curve method) - // TODO: prepend `encode_to_curve_salt` (i.e. pk) let h2c_suite_id = b"Bandersnatch_XMD:SHA-512_ELL2_RO_"; utils::hash_to_curve_ell2_rfc_9380::(data, h2c_suite_id) } diff --git a/src/testing.rs b/src/testing.rs index 91d921a..9c8ed6b 100644 --- a/src/testing.rs +++ b/src/testing.rs @@ -165,7 +165,6 @@ impl core::fmt::Debug for TestVector { let beta = hex::encode(&self.beta); f.debug_struct("TestVector") .field("comment", &self.comment) - .field("flags", &self.flags) .field("sk", &sk) .field("pk", &pk) .field("alpha", &alpha) @@ -205,7 +204,6 @@ pub trait TestVectorTrait { pub struct TestVector { pub comment: String, - pub flags: u8, pub sk: ScalarField, pub pk: AffinePoint, pub alpha: Vec, @@ -215,8 +213,6 @@ pub struct TestVector { pub beta: Vec, } -pub const TEST_FLAG_SKIP_PROOF_CHECK: u8 = 1 << 0; - impl TestVectorTrait for TestVector { fn new( comment: &str, @@ -251,24 +247,21 @@ impl TestVectorTrait for TestVector { h, gamma, beta, - flags, } } fn from_map(map: &TestVectorMap) -> Self { let item_bytes = |field| hex::decode(map.0.get(field).unwrap()).unwrap(); let comment = map.0.get("comment").unwrap().to_string(); - let flags = item_bytes("flags")[0]; let sk = codec::scalar_decode::(&item_bytes("sk")); - let pk = codec::point_decode::(&item_bytes("pk")); + let pk = codec::point_decode::(&item_bytes("pk")).unwrap(); let alpha = item_bytes("alpha"); let ad = item_bytes("ad"); - let h = codec::point_decode::(&item_bytes("h")); - let gamma = codec::point_decode::(&item_bytes("gamma")); + let h = codec::point_decode::(&item_bytes("h")).unwrap(); + let gamma = codec::point_decode::(&item_bytes("gamma")).unwrap(); let beta = item_bytes("beta"); Self { comment, - flags, sk, pk, alpha, @@ -282,7 +275,6 @@ impl TestVectorTrait for TestVector { fn to_map(&self) -> TestVectorMap { let items = [ ("comment", self.comment.clone()), - ("flags", hex::encode([self.flags])), ("sk", hex::encode(codec::scalar_encode::(&self.sk))), ("pk", hex::encode(codec::point_encode::(&self.pk))), ("alpha", hex::encode(&self.alpha)), @@ -290,8 +282,6 @@ impl TestVectorTrait for TestVector { ("h", hex::encode(codec::point_encode::(&self.h))), ("gamma", hex::encode(codec::point_encode::(&self.gamma))), ("beta", hex::encode(&self.beta)), - // ("proof_c", hex::encode(utils::encode_scalar::(&v.c))), - // ("proof_s", hex::encode(utils::encode_scalar::(&v.s))), ]; let map: indexmap::IndexMap = items.into_iter().map(|(k, v)| (k.to_string(), v)).collect(); @@ -318,10 +308,6 @@ impl TestVectorTrait for TestVector { let output = sk.output(input); assert_eq!(self.gamma, output.0, "VRF pre-output ('gamma') mismatch"); - if self.flags & TEST_FLAG_SKIP_PROOF_CHECK != 0 { - return; - } - let beta = output.hash().to_vec(); assert_eq!(self.beta, beta, "VRF output ('beta') mismatch"); } diff --git a/src/utils.rs b/src/utils.rs index ae67c03..a1d4393 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -71,7 +71,6 @@ pub(crate) fn hmac(sk: &[u8], data: pub fn hash_to_curve_tai_rfc_9381(data: &[u8]) -> Option> { use ark_ec::AffineRepr; use ark_ff::Field; - use ark_serialize::CanonicalDeserialize; const DOM_SEP_FRONT: u8 = 0x01; const DOM_SEP_BACK: u8 = 0x00; @@ -89,14 +88,16 @@ pub fn hash_to_curve_tai_rfc_9381(data: &[u8]) -> Option(&buf).to_vec(); + + let mut buf = hash::(&buf).to_vec(); + // TODO: remove this hack at some point! + // Maybe we can just leave `buf` "as-is", and introduce a default behavior in + // `point_decode` where, if flag is missing, then use the default one (e.g. 0x02). if S::Codec::BIG_ENDIAN { - hash.reverse(); + buf.insert(0, 0x02); } - // TODO: flags? Must be pushed before reversing! - hash.push(0x00); - if let Ok(pt) = AffinePoint::::deserialize_compressed_unchecked(&hash[..]) { + if let Ok(pt) = codec::point_decode::(&buf[..]) { let pt = pt.clear_cofactor(); if !pt.is_zero() { return Some(pt); @@ -146,7 +147,7 @@ where Some(res) } -/// Challenge generation according to RFC 9381 section 5.4.3. +/// Challenge generation according to RFC-9381 section 5.4.3. pub fn challenge_rfc_9381(pts: &[&AffinePoint], ad: &[u8]) -> ScalarField { const DOM_SEP_START: u8 = 0x02; const DOM_SEP_END: u8 = 0x00; @@ -160,7 +161,7 @@ pub fn challenge_rfc_9381(pts: &[&AffinePoint], ad: &[u8]) -> Scala ScalarField::::from_be_bytes_mod_order(hash) } -/// Point to a hash according to RFC 9381 section . +/// Point to a hash according to RFC-9381 section 5.2. pub fn point_to_hash_rfc_9381(pt: &AffinePoint) -> HashOutput { const DOM_SEP_START: u8 = 0x03; const DOM_SEP_END: u8 = 0x00; @@ -170,7 +171,7 @@ pub fn point_to_hash_rfc_9381(pt: &AffinePoint) -> HashOutput { hash::(&buf) } -/// Nonce generation according to RFC 9381 section 5.4.2.2. +/// Nonce generation according to RFC-9381 section 5.4.2.2. /// /// This procedure is based on section 5.1.6 of RFC 8032: "Edwards-Curve Digital /// Signature Algorithm (EdDSA)".