From 7ce48152fc3da6706fae68045758333c8233572d Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 2 Mar 2020 17:35:55 -0800 Subject: [PATCH] Adding elligator2 for edwards curves. --- benches/curve.rs | 7 ++- benches/field.rs | 7 ++- benches/h2c.rs | 4 +- examples/call01.rs | 32 +++++++++---- src/edwards/elligator2.rs | 31 ++++++++---- src/edwards/mod.rs | 2 + src/{h2c/mod.rs => h2c.rs} | 8 ++-- src/instances/mod.rs | 1 + src/instances/mont.rs | 2 +- src/instances/rational_maps.rs | 87 +++++++++++++++++++++++++++++++++- src/instances/ted.rs | 2 +- src/instances/weier.rs | 2 +- src/lib.rs | 3 +- src/ops.rs | 24 ++++++---- src/{h2c => }/suites/mod.rs | 15 +++--- src/{h2c => }/suites/mont.rs | 4 +- src/{h2c => }/suites/ted.rs | 38 +++++++-------- src/{h2c => }/suites/weier.rs | 4 +- 18 files changed, 195 insertions(+), 78 deletions(-) rename src/{h2c/mod.rs => h2c.rs} (92%) rename src/{h2c => }/suites/mod.rs (72%) rename src/{h2c => }/suites/mont.rs (94%) rename src/{h2c => }/suites/ted.rs (72%) rename src/{h2c => }/suites/weier.rs (96%) diff --git a/benches/curve.rs b/benches/curve.rs index 0e81ebf..cf4a1d6 100644 --- a/benches/curve.rs +++ b/benches/curve.rs @@ -4,17 +4,16 @@ use crate::num_bigint::BigInt; use criterion::{criterion_group, criterion_main, Benchmark, Criterion}; use redox_ecc::ellipticcurve::EllipticCurve; -use redox_ecc::weierstrass; -use redox_ecc::weierstrass::{P256, P384, P521}; +use redox_ecc::instances::{P256, P384, P521}; fn arith(c: &mut Criterion) { for id in [P256, P384, P521].iter() { - let ec = weierstrass::Curve::from(*id); + let ec = id.get(); let mut g0 = ec.get_generator(); let mut g1 = g0.clone(); let k = ec.new_scalar(BigInt::from(-1)); c.bench( - format!("{}/ec", id).as_str(), + format!("{}/ec", id.0.name).as_str(), Benchmark::new("add", move |b| b.iter(|| g0 = &g0 + &g0)) .with_function("mul", move |b| b.iter(|| g1 = &k * &g1)) .sample_size(10), diff --git a/benches/field.rs b/benches/field.rs index 989cef3..2148273 100644 --- a/benches/field.rs +++ b/benches/field.rs @@ -1,12 +1,11 @@ use criterion::{criterion_group, criterion_main, Benchmark, Criterion}; use redox_ecc::field::FromFactory; -use redox_ecc::weierstrass; -use redox_ecc::weierstrass::{P256, P384, P521}; +use redox_ecc::instances::{P256, P384, P521}; fn arith(c: &mut Criterion) { for id in [P256, P384, P521].iter() { - let ec = weierstrass::Curve::from(*id); + let ec = id.get(); let mut x0 = ec.f.from(-1i64); let mut x1 = ec.f.from(-1i64); let mut x2 = ec.f.from(-1i64); @@ -14,7 +13,7 @@ fn arith(c: &mut Criterion) { let y1 = ec.f.from(15i64); c.bench( - format!("{}/fp", id).as_str(), + format!("{}/fp", id.0.name).as_str(), Benchmark::new("add", move |b| b.iter(|| x0 = &x0 + &y0)) .with_function("mul", move |b| b.iter(|| x1 = &x1 * &y1)) .with_function("inv", move |b| b.iter(|| x2 = 1u32 / &x2)) diff --git a/benches/h2c.rs b/benches/h2c.rs index b7cbd5e..e0a8e67 100644 --- a/benches/h2c.rs +++ b/benches/h2c.rs @@ -2,8 +2,8 @@ extern crate num_bigint; use criterion::{criterion_group, criterion_main, Benchmark, Criterion}; -use redox_ecc::h2c::EncodeToCurve; -use redox_ecc::weierstrass::{P256_SHA256_SSWU_NU_, P384_SHA512_SSWU_NU_, P521_SHA512_SSWU_NU_}; +use redox_ecc::h2c::HashToCurve; +use redox_ecc::suites::{P256_SHA256_SSWU_NU_, P384_SHA512_SSWU_NU_, P521_SHA512_SSWU_NU_}; fn h2c(c: &mut Criterion) { let msg = "message to be hashed".as_bytes(); diff --git a/examples/call01.rs b/examples/call01.rs index 739e31f..f71a422 100644 --- a/examples/call01.rs +++ b/examples/call01.rs @@ -1,5 +1,3 @@ -extern crate num_bigint; - // use num_traits::identities::Zero; use std::convert::From; @@ -26,13 +24,14 @@ use redox_ecc::field::{FromFactory, Sqrt}; // CURVE25519_SHA256_ELL2_NU_, CURVE25519_SHA256_ELL2_RO_, CURVE25519_SHA512_ELL2_NU_, // CURVE25519_SHA512_ELL2_RO_, CURVE448_SHA512_ELL2_NU_, CURVE448_SHA512_ELL2_RO_, // }; -use redox_ecc::instances::CURVE25519; +use redox_ecc::h2c::HashToCurve; use redox_ecc::instances::{P256, P384}; use redox_ecc::primefield::Fp; -// use redox_ecc::weierstrass::{P256_SHA256_SSWU_NU_, P384_SHA512_SSWU_NU_, P521_SHA512_SSWU_NU_}; -// use redox_ecc::weierstrass::{P256_SHA256_SSWU_RO_, P384_SHA512_SSWU_RO_, P521_SHA512_SSWU_RO_}; -// use redox_ecc::weierstrass::{P256_SHA256_SVDW_NU_, P384_SHA512_SVDW_NU_, P521_SHA512_SVDW_NU_}; -// use redox_ecc::weierstrass::{P256_SHA256_SVDW_RO_, P384_SHA512_SVDW_RO_, P521_SHA512_SVDW_RO_}; +use redox_ecc::suites::{ + EDWARDS25519_SHA256_EDELL2_NU_, EDWARDS25519_SHA256_EDELL2_RO_, EDWARDS25519_SHA512_EDELL2_NU_, + EDWARDS25519_SHA512_EDELL2_RO_, EDWARDS448_SHA512_EDELL2_NU_, EDWARDS448_SHA512_EDELL2_RO_, + P256_SHA256_SSWU_NU_, P384_SHA512_SSWU_NU_, P521_SHA512_SSWU_NU_, +}; fn main() { println!("{}", version()); @@ -95,6 +94,23 @@ fn main() { let g0 = ec.get_generator(); let g1 = ec.get_generator(); println!("G: {} ", g0 + g1); + let msg = "This is a message string".as_bytes(); + let dst = "QUUX-V01-CS02".as_bytes(); + for suite in [ + EDWARDS25519_SHA256_EDELL2_NU_, + EDWARDS25519_SHA256_EDELL2_RO_, + EDWARDS25519_SHA512_EDELL2_NU_, + EDWARDS25519_SHA512_EDELL2_RO_, + EDWARDS448_SHA512_EDELL2_NU_, + EDWARDS448_SHA512_EDELL2_RO_, + ] + .iter() + { + let h = suite.get(dst); + let mut p = h.hash(msg); + p.normalize(); + println!("enc: {} {} ", suite, p); + } // println!("G: {} ", g2 + g3); // let g2 = ec.get_generator(); // let g3 = ec.get_generator(); @@ -109,8 +125,6 @@ fn main() { // println!("G: {} ", d); // let f = ec.get_field(); - // let msg = "This is a message string".as_bytes(); - // let dst = "QUUX-V01-CS02".as_bytes(); // // let a = f.hash(HashID::SHA256, msg, dst, 0u8, 48usize); // println!("a: {} ", f); diff --git a/src/edwards/elligator2.rs b/src/edwards/elligator2.rs index cbe1214..dbc8fe1 100644 --- a/src/edwards/elligator2.rs +++ b/src/edwards/elligator2.rs @@ -1,16 +1,12 @@ -use num_traits::identities::Zero; - use crate::edwards::Curve as TeCurve; -use crate::edwards::ProyCoordinates; use crate::ellipticcurve::{EllipticCurve, RationalMap}; -use crate::field::{CMov, Field, FromFactory, Sgn0, Sgn0Endianness, Sqrt}; +use crate::field::{Field, Sgn0Endianness}; use crate::h2c::MapToCurve; -use crate::montgomery::h2c::Ell2 as MtEll2; use crate::montgomery::Curve as MtCurve; +use crate::montgomery::Ell2 as MtEll2; use crate::primefield::FpElt; pub struct Ell2 { - sgn0: Sgn0Endianness, ratmap: Box + 'static>, map_to_curve: Box + 'static>, } @@ -18,11 +14,28 @@ pub struct Ell2 { impl Ell2 { pub fn new( e: TeCurve, - ratmap: Box>, + z: FpElt, sgn0: Sgn0Endianness, + ratmap: Option>>, ) -> Ell2 { - let ell2 = MtEll2::new(e1, z); - Ell2 { ratmap, sgn0, ell2 } + let (map_to_curve, ratmap) = match ratmap { + None => { + // let mt_curve = MtCurve::from(e); + // Box::new(MtEll2::new(mt_curve, z, sgn0)) + unimplemented!() + } + Some(r) => { + if r.domain() != e { + panic!("Domain of rational map is incompatible with curve") + } + let mt_curve = r.codomain(); + (Box::new(MtEll2::new(mt_curve, z, sgn0)), r) + } + }; + Ell2 { + map_to_curve, + ratmap, + } } } diff --git a/src/edwards/mod.rs b/src/edwards/mod.rs index b4b0496..b559a3f 100644 --- a/src/edwards/mod.rs +++ b/src/edwards/mod.rs @@ -2,9 +2,11 @@ //! //! The edwards module is meant to be used for bar. mod curve; +mod elligator2; mod point; mod scalar; pub use crate::edwards::curve::{Curve, CurveID, Params}; +pub use crate::edwards::elligator2::Ell2; pub use crate::edwards::point::{Point, ProyCoordinates}; pub use crate::edwards::scalar::Scalar; diff --git a/src/h2c/mod.rs b/src/h2c.rs similarity index 92% rename from src/h2c/mod.rs rename to src/h2c.rs index 2567df1..e8e4e4d 100644 --- a/src/h2c/mod.rs +++ b/src/h2c.rs @@ -27,9 +27,9 @@ pub trait MapToCurve { ) -> ::Point; } -/// EncodeToCurve is a function that outputs a point on an elliptic curve from an +/// HashToCurve is a function that outputs a point on an elliptic curve from an /// arbitrary string. -pub trait EncodeToCurve { +pub trait HashToCurve { type E: EllipticCurve; fn hash(&self, msg: &[u8]) -> ::Point; } @@ -47,7 +47,7 @@ where pub ro: bool, } -impl EncodeToCurve for Encoding +impl HashToCurve for Encoding where EE: EllipticCurve, { @@ -66,5 +66,3 @@ where p * &self.cofactor } } - -pub mod suites; diff --git a/src/instances/mod.rs b/src/instances/mod.rs index c742521..a581679 100644 --- a/src/instances/mod.rs +++ b/src/instances/mod.rs @@ -4,5 +4,6 @@ mod ted; mod weier; pub use crate::instances::mont::{CURVE25519, CURVE448}; +pub use crate::instances::rational_maps::{edwards25519_to_curve25519, edwards448_to_curve448}; pub use crate::instances::ted::{EDWARDS25519, EDWARDS448}; pub use crate::instances::weier::{P256, P384, P521, SECP256K1}; diff --git a/src/instances/mont.rs b/src/instances/mont.rs index 0abb41e..9b1b7d1 100644 --- a/src/instances/mont.rs +++ b/src/instances/mont.rs @@ -1,4 +1,4 @@ -use crate::montgomery::{Curve, CurveID, Params}; +use crate::montgomery::{CurveID, Params}; /// CURVE25519 is the curve25519 elliptic curve as specified in RFC-7748. pub static CURVE25519: CurveID = CurveID(CURVE25519_PARAMS); diff --git a/src/instances/rational_maps.rs b/src/instances/rational_maps.rs index f2e4b6f..42b41a9 100644 --- a/src/instances/rational_maps.rs +++ b/src/instances/rational_maps.rs @@ -2,13 +2,22 @@ use crate::edwards; use crate::edwards::Curve as TeCurve; use crate::edwards::Point as TePoint; use crate::ellipticcurve::{EcPoint, EllipticCurve, RationalMap}; -use crate::field::Field; +use crate::field::{Field, FromFactory}; +use crate::instances::{CURVE25519, CURVE448, EDWARDS25519, EDWARDS448}; use crate::montgomery; use crate::montgomery::Curve as MtCurve; use crate::montgomery::Point as MtPoint; use crate::primefield::FpElt; -pub struct Te2Mt25519 { +pub fn edwards25519_to_curve25519() -> impl RationalMap { + let e0 = EDWARDS25519.get(); + let e1 = CURVE25519.get(); + let invsqr_d = + e0.f.from("6853475219497561581579357271197624642482790079785650197046958215289687604742"); + Te2Mt25519 { e0, e1, invsqr_d } +} + +struct Te2Mt25519 { e0: TeCurve, e1: MtCurve, invsqr_d: FpElt, @@ -64,3 +73,77 @@ impl RationalMap for Te2Mt25519 { } } } + +struct Te2Mt448 { + e0: TeCurve, + e1: MtCurve, +} + +impl RationalMap for Te2Mt448 { + type E0 = TeCurve; + type E1 = MtCurve; + + fn domain(&self) -> Self::E0 { + self.e0.clone() + } + fn codomain(&self) -> Self::E1 { + self.e1.clone() + } + fn push(&self, p: TePoint) -> MtPoint { + if p.is_zero() { + self.e1.identity() + } else { + let (x, y, z) = (&p.c.x, &p.c.y, &p.c.z); + let f = &self.e0.f; + let f2 = f.from(2); + let x2 = x ^ 2u32; + let y2 = y ^ 2u32; + let z2 = z ^ 2u32; + let zz = x * &x2; // zz = x^3 + let xx = x * &y2; // xx = x*y^2 + let yy = y * (f2 * z2 - y2 - x2); // yy = y*(2z^2-y^2-x^2) + self.e1.new_point(montgomery::ProyCoordinates { + x: xx, + y: yy, + z: zz, + }) + } + } + fn pull(&self, p: MtPoint) -> TePoint { + if p.is_zero() { + self.e0.identity() + } else { + let f = &self.e0.f; + let (f2, f4) = (&f.from(2), &f.from(4)); + let (x, y, z) = (&p.c.x, &p.c.y, &p.c.z); + let x2 = x ^ 2u32; + let x3 = &x2 * x; + let x4 = &x2 ^ 2u32; + let x5 = &x3 * &x2; + let y2 = y ^ 2u32; + let z2 = z ^ 2u32; + let z3 = &z2 * z; + let z4 = &z2 ^ 2u32; + let xx = f4 * y * z * (&x2 - &z2); + let z0 = x4 - f2 * &x2 * &z2 + &z4 + f4 * &y2 * &z2; + let yy = -(&x5 - f2 * &x3 * &z2 + x * &z4 - f4 * x * &y2 * &z2); + let z1 = x5 - f2 * &x3 * &z2 + x * z4 - f2 * x2 * &y2 * z - f2 * y2 * z3; + let tt = &xx * &yy; + let xx = &xx * &z1; + let yy = &yy * &z0; + let zz = z0 * z1; + self.e0.new_point(edwards::ProyCoordinates { + x: xx, + y: yy, + t: tt, + z: zz, + }) + } + } +} + +pub fn edwards448_to_curve448() -> impl RationalMap { + let e0 = EDWARDS448.get(); + let e1 = CURVE448.get(); + Te2Mt448 { e0, e1 } +} diff --git a/src/instances/ted.rs b/src/instances/ted.rs index 305450f..760e87f 100644 --- a/src/instances/ted.rs +++ b/src/instances/ted.rs @@ -1,4 +1,4 @@ -use crate::edwards::{Curve, CurveID, Params}; +use crate::edwards::{CurveID, Params}; /// EDWARDS25519 is the edwards25519 elliptic curve as specified in RFC-7748. pub static EDWARDS25519: CurveID = CurveID(&EDWARDS25519_PARAMS); diff --git a/src/instances/weier.rs b/src/instances/weier.rs index 3d7a0fb..6712324 100644 --- a/src/instances/weier.rs +++ b/src/instances/weier.rs @@ -1,4 +1,4 @@ -use crate::weierstrass::{Curve, CurveID, Params}; +use crate::weierstrass::{CurveID, Params}; /// P256 is the NIST P-256 elliptic curve. pub static P256: CurveID = CurveID(P256_PARAMS); diff --git a/src/lib.rs b/src/lib.rs index 37dd111..60a06cd 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -17,13 +17,14 @@ pub mod ops; pub mod primefield; pub mod ellipticcurve; +pub mod h2c; pub mod edwards; -pub mod h2c; pub mod montgomery; pub mod weierstrass; pub mod instances; +pub mod suites; #[cfg(test)] mod tests; diff --git a/src/ops.rs b/src/ops.rs index f664d9c..29a684b 100644 --- a/src/ops.rs +++ b/src/ops.rs @@ -8,19 +8,27 @@ macro_rules! make_trait { ), pub trait $name where - Self: Sized - + for<'b> std::ops::$trait<&'b Self, Output = Self> + for<'a, 'b> Self: Sized + + 'a + + 'static + + std::ops::$trait<&'b Self, Output = Self> + std::ops::$trait, { - // for<'a, 'b> &'a Self: std::ops::$trait<&'b Self, Output = Self>, - // for<'a, 'b> &'a Self: std::ops::$trait<&'b Self, Output = Self>, + // for<'a, 'b> &'a Self: Sized + // + std::ops::$trait<&'b Self, Output = Self> + // + std::ops::$trait, } ); - impl $name for T where - T: Sized - + std::ops::$trait - + for<'b> std::ops::$trait<&'b T, Output = T> + impl $name for T + where + for<'a, 'b> T: Sized + + 'a + + 'static + + std::ops::$trait<&'b T, Output = T> + + std::ops::$trait, { + // for<'a, 'b> &'a T: + // Sized + std::ops::$trait<&'b T, Output = T> + std::ops::$trait, } }; (unary, $trait:ident, $name:ident) => { diff --git a/src/h2c/suites/mod.rs b/src/suites/mod.rs similarity index 72% rename from src/h2c/suites/mod.rs rename to src/suites/mod.rs index 1298985..a29588a 100644 --- a/src/h2c/suites/mod.rs +++ b/src/suites/mod.rs @@ -1,19 +1,20 @@ -mod mont; -mod ted; -mod weier; +pub mod mont; +pub mod ted; +pub mod weier; -pub use crate::h2c::suites::weier::{ - Suite, P256_SHA256_SSWU_NU_, P256_SHA256_SSWU_RO_, P256_SHA256_SVDW_NU_, P256_SHA256_SVDW_RO_, +pub use crate::suites::weier::{ + P256_SHA256_SSWU_NU_, P256_SHA256_SSWU_RO_, P256_SHA256_SVDW_NU_, P256_SHA256_SVDW_RO_, P384_SHA512_SSWU_NU_, P384_SHA512_SSWU_RO_, P384_SHA512_SVDW_NU_, P384_SHA512_SVDW_RO_, P521_SHA512_SSWU_NU_, P521_SHA512_SSWU_RO_, P521_SHA512_SVDW_NU_, P521_SHA512_SVDW_RO_, SECP256K1_SHA256_SSWU_NU_, SECP256K1_SHA256_SSWU_RO_, }; -pub use crate::h2c::suites::mont::{ +pub use crate::suites::mont::{ CURVE25519_SHA256_ELL2_NU_, CURVE25519_SHA256_ELL2_RO_, CURVE25519_SHA512_ELL2_NU_, CURVE25519_SHA512_ELL2_RO_, CURVE448_SHA512_ELL2_NU_, CURVE448_SHA512_ELL2_RO_, }; -pub use crate::h2c::suites::ted::{ + +pub use crate::suites::ted::{ EDWARDS25519_SHA256_EDELL2_NU_, EDWARDS25519_SHA256_EDELL2_RO_, EDWARDS25519_SHA512_EDELL2_NU_, EDWARDS25519_SHA512_EDELL2_RO_, EDWARDS448_SHA512_EDELL2_NU_, EDWARDS448_SHA512_EDELL2_RO_, }; diff --git a/src/h2c/suites/mont.rs b/src/suites/mont.rs similarity index 94% rename from src/h2c/suites/mont.rs rename to src/suites/mont.rs index 3968f55..ac0929e 100644 --- a/src/h2c/suites/mont.rs +++ b/src/suites/mont.rs @@ -1,6 +1,6 @@ use crate::ellipticcurve::EllipticCurve; use crate::field::{FromFactory, Sgn0Endianness}; -use crate::h2c::{EncodeToCurve, Encoding, HashID, MapToCurve}; +use crate::h2c::{Encoding, HashID, HashToCurve, MapToCurve}; use crate::instances::{CURVE25519, CURVE448}; use crate::montgomery::Ell2; use crate::montgomery::{Curve, CurveID}; @@ -23,7 +23,7 @@ pub struct Suite { } impl Suite { - pub fn get(&self, dst: &[u8]) -> impl EncodeToCurve { + pub fn get(&self, dst: &[u8]) -> impl HashToCurve { let (h, l, ro) = (self.h, self.l, self.ro); let dst = dst.to_vec(); let e = self.curve.get(); diff --git a/src/h2c/suites/ted.rs b/src/suites/ted.rs similarity index 72% rename from src/h2c/suites/ted.rs rename to src/suites/ted.rs index 9b6d229..bc3a1ad 100644 --- a/src/h2c/suites/ted.rs +++ b/src/suites/ted.rs @@ -1,16 +1,16 @@ use crate::edwards::Curve as TeCurve; -use crate::edwards::CurveID; +use crate::edwards::{CurveID, Ell2}; use crate::ellipticcurve::EllipticCurve; +use crate::ellipticcurve::RationalMap; use crate::field::{FromFactory, Sgn0Endianness}; -use crate::h2c::{EncodeToCurve, Encoding, HashID, MapToCurve}; -use crate::instances::{CURVE25519, EDWARDS25519, EDWARDS448}; +use crate::h2c::{Encoding, HashID, HashToCurve, MapToCurve}; +use crate::instances::{edwards25519_to_curve25519, edwards448_to_curve448}; +use crate::instances::{EDWARDS25519, EDWARDS448}; use crate::montgomery::Curve as MtCurve; -use crate::montgomery::Ell2; -// use crate::edwards::ratmap::Te2Mt25519; #[derive(Copy, Clone)] pub enum MapID { - EDELL2, + ELL2, } #[derive(Copy, Clone)] @@ -26,22 +26,19 @@ pub struct Suite { } impl Suite { - pub fn get(&self, dst: &[u8]) -> impl EncodeToCurve { - // let ratmap = match self.curve { - // EDWARDS25519 => { - // let e0 = Curve::from(EDWARDS25519); - // let e1 = MtCurve::from(CURVE25519); - // let invsqrD = e0.f.from(9); - // Te2Mt25519 { e0, e1, invsqrD } - // } // _ => unimplemented!(), - // }; - + pub fn get(&self, dst: &[u8]) -> impl HashToCurve { + let ratmap: Option>> = + match self.curve.0.name { + "edwards25519" => Some(Box::new(edwards25519_to_curve25519())), + "edwards448" => Some(Box::new(edwards448_to_curve448())), + _ => None, + }; let (h, l, ro) = (self.h, self.l, self.ro); let dst = dst.to_vec(); let e = self.curve.get(); let cofactor = e.new_scalar(e.get_cofactor()); let map_to_curve: Box> = match self.map { - _ => unimplemented!(), // MapID::EDELL2 => Box::new(Ell2::new(e.clone(), e.f.from(self.z), self.s)), + MapID::ELL2 => Box::new(Ell2::new(e.clone(), e.f.from(self.z), self.s, ratmap)), }; Encoding { hash_to_field: Box::new(e.f), @@ -60,12 +57,13 @@ impl std::fmt::Display for Suite { write!(f, "{}", self.name) } } + pub static EDWARDS25519_SHA256_EDELL2_NU_: Suite = Suite { name: "edwards25519-SHA256-EDELL2-NU-", curve: EDWARDS25519, s: Sgn0Endianness::LittleEndian, h: HashID::SHA256, - map: MapID::EDELL2, + map: MapID::ELL2, z: 2, l: 48, ro: false, @@ -81,7 +79,7 @@ pub static EDWARDS25519_SHA512_EDELL2_NU_: Suite = Suite { curve: EDWARDS25519, s: Sgn0Endianness::LittleEndian, h: HashID::SHA512, - map: MapID::EDELL2, + map: MapID::ELL2, z: 2, l: 48, ro: false, @@ -97,7 +95,7 @@ pub static EDWARDS448_SHA512_EDELL2_NU_: Suite = Suite { curve: EDWARDS448, s: Sgn0Endianness::LittleEndian, h: HashID::SHA512, - map: MapID::EDELL2, + map: MapID::ELL2, z: -1, l: 84, ro: false, diff --git a/src/h2c/suites/weier.rs b/src/suites/weier.rs similarity index 96% rename from src/h2c/suites/weier.rs rename to src/suites/weier.rs index 08d8e6d..eb6a9dd 100644 --- a/src/h2c/suites/weier.rs +++ b/src/suites/weier.rs @@ -1,6 +1,6 @@ use crate::ellipticcurve::EllipticCurve; use crate::field::{FromFactory, Sgn0Endianness}; -use crate::h2c::{EncodeToCurve, Encoding, HashID, MapToCurve}; +use crate::h2c::{Encoding, HashID, HashToCurve, MapToCurve}; use crate::instances::{P256, P384, P521, SECP256K1}; use crate::weierstrass::SSWU; use crate::weierstrass::SVDW; @@ -25,7 +25,7 @@ pub struct Suite { } impl Suite { - pub fn get(&self, dst: &[u8]) -> impl EncodeToCurve { + pub fn get(&self, dst: &[u8]) -> impl HashToCurve { let (h, l, ro) = (self.h, self.l, self.ro); let dst = dst.to_vec(); let e = self.curve.get();