h2c 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +9 -2
- data/lib/ext/curve/bls12381_g1.rb +19 -0
- data/lib/ext/curve/bls12381_g1_11iso.rb +21 -0
- data/lib/ext/curve.rb +2 -0
- data/lib/h2c/expander/xmd.rb +2 -11
- data/lib/h2c/expander.rb +1 -0
- data/lib/h2c/hash_to_point.rb +17 -14
- data/lib/h2c/m2c/isogeny/bls12381_g1.rb +104 -0
- data/lib/h2c/m2c/isogeny.rb +1 -0
- data/lib/h2c/m2c/sswu.rb +1 -1
- data/lib/h2c/m2c/sswuab0.rb +2 -2
- data/lib/h2c/suite.rb +36 -2
- data/lib/h2c/version.rb +1 -1
- data/lib/h2c.rb +2 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3de2455d74c152fea54a81e553295ba16f3122e1af6e3d2196e52055eb179180
|
|
4
|
+
data.tar.gz: 6bc78d7cbfa6110f5cee57aff3d099e1a86a25f3a511b7ea13ad4b366aa38bab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7654446bc65c08a1eb073f4f4de149809e9b44c58d19f9eb420ff2a6c9f9277c5e2b7e7827cde92514e3807fa1ea7544e344be9441c9ac636d256dbdff522af6
|
|
7
|
+
data.tar.gz: 8e4f8ee2aed37e8639869ea488a276f597dc0264cacd50bd8dc1a22ff2316da3ee2adc879af92a922f54e2f6cd7307d57368ec53be8a4d95a6e551fe38465239
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -8,6 +8,14 @@ The following cipher suites are currently supported:
|
|
|
8
8
|
|
|
9
9
|
* secp256k1_XMD:SHA-256_SSWU_NU_
|
|
10
10
|
* secp256k1_XMD:SHA-256_SSWU_RO_
|
|
11
|
+
* BLS12381G1_XMD:SHA-256_SSWU_NU_
|
|
12
|
+
* BLS12381G1_XMD:SHA-256_SSWU_RO_
|
|
13
|
+
* P256_XMD:SHA-256_SSWU_NU_
|
|
14
|
+
* P256_XMD:SHA-256_SSWU_RO_
|
|
15
|
+
* P384_XMD:SHA-384_SSWU_NU_
|
|
16
|
+
* P384_XMD:SHA-384_SSWU_RO_
|
|
17
|
+
* P521_XMD:SHA-512_SSWU_NU_
|
|
18
|
+
* P521_XMD:SHA-512_SSWU_RO_
|
|
11
19
|
|
|
12
20
|
## Installation
|
|
13
21
|
|
|
@@ -30,10 +38,9 @@ Or install it yourself as:
|
|
|
30
38
|
```ruby
|
|
31
39
|
require 'h2c'
|
|
32
40
|
|
|
33
|
-
sutie = "secp256k1_XMD:SHA-256_SSWU_RO_"
|
|
34
41
|
dst = "QUUX-V01-CS02-with-secp256k1_XMD:SHA-256_SSWU_RO_"
|
|
35
42
|
|
|
36
|
-
h2c = H2C.get(
|
|
43
|
+
h2c = H2C.get(H2C::Suite::SECP256K1_XMDSHA256_SSWU_RO_, dst)
|
|
37
44
|
|
|
38
45
|
msg = "abc"
|
|
39
46
|
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module BLS
|
|
3
|
+
class Group
|
|
4
|
+
BLS12381G1 =
|
|
5
|
+
ECDSA::Group.new(
|
|
6
|
+
name: "bls12381_g1",
|
|
7
|
+
p:
|
|
8
|
+
0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
|
|
9
|
+
a: 0,
|
|
10
|
+
b: 4,
|
|
11
|
+
g: [
|
|
12
|
+
0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb,
|
|
13
|
+
0x8b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1
|
|
14
|
+
],
|
|
15
|
+
n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
|
|
16
|
+
h: 0xd201000000010001
|
|
17
|
+
)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module BLS
|
|
3
|
+
class Group
|
|
4
|
+
BLS12381G1_11ISO =
|
|
5
|
+
ECDSA::Group.new(
|
|
6
|
+
name: "bls12381_g1_11iso",
|
|
7
|
+
p:
|
|
8
|
+
0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
|
|
9
|
+
a:
|
|
10
|
+
0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d,
|
|
11
|
+
b:
|
|
12
|
+
0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0,
|
|
13
|
+
g: [
|
|
14
|
+
0x6a0ead062ba73a09984eb7351a2d851bc817625345ce033a6eb7d78242b6466c877e022dda626a79ddb85bce57997e2,
|
|
15
|
+
0x3b89d8bb9326270e46b6b74e19f7b3f10082fbf1a46df72da50c6571b969afc570d6529350b1b9b05ab4fe5c29920b4
|
|
16
|
+
],
|
|
17
|
+
n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
|
|
18
|
+
h: 0xd201000000010001
|
|
19
|
+
)
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/ext/curve.rb
CHANGED
data/lib/h2c/expander/xmd.rb
CHANGED
|
@@ -3,24 +3,15 @@ require "digest"
|
|
|
3
3
|
|
|
4
4
|
module H2C
|
|
5
5
|
module Expander
|
|
6
|
-
# Expander::
|
|
6
|
+
# Expander::XMD produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
|
|
7
7
|
class XMD
|
|
8
8
|
attr_reader :dst, :digest
|
|
9
9
|
# Constructor
|
|
10
10
|
# @param [String] func Hash function name. Currently supported by 'SHA256' and 'SHA512'
|
|
11
11
|
# @param [String] dst Domain separation tag with binary format.
|
|
12
|
-
# @raise [H2C::Error] If invalid func specified.
|
|
13
12
|
def initialize(func, dst)
|
|
14
13
|
@dst = dst
|
|
15
|
-
@digest =
|
|
16
|
-
case func
|
|
17
|
-
when HashFunc::SHA256
|
|
18
|
-
Digest(HashFunc::SHA256).new
|
|
19
|
-
when HashFunc::SHA512
|
|
20
|
-
Digest(HashFunc::SHA512).new
|
|
21
|
-
else
|
|
22
|
-
raise H2C::Error, "func #{func} is unsupported."
|
|
23
|
-
end
|
|
14
|
+
@digest = Digest(func).new
|
|
24
15
|
end
|
|
25
16
|
|
|
26
17
|
# Expand message.
|
data/lib/h2c/expander.rb
CHANGED
|
@@ -33,6 +33,7 @@ module H2C
|
|
|
33
33
|
# Get expander implementation
|
|
34
34
|
# @param [String] func Hash function name. Currently supported by 'SHA-256' and 'SHA-512'.
|
|
35
35
|
# @raise [H2C::Error] If invalid func specified.
|
|
36
|
+
# @return [XMD] expander implementation, currently only XMD is supported.
|
|
36
37
|
def get(func, dst, _k)
|
|
37
38
|
unless HashFunc::XMD_FUNCS.include?(func)
|
|
38
39
|
raise H2C::Error, "func #{func} is unsupported."
|
data/lib/h2c/hash_to_point.rb
CHANGED
|
@@ -14,34 +14,37 @@ module H2C
|
|
|
14
14
|
# @param [String] msg Message with binary to be hashed.
|
|
15
15
|
# @return [ECDSA::Point] point
|
|
16
16
|
def digest(msg)
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
17
|
+
p =
|
|
18
|
+
if suite.ro
|
|
19
|
+
u = hash_to_field(msg, 2)
|
|
20
|
+
p0 = suite.map.map(u[0])
|
|
21
|
+
p1 = suite.map.map(u[1])
|
|
22
|
+
p0 + p1
|
|
23
|
+
else
|
|
24
|
+
u = hash_to_field(msg, 1)
|
|
25
|
+
suite.map.map(u[0])
|
|
26
|
+
end
|
|
27
|
+
suite.curve.cofactor ? p.multiply_by_scalar(suite.curve.cofactor) : p
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
# Hashes a msg of any length into an element of a finite field.
|
|
29
31
|
# https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-hash_to_field-implementatio
|
|
30
32
|
# @param [String] msg A byte string containing the message to hash.
|
|
31
33
|
# @param [Integer] count The number of elements of Field to output.
|
|
34
|
+
# @param [Integer] modulo (Optional) This value is a finite field of characteristic p in the
|
|
35
|
+
# hash to curve specification. Other protocols such as FROST can be order of curve.
|
|
32
36
|
# @return [Array]
|
|
33
|
-
def hash_to_field(msg, count)
|
|
34
|
-
field = suite.curve.field
|
|
37
|
+
def hash_to_field(msg, count, modulo = suite.curve.field.prime)
|
|
35
38
|
len = count * suite.m * suite.l
|
|
36
39
|
pseudo = suite.exp.expand(msg, len)
|
|
37
40
|
u = []
|
|
38
|
-
|
|
41
|
+
count.times do |i|
|
|
39
42
|
v = []
|
|
40
|
-
|
|
43
|
+
suite.m.times do |j|
|
|
41
44
|
offset = suite.l * (j + i * suite.m)
|
|
42
45
|
t = pseudo[offset, (offset + suite.l)]
|
|
43
46
|
vj = t.unpack1("H*").to_i(16)
|
|
44
|
-
v[j] =
|
|
47
|
+
v[j] = vj % modulo
|
|
45
48
|
end
|
|
46
49
|
u[i] = v
|
|
47
50
|
end
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module H2C
|
|
4
|
+
module M2C
|
|
5
|
+
module ISOGeny
|
|
6
|
+
# 11-isogeny map for BLS12381
|
|
7
|
+
# https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#appendix-E.2
|
|
8
|
+
class BLS12381G1
|
|
9
|
+
attr_reader :e0, :e1
|
|
10
|
+
|
|
11
|
+
X_NUM = [
|
|
12
|
+
0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7,
|
|
13
|
+
0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb,
|
|
14
|
+
0xd54005db97678ec1d1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0,
|
|
15
|
+
0x1778e7166fcc6db74e0609d307e55412d7f5e4656a8dbf25f1b33289f1b330835336e25ce3107193c5b388641d9b6861,
|
|
16
|
+
0xe99726a3199f4436642b4b3e4118e5499db995a1257fb3f086eeb65982fac18985a286f301e77c451154ce9ac8895d9,
|
|
17
|
+
0x1630c3250d7313ff01d1201bf7a74ab5db3cb17dd952799b9ed3ab9097e68f90a0870d2dcae73d19cd13c1c66f652983,
|
|
18
|
+
0xd6ed6553fe44d296a3726c38ae652bfb11586264f0f8ce19008e218f9c86b2a8da25128c1052ecaddd7f225a139ed84,
|
|
19
|
+
0x17b81e7701abdbe2e8743884d1117e53356de5ab275b4db1a682c62ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e,
|
|
20
|
+
0x80d3cf1f9a78fc47b90b33563be990dc43b756ce79f5574a2c596c928c5d1de4fa295f296b74e956d71986a8497e317,
|
|
21
|
+
0x169b1f8e1bcfa7c42e0c37515d138f22dd2ecb803a0c5c99676314baf4bb1b7fa3190b2edc0327797f241067be390c9e,
|
|
22
|
+
0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7b,
|
|
23
|
+
0x6e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229
|
|
24
|
+
].freeze
|
|
25
|
+
|
|
26
|
+
X_DEN = [
|
|
27
|
+
0x8ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c,
|
|
28
|
+
0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff,
|
|
29
|
+
0xb2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19,
|
|
30
|
+
0x3425581a58ae2fec83aafef7c40eb545b08243f16b1655154cca8abc28d6fd04976d5243eecf5c4130de8938dc62cd8,
|
|
31
|
+
0x13a8e162022914a80a6f1d5f43e7a07dffdfc759a12062bb8d6b44e833b306da9bd29ba81f35781d539d395b3532a21e,
|
|
32
|
+
0xe7355f8e4e667b955390f7f0506c6e9395735e9ce9cad4d0a43bcef24b8982f7400d24bc4228f11c02df9a29f6304a5,
|
|
33
|
+
0x772caacf16936190f3e0c63e0596721570f5799af53a1894e2e073062aede9cea73b3538f0de06cec2574496ee84a3a,
|
|
34
|
+
0x14a7ac2a9d64a8b230b3f5b074cf01996e7f63c21bca68a81996e1cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e,
|
|
35
|
+
0xa10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641,
|
|
36
|
+
0x95fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a,
|
|
37
|
+
1,
|
|
38
|
+
0
|
|
39
|
+
].freeze
|
|
40
|
+
|
|
41
|
+
Y_NUM = [
|
|
42
|
+
0x90d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33,
|
|
43
|
+
0x134996a104ee5811d51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696,
|
|
44
|
+
0xcc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6,
|
|
45
|
+
0x1f86376e8981c217898751ad8746757d42aa7b90eeb791c09e4a3ec03251cf9de405aba9ec61deca6355c77b0e5f4cb,
|
|
46
|
+
0x8cc03fdefe0ff135caf4fe2a21529c4195536fbe3ce50b879833fd221351adc2ee7f8dc099040a841b6daecf2e8fedb,
|
|
47
|
+
0x16603fca40634b6a2211e11db8f0a6a074a7d0d4afadb7bd76505c3d3ad5544e203f6326c95a807299b23ab13633a5f0,
|
|
48
|
+
0x4ab0b9bcfac1bbcb2c977d027796b3ce75bb8ca2be184cb5231413c4d634f3747a87ac2460f415ec961f8855fe9d6f2,
|
|
49
|
+
0x987c8d5333ab86fde9926bd2ca6c674170a05bfe3bdd81ffd038da6c26c842642f64550fedfe935a15e4ca31870fb29,
|
|
50
|
+
0x9fc4018bd96684be88c9e221e4da1bb8f3abd16679dc26c1e8b6e6a1f20cabe69d65201c78607a360370e577bdba587,
|
|
51
|
+
0xe1bba7a1186bdb5223abde7ada14a23c42a0ca7915af6fe06985e7ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30,
|
|
52
|
+
0x19713e47937cd1be0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183e416389e61031bf3a5cce3fbafce813711ad011c132,
|
|
53
|
+
0x18b46a908f36f6deb918c143fed2edcc523559b8aaf0c2462e6bfe7f911f643249d9cdf41b44d606ce07c8a4d0074d8e,
|
|
54
|
+
0xb182cac101b9399d155096004f53f447aa7b12a3426b08ec02710e807b4633f06c851c1919211f20d4c04f00b971ef8,
|
|
55
|
+
0x245a394ad1eca9b72fc00ae7be315dc757b3b080d4c158013e6632d3c40659cc6cf90ad1c232a6442d9d3f5db980133,
|
|
56
|
+
0x5c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b,
|
|
57
|
+
0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b604
|
|
58
|
+
].freeze
|
|
59
|
+
|
|
60
|
+
Y_DEN = [
|
|
61
|
+
0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1,
|
|
62
|
+
0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d,
|
|
63
|
+
0x58df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2,
|
|
64
|
+
0x16b7d288798e5395f20d23bf89edb4d1d115c5dbddbcd30e123da489e726af41727364f2c28297ada8d26d98445f5416,
|
|
65
|
+
0xbe0e079545f43e4b00cc912f8228ddcc6d19c9f0f69bbb0542eda0fc9dec916a20b15dc0fd2ededda39142311a5001d,
|
|
66
|
+
0x8d9e5297186db2d9fb266eaac783182b70152c65550d881c5ecd87b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac,
|
|
67
|
+
0x166007c08a99db2fc3ba8734ace9824b5eecfdfa8d0cf8ef5dd365bc400a0051d5fa9c01a58b1fb93d1a1399126a775c,
|
|
68
|
+
0x16a3ef08be3ea7ea03bcddfabba6ff6ee5a4375efa1f4fd7feb34fd206357132b920f5b00801dee460ee415a15812ed9,
|
|
69
|
+
0x1866c8ed336c61231a1be54fd1d74cc4f9fb0ce4c6af5920abc5750c4bf39b4852cfe2f7bb9248836b233d9d55535d4a,
|
|
70
|
+
0x167a55cda70a6e1cea820597d94a84903216f763e13d87bb5308592e7ea7d4fbc7385ea3d529b35e346ef48bb8913f55,
|
|
71
|
+
0x4d2f259eea405bd48f010a01ad2911d9c6dd039bb61a6290e591b36e636a5c871a5c29f4f83060400f8b49cba8f6aa8,
|
|
72
|
+
0xaccbb67481d033ff5852c1e48c50c477f94ff8aefce42d28c0f9a88cea7913516f968986f7ebbea9684b529e2561092,
|
|
73
|
+
0xad6b9514c767fe3c3613144b45f1496543346d98adf02267d5ceef9a00d9b8693000763e3b90ac11e99b138573345cc,
|
|
74
|
+
0x2660400eb2e4f3b628bdd0d53cd76f2bf565b94e72927c1cb748df27942480e420517bd8714cc80d1fadc1326ed06f7,
|
|
75
|
+
0xe0fa1d816ddc03e6b24255e0d7819c171c40f65e273b853324efcd6356caa205ca2f570f13497804415473a1d634b8f,
|
|
76
|
+
1
|
|
77
|
+
].freeze
|
|
78
|
+
def initialize
|
|
79
|
+
@e0 = BLS::Group::BLS12381G1_11ISO
|
|
80
|
+
@e1 = BLS::Group::BLS12381G1
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def map(x, y)
|
|
84
|
+
f = e0.field
|
|
85
|
+
x_num = 0
|
|
86
|
+
x_den = 0
|
|
87
|
+
y_num = 0
|
|
88
|
+
y_den = 0
|
|
89
|
+
(X_NUM.length - 1).step(0, -1) do |i|
|
|
90
|
+
x_num = f.mod(x_num * x + X_NUM[i])
|
|
91
|
+
x_den = f.mod(x_den * x + X_DEN[i])
|
|
92
|
+
end
|
|
93
|
+
(Y_NUM.length - 1).step(0, -1) do |i|
|
|
94
|
+
y_num = f.mod(y_num * x + Y_NUM[i])
|
|
95
|
+
y_den = f.mod(y_den * x + Y_DEN[i])
|
|
96
|
+
end
|
|
97
|
+
xx = f.mod(x_num * f.inverse(x_den))
|
|
98
|
+
yy = f.mod(y * (y_num * f.inverse(y_den)))
|
|
99
|
+
[xx, yy]
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
data/lib/h2c/m2c/isogeny.rb
CHANGED
data/lib/h2c/m2c/sswu.rb
CHANGED
data/lib/h2c/m2c/sswuab0.rb
CHANGED
data/lib/h2c/suite.rb
CHANGED
|
@@ -6,21 +6,55 @@ module H2C
|
|
|
6
6
|
|
|
7
7
|
SECP256K1_XMDSHA256_SSWU_NU_ = "secp256k1_XMD:SHA-256_SSWU_NU_"
|
|
8
8
|
SECP256K1_XMDSHA256_SSWU_RO_ = "secp256k1_XMD:SHA-256_SSWU_RO_"
|
|
9
|
+
BLS12381G1_XMDSHA256_SSWU_NU_ = "BLS12381G1_XMD:SHA-256_SSWU_NU_"
|
|
10
|
+
BLS12381G1_XMDSHA256_SSWU_RO_ = "BLS12381G1_XMD:SHA-256_SSWU_RO_"
|
|
11
|
+
P256_XMDSHA256_SSWU_NU_ = "P256_XMD:SHA-256_SSWU_NU_"
|
|
12
|
+
P256_XMDSHA256_SSWU_RO_ = "P256_XMD:SHA-256_SSWU_RO_"
|
|
13
|
+
P384_XMDSHA384_SSWU_NU_ = "P384_XMD:SHA-384_SSWU_NU_"
|
|
14
|
+
P384_XMDSHA384_SSWU_RO_ = "P384_XMD:SHA-384_SSWU_RO_"
|
|
15
|
+
P521_XMDSHA512_SSWU_NU_ = "P521_XMD:SHA-512_SSWU_NU_"
|
|
16
|
+
P521_XMDSHA512_SSWU_RO_ = "P521_XMD:SHA-512_SSWU_RO_"
|
|
9
17
|
|
|
10
18
|
# Initialize suite
|
|
11
19
|
# @param [String] id Suite id.
|
|
12
20
|
# @param [String] dst Domain separation tag.
|
|
13
21
|
def initialize(id, dst)
|
|
14
22
|
@id = id
|
|
23
|
+
@k = 128
|
|
24
|
+
@m = 1
|
|
15
25
|
case id
|
|
16
26
|
when SECP256K1_XMDSHA256_SSWU_NU_, SECP256K1_XMDSHA256_SSWU_RO_
|
|
17
27
|
@curve = ECDSA::Group::Secp256k1
|
|
18
|
-
@k = 128
|
|
19
28
|
@exp = Expander.get(HashFunc::SHA256, dst, @k)
|
|
20
|
-
@m = 1
|
|
21
29
|
@l = 48
|
|
22
30
|
@map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::Secp256k1.new, -11)
|
|
23
31
|
@ro = (id == SECP256K1_XMDSHA256_SSWU_RO_)
|
|
32
|
+
when BLS12381G1_XMDSHA256_SSWU_NU_, BLS12381G1_XMDSHA256_SSWU_RO_
|
|
33
|
+
@curve = BLS::Group::BLS12381G1
|
|
34
|
+
@exp = Expander.get(HashFunc::SHA256, dst, @k)
|
|
35
|
+
@l = 64
|
|
36
|
+
@map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::BLS12381G1.new, 11)
|
|
37
|
+
@ro = (id == BLS12381G1_XMDSHA256_SSWU_RO_)
|
|
38
|
+
when P256_XMDSHA256_SSWU_NU_, P256_XMDSHA256_SSWU_RO_
|
|
39
|
+
@curve = ECDSA::Group::Nistp256
|
|
40
|
+
@exp = Expander.get(HashFunc::SHA256, dst, @k)
|
|
41
|
+
@l = 48
|
|
42
|
+
@map = M2C::SSWU.new(ECDSA::Group::Nistp256, -10)
|
|
43
|
+
@ro = (id == P256_XMDSHA256_SSWU_RO_)
|
|
44
|
+
when P384_XMDSHA384_SSWU_NU_, P384_XMDSHA384_SSWU_RO_
|
|
45
|
+
@k = 192
|
|
46
|
+
@curve = ECDSA::Group::Nistp384
|
|
47
|
+
@exp = Expander.get(HashFunc::SHA384, dst, @k)
|
|
48
|
+
@l = 72
|
|
49
|
+
@map = M2C::SSWU.new(ECDSA::Group::Nistp384, -12)
|
|
50
|
+
@ro = (id == P384_XMDSHA384_SSWU_RO_)
|
|
51
|
+
when P521_XMDSHA512_SSWU_NU_, P521_XMDSHA512_SSWU_RO_
|
|
52
|
+
@k = 256
|
|
53
|
+
@curve = ECDSA::Group::Nistp521
|
|
54
|
+
@exp = Expander.get(HashFunc::SHA512, dst, @k)
|
|
55
|
+
@l = 98
|
|
56
|
+
@map = M2C::SSWU.new(ECDSA::Group::Nistp521, -4)
|
|
57
|
+
@ro = (id == P521_XMDSHA512_SSWU_RO_)
|
|
24
58
|
else
|
|
25
59
|
raise H2C::Error, "suite #{curve} unsupported."
|
|
26
60
|
end
|
data/lib/h2c/version.rb
CHANGED
data/lib/h2c.rb
CHANGED
|
@@ -18,11 +18,12 @@ module H2C
|
|
|
18
18
|
# Hash function name
|
|
19
19
|
module HashFunc
|
|
20
20
|
SHA256 = "SHA256"
|
|
21
|
+
SHA384 = "SHA384"
|
|
21
22
|
SHA512 = "SHA512"
|
|
22
23
|
SHAKE128 = "SHAKE128"
|
|
23
24
|
SHAKE256 = "SHAKE256"
|
|
24
25
|
|
|
25
|
-
XMD_FUNCS = [SHA256, SHA512].freeze
|
|
26
|
+
XMD_FUNCS = [SHA256, SHA384, SHA512].freeze
|
|
26
27
|
XOF_FUNCS = [SHAKE128, SHAKE256].freeze
|
|
27
28
|
end
|
|
28
29
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: h2c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- azuchi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ecdsa
|
|
@@ -46,6 +46,8 @@ files:
|
|
|
46
46
|
- bin/setup
|
|
47
47
|
- h2c.gemspec
|
|
48
48
|
- lib/ext/curve.rb
|
|
49
|
+
- lib/ext/curve/bls12381_g1.rb
|
|
50
|
+
- lib/ext/curve/bls12381_g1_11iso.rb
|
|
49
51
|
- lib/ext/curve/secp256k1_3iso.rb
|
|
50
52
|
- lib/h2c.rb
|
|
51
53
|
- lib/h2c/expander.rb
|
|
@@ -53,6 +55,7 @@ files:
|
|
|
53
55
|
- lib/h2c/hash_to_point.rb
|
|
54
56
|
- lib/h2c/m2c.rb
|
|
55
57
|
- lib/h2c/m2c/isogeny.rb
|
|
58
|
+
- lib/h2c/m2c/isogeny/bls12381_g1.rb
|
|
56
59
|
- lib/h2c/m2c/isogeny/secp256k1.rb
|
|
57
60
|
- lib/h2c/m2c/sswu.rb
|
|
58
61
|
- lib/h2c/m2c/sswuab0.rb
|