RubyGems - h2c - Versions diffs - 0.1.0 → 0.2.1 - Mend

h2c 0.1.0 → 0.2.1

Files changed (17) hide show

checksums.yaml +4 -4
data/Gemfile +1 -1
data/README.md +9 -2
data/lib/ext/curve/bls12381_g1.rb +19 -0
data/lib/ext/curve/bls12381_g1_11iso.rb +21 -0
data/lib/ext/curve.rb +2 -0
data/lib/h2c/expander/xmd.rb +2 -11
data/lib/h2c/expander.rb +1 -0
data/lib/h2c/hash_to_point.rb +17 -14
data/lib/h2c/m2c/isogeny/bls12381_g1.rb +104 -0
data/lib/h2c/m2c/isogeny.rb +1 -0
data/lib/h2c/m2c/sswu.rb +1 -1
data/lib/h2c/m2c/sswuab0.rb +2 -2
data/lib/h2c/suite.rb +36 -2
data/lib/h2c/version.rb +1 -1
data/lib/h2c.rb +2 -1
metadata +5 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bb9442ab449a3426c342b352746b7057a4d6bb15b3d88efdaf214a0e7e11423
-  data.tar.gz: 19c35110d60cf84cfc221c33a9ae4f8ff612ae8ac532a25512e9cd66bc8fcb0a
+  metadata.gz: 3de2455d74c152fea54a81e553295ba16f3122e1af6e3d2196e52055eb179180
+  data.tar.gz: 6bc78d7cbfa6110f5cee57aff3d099e1a86a25f3a511b7ea13ad4b366aa38bab
 SHA512:
-  metadata.gz: 61fd4f3cff6441eaf34e3b7507ee6fd67fe158f3622f1e42a69c44c8bbb950385fb61439b3bbc88523a23c81b4369405728eade93319b28fbb889532ee99f125
-  data.tar.gz: '049c98d23b13a876a37ec2a8f13aa8a6449a43a2a0f869b7a31e7d702503850a406aa7ddb86fe65922d742dd1287b7b4b1a71cf395afc3041d95aadc51924084'
+  metadata.gz: 7654446bc65c08a1eb073f4f4de149809e9b44c58d19f9eb420ff2a6c9f9277c5e2b7e7827cde92514e3807fa1ea7544e344be9441c9ac636d256dbdff522af6
+  data.tar.gz: 8e4f8ee2aed37e8639869ea488a276f597dc0264cacd50bd8dc1a22ff2316da3ee2adc879af92a922f54e2f6cd7307d57368ec53be8a4d95a6e551fe38465239

data/Gemfile CHANGED Viewed

@@ -9,7 +9,7 @@ gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem 'prettier'
+gem 'prettier', '4.0.3'
 gem 'rubocop-rake'
 gem 'rubocop-rspec'

data/README.md CHANGED Viewed

@@ -8,6 +8,14 @@ The following cipher suites are currently supported:
 * secp256k1_XMD:SHA-256_SSWU_NU_
 * secp256k1_XMD:SHA-256_SSWU_RO_
+* BLS12381G1_XMD:SHA-256_SSWU_NU_
+* BLS12381G1_XMD:SHA-256_SSWU_RO_
+* P256_XMD:SHA-256_SSWU_NU_
+* P256_XMD:SHA-256_SSWU_RO_
+* P384_XMD:SHA-384_SSWU_NU_
+* P384_XMD:SHA-384_SSWU_RO_
+* P521_XMD:SHA-512_SSWU_NU_
+* P521_XMD:SHA-512_SSWU_RO_
 ## Installation
@@ -30,10 +38,9 @@ Or install it yourself as:
 ```ruby
 require 'h2c'
-sutie = "secp256k1_XMD:SHA-256_SSWU_RO_"
 dst = "QUUX-V01-CS02-with-secp256k1_XMD:SHA-256_SSWU_RO_"
-h2c = H2C.get(sutie, dst)
+h2c = H2C.get(H2C::Suite::SECP256K1_XMDSHA256_SSWU_RO_, dst)
 msg = "abc"

data/lib/ext/curve/bls12381_g1.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module BLS
+  class Group
+    BLS12381G1 =
+      ECDSA::Group.new(
+        name: "bls12381_g1",
+        p:
+          0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
+        a: 0,
+        b: 4,
+        g: [
+          0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb,
+          0x8b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1
+        ],
+        n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
+        h: 0xd201000000010001
+      )
+  end
+end

data/lib/ext/curve/bls12381_g1_11iso.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module BLS
+  class Group
+    BLS12381G1_11ISO =
+      ECDSA::Group.new(
+        name: "bls12381_g1_11iso",
+        p:
+          0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab,
+        a:
+          0x144698a3b8e9433d693a02c96d4982b0ea985383ee66a8d8e8981aefd881ac98936f8da0e0f97f5cf428082d584c1d,
+        b:
+          0x12e2908d11688030018b12e8753eee3b2016c1f0f24f4070a0b9c14fcef35ef55a23215a316ceaa5d1cc48e98e172be0,
+        g: [
+          0x6a0ead062ba73a09984eb7351a2d851bc817625345ce033a6eb7d78242b6466c877e022dda626a79ddb85bce57997e2,
+          0x3b89d8bb9326270e46b6b74e19f7b3f10082fbf1a46df72da50c6571b969afc570d6529350b1b9b05ab4fe5c29920b4
+        ],
+        n: 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001,
+        h: 0xd201000000010001
+      )
+  end
+end

data/lib/ext/curve.rb CHANGED Viewed

@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative "curve/secp256k1_3iso"
+require_relative "curve/bls12381_g1"
+require_relative "curve/bls12381_g1_11iso"

data/lib/h2c/expander/xmd.rb CHANGED Viewed

@@ -3,24 +3,15 @@ require "digest"
 module H2C
   module Expander
-    # Expander::XML produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
+    # Expander::XMD produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
     class XMD
       attr_reader :dst, :digest
       # Constructor
       # @param [String] func Hash function name. Currently supported by 'SHA256' and 'SHA512'
       # @param [String] dst Domain separation tag with binary format.
-      # @raise [H2C::Error] If invalid func specified.
       def initialize(func, dst)
         @dst = dst
-        @digest =
-          case func
-          when HashFunc::SHA256
-            Digest(HashFunc::SHA256).new
-          when HashFunc::SHA512
-            Digest(HashFunc::SHA512).new
-          else
-            raise H2C::Error, "func #{func} is unsupported."
-          end
+        @digest = Digest(func).new
       end
       # Expand message.

data/lib/h2c/expander.rb CHANGED Viewed

@@ -33,6 +33,7 @@ module H2C
     # Get expander implementation
     # @param [String] func Hash function name. Currently supported by 'SHA-256' and 'SHA-512'.
     # @raise [H2C::Error] If invalid func specified.
+    # @return [XMD] expander implementation, currently only XMD is supported.
     def get(func, dst, _k)
       unless HashFunc::XMD_FUNCS.include?(func)
         raise H2C::Error, "func #{func} is unsupported."

data/lib/h2c/hash_to_point.rb CHANGED Viewed

@@ -14,34 +14,37 @@ module H2C
     # @param [String] msg Message with binary to be hashed.
     # @return [ECDSA::Point] point
     def digest(msg)
-      if suite.ro
-        u = hash_to_field(msg, 2)
-        p0 = suite.map.map(u[0])
-        p1 = suite.map.map(u[1])
-        p0 + p1
-      else
-        u = hash_to_field(msg, 1)
-        suite.map.map(u[0])
-      end
+      p =
+        if suite.ro
+          u = hash_to_field(msg, 2)
+          p0 = suite.map.map(u[0])
+          p1 = suite.map.map(u[1])
+          p0 + p1
+        else
+          u = hash_to_field(msg, 1)
+          suite.map.map(u[0])
+        end
+      suite.curve.cofactor ? p.multiply_by_scalar(suite.curve.cofactor) : p
     end
     # Hashes a msg of any length into an element of a finite field.
     # https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-hash_to_field-implementatio
     # @param [String] msg A byte string containing the message to hash.
     # @param [Integer] count The number of elements of Field to output.
+    # @param [Integer] modulo (Optional) This value is a finite field of characteristic p in the
+    # hash to curve specification. Other protocols such as FROST can be order of curve.
     # @return [Array]
-    def hash_to_field(msg, count)
-      field = suite.curve.field
+    def hash_to_field(msg, count, modulo = suite.curve.field.prime)
       len = count * suite.m * suite.l
       pseudo = suite.exp.expand(msg, len)
       u = []
-      (0...count).each do |i|
+      count.times do |i|
         v = []
-        (0...suite.m).each do |j|
+        suite.m.times do |j|
           offset = suite.l * (j + i * suite.m)
           t = pseudo[offset, (offset + suite.l)]
           vj = t.unpack1("H*").to_i(16)
-          v[j] = field.mod(vj)
+          v[j] = vj % modulo
         end
         u[i] = v
       end

data/lib/h2c/m2c/isogeny/bls12381_g1.rb ADDED Viewed

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+module H2C
+  module M2C
+    module ISOGeny
+      # 11-isogeny map for BLS12381
+      # https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#appendix-E.2
+      class BLS12381G1
+        attr_reader :e0, :e1
+        X_NUM = [
+          0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7,
+          0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb,
+          0xd54005db97678ec1d1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0,
+          0x1778e7166fcc6db74e0609d307e55412d7f5e4656a8dbf25f1b33289f1b330835336e25ce3107193c5b388641d9b6861,
+          0xe99726a3199f4436642b4b3e4118e5499db995a1257fb3f086eeb65982fac18985a286f301e77c451154ce9ac8895d9,
+          0x1630c3250d7313ff01d1201bf7a74ab5db3cb17dd952799b9ed3ab9097e68f90a0870d2dcae73d19cd13c1c66f652983,
+          0xd6ed6553fe44d296a3726c38ae652bfb11586264f0f8ce19008e218f9c86b2a8da25128c1052ecaddd7f225a139ed84,
+          0x17b81e7701abdbe2e8743884d1117e53356de5ab275b4db1a682c62ef0f2753339b7c8f8c8f475af9ccb5618e3f0c88e,
+          0x80d3cf1f9a78fc47b90b33563be990dc43b756ce79f5574a2c596c928c5d1de4fa295f296b74e956d71986a8497e317,
+          0x169b1f8e1bcfa7c42e0c37515d138f22dd2ecb803a0c5c99676314baf4bb1b7fa3190b2edc0327797f241067be390c9e,
+          0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7b,
+          0x6e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229
+        ].freeze
+        X_DEN = [
+          0x8ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c,
+          0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff,
+          0xb2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19,
+          0x3425581a58ae2fec83aafef7c40eb545b08243f16b1655154cca8abc28d6fd04976d5243eecf5c4130de8938dc62cd8,
+          0x13a8e162022914a80a6f1d5f43e7a07dffdfc759a12062bb8d6b44e833b306da9bd29ba81f35781d539d395b3532a21e,
+          0xe7355f8e4e667b955390f7f0506c6e9395735e9ce9cad4d0a43bcef24b8982f7400d24bc4228f11c02df9a29f6304a5,
+          0x772caacf16936190f3e0c63e0596721570f5799af53a1894e2e073062aede9cea73b3538f0de06cec2574496ee84a3a,
+          0x14a7ac2a9d64a8b230b3f5b074cf01996e7f63c21bca68a81996e1cdf9822c580fa5b9489d11e2d311f7d99bbdcc5a5e,
+          0xa10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641,
+          0x95fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a,
+          1,
+          0
+        ].freeze
+        Y_NUM = [
+          0x90d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33,
+          0x134996a104ee5811d51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696,
+          0xcc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6,
+          0x1f86376e8981c217898751ad8746757d42aa7b90eeb791c09e4a3ec03251cf9de405aba9ec61deca6355c77b0e5f4cb,
+          0x8cc03fdefe0ff135caf4fe2a21529c4195536fbe3ce50b879833fd221351adc2ee7f8dc099040a841b6daecf2e8fedb,
+          0x16603fca40634b6a2211e11db8f0a6a074a7d0d4afadb7bd76505c3d3ad5544e203f6326c95a807299b23ab13633a5f0,
+          0x4ab0b9bcfac1bbcb2c977d027796b3ce75bb8ca2be184cb5231413c4d634f3747a87ac2460f415ec961f8855fe9d6f2,
+          0x987c8d5333ab86fde9926bd2ca6c674170a05bfe3bdd81ffd038da6c26c842642f64550fedfe935a15e4ca31870fb29,
+          0x9fc4018bd96684be88c9e221e4da1bb8f3abd16679dc26c1e8b6e6a1f20cabe69d65201c78607a360370e577bdba587,
+          0xe1bba7a1186bdb5223abde7ada14a23c42a0ca7915af6fe06985e7ed1e4d43b9b3f7055dd4eba6f2bafaaebca731c30,
+          0x19713e47937cd1be0dfd0b8f1d43fb93cd2fcbcb6caf493fd1183e416389e61031bf3a5cce3fbafce813711ad011c132,
+          0x18b46a908f36f6deb918c143fed2edcc523559b8aaf0c2462e6bfe7f911f643249d9cdf41b44d606ce07c8a4d0074d8e,
+          0xb182cac101b9399d155096004f53f447aa7b12a3426b08ec02710e807b4633f06c851c1919211f20d4c04f00b971ef8,
+          0x245a394ad1eca9b72fc00ae7be315dc757b3b080d4c158013e6632d3c40659cc6cf90ad1c232a6442d9d3f5db980133,
+          0x5c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b,
+          0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b604
+        ].freeze
+        Y_DEN = [
+          0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1,
+          0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d,
+          0x58df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2,
+          0x16b7d288798e5395f20d23bf89edb4d1d115c5dbddbcd30e123da489e726af41727364f2c28297ada8d26d98445f5416,
+          0xbe0e079545f43e4b00cc912f8228ddcc6d19c9f0f69bbb0542eda0fc9dec916a20b15dc0fd2ededda39142311a5001d,
+          0x8d9e5297186db2d9fb266eaac783182b70152c65550d881c5ecd87b6f0f5a6449f38db9dfa9cce202c6477faaf9b7ac,
+          0x166007c08a99db2fc3ba8734ace9824b5eecfdfa8d0cf8ef5dd365bc400a0051d5fa9c01a58b1fb93d1a1399126a775c,
+          0x16a3ef08be3ea7ea03bcddfabba6ff6ee5a4375efa1f4fd7feb34fd206357132b920f5b00801dee460ee415a15812ed9,
+          0x1866c8ed336c61231a1be54fd1d74cc4f9fb0ce4c6af5920abc5750c4bf39b4852cfe2f7bb9248836b233d9d55535d4a,
+          0x167a55cda70a6e1cea820597d94a84903216f763e13d87bb5308592e7ea7d4fbc7385ea3d529b35e346ef48bb8913f55,
+          0x4d2f259eea405bd48f010a01ad2911d9c6dd039bb61a6290e591b36e636a5c871a5c29f4f83060400f8b49cba8f6aa8,
+          0xaccbb67481d033ff5852c1e48c50c477f94ff8aefce42d28c0f9a88cea7913516f968986f7ebbea9684b529e2561092,
+          0xad6b9514c767fe3c3613144b45f1496543346d98adf02267d5ceef9a00d9b8693000763e3b90ac11e99b138573345cc,
+          0x2660400eb2e4f3b628bdd0d53cd76f2bf565b94e72927c1cb748df27942480e420517bd8714cc80d1fadc1326ed06f7,
+          0xe0fa1d816ddc03e6b24255e0d7819c171c40f65e273b853324efcd6356caa205ca2f570f13497804415473a1d634b8f,
+          1
+        ].freeze
+        def initialize
+          @e0 = BLS::Group::BLS12381G1_11ISO
+          @e1 = BLS::Group::BLS12381G1
+        end
+        def map(x, y)
+          f = e0.field
+          x_num = 0
+          x_den = 0
+          y_num = 0
+          y_den = 0
+          (X_NUM.length - 1).step(0, -1) do |i|
+            x_num = f.mod(x_num * x + X_NUM[i])
+            x_den = f.mod(x_den * x + X_DEN[i])
+          end
+          (Y_NUM.length - 1).step(0, -1) do |i|
+            y_num = f.mod(y_num * x + Y_NUM[i])
+            y_den = f.mod(y_den * x + Y_DEN[i])
+          end
+          xx = f.mod(x_num * f.inverse(x_den))
+          yy = f.mod(y * (y_num * f.inverse(y_den)))
+          [xx, yy]
+        end
+      end
+    end
+  end
+end

data/lib/h2c/m2c/isogeny.rb CHANGED Viewed

@@ -4,6 +4,7 @@ module H2C
     # https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-isogeny-maps-for-suites
     module ISOGeny
       autoload :Secp256k1, "h2c/m2c/isogeny/secp256k1"
+      autoload :BLS12381G1, "h2c/m2c/isogeny/bls12381_g1"
     end
   end
 end

data/lib/h2c/m2c/sswu.rb CHANGED Viewed

@@ -43,7 +43,7 @@ module H2C
         y = f.square_roots(y2)[0]
         e3 = sgn0(u) == sgn0(y)
         y = f.mod(e3 ? y : -y)
-        [x, y]
+        curve.new_point([x, y])
       end
       def square?(x)

data/lib/h2c/m2c/sswuab0.rb CHANGED Viewed

@@ -17,8 +17,8 @@ module H2C
       # @param [Integer] u
       # @return [ECDSA::Point]
       def map(u)
-        x, y = sswu.map(u)
-        coordinate = iso.map(x, y)
+        p = sswu.map(u)
+        coordinate = iso.map(p.x, p.y)
         iso.e1.new_point(coordinate)
       end
     end

data/lib/h2c/suite.rb CHANGED Viewed

@@ -6,21 +6,55 @@ module H2C
     SECP256K1_XMDSHA256_SSWU_NU_ = "secp256k1_XMD:SHA-256_SSWU_NU_"
     SECP256K1_XMDSHA256_SSWU_RO_ = "secp256k1_XMD:SHA-256_SSWU_RO_"
+    BLS12381G1_XMDSHA256_SSWU_NU_ = "BLS12381G1_XMD:SHA-256_SSWU_NU_"
+    BLS12381G1_XMDSHA256_SSWU_RO_ = "BLS12381G1_XMD:SHA-256_SSWU_RO_"
+    P256_XMDSHA256_SSWU_NU_ = "P256_XMD:SHA-256_SSWU_NU_"
+    P256_XMDSHA256_SSWU_RO_ = "P256_XMD:SHA-256_SSWU_RO_"
+    P384_XMDSHA384_SSWU_NU_ = "P384_XMD:SHA-384_SSWU_NU_"
+    P384_XMDSHA384_SSWU_RO_ = "P384_XMD:SHA-384_SSWU_RO_"
+    P521_XMDSHA512_SSWU_NU_ = "P521_XMD:SHA-512_SSWU_NU_"
+    P521_XMDSHA512_SSWU_RO_ = "P521_XMD:SHA-512_SSWU_RO_"
     # Initialize suite
     # @param [String] id Suite id.
     # @param [String] dst Domain separation tag.
     def initialize(id, dst)
       @id = id
+      @k = 128
+      @m = 1
       case id
       when SECP256K1_XMDSHA256_SSWU_NU_, SECP256K1_XMDSHA256_SSWU_RO_
         @curve = ECDSA::Group::Secp256k1
-        @k = 128
         @exp = Expander.get(HashFunc::SHA256, dst, @k)
-        @m = 1
         @l = 48
         @map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::Secp256k1.new, -11)
         @ro = (id == SECP256K1_XMDSHA256_SSWU_RO_)
+      when BLS12381G1_XMDSHA256_SSWU_NU_, BLS12381G1_XMDSHA256_SSWU_RO_
+        @curve = BLS::Group::BLS12381G1
+        @exp = Expander.get(HashFunc::SHA256, dst, @k)
+        @l = 64
+        @map = M2C::SSWUAB0.new(H2C::M2C::ISOGeny::BLS12381G1.new, 11)
+        @ro = (id == BLS12381G1_XMDSHA256_SSWU_RO_)
+      when P256_XMDSHA256_SSWU_NU_, P256_XMDSHA256_SSWU_RO_
+        @curve = ECDSA::Group::Nistp256
+        @exp = Expander.get(HashFunc::SHA256, dst, @k)
+        @l = 48
+        @map = M2C::SSWU.new(ECDSA::Group::Nistp256, -10)
+        @ro = (id == P256_XMDSHA256_SSWU_RO_)
+      when P384_XMDSHA384_SSWU_NU_, P384_XMDSHA384_SSWU_RO_
+        @k = 192
+        @curve = ECDSA::Group::Nistp384
+        @exp = Expander.get(HashFunc::SHA384, dst, @k)
+        @l = 72
+        @map = M2C::SSWU.new(ECDSA::Group::Nistp384, -12)
+        @ro = (id == P384_XMDSHA384_SSWU_RO_)
+      when P521_XMDSHA512_SSWU_NU_, P521_XMDSHA512_SSWU_RO_
+        @k = 256
+        @curve = ECDSA::Group::Nistp521
+        @exp = Expander.get(HashFunc::SHA512, dst, @k)
+        @l = 98
+        @map = M2C::SSWU.new(ECDSA::Group::Nistp521, -4)
+        @ro = (id == P521_XMDSHA512_SSWU_RO_)
       else
         raise H2C::Error, "suite #{curve} unsupported."
       end

data/lib/h2c/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module H2C
-  VERSION = "0.1.0"
+  VERSION = "0.2.1"
 end

data/lib/h2c.rb CHANGED Viewed

@@ -18,11 +18,12 @@ module H2C
   # Hash function name
   module HashFunc
     SHA256 = "SHA256"
+    SHA384 = "SHA384"
     SHA512 = "SHA512"
     SHAKE128 = "SHAKE128"
     SHAKE256 = "SHAKE256"
-    XMD_FUNCS = [SHA256, SHA512].freeze
+    XMD_FUNCS = [SHA256, SHA384, SHA512].freeze
     XOF_FUNCS = [SHAKE128, SHAKE256].freeze
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: h2c
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.1
 platform: ruby
 authors:
 - azuchi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-01-12 00:00:00.000000000 Z
+date: 2024-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ecdsa
@@ -46,6 +46,8 @@ files:
 - bin/setup
 - h2c.gemspec
 - lib/ext/curve.rb
+- lib/ext/curve/bls12381_g1.rb
+- lib/ext/curve/bls12381_g1_11iso.rb
 - lib/ext/curve/secp256k1_3iso.rb
 - lib/h2c.rb
 - lib/h2c/expander.rb
@@ -53,6 +55,7 @@ files:
 - lib/h2c/hash_to_point.rb
 - lib/h2c/m2c.rb
 - lib/h2c/m2c/isogeny.rb
+- lib/h2c/m2c/isogeny/bls12381_g1.rb
 - lib/h2c/m2c/isogeny/secp256k1.rb
 - lib/h2c/m2c/sswu.rb
 - lib/h2c/m2c/sswuab0.rb