h2c

package module
v0.0.0-...-3348f2e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2022 License: BSD-3-Clause Imports: 13 Imported by: 1

README

Hashing to Elliptic Curves

Go


IETF Data Tracker: draft-irtf-cfrg-hash-to-curve

Internet-Draft: git repository

This document specifies a number of algorithms that may be used to encode or hash an arbitrary string to a point on an elliptic curve.

Reference Implementation

The purpose of this implementation is for generating test vectors and enabling cross compatibility with other implementations.

This implementation is for reference only. It MUST NOT be used in production systems.

Development branch: master

Draft versions implemented

Latest: v14

Previous: v12, v10, v08, v07, v06, v05.

Compatible Implementations
Internals

hash to curve

Contact

Feel free to open a github issue for anything related to the implementation, otherwise e-mail authors of the draft.

Documentation

Overview

Package h2c provides implementations of hashing functions that take arbitrary-length byte strings and output a point on an elliptic curve.

These methods follow the current work-in-progress standardization effort at IETF https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve.

Version: draft-irtf-cfrg-hash-to-curve-14

Index

Constants

View Source
const MaxDSTLength = 255

MaxDSTLength is the maximum allowed length for domain separatio tags.

Variables

This section is empty.

Functions

This section is empty.

Types

type Expander

type Expander interface {
	Expand(in []byte, len uint) (pseudo []byte)
	// contains filtered or unexported methods
}

Expander allows to generate a pseudo-random byte string of a determined length.

type ExpanderDesc

type ExpanderDesc struct {
	Type ExpanderType
	ID   uint // This id is converted to either crypto.Hash or to xof.Xof
}

ExpanderDesc describes an expander

func (ExpanderDesc) Get

func (d ExpanderDesc) Get(dst []byte, k uint) (e Expander, err error)

Get returns an XOF-based expander.

type ExpanderType

type ExpanderType uint

ExpanderType identifies the type of expander function.

const (
	// XMD denotes an expander based on a Merkle-Damgard hash function.
	XMD ExpanderType = iota
	// XOF denotes an expander based on an extendable output function.
	XOF
	// OTHER is reserved for a user-designed expander function (not implemented).
	OTHER
)

type HashToPoint

type HashToPoint interface {
	// IsRandomOracle returns true if the output distribution is
	// indifferentiable from a random oracle.
	IsRandomOracle() bool
	// Hash returns a point on an elliptic curve given a byte string.
	Hash(in []byte) C.Point
	// GetCurve returns the destination elliptic curve.
	GetCurve() C.EllCurve
	// GetHashToScalar returns a hash function that hashes strings to field elements.
	GetHashToScalar() HashToScalar
}

HashToPoint represents a complete and secure function for hashing strings to points.

type HashToScalar

type HashToScalar interface {
	// GetScalarField returns the field of scalars.
	GetScalarField() GF.Field
	// Hash returns an element of a field given a byte string.
	Hash(in []byte) GF.Elt
}

HashToScalar allows to hash string into the field of scalars used for scalar multiplication.

type SuiteID

type SuiteID string

SuiteID is the identifier of supported hash to curve suites.

const (
	P256_XMDSHA256_SSWU_NU_         SuiteID = "P256_XMD:SHA-256_SSWU_NU_"
	P256_XMDSHA256_SSWU_RO_         SuiteID = "P256_XMD:SHA-256_SSWU_RO_"
	P384_XMDSHA384_SSWU_NU_         SuiteID = "P384_XMD:SHA-384_SSWU_NU_"
	P384_XMDSHA384_SSWU_RO_         SuiteID = "P384_XMD:SHA-384_SSWU_RO_"
	P521_XMDSHA512_SSWU_NU_         SuiteID = "P521_XMD:SHA-512_SSWU_NU_"
	P521_XMDSHA512_SSWU_RO_         SuiteID = "P521_XMD:SHA-512_SSWU_RO_"
	Curve25519_XMDSHA512_ELL2_NU_   SuiteID = "curve25519_XMD:SHA-512_ELL2_NU_"
	Curve25519_XMDSHA512_ELL2_RO_   SuiteID = "curve25519_XMD:SHA-512_ELL2_RO_"
	Edwards25519_XMDSHA512_ELL2_NU_ SuiteID = "edwards25519_XMD:SHA-512_ELL2_NU_"
	Edwards25519_XMDSHA512_ELL2_RO_ SuiteID = "edwards25519_XMD:SHA-512_ELL2_RO_"
	Curve448_XOFSHAKE256_ELL2_NU_   SuiteID = "curve448_XOF:SHAKE256_ELL2_NU_"
	Curve448_XOFSHAKE256_ELL2_RO_   SuiteID = "curve448_XOF:SHAKE256_ELL2_RO_"
	Edwards448_XOFSHAKE256_ELL2_NU_ SuiteID = "edwards448_XOF:SHAKE256_ELL2_NU_"
	Edwards448_XOFSHAKE256_ELL2_RO_ SuiteID = "edwards448_XOF:SHAKE256_ELL2_RO_"
	Secp256k1_XMDSHA256_SSWU_NU_    SuiteID = "secp256k1_XMD:SHA-256_SSWU_NU_"
	Secp256k1_XMDSHA256_SSWU_RO_    SuiteID = "secp256k1_XMD:SHA-256_SSWU_RO_"
	BLS12381G1_XMDSHA256_SSWU_NU_   SuiteID = "BLS12381G1_XMD:SHA-256_SSWU_NU_"
	BLS12381G1_XMDSHA256_SSWU_RO_   SuiteID = "BLS12381G1_XMD:SHA-256_SSWU_RO_"
	BLS12381G2_XMDSHA256_SSWU_NU_   SuiteID = "BLS12381G2_XMD:SHA-256_SSWU_NU_"
	BLS12381G2_XMDSHA256_SSWU_RO_   SuiteID = "BLS12381G2_XMD:SHA-256_SSWU_RO_"
)

func (SuiteID) Get

func (id SuiteID) Get(dst []byte) (HashToPoint, error)

Get returns a HashToPoint based on the SuiteID, otherwise returns an error if the SuiteID is not supported or invalid.

Directories

Path Synopsis
Package mapping contains a set of functions to construct functions that take a field element and return a point on an elliptic curve.
Package mapping contains a set of functions to construct functions that take a field element and return a point on an elliptic curve.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL