Merge pull request zkcrypto#3 from xavierdmello/main

feat(g2.rs): add hash_to_curve_g2
0xWOLAND · Jul 5, 2024 · 600e038 · 600e038
2 parents 0d643ce + 190e9e3
commit 600e038
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,6 +16,7 @@ edition = "2021"
 rustdoc-args = [ "--html-in-header", "katex-header.html" ]
 
 [dependencies]
+sha2 = "0.9.9"
 sp1_precompiles = { git = "https://github.com/succinctlabs/sp1.git", package = "sp1-precompiles" }
 
 [dev-dependencies]
@@ -67,10 +68,15 @@ default-features = false
 optional = true
 
 [features]
-default = ["groups", "pairings", "alloc", "bits"]
+default = ["groups", "pairings", "alloc", "bits", "experimental"]
 bits = ["ff/bits"]
 groups = ["group"]
 pairings = ["groups", "pairing"]
 alloc = ["group/alloc"]
 experimental = ["digest"]
 nightly = ["subtle/nightly"]
+
+[patch.crates-io]
+sha2-v0-9-9 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.9.9" }
+sha2-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.10.8" }
+tiny-keccak = { git = "https://github.com/sp1-patches/tiny-keccak", branch = "patch-v2.0.2" }
diff --git a/src/g1.rs b/src/g1.rs
@@ -4,15 +4,15 @@ use core::borrow::Borrow;
 use core::fmt;
 use core::iter::Sum;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
+#[cfg(feature = "alloc")]
+use group::WnafGroup;
 use group::{
     prime::{PrimeCurve, PrimeCurveAffine, PrimeGroup},
     Curve, Group, GroupEncoding, UncompressedEncoding,
 };
 use rand_core::RngCore;
-use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 use sp1_precompiles::bls12381::decompress_pubkey;
-#[cfg(feature = "alloc")]
-use group::WnafGroup;
+use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 use crate::fp::Fp;
 use crate::Scalar;

diff --git a/src/g2.rs b/src/g2.rs
@@ -1,5 +1,6 @@
 //! This module provides an implementation of the $\mathbb{G}_2$ group of BLS12-381.
 
+use crate::hash_to_curve::{ExpandMsgXmd, HashToCurve};
 use core::borrow::Borrow;
 use core::fmt;
 use core::iter::Sum;
@@ -9,6 +10,7 @@ use group::{
     Curve, Group, GroupEncoding, UncompressedEncoding,
 };
 use rand_core::RngCore;
+use sha2;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "alloc")]
@@ -37,6 +39,7 @@ impl Default for G2Affine {
         G2Affine::identity()
     }
 }
+const DST: &[u8] = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_";
 
 #[cfg(feature = "zeroize")]
 impl zeroize::DefaultIsZeroes for G2Affine {}
@@ -665,6 +668,11 @@ impl G2Projective {
         }
     }
 
+    /// Hash a message to the curve
+    pub fn hash_to_curve_g2(msg: &[u8]) -> G2Projective {
+        <G2Projective as HashToCurve<ExpandMsgXmd<sha2::Sha256>>>::hash_to_curve(msg, DST)
+    }
+
     /// Returns a fixed generator of the group. See [`notes::design`](notes/design/index.html#fixed-generators)
     /// for how this generator is chosen.
     pub fn generator() -> G2Projective {