diff --git a/Cargo.toml b/Cargo.toml index 8c5fc6ce..056da627 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,6 +16,7 @@ edition = "2021" rustdoc-args = [ "--html-in-header", "katex-header.html" ] [dependencies] +sha2 = "0.9.9" sp1_precompiles = { git = "https://github.com/succinctlabs/sp1.git", package = "sp1-precompiles" } [dev-dependencies] @@ -67,10 +68,15 @@ default-features = false optional = true [features] -default = ["groups", "pairings", "alloc", "bits"] +default = ["groups", "pairings", "alloc", "bits", "experimental"] bits = ["ff/bits"] groups = ["group"] pairings = ["groups", "pairing"] alloc = ["group/alloc"] experimental = ["digest"] nightly = ["subtle/nightly"] + +[patch.crates-io] +sha2-v0-9-9 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.9.9" } +sha2-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.10.8" } +tiny-keccak = { git = "https://github.com/sp1-patches/tiny-keccak", branch = "patch-v2.0.2" } \ No newline at end of file diff --git a/src/g1.rs b/src/g1.rs index bb28e290..df27c93f 100644 --- a/src/g1.rs +++ b/src/g1.rs @@ -4,15 +4,15 @@ use core::borrow::Borrow; use core::fmt; use core::iter::Sum; use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; +#[cfg(feature = "alloc")] +use group::WnafGroup; use group::{ prime::{PrimeCurve, PrimeCurveAffine, PrimeGroup}, Curve, Group, GroupEncoding, UncompressedEncoding, }; use rand_core::RngCore; -use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; use sp1_precompiles::bls12381::decompress_pubkey; -#[cfg(feature = "alloc")] -use group::WnafGroup; +use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; use crate::fp::Fp; use crate::Scalar; diff --git a/src/g2.rs b/src/g2.rs index 68415ea8..22b34759 100644 --- a/src/g2.rs +++ b/src/g2.rs @@ -1,5 +1,6 @@ //! This module provides an implementation of the $\mathbb{G}_2$ group of BLS12-381. +use crate::hash_to_curve::{ExpandMsgXmd, HashToCurve}; use core::borrow::Borrow; use core::fmt; use core::iter::Sum; @@ -9,6 +10,7 @@ use group::{ Curve, Group, GroupEncoding, UncompressedEncoding, }; use rand_core::RngCore; +use sha2; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; #[cfg(feature = "alloc")] @@ -37,6 +39,7 @@ impl Default for G2Affine { G2Affine::identity() } } +const DST: &[u8] = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_"; #[cfg(feature = "zeroize")] impl zeroize::DefaultIsZeroes for G2Affine {} @@ -665,6 +668,11 @@ impl G2Projective { } } + /// Hash a message to the curve + pub fn hash_to_curve_g2(msg: &[u8]) -> G2Projective { + >>::hash_to_curve(msg, DST) + } + /// Returns a fixed generator of the group. See [`notes::design`](notes/design/index.html#fixed-generators) /// for how this generator is chosen. pub fn generator() -> G2Projective {