pub trait HashToGroup: CryptoGroup {
// Required method
fn hash_to_group(domain_separator: &[u8], message: &[u8]) -> Self;
// Provided method
fn rand_to_group(rng: impl CryptoRngCore) -> Self { ... }
}Expand description
A CryptoGroup which supports obliviously sampling elements.
This capability is also often referred to as “hash to curve”, in the context of Elliptic Curve Cryptography, but we use the term “group” to match the naming conventions for other traits.
Advanced protocols use this capability to create new generator elements whose discrete logarithm relative to other points is unknown.
Required Methods§
Sourcefn hash_to_group(domain_separator: &[u8], message: &[u8]) -> Self
fn hash_to_group(domain_separator: &[u8], message: &[u8]) -> Self
Hash a domain separator, and a message, returning a group element.
This should return an element without knowing its discrete logarithm.
In particular, hashing into a CryptoGroup::Scalar, and then multiplying
that by CryptoGroup::generator DOES NOT work.
Provided Methods§
Sourcefn rand_to_group(rng: impl CryptoRngCore) -> Self
fn rand_to_group(rng: impl CryptoRngCore) -> Self
Convert randomness to a group element, without learning its discrete logarithm.
This has a default implementation assuming 128 bits of collision security.
This works by generating 256 bits of randomness, and then passing that
to HashToGroup::hash_to_group.
If you have a more efficient implementation, or want more collision security, override this method.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.