threshold-bls 0.2.2

Threshold BLS signature scheme implementation library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

use super::{hasher::Hasher, HashToCurve};
use crate::curve::BLSError;
use ark_ec::models::{
    short_weierstrass_jacobian::{GroupAffine, GroupProjective},
    SWModelParameters,
};
use ark_ff::{Field, PrimeField, Zero};
use ethers_core::utils::hex;
use log::debug;
use std::marker::PhantomData;

const NUM_TRIES: u8 = 255;

/// A try-and-increment method for hashing to G1 and G2.
#[derive(Clone)]
pub struct TryAndIncrement<'a, H, P> {
    hasher: &'a H,
    curve_params: PhantomData<P>,
}

impl<'a, H, P> TryAndIncrement<'a, H, P>
where
    H: Hasher<Error = BLSError>,
    P: SWModelParameters,
{
    /// Instantiates a new Try-and-increment hasher with the provided hashing method
    /// and curve parameters based on the type
    pub fn new(h: &'a H) -> Self {
        TryAndIncrement {
            hasher: h,
            curve_params: PhantomData,
        }
    }
}

impl<'a, H, P> HashToCurve for TryAndIncrement<'a, H, P>
where
    H: Hasher<Error = BLSError>,
    P: SWModelParameters,
{
    type Output = GroupProjective<P>;

    fn hash(&self, domain: &[u8], message: &[u8]) -> Result<Self::Output, BLSError> {
        self.hash_with_attempt(domain, message).map(|res| res.0)
    }
}

impl<'a, H, P> TryAndIncrement<'a, H, P>
where
    H: Hasher<Error = BLSError>,
    P: SWModelParameters,
{
    pub fn hash_with_attempt(
        &self,
        domain: &[u8],
        message: &[u8],
    ) -> Result<(GroupProjective<P>, usize), BLSError> {
        let mut candidate_hash = self.hasher.hash(domain, message)?;

        for c in 0..NUM_TRIES {
            let xfield = if P::BaseField::extension_degree() == 1 {
                // TODO BN254 G1 curve, currently we have the same simple implementation in contract
                let f = <P::BaseField as Field>::BasePrimeField::from_be_bytes_mod_order(
                    &candidate_hash,
                );
                P::BaseField::from_base_prime_field_elems(&[f])
            } else {
                P::BaseField::from_random_bytes(&candidate_hash)
            };

            if let Some(x) = xfield {
                if let Some(p) = GroupAffine::get_point_from_x(x, false) {
                    debug!(
                        "succeeded hashing \"{}\" to curve in {} tries",
                        hex::encode(message),
                        c + 1
                    );

                    let scaled = p.scale_by_cofactor();
                    if scaled.is_zero() {
                        continue;
                    }
                    return Ok((scaled, (c + 1) as usize));
                }
            }

            candidate_hash = self.hasher.hash(domain, &candidate_hash)?;
        }

        Err(BLSError::HashToCurveError)
    }
}