oxen-io · darcys22 · Jun 13, 2024 · Jun 25, 2024
diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp
@@ -11,6 +11,7 @@
 #include <mcl/fp_tower.hpp>
 #include <mcl/ec.hpp>
 #include <mcl/curve_type.h>
+using HashFunction = std::function<std::array<unsigned char,32>(const std::string&)>;
 namespace mcl { namespace local {
 
 // to export fast cofactor multiplication to mapto_wb19
@@ -537,6 +538,7 @@ struct MapTo {
 			initBLS12(z, curveType);
 		}
 	}
+    //TODO sean step 3 wrap before going to "tryAndIncMapTo"
 	template<class G, class F>
 	bool mapToEc(G& P, const F& t) const
 	{
@@ -581,6 +583,7 @@ struct MapTo {
 		mulByCofactor(P);
 		return true;
 	}
+    //TODO sean step 2 this is where it starts
 	bool calc(G2& P, const Fp2& t) const
 	{
 		if (mapToMode_ == MCL_MAP_TO_MODE_HASH_TO_CURVE_07) {
@@ -602,6 +605,16 @@ struct MapTo {
 		}
 		return true;
 	}
+	bool calcHash(G2& P, const std::string& message, HashFunction hashFunc) const
+	{
+        //auto hash = hashFunc(message);
+        //Fp t;
+        //t.setArrayMask(hash.data(), hash.size());
+        //ec::tryAndIncMapTo<G2>(P, Fp2(t,0));
+        ec::tryAndIncMapToHash<G2, Fp>(P, message, hashFunc);
+		mulByCofactor(P);
+		return true;
+	}
 };
 
 
@@ -2030,7 +2043,9 @@ inline int getMapToMode()
 	return BN::param.mapTo.mapToMode_;
 }
 inline void mapToG1(bool *pb, G1& P, const Fp& x) { *pb = BN::param.mapTo.calc(P, x); }
+//TODO sean step1 -> mapToG2
 inline void mapToG2(bool *pb, G2& P, const Fp2& x) { *pb = BN::param.mapTo.calc(P, x); }
+inline void mapToG2Hash(bool *pb, G2& P, const std::string& message, HashFunction hashFunc) { *pb = BN::param.mapTo.calcHash(P, message, hashFunc); }
 #ifndef CYBOZU_DONT_USE_EXCEPTION
 inline void mapToG1(G1& P, const Fp& x)
 {

diff --git a/include/mcl/ec.hpp b/include/mcl/ec.hpp
@@ -10,6 +10,7 @@
 #include <mcl/fp.hpp>
 #include <mcl/ecparam.hpp>
 #include <mcl/window_method.hpp>
+#include <vector>
 
 #ifdef _MSC_VER
 	#pragma warning(push)
@@ -814,6 +815,7 @@ void addAffine(E& R, const E& P, const E& Q)
 	R.x = x3;
 }
 
+//TODO sean this is the map to place where thingo goes
 template<class E>
 void tryAndIncMapTo(E& P, const typename E::Fp& t)
 {
@@ -832,6 +834,83 @@ void tryAndIncMapTo(E& P, const typename E::Fp& t)
 	}
 }
 
+inline std::vector<uint8_t> hexStringToBytes(const std::string& hexStr) {
+    std::vector<uint8_t> bytes;
+    for (unsigned int i = 2; i < hexStr.length(); i += 2) {
+        std::string byteString = hexStr.substr(i, 2);
+        uint8_t byte = (uint8_t) strtol(byteString.c_str(), nullptr, 16);
+        bytes.push_back(byte);
+    }
+    return bytes;
+}
+
+inline std::string bytesToHexString(const std::vector<uint8_t>& bytes) {
+    std::string hexStr = "0x";
+    for (uint8_t byte : bytes) {
+        char buf[3];
+        snprintf(buf, sizeof(buf), "%02x", byte);
+        hexStr.append(buf);
+    }
+    return hexStr;
+}
+
+inline void incrementByteArray(std::vector<uint8_t>& bytes) {
+    for (int i = bytes.size() - 1; i >= 0; --i) {
+        if (++bytes[i] != 0) break;
+    }
+}
+
+using HashFunction = std::function<std::array<unsigned char,32>(const std::string&)>;
+template<class E, class F1>
+void tryAndIncMapToHash2(E& P, const std::string& message, HashFunction hashFunc)
+{
+	typedef typename E::Fp F;
+    std::vector<uint8_t> messageBytes = hexStringToBytes(message);
+    std::string newMessage = bytesToHexString(messageBytes);
+    auto hash = hashFunc(newMessage);
+    F1 t;
+    t.setArrayMask(hash.data(), hash.size());
+    F x = F(t,0);
+	for (;;) {
+		F y;
+		E::getWeierstrass(y, x);
+		if (F::squareRoot(y, y)) {
+			bool b;
+			P.set(&b, x, y, false);
+			assert(b);
+			return;
+		}
+		*x.getFp0() += F::BaseFp::one();
+	}
+}
+
+template<class E, class F1>
+void tryAndIncMapToHash(E& P, const std::string& message, HashFunction hashFunc) {
+    typedef typename E::Fp F;
+
+    std::vector<uint8_t> messageBytes = hexStringToBytes(message);
+    for (;;) {
+        std::string newMessage = bytesToHexString(messageBytes);
+        auto hash = hashFunc(newMessage);
+
+        F1 t;
+        t.setArrayMask(hash.data(), hash.size());
+        F x = F(t, 0);
+
+        F y;
+        E::getWeierstrass(y, x);
+        if (F::squareRoot(y, y)) {
+            bool b;
+            P.set(&b, x, y, false);
+            assert(b);
+            return;  // Successfully mapped to curve, exit the loop
+        }
+
+        // Increment the message bytes if no valid point is found
+        incrementByteArray(messageBytes);
+    }
+}
+
 inline size_t ilog2(size_t n)
 {
 	if (n == 0) return 0;

diff --git a/include/mcl/fp.hpp b/include/mcl/fp.hpp
@@ -60,6 +60,8 @@ uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSiz
 
 // draft-07 outSize = 128 or 256
 void expand_message_xmd(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize);
+using HashFunction = std::function<std::array<unsigned char,32>(const std::string&)>;
+void expand_message_xmd_hash(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize, HashFunction hashFunc);
 
 namespace local {
 

diff --git a/src/fp.cpp b/src/fp.cpp
@@ -8,6 +8,7 @@
 #include <cybozu/endian.hpp>
 #include <mcl/conversion.hpp>
 #include <mcl/invmod.hpp>
+#include <cstring>
 
 #if defined(MCL_STATIC_CODE) || defined(MCL_USE_XBYAK) || (defined(MCL_USE_LLVM) && (CYBOZU_HOST == CYBOZU_HOST_INTEL)) || (MCL_BINT_ASM_X64 == 1)
 
@@ -151,7 +152,7 @@ uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSiz
 void expand_message_xmd(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize)
 {
 	const size_t mdSize = 32;
-	assert((outSize % mdSize) == 0 && 0 < outSize && outSize <= 256);
+    assert((outSize % mdSize) == 0 && 0 < outSize && outSize <= 256);
 	const size_t r_in_bytes = 64;
 	const size_t n = outSize / mdSize;
 	static const uint8_t Z_pad[r_in_bytes] = {};
@@ -198,6 +199,64 @@ void expand_message_xmd(uint8_t out[], size_t outSize, const void *msg, size_t m
 	}
 }
 
+using HashFunction = std::function<std::array<unsigned char,32>(const std::string&)>;
+void expand_message_xmd_hash(uint8_t out[], size_t outSize, const void *msg, size_t msgSize, const void *dst, size_t dstSize, HashFunction hashFunc)
+{
+    const size_t mdSize = 32;
+    assert((outSize % mdSize) == 0 && 0 < outSize && outSize <= 256);
+    const size_t r_in_bytes = 136;
+    const size_t n = outSize / mdSize;
+    static const uint8_t Z_pad[r_in_bytes] = {};
+    uint8_t largeDst[mdSize];
+
+    if (dstSize > 255) {
+        std::string oversize_dst = "H2C-OVERSIZE-DST-";
+        oversize_dst.append(reinterpret_cast<const char*>(dst), dstSize);
+        auto result = hashFunc(oversize_dst);
+        std::memcpy(largeDst, result.data(), mdSize);
+        dst = largeDst;
+        dstSize = mdSize;
+    }
+
+    uint8_t lenBuf[2];
+    uint8_t iBuf = 0;
+    uint8_t dstSizeBuf = uint8_t(dstSize);
+    cybozu::Set16bitAsBE(lenBuf, uint16_t(outSize));
+
+    std::string b0_input;
+    b0_input.append(reinterpret_cast<const char*>(Z_pad), r_in_bytes);
+    b0_input.append(reinterpret_cast<const char*>(msg), msgSize);
+    b0_input.append(reinterpret_cast<const char*>(lenBuf), sizeof(lenBuf));
+    b0_input.push_back(iBuf);
+    b0_input.append(reinterpret_cast<const char*>(dst), dstSize);
+    b0_input.push_back(dstSizeBuf);
+
+    auto md = hashFunc(b0_input);
+    std::string bi_input;
+    bi_input.append(md.begin(), md.end());
+    bi_input.push_back(1);
+    bi_input.append(reinterpret_cast<const char*>(dst), dstSize);
+    bi_input.push_back(dstSizeBuf);
+
+    auto result = hashFunc(bi_input);
+    std::memcpy(out, result.data(), mdSize);
+
+    uint8_t mdXor[mdSize];
+    for (size_t i = 1; i < n; i++) {
+        for (size_t j = 0; j < mdSize; j++) {
+            mdXor[j] = md[j] ^ out[mdSize * (i - 1) + j];
+        }
+
+        bi_input.clear();
+        bi_input.append(reinterpret_cast<const char*>(mdXor), mdSize);
+        bi_input.push_back(uint8_t(i + 1));
+        bi_input.append(reinterpret_cast<const char*>(dst), dstSize);
+        bi_input.push_back(dstSizeBuf);
+
+        result = hashFunc(bi_input);
+        std::memcpy(out + mdSize * i, result.data(), mdSize);
+    }
+}
 #if 0
 
 #ifndef MCL_USE_VINT