ark_ec/hashing/
map_to_curve_hasher.rs

1use crate::{
2    hashing::{HashToCurve, HashToCurveError},
3    AffineRepr, CurveGroup,
4};
5use ark_ff::field_hashers::HashToField;
6use ark_std::marker::PhantomData;
7
8/// Trait for mapping a random field element to a random curve point.
9pub trait MapToCurve<T: CurveGroup>: Sized {
10    /// Checks whether supplied parameters represent a valid map.
11    fn check_parameters() -> Result<(), HashToCurveError>;
12
13    /// Map an arbitrary field element to a corresponding curve point.
14    fn map_to_curve(point: T::BaseField) -> Result<T::Affine, HashToCurveError>;
15}
16
17/// Helper struct that can be used to construct elements on the elliptic curve
18/// from arbitrary messages, by first hashing the message onto a field element
19/// and then mapping it to the elliptic curve defined over that field.
20pub struct MapToCurveBasedHasher<T, H2F, M2C>
21where
22    T: CurveGroup,
23    H2F: HashToField<T::BaseField>,
24    M2C: MapToCurve<T>,
25{
26    field_hasher: H2F,
27    _phantom: PhantomData<(T, M2C)>,
28}
29
30impl<T, H2F, M2C> HashToCurve<T> for MapToCurveBasedHasher<T, H2F, M2C>
31where
32    T: CurveGroup,
33    H2F: HashToField<T::BaseField>,
34    M2C: MapToCurve<T>,
35{
36    fn new(domain: &[u8]) -> Result<Self, HashToCurveError> {
37        #[cfg(test)]
38        M2C::check_parameters()?;
39        Ok(MapToCurveBasedHasher {
40            field_hasher: H2F::new(domain),
41            _phantom: PhantomData,
42        })
43    }
44
45    /// Produce a hash of the message, using the hash to field and map to curve
46    /// traits. This uses the IETF hash to curve's specification for Random
47    /// oracle encoding (hash_to_curve) defined by combining these components.
48    /// See <https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-3>
49    fn hash(&self, msg: &[u8]) -> Result<T::Affine, HashToCurveError> {
50        // IETF spec of hash_to_curve, from hash_to_field and map_to_curve
51        // sub-components
52        // 1. u = hash_to_field(msg, 2)
53        // 2. Q0 = map_to_curve(u[0])
54        // 3. Q1 = map_to_curve(u[1])
55        // 4. R = Q0 + Q1              # Point addition
56        // 5. P = clear_cofactor(R)
57        // 6. return P
58
59        let rand_field_elems = self.field_hasher.hash_to_field::<2>(msg);
60
61        let rand_curve_elem_0 = M2C::map_to_curve(rand_field_elems[0])?;
62        let rand_curve_elem_1 = M2C::map_to_curve(rand_field_elems[1])?;
63
64        let rand_curve_elem = (rand_curve_elem_0 + rand_curve_elem_1).into();
65        let rand_subgroup_elem = rand_curve_elem.clear_cofactor();
66
67        Ok(rand_subgroup_elem)
68    }
69}