feat(public API): expose hashing to curve for BN254 and BLS12-381

mratsim · Jul 19, 2024 · 6ba0578 · 6ba0578
1 parent 9268502
commit 6ba0578
Show file tree

Hide file tree

Showing 7 changed files with 336 additions and 10 deletions.
diff --git a/bindings/c_curve_decls.nim b/bindings/c_curve_decls.nim
@@ -12,10 +12,15 @@ import
     lowlevel_bigints,
     lowlevel_fields,
     lowlevel_extension_fields,
-    lowlevel_elliptic_curves
+    lowlevel_elliptic_curves,
+    hashes
   ]
 
-export algebras, lowlevel_bigints, lowlevel_fields, lowlevel_extension_fields, lowlevel_elliptic_curves
+export algebras,
+       lowlevel_bigints,
+       lowlevel_fields, lowlevel_extension_fields,
+       lowlevel_elliptic_curves,
+       hashes
 
 import constantine/math/extension_fields # generic sandwich
 export extension_fields
@@ -31,10 +36,10 @@ template genBindingsBig*(Big: untyped) =
   else:
     {.push noconv, exportc,  raises: [].} # No exceptions allowed
 
-  func `ctt _ Big _ unmarshalBE`(dst: var Big, src: openarray[byte]): bool =
+  func `ctt _ Big _ unmarshalBE`(dst: var Big, src: openArray[byte]): bool =
     unmarshalBE(dst, src)
 
-  func `ctt _ Big _ marshalBE`(dst: var openarray[byte], src: Big): bool =
+  func `ctt _ Big _ marshalBE`(dst: var openArray[byte], src: Big): bool =
     marshalBE(dst, src)
 
   {.pop.}
@@ -57,10 +62,10 @@ template genBindingsField*(Big, Field: untyped) =
     fromBig(dst, src)
 
   # --------------------------------------------------------------------------------------
-  func `ctt _ Field _ unmarshalBE`(dst: var Field, src: openarray[byte]): bool =
+  func `ctt _ Field _ unmarshalBE`(dst: var Field, src: openArray[byte]): bool =
     unmarshalBE(dst, src)
 
-  func `ctt _ Field _ marshalBE`(dst: var openarray[byte], src: Field): bool =
+  func `ctt _ Field _ marshalBE`(dst: var openArray[byte], src: Field): bool =
     marshalBE(dst, src)
   # --------------------------------------------------------------------------------------
   func `ctt _ Field _ is_eq`(a, b: Field): SecretBool =
@@ -425,3 +430,32 @@ template genBindings_EC_ShortW_NonAffine*(EC, EcAff, ScalarBig, ScalarField: unt
     r.multiScalarMul_vartime(coefs, points, cast[int](len))
 
   {.pop.}
+
+template genBindings_EC_hash_to_curve*(EC: untyped, mapping, hash: untyped, k: static int) =
+  when appType == "lib":
+    {.push noconv, dynlib, exportc,  raises: [].} # No exceptions allowed
+  else:
+    {.push noconv, exportc,  raises: [].} # No exceptions allowed
+
+  func `ctt _ EC _ mapping _ hash`(
+        r: var EC,
+        augmentation: openArray[byte],
+        message: openArray[byte],
+        domainSepTag: openArray[byte]) =
+    ## Hashing to Elliptic Curve for `EC`
+    ## with the hash function `hash`
+    ## using the mapping `mapping`
+    ##
+    ## The security parameter used is k = `k`-bit
+    when EC is EC_ShortW_Jac:
+      `hashToCurve _ mapping`(hash, k, r, augmentation, message, domainSepTag)
+    elif EC is EC_ShortW_Prj:
+      var jac {.noInit, inject.}: jacobian(affine(EC)) # inject to workaround jac'gensym codegen in Nim v2.0.8 (not necessary in Nim v2.2.x) - https://github.com/nim-lang/Nim/pull/23801#issue-2393452970
+      `hashToCurve _ mapping`(hash, k, jac, augmentation, message, domainSepTag)
+      r.projectiveFromJacobian(jac)
+    else:
+      var jac {.noInit, inject.}: jacobian(EC) # inject to workaround jac'gensym codegen in Nim v2.0.8 (not necessary in Nim v2.2.x) - https://github.com/nim-lang/Nim/pull/23801#issue-2393452970
+      `hashToCurve _ mapping`(hash, k, jac, augmentation, message, domainSepTag)
+      r.affine(jac)
+
+  {.pop.}
diff --git a/bindings/lib_curves.nim b/bindings/lib_curves.nim
@@ -53,6 +53,12 @@ collectBindings(cBindings_bls12_381):
   genBindings_EC_ShortW_Affine(bls12_381_g2_aff, bls12_381_fp2)
   genBindings_EC_ShortW_NonAffine(bls12_381_g2_jac, bls12_381_g2_aff, big255, bls12_381_fr)
   genBindings_EC_ShortW_NonAffine(bls12_381_g2_prj, bls12_381_g2_aff, big255, bls12_381_fr)
+  genBindings_EC_hash_to_curve(bls12_381_g1_aff, sswu, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bls12_381_g1_jac, sswu, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bls12_381_g1_prj, sswu, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bls12_381_g2_aff, sswu, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bls12_381_g2_jac, sswu, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bls12_381_g2_prj, sswu, sha256, k = 128)
 
 collectBindings(cBindings_bls12_381_parallel):
   genParallelBindings_EC_ShortW_NonAffine(bls12_381_g1_jac, bls12_381_g1_aff, bls12_381_fr)
@@ -82,6 +88,12 @@ collectBindings(cBindings_bn254_snarks):
   genBindings_EC_ShortW_Affine(bn254_snarks_g2_aff, bn254_snarks_fp2)
   genBindings_EC_ShortW_NonAffine(bn254_snarks_g2_jac, bn254_snarks_g2_aff, big254, bn254_snarks_fr)
   genBindings_EC_ShortW_NonAffine(bn254_snarks_g2_prj, bn254_snarks_g2_aff, big254, bn254_snarks_fr)
+  genBindings_EC_hash_to_curve(bn254_snarks_g1_aff, svdw, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bn254_snarks_g1_jac, svdw, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bn254_snarks_g1_prj, svdw, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bn254_snarks_g2_aff, svdw, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bn254_snarks_g2_jac, svdw, sha256, k = 128)
+  genBindings_EC_hash_to_curve(bn254_snarks_g2_prj, svdw, sha256, k = 128)
 
 collectBindings(cBindings_bn254_snarks_parallel):
   genParallelBindings_EC_ShortW_NonAffine(bn254_snarks_g1_jac, bn254_snarks_g1_aff, bn254_snarks_fr)

diff --git a/constantine-rust/constantine-sys/src/bindings32.rs b/constantine-rust/constantine-sys/src/bindings32.rs
@@ -1,4 +1,4 @@
-/* automatically generated by rust-bindgen 0.69.4 */
+/* automatically generated by rust-bindgen 0.69.1 */
 
 pub type secret_word = usize;
 pub type secret_bool = usize;
@@ -1530,6 +1530,72 @@ extern "C" {
         len: usize,
     );
 }
+extern "C" {
+    pub fn ctt_bls12_381_g1_aff_sswu_sha256(
+        r: *mut bls12_381_g1_aff,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bls12_381_g1_jac_sswu_sha256(
+        r: *mut bls12_381_g1_jac,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bls12_381_g1_prj_sswu_sha256(
+        r: *mut bls12_381_g1_prj,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bls12_381_g2_aff_sswu_sha256(
+        r: *mut bls12_381_g2_aff,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bls12_381_g2_jac_sswu_sha256(
+        r: *mut bls12_381_g2_jac,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bls12_381_g2_prj_sswu_sha256(
+        r: *mut bls12_381_g2_prj,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
 #[repr(C)]
 #[derive(Copy, Clone)]
 pub struct bn254_snarks_fr {
@@ -2890,6 +2956,72 @@ extern "C" {
         len: usize,
     );
 }
+extern "C" {
+    pub fn ctt_bn254_snarks_g1_aff_svdw_sha256(
+        r: *mut bn254_snarks_g1_aff,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bn254_snarks_g1_jac_svdw_sha256(
+        r: *mut bn254_snarks_g1_jac,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bn254_snarks_g1_prj_svdw_sha256(
+        r: *mut bn254_snarks_g1_prj,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bn254_snarks_g2_aff_svdw_sha256(
+        r: *mut bn254_snarks_g2_aff,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bn254_snarks_g2_jac_svdw_sha256(
+        r: *mut bn254_snarks_g2_jac,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
+extern "C" {
+    pub fn ctt_bn254_snarks_g2_prj_svdw_sha256(
+        r: *mut bn254_snarks_g2_prj,
+        augmentation: *const byte,
+        augmentation_len: usize,
+        message: *const byte,
+        message_len: usize,
+        domainSepTag: *const byte,
+        domainSepTag_len: usize,
+    );
+}
 #[repr(C)]
 #[derive(Copy, Clone)]
 pub struct pallas_fr {