Open nikkolasg opened 5 years ago
nkeywal
commented
5 years ago discussion with @bkolad @nikkolasg This is at the application level: the handel library does not take care of this point. For Eth2, the Ethereum Foundation is still working on the hash function to use.
nikkolasg
commented
5 years ago good implementation : https://github.com/Project-Arda/bgls
bkolad
commented
5 years ago we had bug in our hashing function, fixed in: https://github.com/ConsenSys/handel/issues/124 The implementation still suffers from problems described by @nikkolasg.
The method to hash a message to a point is insecure
m -> scalar s -> s * G, as no easy method is provided by the go or cf packages and time pressure. We should try to implement a correct method, maybe by following the ideas in this paper https://www.di.ens.fr/~fouque/pub/latincrypt12.pdf . Although that will probably require forking off Go's or CF's package in order to access to the lower level methods.