Add test vectors for hashToCurve

alxdavids / voprf-poc

Proof-of-concept implementation of the (V)OPRF protocol in https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/

23 stars 8 forks source link

Add test vectors for hashToCurve #27

Closed claucece closed 4 years ago

claucece commented 4 years ago

This:

Updates the mod to the latest version of armfazh/h2c-go-ref.
Adds test vectors for hashToCurve for p384, p521 and curve448. These test vectors are generated by running armfazh/h2c-go-ref with the dst established on the repo.

This probably needs to be integrated after pull request 26.

claucece commented 4 years ago

This should be working now @alxdavids ;)

armfazh commented 4 years ago

I just updated tozan-ecc & h2c-go-ref with new tags and releases.

Now you can use v6.0.0 in go.mod file.

armfazh commented 4 years ago

Note that JSON vectors include the DST field.

hasherMod.dst = []byte("QUUX-V01-CS02")

claucece commented 4 years ago

Hi, @armfazh !

Thanks for that! I'll update the mod. Note that the dst on the jason file is not really used. I'll remove it on a next commit. The actually dst used are:

RFCXXXX-VOPRF-P521_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-P384_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-curve448_XMD:SHA-512_ELL2_RO_

I'm not sure if those are the ones intended to be used ;)

armfazh commented 4 years ago

The actually dst used are:
RFCXXXX-VOPRF-P521_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-P384_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-curve448_XMD:SHA-512_ELL2_RO_
I'm not sure if those are the ones intended to be used ;)

What are you trying to test in the first case? I think you want to test whether the h2c module runs ok. One option is to use the test vectors as they are (using the dst provided in the test vector). Another option is to generate your own test vectors with a desired dst tag.

claucece commented 4 years ago

Hi, @armfazh

Another option is to generate your own test vectors with a desired dst tag.

This is precisely what is happening. But the dst is not defined in the json files, but rather inside, over here: https://github.com/alxdavids/voprf-poc/blob/master/go/oprf/groups/ecgroup/h2c.go#L47, which is (for every curve):

RFCXXXX-VOPRF-P521_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-P384_XMD:SHA-512_SSWU_RO_
RFCXXXX-VOPRF-curve448_XMD:SHA-512_ELL2_RO_

When I ran the h2c-go-ref with that exact same dst, it gave me the test vectors that are defined in this PR.

Hope that clarifies it ;)

armfazh commented 4 years ago

Gotcha.

alxdavids commented 4 years ago

I think Sofia's change makes sense as this will be the DST that we will use for the VOPRF draft. @armfazh Is this new DST a change introduced in draft-06 of h2c?

armfazh commented 4 years ago

Is this new DST a change introduced in draft-06 of h2c?

DST is an optional field, so it could be any string, usually is the protocol's name.