Implement WB hash2curve for BLS12-377 and BLS12-381

arkworks-rs / curves

Implementations of popular elliptic curves

https://www.arkworks.rs

Apache License 2.0

303 stars 103 forks source link

Implement WB hash2curve for BLS12-377 and BLS12-381 #138

Closed drskalman closed 1 year ago

drskalman commented 1 year ago

Description

closes https://github.com/arkworks-rs/curves/issues/18

Implementation Wahby - Bonneh Hash to curve for BLS12-377 and BLS12-381. The implementation of BLS12-381 is the same as the one found in the algebra/test-curves. The PR has been reviewed previously by @Pratyush @mmagician here

[x] Targeted PR against correct branch (master)
[x] Linked to Github issue with discussion and accepted design OR have an explanation in the PR that describes this work.
[x] Wrote unit tests: BLS12-381 has tests, comprehensive test for BLS12-377 by @mmagician.
[x] Updated relevant documentation in the code
[x] Added a relevant changelog entry to the Pending section in CHANGELOG.md
[x] Re-reviewed Files changed in the Github PR explorer

mmagician commented 1 year ago

A while ago I've tried to produce the test vectors for bls12-377 using the script (with adapted parameters) that was used for generation of bls12-381 test vectors. Since there's no other standard I know of, we might as well stick to these scripts for choosing the WB parameters too (e.g. the zeta, the choice of which is left open as per algorithm). From these preliminary tests I ran, it looks like the zeta generated is different than in this PR. Perhaps it makes more sense to split out the PR for bls12-377 (to be potentially adapted) and bls12-381 (which we can merge directly)? That way we don't have to introduce breaking changes to the parameters of bls12-377 later. I can try to prepare the corresponding parameters next week.

mmagician commented 1 year ago

For reference, this code is being used to generate test vectors. I'd probably maintain a fork with bls12-377 scripts.

Dimitri-Koshelev commented 1 year ago

@drskalman, @mmagician, @Pratyush, could you add my hash function to arkworks ? It is faster than Wahby-Boneh, especially for BLS12-377.

Pratyush commented 1 year ago

@mmagician

We can add that script either to this repo, or to a separate h2c repo in arkworks.

Pratyush commented 1 year ago

@dishport I think that would be the focus of a separate PR, as it requires support first in arkworks-rs/algebra

drskalman commented 1 year ago

@dishport as @Pratyush said, I think the first step is address this issue https://github.com/zhenfeizhang/indifferentiable-hashing/issues/3 and then we can do a PR to algebra.

mmagician commented 1 year ago

I manually checked that the h2c tests are executed:

...
test curves::tests::g1_h2c::test_h2c ... ok
...

Dimitri-Koshelev commented 1 year ago

@dishport as @Pratyush said, I think the first step is address this issue zhenfeizhang/indifferentiable-hashing#3 and then we can do a PR to algebra.

@drskalman, @Pratyush, this issue was succesfully addressed. Could you now add the new hash function to arkworks ?