add hash_to_curve method for Edwards curves

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519

Other

853 stars 422 forks source link

add hash_to_curve method for Edwards curves #596

Open mikelodder7 opened 8 months ago

mikelodder7 commented 8 months ago

Adds hash_to_curve for Edwards points according to RFC9390

burdges commented 8 months ago

RFC9390 requires an XoF, and gives sha2 xmd as a named cipher suite, but RFC9390 permits choosing another XoF like shake128 instead. I guess maybe the traits expose this option?

mikelodder7 commented 8 months ago

Yes they do. If you look ExpandMsg supports ExpandMsgXmd or ExpandMsgXof

burdges commented 8 months ago

Alright, so already possible to choose shake128 with this PR? nice :)

mikelodder7 commented 8 months ago

Yes any XOF, Shake128, Shake256, etc.

dignifiedquire commented 12 hours ago

Fyi it is RFC 9380 not 9390 :)