Closed hdevalence closed 4 years ago
hdevalence
commented
6 years ago @isislovecruft Do you want to leave this behind for 1.0 and possibly add it later? IIRC the conclusion was that existing Elligator implementations all used slightly different maps because the map was badly specified. Now that we have Ristretto, we have a hash-to-group API for the prime-order group.
hdevalence
commented
6 years ago Closing this for now, we can reopen it later if need be.
isislovecruft
commented
4 years ago Do we want to potentially add an invertible Elligator2 variant? It's rare that this is needed in practice, but there are systems like https://eprint.iacr.org/2019/1416 (cf. §4.1) which require not only hash-to-group but also encode-to-group (and the corresponding decode-to-group).
hdevalence
commented
4 years ago Hmm, I think that that's pretty different functionality from what this issue was about, so I'd prefer to discuss it separately from this issue.
hdevalence
commented
4 years ago For reference, it's possible to implement encode-to-group using the existing API without any changes to the library. I wrote an example of how to do this last year: https://github.com/hdevalence/ristretto255-data-encoding/blob/master/src/main.rs
isislovecruft
commented
4 years ago Thanks! I'll open a separate issue for discussion.
Stub issue for tracking Elligator 2 implementation.