Are MapToG1 and MapToG2 invertable?

herumi / mcl

a portable and fast pairing-based cryptography library

BSD 3-Clause "New" or "Revised" License

458 stars 157 forks source link

Are MapToG1 and MapToG2 invertable? #74

Closed Zhiyi-Zhang closed 4 years ago

Zhiyi-Zhang commented 4 years ago

Functions MapToG1 and MapToG2 can map Fr into G1 and G2. Are there any APIs to recovery the Fr from a G1 or a G2?

herumi commented 4 years ago

No, there is no recovery function.

Zhiyi-Zhang commented 4 years ago

Thank you for your reply. Is this limited by the underlying cryptographic construction? or is it not yet implemented?

herumi commented 4 years ago

MapToGi is not one-to-one function, so there is no inverse map.

alinush commented 4 years ago

It might be useful if you could (1) clarify if you are talking about mapToG1 as defined in include/mcl/bn.hpp and (2) clarify if inverting mapToG1 is computationally intractable (and if so, under which cryptographic assumption).