From your documentation, I could not find any details about the Elligator2 implementation in libsodium. I created a sample application to compare the result from libsodium with the test-vectors form the RFC.
From my understanding, u[0] would be the input for Elligator2 and Q.x the result.
With the sample application, I get a different result compared to the test-vector:
$ ./elligator2
in : 7f3e7fb9428103ad7f52db32f9df32505d7b427d894c5093f7a0f0374a30641d
out: 44b2fa2a6bb0b2adeace690a5a83b7fbe5bb487c34e64dc109b90bc4e00f670b
This leads me to the following questions:
Is my usage from crypto_core_ed25519_from_uniform correct?
Is the libsodium implementation of the Elligator2 algorithm supposed to be compatible with the RFC draft?
If not, which specification do you follow?
Hi libsodium team,
I'm searching for an Elligator2 implementation compatible with the hash-to-curve RFC draft: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11
From your documentation, I could not find any details about the Elligator2 implementation in libsodium. I created a sample application to compare the result from libsodium with the test-vectors form the RFC.
Sample application:
test-vector from RFC:
From my understanding,
u[0]
would be the input for Elligator2 andQ.x
the result. With the sample application, I get a different result compared to the test-vector:This leads me to the following questions: Is my usage from
crypto_core_ed25519_from_uniform
correct? Is the libsodium implementation of the Elligator2 algorithm supposed to be compatible with the RFC draft? If not, which specification do you follow?Best regards Tobias