Closed Aphoh closed 2 years ago
For an example see the bls.rs
file. The function bls_hash_to_point()
implements the random oracle as specified in the hash_to_curve(msg)
function in section 3 of the draft. The function bls_hash_to_point()
calls ECP::map2point()
which implements the constant time encoding of a field element to the curve - (not the ECP::mapit()
function).
Ah I see. Other than the domain separation tag, is there anything bls-specific about that bls_hash_to_point
method? I understand that bls IBE is the main use case for it, but it should still be safe to use the same method for any supported curve, no?
No, other than domain tag nothing BLS specific.
Excellent, thanks.
Reading up on the ietf draft on hashing to curves, and I'm wondering if the current implementation in
ECP::mapit
does a good job of being a random oracle with respect to creating a uniform distribution on the curve. If not, I could give implementing one of the listed methods a crack.