Module: BLS::H2C

Defined in:
lib/bls/h2c.rb

Defined Under Namespace

Modules: G2

Constant Summary collapse

LENGTH = 
64

Class Method Summary collapse

Class Method Details

.expand_message_xmd(message, len_in_bytes) ⇒ Array[Integer]

Returns byte array.

Parameters:

  • message (String)

    hash value with hex format.

  • len_in_bytes (Integer)

    length

Returns:

  • (Array[Integer])

    byte array.

Raises:

  • BLS::Error



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/bls/h2c.rb', line 12

def expand_message_xmd(message, len_in_bytes)
  b_in_bytes = BigDecimal(SHA256_DIGEST_SIZE)
  r_in_bytes = b_in_bytes * 2
  ell = (BigDecimal(len_in_bytes) / b_in_bytes).ceil
  raise BLS::Error, 'Invalid xmd length' if ell > 255

  dst_prime = PointG2::DST_BASIC.bytes + BLS.i2osp(PointG2::DST_BASIC.bytesize, 1)
  z_pad = BLS.i2osp(0, r_in_bytes)
  l_i_b_str = BLS.i2osp(len_in_bytes, 2)
  b = Array.new(ell)
  payload = z_pad + [message].pack('H*').bytes + l_i_b_str + BLS.i2osp(0, 1) + dst_prime
  b_0 = Digest::SHA256.digest(payload.pack('C*'))
  b[0] = Digest::SHA256.digest((b_0.bytes + BLS.i2osp(1, 1) + dst_prime).pack('C*'))
  (1..ell).each do |i|
    args = BLS.bin_xor(b_0, b[i - 1]).bytes + BLS.i2osp(i + 1, 1) + dst_prime
    b[i] = Digest::SHA256.digest(args.pack('C*'))
  end
  b.map(&:bytes).flatten[0...len_in_bytes]
end