Class: H2C::M2C::SSWU

Inherits:

Object

• Object
• H2C::M2C::SSWU

Defined in:

lib/h2c/m2c/sswu.rb

Overview

www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#section-6.6.2

Instance Attribute Summary

• #c1 ⇒ Object readonly

  Returns the value of attribute c1.

• #c2 ⇒ Object readonly

  Returns the value of attribute c2.

• #curve ⇒ Object readonly

  Returns the value of attribute curve.

• #z ⇒ Object readonly

  Returns the value of attribute z.

Instance Method Summary

• #initialize(curve, z) ⇒ SSWU constructor

  Constructor.

• #map(u) ⇒ Array(Integer, Integer)

  Outputs x and y are elements of the field F.

• #sgn0(x) ⇒ Object
• #square?(x) ⇒ Boolean

Constructor Details

#initialize(curve, z) ⇒ SSWU

Constructor

Parameters:

• curve (ECDSA::Group)
• z (Integer)

# File 'lib/h2c/m2c/sswu.rb', line 12

def initialize(curve, z)
  @curve = curve
  @z = z
  f = curve.field
  @c1 = f.mod(-curve.param_b * f.inverse(curve.param_a))
  @c2 = f.mod(-f.inverse(z))
end

Instance Attribute Details

#c1 ⇒ Object (readonly)

Returns the value of attribute c1.

# File 'lib/h2c/m2c/sswu.rb', line 7

def c1
  @c1
end

#c2 ⇒ Object (readonly)

Returns the value of attribute c2.

# File 'lib/h2c/m2c/sswu.rb', line 7

def c2
  @c2
end

#curve ⇒ Object (readonly)

Returns the value of attribute curve.

# File 'lib/h2c/m2c/sswu.rb', line 7

def curve
  @curve
end

#z ⇒ Object (readonly)

Returns the value of attribute z.

# File 'lib/h2c/m2c/sswu.rb', line 7

def z
  @z
end

Instance Method Details

#map(u) ⇒ Array(Integer, Integer)

Outputs x and y are elements of the field F.

Parameters:

• u (Integer)

Returns:

• (Array(Integer, Integer)) —

  x and y

# File 'lib/h2c/m2c/sswu.rb', line 23

def map(u)
  f = curve.field
  t1 = f.mod(f.power(u, 2) * f.mod(z))
  t2 = f.power(t1, 2)
  x1 = f.mod(t1 + t2)
  x1 = f.inverse(x1)
  e1 = x1.zero?
  x1 = f.mod(x1 + 1)
  x1 = e1 ? c2 : x1
  x1 = f.mod(x1 * c1)
  gx1 = f.power(x1, 2)
  gx1 = f.mod(gx1 + curve.param_a)
  gx1 = f.mod(gx1 * x1)
  gx1 = f.mod(gx1 + curve.param_b)
  x2 = f.mod(t1 * x1)
  t2 = f.mod(t1 * t2)
  gx2 = f.mod(gx1 * t2)
  e2 = square?(gx1)
  x = e2 ? x1 : x2
  y2 = e2 ? gx1 : gx2
  y = f.square_roots(y2)[0]
  e3 = sgn0(u) == sgn0(y)
  y = f.mod(e3 ? y : -y)
  curve.new_point([x, y])
end

#sgn0(x) ⇒ Object

# File 'lib/h2c/m2c/sswu.rb', line 54

def sgn0(x)
  res = x % 2
  curve.field.mod(1 - 2 * res)
end

#square?(x) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/h2c/m2c/sswu.rb', line 49

def square?(x)
  test = curve.field.power(x, ((curve.field.prime - 1) / 2))
  [0, 1].include?(test)
end