Resolve conflicts
Signed-off-by: Kirk Baird <baird.k@outlook.com>
diff --git a/readme.md b/README.md
similarity index 88%
rename from readme.md
rename to README.md
index 2017433..0b32cd8 100644
--- a/readme.md
+++ b/README.md
@@ -2,7 +2,7 @@
## Updates
-BLS12-381 has been updated to the the most recent standards being [bls-signatures-02](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02) and [hash-to-curve-08](https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08).
+BLS12-381 has been updated to the the most recent standards being [bls-signatures-04](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04) and [hash-to-curve-09](https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09).
Updated to Rust 2018.
diff --git a/src/bls381/basic.rs b/src/bls381/basic.rs
index c5d2449..abf0301 100644
--- a/src/bls381/basic.rs
+++ b/src/bls381/basic.rs
@@ -32,13 +32,13 @@
/*************************************************************************************************
* Functions for Basic Scheme - signatures on G1
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
*************************************************************************************************/
/// Message Augmentation - KeyGenerate
///
/// Generate a new Secret Key based off Initial Keying Material (IKM) and Key Info (salt).
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.3
pub fn key_generate(ikm: &[u8], key_info: &[u8]) -> [u8; SECRET_KEY_BYTES] {
core::key_generate(ikm, key_info)
}
@@ -46,7 +46,7 @@
/*************************************************************************************************
* Functions for Message Augmentation - signatures on G1
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.2
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.2
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -56,35 +56,35 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g1(secret_key: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
core::secret_key_to_public_key_g1(secret_key)
}
/// Basic Scheme - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn sign_g1(secret_key: &[u8], msg: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
core::core_sign_g1(secret_key, msg, DST_G1)
}
/// Basic Scheme - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn verify_g1(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
core::core_verify_g1(public_key, msg, signature, DST_G1)
}
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g1(points: &[&[u8]]) -> Result<[u8; G1_BYTES], AmclError> {
core::aggregate_g1(points)
}
/// Basic Scheme - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1.1
pub fn aggregate_verify_g1(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
// Verify messages are unique
for (i, msg1) in msgs.iter().enumerate() {
@@ -101,7 +101,7 @@
/*************************************************************************************************
* Functions for Basic Scheme - signatures on G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -111,35 +111,35 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g2(secret_key: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
core::secret_key_to_public_key_g2(secret_key)
}
/// Basic Scheme - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn sign_g2(secret_key: &[u8], msg: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
core::core_sign_g2(secret_key, msg, DST_G2)
}
/// Basic Scheme - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn verify_g2(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
core::core_verify_g2(public_key, msg, signature, DST_G2)
}
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g2(points: &[&[u8]]) -> Result<[u8; G2_BYTES], AmclError> {
core::aggregate_g2(points)
}
/// Basic Scheme - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1.1
pub fn aggregate_verify_g2(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
// Verify messages are unique
for (i, msg1) in msgs.iter().enumerate() {
diff --git a/src/bls381/core.rs b/src/bls381/core.rs
index 48028c9..16452ba 100644
--- a/src/bls381/core.rs
+++ b/src/bls381/core.rs
@@ -52,23 +52,34 @@
/// KeyGenerate
///
/// Generate a new Secret Key based off Initial Keying Material (IKM) and Key Info (salt).
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.3
pub(crate) fn key_generate(ikm: &[u8], key_info: &[u8]) -> [u8; SECRET_KEY_BYTES] {
- // PRK = HKDF-Extract("BLS-SIG-KEYGEN-SALT-", IKM || I2OSP(0, 1))
- let mut prk = Vec::<u8>::with_capacity(1 + ikm.len());
- prk.extend_from_slice(ikm);
- prk.push(0);
- let prk = HASH256::hkdf_extract(KEY_SALT, &prk);
+ let mut secret_key = Big::new();
+ let mut salt = KEY_SALT.to_vec();
- // OKM = HKDF-Expand(PRK, key_info || I2OSP(L, 2), L)
- let mut info = key_info.to_vec();
- info.extend_from_slice(&[0, KEY_GENERATION_L]);
- let okm = HASH256::hkdf_extend(&prk, &info, KEY_GENERATION_L);
+ while secret_key.is_zilch() {
+ // salt = H(salt)
+ let mut hash256 = HASH256::new();
+ hash256.init();
+ hash256.process_array(&salt);
+ salt = hash256.hash().to_vec();
- // SK = OS2IP(OKM) mod r
- let r = Big::new_ints(&CURVE_ORDER);
- let mut secret_key = Big::from_bytes(&okm);
- secret_key.rmod(&r);
+ // PRK = HKDF-Extract(salt, IKM || I2OSP(0, 1))
+ let mut prk = Vec::<u8>::with_capacity(1 + ikm.len());
+ prk.extend_from_slice(ikm);
+ prk.push(0);
+ let prk = HASH256::hkdf_extract(&salt, &prk);
+
+ // OKM = HKDF-Expand(PRK, key_info || I2OSP(L, 2), L)
+ let mut info = key_info.to_vec();
+ info.extend_from_slice(&[0, KEY_GENERATION_L]);
+ let okm = HASH256::hkdf_extend(&prk, &info, KEY_GENERATION_L);
+
+ // SK = OS2IP(OKM) mod r
+ let r = Big::new_ints(&CURVE_ORDER);
+ secret_key = Big::from_bytes(&okm);
+ secret_key.rmod(&r);
+ }
secret_key_to_bytes(&secret_key)
}
@@ -477,7 +488,7 @@
/*************************************************************************************************
* Core BLS Functions when signatures are on G1
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -498,7 +509,7 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub(crate) fn secret_key_to_public_key_g1(secret_key: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
let secret_key = secret_key_from_bytes(secret_key)?;
let g = ECP2::generator();
@@ -509,7 +520,7 @@
// CoreSign
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.7
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.7
pub(crate) fn core_sign_g1(
secret_key: &[u8],
msg: &[u8],
@@ -524,7 +535,7 @@
// CoreVerify
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.7
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.7
pub(crate) fn core_verify_g1(public_key: &[u8], msg: &[u8], signature: &[u8], dst: &[u8]) -> bool {
let public_key = deserialize_g2(public_key);
let signature = deserialize_g1(signature);
@@ -537,7 +548,7 @@
let signature = signature.unwrap();
// Subgroup checks for signature and public key
- if !subgroup_check_g1(&signature) || !subgroup_check_g2(&public_key) {
+ if !subgroup_check_g1(&signature) || !subgroup_check_g2(&public_key) || public_key.is_infinity() {
return false;
}
@@ -559,7 +570,7 @@
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub(crate) fn aggregate_g1(points: &[&[u8]]) -> Result<[u8; G1_BYTES], AmclError> {
if points.len() == 0 {
return Err(AmclError::AggregateEmptyPoints);
@@ -575,7 +586,7 @@
// CoreAggregateVerify
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.9
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.9
pub(crate) fn core_aggregate_verify_g1(
public_keys: &[&[u8]],
msgs: &[&[u8]],
@@ -611,7 +622,7 @@
}
let public_key = public_key.unwrap();
- if !subgroup_check_g2(&public_key) {
+ if !subgroup_check_g2(&public_key) || public_key.is_infinity() {
return false;
}
@@ -629,7 +640,7 @@
/*************************************************************************************************
* Core BLS Functions when signatures are on G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -650,7 +661,7 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub(crate) fn secret_key_to_public_key_g2(secret_key: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
let secret_key = secret_key_from_bytes(secret_key)?;
let g = ECP::generator();
@@ -662,7 +673,7 @@
// CoreSign
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.7
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.7
pub(crate) fn core_sign_g2(
secret_key: &[u8],
msg: &[u8],
@@ -678,7 +689,7 @@
// CoreVerify
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.7
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.7
pub(crate) fn core_verify_g2(public_key: &[u8], msg: &[u8], signature: &[u8], dst: &[u8]) -> bool {
let public_key = deserialize_g1(public_key);
let signature = deserialize_g2(signature);
@@ -691,7 +702,7 @@
let signature = signature.unwrap();
// Subgroup checks for signature and public key
- if !subgroup_check_g1(&public_key) || !subgroup_check_g2(&signature) {
+ if !subgroup_check_g1(&public_key) || public_key.is_infinity() || !subgroup_check_g2(&signature) {
return false;
}
@@ -713,7 +724,7 @@
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub(crate) fn aggregate_g2(points: &[&[u8]]) -> Result<[u8; G2_BYTES], AmclError> {
if points.len() == 0 {
return Err(AmclError::AggregateEmptyPoints);
@@ -729,7 +740,7 @@
// CoreAggregateVerify
//
-// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.9
+// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.9
pub(crate) fn core_aggregate_verify_g2(
public_keys: &[&[u8]],
msgs: &[&[u8]],
@@ -766,7 +777,7 @@
let public_key = public_key.unwrap();
// Subgroup check for public key
- if !subgroup_check_g1(&public_key) {
+ if !subgroup_check_g1(&public_key) || public_key.is_infinity() {
return false;
}
@@ -788,7 +799,7 @@
/// Hash to Curve
///
/// Takes a message as input and converts it to a Curve Point
-/// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-3
pub fn hash_to_curve_g1(msg: &[u8], dst: &[u8]) -> ECP {
let u =
hash_to_field_fp(msg, 2, dst).expect("hash to field should not fail for given parameters");
@@ -802,8 +813,8 @@
// Simplified SWU for Pairing-Friendly Curves
//
// Take a field point and map it to a Curve Point.
-// SSWU - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-6.6.2
-// ISO11 - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#appendix-C.2
+// SSWU - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.2
+// ISO11 - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#appendix-C.2
fn map_to_curve_g1(u: FP) -> ECP {
let (x, y) = simplified_swu_fp(u);
iso11_to_ecp(&x, &y)
@@ -816,7 +827,7 @@
/// Hash to Curve
///
/// Takes a message as input and converts it to a Curve Point
-/// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-3
pub fn hash_to_curve_g2(msg: &[u8], dst: &[u8]) -> ECP2 {
let u =
hash_to_field_fp2(msg, 2, dst).expect("hash to field should not fail for given parameters");
@@ -830,8 +841,8 @@
// Simplified SWU for Pairing-Friendly Curves
//
// Take a field point and map it to a Curve Point.
-// SSWU - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-6.6.2
-// ISO3 - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#appendix-C.3
+// SSWU - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.2
+// ISO3 - https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#appendix-C.3
fn map_to_curve_g2(u: FP2) -> ECP2 {
let (x, y) = simplified_swu_fp2(u);
iso3_to_ecp2(&x, &y)
diff --git a/src/bls381/message_augmentation.rs b/src/bls381/message_augmentation.rs
index 4f3e389..8924701 100644
--- a/src/bls381/message_augmentation.rs
+++ b/src/bls381/message_augmentation.rs
@@ -32,13 +32,13 @@
/*************************************************************************************************
* Functions for Message Augmentation - signatures on either G1 or G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
*************************************************************************************************/
/// Message Augmentation - KeyGenerate
///
/// Generate a new Secret Key based off Initial Keying Material (IKM) and Key Info (salt).
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.3
pub fn key_generate(ikm: &[u8], key_info: &[u8]) -> [u8; SECRET_KEY_BYTES] {
core::key_generate(ikm, key_info)
}
@@ -46,7 +46,7 @@
/*************************************************************************************************
* Functions for Message Augmentation - signatures on G1
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.2
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.2
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -56,14 +56,14 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g1(secret_key: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
core::secret_key_to_public_key_g1(secret_key)
}
/// Message Augmentation - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn sign_g1(
secret_key: &[u8],
msg: &[u8],
@@ -78,7 +78,7 @@
/// Message Augmentation - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn verify_g1(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
// Message = (public_key || msg)
let mut augmented_msg = public_key.to_vec();
@@ -89,14 +89,14 @@
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g1(points: &[&[u8]]) -> Result<[u8; G1_BYTES], AmclError> {
core::aggregate_g1(points)
}
/// Message Augmentation - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1.1
pub fn aggregate_verify_g1(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
// Augment each message
let mut augmented_msgs: Vec<Vec<u8>> = Vec::with_capacity(msgs.len());
@@ -118,7 +118,7 @@
/*************************************************************************************************
* Functions for Message Augmentation - signatures on G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.2
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.2
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -128,14 +128,14 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g2(secret_key: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
core::secret_key_to_public_key_g2(secret_key)
}
/// Message Augmentation - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn sign_g2(
secret_key: &[u8],
msg: &[u8],
@@ -150,7 +150,7 @@
/// Message Augmentation - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1
pub fn verify_g2(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
// Message = (public_key || msg)
let mut augmented_msg = public_key.to_vec();
@@ -161,14 +161,14 @@
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g2(points: &[&[u8]]) -> Result<[u8; G2_BYTES], AmclError> {
core::aggregate_g2(points)
}
/// Message Augmentation - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.1.1
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.1.1
pub fn aggregate_verify_g2(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
// Augment each message
let mut augmented_msgs: Vec<Vec<u8>> = Vec::with_capacity(msgs.len());
diff --git a/src/bls381/proof_of_possession.rs b/src/bls381/proof_of_possession.rs
index ddc959a..d03c44b 100644
--- a/src/bls381/proof_of_possession.rs
+++ b/src/bls381/proof_of_possession.rs
@@ -42,13 +42,13 @@
/*************************************************************************************************
* Functions for Proof of Possession - signatures on either G1 or G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
*************************************************************************************************/
/// Proof of Possession - KeyGenerate
///
/// Generate a new Secret Key based off Initial Keying Material (IKM) and Key Info (salt).
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.3
pub fn key_generate(ikm: &[u8], key_info: &[u8]) -> [u8; SECRET_KEY_BYTES] {
core::key_generate(ikm, key_info)
}
@@ -56,7 +56,7 @@
/*************************************************************************************************
* Functions for Proof of Possession - signatures on G1
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -66,42 +66,42 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g1(secret_key: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
core::secret_key_to_public_key_g1(secret_key)
}
/// Proof of Possession - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn sign_g1(secret_key: &[u8], msg: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
core::core_sign_g1(secret_key, msg, DST_G1)
}
/// Proof of Possession - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn verify_g1(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
core::core_verify_g1(public_key, msg, signature, DST_G1)
}
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g1(points: &[&[u8]]) -> Result<[u8; G1_BYTES], AmclError> {
core::aggregate_g1(points)
}
/// Proof of Possession - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn aggregate_verify_g1(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
core::core_aggregate_verify_g1(public_keys, msgs, signature, DST_G1)
}
/// Proof of Possession - PopProve
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.2
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.2
pub fn pop_prove_g1(secret_key: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
let secret_key = secret_key_from_bytes(secret_key)?;
let g = ECP2::generator();
@@ -116,7 +116,7 @@
/// Proof of Possession - PopVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.3
pub fn pop_verify_g1(public_key_bytes: &[u8], proof_bytes: &[u8]) -> bool {
let proof = deserialize_g1(proof_bytes);
let public_key = deserialize_g2(public_key_bytes);
@@ -128,7 +128,7 @@
let proof = proof.unwrap();
let public_key = public_key.unwrap();
- if !subgroup_check_g1(&proof) || !subgroup_check_g2(&public_key) {
+ if !subgroup_check_g1(&proof) || !subgroup_check_g2(&public_key) || public_key.is_infinity() {
return false;
}
@@ -149,7 +149,7 @@
/// Proof of Possession - FastAggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.4
pub fn fast_aggregate_verify_g1(public_keys: &[&[u8]], msg: &[u8], signature: &[u8]) -> bool {
if public_keys.len() == 0 {
return false;
@@ -190,7 +190,7 @@
/*************************************************************************************************
* Functions for Proof of Possession - signatures on G2
*
-* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+* https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
*************************************************************************************************/
/// Generate key pair - (secret key, public key)
@@ -200,42 +200,42 @@
/// Secret Key To Public Key
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.4
pub fn secret_key_to_public_key_g2(secret_key: &[u8]) -> Result<[u8; G1_BYTES], AmclError> {
core::secret_key_to_public_key_g2(secret_key)
}
/// Proof of Possession - Sign
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn sign_g2(secret_key: &[u8], msg: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
core::core_sign_g2(secret_key, msg, DST_G2)
}
/// Proof of Possession - Verify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn verify_g2(public_key: &[u8], msg: &[u8], signature: &[u8]) -> bool {
core::core_verify_g2(public_key, msg, signature, DST_G2)
}
/// Aggregate
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-2.8
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-2.8
pub fn aggregate_g2(points: &[&[u8]]) -> Result<[u8; G2_BYTES], AmclError> {
core::aggregate_g2(points)
}
/// Proof of Possession - AggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3
pub fn aggregate_verify_g2(public_keys: &[&[u8]], msgs: &[&[u8]], signature: &[u8]) -> bool {
core::core_aggregate_verify_g2(public_keys, msgs, signature, DST_G2)
}
/// Proof of Possession - PopProve
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.2
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.2
pub fn pop_prove_g2(secret_key: &[u8]) -> Result<[u8; G2_BYTES], AmclError> {
let secret_key = secret_key_from_bytes(secret_key)?;
let g = ECP::generator();
@@ -250,7 +250,7 @@
/// Proof of Possession - PopVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.3
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.3
pub fn pop_verify_g2(public_key_bytes: &[u8], proof_bytes: &[u8]) -> bool {
let proof = deserialize_g2(proof_bytes);
let public_key = deserialize_g1(public_key_bytes);
@@ -262,7 +262,7 @@
let proof = proof.unwrap();
let public_key = public_key.unwrap();
- if !subgroup_check_g1(&public_key) || !subgroup_check_g2(&proof) {
+ if !subgroup_check_g1(&public_key) || public_key.is_infinity() || !subgroup_check_g2(&proof) {
return false;
}
@@ -283,7 +283,7 @@
/// Proof of Possession - FastAggregateVerify
///
-/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02#section-3.3.4
+/// https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04#section-3.3.4
pub fn fast_aggregate_verify_g2(public_keys: &[&[u8]], msg: &[u8], signature: &[u8]) -> bool {
if public_keys.len() == 0 {
return false;
diff --git a/src/fp.rs b/src/fp.rs
index dfc4322..5caa0a0 100644
--- a/src/fp.rs
+++ b/src/fp.rs
@@ -742,7 +742,7 @@
/// false if Positive, if a % 2 == 0
///
/// Not constant time.
- /// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-4.1
+ /// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-4.1
pub fn sgn0(&self) -> bool {
let x = self.redc();
if x.parity() == 0 {
diff --git a/src/fp2.rs b/src/fp2.rs
index ac96b4e..57eebb6 100644
--- a/src/fp2.rs
+++ b/src/fp2.rs
@@ -445,7 +445,7 @@
/// false if Positive
///
/// Not constant time.
- /// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-4.1
+ /// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-4.1
pub fn sgn0(&self) -> bool {
if self.a.is_zilch() {
self.b.sgn0()
diff --git a/src/hash_to_curve.rs b/src/hash_to_curve.rs
index c52a9bf..8cf7bcf 100644
--- a/src/hash_to_curve.rs
+++ b/src/hash_to_curve.rs
@@ -85,7 +85,7 @@
// Hash To Field - Fp
//
// Take a message as bytes and convert it to a Field Point
-// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-5.2
+// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-5.3
pub fn hash_to_field_fp(msg: &[u8], count: usize, dst: &[u8]) -> Result<Vec<FP>, AmclError> {
let m = 1;
let p = Big::new_ints(&MODULUS);
@@ -107,7 +107,7 @@
// Hash To Field - Fp2
//
// Take a message as bytes and convert it to a vector of Field Points with extension degree 2.
-// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-5.2
+// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-5.3
pub fn hash_to_field_fp2(msg: &[u8], count: usize, dst: &[u8]) -> Result<Vec<FP2>, AmclError> {
let m = 2;
let p = Big::new_ints(&MODULUS);
@@ -133,7 +133,7 @@
// Expand Message XMD
//
// Take a message and convert it to pseudo random bytes of specified length
-// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-5.3.1
+// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-5.4
fn expand_message_xmd(msg: &[u8], len_in_bytes: usize, dst: &[u8]) -> Result<Vec<u8>, AmclError> {
// ell = ceiling(len_in_bytes / b_in_bytes)
let ell = (len_in_bytes + HASH_ALGORITHM.length() - 1) / HASH_ALGORITHM.length();
@@ -203,7 +203,7 @@
// Simplified Shallue-van de Woestijne-Ulas Method - Fp
//
// Returns projectives as (XZ, YZ, Z)
-// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-6.6.2
+// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.2
pub fn simplified_swu_fp(u: FP) -> (FP, FP) {
let sswu_a = FP::new_big(Big::new_ints(&SSWU_A1));
let sswu_b = FP::new_big(Big::new_ints(&SSWU_B1));
@@ -279,7 +279,7 @@
// Simplified Shallue-van de Woestijne-Ulas Method - Fp2
//
// Returns projectives as (X, Y)
-// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#section-6.6.2
+// https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.2
pub fn simplified_swu_fp2(u: FP2) -> (FP2, FP2) {
let sswu_a = FP2::new_bigs(Big::new_ints(&SSWU_A2_A), Big::new_ints(&SSWU_A2_B));
let sswu_b = FP2::new_bigs(Big::new_ints(&SSWU_B2_A), Big::new_ints(&SSWU_B2_B));
diff --git a/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_NU_.json b/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_NU_.json
deleted file mode 100644
index b06a7cc..0000000
--- a/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_NU_.json
+++ /dev/null
@@ -1,90 +0,0 @@
-{
- "L": "0x30",
- "Z": "0x2",
- "ciphersuite": "edwards25519_XMD:SHA-512_ELL2_NU_",
- "curve": "edwards25519",
- "dst": "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_NU_",
- "expand": "XMD",
- "field": {
- "m": "0x1",
- "p": "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"
- },
- "hash": "sha512",
- "k": "0x80",
- "map": {
- "name": "ELL2"
- },
- "randomOracle": false,
- "vectors": [
- {
- "P": {
- "x": "0x1ff2b70ecf862799e11b7ae744e3489aa058ce805dd323a936375a84695e76da",
- "y": "0x222e314d04a4d5725e9f2aff9fb2a6b69ef375a1214eb19021ceab2d687f0f9b"
- },
- "Q": {
- "x": "0x42836f691d05211ebc65ef8fcf01e0fb6328ec9c4737c26050471e50803022eb",
- "y": "0x22cb4aaa555e23bd460262d2130d6a3c9207aa8bbb85060928beb263d6d42a95"
- },
- "msg": "",
- "u": [
- "0x7f3e7fb9428103ad7f52db32f9df32505d7b427d894c5093f7a0f0374a30641d"
- ]
- },
- {
- "P": {
- "x": "0x5f13cc69c891d86927eb37bd4afc6672360007c63f68a33ab423a3aa040fd2a8",
- "y": "0x67732d50f9a26f73111dd1ed5dba225614e538599db58ba30aaea1f5c827fa42"
- },
- "Q": {
- "x": "0x333e41b61c6dd43af220c1ac34a3663e1cf537f996bab50ab66e33c4bd8e4e19",
- "y": "0x51b6f178eb08c4a782c820e306b82c6e273ab22e258d972cd0c511787b2a3443"
- },
- "msg": "abc",
- "u": [
- "0x09cfa30ad79bd59456594a0f5d3a76f6b71c6787b04de98be5cd201a556e253b"
- ]
- },
- {
- "P": {
- "x": "0x1dd2fefce934ecfd7aae6ec998de088d7dd03316aa1847198aecf699ba6613f1",
- "y": "0x2f8a6c24dd1adde73909cada6a4a137577b0f179d336685c4a955a0a8e1a86fb"
- },
- "Q": {
- "x": "0x55186c242c78e7d0ec5b6c9553f04c6aeef64e69ec2e824472394da32647cfc6",
- "y": "0x5b9ea3c265ee42256a8f724f616307ef38496ef7eba391c08f99f3bea6fa88f0"
- },
- "msg": "abcdef0123456789",
- "u": [
- "0x475ccff99225ef90d78cc9338e9f6a6bb7b17607c0c4428937de75d33edba941"
- ]
- },
- {
- "P": {
- "x": "0x35fbdc5143e8a97afd3096f2b843e07df72e15bfca2eaf6879bf97c5d3362f73",
- "y": "0x2af6ff6ef5ebba128b0774f4296cb4c2279a074658b083b8dcca91f57a603450"
- },
- "Q": {
- "x": "0x024b6e1621606dca8071aa97b43dce4040ca78284f2a527dcf5d0fbfac2b07e7",
- "y": "0x5102353883d739bdc9f8a3af650342b171217167dcce34f8db57208ec1dfdbf2"
- },
- "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
- "u": [
- "0x049a1c8bd51bcb2aec339f387d1ff51428b88d0763a91bcdf6929814ac95d03d"
- ]
- },
- {
- "P": {
- "x": "0x6e5e1f37e99345887fc12111575fc1c3e36df4b289b8759d23af14d774b66bff",
- "y": "0x2c90c3d39eb18ff291d33441b35f3262cdd307162cc97c31bfcc7a4245891a37"
- },
- "Q": {
- "x": "0x3e6368cff6e88a58e250c54bd27d2c989ae9b3acb6067f2651ad282ab8c21cd9",
- "y": "0x38fb39f1566ca118ae6c7af42810c0bb9767ae5960abb5a8ca792530bfb9447d"
- },
- "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
- "u": [
- "0x3cb0178a8137cefa5b79a3a57c858d7eeeaa787b2781be4a362a2f0750d24fa0"
- ]
- }
- ]
-}
diff --git a/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_RO_.json b/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_RO_.json
deleted file mode 100644
index 1d1698c..0000000
--- a/src/test_utils/hash_to_curve_vectors/edwards25519_XMD:SHA-512_ELL2_RO_.json
+++ /dev/null
@@ -1,115 +0,0 @@
-{
- "L": "0x30",
- "Z": "0x2",
- "ciphersuite": "edwards25519_XMD:SHA-512_ELL2_RO_",
- "curve": "edwards25519",
- "dst": "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_RO_",
- "expand": "XMD",
- "field": {
- "m": "0x1",
- "p": "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"
- },
- "hash": "sha512",
- "k": "0x80",
- "map": {
- "name": "ELL2"
- },
- "randomOracle": true,
- "vectors": [
- {
- "P": {
- "x": "0x3c3da6925a3c3c268448dcabb47ccde5439559d9599646a8260e47b1e4822fc6",
- "y": "0x09a6c8561a0b22bef63124c588ce4c62ea83a3c899763af26d795302e115dc21"
- },
- "Q0": {
- "x": "0x6549118f65bb617b9e8b438decedc73c496eaed496806d3b2eb9ee60b88e09a7",
- "y": "0x7315bcc8cf47ed68048d22bad602c6680b3382a08c7c5d3f439a973fb4cf9feb"
- },
- "Q1": {
- "x": "0x31dcfc5c58aa1bee6e760bf78cbe71c2bead8cebb2e397ece0f37a3da19c9ed2",
- "y": "0x7876d81474828d8a5928b50c82420b2bd0898d819e9550c5c82c39fc9bafa196"
- },
- "msg": "",
- "u": [
- "0x03fef4813c8cb5f98c6eef88fae174e6e7d5380de2b007799ac7ee712d203f3a",
- "0x780bdddd137290c8f589dc687795aafae35f6b674668d92bf92ae793e6a60c75"
- ]
- },
- {
- "P": {
- "x": "0x608040b42285cc0d72cbb3985c6b04c935370c7361f4b7fbdb1ae7f8c1a8ecad",
- "y": "0x1a8395b88338f22e435bbd301183e7f20a5f9de643f11882fb237f88268a5531"
- },
- "Q0": {
- "x": "0x5c1525bd5d4b4e034512949d187c39d48e8cd84242aa4758956e4adc7d445573",
- "y": "0x2bf426cf7122d1a90abc7f2d108befc2ef415ce8c2d09695a7407240faa01f29"
- },
- "Q1": {
- "x": "0x37b03bba828860c6b459ddad476c83e0f9285787a269df2156219b7e5c86210c",
- "y": "0x285ebf5412f84d0ad7bb4e136729a9ffd2195d5b8e73c0dc85110ce06958f432"
- },
- "msg": "abc",
- "u": [
- "0x5081955c4141e4e7d02ec0e36becffaa1934df4d7a270f70679c78f9bd57c227",
- "0x005bdc17a9b378b6272573a31b04361f21c371b256252ae5463119aa0b925b76"
- ]
- },
- {
- "P": {
- "x": "0x6d7fabf47a2dc03fe7d47f7dddd21082c5fb8f86743cd020f3fb147d57161472",
- "y": "0x53060a3d140e7fbcda641ed3cf42c88a75411e648a1add71217f70ea8ec561a6"
- },
- "Q0": {
- "x": "0x3ac463dd7fddb773b069c5b2b01c0f6b340638f54ee3bd92d452fcec3015b52d",
- "y": "0x7b03ba1e8db9ec0b390d5c90168a6a0b7107156c994c674b61fe696cbeb46baf"
- },
- "Q1": {
- "x": "0x0757e7e904f5e86d2d2f4acf7e01c63827fde2d363985aa7432106f1b3a444ec",
- "y": "0x50026c96930a24961e9d86aa91ea1465398ff8e42015e2ec1fa397d416f6a1c0"
- },
- "msg": "abcdef0123456789",
- "u": [
- "0x285ebaa3be701b79871bcb6e225ecc9b0b32dff2d60424b4c50642636a78d5b3",
- "0x2e253e6a0ef658fedb8e4bd6a62d1544fd6547922acb3598ec6b369760b81b31"
- ]
- },
- {
- "P": {
- "x": "0x5fb0b92acedd16f3bcb0ef83f5c7b7a9466b5f1e0d8d217421878ea3686f8524",
- "y": "0x2eca15e355fcfa39d2982f67ddb0eea138e2994f5956ed37b7f72eea5e89d2f7"
- },
- "Q0": {
- "x": "0x703e69787ea7524541933edf41f94010a201cc841c1cce60205ec38513458872",
- "y": "0x32bb192c4f89106466f0874f5fd56a0d6b6f101cb714777983336c159a9bec75"
- },
- "Q1": {
- "x": "0x0c9077c5c31720ed9413abe59bf49ce768506128d810cb882435aa90f713ef6b",
- "y": "0x7d5aec5210db638c53f050597964b74d6dda4be5b54fa73041bf909ccb3826cb"
- },
- "msg": "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
- "u": [
- "0x4fedd25431c41f2a606952e2945ef5e3ac905a42cf64b8b4d4a83c533bf321af",
- "0x02f20716a5801b843987097a8276b6d869295b2e11253751ca72c109d37485a9"
- ]
- },
- {
- "P": {
- "x": "0x0efcfde5898a839b00997fbe40d2ebe950bc81181afbd5cd6b9618aa336c1e8c",
- "y": "0x6dc2fc04f266c5c27f236a80b14f92ccd051ef1ff027f26a07f8c0f327d8f995"
- },
- "Q0": {
- "x": "0x21091b2e3f9258c7dfa075e7ae513325a94a3d8a28e1b1cb3b5b6f5d65675592",
- "y": "0x41a33d324c89f570e0682cdf7bdb78852295daf8084c669f2cc9692896ab5026"
- },
- "Q1": {
- "x": "0x4c07ec48c373e39a23bd7954f9e9b66eeab9e5ee1279b867b3d5315aa815454f",
- "y": "0x67ccac7c3cb8d1381242d8d6585c57eabaddbb5dca5243a68a8aeb5477d94b3a"
- },
- "msg": "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
- "u": [
- "0x6e34e04a5106e9bd59f64aba49601bf09d23b27f7b594e56d5de06df4a4ea33b",
- "0x1c1c2cb59fc053f44b86c5d5eb8c1954b64976d0302d3729ff66e84068f5fd96"
- ]
- }
- ]
-}
