Skip to content

Commit 7bb720f

Browse files
daxpeddadaxpedda
committed
Test Montgomery -> Edwards through hash2curve
1 parent c819f1e commit 7bb720f

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

ed448-goldilocks/src/edwards/extended.rs

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -839,6 +839,7 @@ mod tests {
839839
use proptest::prelude::any;
840840
use proptest::proptest;
841841
use rand_core::{OsRng, TryRngCore};
842+
use sha3::Shake256;
842843

843844
fn hex_to_field(hex: &'static str) -> FieldElement {
844845
assert_eq!(hex.len(), 56 * 2);
@@ -999,7 +1000,7 @@ mod tests {
9991000
];
10001001

10011002
for (msg, x, y) in MSGS {
1002-
let p = Ed448::hash_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1003+
let p = Ed448::hash_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
10031004
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
10041005
let p = p.to_affine();
10051006
let mut xx = [0u8; 56];
@@ -1036,8 +1037,7 @@ mod tests {
10361037
];
10371038

10381039
for (msg, x, y) in MSGS {
1039-
let p =
1040-
Ed448::encode_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1040+
let p = Ed448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
10411041
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
10421042
let p = p.to_affine();
10431043
let mut xx = [0u8; 56];
@@ -1048,6 +1048,25 @@ mod tests {
10481048
yy.reverse();
10491049
assert_eq!(p.x.to_bytes(), xx);
10501050
assert_eq!(p.y.to_bytes(), yy);
1051+
1052+
// Test Montgomery to Edwards conversion.
1053+
// See https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/664b13592116cecc9e52fb192dcde0ade36f904e/poc/ell2_opt_3mod4.sage#L243-L245.
1054+
let conv_p =
1055+
ProjectiveMontgomeryXpoint::encode::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1056+
.unwrap()
1057+
.to_affine();
1058+
let conv_p1 = conv_p.to_edwards(Choice::from(0));
1059+
let conv_p2 = conv_p.to_edwards(Choice::from(1));
1060+
assert!(conv_p1.x == p.x || conv_p2.x == p.x);
1061+
assert!(conv_p1.y == p.y || conv_p2.y == p.y);
1062+
1063+
let conv_p = AffinePoint::from(
1064+
Curve448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1065+
.unwrap()
1066+
.to_affine(),
1067+
);
1068+
assert_eq!(conv_p.x, p.x);
1069+
assert_eq!(conv_p.y, p.y);
10511070
}
10521071
}
10531072

0 commit comments

Comments
 (0)