|
@ -206,34 +206,12 @@ impl Point { |
|
|
false
|
|
|
false
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
// Use a variation of the Koblitz method
|
|
|
|
|
|
pub fn from_msg_vartime(msg: BigInt/*msg: &[u8; 28]*/) -> Point {
|
|
|
|
|
|
// This is the largest point that can fit BabyJubJub curve while still allowing 8 extra bytes, as long as those bytes are less than f0000001
|
|
|
|
|
|
// Babyjubjub r parameter is 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
|
|
|
|
|
|
// assert!(
|
|
|
|
|
|
// BigInt::from_bytes_be(Sign::Plus, msg)
|
|
|
|
|
|
// <
|
|
|
|
|
|
// BigInt::parse_bytes(b"30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f00000",16).unwrap()
|
|
|
|
|
|
// );
|
|
|
|
|
|
// let mut acc: u32 = 0;
|
|
|
|
|
|
// let mut pt: Point;
|
|
|
|
|
|
// let mut is_residue: bool = false;
|
|
|
|
|
|
// let mut on_curve: bool = false;
|
|
|
|
|
|
// while (acc <= 0xf0000001) && !on_curve {
|
|
|
|
|
|
// let acc_bytes: [u8; 4] = acc.to_be_bytes();
|
|
|
|
|
|
// // let mut buff: ArrayVec::<[u8; 32]> = concat_bytes!()[msg, acc_bytes]);
|
|
|
|
|
|
// let mut buf = BytesMut::with_capacity(32);
|
|
|
|
|
|
// buf.put_slice(msg);
|
|
|
|
|
|
// buf.put_u32(acc);
|
|
|
|
|
|
// Fr::from_str("123").unwrap().legendre()
|
|
|
|
|
|
// println!("bytes {:?}", buf);
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
|
|
// Koblitz decoding method, adapted for this curve:
|
|
|
|
|
|
|
|
|
// Koblitz decoding method, adapted for this curve:
|
|
|
// message m must be < r/10000
|
|
|
// message m must be < r/10000
|
|
|
// Try finding a point with y value m*10000+0, m*10000+1, .... m*10000+5617 (5617 are last four digits of prime r)
|
|
|
// Try finding a point with y value m*10000+0, m*10000+1, .... m*10000+5617 (5617 are last four digits of prime r)
|
|
|
// There is an approximately 1/(2^1000) chance no point will be encodable,
|
|
|
// There is an approximately 1/(2^1000) chance no point will be encodable,
|
|
|
// since each y value has probability of about 1/2 of being on the curve
|
|
|
// since each y value has probability of about 1/2 of being on the curve
|
|
|
|
|
|
pub fn from_msg_vartime(msg: BigInt) -> Point {
|
|
|
let MAX_MSG: BigInt = BigInt::parse_bytes(
|
|
|
let MAX_MSG: BigInt = BigInt::parse_bytes(
|
|
|
b"2188824287183927522224640574525727508854836440041603434369820418657580849",10 // Prime r but missing last 4 digits
|
|
|
b"2188824287183927522224640574525727508854836440041603434369820418657580849",10 // Prime r but missing last 4 digits
|
|
|
).unwrap();
|
|
|
).unwrap();
|
|
@ -245,9 +223,8 @@ impl Point { |
|
|
let mut x: Fr = Fr::from_str(&msg.to_str_radix(10)).unwrap();
|
|
|
let mut x: Fr = Fr::from_str(&msg.to_str_radix(10)).unwrap();
|
|
|
let mut y: Option<Fr> = None;
|
|
|
let mut y: Option<Fr> = None;
|
|
|
x.mul_assign(&Fr::from_str("10000").unwrap());
|
|
|
x.mul_assign(&Fr::from_str("10000").unwrap());
|
|
|
|
|
|
|
|
|
let one = Fr::one();
|
|
|
let one = Fr::one();
|
|
|
// let m10000 = 1000.to_bigint().unwrap() * msg;
|
|
|
|
|
|
|
|
|
|
|
|
while (acc < ACC_UNDER) && !on_curve {
|
|
|
while (acc < ACC_UNDER) && !on_curve {
|
|
|
// If x is on curve, calculate what y^2 should be, by (ax^2 - 1) / (dx^2 - 1)
|
|
|
// If x is on curve, calculate what y^2 should be, by (ax^2 - 1) / (dx^2 - 1)
|
|
|
let mut x2 = x.clone();
|
|
|
let mut x2 = x.clone();
|
|
@ -270,7 +247,7 @@ impl Point { |
|
|
y = numerator.sqrt();
|
|
|
y = numerator.sqrt();
|
|
|
} else {
|
|
|
} else {
|
|
|
acc += 1;
|
|
|
acc += 1;
|
|
|
x.add_assign(&Fr::one());
|
|
|
|
|
|
|
|
|
x.add_assign(&one);
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
// Unwrap y since we can't be 100% sure at compile-time it will have been found; it may still be a None value!
|
|
|
// Unwrap y since we can't be 100% sure at compile-time it will have been found; it may still be a None value!
|
|
|