Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

alloc independent hash_to_curve API #46

Open
krnak opened this issue Aug 11, 2022 · 3 comments
Open

alloc independent hash_to_curve API #46

krnak opened this issue Aug 11, 2022 · 3 comments

Comments

@krnak
Copy link
Contributor

krnak commented Aug 11, 2022
edited
Loading

I would really appreciate, if some alloc independent version of hash_to_curve got into upstream.

By modifying the current API? Or adding an alternative API? @str4d
@krnak
Copy link
Contributor Author

krnak commented Aug 11, 2022
edited
Loading

I tried to maintain the current API, ending up with these modifications

pub struct Hasher<'a, Field, Curve, IsoCurve> {
    domain_prefix: &'a str,
    _marker1: PhantomData<Field>,
    _marker2: PhantomData<Curve>,
    _marker3: PhantomData<IsoCurve>,
}

impl<'a, F, C, I> Fn<(&[u8],)> for Hasher<'a, F, C, I>
where
    F: FieldExt,
    C: CurveExt<Base = F> + CurveConstants,
    I: CurveExt<Base = F>,
{
    extern "rust-call" fn call(&self, args: (&[u8],)) -> C {
        let (message,) = args;
        ...
    }
}
#[cfg(feature = "unboxed_closures")]
fn hash_to_curve<'a>(domain_prefix: &'a str) -> Hasher<'a, $base, $name, $iso> {
    Hasher::new(domain_prefix)
}

Unfortunately this requires unstable features unboxed_closures and fn_traits.

Another small but necessary change is to move ISOGENY_CONSTANTS to some public trait.

You can find a proof of concept here: https://github.com/jarys/pasta_curves/tree/unboxed-closures

@krnak krnak mentioned this issue Aug 26, 2022
Draft
7 tasks
@krnak krnak mentioned this issue Sep 12, 2022
Open
@str4d
Copy link
Contributor

str4d commented Dec 6, 2022

bls12_381 has an alloc-free hash-to-curve implementation (https://github.com/zkcrypto/bls12_381/tree/main/src/hash_to_curve). That one has been tracking the RFC draft, whereas the one in this repository is intentionally point-in-time (as we need consensus compatibility with the version of the RFC draft that the Zcash protocol uses). There is also IIRC an implementation over in the elliptic-curve Rust Crypto crate, but I don't recall whether it is alloc-free.

Ideally we could have a generic alloc-free implementation in the group crate (or possibly elliptic-curves if a more wide-scale reorganisation of traits happens). In the meantime, I'd like to conceptually reduce the number of distinct implementations we have, so I'm inclined to take the bls12_381 API (after zkcrypto/bls12_381#90 is reviewed and merged) and port it over to here, assuming there have been no changes to the RFC draft that would make it incompatible. I'll keep the API @Jarys gave above in mind while reviewing the bls12_381 PR.

@krnak
Copy link
Contributor Author

krnak commented Dec 6, 2022

I'll keep the API @Jarys gave above in mind while reviewing the bls12_381 PR.

You don't have to. I was just an attempt to make required changes without breaking the curent pasta_curves API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@str4d @krnak