-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathswu.go
82 lines (63 loc) · 1.34 KB
/
swu.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package swu
/*
Implementation of Shallue-Woestijne-Ulas algorithm in Go
*/
import (
"crypto/elliptic"
"crypto/sha256"
"math/big"
)
var (
p = elliptic.P256().Params().P
a *big.Int
b = elliptic.P256().Params().B
mba *big.Int
F = &GF{p}
p34, p14 *big.Int
)
func init() {
a = F.Neg(Three)
ba := F.Div(b, a)
mba = F.Neg(ba)
p3 := F.Sub(p, Three)
p34 = F.Div(p3, Four)
p1 := F.Add(p, One)
p14 = F.Div(p1, Four)
}
func HashToPoint(data []byte) (x, y *big.Int) {
hash := sha256.Sum256(data)
t := new(big.Int).SetBytes(hash[:])
t.Mod(t, p)
//alpha = -t^2
tt := F.Square(t)
alpha := F.Neg(tt)
asq := F.Square(alpha)
asqa := F.Add(asq, alpha)
asqa1 := F.Add(One, F.Inv(asqa))
// x2 = -(b / a) * (1 + 1/(alpha^2+alpha))
x2 := F.Mul(mba, asqa1)
//x3 = alpha * x2
x3 := F.Mul(alpha, x2)
ax2 := F.Mul(a, x2)
x23 := F.Cube(x2)
x23ax2 := F.Add(x23, ax2)
// h2 = x2^3 + a*x2 + b
h2 := F.Add(x23ax2, b)
ax3 := F.Mul(a, x3)
x33 := F.Cube(x3)
x33ax3 := F.Add(x33, ax3)
// h3 = x3^3 + a*x3 + b
h3 := F.Add(x33ax3, b)
// tmp = h2 ^ ((p - 3) // 4)
tmp := F.Pow(h2, p34)
tmp2 := F.Square(tmp)
tmp2h2 := F.Mul(tmp2, h2)
//if tmp^2 * h2 == 1:
if tmp2h2.Cmp(One) == 0 {
// return (x2, tmp * h2 )
return x2, F.Mul(tmp, h2)
} else {
//return (x3, h3 ^ ((p+1)//4))
return x3, F.Pow(h3, p14)
}
}