Add hash2curve crate (#1286)

Author: daxpedda

.github/workflows/hash2curve.yml

@@ -0,0 +1,62 @@
+name: hash2curve
+
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/hash2curve.yml"
+      - "hash2curve/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: hash2curve
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+  RUSTDOCFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.85.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: cargo build --target ${{ matrix.target }} --release
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.85.0 # MSRV
+          - stable
+    steps:
+    - uses: actions/checkout@v4
+    - uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: ${{ matrix.rust }}
+    - run: cargo test
+
+  doc:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: stable
+      - run: cargo doc

Cargo.lock

@@ -5,6 +5,7 @@ members = [
     "bp256",
     "bp384",
     "ed448-goldilocks",
+    "hash2curve",
     "k256",
     "p192",
     "p224",
@@ -21,5 +22,6 @@ opt-level = 2
 
 [patch.crates-io]
 ecdsa = { git = "https://github.com/RustCrypto/signatures.git" }
+hash2curve = { path = "hash2curve" }
 primefield = { path = "primefield" }
 primeorder = { path = "primeorder" }

Cargo.toml

@@ -17,6 +17,7 @@ and can be easily used for bare-metal or WebAssembly programming.
 | [`bign256`] | bign-curve256v1  | [![crates.io](https://img.shields.io/crates/v/bign256.svg)](https://crates.io/crates/bign256) | [![Documentation](https://docs.rs/bign256/badge.svg)](https://docs.rs/bign256) | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/bign256/badge.svg?branch=master&event=push) |
 | [`bp256`] | [brainpoolP256r1]/[brainpoolP256t1] | [![crates.io](https://img.shields.io/crates/v/bp256.svg)](https://crates.io/crates/bp256) | [![Documentation](https://docs.rs/bp256/badge.svg)](https://docs.rs/bp256) | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/bp256/badge.svg?branch=master&event=push) |
 | [`bp384`] | [brainpoolP384r1]/[brainpoolP384t1] | [![crates.io](https://img.shields.io/crates/v/bp384.svg)](https://crates.io/crates/bp384) | [![Documentation](https://docs.rs/bp384/badge.svg)](https://docs.rs/bp384) | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/bp384/badge.svg?branch=master&event=push) |
+| [`hash2curve`] |               | [![crates.io](https://img.shields.io/crates/v/hash2curve.svg)](https://crates.io/crates/hash2curve)   | [![Documentation](https://docs.rs/hash2curve/badge.svg)](https://docs.rs/hash2curve)   | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/hash2curve/badge.svg?branch=master&event=push)  |
 | [`k256`]  | [secp256k1]        | [![crates.io](https://img.shields.io/crates/v/k256.svg)](https://crates.io/crates/k256)   | [![Documentation](https://docs.rs/k256/badge.svg)](https://docs.rs/k256)   | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/k256/badge.svg?branch=master&event=push)  |
 | [`p192`]  | [NIST P-192]       | [![crates.io](https://img.shields.io/crates/v/p192.svg)](https://crates.io/crates/p192)   | [![Documentation](https://docs.rs/p192/badge.svg)](https://docs.rs/p192)   | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/p192/badge.svg?branch=master&event=push)  |
 | [`p224`]  | [NIST P-224]       | [![crates.io](https://img.shields.io/crates/v/p224.svg)](https://crates.io/crates/p224)   | [![Documentation](https://docs.rs/p224/badge.svg)](https://docs.rs/p224)   | ![build](https://github.com/RustCrypto/elliptic-curves/workflows/p224/badge.svg?branch=master&event=push)  |
@@ -63,6 +64,7 @@ dual licensed as above, without any additional terms or conditions.
 [`bign256`]: ./bign256
 [`bp256`]: ./bp256
 [`bp384`]: ./bp384
+[`hash2curve`]: ./hash2curve
 [`k256`]: ./k256
 [`p192`]: ./p192
 [`p224`]: ./p224

README.md

@@ -16,7 +16,8 @@ This crate also includes signing and verifying of Ed448 signatures.
 """
 
 [dependencies]
-elliptic-curve = { version = "0.14.0-rc.8", features = ["arithmetic", "hash2curve", "pkcs8"] }
+elliptic-curve = { version = "0.14.0-rc.8", features = ["arithmetic", "pkcs8"] }
+hash2curve = { version = "0.14.0-rc.0" }
 rand_core = { version = "0.9", default-features = false }
 sha3 = { version = "0.11.0-rc.0", default-features = false }
 subtle = { version = "2.6", default-features = false }

ed448-goldilocks/Cargo.toml

@@ -17,8 +17,9 @@ It is intended to be portable, fast, and safe.
 ## Usage
 
 ```rust
-use ed448_goldilocks::{EdwardsPoint, CompressedEdwardsY, Scalar, elliptic_curve::hash2curve::ExpandMsgXof, sha3::Shake256};
+use ed448_goldilocks::{EdwardsPoint, CompressedEdwardsY, Scalar, sha3::Shake256};
 use elliptic_curve::Field;
+use hash2curve::ExpandMsgXof;
 use rand_core::OsRng;
 
 let secret_key = Scalar::TWO;

ed448-goldilocks/README.md

@@ -15,10 +15,10 @@ use elliptic_curve::{
     array::{Array, typenum::Unsigned},
     consts::{U28, U84},
     group::{Group, GroupEncoding, cofactor::CofactorGroup, prime::PrimeGroup},
-    hash2curve::{ExpandMsg, ExpandMsgXof, Expander, FromOkm},
     ops::LinearCombination,
     point::NonIdentity,
 };
+use hash2curve::{ExpandMsg, ExpandMsgXof, Expander, FromOkm};
 use rand_core::TryRngCore;
 use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, CtOption};
 

ed448-goldilocks/src/curve/edwards/extended.rs

@@ -8,12 +8,12 @@ use elliptic_curve::{
     array::{Array, typenum::Unsigned},
     consts::{U32, U56, U84},
     group::{GroupEncoding, cofactor::CofactorGroup, prime::PrimeGroup},
-    hash2curve::{ExpandMsg, Expander, FromOkm},
     ops::LinearCombination,
     point::NonIdentity,
 };
 
 use core::fmt::{Display, Formatter, LowerHex, Result as FmtResult, UpperHex};
+use hash2curve::{ExpandMsg, Expander, FromOkm};
 use rand_core::{CryptoRng, TryRngCore};
 use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, CtOption};
 
@@ -771,7 +771,7 @@ mod test {
 
     #[test]
     fn test_hash_to_curve() {
-        use elliptic_curve::hash2curve::ExpandMsgXof;
+        use hash2curve::ExpandMsgXof;
 
         let msg = b"Hello, world!";
         let point = DecafPoint::hash::<ExpandMsgXof<sha3::Shake256>>(msg, b"test_hash_to_curve");

ed448-goldilocks/src/decaf/points.rs

@@ -12,9 +12,9 @@ use elliptic_curve::{
         NonZero, U448, U704,
         consts::{U84, U88},
     },
-    hash2curve::{FromOkm, MapToCurve},
     zeroize::DefaultIsZeroes,
 };
+use hash2curve::{FromOkm, MapToCurve};
 use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
 
 #[derive(Clone, Copy, Default)]
@@ -420,10 +420,8 @@ impl FieldElement {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use elliptic_curve::{
-        consts::U32,
-        hash2curve::{ExpandMsg, ExpandMsgXof, Expander},
-    };
+    use elliptic_curve::consts::U32;
+    use hash2curve::{ExpandMsg, ExpandMsgXof, Expander};
     use hex_literal::hex;
     use sha3::Shake256;
 

ed448-goldilocks/src/field/element.rs

@@ -11,10 +11,10 @@ use elliptic_curve::{
     bigint::{Limb, NonZero, U448, U704, U896, Word, Zero},
     consts::{U28, U84, U88, U114},
     ff::{Field, helpers},
-    hash2curve::{ExpandMsg, Expander, FromOkm},
     ops::{Invert, Reduce, ReduceNonZero},
     scalar::{FromUintUnchecked, IsHigh},
 };
+use hash2curve::{ExpandMsg, Expander, FromOkm};
 use rand_core::{CryptoRng, RngCore, TryRngCore};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, ConstantTimeGreater, CtOption};
 
@@ -841,8 +841,8 @@ impl Scalar {
     ///
     /// `len_in_bytes = <Self::Scalar as FromOkm>::Length`
     ///
-    /// [`ExpandMsgXmd`]: elliptic_curve::hash2curve::ExpandMsgXmd
-    /// [`ExpandMsgXof`]: elliptic_curve::hash2curve::ExpandMsgXof
+    /// [`ExpandMsgXmd`]: hash2curve::ExpandMsgXmd
+    /// [`ExpandMsgXof`]: hash2curve::ExpandMsgXof
     pub fn hash<X>(msg: &[u8], dst: &[u8]) -> Self
     where
         X: ExpandMsg<U28>,
@@ -1075,8 +1075,7 @@ mod test {
     fn scalar_hash() {
         let msg = b"hello world";
         let dst = b"edwards448_XOF:SHAKE256_ELL2_RO_";
-        let res =
-            Scalar::hash::<elliptic_curve::hash2curve::ExpandMsgXof<sha3::Shake256>>(msg, dst);
+        let res = Scalar::hash::<hash2curve::ExpandMsgXof<sha3::Shake256>>(msg, dst);
         let expected: [u8; 57] = hex_literal::hex!(
             "2d32a08f09b88275cc5f437e625696b18de718ed94559e17e4d64aafd143a8527705132178b5ce7395ea6214735387398a35913656b4951300"
         );