Skip to content

Commit 0975cdf

Browse files
daxpeddadaxpedda
committed
Test Montgomery -> Edwards through hash2curve
1 parent 1685098 commit 0975cdf

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

ed448-goldilocks/src/edwards/extended.rs

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -995,6 +995,7 @@ mod tests {
995995
use elliptic_curve::Field;
996996
use hex_literal::hex;
997997
use rand_core::TryRngCore;
998+
use sha3::Shake256;
998999

9991000
fn hex_to_field(hex: &'static str) -> FieldElement {
10001001
assert_eq!(hex.len(), 56 * 2);
@@ -1155,7 +1156,7 @@ mod tests {
11551156
];
11561157

11571158
for (msg, x, y) in MSGS {
1158-
let p = Ed448::hash_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1159+
let p = Ed448::hash_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
11591160
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
11601161
let p = p.to_affine();
11611162
let mut xx = [0u8; 56];
@@ -1192,8 +1193,7 @@ mod tests {
11921193
];
11931194

11941195
for (msg, x, y) in MSGS {
1195-
let p =
1196-
Ed448::encode_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1196+
let p = Ed448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
11971197
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
11981198
let p = p.to_affine();
11991199
let mut xx = [0u8; 56];
@@ -1204,6 +1204,24 @@ mod tests {
12041204
yy.reverse();
12051205
assert_eq!(p.x.to_bytes(), xx);
12061206
assert_eq!(p.y.to_bytes(), yy);
1207+
1208+
// Test Montgomery to Edwards conversion.
1209+
// See https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/664b13592116cecc9e52fb192dcde0ade36f904e/poc/ell2_opt_3mod4.sage#L243-L245.
1210+
let conv_p =
1211+
ProjectiveMontgomeryXpoint::encode::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1212+
.to_affine();
1213+
let conv_p1 = conv_p.to_edwards(Choice::from(0));
1214+
let conv_p2 = conv_p.to_edwards(Choice::from(1));
1215+
assert!(conv_p1.x == p.x || conv_p2.x == p.x);
1216+
assert!(conv_p1.y == p.y || conv_p2.y == p.y);
1217+
1218+
let conv_p = AffinePoint::from(
1219+
Curve448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1220+
.unwrap()
1221+
.to_affine(),
1222+
);
1223+
assert_eq!(conv_p.x, p.x);
1224+
assert_eq!(conv_p.y, p.y);
12071225
}
12081226
}
12091227

0 commit comments

Comments
 (0)