Skip to content

Commit 0f195aa

Browse files
daxpeddadaxpedda
committed
Test Montgomery -> Edwards through hash2curve
1 parent 86da8eb commit 0f195aa

File tree

1 file changed

+20
-3
lines changed

1 file changed

+20
-3
lines changed

ed448-goldilocks/src/edwards/extended.rs

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1010,6 +1010,7 @@ mod tests {
10101010
use elliptic_curve::Field;
10111011
use hex_literal::hex;
10121012
use rand_core::TryRngCore;
1013+
use sha3::Shake256;
10131014

10141015
fn hex_to_field(hex: &'static str) -> FieldElement {
10151016
assert_eq!(hex.len(), 56 * 2);
@@ -1170,7 +1171,7 @@ mod tests {
11701171
];
11711172

11721173
for (msg, x, y) in MSGS {
1173-
let p = Ed448::hash_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1174+
let p = Ed448::hash_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
11741175
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
11751176
let p = p.to_affine();
11761177
let mut xx = [0u8; 56];
@@ -1207,8 +1208,7 @@ mod tests {
12071208
];
12081209

12091210
for (msg, x, y) in MSGS {
1210-
let p =
1211-
Ed448::encode_from_bytes::<ExpandMsgXof<sha3::Shake256>>(&[msg], &[DST]).unwrap();
1211+
let p = Ed448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST]).unwrap();
12121212
assert_eq!(p.is_on_curve().unwrap_u8(), 1u8);
12131213
let p = p.to_affine();
12141214
let mut xx = [0u8; 56];
@@ -1219,6 +1219,23 @@ mod tests {
12191219
yy.reverse();
12201220
assert_eq!(p.x.to_bytes(), xx);
12211221
assert_eq!(p.y.to_bytes(), yy);
1222+
1223+
// Test Montgomery to Edwards conversion.
1224+
// See https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/blob/664b13592116cecc9e52fb192dcde0ade36f904e/poc/ell2_opt_3mod4.sage#L243-L245.
1225+
let conv_p =
1226+
ProjectiveMontgomeryXpoint::encode::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1227+
.to_affine();
1228+
let conv_p1 = conv_p.to_edwards(Choice::from(0));
1229+
let conv_p2 = conv_p.to_edwards(Choice::from(1));
1230+
assert!(conv_p1.x == p.x || conv_p2.x == p.x);
1231+
assert!(conv_p1.y == p.y || conv_p2.y == p.y);
1232+
1233+
let conv_p = Curve448::encode_from_bytes::<ExpandMsgXof<Shake256>>(&[msg], &[DST])
1234+
.unwrap()
1235+
.to_affine()
1236+
.to_edwards();
1237+
assert_eq!(conv_p.x, p.x);
1238+
assert_eq!(conv_p.y, p.y);
12221239
}
12231240
}
12241241

0 commit comments

Comments
 (0)