Update for MapToCurve changes (#1206)

Signed-off-by: Andrew Whitehead <[email protected]>

Author: andrewwhitehead

Cargo.lock

@@ -2,19 +2,16 @@ use elliptic_curve::Field;
 use elliptic_curve::array::Array;
 use elliptic_curve::bigint::{ArrayEncoding, U256};
 use elliptic_curve::consts::{U4, U16, U48};
-use elliptic_curve::group::cofactor::CofactorGroup;
 use elliptic_curve::hash2curve::{
     FromOkm, GroupDigest, Isogeny, IsogenyCoefficients, MapToCurve, OsswuMap, OsswuMapParams, Sgn0,
 };
-use elliptic_curve::subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
+use elliptic_curve::subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 
 use crate::{AffinePoint, ProjectivePoint, Scalar, Secp256k1};
 
 use super::FieldElement;
 
 impl GroupDigest for Secp256k1 {
-    type FieldElement = FieldElement;
-
     type K = U16;
 }
 
@@ -130,11 +127,12 @@ impl OsswuMap for FieldElement {
     }
 }
 
-impl MapToCurve for FieldElement {
-    type Output = ProjectivePoint;
+impl MapToCurve for Secp256k1 {
+    type CurvePoint = ProjectivePoint;
+    type FieldElement = FieldElement;
 
-    fn map_to_curve(&self) -> Self::Output {
-        let (rx, ry) = self.osswu();
+    fn map_to_curve(element: FieldElement) -> Self::CurvePoint {
+        let (rx, ry) = element.osswu();
         let (qx, qy) = FieldElement::isogeny(rx, ry);
 
         AffinePoint {
@@ -144,6 +142,10 @@ impl MapToCurve for FieldElement {
         }
         .into()
     }
+
+    fn map_to_subgroup(point: Self::CurvePoint) -> ProjectivePoint {
+        point
+    }
 }
 
 impl FromOkm for Scalar {
@@ -258,31 +260,14 @@ impl Isogeny for FieldElement {
     };
 }
 
-impl CofactorGroup for ProjectivePoint {
-    type Subgroup = ProjectivePoint;
-
-    fn clear_cofactor(&self) -> Self::Subgroup {
-        *self
-    }
-
-    fn into_subgroup(self) -> CtOption<Self::Subgroup> {
-        CtOption::new(self, 1.into())
-    }
-
-    fn is_torsion_free(&self) -> Choice {
-        1.into()
-    }
-}
-
 #[cfg(test)]
 mod tests {
-    use crate::{FieldElement, Scalar, Secp256k1, U256};
+    use crate::{Scalar, Secp256k1, U256, arithmetic::field::FieldElement};
     use elliptic_curve::{
         Curve,
         array::Array,
         bigint::{ArrayEncoding, NonZero, U384},
         consts::U48,
-        group::cofactor::CofactorGroup,
         hash2curve::{FromOkm, GroupDigest, MapToCurve},
     };
     use hex_literal::hex;
@@ -377,17 +362,17 @@ mod tests {
             assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
             assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
 
-            let q0 = u[0].map_to_curve();
+            let q0 = Secp256k1::map_to_curve(u[0]);
             let aq0 = q0.to_affine();
             assert_eq!(aq0.x.to_bytes().as_slice(), test_vector.q0_x);
             assert_eq!(aq0.y.to_bytes().as_slice(), test_vector.q0_y);
 
-            let q1 = u[1].map_to_curve();
+            let q1 = Secp256k1::map_to_curve(u[1]);
             let aq1 = q1.to_affine();
             assert_eq!(aq1.x.to_bytes().as_slice(), test_vector.q1_x);
             assert_eq!(aq1.y.to_bytes().as_slice(), test_vector.q1_y);
 
-            let p = q0.clear_cofactor() + q1.clear_cofactor();
+            let p = Secp256k1::add_and_map_to_subgroup(q0, q1);
             let ap = p.to_affine();
             assert_eq!(ap.x.to_bytes().as_slice(), test_vector.p_x);
             assert_eq!(ap.y.to_bytes().as_slice(), test_vector.p_y);

k256/src/arithmetic/hash2curve.rs

@@ -10,8 +10,6 @@ use elliptic_curve::{
 };
 
 impl GroupDigest for NistP256 {
-    type FieldElement = FieldElement;
-
     type K = U16;
 }
 
@@ -60,17 +58,22 @@ impl OsswuMap for FieldElement {
     };
 }
 
-impl MapToCurve for FieldElement {
-    type Output = ProjectivePoint;
+impl MapToCurve for NistP256 {
+    type CurvePoint = ProjectivePoint;
+    type FieldElement = FieldElement;
 
-    fn map_to_curve(&self) -> Self::Output {
-        let (qx, qy) = self.osswu();
+    fn map_to_curve(element: Self::FieldElement) -> Self::CurvePoint {
+        let (qx, qy) = element.osswu();
 
         // TODO(tarcieri): assert that `qy` is correct? less circuitous conversion?
         AffinePoint::decompress(&qx.to_bytes(), qy.is_odd())
             .unwrap()
             .into()
     }
+
+    fn map_to_subgroup(point: Self::CurvePoint) -> ProjectivePoint {
+        point
+    }
 }
 
 impl FromOkm for Scalar {
@@ -102,7 +105,6 @@ mod tests {
         array::Array,
         bigint::{ArrayEncoding, CheckedSub, NonZero, U384},
         consts::U48,
-        group::cofactor::CofactorGroup,
         hash2curve::{self, ExpandMsgXmd, FromOkm, GroupDigest, MapToCurve, OsswuMap},
         sec1::{self, ToEncodedPoint},
     };
@@ -227,13 +229,13 @@ mod tests {
             assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
             assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
 
-            let q0 = u[0].map_to_curve();
+            let q0 = NistP256::map_to_curve(u[0]);
             assert_point_eq!(q0, test_vector.q0_x, test_vector.q0_y);
 
-            let q1 = u[1].map_to_curve();
+            let q1 = NistP256::map_to_curve(u[1]);
             assert_point_eq!(q1, test_vector.q1_x, test_vector.q1_y);
 
-            let p = q0.clear_cofactor() + q1.clear_cofactor();
+            let p = q0 + q1;
             assert_point_eq!(p, test_vector.p_x, test_vector.p_y);
 
             // complete run

p256/src/arithmetic/hash2curve.rs

@@ -11,8 +11,6 @@ use elliptic_curve::{
 };
 
 impl GroupDigest for NistP384 {
-    type FieldElement = FieldElement;
-
     type K = U24;
 }
 
@@ -63,17 +61,22 @@ impl OsswuMap for FieldElement {
     };
 }
 
-impl MapToCurve for FieldElement {
-    type Output = ProjectivePoint;
+impl MapToCurve for NistP384 {
+    type CurvePoint = ProjectivePoint;
+    type FieldElement = FieldElement;
 
-    fn map_to_curve(&self) -> Self::Output {
-        let (qx, qy) = self.osswu();
+    fn map_to_curve(element: FieldElement) -> Self::CurvePoint {
+        let (qx, qy) = element.osswu();
 
         // TODO(tarcieri): assert that `qy` is correct? less circuitous conversion?
         AffinePoint::decompress(&qx.to_bytes(), qy.is_odd())
             .unwrap()
             .into()
     }
+
+    fn map_to_subgroup(point: Self::CurvePoint) -> ProjectivePoint {
+        point
+    }
 }
 
 impl FromOkm for Scalar {
@@ -98,13 +101,15 @@ impl FromOkm for Scalar {
 
 #[cfg(test)]
 mod tests {
-    use crate::{FieldElement, NistP384, Scalar, arithmetic::field::MODULUS};
+    use crate::{
+        NistP384, Scalar,
+        arithmetic::field::{FieldElement, MODULUS},
+    };
     use elliptic_curve::{
         Curve,
         array::Array,
         bigint::{ArrayEncoding, CheckedSub, NonZero, U384, U576},
         consts::U72,
-        group::cofactor::CofactorGroup,
         hash2curve::{self, ExpandMsgXmd, FromOkm, GroupDigest, MapToCurve, OsswuMap},
         ops::Reduce,
         sec1::{self, ToEncodedPoint},
@@ -229,13 +234,13 @@ mod tests {
             assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
             assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
 
-            let q0 = u[0].map_to_curve();
+            let q0 = NistP384::map_to_curve(u[0]);
             assert_point_eq!(q0, test_vector.q0_x, test_vector.q0_y);
 
-            let q1 = u[1].map_to_curve();
+            let q1 = NistP384::map_to_curve(u[1]);
             assert_point_eq!(q1, test_vector.q1_x, test_vector.q1_y);
 
-            let p = q0.clear_cofactor() + q1.clear_cofactor();
+            let p = NistP384::add_and_map_to_subgroup(q0, q1);
             assert_point_eq!(p, test_vector.p_x, test_vector.p_y);
 
             // complete run

p384/src/arithmetic/hash2curve.rs

@@ -11,8 +11,6 @@ use elliptic_curve::{
 };
 
 impl GroupDigest for NistP521 {
-    type FieldElement = FieldElement;
-
     type K = U32;
 }
 
@@ -66,17 +64,22 @@ impl OsswuMap for FieldElement {
     };
 }
 
-impl MapToCurve for FieldElement {
-    type Output = ProjectivePoint;
+impl MapToCurve for NistP521 {
+    type CurvePoint = ProjectivePoint;
+    type FieldElement = FieldElement;
 
-    fn map_to_curve(&self) -> Self::Output {
-        let (qx, qy) = self.osswu();
+    fn map_to_curve(element: FieldElement) -> Self::CurvePoint {
+        let (qx, qy) = element.osswu();
 
         // TODO(tarcieri): assert that `qy` is correct? less circuitous conversion?
         AffinePoint::decompress(&qx.to_bytes(), qy.is_odd())
             .unwrap()
             .into()
     }
+
+    fn map_to_subgroup(point: Self::CurvePoint) -> ProjectivePoint {
+        point
+    }
 }
 
 impl FromOkm for Scalar {
@@ -110,7 +113,6 @@ mod tests {
         array::Array,
         bigint::{ArrayEncoding, CheckedSub, NonZero, U576, U896},
         consts::U98,
-        group::cofactor::CofactorGroup,
         hash2curve::{self, ExpandMsgXmd, FromOkm, GroupDigest, MapToCurve, OsswuMap},
         ops::Reduce,
         sec1::{self, ToEncodedPoint},
@@ -235,13 +237,13 @@ mod tests {
             assert_eq!(u[0].to_bytes().as_slice(), test_vector.u_0);
             assert_eq!(u[1].to_bytes().as_slice(), test_vector.u_1);
 
-            let q0 = u[0].map_to_curve();
+            let q0 = NistP521::map_to_curve(u[0]);
             assert_point_eq!(q0, test_vector.q0_x, test_vector.q0_y);
 
-            let q1 = u[1].map_to_curve();
+            let q1 = NistP521::map_to_curve(u[1]);
             assert_point_eq!(q1, test_vector.q1_x, test_vector.q1_y);
 
-            let p = q0.clear_cofactor() + q1.clear_cofactor();
+            let p = NistP521::add_and_map_to_subgroup(q0, q1);
             assert_point_eq!(p, test_vector.p_x, test_vector.p_y);
 
             // complete run

p521/src/arithmetic/hash2curve.rs

@@ -14,7 +14,6 @@ use elliptic_curve::{
     bigint::ArrayEncoding,
     group::{
         self, Group, GroupEncoding,
-        cofactor::CofactorGroup,
         prime::{PrimeCurve, PrimeGroup},
     },
     ops::{BatchInvert, LinearCombination},
@@ -149,30 +148,6 @@ where
     }
 }
 
-impl<C> CofactorGroup for ProjectivePoint<C>
-where
-    Self: Double,
-    C: PrimeCurveParams,
-    CompressedPoint<C>: Copy + Send + Sync,
-    FieldBytes<C>: Copy,
-    FieldBytesSize<C>: ModulusSize,
-    <UncompressedPointSize<C> as ArraySize>::ArrayType<u8>: Copy,
-{
-    type Subgroup = Self;
-
-    fn clear_cofactor(&self) -> Self::Subgroup {
-        *self
-    }
-
-    fn into_subgroup(self) -> CtOption<Self> {
-        CtOption::new(self, 1.into())
-    }
-
-    fn is_torsion_free(&self) -> Choice {
-        1.into()
-    }
-}
-
 impl<C> ConditionallySelectable for ProjectivePoint<C>
 where
     C: PrimeCurveParams,