absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-14 06:59:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Begin crate smashing

Browse Source
This commit is contained in:
Luke Parker
2024-06-13 18:54:18 -04:00
parent 5cdae6eeb8
commit 784a273747
42 changed files with 606 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
coins/monero/generators/src/hash_to_point.rs
View File

@@ -1,27 +1,20 @@
use subtle::ConditionallySelectable;
use curve25519_dalek::edwards::{EdwardsPoint, CompressedEdwardsY};
use curve25519_dalek::edwards::EdwardsPoint;
use group::ff::{Field, PrimeField};
use dalek_ff_group::FieldElement;
use crate::hash;
use monero_io::decompress_point;
/// Decompress canonically encoded ed25519 point
/// It does not check if the point is in the prime order subgroup
pub fn decompress_point(bytes: [u8; 32]) -> Option<EdwardsPoint> {
CompressedEdwardsY(bytes)
.decompress()
// Ban points which are either unreduced or -0
.filter(|point| point.compress().to_bytes() == bytes)
}
use crate::keccak256;
/// Monero's hash to point function, as named `hash_to_ec`.
pub fn hash_to_point(bytes: [u8; 32]) -> EdwardsPoint {
#[allow(non_snake_case)]
let A = FieldElement::from(486662u64);
let v = FieldElement::from_square(hash(&bytes)).double();
let v = FieldElement::from_square(keccak256(&bytes)).double();
let w = v + FieldElement::ONE;
let x = w.square() + (-A.square() * v);