Hash to curve as defined in the standard

[iquerejeta]

The current implementation is not compatible with the current definition of the standard. This PR provides a hash-to-curve implementation as defined in draft-irtf-cfrg-hash-to-curve-12.

• Implementation of hash_to_field as defined in the standard
• Implementation of hash_to_curve as defined in the standard, by changing the mechanism over which we chose the sign.
• For the point above, had to change the elligator_encode to return whether eps is a square or not (required for hash_to_curve).
• Included test vectors of the draft.
• Included FieldElement::from_bytes_wide(bytes: &u8; 64]) to reduce integers encoded in 64 bytes.

[iquerejeta]

I see in #438 that the function hash_to_bytes was deprecated. Is there any chance to include the hash_to_curve as defined in the standard? If there is the possibility of merging this PR, I'll check that the implemented version corresponds with the current version of the informational draft. cc: @rozbb

[rozbb]

Yes, thank u for following up. I do want to merge this but I haven't gotten a chance to do a proper review. We really need to get to a 4.0 release, so I think this might have to wait until 4.1. Thank you so much for this contribution. I promise it will get the attention it deserves.

[iquerejeta]

Great, thanks! And whenever you think you have time, you can ping me here, and I'll rebase (as there's been some changes in the hashing functions) and make sure it follows the latest version of the standard 👍 Thanks for working on this 🙏

[tarcieri]

It would also be interesting if someone could attempt to impl the hash2curve traits from the elliptic-curve crate i.e. as an optional dependency

[iquerejeta]

Happy to do it 👍 given that there is no rush, I should be able to dedicate a few cycles in a reasonable amount of time.