noble-curves
noble-curves copied to clipboard
paulmillr
Fp.fromBytes does not mod-reduce by default
Hi, Paul
Consider the array derived set to Uint8Array(32) [ 239, 58, 3, 206, 5, 236, 79, 101, 215, 253, 95, 44, 114, 216, 108, 195, 191, 131, 86, 158, 222, 211, 233, 216, 103, 133, 230, 212, 191, 1, 173, 98 ]
I have the following code that uses derived:
bg = require('@noble/curves/bn254').bn254;
const fp = mod.Field(bg.CURVE.Fp.ORDER);
var three = fp.create(3n);
var one = fp.create(1n);
var x = fp.fromBytes(derived);
var y;
while (true) {
y = fp.mul(x, x);
y = fp.mul(y, x);
y = fp.add(y, three);
try {
y = fp.sqrt(y);
break;
} catch (err) {
console.log("iterate");
x = fp.add(x, one);
}
}
console.log("x:" + x + " order:" + bg.CURVE.Fp.ORDER + " x<order:" + (x < bg.CURVE.Fp.ORDER));
I get the result:
x:108205274200769640731677027225433911640053818717593242889612531000506144894306 order:21888242871839275222246405745257275088696311157297823662689037894645226208583 x<order:false
The code is just doing some modular computations with fp, where p is initialized to the prime p=21888242871839275222246405745257275088696311157297823662689037894645226208583 of the bn254 curve. The issue is that each output of fp.mul/add/sqrt should be than p, Instead I get values larger than p. Isn't that incorrect?
(Btw, this should be the code for a hash to point function for bn254 that uses the basic hash and pray approach.)
However, I can bypass the issue adding x=fp.create(x) If I can kindly use this thread I would ask another question. I have now coordinates x and y, what is the easiest way to create a G1 Point with coordinates x and y? It is not clear from the README.
fp.fromBytes does not do modulo-reducing by default. Maybe it's a bad idea, but it works like that now. So you need to do instead:
var x = fp.create(fp.fromBytes(derived));
I have now coordinates x and y, what is the easiest way to create a G1 Point with coordinates x and y?
bn254 is just an ordinary weierstrass curve - just like with any other, use bn254.ProjectivePoint class.
