From 12b9606b9c6d73c4d116d5816967ad01906ffc67 Mon Sep 17 00:00:00 2001 From: Sean Bowe Date: Tue, 10 Oct 2017 01:13:35 -0600 Subject: [PATCH] G1/G2 rand() should produce elements of unknown exponent. --- src/bls12_381/ec.rs | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/bls12_381/ec.rs b/src/bls12_381/ec.rs index 1620564a4..f3223f700 100644 --- a/src/bls12_381/ec.rs +++ b/src/bls12_381/ec.rs @@ -85,7 +85,6 @@ macro_rules! curve_impl { } impl $affine { - fn mul_bits>(&self, bits: BitIterator) -> $projective { let mut res = $projective::zero(); for i in bits { @@ -95,7 +94,6 @@ macro_rules! curve_impl { res } - /// Attempts to construct an affine point given an x-coordinate. The /// point is not guaranteed to be in the prime order subgroup. /// @@ -200,7 +198,18 @@ macro_rules! curve_impl { impl Rand for $projective { fn rand(rng: &mut R) -> Self { - $affine::one().mul($scalarfield::rand(rng)) + loop { + let x = rng.gen(); + let greatest = rng.gen(); + + if let Some(p) = $affine::get_point_from_x(x, greatest) { + let p = p.scale_by_cofactor(); + + if !p.is_zero() { + return p; + } + } + } } } @@ -845,7 +854,6 @@ pub mod g1 { } impl G1Affine { - #[allow(dead_code)] fn scale_by_cofactor(&self) -> G1 { // G1 cofactor = (x - 1)^2 / 3 = 76329603384216526031706109802092473003 let cofactor = BitIterator::new([0x8c00aaab0000aaab, 0x396c8c005555e156]); @@ -1359,7 +1367,6 @@ pub mod g2 { } } - #[allow(dead_code)] fn scale_by_cofactor(&self) -> G2 { // G2 cofactor = (x^8 - 4 x^7 + 5 x^6) - (4 x^4 + 6 x^3 - 4 x^2 - 4 x + 13) // 9 // 0x5d543a95414e7f1091d50792876a202cd91de4547085abaa68a205b2e5a7ddfa628f1cb4d9e82ef21537e293a6691ae1616ec6e786f0c70cf1c38e31c7238e5