-
I need to convert some Java code to JS using this lib and added a /* eslint-disable no-undef */
import { createCurve } from "@noble/curves/_shortw_utils"
import { createHasher } from "@noble/curves/abstract/hash-to-curve"
import { Field } from "@noble/curves/abstract/modular"
import { mapToCurveSimpleSWU } from "@noble/curves/abstract/weierstrass"
import { sha256 } from "@noble/hashes/sha256"
// brainpoolP256r1 rfc and parameters used from
// https://www.rfc-editor.org/rfc/rfc5639.html https://neuromancer.sk/std/brainpool/brainpoolP256r1
const Fp = Field(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377"))
const CURVE_A = BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")
const CURVE_B = BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6")
export const brainpoolP256r1 = createCurve(
{
a: CURVE_A, // Equation params: a, b
b: CURVE_B,
Fp, // Field:
// Curve order, total count of valid points in the field
n: BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),
// Base (generator) point (x, y)
Gx: BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),
Gy: BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),
h: BigInt(1),
lowS: false,
} as const,
sha256
)
const mapSWU = /* @__PURE__ */ (() =>
mapToCurveSimpleSWU(Fp, {
A: CURVE_A,
B: CURVE_B,
Z: Fp.create(BigInt("-2")),
}))()
const htf = /* @__PURE__ */ (() =>
createHasher(brainpoolP256r1.ProjectivePoint, (scalars: bigint[]) => mapSWU(scalars[0]), {
DST: "brainpoolP256r1_XMD:SHA-256_SSWU_RO_",
encodeDST: "brainpoolP256r1_XMD:SHA-256_SSWU_NU_",
p: Fp.ORDER,
m: 1,
k: 128,
expand: "xmd",
hash: sha256,
}))()
export const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)()
export const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)() And this is the code I need to convert: byte[] pk1Pcd = new byte[curve.getFieldSize() / BYTE_LENGTH];
randomGenerator.nextBytes(pk1Pcd);
pcdSkX1 = new BigInteger(1, pk1Pcd);
final ECPoint pcdPkS1 = ecPointG.multiply(pcdSkX1); and my JS variant: const pk1pcd = random.getBytesSync(curve.CURVE.nByteLength)
const pcdSkX1 = BigInt("0x" + util.bytesToHex(pk1pcd.toString()))
const pcdPkS1 = curve.ProjectivePoint.BASE.multiply(pcdSkX1) However, while the Java version works with
To me, as a encryption novice, this sounds like the point would be outside the curve? But how can the Java version work (same curve) then? |
Beta Was this translation helpful? Give feedback.
Answered by
paulmillr
Mar 6, 2024
Replies: 1 comment 5 replies
-
you will need to do mod(pcdSkX1, brainpoolP256r1.CURVE.n) first. And instead of |
Beta Was this translation helpful? Give feedback.
5 replies
Answer selected by
pke
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
you will need to do mod(pcdSkX1, brainpoolP256r1.CURVE.n) first. And instead of
random.getBytesSync(curve.CURVE.nByteLength)
, dorandom.getBytesSync(Math.floor(curve.CURVE.nByteLength * 1.5))