-
|
I need to convert some Java code to JS using this lib and added a /* eslint-disable no-undef */
import { createCurve } from "@noble/curves/_shortw_utils"
import { createHasher } from "@noble/curves/abstract/hash-to-curve"
import { Field } from "@noble/curves/abstract/modular"
import { mapToCurveSimpleSWU } from "@noble/curves/abstract/weierstrass"
import { sha256 } from "@noble/hashes/sha256"
// brainpoolP256r1 rfc and parameters used from
// https://www.rfc-editor.org/rfc/rfc5639.html https://neuromancer.sk/std/brainpool/brainpoolP256r1
const Fp = Field(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377"))
const CURVE_A = BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")
const CURVE_B = BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6")
export const brainpoolP256r1 = createCurve(
{
a: CURVE_A, // Equation params: a, b
b: CURVE_B,
Fp, // Field:
// Curve order, total count of valid points in the field
n: BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),
// Base (generator) point (x, y)
Gx: BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),
Gy: BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),
h: BigInt(1),
lowS: false,
} as const,
sha256
)
const mapSWU = /* @__PURE__ */ (() =>
mapToCurveSimpleSWU(Fp, {
A: CURVE_A,
B: CURVE_B,
Z: Fp.create(BigInt("-2")),
}))()
const htf = /* @__PURE__ */ (() =>
createHasher(brainpoolP256r1.ProjectivePoint, (scalars: bigint[]) => mapSWU(scalars[0]), {
DST: "brainpoolP256r1_XMD:SHA-256_SSWU_RO_",
encodeDST: "brainpoolP256r1_XMD:SHA-256_SSWU_NU_",
p: Fp.ORDER,
m: 1,
k: 128,
expand: "xmd",
hash: sha256,
}))()
export const hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)()
export const encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)()And this is the code I need to convert: byte[] pk1Pcd = new byte[curve.getFieldSize() / BYTE_LENGTH];
randomGenerator.nextBytes(pk1Pcd);
pcdSkX1 = new BigInteger(1, pk1Pcd);
final ECPoint pcdPkS1 = ecPointG.multiply(pcdSkX1);and my JS variant: const pk1pcd = random.getBytesSync(curve.CURVE.nByteLength)
const pcdSkX1 = BigInt("0x" + util.bytesToHex(pk1pcd.toString()))
const pcdPkS1 = curve.ProjectivePoint.BASE.multiply(pcdSkX1)However, while the Java version works with To me, as a encryption novice, this sounds like the point would be outside the curve? But how can the Java version work (same curve) then? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
|
you will need to do mod(pcdSkX1, brainpoolP256r1.CURVE.n) first. And instead of |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your always fast responses @paulmillr |
Beta Was this translation helpful? Give feedback.
-
|
Maximum valid value for multiplication of G (base point) by number is CURVE.n. If java function can accept values bigger than n, that means they do the mod() internally As for |
Beta Was this translation helpful? Give feedback.
-
|
thanks @paulmillr for your explanations and recommendations. Would you accept a PR with the 3 brainpool curves added to this library? |
Beta Was this translation helpful? Give feedback.
-
|
No. I will link to your add-on though, so that people looking for it would be able to use it. We can merge it if we get enough requests and the lib gets enough usage. Every new line of code needs to be audited by our users, which depend on proper security. |
Beta Was this translation helpful? Give feedback.
-
|
Sure we will supply a add-on then, the library architecture makes it possible. |
Beta Was this translation helpful? Give feedback.
you will need to do mod(pcdSkX1, brainpoolP256r1.CURVE.n) first. And instead of
random.getBytesSync(curve.CURVE.nByteLength), dorandom.getBytesSync(Math.floor(curve.CURVE.nByteLength * 1.5))