Use optimized map_to_curve_elligator2_curve448()#1309
Open
daxpedda wants to merge 2 commits intoRustCrypto:masterfrom
Open
Use optimized map_to_curve_elligator2_curve448()#1309daxpedda wants to merge 2 commits intoRustCrypto:masterfrom
map_to_curve_elligator2_curve448()#1309daxpedda wants to merge 2 commits intoRustCrypto:masterfrom
Conversation
daxpedda
force-pushed
the
ed448-hash2curve
branch
from
0a9d2ad to
dcf6aea
Compare
tarcieri
reviewed
Jul 20, 2025
daxpedda
force-pushed
the
ed448-hash2curve
branch
from
06762d6 to
38ae790
Compare
55 tasks
daxpedda
force-pushed
the
ed448-hash2curve
branch
8 times, most recently
from
ea01d4d to
4a16b46
Compare
daxpedda
force-pushed
the
ed448-hash2curve
branch
from
4a16b46 to
c29bdb2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This implements Elligator2 mapping according to RFC 9380 for Curve448 and Ed448.
The current Curve448 mapping was using either the unoptimized or an outdated version. For Ed448 we were currently using the isogeny mapping, which works correctly ofc. However, RFC 9380 specifically outlines an optimized mapping for Ed448 in combination of the Curve448 mapping. This avoids unnecessary inversions between mapping from Curve448 to Ed448.
While Curve448 will first be introduced in #1306, the Ed448 Elligator mapping uses the Curve448 mapping.
I simply commented out
fn isoginy()as it is now unused. However, it will be adapted in #1306 to facilitate Montgomery to Edwards conversions.