From bad0d52d6549aa0ff4e1dfdfeec9046fb6174ea7 Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Mon, 17 Sep 2018 22:47:19 +0900
Subject: insert zero byte into low bit of h for BLS12-381

---
 src/bls_c_impl.hpp | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/bls_c_impl.hpp b/src/bls_c_impl.hpp
index ad52cf7..1540d94 100644
--- a/src/bls_c_impl.hpp
+++ b/src/bls_c_impl.hpp
@@ -270,7 +270,19 @@ int blsPublicKeyIsValidOrder(const blsPublicKey *pub)
 inline bool toG1(G1& Hm, const void *h, mclSize size)
 {
 	Fp t;
-	t.setArrayMask((const char *)h, size);
+	if (BN::param.cp.curveType == MCL_BLS12_381) {
+		/*
+			the current mapToG1 for BLS12_381 uses an algorithm to search x++ while y exsits,
+			so almost same h values return same point unless there exists margine in low bit.
+		*/
+		char buf[48];
+		buf[0] = 0;
+		size = (std::min)(size, sizeof(buf) - 1);
+		memcpy(&buf[1], h, size);
+		t.setArrayMask(buf, size + 1);
+	} else {
+		t.setArrayMask((const char *)h, size);
+	}
 	bool b;
 	BN::mapToG1(&b, Hm, t);
 	return b;
-- 
cgit v1.2.3