Hello guys. I'm stuck again.

I dont know how to translate to Python the 'ge_fromfe_frombytes_vartime' function. Basically it maps a random string (a hash) to the elliptic curve and outputs a point. I have read that github.com/monero-project/research-…per/ge_fromfe_writeup/ge_fromfe.pdf

But I am a bit far from having an understanding. So, my question basically is: how would you code this function in Python? Where does it come from? (Please dont tell me that I have to translate the .c definition...)

wouldn't you be better off using like pybind11 to expose the crypto library?

Im trying to write an 'independent' (as much as I can) version of the c++ code

So I could also understand what is happening

Find a python ECC lib somewhere and use that. sarang probably has one on github.

I saw that there is an implementation in Mininero but I could not make it work yet. Maybe it worked for the older python versions but I dont know why it is not working for me yet. It also looks very different from the .c code, so anyone had an experience with the mininero version?

moneromooo: hash to point is only implemented in monero code (ge_fromfe_frombytes_vartime)

moneromooo: Ok. Thats what Im trying to do. But I dont understand what I am debugging in Python. I dont even know the idea behind that mapping

There is this function: github.com/monero-project/mininero/…a8ce79b68e20d31c34/mininero.py#L238

But it looks very different from this function:

I guess they should do the same but I'm a bit scared to debug that

presumably if it does the same thing, then there won't be bugs

What if they do the same thing and both are buggy? :p

I guess my question is: is there any other place where this function is implemented? Up to now I believe I stepped only in 'well known' curves but this is totally new for me.

not that I know if

Then I guess that if I were an attacker, I would start here as every key_image uses that.

How random or good is this function? What if they map to certain points that are biased? Any material/studies on that?

oh I forgot, it is based on this paper: arxiv.org/pdf/0706.1448.pdf

maybe dr_overdose[m] could help you investigate this topic ^.^

Okay, let me see if I understood:

I'm trying to map a hash (input) to a point (output). First I do the cn_fast_hash and then my string becomes random. Then I want to point this random string to the curve. Then I use this ge_fromfe_frombytes_vartime, which is a deterministic function, to transfor this random string into a point in the curve. Is it correct? I didnt really understand this paper in the first read. Is it saying that he can build a function to

construct rational points in polynomial time in a elliptic curve and easily determine this points? If so, I believe that I'm understanding...

A nice video for those who enjoy it: youtube.com/watch?v=4M8_Oo7lpiA

:)