20:00:00 <dangerousfreedom> Hello guys. I'm stuck again.
20:00:00 <dangerousfreedom> I dont know how to translate to Python the 'ge_fromfe_frombytes_vartime' function. Basically it maps a random string (a hash) to the elliptic curve and outputs a point. I have read that https://github.com/monero-project/research-lab/blob/master/whitepaper/ge_fromfe_writeup/ge_fromfe.pdf
20:00:00 <dangerousfreedom> But I am a bit far from having an understanding. So, my question basically is: how would you code this function in Python? Where does it come from? (Please dont tell me that I have to translate the .c definition...)
20:02:57 <UkoeHB> wouldn't you be better off using like pybind11 to expose the crypto library?
20:05:01 <dangerousfreedom> Im trying to write an 'independent' (as much as I can) version of the c++ code
20:05:11 <dangerousfreedom> So I could also understand what is happening
20:07:29 <moneromooo> Find a python ECC lib somewhere and use that. sarang probably has one on github.
20:07:46 <dangerousfreedom> I saw that there is an implementation in Mininero but I could not make it work yet. Maybe it worked for the older python versions but I dont know why it is not working for me yet. It also looks very different from the .c code, so anyone had an experience with the mininero version?
20:08:45 <UkoeHB> moneromooo: hash to point is only implemented in monero code (ge_fromfe_frombytes_vartime)
20:08:49 <dangerousfreedom> moneromooo: Ok. Thats what Im trying to do. But I dont understand what I am debugging in Python. I dont even know the idea behind that mapping 
20:12:50 <dangerousfreedom> There is this function: https://github.com/monero-project/mininero/blob/c5fcee9d8ec8c302bca7fda8ce79b68e20d31c34/mininero.py#L238
20:12:50 <dangerousfreedom> But it looks very different from this function:
20:12:50 <dangerousfreedom> https://github.com/monero-project/monero/blob/master/src/crypto/crypto-ops.c#L2310
20:13:42 <dangerousfreedom> I guess they should do the same but I'm a bit scared to debug that
20:14:32 <UkoeHB> presumably if it does the same thing, then there won't be bugs
20:18:17 <dangerousfreedom> What if they do the same thing and both are buggy? :p
20:18:17 <dangerousfreedom> I guess my question is: is there any other place where this function is implemented? Up to now I believe I stepped only in 'well known' curves but this is totally new for me.
20:21:48 <UkoeHB> not that I know if
20:30:42 <dangerousfreedom> Then I guess that if I were an attacker, I would start here as every key_image uses that.
20:33:57 <dangerousfreedom> How random or good is this function? What if they map to certain points that are biased? Any material/studies on that?
20:50:03 <UkoeHB> oh I forgot, it is based on this paper: https://arxiv.org/pdf/0706.1448.pdf
20:51:25 <UkoeHB> maybe dr_overdose[m] could help you investigate this topic ^.^
21:15:18 <dangerousfreedom> Okay, let me see if I understood:
21:15:18 <dangerousfreedom> I'm trying to map a hash (input) to a point (output). First I do the cn_fast_hash and then my string becomes random. Then I want to point this random string to the curve. Then I use this ge_fromfe_frombytes_vartime, which is a deterministic function, to transfor this random string into a point in the curve. Is it correct? I didnt really understand this paper in the first read. Is it saying that he can build a function to
21:15:18 <dangerousfreedom> construct rational points in polynomial time in a elliptic curve and easily determine this points? If so, I believe that I'm understanding...
21:21:08 <dangerousfreedom> A nice video for those who enjoy it: https://www.youtube.com/watch?v=4M8_Oo7lpiA
21:21:12 <dangerousfreedom> :)