Update applications/Implementation of the new hash function to BLS12 …

…curves.md

Co-authored-by: Aleixo Sanchez <[email protected]>

applications/Implementation of the new hash function to BLS12 curves.md

@@ -120,6 +120,7 @@ https://link.springer.com/article/10.1007/s10623-022-01012-8
 | 0c. | Testing Guide | Core functions will be fully covered by unit tests to ensure functionality and robustness. Ie will describe how to run these tests. |
 | 0d. | Docker | I do not intend to deliver this, because Milestone 1 is research oriented. |
 | 0e. | Article | I will cite the implementation in Section 1.1 of my new article https://eprint.iacr.org/2021/1082. I would like to submit this article to the international conference https://fq15.telecom-paris.fr/index.html in Paris if it is not canceled because of COVID-19.
+| 1. | Implementation | Sage implementation of the hash function described below.
 
 To be definite, let me use the notation of my article https://link.springer.com/article/10.1007/s10623-022-01012-8. The new hash function consists of three components: a classical one \eta: {0,1}^* -> Fp^2, a rational map \varphi: Fp^2 -> T(Fp), and an additional map h^\prime: T(Fp) -> E(Fp), where E is a given elliptic Fp-curve of j-invariant 0 and T is a suplementary algebraic threefold. A construction of \eta is represented in Section 5 of the draft https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/. This is the composition of a hash function {0,1}^* -> {0,1}^n for some n \in N and the subsequent restriction modulo p, hence we can use a standard hash function from one of Sage libraries. It remains to implement \varphi and h^\prime just as described in my article. In particular, to perform the (unique) exponentiation in Fp (arising in h^\prime) in the case of BLS12-381 curve an addition chain of quite small length has already been derived in https://github.com/dishport/Some-remarks-on-how-to-hash-faster-onto-elliptic-curves (cf. Section 1.1 of https://eprint.iacr.org/2021/1082).