in src/hidden_dlog.c [143:197]
int HDLOG_challenge_CG21(BIG_1024_58 *N, BIG_1024_58 *B0, BIG_1024_58 *B1, HDLOG_iter_values RHO, const HDLOG_SSID *ssid,
octet *E, int n)
{
hash256 sha;
char o[SFS_SECP256K1 + 1];
octet G_oct = {0, sizeof(o), o};
char qq[EGS_SECP256K1];
octet q_oct = {0, sizeof(qq), qq};
char w[FS_2048];
octet W = {0, sizeof(w), w};
HASH256_init(&sha);
// Bind the public parameters
FF_2048_toOctet(&W, N, FFLEN_2048);
HASH_UTILS_hash_oct(&sha, &W);
FF_2048_toOctet(&W, B0, FFLEN_2048);
HASH_UTILS_hash_oct(&sha, &W);
FF_2048_toOctet(&W, B1, FFLEN_2048);
HASH_UTILS_hash_oct(&sha, &W);
HASH_UTILS_hash_oct(&sha, ssid->rid);
HASH_UTILS_hash_oct(&sha, ssid->rho);
CG21_get_G(&G_oct);
CG21_get_q(&q_oct);
HASH_UTILS_hash_oct(&sha, &G_oct);
HASH_UTILS_hash_oct(&sha, &q_oct);
// sort partial X[i] based on j_packed and process them into sha
int rc = CG21_hash_set_X(&sha, ssid->X_set_packed, ssid->j_set_packed, n, EFS_SECP256K1 + 1);
if (rc!=CG21_OK){
return rc;
}
// Bind to commitment
for (int i = 0; i < HDLOG_PROOF_ITERS; i++)
{
FF_2048_toOctet(&W, RHO[i], FFLEN_2048);
HASH_UTILS_hash_oct(&sha, &W);
}
HASH256_hash(&sha, w);
OCT_clear(E);
OCT_jbytes(E, w, HDLOG_CHALLENGE_SIZE);
return HDLOG_OK;
}