Hashing To A Field: Expanding The Message
Domain string tags (DSTs) are increasingly used in hashing methods. In Figure 1, Bob has a message and wants a hashed output of a given number of bytes. For this, we can add the Domain Separation Tag (DST) and a definition of the length of the output:
Overall, we should not just concatenate the message and the DST, as it will not always get a unique set of (message, DST) pairs. For example, if we had two DSTs of “DEF” and “EF”, then, if we concatenate with a message of “ABC” and “ABCD”, we would get to identical pairs of (“ABC” || “DEF”) and (“ABCD” || “EF”) — as both would equal “ABCDEF”. The DST is thus used to initialise the hashing function rather than concatenating it to the message (as we would normally do when we add salt to a password).
Hash to curve
Let’s say we have almost 2²⁵⁶ integer point values. This will give us 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 different (x,y) points. Can we find a way to hash some data onto one of these points, and so it is not possible to know the data that resulted in that point, and that it is highly unlikely for two different data elements…
