Suppose there is a cryptographic hash function $H : \{0,1\}^* \to \mathbb G$. Now, we want to define a hash function $H' : \{0,1\}^* \to \mathbb G \times \mathbb G $.
My first idea is to define $H'$ in the following way:
$H'(x) = (H(x||'0'), H(x||'1'))$
Is $H'$ cryptographically secure? If not, can you propose a secure construction that uses $H$?
The motivation behind this question is that some crypto libraries (e.g., Charm) provide functions for hashing to groups (e.g., $H$), but in some cases you need custom hash functions (e.g., $H'$)
