3.9.2 Better document rng_seed is allowed to conflict with challenge

2025-04-13 09:41:57 +00:00 · 2023-03-02 11:19:26 -05:00 · 2023-03-02 11:19:26 -05:00 · 79124b9a33
commit 79124b9a33
parent 6fec95b1a7
1 changed files with 11 additions and 5 deletions
--- a/crypto/transcript/src/lib.rs
+++ b/crypto/transcript/src/lib.rs
@ -25,13 +25,19 @@ pub trait Transcript {
  /// Append a message to the transcript.
  fn append_message<M: AsRef<[u8]>>(&mut self, label: &'static [u8], message: M);

-  /// Produce a challenge. This MUST update the transcript as it does so, preventing the same
-  /// challenge from being generated multiple times.
+  /// Produce a challenge.
+  ///
+  /// Implementors MUST update the transcript as it does so, preventing the same challenge from
+  /// being generated multiple times.
  fn challenge(&mut self, label: &'static [u8]) -> Self::Challenge;

-  /// Produce a RNG seed. Helper function for parties needing to generate random data from an
-  /// agreed upon state. Internally calls the challenge function for the needed bytes, converting
-  /// them to the seed format rand_core expects.
+  /// Produce a RNG seed.
+  ///
+  /// Helper function for parties needing to generate random data from an agreed upon state.
+  ///
+  /// Implementors MAY internally call the challenge function for the needed bytes, and accordingly
+  /// produce a transcript conflict between two transcripts, one which called challenge(label) and
+  /// one which called rng_seed(label) at the same point.
  fn rng_seed(&mut self, label: &'static [u8]) -> [u8; 32];
 }