3.2.2 Use a hash to point for random points in dfg

2025-03-12 09:26:51 +00:00 · 2023-02-23 04:27:31 -05:00 · 2023-02-23 04:27:31 -05:00 · d929a8d96e
commit d929a8d96e
parent 74647b1b52
3 changed files with 9 additions and 9 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1517,6 +1517,7 @@ dependencies = [
 "ff-group-tests",
 "group",
 "rand_core 0.6.4",
+ "sha2 0.9.9",
 "subtle",
 "zeroize",
 ]
--- a/crypto/dalek-ff-group/Cargo.toml
+++ b/crypto/dalek-ff-group/Cargo.toml
@ -23,6 +23,8 @@ ff = "0.12"
 group = "0.12"

 crypto-bigint = "0.4"
+
+sha2 = "0.9"
 curve25519-dalek =  "3.2"

 [dev-dependencies]
--- a/crypto/dalek-ff-group/src/lib.rs
+++ b/crypto/dalek-ff-group/src/lib.rs
@ -354,15 +354,12 @@ macro_rules! dalek_group {
      type Scalar = Scalar;
      fn random(mut rng: impl RngCore) -> Self {
        loop {
-          let mut bytes = field::FieldElement::random(&mut rng).to_repr();
-          bytes[31] |= u8::try_from(rng.next_u32() % 2).unwrap() << 7;
-          let opt = Self::from_bytes(&bytes);
-          if opt.is_some().into() {
-            let opt = opt.unwrap();
-            // Ban identity, per the trait specification
-            if !bool::from(opt.is_identity()) {
-              return opt;
-            }
+          let mut bytes = [0; 64];
+          rng.fill_bytes(&mut bytes);
+          let point = $Point($DPoint::hash_from_bytes::<sha2::Sha512>(&bytes));
+          // Ban identity, per the trait specification
+          if !bool::from(point.is_identity()) {
+            return point;
          }
        }
      }