From 79124b9a3394ae1eaadf066fb7bc431afdaf5be3 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Thu, 2 Mar 2023 11:19:26 -0500
Subject: [PATCH] 3.9.2 Better document rng_seed is allowed to conflict with
 challenge

---
 crypto/transcript/src/lib.rs | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/crypto/transcript/src/lib.rs b/crypto/transcript/src/lib.rs
index 69374d8a..e8af6161 100644
--- a/crypto/transcript/src/lib.rs
+++ b/crypto/transcript/src/lib.rs
@@ -25,13 +25,19 @@ pub trait Transcript {
   /// Append a message to the transcript.
   fn append_message<M: AsRef<[u8]>>(&mut self, label: &'static [u8], message: M);
 
-  /// Produce a challenge. This MUST update the transcript as it does so, preventing the same
-  /// challenge from being generated multiple times.
+  /// Produce a challenge.
+  ///
+  /// Implementors MUST update the transcript as it does so, preventing the same challenge from
+  /// being generated multiple times.
   fn challenge(&mut self, label: &'static [u8]) -> Self::Challenge;
 
-  /// Produce a RNG seed. Helper function for parties needing to generate random data from an
-  /// agreed upon state. Internally calls the challenge function for the needed bytes, converting
-  /// them to the seed format rand_core expects.
+  /// Produce a RNG seed.
+  ///
+  /// Helper function for parties needing to generate random data from an agreed upon state.
+  ///
+  /// Implementors MAY internally call the challenge function for the needed bytes, and accordingly
+  /// produce a transcript conflict between two transcripts, one which called challenge(label) and
+  /// one which called rng_seed(label) at the same point.
   fn rng_seed(&mut self, label: &'static [u8]) -> [u8; 32];
 }