From d929a8d96ecd066b8df88b64b9a9e8cc8bf09958 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Thu, 23 Feb 2023 04:27:31 -0500 Subject: [PATCH] 3.2.2 Use a hash to point for random points in dfg --- Cargo.lock | 1 + crypto/dalek-ff-group/Cargo.toml | 2 ++ crypto/dalek-ff-group/src/lib.rs | 15 ++++++--------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ba3aa9b2..aa5654bb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1517,6 +1517,7 @@ dependencies = [ "ff-group-tests", "group", "rand_core 0.6.4", + "sha2 0.9.9", "subtle", "zeroize", ] diff --git a/crypto/dalek-ff-group/Cargo.toml b/crypto/dalek-ff-group/Cargo.toml index aea5f2a9..fa6a1395 100644 --- a/crypto/dalek-ff-group/Cargo.toml +++ b/crypto/dalek-ff-group/Cargo.toml @@ -23,6 +23,8 @@ ff = "0.12" group = "0.12" crypto-bigint = "0.4" + +sha2 = "0.9" curve25519-dalek = "3.2" [dev-dependencies] diff --git a/crypto/dalek-ff-group/src/lib.rs b/crypto/dalek-ff-group/src/lib.rs index c60bbb5c..09e18c88 100644 --- a/crypto/dalek-ff-group/src/lib.rs +++ b/crypto/dalek-ff-group/src/lib.rs @@ -354,15 +354,12 @@ macro_rules! dalek_group { type Scalar = Scalar; fn random(mut rng: impl RngCore) -> Self { loop { - let mut bytes = field::FieldElement::random(&mut rng).to_repr(); - bytes[31] |= u8::try_from(rng.next_u32() % 2).unwrap() << 7; - let opt = Self::from_bytes(&bytes); - if opt.is_some().into() { - let opt = opt.unwrap(); - // Ban identity, per the trait specification - if !bool::from(opt.is_identity()) { - return opt; - } + let mut bytes = [0; 64]; + rng.fill_bytes(&mut bytes); + let point = $Point($DPoint::hash_from_bytes::(&bytes)); + // Ban identity, per the trait specification + if !bool::from(point.is_identity()) { + return point; } } }