delegate sampling of generators to trait implementors (#59)

src/commitments.rs

@@ -7,11 +7,8 @@ use core::{
   marker::PhantomData,
   ops::{Add, AddAssign, Mul, MulAssign},
 };
-use digest::{ExtendableOutput, Input};
 use ff::Field;
 use merlin::Transcript;
-use sha3::Shake256;
-use std::io::Read;
 
 #[derive(Debug)]
 pub struct CommitGens<G: Group> {
@@ -30,16 +27,8 @@ pub struct CompressedCommitment<C: CompressedGroup> {
 }
 
 impl<G: Group> CommitGens<G> {
-  pub fn new(label: &[u8], n: usize) -> Self {
+  pub fn new(label: &'static [u8], n: usize) -> Self {
-    let mut shake = Shake256::default();
+    let gens = G::from_label(label, n);
-    shake.input(label);
-    let mut reader = shake.xof_result();
-    let mut gens: Vec<G::PreprocessedGroupElement> = Vec::new();
-    let mut uniform_bytes = [0u8; 64];
-    for _ in 0..n {
-      reader.read_exact(&mut uniform_bytes).unwrap();
-      gens.push(G::from_uniform_bytes(&uniform_bytes).unwrap());
-    }
 
     CommitGens {
       gens,

src/pasta.rs

@@ -4,6 +4,7 @@ use crate::{
   traits::{ChallengeTrait, CompressedGroup, Group},
 };
 use core::ops::Mul;
+use digest::{ExtendableOutput, Input};
 use ff::Field;
 use merlin::Transcript;
 use num_bigint::BigInt;
@@ -16,6 +17,8 @@ use pasta_curves::{
 };
 use rand::SeedableRng;
 use rand_chacha::ChaCha20Rng;
+use sha3::Shake256;
+use std::io::Read;
 
 //////////////////////////////////////Pallas///////////////////////////////////////////////
 
@@ -55,16 +58,18 @@ impl Group for pallas::Point {
     PallasCompressedElementWrapper::new(self.to_bytes())
   }
 
-  fn from_uniform_bytes(bytes: &[u8]) -> Option<Self::PreprocessedGroupElement> {
+  fn from_label(label: &'static [u8], n: usize) -> Vec<Self::PreprocessedGroupElement> {
-    if bytes.len() != 64 {
+    let mut shake = Shake256::default();
-      None
+    shake.input(label);
-    } else {
+    let mut reader = shake.xof_result();
-      let mut arr = [0; 32];
+    let mut gens: Vec<Self::PreprocessedGroupElement> = Vec::new();
-      arr.copy_from_slice(&bytes[0..32]);
+    let mut uniform_bytes = [0u8; 32];
-
+    for _ in 0..n {
+      reader.read_exact(&mut uniform_bytes).unwrap();
       let hash = Ep::hash_to_curve("from_uniform_bytes");
-      Some(hash(&arr).to_affine())
+      gens.push(hash(&uniform_bytes).to_affine());
     }
+    gens
   }
 
   fn to_coordinates(&self) -> (Self::Base, Self::Base, bool) {
@@ -143,16 +148,18 @@ impl Group for vesta::Point {
     VestaCompressedElementWrapper::new(self.to_bytes())
   }
 
-  fn from_uniform_bytes(bytes: &[u8]) -> Option<Self::PreprocessedGroupElement> {
+  fn from_label(label: &'static [u8], n: usize) -> Vec<Self::PreprocessedGroupElement> {
-    if bytes.len() != 64 {
+    let mut shake = Shake256::default();
-      None
+    shake.input(label);
-    } else {
+    let mut reader = shake.xof_result();
-      let mut arr = [0; 32];
+    let mut gens: Vec<Self::PreprocessedGroupElement> = Vec::new();
-      arr.copy_from_slice(&bytes[0..32]);
+    let mut uniform_bytes = [0u8; 32];
-
+    for _ in 0..n {
+      reader.read_exact(&mut uniform_bytes).unwrap();
       let hash = Eq::hash_to_curve("from_uniform_bytes");
-      Some(hash(&arr).to_affine())
+      gens.push(hash(&uniform_bytes).to_affine());
     }
+    gens
   }
 
   fn to_coordinates(&self) -> (Self::Base, Self::Base, bool) {

src/traits.rs

@@ -45,9 +45,8 @@ pub trait Group:
   /// Compresses the group element
   fn compress(&self) -> Self::CompressedGroupElement;
 
-  /// Attempts to create a group element from a sequence of bytes,
+  /// Produce a vector of group elements using a static label
-  /// failing with a `None` if the supplied bytes do not encode the group element
+  fn from_label(label: &'static [u8], n: usize) -> Vec<Self::PreprocessedGroupElement>;
-  fn from_uniform_bytes(bytes: &[u8]) -> Option<Self::PreprocessedGroupElement>;
 
   /// Returns the affine coordinates (x, y, infinty) for the point
   fn to_coordinates(&self) -> (Self::Base, Self::Base, bool);