From adfc88926bbf3cfc0984fcce9b0b7702b1cb356a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 11 Jul 2019 08:46:47 -0400 Subject: [PATCH] Migrate sapling-crypto to rand 0.5 --- Cargo.lock | 2 +- sapling-crypto/Cargo.toml | 2 +- sapling-crypto/examples/bench.rs | 27 ++-- sapling-crypto/src/circuit/blake2s.rs | 15 +- sapling-crypto/src/circuit/ecc.rs | 70 ++++++--- sapling-crypto/src/circuit/lookup.rs | 23 ++- sapling-crypto/src/circuit/multipack.rs | 5 +- sapling-crypto/src/circuit/num.rs | 24 +-- sapling-crypto/src/circuit/pedersen_hash.rs | 10 +- sapling-crypto/src/circuit/sapling/mod.rs | 44 ++++-- sapling-crypto/src/circuit/sha256.rs | 10 +- sapling-crypto/src/circuit/uint32.rs | 45 ++++-- sapling-crypto/src/jubjub/edwards.rs | 2 +- sapling-crypto/src/jubjub/fs.rs | 161 ++++++++++++-------- sapling-crypto/src/jubjub/montgomery.rs | 2 +- sapling-crypto/src/jubjub/tests.rs | 59 +++++-- sapling-crypto/src/redjubjub.rs | 16 +- 17 files changed, 347 insertions(+), 170 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9eb4dc4..a823c3e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -498,7 +498,7 @@ dependencies = [ "ff 0.4.0", "hex-literal 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", "pairing 0.14.2", - "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.5.6 (registry+https://github.com/rust-lang/crates.io-index)", "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)", ] diff --git a/sapling-crypto/Cargo.toml b/sapling-crypto/Cargo.toml index 7d43774..3d895db 100644 --- a/sapling-crypto/Cargo.toml +++ b/sapling-crypto/Cargo.toml @@ -17,7 +17,7 @@ bellman = { path = "../bellman" } blake2b_simd = "0.5" blake2s_simd = "0.5" ff = { path = "../ff" } -rand = "0.4" +rand = "0.5" digest = "0.7" byteorder = "1" diff --git a/sapling-crypto/examples/bench.rs b/sapling-crypto/examples/bench.rs index 4b7a707..9b4c0ae 100644 --- a/sapling-crypto/examples/bench.rs +++ b/sapling-crypto/examples/bench.rs @@ -1,8 +1,10 @@ +extern crate ff; extern crate sapling_crypto; extern crate bellman; extern crate rand; extern crate pairing; +use ff::Field; use std::time::{Duration, Instant}; use sapling_crypto::jubjub::{ JubjubBls12, @@ -18,14 +20,17 @@ use sapling_crypto::primitives::{ ValueCommitment }; use bellman::groth16::*; -use rand::{XorShiftRng, SeedableRng, Rng}; +use rand::{XorShiftRng, SeedableRng, Rng, RngCore}; use pairing::bls12_381::{Bls12, Fr}; const TREE_DEPTH: usize = 32; fn main() { let jubjub_params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); println!("Creating sample parameters..."); let groth_params = generate_random_parameters::( @@ -48,10 +53,10 @@ fn main() { for _ in 0..SAMPLES { let value_commitment = ValueCommitment { value: 1, - randomness: rng.gen() + randomness: fs::Fs::random(rng) }; - let nsk: fs::Fs = rng.gen(); + let nsk = fs::Fs::random(rng); let ak = edwards::Point::rand(rng, jubjub_params).mul_by_cofactor(jubjub_params); let proof_generation_key = ProofGenerationKey { @@ -64,7 +69,11 @@ fn main() { let payment_address; loop { - let diversifier = Diversifier(rng.gen()); + let diversifier = { + let mut d = [0; 11]; + rng.fill_bytes(&mut d); + Diversifier(d) + }; if let Some(p) = viewing_key.into_payment_address( diversifier, @@ -76,10 +85,10 @@ fn main() { } } - let commitment_randomness: fs::Fs = rng.gen(); - let auth_path = vec![Some((rng.gen(), rng.gen())); TREE_DEPTH]; - let ar: fs::Fs = rng.gen(); - let anchor: Fr = rng.gen(); + let commitment_randomness = fs::Fs::random(rng); + let auth_path = vec![Some((Fr::random(rng), rng.gen())); TREE_DEPTH]; + let ar = fs::Fs::random(rng); + let anchor = Fr::random(rng); let start = Instant::now(); let _ = create_random_proof(Spend { diff --git a/sapling-crypto/src/circuit/blake2s.rs b/sapling-crypto/src/circuit/blake2s.rs index 46bbe67..e6748ba 100644 --- a/sapling-crypto/src/circuit/blake2s.rs +++ b/sapling-crypto/src/circuit/blake2s.rs @@ -366,7 +366,10 @@ mod test { // doesn't result in more constraints. let mut cs = TestConstraintSystem::::new(); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let input_bits: Vec<_> = (0..512) .map(|_| Boolean::constant(rng.gen())) .chain((0..512) @@ -380,7 +383,10 @@ mod test { #[test] fn test_blake2s_constant_constraints() { let mut cs = TestConstraintSystem::::new(); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let input_bits: Vec<_> = (0..512).map(|_| Boolean::constant(rng.gen())).collect(); blake2s(&mut cs, &input_bits, b"12345678").unwrap(); assert_eq!(cs.num_constraints(), 0); @@ -388,7 +394,10 @@ mod test { #[test] fn test_blake2s() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for input_len in (0..32).chain((32..256).filter(|a| a % 8 == 0)) { diff --git a/sapling-crypto/src/circuit/ecc.rs b/sapling-crypto/src/circuit/ecc.rs index 1071649..3fc9713 100644 --- a/sapling-crypto/src/circuit/ecc.rs +++ b/sapling-crypto/src/circuit/ecc.rs @@ -748,7 +748,7 @@ impl MontgomeryPoint { #[cfg(test)] mod test { use bellman::{ConstraintSystem}; - use rand::{XorShiftRng, SeedableRng, Rand, Rng}; + use rand::{XorShiftRng, SeedableRng, Rng}; use ff::{BitIterator, Field, PrimeField}; use pairing::bls12_381::{Bls12, Fr}; use ::circuit::test::*; @@ -774,7 +774,10 @@ mod test { #[test] fn test_into_edwards() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let mut cs = TestConstraintSystem::::new(); @@ -798,12 +801,12 @@ mod test { assert!(q.x.get_value().unwrap() == u); assert!(q.y.get_value().unwrap() == v); - cs.set("u/num", rng.gen()); + cs.set("u/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied().unwrap(), "u computation"); cs.set("u/num", u); assert!(cs.is_satisfied()); - cs.set("v/num", rng.gen()); + cs.set("v/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied().unwrap(), "v computation"); cs.set("v/num", v); assert!(cs.is_satisfied()); @@ -813,7 +816,10 @@ mod test { #[test] fn test_interpret() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let p = edwards::Point::::rand(rng, ¶ms); @@ -853,8 +859,8 @@ mod test { // Random (x, y) are unlikely to be on the curve. for _ in 0..100 { - let x = rng.gen(); - let y = rng.gen(); + let x = Fr::random(rng); + let y = Fr::random(rng); let mut cs = TestConstraintSystem::::new(); let numx = AllocatedNum::alloc(cs.namespace(|| "x"), || { @@ -873,13 +879,16 @@ mod test { #[test] fn test_edwards_fixed_base_multiplication() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let mut cs = TestConstraintSystem::::new(); let p = params.generator(FixedGenerators::NoteCommitmentRandomness); - let s = Fs::rand(rng); + let s = Fs::random(rng); let q = p.mul(s, params); let (x1, y1) = q.into_xy(); @@ -908,13 +917,16 @@ mod test { #[test] fn test_edwards_multiplication() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let mut cs = TestConstraintSystem::::new(); let p = edwards::Point::::rand(rng, params); - let s = Fs::rand(rng); + let s = Fs::random(rng); let q = p.mul(s, params); let (x0, y0) = p.into_xy(); @@ -965,7 +977,10 @@ mod test { #[test] fn test_conditionally_select() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); @@ -1031,7 +1046,10 @@ mod test { #[test] fn test_edwards_addition() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let p1 = edwards::Point::::rand(rng, params); @@ -1077,19 +1095,19 @@ mod test { assert!(p3.y.get_value().unwrap() == y2); let u = cs.get("addition/U/num"); - cs.set("addition/U/num", rng.gen()); + cs.set("addition/U/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/U computation")); cs.set("addition/U/num", u); assert!(cs.is_satisfied()); let x3 = cs.get("addition/x3/num"); - cs.set("addition/x3/num", rng.gen()); + cs.set("addition/x3/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/x3 computation")); cs.set("addition/x3/num", x3); assert!(cs.is_satisfied()); let y3 = cs.get("addition/y3/num"); - cs.set("addition/y3/num", rng.gen()); + cs.set("addition/y3/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/y3 computation")); cs.set("addition/y3/num", y3); assert!(cs.is_satisfied()); @@ -1099,7 +1117,10 @@ mod test { #[test] fn test_edwards_doubling() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let p1 = edwards::Point::::rand(rng, params); @@ -1134,11 +1155,14 @@ mod test { #[test] fn test_montgomery_addition() { let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let p1 = loop { - let x: Fr = rng.gen(); + let x = Fr::random(rng); let s: bool = rng.gen(); if let Some(p) = montgomery::Point::::get_for_x(x, s, params) { @@ -1147,7 +1171,7 @@ mod test { }; let p2 = loop { - let x: Fr = rng.gen(); + let x = Fr::random(rng); let s: bool = rng.gen(); if let Some(p) = montgomery::Point::::get_for_x(x, s, params) { @@ -1194,17 +1218,17 @@ mod test { assert!(p3.x.get_value().unwrap() == x2); assert!(p3.y.get_value().unwrap() == y2); - cs.set("addition/yprime/num", rng.gen()); + cs.set("addition/yprime/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/evaluate yprime")); cs.set("addition/yprime/num", y2); assert!(cs.is_satisfied()); - cs.set("addition/xprime/num", rng.gen()); + cs.set("addition/xprime/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/evaluate xprime")); cs.set("addition/xprime/num", x2); assert!(cs.is_satisfied()); - cs.set("addition/lambda/num", rng.gen()); + cs.set("addition/lambda/num", Fr::random(rng)); assert_eq!(cs.which_is_unsatisfied(), Some("addition/evaluate lambda")); } } diff --git a/sapling-crypto/src/circuit/lookup.rs b/sapling-crypto/src/circuit/lookup.rs index 272f5f6..4b6e13b 100644 --- a/sapling-crypto/src/circuit/lookup.rs +++ b/sapling-crypto/src/circuit/lookup.rs @@ -196,7 +196,7 @@ pub fn lookup3_xy_with_conditional_negation( #[cfg(test)] mod test { - use rand::{SeedableRng, Rand, Rng, XorShiftRng}; + use rand::{SeedableRng, Rng, XorShiftRng}; use super::*; use ::circuit::test::*; use ::circuit::boolean::{Boolean, AllocatedBit}; @@ -204,7 +204,10 @@ mod test { #[test] fn test_lookup3_xy() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0656]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let mut cs = TestConstraintSystem::::new(); @@ -226,7 +229,7 @@ mod test { let bits = vec![a, b, c]; - let points: Vec<(Fr, Fr)> = (0..8).map(|_| (rng.gen(), rng.gen())).collect(); + let points: Vec<(Fr, Fr)> = (0..8).map(|_| (Fr::random(&mut rng), Fr::random(&mut rng))).collect(); let res = lookup3_xy(&mut cs, &bits, &points).unwrap(); @@ -244,7 +247,10 @@ mod test { #[test] fn test_lookup3_xy_with_conditional_negation() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let mut cs = TestConstraintSystem::::new(); @@ -266,7 +272,7 @@ mod test { let bits = vec![a, b, c]; - let points: Vec<(Fr, Fr)> = (0..4).map(|_| (rng.gen(), rng.gen())).collect(); + let points: Vec<(Fr, Fr)> = (0..4).map(|_| (Fr::random(&mut rng), Fr::random(&mut rng))).collect(); let res = lookup3_xy_with_conditional_negation(&mut cs, &bits, &points).unwrap(); @@ -285,12 +291,15 @@ mod test { #[test] fn test_synth() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let window_size = 4; let mut assignment = vec![Fr::zero(); 1 << window_size]; - let constants: Vec<_> = (0..(1 << window_size)).map(|_| Fr::rand(&mut rng)).collect(); + let constants: Vec<_> = (0..(1 << window_size)).map(|_| Fr::random(&mut rng)).collect(); synth::(window_size, &constants, &mut assignment); diff --git a/sapling-crypto/src/circuit/multipack.rs b/sapling-crypto/src/circuit/multipack.rs index bf1b046..fd7cbfb 100644 --- a/sapling-crypto/src/circuit/multipack.rs +++ b/sapling-crypto/src/circuit/multipack.rs @@ -86,7 +86,10 @@ fn test_multipacking() { use ::circuit::test::*; use super::boolean::{AllocatedBit, Boolean}; - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for num_bits in 0..1500 { let mut cs = TestConstraintSystem::::new(); diff --git a/sapling-crypto/src/circuit/num.rs b/sapling-crypto/src/circuit/num.rs index 919d921..7201356 100644 --- a/sapling-crypto/src/circuit/num.rs +++ b/sapling-crypto/src/circuit/num.rs @@ -455,7 +455,7 @@ impl Num { #[cfg(test)] mod test { - use rand::{SeedableRng, Rand, Rng, XorShiftRng}; + use rand::{SeedableRng, XorShiftRng}; use bellman::{ConstraintSystem}; use ff::{BitIterator, Field, PrimeField}; use pairing::bls12_381::{Bls12, Fr}; @@ -502,12 +502,15 @@ mod test { #[test] fn test_num_conditional_reversal() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); { let mut cs = TestConstraintSystem::::new(); - let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(rng.gen())).unwrap(); - let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(rng.gen())).unwrap(); + let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::random(&mut rng))).unwrap(); + let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::random(&mut rng))).unwrap(); let condition = Boolean::constant(false); let (c, d) = AllocatedNum::conditionally_reverse(&mut cs, &a, &b, &condition).unwrap(); @@ -520,8 +523,8 @@ mod test { { let mut cs = TestConstraintSystem::::new(); - let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(rng.gen())).unwrap(); - let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(rng.gen())).unwrap(); + let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::random(&mut rng))).unwrap(); + let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::random(&mut rng))).unwrap(); let condition = Boolean::constant(true); let (c, d) = AllocatedNum::conditionally_reverse(&mut cs, &a, &b, &condition).unwrap(); @@ -573,10 +576,13 @@ mod test { #[test] fn test_into_bits() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for i in 0..200 { - let r = Fr::rand(&mut rng); + let r = Fr::random(&mut rng); let mut cs = TestConstraintSystem::::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(r)).unwrap(); @@ -597,7 +603,7 @@ mod test { } } - cs.set("num", Fr::rand(&mut rng)); + cs.set("num", Fr::random(&mut rng)); assert!(!cs.is_satisfied()); cs.set("num", r); assert!(cs.is_satisfied()); diff --git a/sapling-crypto/src/circuit/pedersen_hash.rs b/sapling-crypto/src/circuit/pedersen_hash.rs index 297a0e0..f26b98e 100644 --- a/sapling-crypto/src/circuit/pedersen_hash.rs +++ b/sapling-crypto/src/circuit/pedersen_hash.rs @@ -121,7 +121,10 @@ mod test { #[test] fn test_pedersen_hash_constraints() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let params = &JubjubBls12::new(); let mut cs = TestConstraintSystem::::new(); @@ -146,7 +149,10 @@ mod test { #[test] fn test_pedersen_hash() { - let mut rng = XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let params = &JubjubBls12::new(); for length in 0..751 { diff --git a/sapling-crypto/src/circuit/sapling/mod.rs b/sapling-crypto/src/circuit/sapling/mod.rs index e84b94a..2c4d566 100644 --- a/sapling-crypto/src/circuit/sapling/mod.rs +++ b/sapling-crypto/src/circuit/sapling/mod.rs @@ -600,22 +600,25 @@ impl<'a, E: JubjubEngine> Circuit for Output<'a, E> { fn test_input_circuit_with_bls12_381() { use ff::{BitIterator, Field}; use pairing::bls12_381::*; - use rand::{SeedableRng, Rng, XorShiftRng}; + use rand::{SeedableRng, Rng, RngCore, XorShiftRng}; use ::circuit::test::*; use jubjub::{JubjubBls12, fs, edwards}; let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x58, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let tree_depth = 32; for _ in 0..10 { let value_commitment = ValueCommitment { value: rng.gen(), - randomness: rng.gen() + randomness: fs::Fs::random(rng), }; - let nsk: fs::Fs = rng.gen(); + let nsk = fs::Fs::random(rng); let ak = edwards::Point::rand(rng, params).mul_by_cofactor(params); let proof_generation_key = ::primitives::ProofGenerationKey { @@ -628,7 +631,11 @@ fn test_input_circuit_with_bls12_381() { let payment_address; loop { - let diversifier = ::primitives::Diversifier(rng.gen()); + let diversifier = { + let mut d = [0; 11]; + rng.fill_bytes(&mut d); + ::primitives::Diversifier(d) + }; if let Some(p) = viewing_key.into_payment_address( diversifier, @@ -641,9 +648,9 @@ fn test_input_circuit_with_bls12_381() { } let g_d = payment_address.diversifier.g_d(params).unwrap(); - let commitment_randomness: fs::Fs = rng.gen(); - let auth_path = vec![Some((rng.gen(), rng.gen())); tree_depth]; - let ar: fs::Fs = rng.gen(); + let commitment_randomness = fs::Fs::random(rng); + let auth_path = vec![Some((Fr::random(rng), rng.gen())); tree_depth]; + let ar = fs::Fs::random(rng); { let rk = viewing_key.rk(ar, params).into_xy(); @@ -732,20 +739,23 @@ fn test_input_circuit_with_bls12_381() { fn test_output_circuit_with_bls12_381() { use ff::Field; use pairing::bls12_381::*; - use rand::{SeedableRng, Rng, XorShiftRng}; + use rand::{SeedableRng, Rng, RngCore, XorShiftRng}; use ::circuit::test::*; use jubjub::{JubjubBls12, fs, edwards}; let params = &JubjubBls12::new(); - let rng = &mut XorShiftRng::from_seed([0x3dbe6258, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x58, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { let value_commitment = ValueCommitment { value: rng.gen(), - randomness: rng.gen() + randomness: fs::Fs::random(rng), }; - let nsk: fs::Fs = rng.gen(); + let nsk = fs::Fs::random(rng); let ak = edwards::Point::rand(rng, params).mul_by_cofactor(params); let proof_generation_key = ::primitives::ProofGenerationKey { @@ -758,7 +768,11 @@ fn test_output_circuit_with_bls12_381() { let payment_address; loop { - let diversifier = ::primitives::Diversifier(rng.gen()); + let diversifier = { + let mut d = [0; 11]; + rng.fill_bytes(&mut d); + ::primitives::Diversifier(d) + }; if let Some(p) = viewing_key.into_payment_address( diversifier, @@ -770,8 +784,8 @@ fn test_output_circuit_with_bls12_381() { } } - let commitment_randomness: fs::Fs = rng.gen(); - let esk: fs::Fs = rng.gen(); + let commitment_randomness = fs::Fs::random(rng); + let esk = fs::Fs::random(rng); { let mut cs = TestConstraintSystem::::new(); diff --git a/sapling-crypto/src/circuit/sha256.rs b/sapling-crypto/src/circuit/sha256.rs index 7b55fc8..4837640 100644 --- a/sapling-crypto/src/circuit/sha256.rs +++ b/sapling-crypto/src/circuit/sha256.rs @@ -341,7 +341,10 @@ mod test { #[test] fn test_full_block() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let iv = get_sha256_iv(); @@ -370,7 +373,10 @@ mod test { use crypto::sha2::Sha256; use crypto::digest::Digest; - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for input_len in (0..32).chain((32..256).filter(|a| a % 8 == 0)) { diff --git a/sapling-crypto/src/circuit/uint32.rs b/sapling-crypto/src/circuit/uint32.rs index 6dd4535..daca627 100644 --- a/sapling-crypto/src/circuit/uint32.rs +++ b/sapling-crypto/src/circuit/uint32.rs @@ -420,7 +420,10 @@ mod test { #[test] fn test_uint32_from_bits_be() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0653]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut v = (0..32).map(|_| Boolean::constant(rng.gen())).collect::>(); @@ -451,7 +454,10 @@ mod test { #[test] fn test_uint32_from_bits() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0653]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut v = (0..32).map(|_| Boolean::constant(rng.gen())).collect::>(); @@ -482,7 +488,10 @@ mod test { #[test] fn test_uint32_xor() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0653]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); @@ -524,7 +533,10 @@ mod test { #[test] fn test_uint32_addmany_constants() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); @@ -563,7 +575,10 @@ mod test { #[test] fn test_uint32_addmany() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); @@ -620,7 +635,10 @@ mod test { #[test] fn test_uint32_rotr() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let mut num = rng.gen(); @@ -650,7 +668,10 @@ mod test { #[test] fn test_uint32_shr() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..50 { for i in 0..60 { @@ -670,7 +691,10 @@ mod test { #[test] fn test_uint32_sha256_maj() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0653]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); @@ -711,7 +735,10 @@ mod test { #[test] fn test_uint32_sha256_ch() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0653]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let mut cs = TestConstraintSystem::::new(); diff --git a/sapling-crypto/src/jubjub/edwards.rs b/sapling-crypto/src/jubjub/edwards.rs index 16d21e7..95b6120 100644 --- a/sapling-crypto/src/jubjub/edwards.rs +++ b/sapling-crypto/src/jubjub/edwards.rs @@ -188,7 +188,7 @@ impl Point { pub fn rand(rng: &mut R, params: &E::Params) -> Self { loop { - let y: E::Fr = rng.gen(); + let y = E::Fr::random(rng); if let Some(p) = Self::get_for_y(y, rng.gen(), params) { return p; diff --git a/sapling-crypto/src/jubjub/fs.rs b/sapling-crypto/src/jubjub/fs.rs index 6a51573..55df2cb 100644 --- a/sapling-crypto/src/jubjub/fs.rs +++ b/sapling-crypto/src/jubjub/fs.rs @@ -4,6 +4,7 @@ use ff::{ LegendreSymbol::{self, *}, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, SqrtField, }; +use rand::RngCore; use super::ToUniform; @@ -42,13 +43,6 @@ const NEGATIVE_ONE: Fs = Fs(FsRepr([0xaa9f02ab1d6124de, 0xb3524a6466112932, 0x73 #[derive(Copy, Clone, PartialEq, Eq, Default, Debug)] pub struct FsRepr(pub [u64; 4]); -impl ::rand::Rand for FsRepr { - #[inline(always)] - fn rand(rng: &mut R) -> Self { - FsRepr(rng.gen()) - } -} - impl ::std::fmt::Display for FsRepr { fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result { @@ -240,21 +234,6 @@ impl ::std::fmt::Display for Fs } } -impl ::rand::Rand for Fs { - fn rand(rng: &mut R) -> Self { - loop { - let mut tmp = Fs(FsRepr::rand(rng)); - - // Mask away the unused bits at the beginning. - tmp.0.as_mut()[3] &= 0xffffffffffffffff >> REPR_SHAVE_BITS; - - if tmp.is_valid() { - return tmp - } - } - } -} - impl From for FsRepr { fn from(e: Fs) -> FsRepr { e.into_repr() @@ -303,6 +282,25 @@ impl PrimeField for Fs { } impl Field for Fs { + fn random(rng: &mut R) -> Self { + loop { + let mut tmp = { + let mut repr = [0u64; 4]; + for i in 0..4 { + repr[i] = rng.next_u64(); + } + Fs(FsRepr(repr)) + }; + + // Mask away the unused bits at the beginning. + tmp.0.as_mut()[3] &= 0xffffffffffffffff >> REPR_SHAVE_BITS; + + if tmp.is_valid() { + return tmp + } + } + } + #[inline] fn zero() -> Self { Fs(FsRepr::from(0)) @@ -622,7 +620,7 @@ fn test_neg_one() { } #[cfg(test)] -use rand::{SeedableRng, XorShiftRng, Rand}; +use rand::{SeedableRng, XorShiftRng}; #[test] fn test_fs_repr_ordering() { @@ -760,14 +758,17 @@ fn test_fs_repr_num_bits() { #[test] fn test_fs_repr_sub_noborrow() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let mut t = FsRepr([0x8e62a7e85264e2c3, 0xb23d34c1941d3ca, 0x5976930b7502dd15, 0x600f3fb517bf5495]); t.sub_noborrow(&FsRepr([0xd64f669809cbc6a4, 0xfa76cb9d90cf7637, 0xfefb0df9038d43b3, 0x298a30c744b31acf])); assert!(t == FsRepr([0xb813415048991c1f, 0x10ad07ae88725d92, 0x5a7b851271759961, 0x36850eedd30c39c5])); for _ in 0..1000 { - let mut a = FsRepr::rand(&mut rng); + let mut a = Fs::random(&mut rng).into_repr(); a.0[3] >>= 30; let mut b = a; for _ in 0..10 { @@ -806,7 +807,10 @@ fn test_fs_legendre() { #[test] fn test_fr_repr_add_nocarry() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let mut t = FsRepr([0xd64f669809cbc6a4, 0xfa76cb9d90cf7637, 0xfefb0df9038d43b3, 0x298a30c744b31acf]); t.add_nocarry(&FsRepr([0x8e62a7e85264e2c3, 0xb23d34c1941d3ca, 0x5976930b7502dd15, 0x600f3fb517bf5495])); @@ -814,9 +818,9 @@ fn test_fr_repr_add_nocarry() { // Test for the associativity of addition. for _ in 0..1000 { - let mut a = FsRepr::rand(&mut rng); - let mut b = FsRepr::rand(&mut rng); - let mut c = FsRepr::rand(&mut rng); + let mut a = Fs::random(&mut rng).into_repr(); + let mut b = Fs::random(&mut rng).into_repr(); + let mut c = Fs::random(&mut rng).into_repr(); // Unset the first few bits, so that overflow won't occur. a.0[3] >>= 3; @@ -865,10 +869,13 @@ fn test_fs_is_valid() { assert!(Fs(FsRepr([0xd0970e5ed6f72cb6, 0xa6682093ccc81082, 0x6673b0101343b00, 0xe7db4ea6533afa9])).is_valid()); assert!(!Fs(FsRepr([0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff])).is_valid()); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); assert!(a.is_valid()); } } @@ -903,13 +910,16 @@ fn test_fs_add_assign() { // Test associativity - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fs::rand(&mut rng); - let b = Fs::rand(&mut rng); - let c = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); + let b = Fs::random(&mut rng); + let c = Fs::random(&mut rng); let mut tmp1 = a; tmp1.add_assign(&b); @@ -948,12 +958,15 @@ fn test_fs_sub_assign() { assert_eq!(tmp, Fs(FsRepr([0x361e16aef5cce835, 0x55bbde2536e274c1, 0x4dc77a63fd15ee75, 0x1e14bb37c14f230]))); } - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { // Ensure that (a - b) + (b - a) = 0. - let a = Fs::rand(&mut rng); - let b = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); + let b = Fs::random(&mut rng); let mut tmp1 = a; tmp1.sub_assign(&b); @@ -972,13 +985,16 @@ fn test_fs_mul_assign() { tmp.mul_assign(&Fs(FsRepr([0xdae00fc63c9fa90f, 0x5a5ed89b96ce21ce, 0x913cd26101bd6f58, 0x3f0822831697fe9]))); assert!(tmp == Fs(FsRepr([0xb68ecb61d54d2992, 0x5ff95874defce6a6, 0x3590eb053894657d, 0x53823a118515933]))); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000000 { // Ensure that (a * b) * c = a * (b * c) - let a = Fs::rand(&mut rng); - let b = Fs::rand(&mut rng); - let c = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); + let b = Fs::random(&mut rng); + let c = Fs::random(&mut rng); let mut tmp1 = a; tmp1.mul_assign(&b); @@ -994,10 +1010,10 @@ fn test_fs_mul_assign() { for _ in 0..1000000 { // Ensure that r * (a + b + c) = r*a + r*b + r*c - let r = Fs::rand(&mut rng); - let mut a = Fs::rand(&mut rng); - let mut b = Fs::rand(&mut rng); - let mut c = Fs::rand(&mut rng); + let r = Fs::random(&mut rng); + let mut a = Fs::random(&mut rng); + let mut b = Fs::random(&mut rng); + let mut c = Fs::random(&mut rng); let mut tmp1 = a; tmp1.add_assign(&b); @@ -1022,11 +1038,14 @@ fn test_fr_squaring() { a.square(); assert_eq!(a, Fs::from_repr(FsRepr([0x12c7f55cbc52fbaa, 0xdedc98a0b5e6ce9e, 0xad2892726a5396a, 0x9fe82af8fee77b3])).unwrap()); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000000 { // Ensure that (a * a) = a^2 - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); let mut tmp = a; tmp.square(); @@ -1042,13 +1061,16 @@ fn test_fr_squaring() { fn test_fs_inverse() { assert!(Fs::zero().inverse().is_none()); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let one = Fs::one(); for _ in 0..1000 { // Ensure that a * a^-1 = 1 - let mut a = Fs::rand(&mut rng); + let mut a = Fs::random(&mut rng); let ainv = a.inverse().unwrap(); a.mul_assign(&ainv); assert_eq!(a, one); @@ -1057,11 +1079,14 @@ fn test_fs_inverse() { #[test] fn test_fs_double() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fs::rand(&mut rng); + let mut a = Fs::random(&mut rng); let mut b = a; b.add_assign(&a); a.double(); @@ -1078,11 +1103,14 @@ fn test_fs_negate() { assert!(a.is_zero()); } - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { // Ensure (a - (-a)) = 0. - let mut a = Fs::rand(&mut rng); + let mut a = Fs::random(&mut rng); let mut b = a; b.negate(); a.add_assign(&b); @@ -1093,12 +1121,15 @@ fn test_fs_negate() { #[test] fn test_fs_pow() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for i in 0..1000 { // Exponentiate by various small numbers and ensure it consists with repeated // multiplication. - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); let target = a.pow(&[i]); let mut c = Fs::one(); for _ in 0..i { @@ -1109,7 +1140,7 @@ fn test_fs_pow() { for _ in 0..1000 { // Exponentiating by the modulus should have no effect in a prime field. - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); assert_eq!(a, a.pow(Fs::char())); } @@ -1117,13 +1148,16 @@ fn test_fs_pow() { #[test] fn test_fs_sqrt() { - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); assert_eq!(Fs::zero().sqrt().unwrap(), Fs::zero()); for _ in 0..1000 { // Ensure sqrt(a^2) = a or -a - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); let mut nega = a; nega.negate(); let mut b = a; @@ -1136,7 +1170,7 @@ fn test_fs_sqrt() { for _ in 0..1000 { // Ensure sqrt(a)^2 = a for random a - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); if let Some(mut tmp) = a.sqrt() { tmp.square(); @@ -1166,11 +1200,14 @@ fn test_fs_from_into_repr() { // Zero should be in the field. assert!(Fs::from_repr(FsRepr::from(0)).unwrap().is_zero()); - let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { // Try to turn Fs elements into representations and back again, and compare. - let a = Fs::rand(&mut rng); + let a = Fs::random(&mut rng); let a_repr = a.into_repr(); let b_repr = FsRepr::from(a); assert_eq!(a_repr, b_repr); diff --git a/sapling-crypto/src/jubjub/montgomery.rs b/sapling-crypto/src/jubjub/montgomery.rs index 76203eb..28dce8e 100644 --- a/sapling-crypto/src/jubjub/montgomery.rs +++ b/sapling-crypto/src/jubjub/montgomery.rs @@ -104,7 +104,7 @@ impl Point { pub fn rand(rng: &mut R, params: &E::Params) -> Self { loop { - let x: E::Fr = rng.gen(); + let x = E::Fr::random(rng); match Self::get_for_x(x, rng.gen(), params) { Some(p) => { diff --git a/sapling-crypto/src/jubjub/tests.rs b/sapling-crypto/src/jubjub/tests.rs index eb7e36b..19aae80 100644 --- a/sapling-crypto/src/jubjub/tests.rs +++ b/sapling-crypto/src/jubjub/tests.rs @@ -14,7 +14,7 @@ use ff::{ LegendreSymbol }; -use rand::{XorShiftRng, SeedableRng, Rand}; +use rand::{RngCore, XorShiftRng, SeedableRng}; pub fn test_suite(params: &E::Params) { test_back_and_forth::(params); @@ -78,7 +78,10 @@ fn is_on_twisted_edwards_curve>( } fn test_loworder(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); let inf = montgomery::Point::zero(); // try to find a point of order 8 @@ -109,15 +112,18 @@ fn test_loworder(params: &E::Params) { fn test_mul_associativity(params: &E::Params) { use self::edwards::Point; - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..100 { // Pick a random point and multiply it by the cofactor let base = Point::::rand(rng, params).mul_by_cofactor(params); - let mut a = E::Fs::rand(rng); - let b = E::Fs::rand(rng); - let c = E::Fs::rand(rng); + let mut a = E::Fs::random(rng); + let b = E::Fs::random(rng); + let c = E::Fs::random(rng); let res1 = base.mul(a, params).mul(b, params).mul(c, params); let res2 = base.mul(b, params).mul(c, params).mul(a, params); @@ -143,7 +149,10 @@ fn test_mul_associativity(params: &E::Params) { fn test_order(params: &E::Params) { use self::edwards::Point; - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); // The neutral element is in the prime order subgroup. assert!(Point::::zero().as_prime_order(params).is_some()); @@ -170,7 +179,10 @@ fn test_order(params: &E::Params) { } fn test_addition_associativity(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { use self::montgomery::Point; @@ -194,7 +206,10 @@ fn test_addition_associativity(params: &E::Params) { } fn test_identities(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); { use self::edwards::Point; @@ -228,11 +243,14 @@ fn test_identities(params: &E::Params) { } fn test_get_for(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { - let y = E::Fr::rand(rng); - let sign = bool::rand(rng); + let y = E::Fr::random(rng); + let sign = rng.next_u32() % 2 == 1; if let Some(mut p) = edwards::Point::::get_for_y(y, sign, params) { assert!(p.into_xy().0.into_repr().is_odd() == sign); @@ -247,7 +265,10 @@ fn test_get_for(params: &E::Params) { } fn test_read_write(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let e = edwards::Point::::rand(rng, params); @@ -262,7 +283,10 @@ fn test_read_write(params: &E::Params) { } fn test_rand(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { let p = montgomery::Point::::rand(rng, params); @@ -281,10 +305,13 @@ fn test_rand(params: &E::Params) { } fn test_back_and_forth(params: &E::Params) { - let rng = &mut XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x5d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); for _ in 0..1000 { - let s = E::Fs::rand(rng); + let s = E::Fs::random(rng); let edwards_p1 = edwards::Point::::rand(rng, params); let mont_p1 = montgomery::Point::from_edwards(&edwards_p1, params); let mont_p2 = montgomery::Point::::rand(rng, params); diff --git a/sapling-crypto/src/redjubjub.rs b/sapling-crypto/src/redjubjub.rs index 00e2f8f..2b34654 100644 --- a/sapling-crypto/src/redjubjub.rs +++ b/sapling-crypto/src/redjubjub.rs @@ -2,7 +2,7 @@ //! See section 5.4.6 of the Sapling protocol specification. use ff::{Field, PrimeField, PrimeFieldRepr}; -use rand::{Rng, Rand}; +use rand::{Rng}; use std::io::{self, Read, Write}; use jubjub::{FixedGenerators, JubjubEngine, JubjubParams, Unknown, edwards::Point}; @@ -184,7 +184,7 @@ pub fn batch_verify<'a, E: JubjubEngine, R: Rng>( let mut c = h_star::(&entry.sig.rbar[..], entry.msg); - let z = E::Fs::rand(rng); + let z = E::Fs::random(rng); s.mul_assign(&z); s.negate(); @@ -218,13 +218,13 @@ mod tests { let params = &JubjubBls12::new(); let p_g = FixedGenerators::SpendingKeyGenerator; - let sk1 = PrivateKey::(rng.gen()); + let sk1 = PrivateKey::(Fs::random(rng)); let vk1 = PublicKey::from_private(&sk1, p_g, params); let msg1 = b"Foo bar"; let sig1 = sk1.sign(msg1, rng, p_g, params); assert!(vk1.verify(msg1, &sig1, p_g, params)); - let sk2 = PrivateKey::(rng.gen()); + let sk2 = PrivateKey::(Fs::random(rng)); let vk2 = PublicKey::from_private(&sk2, p_g, params); let msg2 = b"Foo bar"; let sig2 = sk2.sign(msg2, rng, p_g, params); @@ -262,7 +262,7 @@ mod tests { } }; - let sk = PrivateKey::(rng.gen()); + let sk = PrivateKey::(Fs::random(rng)); let vk = PublicKey::from_private(&sk, p_g, params); // TODO: This test will need to change when #77 is fixed @@ -281,7 +281,7 @@ mod tests { let params = &JubjubBls12::new(); for _ in 0..1000 { - let sk = PrivateKey::(rng.gen()); + let sk = PrivateKey::(Fs::random(rng)); let vk = PublicKey::from_private(&sk, p_g, params); let msg = b"Foo bar"; let sig = sk.sign(msg, rng, p_g, params); @@ -314,7 +314,7 @@ mod tests { let params = &JubjubBls12::new(); for _ in 0..1000 { - let sk = PrivateKey::(rng.gen()); + let sk = PrivateKey::(Fs::random(rng)); let vk = PublicKey::from_private(&sk, p_g, params); let msg1 = b"Foo bar"; @@ -328,7 +328,7 @@ mod tests { assert!(!vk.verify(msg1, &sig2, p_g, params)); assert!(!vk.verify(msg2, &sig1, p_g, params)); - let alpha = rng.gen(); + let alpha = Fs::random(rng); let rsk = sk.randomize(alpha); let rvk = vk.randomize(alpha, p_g, params);