Allow generator overwrite

davxy · Jul 25, 2024 · 6589d29 · 6589d29
1 parent c924bf6
commit 6589d29
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 12 deletions.
diff --git a/src/ietf.rs b/src/ietf.rs
@@ -93,7 +93,7 @@ pub trait Verifier<S: IetfSuite> {
 impl<S: IetfSuite> Prover<S> for Secret<S> {
     fn prove(&self, input: Input<S>, output: Output<S>, ad: impl AsRef<[u8]>) -> Proof<S> {
         let k = S::nonce(&self.scalar, input);
-        let k_b = (S::Affine::generator() * k).into_affine();
+        let k_b = (S::generator() * k).into_affine();
 
         let k_h = (input.0 * k).into_affine();
 
@@ -116,7 +116,7 @@ impl<S: IetfSuite> Verifier<S> for Public<S> {
     ) -> Result<(), Error> {
         let Proof { c, s } = proof;
 
-        let s_b = S::Affine::generator() * s;
+        let s_b = S::generator() * s;
         let c_y = self.0 * c;
         let u = (s_b - c_y).into_affine();
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -76,7 +76,7 @@ impl From<ark_serialize::SerializationError> for Error {
 ///
 /// Can be easily customized to implement more exotic VRF types by overwriting
 /// the default methods implementations.
-pub trait Suite: Copy + Clone {
+pub trait Suite: Copy {
     /// Suite identifier (aka `suite_string` in RFC-9381)
     const SUITE_ID: &'static [u8];
 
@@ -96,6 +96,9 @@ pub trait Suite: Copy + Clone {
     /// Used wherever an hash is required: nonce, challenge, MAC, etc.
     type Hasher: Digest;
 
+    /// Overarching codec.
+    ///
+    /// Used wherever we need to encode/decode points and scalars.
     type Codec: codec::Codec<Self>;
 
     /// Nonce generation as described by RFC-9381 section 5.4.2.
@@ -144,6 +147,14 @@ pub trait Suite: Copy + Clone {
     fn point_to_hash(pt: &AffinePoint<Self>) -> HashOutput<Self> {
         utils::point_to_hash_rfc_9381::<Self>(pt)
     }
+
+    /// Generator used through all the suite.
+    ///
+    /// Defaults to Arkworks provided generator.
+    #[inline(always)]
+    fn generator() -> AffinePoint<Self> {
+        Self::Affine::generator()
+    }
 }
 
 /// Secret key.
@@ -197,8 +208,7 @@ impl<S: Suite> ark_serialize::Valid for Secret<S> {
 impl<S: Suite> Secret<S> {
     /// Construct a `Secret` from the given scalar.
     pub fn from_scalar(scalar: ScalarField<S>) -> Self {
-        let public = S::Affine::generator() * scalar;
-        let public = Public(public.into_affine());
+        let public = Public((S::generator() * scalar).into_affine());
         Self { scalar, public }
     }
 
@@ -211,7 +221,7 @@ impl<S: Suite> Secret<S> {
         Self::from_scalar(scalar)
     }
 
-    /// Construct an ephemeral `Secret` using some random generator.
+    /// Construct an ephemeral `Secret` using the provided randomness source.
     pub fn from_rand(rng: &mut impl ark_std::rand::RngCore) -> Self {
         let mut seed = [0u8; 32];
         rng.fill_bytes(&mut seed);
@@ -235,7 +245,7 @@ pub struct Public<S: Suite>(pub AffinePoint<S>);
 
 /// VRF input point generic over the cipher suite.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)]
-pub struct Input<S: Suite>(pub S::Affine);
+pub struct Input<S: Suite>(pub AffinePoint<S>);
 
 impl<S: Suite> Input<S> {
     /// Construct from [`Suite::data_to_point`].
@@ -251,11 +261,11 @@ impl<S: Suite> Input<S> {
 
 /// VRF output point generic over the cipher suite.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, CanonicalSerialize, CanonicalDeserialize)]
-pub struct Output<S: Suite>(pub S::Affine);
+pub struct Output<S: Suite>(pub AffinePoint<S>);
 
 impl<S: Suite> Output<S> {
     /// Construct from inner affine point.
-    pub fn from(value: <S as Suite>::Affine) -> Self {
+    pub fn from(value: AffinePoint<S>) -> Self {
         Output(value)
     }
 

diff --git a/src/pedersen.rs b/src/pedersen.rs
@@ -55,9 +55,9 @@ impl<S: PedersenSuite> Prover<S> for Secret<S> {
         let b = S::nonce(&kb, input);
 
         // Yb = x*G + b*B
-        let pk_blind = (S::Affine::generator() * self.scalar + S::BLINDING_BASE * b).into_affine();
+        let pk_blind = (S::generator() * self.scalar + S::BLINDING_BASE * b).into_affine();
         // R = k*G + kb*B
-        let r = (S::Affine::generator() * k + S::BLINDING_BASE * kb).into_affine();
+        let r = (S::generator() * k + S::BLINDING_BASE * kb).into_affine();
         // Ok = k*I
         let ok = (input.0 * k).into_affine();
 
@@ -105,7 +105,7 @@ impl<S: PedersenSuite> Verifier<S> for Public<S> {
         }
 
         // R + c*Yb = s*G + sb*B
-        if *pk_blind * c + r != S::Affine::generator() * s + S::BLINDING_BASE * sb {
+        if *pk_blind * c + r != S::generator() * s + S::BLINDING_BASE * sb {
             return Err(Error::VerificationFailure);
         }