Make explicit the RNG's security needed for CRH parameter generation

[weikengchen]

In generating the group elements for Pedersen hashes, we want these elements to have some sort of independence. This can be done by (1) using truly random bits (but not verifiable) or (2) using a cryptographic hash function, treated as a random oracle.

This, indeed, places a requirement on the security of RNG that is qualified to set up Pedersen hashes.

Currently, the CRH interface does not explicitly ask for this security. In fact, any RNG suffices.

    pub fn generator_powers<R: Rng>(num_powers: usize, rng: &mut R) -> Vec<G> {
        let mut cur_gen_powers = Vec::with_capacity(num_powers);
        let mut base = G::rand(rng);
        for _ in 0..num_powers {
            cur_gen_powers.push(base);
            base.double_in_place();
        }
        cur_gen_powers
    }

This would be problematic if the developers did not instantiate CRH with a secure RNG, but, for example, uses a weak RNG.

Such as in dpc's test:

#[test]
fn integration_test() {
    let mut rng = XorShiftRng::seed_from_u64(23472342u64);
    ...
}

---

Proposed solution:

It is necessary for cryptographic parameters whose setup is somehow based on random oracle to say so explicitly.

It seems that Rust has provided a trait that extends Rng, called CryptoRng. Note that this is only a marker, and it needs to be used together with Rng.
https://docs.rs/rand/0.5.0/rand/trait.CryptoRng.html

We likely should change a number of setup functions to explicitly ask for this level. Also, some prove, index may also require this level of security.

[weikengchen]

We probably would leave this issue for the future.

It requires too many changes upstream, while the necessity is small.