From d8e0651848ac128c179f5f61f11af6d8238ef4a4 Mon Sep 17 00:00:00 2001 From: Christopher Patton Date: Thu, 9 Jan 2025 10:09:00 -0800 Subject: [PATCH] Remove `getrandom()`, clean up error handling Use `thread_rng().gen::<[u8; SEED_SIZE]>()` to generate seeds rather than `getrandom()`. Since this method is infallible, we no longer need to propagate errors from `getrandom()`. --- Cargo.lock | 3 -- Cargo.toml | 2 - benches/cycle_counts.rs | 2 +- benches/speed_tests.rs | 14 +++--- src/fft.rs | 8 +-- src/field.rs | 21 ++++---- src/flp.rs | 36 ++++++-------- src/flp/gadgets.rs | 8 +-- src/flp/types.rs | 12 ++--- src/flp/types/dp.rs | 3 -- src/flp/types/fixedpoint_l2.rs | 2 +- src/idpf.rs | 21 ++++---- src/prng.rs | 25 +++------- src/vdaf.rs | 11 +--- src/vdaf/mastic.rs | 7 +-- src/vdaf/mastic/szk.rs | 91 ++++++++++++++++++---------------- src/vdaf/poplar1.rs | 14 +++--- src/vdaf/prio2.rs | 10 ++-- src/vdaf/prio2/client.rs | 25 ++-------- src/vdaf/prio2/server.rs | 13 +---- src/vdaf/prio2/test_vector.rs | 10 +--- src/vdaf/prio3.rs | 4 +- src/vdaf/xof.rs | 27 ++++++---- src/vidpf.rs | 9 ++-- 24 files changed, 159 insertions(+), 219 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0b8aa07f8..96e30a371 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -358,10 +358,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] @@ -690,7 +688,6 @@ dependencies = [ "ctr", "fiat-crypto", "fixed", - "getrandom", "hex", "hex-literal", "hmac", diff --git a/Cargo.toml b/Cargo.toml index cd5396a81..8e887020b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,6 @@ byteorder = "1.5.0" ctr = { version = "0.9.2", optional = true } fiat-crypto = { version = "0.2.9", optional = true } fixed = { version = "1.27", optional = true } -getrandom = { version = "0.2.14", features = ["std"] } hex = { version = "0.4.3", features = ["serde"], optional = true } hmac = { version = "0.12.1", optional = true } num-bigint = { version = "0.4.6", optional = true, features = ["rand", "serde"] } @@ -55,7 +54,6 @@ experimental = ["bitvec", "fiat-crypto", "fixed", "num-bigint", "num-rational", multithreaded = ["rayon"] crypto-dependencies = ["aes", "ctr", "hmac", "sha2"] test-util = ["hex", "serde_json", "zipf"] -wasm-compat = ["getrandom/js"] [workspace] members = [".", "binaries"] diff --git a/benches/cycle_counts.rs b/benches/cycle_counts.rs index 99bc86ba6..e17e6bf46 100644 --- a/benches/cycle_counts.rs +++ b/benches/cycle_counts.rs @@ -23,7 +23,7 @@ use prio::{ }; fn prng(size: usize) -> Vec { - random_vector(size).unwrap() + random_vector(size) } fn prng_16() -> Vec { diff --git a/benches/speed_tests.rs b/benches/speed_tests.rs index f36e6e7ed..bf96f34f0 100644 --- a/benches/speed_tests.rs +++ b/benches/speed_tests.rs @@ -94,7 +94,9 @@ fn poly_mul(c: &mut Criterion) { let m = (size + 1).next_power_of_two(); let mut g: Mul = Mul::new(*size); let mut outp = vec![F::zero(); 2 * m]; - let inp = vec![random_vector(m).unwrap(); 2]; + let mut inp = vec![]; + inp.push(random_vector(m)); + inp.push(random_vector(m)); b.iter(|| { benchmarked_gadget_mul_call_poly_fft(&mut g, &mut outp, &inp).unwrap(); @@ -105,7 +107,9 @@ fn poly_mul(c: &mut Criterion) { let m = (size + 1).next_power_of_two(); let mut g: Mul = Mul::new(*size); let mut outp = vec![F::zero(); 2 * m]; - let inp = vec![random_vector(m).unwrap(); 2]; + let mut inp = vec![]; + inp.push(random_vector(m)); + inp.push(random_vector(m)); b.iter(|| { benchmarked_gadget_mul_call_poly_direct(&mut g, &mut outp, &inp).unwrap(); @@ -709,11 +713,10 @@ fn idpf(c: &mut Criterion) { let input = IdpfInput::from_bools(&bits); let inner_values = random_vector::(size - 1) - .unwrap() .into_iter() .map(|random_element| Poplar1IdpfValue::new([Field64::one(), random_element])) .collect::>(); - let leaf_value = Poplar1IdpfValue::new([Field255::one(), random_vector(1).unwrap()[0]]); + let leaf_value = Poplar1IdpfValue::new([Field255::one(), random_vector(1)[0]]); let idpf = Idpf::new((), ()); b.iter(|| { @@ -732,11 +735,10 @@ fn idpf(c: &mut Criterion) { let input = IdpfInput::from_bools(&bits); let inner_values = random_vector::(size - 1) - .unwrap() .into_iter() .map(|random_element| Poplar1IdpfValue::new([Field64::one(), random_element])) .collect::>(); - let leaf_value = Poplar1IdpfValue::new([Field255::one(), random_vector(1).unwrap()[0]]); + let leaf_value = Poplar1IdpfValue::new([Field255::one(), random_vector(1)[0]]); let idpf = Idpf::new((), ()); let (public_share, keys) = idpf diff --git a/src/fft.rs b/src/fft.rs index 2f5cc1a67..5c1c9e0b8 100644 --- a/src/fft.rs +++ b/src/fft.rs @@ -136,7 +136,7 @@ mod tests { for size in test_sizes.iter() { let mut tmp = vec![F::zero(); *size]; let mut got = vec![F::zero(); *size]; - let want = random_vector(*size).unwrap(); + let want = random_vector(*size); discrete_fourier_transform(&mut tmp, &want, want.len())?; discrete_fourier_transform_inv(&mut got, &tmp, tmp.len())?; @@ -166,7 +166,7 @@ mod tests { let size = 128; let mut mem = TestPolyAuxMemory::new(size / 2); - let inp = random_vector(size).unwrap(); + let inp = random_vector(size); let mut want = vec![FieldPrio2::zero(); size]; let mut got = vec![FieldPrio2::zero(); size]; @@ -191,8 +191,8 @@ mod tests { fn test_fft_linearity() { let len = 16; let num_shares = 3; - let x: Vec = random_vector(len).unwrap(); - let mut x_shares = split_vector(&x, num_shares).unwrap(); + let x: Vec = random_vector(len); + let mut x_shares = split_vector(&x, num_shares); // Just for fun, let's do something different with a subset of the inputs. For the first // share, every odd element is set to the plaintext value. For all shares but the first, diff --git a/src/field.rs b/src/field.rs index 88bf40ff1..9573f6fd4 100644 --- a/src/field.rs +++ b/src/field.rs @@ -10,7 +10,7 @@ use crate::{ codec::{CodecError, Decode, Encode}, fp::{FieldOps, FieldParameters, FP128, FP32, FP64}, - prng::{Prng, PrngError}, + prng::Prng, }; use rand::{ distributions::{Distribution, Standard}, @@ -876,31 +876,28 @@ pub(crate) fn merge_vector( /// Outputs an additive secret sharing of the input. #[cfg(test)] -pub(crate) fn split_vector( - inp: &[F], - num_shares: usize, -) -> Result>, PrngError> { +pub(crate) fn split_vector(inp: &[F], num_shares: usize) -> Vec> { if num_shares == 0 { - return Ok(vec![]); + return vec![]; } let mut outp = Vec::with_capacity(num_shares); outp.push(inp.to_vec()); for _ in 1..num_shares { - let share: Vec = random_vector(inp.len())?; + let share: Vec = random_vector(inp.len()); for (x, y) in outp[0].iter_mut().zip(&share) { *x -= *y; } outp.push(share); } - Ok(outp) + outp } /// Generate a vector of uniformly distributed random field elements. -pub fn random_vector(len: usize) -> Result, PrngError> { - Ok(Prng::new()?.take(len).collect()) +pub fn random_vector(len: usize) -> Vec { + Prng::new().take(len).collect() } /// `encode_fieldvec` serializes a type that is equivalent to a vector of field elements. @@ -979,7 +976,7 @@ pub(crate) mod test_utils { } pub(crate) fn field_element_test_common() { - let mut prng: Prng = Prng::new().unwrap(); + let mut prng: Prng = Prng::new(); let int_modulus = F::modulus(); let int_one = F::TestInteger::try_from(1).unwrap(); let zero = F::zero(); @@ -1174,7 +1171,7 @@ mod tests { fn field_element_test() { field_element_test_common::(); - let mut prng: Prng = Prng::new().unwrap(); + let mut prng: Prng = Prng::new(); let int_modulus = F::modulus(); let int_one = F::Integer::try_from(1).unwrap(); let zero = F::zero(); diff --git a/src/flp.rs b/src/flp.rs index d6e1bdf89..dabd41aba 100644 --- a/src/flp.rs +++ b/src/flp.rs @@ -30,16 +30,16 @@ //! // check the proof. The application needs to ensure that the prover //! // "commits" to the input before this point. In Prio3, the joint //! // randomness is derived from additive shares of the input. -//! let joint_rand = random_vector(count.joint_rand_len()).unwrap(); +//! let joint_rand = random_vector(count.joint_rand_len()); //! //! // The prover generates the proof. -//! let prove_rand = random_vector(count.prove_rand_len()).unwrap(); +//! let prove_rand = random_vector(count.prove_rand_len()); //! let proof = count.prove(&input, &prove_rand, &joint_rand).unwrap(); //! //! // The verifier checks the proof. In the first step, the verifier "queries" //! // the input and proof, getting the "verifier message" in response. It then //! // inspects the verifier to decide if the input is valid. -//! let query_rand = random_vector(count.query_rand_len()).unwrap(); +//! let query_rand = random_vector(count.query_rand_len()); //! let verifier = count.query(&input, &proof, &query_rand, &joint_rand, 1).unwrap(); //! assert!(count.decide(&verifier).unwrap()); //! ``` @@ -178,7 +178,7 @@ pub trait Type: Sized + Eq + Clone + Debug { /// /// let count = Count::new(); /// let input: Vec = count.encode_measurement(&true).unwrap(); - /// let joint_rand = random_vector(count.joint_rand_len()).unwrap(); + /// let joint_rand = random_vector(count.joint_rand_len()); /// let v = count.valid(&mut count.gadget(), &input, &joint_rand, 1).unwrap(); /// assert!(v.into_iter().all(|f| f == Field64::zero())); /// ``` @@ -874,9 +874,9 @@ pub mod test_utils { ); let mut gadgets = self.flp.gadget(); - let joint_rand = random_vector(self.flp.joint_rand_len()).unwrap(); - let prove_rand = random_vector(self.flp.prove_rand_len()).unwrap(); - let query_rand = random_vector(self.flp.query_rand_len()).unwrap(); + let joint_rand = random_vector(self.flp.joint_rand_len()); + let prove_rand = random_vector(self.flp.prove_rand_len()); + let query_rand = random_vector(self.flp.query_rand_len()); assert_eq!( self.flp.joint_rand_len(), joint_rand.len(), @@ -999,8 +999,7 @@ pub mod test_utils { outp.push(inp.to_vec()); for _ in 1..SHARES { - let share: Vec = - random_vector(inp.len()).expect("failed to generate a random vector"); + let share: Vec = random_vector(inp.len()); for (x, y) in outp[0].iter_mut().zip(&share) { *x -= *y; } @@ -1031,21 +1030,18 @@ mod tests { assert_eq!(input.len(), typ.input_len()); let input_shares: Vec> = split_vector(input.as_slice(), NUM_SHARES) - .unwrap() .into_iter() .collect(); - let joint_rand = random_vector(typ.joint_rand_len()).unwrap(); - let prove_rand = random_vector(typ.prove_rand_len()).unwrap(); - let query_rand = random_vector(typ.query_rand_len()).unwrap(); + let joint_rand = random_vector(typ.joint_rand_len()); + let prove_rand = random_vector(typ.prove_rand_len()); + let query_rand = random_vector(typ.query_rand_len()); let proof = typ.prove(&input, &prove_rand, &joint_rand).unwrap(); assert_eq!(proof.len(), typ.proof_len()); - let proof_shares: Vec> = split_vector(&proof, NUM_SHARES) - .unwrap() - .into_iter() - .collect(); + let proof_shares: Vec> = + split_vector(&proof, NUM_SHARES).into_iter().collect(); let verifier: Vec = (0..NUM_SHARES) .map(|i| { @@ -1191,9 +1187,9 @@ mod tests { let typ: Issue254Type = Issue254Type::new(); let input = typ.encode_measurement(&0).unwrap(); assert_eq!(input.len(), typ.input_len()); - let joint_rand = random_vector(typ.joint_rand_len()).unwrap(); - let prove_rand = random_vector(typ.prove_rand_len()).unwrap(); - let query_rand = random_vector(typ.query_rand_len()).unwrap(); + let joint_rand = random_vector(typ.joint_rand_len()); + let prove_rand = random_vector(typ.prove_rand_len()); + let query_rand = random_vector(typ.query_rand_len()); let proof = typ.prove(&input, &prove_rand, &joint_rand).unwrap(); let verifier = typ .query(&input, &proof, &query_rand, &joint_rand, 1) diff --git a/src/flp/gadgets.rs b/src/flp/gadgets.rs index 5333884f2..3783c7e68 100644 --- a/src/flp/gadgets.rs +++ b/src/flp/gadgets.rs @@ -490,7 +490,7 @@ mod tests { #[test] fn test_poly_eval() { - let poly: Vec = random_vector(10).unwrap(); + let poly: Vec = random_vector(10); let num_calls = FFT_THRESHOLD / 2; let mut g: PolyEval = PolyEval::new(poly.clone(), num_calls); @@ -531,7 +531,7 @@ mod tests { let degree = g.degree(); // Test that both gadgets evaluate to the same value when run on scalar inputs. - let inp: Vec = random_vector(arity).unwrap(); + let inp: Vec = random_vector(arity); let result = g.call(&inp).unwrap(); let result_serial = g_serial.call(&inp).unwrap(); assert_eq!(result, result_serial); @@ -541,7 +541,7 @@ mod tests { vec![TestField::zero(); (degree * num_calls + 1).next_power_of_two()]; let mut poly_outp_serial = vec![TestField::zero(); (degree * num_calls + 1).next_power_of_two()]; - let mut prng: Prng = Prng::new().unwrap(); + let mut prng: Prng = Prng::new(); let poly_inp: Vec<_> = iter::repeat_with(|| { iter::repeat_with(|| prng.get()) .take(1 + num_calls) @@ -562,7 +562,7 @@ mod tests { /// to evaluating each of the inputs at the same point and applying g.call() on the results. fn gadget_test>(g: &mut G, num_calls: usize) { let wire_poly_len = (1 + num_calls).next_power_of_two(); - let mut prng = Prng::new().unwrap(); + let mut prng = Prng::new(); let mut inp = vec![F::zero(); g.arity()]; let mut gadget_poly = vec![F::zero(); gadget_poly_fft_mem_len(g.degree(), num_calls)]; let mut wire_polys = vec![vec![F::zero(); wire_poly_len]; g.arity()]; diff --git a/src/flp/types.rs b/src/flp/types.rs index 2431af986..8f63af103 100644 --- a/src/flp/types.rs +++ b/src/flp/types.rs @@ -1420,9 +1420,9 @@ mod tests { let typ: SumVec> = SumVec::new(1, 1000, 31).unwrap(); let input = typ.encode_measurement(&vec![0; 1000]).unwrap(); assert_eq!(input.len(), typ.input_len()); - let joint_rand = random_vector(typ.joint_rand_len()).unwrap(); - let prove_rand = random_vector(typ.prove_rand_len()).unwrap(); - let query_rand = random_vector(typ.query_rand_len()).unwrap(); + let joint_rand = random_vector(typ.joint_rand_len()); + let prove_rand = random_vector(typ.prove_rand_len()); + let query_rand = random_vector(typ.query_rand_len()); let proof = typ.prove(&input, &prove_rand, &joint_rand).unwrap(); let verifier = typ .query(&input, &proof, &query_rand, &joint_rand, 1) @@ -1438,9 +1438,9 @@ mod tests { SumVec::new(1, 1000, 31).unwrap(); let input = typ.encode_measurement(&vec![0; 1000]).unwrap(); assert_eq!(input.len(), typ.input_len()); - let joint_rand = random_vector(typ.joint_rand_len()).unwrap(); - let prove_rand = random_vector(typ.prove_rand_len()).unwrap(); - let query_rand = random_vector(typ.query_rand_len()).unwrap(); + let joint_rand = random_vector(typ.joint_rand_len()); + let prove_rand = random_vector(typ.prove_rand_len()); + let query_rand = random_vector(typ.query_rand_len()); let proof = typ.prove(&input, &prove_rand, &joint_rand).unwrap(); let verifier = typ .query(&input, &proof, &query_rand, &joint_rand, 1) diff --git a/src/flp/types/dp.rs b/src/flp/types/dp.rs index fc092b662..0ad1e87d7 100644 --- a/src/flp/types/dp.rs +++ b/src/flp/types/dp.rs @@ -222,7 +222,6 @@ mod tests { let mut rng = XofTurboShake128::init(&[0; 32], &[]).into_seed_stream(); let [mut share1, mut share2]: [Vec; 2] = split_vector(&[Field128::zero(); SIZE], 2) - .unwrap() .try_into() .unwrap(); @@ -258,7 +257,6 @@ mod tests { let mut rng = XofTurboShake128::init(&[1; 32], &[]).into_seed_stream(); let [mut share1, mut share2]: [Vec; 2] = split_vector(&[Field128::zero(); SIZE], 2) - .unwrap() .try_into() .unwrap(); @@ -301,7 +299,6 @@ mod tests { let mut rng = XofTurboShake128::init(&[2; 32], &[]).into_seed_stream(); let [mut share1, mut share2]: [Vec; 2] = split_vector(&[Field128::zero(); SIZE], 2) - .unwrap() .try_into() .unwrap(); diff --git a/src/flp/types/fixedpoint_l2.rs b/src/flp/types/fixedpoint_l2.rs index 254db0d22..6342c3188 100644 --- a/src/flp/types/fixedpoint_l2.rs +++ b/src/flp/types/fixedpoint_l2.rs @@ -822,7 +822,7 @@ mod tests { // invalid submission length, should be 3n + (2*n - 2) for a // 3-element n-bit vector. 3*n bits for 3 entries, (2*n-2) for norm. - let joint_rand = random_vector(vsum.joint_rand_len()).unwrap(); + let joint_rand = random_vector(vsum.joint_rand_len()); vsum.valid( &mut vsum.gadget(), &vec![one; 3 * n + 2 * n - 1], diff --git a/src/idpf.rs b/src/idpf.rs index 9351df3c2..68f7fe36a 100644 --- a/src/idpf.rs +++ b/src/idpf.rs @@ -19,7 +19,7 @@ use bitvec::{ vec::BitVec, view::BitView, }; -use rand_core::RngCore; +use rand::prelude::*; use std::{ collections::{HashMap, VecDeque}, fmt::Debug, @@ -493,6 +493,7 @@ where where M: IntoIterator, { + let mut rng = thread_rng(); if input.is_empty() { return Err( IdpfError::InvalidParameter("invalid number of bits: 0".to_string()).into(), @@ -500,7 +501,7 @@ where } let mut random = [[0u8; 16]; 2]; for random_seed in random.iter_mut() { - getrandom::getrandom(random_seed)?; + rng.fill(random_seed); } self.gen_with_random(input, inner_values, leaf_value, ctx, nonce, &random) } @@ -1035,7 +1036,6 @@ enum XofMode<'a> { pub mod test_utils { use super::*; - use rand::prelude::*; use zipf::ZipfDistribution; /// Generate a set of IDPF inputs with the given bit length `bits`. They are sampled according @@ -1373,15 +1373,14 @@ mod tests { let input = bits.clone().into(); let mut inner_values = Vec::with_capacity(INPUT_LEN - 1); - let mut prng = Prng::new().unwrap(); + let mut prng = Prng::new(); for _ in 0..INPUT_LEN - 1 { inner_values.push(Poplar1IdpfValue::new([ Field64::one(), prng.next().unwrap(), ])); } - let leaf_values = - Poplar1IdpfValue::new([Field255::one(), Prng::new().unwrap().next().unwrap()]); + let leaf_values = Poplar1IdpfValue::new([Field255::one(), Prng::new().next().unwrap()]); let nonce: [u8; 16] = random(); let idpf = Idpf::new((), ()); @@ -1442,15 +1441,14 @@ mod tests { let input = bits.into(); let mut inner_values = Vec::with_capacity(7); - let mut prng = Prng::new().unwrap(); + let mut prng = Prng::new(); for _ in 0..7 { inner_values.push(Poplar1IdpfValue::new([ Field64::one(), prng.next().unwrap(), ])); } - let leaf_values = - Poplar1IdpfValue::new([Field255::one(), Prng::new().unwrap().next().unwrap()]); + let leaf_values = Poplar1IdpfValue::new([Field255::one(), Prng::new().next().unwrap()]); let nonce: [u8; 16] = random(); let idpf = Idpf::new((), ()); @@ -1621,15 +1619,14 @@ mod tests { let input = bits.into(); let mut inner_values = Vec::with_capacity(7); - let mut prng = Prng::new().unwrap(); + let mut prng = Prng::new(); for _ in 0..7 { inner_values.push(Poplar1IdpfValue::new([ Field64::one(), prng.next().unwrap(), ])); } - let leaf_values = - Poplar1IdpfValue::new([Field255::one(), Prng::new().unwrap().next().unwrap()]); + let leaf_values = Poplar1IdpfValue::new([Field255::one(), Prng::new().next().unwrap()]); let nonce: [u8; 16] = random(); let idpf = Idpf::new((), ()); diff --git a/src/prng.rs b/src/prng.rs index 5f23fadcb..f6b4aad7a 100644 --- a/src/prng.rs +++ b/src/prng.rs @@ -9,22 +9,13 @@ use crate::field::{FieldElement, FieldElementExt}; #[cfg(all(feature = "crypto-dependencies", feature = "experimental"))] use crate::vdaf::xof::SeedStreamAes128; use crate::vdaf::xof::{Seed, SeedStreamTurboShake128, Xof, XofTurboShake128}; -use rand_core::RngCore; +use rand::prelude::*; use std::marker::PhantomData; use std::ops::ControlFlow; const BUFFER_SIZE_IN_ELEMENTS: usize = 32; -/// Errors propagated by methods in this module. -#[derive(Debug, thiserror::Error)] -#[non_exhaustive] -pub enum PrngError { - /// Failure when calling getrandom(). - #[error("getrandom: {0}")] - GetRandom(#[from] getrandom::Error), -} - /// This type implements an iterator that generates a pseudorandom sequence of field elements. The /// sequence is derived from a XOF's key stream. #[derive(Debug)] @@ -48,13 +39,9 @@ impl Prng { impl Prng { /// Create a [`Prng`] from a randomly generated seed. - pub(crate) fn new() -> Result { - let seed = Seed::generate()?; - Ok(Prng::from_seed_stream(XofTurboShake128::seed_stream( - seed.as_ref(), - &[], - &[], - ))) + pub(crate) fn new() -> Self { + let seed = thread_rng().gen::>(); + Prng::from_seed_stream(XofTurboShake128::seed_stream(seed.as_ref(), &[], &[])) } } @@ -254,7 +241,7 @@ mod tests { // once it reaches the end. #[test] fn left_over_buffer_back_fill() { - let seed = Seed::generate().unwrap(); + let seed = thread_rng().gen::>(); let mut prng: Prng = Prng::from_seed_stream(XofTurboShake128::seed_stream(seed.as_ref(), &[], &[])); @@ -276,7 +263,7 @@ mod tests { #[cfg(feature = "experimental")] #[test] fn into_different_field() { - let seed = Seed::generate().unwrap(); + let seed = thread_rng().gen::>(); let want: Prng = Prng::from_seed_stream(XofTurboShake128::seed_stream(seed.as_ref(), &[], &[])); let want_buffer = want.buffer.clone(); diff --git a/src/vdaf.rs b/src/vdaf.rs index c76bf4563..f8161d998 100644 --- a/src/vdaf.rs +++ b/src/vdaf.rs @@ -17,7 +17,6 @@ use crate::{ codec::{CodecError, Decode, Encode, ParameterizedDecode}, field::{encode_fieldvec, merge_vector, FieldElement, FieldError}, flp::FlpError, - prng::PrngError, vdaf::xof::Seed, }; use serde::{Deserialize, Serialize}; @@ -53,14 +52,6 @@ pub enum VdafError { #[error("Szk error: {0}")] Szk(#[from] SzkError), - /// PRNG error. - #[error("prng error: {0}")] - Prng(#[from] PrngError), - - /// Failure when calling getrandom(). - #[error("getrandom: {0}")] - GetRandom(#[from] getrandom::Error), - /// IDPF error. #[cfg(all(feature = "crypto-dependencies", feature = "experimental"))] #[error("idpf error: {0}")] @@ -685,7 +676,7 @@ where for<'a> T: ParameterizedDecode<(&'a V, &'a V::AggregationParam)>, { // Generate an arbitrary vector of field elements. - let vec: Vec = crate::field::random_vector(length).unwrap(); + let vec: Vec = crate::field::random_vector(length); // Serialize the field element vector into a vector of bytes. let mut bytes = Vec::with_capacity(vec.len() * F::ENCODED_SIZE); diff --git a/src/vdaf/mastic.rs b/src/vdaf/mastic.rs index b1048cd13..4b4c73cf7 100644 --- a/src/vdaf/mastic.rs +++ b/src/vdaf/mastic.rs @@ -323,13 +323,14 @@ impl Client<16> for Mastic { measurement: &(VidpfInput, T::Measurement), nonce: &[u8; 16], ) -> Result<(Self::PublicShare, Vec), VdafError> { - let vidpf_keys = [VidpfKey::generate()?, VidpfKey::generate()?]; + let mut rng = thread_rng(); + let vidpf_keys = rng.gen(); let joint_random_opt = if self.szk.requires_joint_rand() { - Some(Seed::generate()?) + Some(rng.gen()) } else { None }; - let szk_random = [Seed::generate()?, Seed::generate()?]; + let szk_random = rng.gen(); self.shard_with_random( ctx, diff --git a/src/vdaf/mastic/szk.rs b/src/vdaf/mastic/szk.rs index 870c788c7..f3c92a893 100644 --- a/src/vdaf/mastic/szk.rs +++ b/src/vdaf/mastic/szk.rs @@ -15,7 +15,6 @@ use crate::{ codec::{CodecError, Decode, Encode, ParameterizedDecode}, field::{decode_fieldvec, encode_fieldvec, FieldElement}, flp::{FlpError, Type}, - prng::PrngError, vdaf::{ mastic::{self, NONCE_SIZE, SEED_SIZE, USAGE_PROOF_SHARE}, xof::{IntoFieldVec, Seed, Xof, XofTurboShake128}, @@ -44,10 +43,6 @@ pub enum SzkError { #[error("Flp error: {0}")] Flp(#[from] FlpError), - /// PRNG error. - #[error("prng error: {0}")] - Prng(#[from] PrngError), - /// Codec error. #[error("codec error: {0}")] Codec(#[from] CodecError), @@ -676,18 +671,17 @@ mod tests { use rand::{thread_rng, Rng}; fn generic_szk_test(typ: T, encoded_measurement: &[T::Field], valid: bool) { + let mut rng = thread_rng(); let ctx = b"some application context"; let mut nonce = [0u8; 16]; let mut verify_key = [0u8; 32]; let szk_typ = Szk::new(typ.clone(), 0); thread_rng().fill(&mut verify_key[..]); thread_rng().fill(&mut nonce[..]); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = szk_typ - .requires_joint_rand() - .then(|| Seed::generate().unwrap()); - let helper_input_share: Vec = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = szk_typ.requires_joint_rand().then(|| rng.gen()); + let helper_input_share: Vec = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -753,7 +747,7 @@ mod tests { //test mutated jr seed if szk_typ.requires_joint_rand() { - let joint_rand_seed_opt = Some(Seed::generate().unwrap()); + let joint_rand_seed_opt = Some(rng.gen()); if let Ok(()) = szk_typ.decide(joint_rand_seed_opt.clone(), joint_share) { panic!("Leader accepted wrong jr seed"); }; @@ -843,16 +837,17 @@ mod tests { #[test] fn test_sum_proof_share_encode() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; let max_measurement = 13; thread_rng().fill(&mut nonce[..]); let sum = Sum::::new(max_measurement).unwrap(); let encoded_measurement = sum.encode_measurement(&9).unwrap(); let szk_typ = Szk::new(sum, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = Some(Seed::generate().unwrap()); - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = Some(rng.gen()); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -878,16 +873,17 @@ mod tests { #[test] fn test_sumvec_proof_share_encode() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let sumvec = SumVec::>>::new(5, 3, 3).unwrap(); let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap(); let szk_typ = Szk::new(sumvec, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = Some(Seed::generate().unwrap()); - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = Some(rng.gen()); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -913,15 +909,16 @@ mod tests { #[test] fn test_count_proof_share_encode() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let count = Count::::new(); let encoded_measurement = count.encode_measurement(&true).unwrap(); let szk_typ = Szk::new(count, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = Some(Seed::generate().unwrap()); - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = Some(rng.gen()); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -947,16 +944,17 @@ mod tests { #[test] fn test_sum_leader_proof_share_roundtrip() { + let mut rng = thread_rng(); let max_measurement = 13; let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let sum = Sum::::new(max_measurement).unwrap(); let encoded_measurement = sum.encode_measurement(&9).unwrap(); let szk_typ = Szk::new(sum, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); let leader_seed_opt = None; - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -988,16 +986,17 @@ mod tests { #[test] fn test_sum_helper_proof_share_roundtrip() { + let mut rng = thread_rng(); let max_measurement = 13; let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let sum = Sum::::new(max_measurement).unwrap(); let encoded_measurement = sum.encode_measurement(&9).unwrap(); let szk_typ = Szk::new(sum, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); let leader_seed_opt = None; - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -1029,15 +1028,16 @@ mod tests { #[test] fn test_count_leader_proof_share_roundtrip() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let count = Count::::new(); let encoded_measurement = count.encode_measurement(&true).unwrap(); let szk_typ = Szk::new(count, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); let leader_seed_opt = None; - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -1069,15 +1069,16 @@ mod tests { #[test] fn test_count_helper_proof_share_roundtrip() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let count = Count::::new(); let encoded_measurement = count.encode_measurement(&true).unwrap(); let szk_typ = Szk::new(count, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); let leader_seed_opt = None; - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -1109,16 +1110,17 @@ mod tests { #[test] fn test_sumvec_leader_proof_share_roundtrip() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let sumvec = SumVec::>>::new(5, 3, 3).unwrap(); let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap(); let szk_typ = Szk::new(sumvec, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = Some(Seed::generate().unwrap()); - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = Some(rng.gen()); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; @@ -1150,16 +1152,17 @@ mod tests { #[test] fn test_sumvec_helper_proof_share_roundtrip() { + let mut rng = thread_rng(); let mut nonce = [0u8; 16]; thread_rng().fill(&mut nonce[..]); let sumvec = SumVec::>>::new(5, 3, 3).unwrap(); let encoded_measurement = sumvec.encode_measurement(&vec![1, 16, 0]).unwrap(); let szk_typ = Szk::new(sumvec, 0); - let prove_rand_seed = Seed::generate().unwrap(); - let helper_seed = Seed::generate().unwrap(); - let leader_seed_opt = Some(Seed::generate().unwrap()); - let helper_input_share = random_vector(szk_typ.typ.input_len()).unwrap(); + let prove_rand_seed = rng.gen(); + let helper_seed = rng.gen(); + let leader_seed_opt = Some(rng.gen()); + let helper_input_share = random_vector(szk_typ.typ.input_len()); let mut leader_input_share = encoded_measurement.clone().to_owned(); for (x, y) in leader_input_share.iter_mut().zip(&helper_input_share) { *x -= *y; diff --git a/src/vdaf/poplar1.rs b/src/vdaf/poplar1.rs index f6283c095..ff69c0c2b 100644 --- a/src/vdaf/poplar1.rs +++ b/src/vdaf/poplar1.rs @@ -14,7 +14,7 @@ use crate::{ Aggregatable, Aggregator, Client, Collector, PrepareTransition, Vdaf, VdafError, VERSION, }, }; -use rand_core::RngCore; +use rand::prelude::*; use std::{ collections::BTreeSet, convert::TryFrom, @@ -1044,13 +1044,14 @@ impl, const SEED_SIZE: usize> Client<16> for Poplar1 Result<(Self::PublicShare, Vec>), VdafError> { + let mut rng = thread_rng(); let mut idpf_random = [[0u8; 16]; 2]; let mut poplar_random = [[0u8; SEED_SIZE]; 3]; for random_seed in idpf_random.iter_mut() { - getrandom::getrandom(random_seed)?; + rng.fill(random_seed); } for random_seed in poplar_random.iter_mut() { - getrandom::getrandom(random_seed)?; + rng.fill(&mut random_seed[..]); } self.shard_with_random(ctx, input, nonce, &idpf_random, &poplar_random) } @@ -1559,7 +1560,6 @@ mod tests { use super::*; use crate::vdaf::{equality_comparison_test, test_utils::run_vdaf_prepare}; use assert_matches::assert_matches; - use rand::prelude::*; use serde::Deserialize; use std::collections::HashSet; @@ -1761,10 +1761,12 @@ mod tests { #[test] fn encoded_len() { + let mut rng = thread_rng(); + // Input share let input_share = Poplar1InputShare { - idpf_key: Seed::<16>::generate().unwrap(), - corr_seed: Seed::<16>::generate().unwrap(), + idpf_key: rng.gen::>(), + corr_seed: rng.gen::>(), corr_inner: vec![ [Field64::one(), ::zero()], [Field64::one(), ::zero()], diff --git a/src/vdaf/prio2.rs b/src/vdaf/prio2.rs index dd35e1e3d..9757e8d88 100644 --- a/src/vdaf/prio2.rs +++ b/src/vdaf/prio2.rs @@ -19,7 +19,7 @@ use crate::{ }, }; use hmac::{Hmac, Mac}; -use rand_core::RngCore; +use rand::prelude::*; use sha2::Sha256; use std::{convert::TryFrom, io::Cursor}; use subtle::{Choice, ConstantTimeEq}; @@ -147,6 +147,7 @@ impl Client<16> for Prio2 { measurement: &Vec, _nonce: &[u8; 16], ) -> Result<(Self::PublicShare, Vec>), VdafError> { + let mut rng = thread_rng(); if measurement.len() != self.input_len { return Err(VdafError::Uncategorized("incorrect input length".into())); } @@ -161,15 +162,15 @@ impl Client<16> for Prio2 { }; let mut leader_data = mem.prove_with(self.input_len, copy_data); - let helper_seed = Seed::generate()?; - let helper_prng = Prng::from_prio2_seed(helper_seed.as_ref()); + let helper_seed = rng.gen(); + let helper_prng = Prng::from_prio2_seed(&helper_seed); for (s1, d) in leader_data.iter_mut().zip(helper_prng.into_iter()) { *s1 -= d; } Ok(( (), - vec![Share::Leader(leader_data), Share::Helper(helper_seed)], + vec![Share::Leader(leader_data), Share::Helper(Seed(helper_seed))], )) } } @@ -399,7 +400,6 @@ mod tests { test_utils::run_vdaf, }; use assert_matches::assert_matches; - use rand::prelude::*; // The value of this string doesn't matter. Prio2 is not defined to use the context string for // any computation diff --git a/src/vdaf/prio2/client.rs b/src/vdaf/prio2/client.rs index 32b9af52a..830597e3e 100644 --- a/src/vdaf/prio2/client.rs +++ b/src/vdaf/prio2/client.rs @@ -7,29 +7,13 @@ use crate::{ codec::CodecError, field::FftFriendlyFieldElement, polynomial::{fft_get_roots, poly_fft, PolyFFTTempMemory}, - prng::{Prng, PrngError}, - vdaf::{ - xof::{Seed, SeedStreamAes128}, - VdafError, - }, + prng::Prng, + vdaf::{xof::SeedStreamAes128, VdafError}, }; +use rand::prelude::*; use std::convert::TryFrom; -/// Errors that might be emitted by the client. -#[derive(Debug, thiserror::Error)] -pub(crate) enum ClientError { - /// PRNG error - #[error("prng error: {0}")] - Prng(#[from] PrngError), - /// VDAF error - #[error("vdaf error: {0}")] - Vdaf(#[from] VdafError), - /// failure when calling getrandom(). - #[error("getrandom: {0}")] - GetRandom(#[from] getrandom::Error), -} - /// Serialization errors #[derive(Debug, thiserror::Error)] pub enum SerializeError { @@ -56,6 +40,7 @@ pub(crate) struct ClientMemory { impl ClientMemory { pub(crate) fn new(dimension: usize) -> Result { + let mut rng = thread_rng(); let n = (dimension + 1).next_power_of_two(); if let Ok(size) = F::Integer::try_from(2 * n) { if size > F::generator_order() { @@ -70,7 +55,7 @@ impl ClientMemory { } Ok(Self { - prng: Prng::from_prio2_seed(Seed::<32>::generate()?.as_ref()), + prng: Prng::from_prio2_seed(&rng.gen()), points_f: vec![F::zero(); n], points_g: vec![F::zero(); n], evals_f: vec![F::zero(); 2 * n], diff --git a/src/vdaf/prio2/server.rs b/src/vdaf/prio2/server.rs index 26aa4a621..f54eac2d6 100644 --- a/src/vdaf/prio2/server.rs +++ b/src/vdaf/prio2/server.rs @@ -5,7 +5,6 @@ use crate::{ field::{FftFriendlyFieldElement, FieldError}, polynomial::poly_interpret_eval, - prng::PrngError, vdaf::prio2::client::{unpack_proof, SerializeError}, }; use serde::{Deserialize, Serialize}; @@ -23,12 +22,6 @@ pub enum ServerError { /// Serialization/deserialization error #[error("serialization/deserialization error")] Serialize(#[from] SerializeError), - /// Failure when calling getrandom(). - #[error("getrandom: {0}")] - GetRandom(#[from] getrandom::Error), - /// PRNG error. - #[error("prng error: {0}")] - Prng(#[from] PrngError), } /// Verification message for proof validation @@ -224,8 +217,7 @@ mod tests { ]; let proof: Vec = proof_u32.iter().map(|x| FieldPrio2::from(*x)).collect(); - let [share1, share2]: [Vec; 2] = - split_vector(&proof, 2).unwrap().try_into().unwrap(); + let [share1, share2]: [Vec; 2] = split_vector(&proof, 2).try_into().unwrap(); let eval_at = FieldPrio2::from(12313); let v1 = generate_verification_message(dim, eval_at, &share1, true).unwrap(); @@ -243,8 +235,7 @@ mod tests { ]; let proof: Vec = proof_u32.iter().map(|x| FieldPrio2::from(*x)).collect(); - let [share1, share2]: [Vec; 2] = - split_vector(&proof, 2).unwrap().try_into().unwrap(); + let [share1, share2]: [Vec; 2] = split_vector(&proof, 2).try_into().unwrap(); let eval_at = FieldPrio2::from(12313); let v1 = generate_verification_message(dim, eval_at, &share1, true).unwrap(); diff --git a/src/vdaf/prio2/test_vector.rs b/src/vdaf/prio2/test_vector.rs index 114b437b5..87c3ebb24 100644 --- a/src/vdaf/prio2/test_vector.rs +++ b/src/vdaf/prio2/test_vector.rs @@ -2,18 +2,10 @@ //! Test vectors of serialized Prio inputs, enabling backward compatibility testing. -use crate::{field::FieldPrio2, vdaf::prio2::client::ClientError}; +use crate::field::FieldPrio2; use serde::{Deserialize, Serialize}; use std::fmt::Debug; -/// Errors propagated by functions in this module. -#[derive(Debug, thiserror::Error)] -pub(crate) enum TestVectorError { - /// Error from Prio client - #[error("Prio client error {0}")] - Client(#[from] ClientError), -} - /// A test vector of serialized Priov2 inputs, along with a reference sum. The field is always /// [`FieldPrio2`]. #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)] diff --git a/src/vdaf/prio3.rs b/src/vdaf/prio3.rs index 1759af278..94edc192e 100644 --- a/src/vdaf/prio3.rs +++ b/src/vdaf/prio3.rs @@ -58,6 +58,7 @@ use crate::vdaf::{ }; #[cfg(feature = "experimental")] use fixed::traits::Fixed; +use rand::prelude::*; use std::borrow::Cow; use std::convert::TryFrom; use std::fmt::Debug; @@ -1221,7 +1222,7 @@ where nonce: &[u8; 16], ) -> Result<(Self::PublicShare, Vec>), VdafError> { let mut random = vec![0u8; self.random_size()]; - getrandom::getrandom(&mut random)?; + thread_rng().fill(&mut random[..]); self.shard_with_random(ctx, measurement, nonce, &random) } } @@ -1743,7 +1744,6 @@ mod tests { }, FixedI16, FixedI32, FixedI64, }; - use rand::prelude::*; const CTX_STR: &[u8] = b"prio3 ctx"; diff --git a/src/vdaf/xof.rs b/src/vdaf/xof.rs index c59de1445..4cc7cdb03 100644 --- a/src/vdaf/xof.rs +++ b/src/vdaf/xof.rs @@ -33,6 +33,8 @@ use rand_core::{ impls::{next_u32_via_fill, next_u64_via_fill}, RngCore, SeedableRng, }; + +use rand::distributions::{Distribution, Standard}; #[cfg(feature = "crypto-dependencies")] use sha2::Sha256; use sha3::{ @@ -51,14 +53,15 @@ use subtle::{Choice, ConstantTimeEq}; #[derive(Clone, Debug)] pub struct Seed(pub(crate) [u8; SEED_SIZE]); -impl Seed { - /// Generate a uniform random seed. - pub fn generate() -> Result { - let mut seed = [0; SEED_SIZE]; - getrandom::getrandom(&mut seed)?; - Ok(Self::from_bytes(seed)) +impl Distribution> for Standard { + fn sample(&self, rng: &mut R) -> Seed { + let mut seed_bytes = [0; SEED_SIZE]; + rng.fill(&mut seed_bytes[..]); + Seed(seed_bytes) } +} +impl Seed { /// Construct seed from a byte slice. pub(crate) fn from_bytes(seed: [u8; SEED_SIZE]) -> Self { Self(seed) @@ -548,6 +551,7 @@ impl Xof<32> for XofHmacSha256Aes128 { mod tests { use super::*; use crate::{field::Field128, vdaf::equality_comparison_test}; + use rand::prelude::*; use serde::{Deserialize, Serialize}; use std::{convert::TryInto, io::Cursor}; @@ -571,7 +575,8 @@ mod tests { where P: Xof, { - let seed = Seed::generate().unwrap(); + let mut rng = thread_rng(); + let seed = rng.gen::>(); let dst = b"algorithm and usage"; let binder = b"bind to artifact"; @@ -664,7 +669,8 @@ mod tests { #[cfg(feature = "experimental")] #[test] fn xof_fixed_key_aes128_incomplete_block() { - let seed = Seed::generate().unwrap(); + let mut rng = thread_rng(); + let seed = rng.gen::>(); let mut expected = [0; 32]; XofFixedKeyAes128::seed_stream(seed.as_ref(), &[b"dst"], &[b"binder"]).fill(&mut expected); @@ -678,11 +684,12 @@ mod tests { #[cfg(feature = "experimental")] #[test] fn xof_fixed_key_aes128_alternate_apis() { + let mut rng = thread_rng(); let fixed_dst = b"domain separation tag"; let ctx = b"context string"; let binder = b"AAAAAAAAAAAAAAAAAAAAAAAA"; - let seed_1 = Seed::generate().unwrap(); - let seed_2 = Seed::generate().unwrap(); + let seed_1 = rng.gen::>(); + let seed_2 = rng.gen::>(); let mut stream_1_trait_api = XofFixedKeyAes128::seed_stream(seed_1.as_ref(), &[fixed_dst, ctx], &[binder]); diff --git a/src/vidpf.rs b/src/vidpf.rs index 7222bf87a..c44a8b1ff 100644 --- a/src/vidpf.rs +++ b/src/vidpf.rs @@ -15,7 +15,7 @@ use core::{ }; use bitvec::prelude::{BitVec, Lsb0}; -use rand_core::RngCore; +use rand::prelude::*; use std::fmt::Debug; use std::io::{Cursor, Read}; use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq}; @@ -46,10 +46,6 @@ pub enum VidpfError { /// Error when a weight has an unexpected length. #[error("invalid weight length")] InvalidWeightLength, - - /// Failure when calling getrandom(). - #[error("getrandom: {0}")] - GetRandom(#[from] getrandom::Error), } /// Represents the domain of an incremental point function. @@ -102,7 +98,8 @@ impl Vidpf { weight: &W, nonce: &[u8], ) -> Result<(VidpfPublicShare, [VidpfKey; 2]), VidpfError> { - let keys = [VidpfKey::generate()?, VidpfKey::generate()?]; + let mut rng = thread_rng(); + let keys = rng.gen(); let public = self.gen_with_keys(ctx, &keys, input, weight, nonce)?; Ok((public, keys)) }