adds a Field::try_from_rng method #127
Conversation
baloo
force-pushed
the
baloo/try_from_rng
branch
from
72a85c2 to
535bfe6
Compare
baloo
force-pushed
the
baloo/try_from_rng
branch
from
535bfe6 to
4ccfef5
Compare
Depends: - zkcrypto/ff#126 - zkcrypto/ff#127 This is to provide an `ecdsa::SigningKey::try_from_rng` API (RustCrypto/signatures#915)
| fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self; | ||
|
|
||
| /// Returns an element chosen uniformly at random using a user-provided RNG. | ||
| fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error>; |
There was a problem hiding this comment.
Concept ACK (this will address #109), but I want to understand the ?Sized change first (#126 (comment)).
Also, this change to the trait should be documented in the changelog.
baloo
force-pushed
the
baloo/try_from_rng
branch
from
4ccfef5 to
fed79ef
Compare
baloo
force-pushed
the
baloo/try_from_rng
branch
from
fed79ef to
94d4f18
Compare
str4d
left a comment
str4d
left a comment
There was a problem hiding this comment.
Reviewed 94d4f18.
My main question is what approach should the API take:
- Should we require trait implementers to implement both of these manually (as the PR currently does)? Are there platforms where the infallible RNG APIs are not simply wrappers around the fallible APIs?
- Should this become the main API that gets implemented, and
Field::randomgains a default method that callsSelf::try_from_rng(rng).expect("must not fail")?- If this is what all downstream RNG APIs do, then we can do the same.
- Should
Field::try_from_rnghave a default impl ofOk(Self::random(rng))(making this a pure addition)?- I like this option the least, as it hides a panic inside an API that claims it reports errors.
| fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self; | ||
|
|
||
| /// Returns an element chosen uniformly at random using a user-provided RNG. | ||
| fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error>; |
There was a problem hiding this comment.
Same as #126 (comment), ff-derive needs to be updated to generate the new API.
CHANGELOG.md
Outdated
| ## [Unreleased] | ||
|
|
||
| ### Added | ||
| - `Field::try_from_rng` method. |
There was a problem hiding this comment.
This is a change to the crate, not an addition, because it adds a new method to the Field trait without a default implementation.
baloo
force-pushed
the
baloo/try_from_rng
branch
2 times, most recently
from
5dbbdee to
f015932
Compare
yeah I went with that, the blanket TryRngCore we get has an |
baloo
force-pushed
the
baloo/try_from_rng
branch
3 times, most recently
from
0d75807 to
339e82c
Compare
There was a problem hiding this comment.
utACK 339e82c once ff_derive comment is addressed.
As with #126 (review), this change will need to go through a zkcrypto RFC before we cut the final 0.14.0 release.
ff_derive/src/lib.rs
Outdated
|
|
||
| /// Computes a uniformly random element using rejection sampling. | ||
| fn random<R: ::ff::derive::rand_core::RngCore + ?Sized>(rng: &mut R) -> Self { | ||
| fn try_from_rng<R: ::ff::derive::rand_core::TryRngCore + ?Sized>(rng: &mut R) -> core::result::Result<Self, R::Error> { |
There was a problem hiding this comment.
We always use ::crate_name notation to defend against the import decisions within the module in which the derive is used (see the rest of ff_derive for examples).
| fn try_from_rng<R: ::ff::derive::rand_core::TryRngCore + ?Sized>(rng: &mut R) -> core::result::Result<Self, R::Error> { | |
| fn try_from_rng<R: ::ff::derive::rand_core::TryRngCore + ?Sized>(rng: &mut R) -> ::core::result::Result<Self, R::Error> { |
CHANGELOG.md
Outdated
| - `ff::Field::random(rng: impl RngCore) -> Self` has been changed back to | ||
| `Field::random<R: RngCore + ?Sized>(rng: &mut R) -> Self`, to enable passing a | ||
| trait object as the RNG. | ||
| - `Field::try_from_rng` added. It accepts a `rand_core::TryRngCore` mutable reference. |
There was a problem hiding this comment.
| - `Field::try_from_rng` added. It accepts a `rand_core::TryRngCore` mutable reference. | |
| - `ff::Field::try_from_rng` is a new trait method that must be implemented by | |
| downstreams. `Field::random` now has a default implementation that calls it. |
| fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self; | ||
| fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self { | ||
| Self::try_from_rng(rng) | ||
| .map_err(|e: Infallible| e) |
There was a problem hiding this comment.
I confirmed that due to a blanket impl<R: RngCore> TryRngCore<Error = Infallible> for R, this does not impose any additional constraints or require any changes to the trait method documentation.
baloo
force-pushed
the
baloo/try_from_rng
branch
from
339e82c to
ae84736
Compare
2 participants
This is stacked on #126