Rename Group methods

- `random_nonzero_scalar` -> `random_scalar`
- `scalar_as_bytes` -> `serialize_scalar`
- `scalar_invert` -> `invert_scalar`

Author: daxpedda

src/group/mod.rs

@@ -83,13 +83,13 @@ pub trait Group {
     fn deserialize_scalar(scalar_bits: &GenericArray<u8, Self::ScalarLen>) -> Result<Self::Scalar>;
 
     /// picks a scalar at random
-    fn random_nonzero_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar;
+    fn random_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar;
 
     /// Serializes a scalar to bytes
-    fn scalar_as_bytes(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen>;
+    fn serialize_scalar(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen>;
 
     /// The multiplicative inverse of this scalar
-    fn scalar_invert(scalar: &Self::Scalar) -> Self::Scalar;
+    fn invert_scalar(scalar: Self::Scalar) -> Self::Scalar;
 
     /// Return an element from its fixed-length bytes representation. This is
     /// the unchecked version, which does not check for deserializing the

src/group/p256.rs

@@ -150,16 +150,16 @@ impl Group for NistP256 {
             .map_err(|_| Error::ScalarError)
     }
 
-    fn random_nonzero_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
-        Scalar::random(rng)
+    fn random_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
+        *SecretKey::random(rng).to_nonzero_scalar()
     }
 
-    fn scalar_as_bytes(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen> {
+    fn serialize_scalar(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen> {
         scalar.into()
     }
 
-    fn scalar_invert(scalar: &Self::Scalar) -> Self::Scalar {
-        scalar.invert().unwrap_or(Scalar::zero())
+    fn invert_scalar(scalar: Self::Scalar) -> Self::Scalar {
+        Option::from(scalar.invert()).unwrap()
     }
 
     fn from_element_slice_unchecked(

src/group/ristretto.rs

@@ -31,6 +31,8 @@ impl Group for Ristretto255 {
 
     type Elem = RistrettoPoint;
 
+    type ElemLen = U32;
+
     type Scalar = Scalar;
 
     type ScalarLen = U32;
@@ -84,7 +86,7 @@ impl Group for Ristretto255 {
             .ok_or(Error::ScalarError)
     }
 
-    fn random_nonzero_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
+    fn random_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
         loop {
             let scalar = {
                 let mut scalar_bytes = [0u8; 64];
@@ -98,16 +100,14 @@ impl Group for Ristretto255 {
         }
     }
 
-    fn scalar_as_bytes(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen> {
+    fn serialize_scalar(scalar: Self::Scalar) -> GenericArray<u8, Self::ScalarLen> {
         scalar.to_bytes().into()
     }
 
-    fn scalar_invert(scalar: &Self::Scalar) -> Self::Scalar {
+    fn invert_scalar(scalar: Self::Scalar) -> Self::Scalar {
         scalar.invert()
     }
 
-    // The byte length necessary to represent group elements
-    type ElemLen = U32;
     fn from_element_slice_unchecked(
         element_bits: &GenericArray<u8, Self::ElemLen>,
     ) -> Result<Self::Elem> {

src/group/tests.rs

@@ -45,7 +45,7 @@ fn test_identity_element_error<G: Group>() -> Result<()> {
 // Checks that the zero scalar cannot be deserialized
 fn test_zero_scalar_error<G: Group>() -> Result<()> {
     let zero_scalar = G::scalar_zero();
-    let result = G::deserialize_scalar(&G::scalar_as_bytes(zero_scalar));
+    let result = G::deserialize_scalar(&G::serialize_scalar(zero_scalar));
     assert!(matches!(result, Err(Error::ScalarError)));
 
     Ok(())

src/serialization.rs

@@ -30,7 +30,7 @@ use crate::{
 impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> NonVerifiableClient<G, H> {
     /// Serialization into bytes
     pub fn serialize(&self) -> GenericArray<u8, G::ScalarLen> {
-        G::scalar_as_bytes(self.blind)
+        G::serialize_scalar(self.blind)
     }
 
     /// Deserialization from bytes
@@ -53,7 +53,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> VerifiableClient<G,
         G::ScalarLen: Add<G::ElemLen>,
         Sum<G::ScalarLen, G::ElemLen>: ArrayLength<u8>,
     {
-        G::scalar_as_bytes(self.blind).concat(G::to_arr(self.blinded_element))
+        G::serialize_scalar(self.blind).concat(G::to_arr(self.blinded_element))
     }
 
     /// Deserialization from bytes
@@ -74,7 +74,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> VerifiableClient<G,
 impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> NonVerifiableServer<G, H> {
     /// Serialization into bytes
     pub fn serialize(&self) -> GenericArray<u8, G::ScalarLen> {
-        G::scalar_as_bytes(self.sk)
+        G::serialize_scalar(self.sk)
     }
 
     /// Deserialization from bytes
@@ -97,7 +97,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> VerifiableServer<G,
         G::ScalarLen: Add<G::ElemLen>,
         Sum<G::ScalarLen, G::ElemLen>: ArrayLength<u8>,
     {
-        G::scalar_as_bytes(self.sk).concat(G::to_arr(self.pk))
+        G::serialize_scalar(self.sk).concat(G::to_arr(self.pk))
     }
 
     /// Deserialization from bytes
@@ -122,7 +122,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> Proof<G, H> {
         G::ScalarLen: Add<G::ScalarLen>,
         Sum<G::ScalarLen, G::ScalarLen>: ArrayLength<u8>,
     {
-        G::scalar_as_bytes(self.c_scalar).concat(G::scalar_as_bytes(self.s_scalar))
+        G::serialize_scalar(self.c_scalar).concat(G::serialize_scalar(self.s_scalar))
     }
 
     /// Deserialization from bytes

src/tests/voprf_test_vectors.rs

@@ -153,7 +153,7 @@ fn test_base_seed_to_key<G: Group, H: BlockSizeUser + Digest + FixedOutputReset>
 
         assert_eq!(
             &parameters.sksm,
-            &G::scalar_as_bytes(server.get_private_key()).to_vec()
+            &G::serialize_scalar(server.get_private_key()).to_vec()
         );
     }
     Ok(())
@@ -167,7 +167,7 @@ fn test_verifiable_seed_to_key<G: Group, H: BlockSizeUser + Digest + FixedOutput
 
         assert_eq!(
             &parameters.sksm,
-            &G::scalar_as_bytes(server.get_private_key()).to_vec()
+            &G::serialize_scalar(server.get_private_key()).to_vec()
         );
         assert_eq!(
             &parameters.pksm,
@@ -192,7 +192,7 @@ fn test_base_blind<G: Group, H: BlockSizeUser + Digest + FixedOutputReset>(
 
             assert_eq!(
                 &parameters.blind[i],
-                &G::scalar_as_bytes(client_result.state.blind).to_vec()
+                &G::serialize_scalar(client_result.state.blind).to_vec()
             );
             assert_eq!(
                 parameters.blinded_element[i].as_slice(),
@@ -218,7 +218,7 @@ fn test_verifiable_blind<G: Group, H: BlockSizeUser + Digest + FixedOutputReset>
 
             assert_eq!(
                 &parameters.blind[i],
-                &G::scalar_as_bytes(client_blind_result.state.get_blind()).to_vec()
+                &G::serialize_scalar(client_blind_result.state.get_blind()).to_vec()
             );
             assert_eq!(
                 parameters.blinded_element[i].as_slice(),

src/voprf.rs

@@ -255,7 +255,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> NonVerifiableClient
         evaluation_element: &EvaluationElement<G, H>,
         metadata: Option<&[u8]>,
     ) -> Result<Output<H>> {
-        let unblinded_element = evaluation_element.value * &G::scalar_invert(&self.blind);
+        let unblinded_element = evaluation_element.value * &G::invert_scalar(self.blind);
         let mut outputs = finalize_after_unblind::<G, H, _, _>(
             Some((input, unblinded_element)).into_iter(),
             metadata.unwrap_or_default(),
@@ -459,7 +459,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> NonVerifiableServer
             GenericArray::from(STR_HASH_TO_SCALAR).concat(get_context_string::<G>(Mode::Base));
         let m = G::hash_to_scalar::<H, _, _>(context, dst)?;
         let t = self.sk + &m;
-        let evaluation_element = blinded_element.value * &G::scalar_invert(&t);
+        let evaluation_element = blinded_element.value * &G::invert_scalar(t);
         Ok(NonVerifiableServerEvaluateResult {
             message: EvaluationElement {
                 value: evaluation_element,
@@ -600,7 +600,7 @@ impl<G: Group, H: BlockSizeUser + Digest + FixedOutputReset> VerifiableServer<G,
         let evaluation_elements = blinded_elements
             // To make a return type possible, we have to convert to a `fn` pointer, which isn't
             // possible if we `move` from context.
-            .zip(iter::repeat(G::scalar_invert(&t)))
+            .zip(iter::repeat(G::invert_scalar(t)))
             .map(<fn((&BlindedElement<G, H>, _)) -> _>::from(|(x, t)| {
                 PreparedEvaluationElement(EvaluationElement {
                     value: x.value * &t,
@@ -843,7 +843,7 @@ fn blind<G: Group, H: BlockSizeUser + Digest + FixedOutputReset, R: RngCore + Cr
     mode: Mode,
 ) -> Result<(G::Scalar, G::Elem)> {
     // Choose a random scalar that must be non-zero
-    let blind = G::random_nonzero_scalar(blinding_factor_rng);
+    let blind = G::random_scalar(blinding_factor_rng);
     let blinded_element = deterministic_blind_unchecked::<G, H>(input, &blind, mode)?;
     Ok((blind, blinded_element))
 }
@@ -919,7 +919,7 @@ where
 
     Ok(blinds
         .zip(messages.into_iter())
-        .map(|(blind, x)| x.value * &G::scalar_invert(&blind)))
+        .map(|(blind, x)| x.value * &G::invert_scalar(blind)))
 }
 
 #[allow(clippy::many_single_char_names)]
@@ -937,7 +937,7 @@ fn generate_proof<
 ) -> Result<Proof<G, H>> {
     let (m, z) = compute_composites(Some(k), b, cs, ds)?;
 
-    let r = G::random_nonzero_scalar(rng);
+    let r = G::random_scalar(rng);
     let t2 = a * &r;
     let t3 = m * &r;
 
@@ -1134,7 +1134,7 @@ mod tests {
         let dst = GenericArray::from(STR_HASH_TO_SCALAR).concat(get_context_string::<G>(mode));
         let m = G::hash_to_scalar::<H, _, _>(context, dst).unwrap();
 
-        let res = point * &G::scalar_invert(&(key + &m));
+        let res = point * &G::invert_scalar(key + &m);
 
         finalize_after_unblind::<G, H, _, _>(Some((input, res)).into_iter(), info, mode)
             .unwrap()