zkcrypto · str4d · Dec 30, 2022 · Apr 16, 2025 · Apr 16, 2025 · Apr 16, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,14 @@ and this library adheres to Rust's notion of
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- MSRV is now 1.63.0.
+- Migrated to `ff 0.14`, `rand_core 0.9`.
+- `group::Group::random(rng: impl RngCore) -> Self` has been changed to
+  `Group::random<R: RngCore + ?Sized>(rng: &mut R) -> Self`, to enable passing a
+  trait object as the RNG.
+- `group::Group::try_from_rng` is a new trait method that must be implemented by
+  downstreams. `Group::random` now has a default implementation that calls it.
 
 ## [0.13.0] - 2022-12-06
 ### Changed

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,12 +1,12 @@
 [package]
 name = "group"
-version = "0.13.0"
+version = "0.14.0-pre.0"
 authors = [
     "Sean Bowe <ewillbefull@gmail.com>",
     "Jack Grigg <jack@z.cash>",
 ]
 edition = "2021"
-rust-version = "1.56"
+rust-version = "1.63"
 readme = "README.md"
 license = "MIT/Apache-2.0"
 
@@ -16,10 +16,10 @@ homepage = "https://github.com/zkcrypto/group"
 repository = "https://github.com/zkcrypto/group"
 
 [dependencies]
-ff = { version = "0.13", default-features = false }
-rand = { version = "0.8", optional = true, default-features = false }
-rand_core = { version = "0.6", default-features = false }
-rand_xorshift = { version = "0.3", optional = true }
+ff = { version = "=0.14.0-pre.0", default-features = false }
+rand = { version = "0.9", optional = true, default-features = false }
+rand_core = { version = "0.9", default-features = false }
+rand_xorshift = { version = "0.4", optional = true }
 subtle = { version = "2.2.1", default-features = false }
 
 # Crate for exposing the dynamic memory usage of the w-NAF structs.

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ wider discussion.
 
 ## Minimum Supported Rust Version
 
-Requires Rust **1.56** or higher.
+Requires Rust **1.63** or higher.
 
 Minimum supported Rust version can be changed in the future, but it will be done with a
 minor version bump.

diff --git a/rust-toolchain.toml b/rust-toolchain.toml
@@ -1,3 +1,3 @@
 [toolchain]
-channel = "1.56.0"
+channel = "1.63.0"
 components = [ "clippy", "rustfmt" ]
diff --git a/src/lib.rs b/src/lib.rs
@@ -9,11 +9,12 @@ extern crate alloc;
 // Re-export ff to make version-matching easier.
 pub use ff;
 
+use core::convert::Infallible;
 use core::fmt;
 use core::iter::Sum;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 use ff::PrimeField;
-use rand_core::RngCore;
+use rand_core::{RngCore, TryRngCore};
 use subtle::{Choice, CtOption};
 
 pub mod cofactor;
@@ -76,7 +77,22 @@ pub trait Group:
     /// this group.
     ///
     /// This function is non-deterministic, and samples from the user-provided RNG.
-    fn random(rng: impl RngCore) -> Self;
+    fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self {
+        Self::try_from_rng(rng)
+            .map_err(|e: Infallible| e)
+            .expect("Infallible failed")
+
+        // NOTE: once MSRV gets to 1.82 remove the map_err/expect and use
+        // let Ok(out) = Self::try_from_rng(rng);
+        // out
+        // See: https://blog.rust-lang.org/2024/10/17/Rust-1.82.0.html#omitting-empty-types-in-pattern-matching
+    }
+
+    /// Returns an element chosen uniformly at random from the non-identity elements of
+    /// this group.
+    ///
+    /// This function is non-deterministic, and samples from the user-provided RNG.
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error>;
 
     /// Returns the additive identity, also known as the "neutral element".
     fn identity() -> Self;
@@ -90,6 +106,12 @@ pub trait Group:
     /// Doubles this element.
     #[must_use]
     fn double(&self) -> Self;
+
+    /// Multiply by the generator of the prime-order subgroup.
+    #[must_use]
+    fn mul_by_generator(scalar: &Self::Scalar) -> Self {
+        Self::generator() * scalar
+    }
 }
 
 /// Efficient representation of an elliptic curve point guaranteed.

diff --git a/src/tests/mod.rs b/src/tests/mod.rs
@@ -378,8 +378,8 @@ fn random_transformation_tests<G: PrimeCurve>() {
     for _ in 0..10 {
         let mut v = (0..1000).map(|_| G::random(&mut rng)).collect::<Vec<_>>();
 
-        use rand::distributions::{Distribution, Uniform};
-        let between = Uniform::new(0, 1000);
+        use rand::distr::{Distribution, Uniform};
+        let between = Uniform::new(0, 1000).unwrap();
         // Sprinkle in some normalized points
         for _ in 0..5 {
             v[between.sample(&mut rng)] = G::identity();

diff --git a/src/wnaf.rs b/src/wnaf.rs
@@ -255,6 +255,12 @@ pub struct Wnaf<W, B, S> {
     window_size: W,
 }
 
+impl<G: Group> Default for Wnaf<(), Vec<G>, Vec<i64>> {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
 impl<G: Group> Wnaf<(), Vec<G>, Vec<i64>> {
     /// Construct a new wNAF context without allocating.
     pub fn new() -> Self {