Trait ff::FromUniformBytes
source · pub trait FromUniformBytes<const N: usize>: PrimeField {
// Required method
fn from_uniform_bytes(bytes: &[u8; N]) -> Self;
}
Expand description
Trait for constructing a PrimeField
element from a fixed-length uniform byte
array.
“Uniform” means that the byte array’s contents must be indistinguishable from the discrete uniform distribution. Suitable byte arrays can be obtained:
- from a cryptographically-secure randomness source (which makes this constructor
equivalent to
Field::random
). - from a cryptographic hash function output, which enables a “random” field element to
be selected deterministically. This is the primary use case for
FromUniformBytes
.
The length N
of the byte array is chosen by the trait implementer such that the loss
of uniformity in the mapping from byte arrays to field elements is cryptographically
negligible.
§Examples
use blake2b_simd::blake2b;
use bls12_381::Scalar;
use ff::FromUniformBytes;
// `bls12_381::Scalar` implements `FromUniformBytes<64>`, and BLAKE2b (by default)
// produces a 64-byte hash.
let hash = blake2b(b"Some message");
let val = Scalar::from_uniform_bytes(hash.as_array());
§Implementing FromUniformBytes
Self::from_uniform_bytes
should always be implemented by interpreting the provided
byte array as the little endian unsigned encoding of an integer, and then reducing that
integer modulo the field modulus.
For security, N
must be chosen so that N * 8 >= Self::NUM_BITS + 128
. A larger
value of N
may be chosen for convenience; for example, for a field with a 255-bit
modulus, N = 64
is convenient as it matches the output length of several common
cryptographic hash functions (such as SHA-512 and BLAKE2b).
§Trait design
This trait exists because PrimeField::from_uniform_bytes([u8; N])
cannot currently
exist (trait methods cannot use associated constants in the const positions of their
type signature, and we do not want PrimeField
to require a generic const parameter).
However, this has the side-effect that FromUniformBytes
can be implemented multiple
times for different values of N
. Most implementations of PrimeField
should only
need to implement FromUniformBytes
trait for one value of N
(chosen following the
above considerations); if you find yourself needing to implement it multiple times,
please let us know about your use case so
we can take it into consideration for future evolutions of the ff
traits.
Required Methods§
sourcefn from_uniform_bytes(bytes: &[u8; N]) -> Self
fn from_uniform_bytes(bytes: &[u8; N]) -> Self
Returns a field element that is congruent to the provided little endian unsigned byte representation of an integer.