pub fn select_spotcheck_indices(
nonce: &[u8; 32],
path: &SubtreePath,
k: u32,
) -> Vec<u32>Expand description
Pick k distinct nonce-derived leaf positions within the selected subtree.
Returned as indices into path.real_leaf_count() (0-based within the
subtree). DETERMINISTIC from the nonce.
NOT used for the live round-2 sample. Deriving the byte-challenge sample
from the round-1 nonce is unsound: the structural root check binds only
(key, bytes_hash) (both public), not nonced_hash, so a responder that
knows the nonce at proof-build time could fabricate nonced_hash on every
un-sampled leaf and fetch only the predictable sample. The auditor therefore
chooses the round-2 sample with fresh CSPRNG randomness after receiving the
proof (storage_commitment_audit::random_spotcheck_leaves). This
deterministic helper is retained only for tests/observers that need a
reproducible selection.