magikitten 0.1.0

Easy Fiat-Shamirization using Meow
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

use ck_meow::Meow;
use rand_core::{CryptoRng, RngCore};

/// The size of the seeds our RNG consumes, in bytes.
pub const SEED_SIZE: usize = 32;
/// A label we use to domain separate our RNG.
const CHALLENGE_RNG_CONTEXT: &[u8] = b"magikitten v0.1.0 challenge rng";

/// A pseudo-random number generator.
///
/// This RNG is initialized with a seed, and from that point generates bits
/// deterministically from that seed. Crucially, these bits are determined
/// solely by that seed, and not by how they're pulled from the RNG.
/// Pulling bytes by chunks of 8, or chunks of 16, or 32, etc. will yield
/// the same bytes.
///
/// Treating the RNG as an unstructured stream makes it more easy to produce consistent
/// results. Refactoring the code to use a larger buffer won't change the results,
/// for example.
pub struct MeowRng {
    meow: Meow,
}

impl MeowRng {
    /// Create a new RNG from a seed.
    pub fn new(seed: &[u8; SEED_SIZE]) -> Self {
        let mut meow = Meow::new(CHALLENGE_RNG_CONTEXT);
        meow.key(seed, false);

        // This is a bit of a hack, so that we can use more = true for subsequent
        // operations.
        meow.prf(&mut [], false);

        Self { meow }
    }
}

impl RngCore for MeowRng {
    fn next_u32(&mut self) -> u32 {
        rand_core::impls::next_u32_via_fill(self)
    }

    fn next_u64(&mut self) -> u64 {
        rand_core::impls::next_u64_via_fill(self)
    }

    fn fill_bytes(&mut self, dest: &mut [u8]) {
        self.meow.prf(dest, true);
    }

    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> {
        self.fill_bytes(dest);
        Ok(())
    }
}

impl CryptoRng for MeowRng {}

#[cfg(test)]
mod test {
    use super::*;

    #[test]
    fn test_rng_is_prefix() {
        let seed = [0xFF; 32];
        let mut rng0 = MeowRng::new(&seed);
        let mut rng1 = MeowRng::new(&seed);

        let mut data0 = [0; 32];
        rng0.fill_bytes(&mut data0);
        let mut data1 = [0; 64];
        rng1.fill_bytes(&mut data1);

        assert_eq!(&data0, &data1[..32]);
    }
}