Migrate to ff 0.14, rand 0.9

Cargo.toml

@@ -18,18 +18,18 @@ rustdoc-args = ["--html-in-header", "katex-header.html"]
 
 [dependencies]
 digest = { version = "0.10", optional = true }
-ff = { version = "0.13", default-features = false }
-group = { version = "0.13", optional = true, default-features = false }
-pairing = { version = "0.23", optional = true }
-rand_core = { version = "0.6", default-features = false }
+ff = { version = "=0.14.0-pre.0", default-features = false }
+group = { version = "=0.14.0-pre.0", optional = true, default-features = false }
+pairing = { version = "=0.24.0-pre.0", optional = true }
+rand_core = { version = "0.9", default-features = false }
 subtle = { version = "2.2.1", default-features = false }
 zeroize = { version = "1.4", optional = true, default-features = false }
 
 [dev-dependencies]
 csv = ">= 1.0, < 1.2" # csv 1.2 has MSRV 1.60
 criterion = "0.3"
 hex-literal = "0.3"
-rand_xorshift = "0.3"
+rand_xorshift = "0.4"
 sha2 = "0.10"
 sha3 = "0.10"
 

RELEASES.md

@@ -1,7 +1,8 @@
 # Unreleased
 ## Changed
 - MSRV is now 1.63.0.
-- Bumped dependencies to `digest 0.10`.
+- Bumped dependencies to `digest 0.10`, `ff 0.14`, `group 0.14`, `pairing 0.24`,
+  `rand_core 0.9`.
 
 # 0.8.0
 ## Changed

src/fp.rs

@@ -3,7 +3,7 @@
 
 use core::fmt;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 use crate::util::{adc, mac, sbb};
@@ -226,12 +226,12 @@ impl Fp {
         res
     }
 
-    pub(crate) fn random(mut rng: impl RngCore) -> Fp {
+    pub(crate) fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Fp, R::Error> {
         let mut bytes = [0u8; 96];
-        rng.fill_bytes(&mut bytes);
+        rng.try_fill_bytes(&mut bytes)?;
 
         // Parse the random bytes as a big-endian number, to match Fp encoding order.
-        Fp::from_u768([
+        Ok(Fp::from_u768([
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[0..8]).unwrap()),
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[8..16]).unwrap()),
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[16..24]).unwrap()),
@@ -244,7 +244,7 @@ impl Fp {
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[72..80]).unwrap()),
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[80..88]).unwrap()),
             u64::from_be_bytes(<[u8; 8]>::try_from(&bytes[88..96]).unwrap()),
-        ])
+        ]))
     }
 
     /// Reduces a big-endian 64-bit limb representation of a 768-bit number.

src/fp12.rs

@@ -7,7 +7,7 @@ use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "pairings")]
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 
 /// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6} / w^2 - v$.
 pub struct Fp12 {
@@ -106,11 +106,11 @@ impl Fp12 {
     }
 
     #[cfg(feature = "pairings")]
-    pub(crate) fn random(mut rng: impl RngCore) -> Self {
-        Fp12 {
-            c0: Fp6::random(&mut rng),
-            c1: Fp6::random(&mut rng),
-        }
+    pub(crate) fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
+        Ok(Fp12 {
+            c0: Fp6::try_from_rng(rng)?,
+            c1: Fp6::try_from_rng(rng)?,
+        })
     }
 
     pub fn mul_by_014(&self, c0: &Fp2, c1: &Fp2, c4: &Fp2) -> Fp12 {

src/fp2.rs

@@ -2,7 +2,7 @@
 
 use core::fmt;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 use crate::fp::Fp;
@@ -129,11 +129,11 @@ impl Fp2 {
         self.c0.is_zero() & self.c1.is_zero()
     }
 
-    pub(crate) fn random(mut rng: impl RngCore) -> Fp2 {
-        Fp2 {
-            c0: Fp::random(&mut rng),
-            c1: Fp::random(&mut rng),
-        }
+    pub(crate) fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Fp2, R::Error> {
+        Ok(Fp2 {
+            c0: Fp::try_from_rng(rng)?,
+            c1: Fp::try_from_rng(rng)?,
+        })
     }
 
     /// Raises this element to p.

src/fp6.rs

@@ -6,7 +6,7 @@ use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "pairings")]
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 
 /// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2} / v^3 - u - 1$.
 pub struct Fp6 {
@@ -102,12 +102,12 @@ impl Fp6 {
     }
 
     #[cfg(feature = "pairings")]
-    pub(crate) fn random(mut rng: impl RngCore) -> Self {
-        Fp6 {
-            c0: Fp2::random(&mut rng),
-            c1: Fp2::random(&mut rng),
-            c2: Fp2::random(&mut rng),
-        }
+    pub(crate) fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
+        Ok(Fp6 {
+            c0: Fp2::try_from_rng(rng)?,
+            c1: Fp2::try_from_rng(rng)?,
+            c2: Fp2::try_from_rng(rng)?,
+        })
     }
 
     pub fn mul_by_1(&self, c1: &Fp2) -> Fp6 {

src/g1.rs

@@ -8,7 +8,7 @@ use group::{
     prime::{PrimeCurve, PrimeCurveAffine, PrimeGroup},
     Curve, Group, GroupEncoding, UncompressedEncoding,
 };
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "alloc")]
@@ -945,10 +945,10 @@ impl PartialEq for G1Uncompressed {
 impl Group for G1Projective {
     type Scalar = Scalar;
 
-    fn random(mut rng: impl RngCore) -> Self {
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         loop {
-            let x = Fp::random(&mut rng);
-            let flip_sign = rng.next_u32() % 2 != 0;
+            let x = Fp::try_from_rng(rng)?;
+            let flip_sign = rng.try_next_u32()? % 2 != 0;
 
             // Obtain the corresponding y-coordinate given x as y = sqrt(x^3 + 4)
             let p = ((x.square() * x) + B).sqrt().map(|y| G1Affine {
@@ -961,7 +961,7 @@ impl Group for G1Projective {
                 let p = p.unwrap().to_curve().clear_cofactor();
 
                 if bool::from(!p.is_identity()) {
-                    return p;
+                    return Ok(p);
                 }
             }
         }

src/g2.rs

@@ -8,7 +8,7 @@ use group::{
     prime::{PrimeCurve, PrimeCurveAffine, PrimeGroup},
     Curve, Group, GroupEncoding, UncompressedEncoding,
 };
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "alloc")]
@@ -1090,10 +1090,10 @@ impl PartialEq for G2Uncompressed {
 impl Group for G2Projective {
     type Scalar = Scalar;
 
-    fn random(mut rng: impl RngCore) -> Self {
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         loop {
-            let x = Fp2::random(&mut rng);
-            let flip_sign = rng.next_u32() % 2 != 0;
+            let x = Fp2::try_from_rng(rng)?;
+            let flip_sign = rng.try_next_u32()? % 2 != 0;
 
             // Obtain the corresponding y-coordinate given x as y = sqrt(x^3 + 4)
             let p = ((x.square() * x) + B).sqrt().map(|y| G2Affine {
@@ -1106,7 +1106,7 @@ impl Group for G2Projective {
                 let p = p.unwrap().to_curve().clear_cofactor();
 
                 if bool::from(!p.is_identity()) {
-                    return p;
+                    return Ok(p);
                 }
             }
         }

src/hash_to_curve/chain.rs

@@ -886,7 +886,7 @@ mod tests {
         ];
 
         for _ in 0..32 {
-            let input = Fp::random(&mut rng);
+            let input = Fp::try_from_rng(&mut rng).unwrap();
             assert_eq!(chain_pm3div4(&input), input.pow_vartime(&p_m3_over4));
         }
     }
@@ -910,7 +910,7 @@ mod tests {
         ];
 
         for _ in 0..32 {
-            let input = Fp2::random(&mut rng);
+            let input = Fp2::try_from_rng(&mut rng).unwrap();
             assert_eq!(
                 chain_p2m9div16(&input),
                 input.pow_vartime_extended(&p_sq_m9_over16[..]),