Implement try-and-increment in result_scalar

src/cryptographic_primitives/hashing/blake2b512.rs

@@ -7,7 +7,7 @@
 use blake2b_simd::{Params, State};
 
 use crate::arithmetic::traits::*;
-use crate::elliptic::curves::{Curve, Point, Scalar};
+use crate::elliptic::curves::{Curve, ECScalar, Point, Scalar};
 use crate::BigInt;
 
 /// Wrapper over [blake2b_simd](blake2b_simd::State) exposing facilities to hash bigints, elliptic points,
@@ -17,9 +17,13 @@ pub struct Blake {
 }
 
 impl Blake {
+    const HASH_LENGTH: usize = 64;
     pub fn with_personal(persona: &[u8]) -> Self {
         Self {
-            state: Params::new().hash_length(64).personal(persona).to_state(),
+            state: Params::new()
+                .hash_length(Self::HASH_LENGTH)
+                .personal(persona)
+                .to_state(),
         }
     }
 
@@ -38,8 +42,22 @@ impl Blake {
     }
 
     pub fn result_scalar<E: Curve>(&self) -> Scalar<E> {
-        let n = self.result_bigint();
-        Scalar::from_bigint(&n)
+        let scalar_len = E::Scalar::SCALAR_LENGTH;
+        assert!(
+            Self::HASH_LENGTH >= scalar_len,
+            "Output size of the hash({}) is smaller than the scalar length({})",
+            Self::HASH_LENGTH,
+            scalar_len
+        );
+        // Try and increment.
+        for i in 0u32.. {
+            let mut starting_state = self.state.clone();
+            let hash = starting_state.update(&i.to_be_bytes()).finalize();
+            if let Ok(scalar) = Scalar::from_bytes(&hash.as_bytes()[..scalar_len]) {
+                return scalar;
+            }
+        }
+        unreachable!("The probably of this reaching is extremely small ((2^n-q)/(2^n))^(2^32)")
     }
 
     #[deprecated(

src/cryptographic_primitives/hashing/ext.rs

@@ -3,7 +3,7 @@ use hmac::crypto_mac::MacError;
 use hmac::{Hmac, Mac};
 
 use crate::arithmetic::*;
-use crate::elliptic::curves::{Curve, Point, Scalar};
+use crate::elliptic::curves::{Curve, ECScalar, Point, Scalar};
 
 /// [Digest] extension allowing to hash elliptic points, scalars, and bigints
 ///
@@ -82,7 +82,7 @@ pub trait DigestExt {
 
 impl<D> DigestExt for D
 where
-    D: Digest,
+    D: Digest + Clone,
 {
     fn input_bigint(&mut self, n: &BigInt) {
         self.input(&n.to_bytes())
@@ -102,8 +102,22 @@ where
     }
 
     fn result_scalar<E: Curve>(self) -> Scalar<E> {
-        let n = self.result_bigint();
-        Scalar::from_bigint(&n)
+        let scalar_len = E::Scalar::SCALAR_LENGTH;
+        assert!(
+            Self::output_size() >= scalar_len,
+            "Output size of the hash({}) is smaller than the scalar length({})",
+            Self::output_size(),
+            scalar_len
+        );
+        // Try and increment.
+        for i in 0u32.. {
+            let starting_state = self.clone();
+            let hash = starting_state.chain(i.to_be_bytes()).result();
+            if let Ok(scalar) = Scalar::from_bytes(&hash[..scalar_len]) {
+                return scalar;
+            }
+        }
+        unreachable!("The probably of this reaching is extremely small ((2^n-q)/(2^n))^(2^32)")
     }
 
     fn digest_bigint(bytes: &[u8]) -> BigInt {

src/cryptographic_primitives/proofs/low_degree_exponent_interpolation.rs

@@ -75,7 +75,7 @@ impl<E: Curve> LdeiProof<E> {
         statement: &LdeiStatement<E>,
     ) -> Result<LdeiProof<E>, InvalidLdeiStatement>
     where
-        H: Digest,
+        H: Digest + Clone,
     {
         if statement.alpha.len() != statement.g.len() {
             return Err(InvalidLdeiStatement::AlphaLengthDoesntMatchG);
@@ -125,7 +125,7 @@ impl<E: Curve> LdeiProof<E> {
     /// true, otherwise rejects.
     pub fn verify<H>(&self, statement: &LdeiStatement<E>) -> Result<(), ProofError>
     where
-        H: Digest,
+        H: Digest + Clone,
     {
         let e = H::new()
             .chain_points(&statement.g)