New Scalar

crates/pallet-subspace/src/mock.rs

@@ -39,11 +39,11 @@ use std::num::NonZeroU64;
 use std::sync::Once;
 use subspace_archiving::archiver::{ArchivedSegment, Archiver};
 use subspace_core_primitives::crypto::kzg::{embedded_kzg_settings, Kzg, Witness};
-use subspace_core_primitives::crypto::{blake2b_256_254_hash, kzg};
+use subspace_core_primitives::crypto::{blake2b_256_254_hash_to_scalar, kzg, ScalarLegacy};
 use subspace_core_primitives::{
     ArchivedBlockProgress, Blake2b256Hash, LastArchivedBlock, Piece, Randomness, RecordsRoot,
-    RootBlock, Scalar, SegmentIndex, Solution, SolutionRange, PIECE_SIZE,
-    RECORDED_HISTORY_SEGMENT_SIZE, RECORD_SIZE,
+    RootBlock, SegmentIndex, Solution, SolutionRange, PIECE_SIZE, RECORDED_HISTORY_SEGMENT_SIZE,
+    RECORD_SIZE,
 };
 use subspace_solving::{create_chunk_signature, derive_global_challenge, REWARD_SIGNING_CONTEXT};
 
@@ -263,12 +263,12 @@ pub fn generate_equivocation_proof(
     let current_slot = CurrentSlot::<Test>::get();
 
     let chunk = {
-        let mut chunk_bytes = [0; Scalar::SAFE_BYTES];
+        let mut chunk_bytes = [0; ScalarLegacy::SAFE_BYTES];
         chunk_bytes.as_mut().iter_mut().for_each(|byte| {
             *byte = (current_block % 8) as u8;
         });
 
-        Scalar::from(&chunk_bytes)
+        ScalarLegacy::from(&chunk_bytes)
     };
 
     let public_key = FarmerPublicKey::unchecked_from(keypair.public.to_bytes());
@@ -383,7 +383,7 @@ pub fn create_signed_vote(
             sector_index: 0,
             total_pieces: NonZeroU64::new(1).unwrap(),
             piece_offset: 0,
-            piece_record_hash: blake2b_256_254_hash(&piece.record()),
+            piece_record_hash: blake2b_256_254_hash_to_scalar(&piece.record()),
             piece_witness: Witness::try_from_bytes(&piece.witness()).unwrap(),
             chunk_offset: 0,
             chunk,

crates/subspace-archiving/src/archiver.rs

@@ -29,14 +29,14 @@ use alloc::vec::Vec;
 use core::cmp::Ordering;
 use parity_scale_codec::{Compact, CompactLen, Decode, Encode, Input, Output};
 use reed_solomon_erasure::galois_16::ReedSolomon;
-use subspace_core_primitives::crypto::blake2b_256_254_hash;
 use subspace_core_primitives::crypto::kzg::{Kzg, Witness};
+use subspace_core_primitives::crypto::{blake2b_256_254_hash_to_scalar, Scalar};
 use subspace_core_primitives::objects::{
     BlockObject, BlockObjectMapping, PieceObject, PieceObjectMapping,
 };
 use subspace_core_primitives::{
     ArchivedBlockProgress, Blake2b256Hash, BlockNumber, FlatPieces, LastArchivedBlock, PieceRef,
-    RecordsRoot, RootBlock, BLAKE2B_256_HASH_SIZE, RECORDED_HISTORY_SEGMENT_SIZE,
+    RecordsRoot, RootBlock, RECORDED_HISTORY_SEGMENT_SIZE,
 };
 
 const INITIAL_LAST_ARCHIVED_BLOCK: LastArchivedBlock = LastArchivedBlock {
@@ -758,24 +758,13 @@ impl Archiver {
                     .as_ref()
                     .chunks_exact(self.record_size as usize)
                     .skip(self.data_shards as usize)
-                    .map(blake2b_256_254_hash),
+                    .map(blake2b_256_254_hash_to_scalar),
             )
             .collect::<Vec<_>>();
 
-        let data = {
-            let mut data = Vec::with_capacity(
-                (self.data_shards + self.parity_shards) as usize * BLAKE2B_256_HASH_SIZE,
-            );
-
-            for shard_commitment in record_commitments {
-                data.extend_from_slice(&shard_commitment);
-            }
-
-            data
-        };
         let polynomial = self
             .kzg
-            .poly(&data)
+            .poly(&record_commitments)
             .expect("Internally produced values must never fail; qed");
         let commitment = self
             .kzg
@@ -846,7 +835,7 @@ pub fn is_piece_valid(
             return false;
         }
     };
-    let leaf_hash = blake2b_256_254_hash(&record);
+    let leaf_hash = blake2b_256_254_hash_to_scalar(&record);
 
     kzg.verify(
         &commitment,
@@ -861,7 +850,7 @@ pub fn is_piece_valid(
 pub fn is_piece_record_hash_valid(
     kzg: &Kzg,
     num_pieces_in_segment: usize,
-    piece_record_hash: &Blake2b256Hash,
+    piece_record_hash: &Scalar,
     commitment: &RecordsRoot,
     witness: &Witness,
     position: u32,

crates/subspace-archiving/src/archiver/incremental_record_commitments.rs

@@ -7,6 +7,7 @@ use blake2::digest::{FixedOutput, Update};
 use blake2::Blake2b;
 use core::mem;
 use parity_scale_codec::{Encode, Output};
+use subspace_core_primitives::crypto::Scalar;
 use subspace_core_primitives::Blake2b256Hash;
 
 /// State of incremental record commitments, encapsulated to hide implementation details and
@@ -17,7 +18,7 @@ pub(super) struct IncrementalRecordCommitmentsState {
     ///
     /// NOTE: Until full segment is processed, this will not contain commitment to the first record
     /// since it is not ready yet. This in turn means all commitments will be at `-1` offset.
-    state: VecDeque<Blake2b256Hash>,
+    state: VecDeque<Scalar>,
 }
 
 impl IncrementalRecordCommitmentsState {
@@ -28,7 +29,7 @@ impl IncrementalRecordCommitmentsState {
         }
     }
 
-    pub(super) fn drain(&mut self) -> impl Iterator<Item = Blake2b256Hash> + '_ {
+    pub(super) fn drain(&mut self) -> impl Iterator<Item = Scalar> + '_ {
         self.state.drain(..)
     }
 }
@@ -60,7 +61,7 @@ struct IncrementalRecordCommitmentsProcessor<'a> {
     full: bool,
     /// Intermediate hashing state that computes Blake2-256-254.
     ///
-    /// See [`subspace_core_primitives::crypto::blake2b_256_254_hash`] for details.
+    /// See [`subspace_core_primitives::crypto::blake2b_256_254_hash_to_scalar`] for details.
     hashing_state: Blake2b<U32>,
 }
 
@@ -162,7 +163,10 @@ impl<'a> IncrementalRecordCommitmentsProcessor<'a> {
             // little-endian)
             hash[31] &= 0b00111111;
 
-            self.incremental_record_commitments.state.push_back(hash);
+            self.incremental_record_commitments.state.push_back(
+                Scalar::try_from(hash)
+                    .expect("Last bit erased, thus hash is guaranteed to fit into scalar; qed"),
+            );
         }
     }
 }

crates/subspace-archiving/src/piece_reconstructor.rs

@@ -4,9 +4,9 @@ use crate::utils;
 use alloc::vec;
 use alloc::vec::Vec;
 use reed_solomon_erasure::galois_16::ReedSolomon;
-use subspace_core_primitives::crypto::blake2b_256_254_hash;
 use subspace_core_primitives::crypto::kzg::{Kzg, Polynomial};
-use subspace_core_primitives::{FlatPieces, Piece, BLAKE2B_256_HASH_SIZE, PIECES_IN_SEGMENT};
+use subspace_core_primitives::crypto::{blake2b_256_254_hash_to_scalar, Scalar};
+use subspace_core_primitives::{FlatPieces, Piece, PIECES_IN_SEGMENT};
 
 /// Reconstructor-related instantiation error.
 #[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
@@ -103,26 +103,26 @@ impl PiecesReconstructor {
             .map_err(ReconstructorError::DataShardsReconstruction)?;
 
         let mut reconstructed_record_shards = FlatPieces::new(shards.len());
-        let mut polynomial_data =
-            vec![0u8; (self.data_shards + self.parity_shards) as usize * BLAKE2B_256_HASH_SIZE];
+        let mut record_commitments =
+            vec![Scalar::default(); (self.data_shards + self.parity_shards) as usize];
         //TODO: Parity hashes will be erasure coded instead in the future
         //TODO: reuse already present commitments from segment_pieces, so we don't re-derive what
         // we already have
         reconstructed_record_shards
             .as_pieces_mut()
-            .zip(polynomial_data.chunks_exact_mut(BLAKE2B_256_HASH_SIZE))
+            .zip(record_commitments.iter_mut())
             .zip(shards)
             .for_each(|((mut piece, polynomial_data), record)| {
                 let record =
                     record.expect("Reconstruction just happened and all records are present; qed");
                 let record = record.flatten();
                 piece.record_mut().as_mut().copy_from_slice(record);
-                polynomial_data.copy_from_slice(&blake2b_256_254_hash(record));
+                *polynomial_data = blake2b_256_254_hash_to_scalar(record);
             });
 
         let polynomial = self
             .kzg
-            .poly(&polynomial_data)
+            .poly(&record_commitments)
             .expect("Internally produced values must never fail; qed");
 
         Ok((reconstructed_record_shards, polynomial))

crates/subspace-core-primitives/benches/kzg.rs

@@ -1,37 +1,29 @@
 use criterion::{black_box, criterion_group, criterion_main, Criterion};
 use subspace_core_primitives::crypto::kzg::{embedded_kzg_settings, Kzg};
-use subspace_core_primitives::Scalar;
+use subspace_core_primitives::crypto::Scalar;
 
 fn criterion_benchmark(c: &mut Criterion) {
-    let data = {
-        // Multiple of 32
-        let mut data = rand::random::<[u8; 256]>();
-
-        // We can only store 254 bits, set last byte to zero because of that
-        data.chunks_exact_mut(Scalar::FULL_BYTES)
-            .flat_map(|chunk| chunk.iter_mut().last())
-            .for_each(|last_byte| *last_byte = 0);
-
-        data
-    };
+    let values = (0..8)
+        .map(|_| Scalar::from(rand::random::<[u8; Scalar::SAFE_BYTES]>()))
+        .collect::<Vec<_>>();
 
     let kzg = Kzg::new(embedded_kzg_settings());
 
     c.bench_function("create-polynomial", |b| {
         b.iter(|| {
-            kzg.poly(black_box(&data)).unwrap();
+            kzg.poly(black_box(&values)).unwrap();
         })
     });
 
     c.bench_function("commit", |b| {
-        let polynomial = kzg.poly(&data).unwrap();
+        let polynomial = kzg.poly(&values).unwrap();
         b.iter(|| {
             kzg.commit(black_box(&polynomial)).unwrap();
         })
     });
 
     c.bench_function("create-witness", |b| {
-        let polynomial = kzg.poly(&data).unwrap();
+        let polynomial = kzg.poly(&values).unwrap();
 
         b.iter(|| {
             kzg.create_witness(black_box(&polynomial), black_box(0))
@@ -40,13 +32,12 @@ fn criterion_benchmark(c: &mut Criterion) {
     });
 
     c.bench_function("verify", |b| {
-        let polynomial = kzg.poly(&data).unwrap();
+        let polynomial = kzg.poly(&values).unwrap();
         let commitment = kzg.commit(&polynomial).unwrap();
         let index = 0;
         let witness = kzg.create_witness(&polynomial, index).unwrap();
-        let values = data.chunks_exact(Scalar::FULL_BYTES);
         let num_values = values.len();
-        let value = values.into_iter().next().unwrap();
+        let value = values.first().unwrap();
 
         b.iter(|| {
             kzg.verify(