vdaf: Remove domain_separation_tag() from Vdaf trait

This method is used in Prio3 and Poplar1 for domain separation with the version of the document that specifies them. This version control is not applicable to future VDAFs defined by future documents. Remove the method from the trait and add it to implementations of `Prio3` and `Poplar1`.
divviup · Jan 7, 2025 · d4a7bfc · d4a7bfc
1 parent e660dff
commit d4a7bfc
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 14 deletions.
diff --git a/src/vdaf.rs b/src/vdaf.rs
@@ -197,18 +197,6 @@ pub trait Vdaf: Clone + Debug {
     /// The number of Aggregators. The Client generates as many input shares as there are
     /// Aggregators.
     fn num_aggregators(&self) -> usize;
-
-    /// Generate the domain separation tag for this VDAF. The output is used for domain separation
-    /// by the XOF.
-    fn domain_separation_tag(&self, usage: u16) -> [u8; 8] {
-        // Prefix is 8 bytes and defined by the spec. Copy these values in
-        let mut dst = [0; 8];
-        dst[0] = VERSION;
-        dst[1] = 0; // algorithm class
-        dst[2..6].clone_from_slice(self.algorithm_id().to_be_bytes().as_slice());
-        dst[6..8].clone_from_slice(usage.to_be_bytes().as_slice());
-        dst
-    }
 }
 
 /// The Client's role in the execution of a VDAF.

diff --git a/src/vdaf/poplar1.rs b/src/vdaf/poplar1.rs
@@ -11,7 +11,7 @@ use crate::{
     prng::Prng,
     vdaf::{
         xof::{Seed, Xof, XofTurboShake128},
-        Aggregatable, Aggregator, Client, Collector, PrepareTransition, Vdaf, VdafError,
+        Aggregatable, Aggregator, Client, Collector, PrepareTransition, Vdaf, VdafError, VERSION,
     },
 };
 use rand_core::RngCore;
@@ -862,6 +862,18 @@ impl<P: Xof<SEED_SIZE>, const SEED_SIZE: usize> Vdaf for Poplar1<P, SEED_SIZE> {
 }
 
 impl<P: Xof<SEED_SIZE>, const SEED_SIZE: usize> Poplar1<P, SEED_SIZE> {
+    /// Generate the domain separation tag for this VDAF. The output is used for domain separation
+    /// by the XOF.
+    fn domain_separation_tag(&self, usage: u16) -> [u8; 8] {
+        // Prefix is 8 bytes and defined by the spec. Copy these values in
+        let mut dst = [0; 8];
+        dst[0] = VERSION;
+        dst[1] = 0; // algorithm class
+        dst[2..6].clone_from_slice(self.algorithm_id().to_be_bytes().as_slice());
+        dst[6..8].clone_from_slice(usage.to_be_bytes().as_slice());
+        dst
+    }
+
     fn shard_with_random(
         &self,
         ctx: &[u8],

diff --git a/src/vdaf/prio3.rs b/src/vdaf/prio3.rs
@@ -54,7 +54,7 @@ use crate::prng::Prng;
 use crate::vdaf::xof::{IntoFieldVec, Seed, Xof};
 use crate::vdaf::{
     Aggregatable, AggregateShare, Aggregator, Client, Collector, OutputShare, PrepareTransition,
-    Share, ShareDecodingParameter, Vdaf, VdafError,
+    Share, ShareDecodingParameter, Vdaf, VdafError, VERSION,
 };
 #[cfg(feature = "experimental")]
 use fixed::traits::Fixed;
@@ -548,6 +548,18 @@ where
             .into_field_vec(self.typ.query_rand_len() * self.num_proofs())
     }
 
+    /// Generate the domain separation tag for this VDAF. The output is used for domain separation
+    /// by the XOF.
+    fn domain_separation_tag(&self, usage: u16) -> [u8; 8] {
+        // Prefix is 8 bytes and defined by the spec. Copy these values in
+        let mut dst = [0; 8];
+        dst[0] = VERSION;
+        dst[1] = 0; // algorithm class
+        dst[2..6].clone_from_slice(self.algorithm_id().to_be_bytes().as_slice());
+        dst[6..8].clone_from_slice(usage.to_be_bytes().as_slice());
+        dst
+    }
+
     fn random_size(&self) -> usize {
         if self.typ.joint_rand_len() == 0 {
             // One seed per helper (share, proof) pair, plus one seed for proving randomness