Prio3: Codepoints for algorithm variants

[cjpatton]

The codepoint for Prio3 (i.e, Vdaf::ID) is determined by the FLP circuit. But it may be desirable to define custom codepoints for Prio3 variants that use a standard circuit, like Sum, but a different Xof, Field, or choice for the number of FLP proofs.

I don't think we can easily accommodate this without API changes. Two ideas come to mind:

1. Add a const ID: u32 generic to Prio3 and set Vdaf::ID to ID. That way we just specify the codepoint at the top level. This would be sufficient but would be a pretty invasive change.
2. Replace the associated type Vdaf::ID with something like Vdaf { fn algorithm_id(&self) -> u32 }.

Are folks amendable to making a change here? If so, which of these options seems better? Any other ideas?

[divergentdave]

I think moving it to a required method would make the most sense. This would avoid burdening users who only touch standard VDAF instances, and we wouldn't necessarily need an extra set of monomorphizations just for a custom algorithm identifier. Perhaps we could add a Prio3::with_algorithm_id() method to provide a non-default ID.

[cjpatton]

Sounds good, I'll implement it right now. Is this something you'd want to backport to release branches?

Perhaps we could add a Prio3::with_algorithm_id() method to provide a non-default ID.

For standard VDAFs, should we avoid giving the user the option to change the codepoint? An alternative might be to pass the codepoint through Prio3::new().

[cjpatton]

Is this something you'd want to backport to release branches?

Per offline discussion: This doesn't really make sense because this is an API-breaking change.