From b451bcc8f16a724c8dea8af78ca0795b1d25e209 Mon Sep 17 00:00:00 2001
From: Joey Yandle <dragon@dancingdragon.net>
Date: Tue, 13 Aug 2019 17:42:22 -0700
Subject: [PATCH] keep public API backwards compatible when in std mode

---
 src/range_proof/dealer.rs | 16 +++++++++++++++-
 src/range_proof/mod.rs    | 26 +++++++++++++-------------
 src/range_proof/party.rs  | 25 ++++++++++++++++++++++++-
 3 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/src/range_proof/dealer.rs b/src/range_proof/dealer.rs
index 1b477b0f..83714e77 100644
--- a/src/range_proof/dealer.rs
+++ b/src/range_proof/dealer.rs
@@ -24,6 +24,9 @@ use rand_core::{CryptoRng, RngCore};
 
 use util;
 
+#[cfg(feature = "std")]
+use rand::thread_rng;
+
 use super::messages::*;
 
 /// Used to construct a dealer for the aggregated rangeproof MPC protocol.
@@ -289,6 +292,17 @@ impl<'a, 'b> DealerAwaitingProofShares<'a, 'b> {
         })
     }
 
+    /// Assemble the final aggregated [`RangeProof`] from the given
+    /// `proof_shares`, then validate the proof to ensure that all
+    /// `ProofShare`s were well-formed.
+    ///
+    /// This is a convenience wrapper around receive_shares_with_rng
+    ///
+    #[cfg(feature = "std")]
+    pub fn receive_shares(self, proof_shares: &[ProofShare]) -> Result<RangeProof, MPCError> {
+        self.receive_shares_with_rng(proof_shares, &mut thread_rng())
+    }
+
     /// Assemble the final aggregated [`RangeProof`] from the given
     /// `proof_shares`, then validate the proof to ensure that all
     /// `ProofShare`s were well-formed.
@@ -302,7 +316,7 @@ impl<'a, 'b> DealerAwaitingProofShares<'a, 'b> {
     /// performing local aggregation,
     /// [`receive_trusted_shares`](DealerAwaitingProofShares::receive_trusted_shares)
     /// saves time by skipping verification of the aggregated proof.
-    pub fn receive_shares<T: RngCore + CryptoRng>(
+    pub fn receive_shares_with_rng<T: RngCore + CryptoRng>(
         mut self,
         proof_shares: &[ProofShare],
         rng: &mut T,
diff --git a/src/range_proof/mod.rs b/src/range_proof/mod.rs
index 73522065..941bddae 100644
--- a/src/range_proof/mod.rs
+++ b/src/range_proof/mod.rs
@@ -260,7 +260,7 @@ impl RangeProof {
             .into_iter()
             .enumerate()
             .map(|(j, p)| {
-                p.assign_position(j, rng)
+                p.assign_position_with_rng(j, rng)
                     .expect("We already checked the parameters, so this should never happen")
             })
             .unzip();
@@ -271,7 +271,7 @@ impl RangeProof {
 
         let (parties, poly_commitments): (Vec<_>, Vec<_>) = parties
             .into_iter()
-            .map(|p| p.apply_challenge(&bit_challenge, rng))
+            .map(|p| p.apply_challenge_with_rng(&bit_challenge, rng))
             .unzip();
 
         let (dealer, poly_challenge) = dealer.receive_poly_commitments(poly_commitments)?;
@@ -757,19 +757,19 @@ mod tests {
 
         let dealer = Dealer::new(&bp_gens, &pc_gens, &mut transcript, n, m).unwrap();
 
-        let (party0, bit_com0) = party0.assign_position(0, &mut rng).unwrap();
-        let (party1, bit_com1) = party1.assign_position(1, &mut rng).unwrap();
-        let (party2, bit_com2) = party2.assign_position(2, &mut rng).unwrap();
-        let (party3, bit_com3) = party3.assign_position(3, &mut rng).unwrap();
+        let (party0, bit_com0) = party0.assign_position_with_rng(0, &mut rng).unwrap();
+        let (party1, bit_com1) = party1.assign_position_with_rng(1, &mut rng).unwrap();
+        let (party2, bit_com2) = party2.assign_position_with_rng(2, &mut rng).unwrap();
+        let (party3, bit_com3) = party3.assign_position_with_rng(3, &mut rng).unwrap();
 
         let (dealer, bit_challenge) = dealer
             .receive_bit_commitments(vec![bit_com0, bit_com1, bit_com2, bit_com3])
             .unwrap();
 
-        let (party0, poly_com0) = party0.apply_challenge(&bit_challenge, &mut rng);
-        let (party1, poly_com1) = party1.apply_challenge(&bit_challenge, &mut rng);
-        let (party2, poly_com2) = party2.apply_challenge(&bit_challenge, &mut rng);
-        let (party3, poly_com3) = party3.apply_challenge(&bit_challenge, &mut rng);
+        let (party0, poly_com0) = party0.apply_challenge_with_rng(&bit_challenge, &mut rng);
+        let (party1, poly_com1) = party1.apply_challenge_with_rng(&bit_challenge, &mut rng);
+        let (party2, poly_com2) = party2.apply_challenge_with_rng(&bit_challenge, &mut rng);
+        let (party3, poly_com3) = party3.apply_challenge_with_rng(&bit_challenge, &mut rng);
 
         let (dealer, poly_challenge) = dealer
             .receive_poly_commitments(vec![poly_com0, poly_com1, poly_com2, poly_com3])
@@ -780,7 +780,7 @@ mod tests {
         let share2 = party2.apply_challenge(&poly_challenge).unwrap();
         let share3 = party3.apply_challenge(&poly_challenge).unwrap();
 
-        match dealer.receive_shares(&[share0, share1, share2, share3], &mut rng) {
+        match dealer.receive_shares_with_rng(&[share0, share1, share2, share3], &mut rng) {
             Err(MPCError::MalformedProofShares { bad_shares }) => {
                 assert_eq!(bad_shares, vec![1, 3]);
             }
@@ -818,11 +818,11 @@ mod tests {
 
         // Now do the protocol flow as normal....
 
-        let (party0, bit_com0) = party0.assign_position(0, &mut rng).unwrap();
+        let (party0, bit_com0) = party0.assign_position_with_rng(0, &mut rng).unwrap();
 
         let (dealer, bit_challenge) = dealer.receive_bit_commitments(vec![bit_com0]).unwrap();
 
-        let (party0, poly_com0) = party0.apply_challenge(&bit_challenge, &mut rng);
+        let (party0, poly_com0) = party0.apply_challenge_with_rng(&bit_challenge, &mut rng);
 
         let (_dealer, mut poly_challenge) =
             dealer.receive_poly_commitments(vec![poly_com0]).unwrap();
diff --git a/src/range_proof/party.rs b/src/range_proof/party.rs
index 82b71049..ef84ab25 100644
--- a/src/range_proof/party.rs
+++ b/src/range_proof/party.rs
@@ -23,6 +23,9 @@ use generators::{BulletproofGens, PedersenGens};
 use rand_core::{CryptoRng, RngCore};
 use util;
 
+#[cfg(feature = "std")]
+use rand::thread_rng;
+
 use super::messages::*;
 
 /// Used to construct a party for the aggregated rangeproof MPC protocol.
@@ -70,7 +73,17 @@ pub struct PartyAwaitingPosition<'a> {
 impl<'a> PartyAwaitingPosition<'a> {
     /// Assigns a position in the aggregated proof to this party,
     /// allowing the party to commit to the bits of their value.
-    pub fn assign_position<T: RngCore + CryptoRng>(
+    #[cfg(feature = "std")]
+    pub fn assign_position(
+        self,
+        j: usize,
+    ) -> Result<(PartyAwaitingBitChallenge<'a>, BitCommitment), MPCError> {
+        self.assign_position_with_rng(j, &mut thread_rng())
+    }
+
+    /// Assigns a position in the aggregated proof to this party,
+    /// allowing the party to commit to the bits of their value.
+    pub fn assign_position_with_rng<T: RngCore + CryptoRng>(
         self,
         j: usize,
         rng: &mut T,
@@ -155,9 +168,19 @@ pub struct PartyAwaitingBitChallenge<'a> {
 impl<'a> PartyAwaitingBitChallenge<'a> {
     /// Receive a [`BitChallenge`] from the dealer and use it to
     /// compute commitments to the party's polynomial coefficients.
+    #[cfg(feature = "std")]
     pub fn apply_challenge<T: RngCore + CryptoRng>(
         self,
         vc: &BitChallenge,
+    ) -> (PartyAwaitingPolyChallenge, PolyCommitment) {
+        self.apply_challenge_with_rng(vc, &mut thread_rng())
+    }
+
+    /// Receive a [`BitChallenge`] from the dealer and use it to
+    /// compute commitments to the party's polynomial coefficients.
+    pub fn apply_challenge_with_rng<T: RngCore + CryptoRng>(
+        self,
+        vc: &BitChallenge,
         rng: &mut T,
     ) -> (PartyAwaitingPolyChallenge, PolyCommitment) {
         let n = self.n;