JanBobolz
commented
3 years ago Also, include n into the hash so that we have some sort of domain separation.
Open JanBobolz opened 3 years ago
JanBobolz
commented
3 years ago Also, include n into the hash so that we have some sort of domain separation.
Currently, HashIntoZn can never hit n-1 (or other large values). HashThenPrfToZn does a much better job at being statistically close to what we'd expect from a random oracle hash into Zn.