Use an XOF like Shake128

[burdges]

I'd suggest using either shake128 or blake2x for the two places where you sample considerable data in create_discriminant.rs and proof_wesolowski.rs. It's only a negligible impact on performance, but it just looks ugly to roll you own stream cipher with sha2.

We could easily use sha2 for hashing and chacha20 for output, but this requires using another crate and algorithm. Shake128 is a keccak based hash function together with an extensible output function (XOF). Blake2x is a chacha based hash with an XOF. So either gives everything requires with only one dependency.

I selected shake128 over blake2x based on prevalence and the promise that keccak implemented easily in hardware, which matters if this ever gets made into an ASIC. As an aside, shake128/shake256 are always preferred over SHA3 because NIST senselessly conflated security level with output bits in the SHA3 competition.

In this PR, I've only switched the usage in proof_wesolowski.rs so far because altering create_discriminant.rs would change the test vectors. If you've nothing in production, then we should change create_discriminant.rs too, and maybe remove test vectors until things stabilize. If anyone has this in production, then we should create a feature or something because even this PR breaks the non-existent test vectors for the VDF itself.

[burdges]

I added another commit that shows what the shake128 version of create_discriminant.rs looks like.

[burdges]

I cleaned this up according to your comments, thanks!

I also added a separate branch that includes the notes without the new hashing https://github.com/w3f/vdf/tree/l_size_notes so you could fork that off as an inkfish compatible branch.

Actually the real change I want is ownership of output proofs, which alters the hashing anyways, so I'll do it as a descendant of this branch.