dpf: use AES-CTR for Half-Tree convert function

utils/src/field.rs

@@ -1,3 +1,4 @@
+use crate::fixed_key_aes::FixedKeyAes;
 use blake3;
 use ff::{Field, PrimeField};
 use num;
@@ -36,6 +37,11 @@ pub trait FromPrf {
         Self: Sized;
 }
 
+pub trait FromPrg {
+    fn expand(input: u128) -> Self;
+    fn expand_bytes(input: &[u8]) -> Self;
+}
+
 pub trait FromLimbs {
     const NUM_LIMBS: usize;
     type Limbs;
@@ -155,6 +161,30 @@ impl FromPrf for Fp {
     }
 }
 
+impl FromPrg for Fp {
+    fn expand(input: u128) -> Self {
+        Self::expand_bytes(&input.to_be_bytes())
+    }
+
+    fn expand_bytes(input: &[u8]) -> Self {
+        assert_eq!(input.len(), 16);
+        // not really "fixed-key"
+        let aes = FixedKeyAes::new(input.try_into().unwrap());
+        let mut i = 0;
+        loop {
+            let val = aes.pi(i);
+            if val < Fp::MOD {
+                return Fp::from_limbs(&[
+                    (val & 0xffffffffffffffff) as u64,
+                    (val >> 64) as u64,
+                    0u64,
+                ]);
+            }
+            i += 1;
+        }
+    }
+}
+
 impl FromHash for Fp {
     /// Hash into Fp
     fn hash(input: u64) -> Self {

utils/src/fixed_key_aes.rs

@@ -31,7 +31,7 @@ impl FixedKeyAes {
     }
 
     /// Random permutation pi(x) = AES(k, x)
-    fn pi(&self, x: u128) -> u128 {
+    pub fn pi(&self, x: u128) -> u128 {
         let mut block = Block::<Aes128>::clone_from_slice(&x.to_le_bytes());
         self.aes.encrypt_block(&mut block);
         u128::from_le_bytes(

utils/src/pseudorandom_conversion.rs

@@ -1,4 +1,4 @@
-use crate::field::FromHash;
+use crate::field::FromPrg;
 use core::num::Wrapping;
 
 pub trait PRConvertTo<T> {
@@ -37,8 +37,8 @@ where
     }
 }
 
-impl<F: FromHash> PRConvertTo<F> for PRConverter {
+impl<F: FromPrg> PRConvertTo<F> for PRConverter {
     fn convert(randomness: u128) -> F {
-        F::hash_bytes(&randomness.to_be_bytes())
+        F::expand(randomness)
     }
 }