group: Add Group::Subgroup associated type

For prime-order groups, this may be Self.

bellman/src/groth16/tests/dummy_engine.rs

@@ -366,6 +366,8 @@ impl Engine for DummyEngine {
 }
 
 impl Group for Fr {
+    type Subgroup = Fr;
+
     fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self {
         <Fr as Field>::random(rng)
     }

group/src/lib.rs

@@ -44,7 +44,13 @@ pub trait Group:
     + Neg<Output = Self>
     + GroupOps
     + GroupOpsOwned
+    + GroupOps<<Self as Group>::Subgroup>
+    + GroupOpsOwned<<Self as Group>::Subgroup>
 {
+    /// The large prime-order subgroup in which cryptographic operations are performed.
+    /// If `Self` implements `PrimeGroup`, then `Self::Subgroup` may be `Self`.
+    type Subgroup: PrimeGroup;
+
     /// Returns an element chosen uniformly at random using a user-provided RNG.
     fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self;
 
@@ -52,7 +58,7 @@ pub trait Group:
     fn identity() -> Self;
 
     /// Returns a fixed generator of the prime-order subgroup.
-    fn generator() -> Self;
+    fn generator() -> Self::Subgroup;
 
     /// Determines if this point is the identity.
     fn is_identity(&self) -> bool;

pairing/src/bls12_381/ec.rs

@@ -521,6 +521,8 @@ macro_rules! curve_impl {
         }
 
         impl Group for $projective {
+            type Subgroup = Self;
+
             fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self {
                 loop {
                     let x = $basefield::random(rng);