From a7a1e5b21738cf8d7aaf737c413862a0f1aad00c Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Thu, 6 May 2021 14:50:58 +0100
Subject: [PATCH] Use rejection sampling to implement `random` for `Fp` and
 `Scalar`.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 orchard_pallas.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/orchard_pallas.py b/orchard_pallas.py
index fe89954..d060d76 100644
--- a/orchard_pallas.py
+++ b/orchard_pallas.py
@@ -32,7 +32,11 @@ class Fp(FieldElement):
         return Fp(leos2ip(buf), strict=True)
 
     def random(randbytes):
-        return Fp(leos2ip(randbytes(32)), strict=False)
+        while True:
+            try:
+                return Fp(leos2ip(randbytes(32)), strict=True)
+            except ValueError:
+                pass
 
     def __init__(self, s, strict=False):
         FieldElement.__init__(self, Fp, s, p, strict=strict)
@@ -98,7 +102,12 @@ class Scalar(FieldElement):
         return Scalar(leos2ip(buf), strict=True)
 
     def random(randbytes):
-        return Scalar(leos2ip(randbytes(32)), strict=False)
+        while True:
+            try:
+                return Scalar(leos2ip(randbytes(32)), strict=True)
+            except ValueError:
+                pass
+
 
 Fp.ZERO = Fp(0)
 Fp.ONE = Fp(1)