From e22afa3c8fd4da8f3c347b045876dcd86fe5c09d Mon Sep 17 00:00:00 2001
From: Deirdre Connolly <deirdre@zfnd.org>
Date: Tue, 28 Jul 2020 17:31:41 -0400
Subject: [PATCH] Generate uniformly random scalar w/ Fr::from_bytes_wide()

Which reduces mod r always.
---
 zebra-chain/src/commitments/sapling.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/zebra-chain/src/commitments/sapling.rs b/zebra-chain/src/commitments/sapling.rs
index 323d6715..6a3c8679 100644
--- a/zebra-chain/src/commitments/sapling.rs
+++ b/zebra-chain/src/commitments/sapling.rs
@@ -30,9 +30,10 @@ pub fn generate_trapdoor<T>(csprng: &mut T) -> jubjub::Fr
 where
     T: RngCore + CryptoRng,
 {
-    let mut bytes = [0u8; 32];
+    let mut bytes = [0u8; 64];
     csprng.fill_bytes(&mut bytes);
-    jubjub::Fr::from_bytes(&bytes).unwrap()
+    // Fr::from_bytes_wide() reduces the input modulo r via Fr::from_u512()
+    jubjub::Fr::from_bytes_wide(&bytes)
 }
 
 /// "...an algebraic hash function with collision resistance (for