ff: Remove SqrtField trait

The sqrt() function is now part of the Field trait. ff_derive returns an
error on fields for which it does not support generating a square root
function.

Note that Fq6 and Fq12 in pairing::bls12_381 leave the function
unimplemented. They will be dropped once the migration to the bls12_381
crate is complete. The equivalent structs in that crate are not exposed.

zcash_primitives/src/jubjub/edwards.rs

@@ -1,4 +1,4 @@
-use ff::{BitIterator, Field, PrimeField, SqrtField};
+use ff::{BitIterator, Field, PrimeField};
 use std::ops::{AddAssign, MulAssign, Neg, SubAssign};
 use subtle::CtOption;
 

zcash_primitives/src/jubjub/fs.rs

@@ -1,5 +1,5 @@
 use byteorder::{ByteOrder, LittleEndian};
-use ff::{adc, mac_with_carry, sbb, BitIterator, Field, PowVartime, PrimeField, SqrtField};
+use ff::{adc, mac_with_carry, sbb, BitIterator, Field, PowVartime, PrimeField};
 use rand_core::RngCore;
 use std::mem;
 use std::ops::{Add, AddAssign, BitAnd, Mul, MulAssign, Neg, Shr, Sub, SubAssign};
@@ -541,6 +541,24 @@ impl Field for Fs {
         ret.mont_reduce(r0, r1, r2, r3, r4, r5, r6, r7);
         ret
     }
+
+    fn sqrt(&self) -> CtOption<Self> {
+        // Shank's algorithm for s mod 4 = 3
+        // https://eprint.iacr.org/2012/685.pdf (page 9, algorithm 2)
+
+        // a1 = self^((s - 3) // 4)
+        let mut a1 = self.pow_vartime([
+            0xb425c397b5bdcb2du64,
+            0x299a0824f3320420,
+            0x4199cec0404d0ec0,
+            0x39f6d3a994cebea,
+        ]);
+        let mut a0 = a1.square();
+        a0.mul_assign(self);
+        a1.mul_assign(self);
+
+        CtOption::new(a1, !a0.ct_eq(&NEGATIVE_ONE))
+    }
 }
 
 impl Fs {
@@ -673,26 +691,6 @@ impl ToUniform for Fs {
     }
 }
 
-impl SqrtField for Fs {
-    fn sqrt(&self) -> CtOption<Self> {
-        // Shank's algorithm for s mod 4 = 3
-        // https://eprint.iacr.org/2012/685.pdf (page 9, algorithm 2)
-
-        // a1 = self^((s - 3) // 4)
-        let mut a1 = self.pow_vartime([
-            0xb425c397b5bdcb2du64,
-            0x299a0824f3320420,
-            0x4199cec0404d0ec0,
-            0x39f6d3a994cebea,
-        ]);
-        let mut a0 = a1.square();
-        a0.mul_assign(self);
-        a1.mul_assign(self);
-
-        CtOption::new(a1, !a0.ct_eq(&NEGATIVE_ONE))
-    }
-}
-
 #[test]
 fn test_neg_one() {
     let o = Fs::one().neg();

zcash_primitives/src/jubjub/mod.rs

@@ -23,7 +23,7 @@
 //! [Jubjub]: https://zips.z.cash/protocol/protocol.pdf#jubjub
 //! [BLS12-381]: pairing::bls12_381
 
-use ff::{Field, PrimeField, SqrtField};
+use ff::{Field, PrimeField};
 use pairing::Engine;
 
 use crate::group_hash::group_hash;
@@ -95,7 +95,7 @@ pub trait ToUniform {
 /// and some pre-computed parameters.
 pub trait JubjubEngine: Engine {
     /// The scalar field of the Jubjub curve
-    type Fs: PrimeField + SqrtField + ToUniform;
+    type Fs: PrimeField + ToUniform;
     /// The parameters of Jubjub and the Sapling protocol
     type Params: JubjubParams<Self>;
 }

zcash_primitives/src/jubjub/montgomery.rs

@@ -1,4 +1,4 @@
-use ff::{BitIterator, Field, PrimeField, SqrtField};
+use ff::{BitIterator, Field, PrimeField};
 use std::ops::{AddAssign, MulAssign, Neg, SubAssign};
 use subtle::CtOption;
 

zcash_primitives/src/jubjub/tests.rs

@@ -1,6 +1,6 @@
 use super::{edwards, montgomery, JubjubEngine, JubjubParams, PrimeOrder};
 
-use ff::{Field, PrimeField, SqrtField};
+use ff::{Field, PrimeField};
 use std::ops::{AddAssign, MulAssign, Neg, SubAssign};
 
 use rand_core::{RngCore, SeedableRng};