Possible improvements for`CryptographicSponge`

[autquis]

Regarding CryptographicSponge (and Absorb):

• Currently, the sponge does not have a method for absorbing with a domain separator (or label; I am not sure what the correct term is). I think it would be better to have two methods; one absorbs without a label, and the other absorbs with a label included.

• To absorb group elements, one has to implement Absorb for the group. It would be nicer if we have the implementation of Absorb for all groups (by probably only serializing them). Furthermore, it is only possible to squeeze bits, bytes, and field elements (slow), so, to squeeze a group element, one has to squeeze bytes and then map to a group element.

[Pratyush]

Is the option to squeeze a group element actually used anywhere? I have never seen a protocol rely on this.

I agree with the option to absorb with a domain separator.

[mmagician]

I think for our use case it's enough to be able to absorb group elements.