zcash-hackworks
/
sapling-crypto
mirror of https://github.com/zcash-hackworks/sapling-crypto.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Little-endian byte order interpretation of the output of CRH^ivk.

This commit is contained in:
Sean Bowe 2018-03-19 18:06:44 -06:00
parent f9e58c01ce
commit 601e8e38f8
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/circuit/sapling/mod.rs
View File

@ -221,8 +221,10 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
constants::CRH_IVK_PERSONALIZATION
)?;
// Little endian bit order
ivk.reverse();
// Swap bit-endianness in each byte
for ivk_byte in ivk.chunks_mut(8) {
ivk_byte.reverse();
}
// drop_5 to ensure it's in the field
ivk.truncate(E::Fs::CAPACITY as usize);
@ -621,7 +623,7 @@ fn test_input_circuit_with_bls12_381() {
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 98776);
assert_eq!(cs.hash(), "ba8b2232a910b00399e90030c87c16a770e6e692fe3b4316675bdd7795df6e50");
assert_eq!(cs.hash(), "8211d52b5ad2618b2f8106c7c3f9ab213f6206e3ddbbb39e786167de5ea85dc3");
assert_eq!(cs.num_inputs(), 8);
assert_eq!(cs.get_input(0, "ONE"), Fr::one());

3
src/primitives/mod.rs
View File

@ -96,6 +96,9 @@ impl<E: JubjubEngine> ViewingKey<E> {
h.update(&preimage);
let mut h = h.finalize().as_ref().to_vec();
// Reverse the bytes to interpret it in little-endian byte order
h.reverse();
// Drop the first five bits, so it can be interpreted as a scalar.
h[0] &= 0b0000_0111;