zcash-hackworks
/
sapling-crypto
mirror of https://github.com/zcash-hackworks/sapling-crypto.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Group hash should use a first block containing random data as per spec.

This commit is contained in:
Sean Bowe 2018-03-05 18:08:49 -07:00
parent 058801bdfc
commit d21ff08176
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/circuit/mod.rs
View File

@ -515,7 +515,7 @@ fn test_input_circuit_with_bls12_381() {
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 97395);
assert_eq!(cs.hash(), "29aee738a11546a94c3dde68cede66eebcf2b447104a199aab22bf571735092a");
assert_eq!(cs.hash(), "cdd3cde0a4e076b46a59ef85fb70369eb14e3ee921a06d88bad6be4f78b5f261");
}
}
@ -553,6 +553,6 @@ fn test_output_circuit_with_bls12_381() {
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 7827);
assert_eq!(cs.hash(), "155b1aaf4ed4abb1af67481c7e099adafd6a7edd097926b1f9f6b68b1cbe2742");
assert_eq!(cs.hash(), "67518baade37a3cf76453fa474cb8c9b2ee4223ed5502151e3b83dd1ec98a261");
}
}

5
src/group_hash.rs
View File

@ -2,6 +2,10 @@ use jubjub::*;
use pairing::*;
use blake2_rfc::blake2s::Blake2s;
/// This is chosen to be some random string that we couldn't have anticipated when we designed
/// the algorithm, for rigidity purposes.
pub const FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
/// Produces an (x, y) pair (Montgomery) for a
/// random point in the Jubjub curve. The point
/// is guaranteed to be prime order and not the
@ -15,6 +19,7 @@ pub fn group_hash<E: JubjubEngine>(
assert!(E::Fr::NUM_BITS == 255);
let mut h = Blake2s::new(32);
h.update(FIRST_BLOCK);
h.update(tag);
let mut h = h.finalize().as_ref().to_vec();
assert!(h.len() == 32);