Auto merge of #956 - ebfull:uint252, r=ebfull
Enforce first four bits are zero for all spending keys and phi. This introduces a `uint252` to ensure these fields are 252-bits for the PRFs. Closes #899
This commit is contained in:
commit
1f07deb5db
|
@ -155,6 +155,7 @@ BITCOIN_CORE_H = \
|
||||||
txmempool.h \
|
txmempool.h \
|
||||||
ui_interface.h \
|
ui_interface.h \
|
||||||
uint256.h \
|
uint256.h \
|
||||||
|
uint252.h \
|
||||||
undo.h \
|
undo.h \
|
||||||
util.h \
|
util.h \
|
||||||
utilmoneystr.h \
|
utilmoneystr.h \
|
||||||
|
|
|
@ -257,7 +257,7 @@ TEST(joinsplit, full_api_test)
|
||||||
|
|
||||||
TEST(joinsplit, note_plaintexts)
|
TEST(joinsplit, note_plaintexts)
|
||||||
{
|
{
|
||||||
uint256 a_sk = uint256S("f6da8716682d600f74fc16bd0187faad6a26b4aa4c24d5c055b216d94516847e");
|
uint252 a_sk = uint252(uint256S("f6da8716682d600f74fc16bd0187faad6a26b4aa4c24d5c055b216d94516840e"));
|
||||||
uint256 a_pk = PRF_addr_a_pk(a_sk);
|
uint256 a_pk = PRF_addr_a_pk(a_sk);
|
||||||
uint256 sk_enc = ZCNoteEncryption::generate_privkey(a_sk);
|
uint256 sk_enc = ZCNoteEncryption::generate_privkey(a_sk);
|
||||||
uint256 pk_enc = ZCNoteEncryption::generate_pubkey(sk_enc);
|
uint256 pk_enc = ZCNoteEncryption::generate_pubkey(sk_enc);
|
||||||
|
|
|
@ -18,7 +18,7 @@ public:
|
||||||
|
|
||||||
TEST(noteencryption, api)
|
TEST(noteencryption, api)
|
||||||
{
|
{
|
||||||
uint256 sk_enc = ZCNoteEncryption::generate_privkey(uint256S("21035d60bc1983e37950ce4803418a8fb33ea68d5b937ca382ecbae7564d6a77"));
|
uint256 sk_enc = ZCNoteEncryption::generate_privkey(uint252(uint256S("21035d60bc1983e37950ce4803418a8fb33ea68d5b937ca382ecbae7564d6a07")));
|
||||||
uint256 pk_enc = ZCNoteEncryption::generate_pubkey(sk_enc);
|
uint256 pk_enc = ZCNoteEncryption::generate_pubkey(sk_enc);
|
||||||
|
|
||||||
ZCNoteEncryption b = ZCNoteEncryption(uint256());
|
ZCNoteEncryption b = ZCNoteEncryption(uint256());
|
||||||
|
@ -66,7 +66,7 @@ TEST(noteencryption, api)
|
||||||
|
|
||||||
{
|
{
|
||||||
// Test wrong private key
|
// Test wrong private key
|
||||||
uint256 sk_enc_2 = ZCNoteEncryption::generate_privkey(uint256());
|
uint256 sk_enc_2 = ZCNoteEncryption::generate_privkey(uint252());
|
||||||
ZCNoteDecryption decrypter(sk_enc_2);
|
ZCNoteDecryption decrypter(sk_enc_2);
|
||||||
|
|
||||||
ASSERT_THROW(decrypter.decrypt(ciphertext, b.get_epk(), uint256(), i), std::runtime_error);
|
ASSERT_THROW(decrypter.decrypt(ciphertext, b.get_epk(), uint256(), i), std::runtime_error);
|
||||||
|
@ -100,9 +100,10 @@ TEST(noteencryption, api)
|
||||||
|
|
||||||
uint256 test_prf(
|
uint256 test_prf(
|
||||||
unsigned char distinguisher,
|
unsigned char distinguisher,
|
||||||
uint256 x,
|
uint252 seed_x,
|
||||||
uint256 y
|
uint256 y
|
||||||
) {
|
) {
|
||||||
|
uint256 x = seed_x.inner();
|
||||||
*x.begin() &= 0x0f;
|
*x.begin() &= 0x0f;
|
||||||
*x.begin() |= distinguisher;
|
*x.begin() |= distinguisher;
|
||||||
CSHA256 hasher;
|
CSHA256 hasher;
|
||||||
|
@ -117,7 +118,7 @@ uint256 test_prf(
|
||||||
TEST(noteencryption, prf_addr)
|
TEST(noteencryption, prf_addr)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 a_sk = libzcash::random_uint256();
|
uint252 a_sk = libzcash::random_uint252();
|
||||||
uint256 rest;
|
uint256 rest;
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0xc0, a_sk, rest) == PRF_addr_a_pk(a_sk)
|
test_prf(0xc0, a_sk, rest) == PRF_addr_a_pk(a_sk)
|
||||||
|
@ -125,7 +126,7 @@ TEST(noteencryption, prf_addr)
|
||||||
}
|
}
|
||||||
|
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 a_sk = libzcash::random_uint256();
|
uint252 a_sk = libzcash::random_uint252();
|
||||||
uint256 rest;
|
uint256 rest;
|
||||||
*rest.begin() = 0x01;
|
*rest.begin() = 0x01;
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
|
@ -137,7 +138,7 @@ TEST(noteencryption, prf_addr)
|
||||||
TEST(noteencryption, prf_nf)
|
TEST(noteencryption, prf_nf)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 a_sk = libzcash::random_uint256();
|
uint252 a_sk = libzcash::random_uint252();
|
||||||
uint256 rho = libzcash::random_uint256();
|
uint256 rho = libzcash::random_uint256();
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0xe0, a_sk, rho) == PRF_nf(a_sk, rho)
|
test_prf(0xe0, a_sk, rho) == PRF_nf(a_sk, rho)
|
||||||
|
@ -148,7 +149,7 @@ TEST(noteencryption, prf_nf)
|
||||||
TEST(noteencryption, prf_pk)
|
TEST(noteencryption, prf_pk)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 a_sk = libzcash::random_uint256();
|
uint252 a_sk = libzcash::random_uint252();
|
||||||
uint256 h_sig = libzcash::random_uint256();
|
uint256 h_sig = libzcash::random_uint256();
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0x00, a_sk, h_sig) == PRF_pk(a_sk, 0, h_sig)
|
test_prf(0x00, a_sk, h_sig) == PRF_pk(a_sk, 0, h_sig)
|
||||||
|
@ -156,21 +157,22 @@ TEST(noteencryption, prf_pk)
|
||||||
}
|
}
|
||||||
|
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 a_sk = libzcash::random_uint256();
|
uint252 a_sk = libzcash::random_uint252();
|
||||||
uint256 h_sig = libzcash::random_uint256();
|
uint256 h_sig = libzcash::random_uint256();
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0x40, a_sk, h_sig) == PRF_pk(a_sk, 1, h_sig)
|
test_prf(0x40, a_sk, h_sig) == PRF_pk(a_sk, 1, h_sig)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 dummy;
|
uint252 dummy_a;
|
||||||
ASSERT_THROW(PRF_pk(dummy, 2, dummy), std::domain_error);
|
uint256 dummy_b;
|
||||||
|
ASSERT_THROW(PRF_pk(dummy_a, 2, dummy_b), std::domain_error);
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(noteencryption, prf_rho)
|
TEST(noteencryption, prf_rho)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 phi = libzcash::random_uint256();
|
uint252 phi = libzcash::random_uint252();
|
||||||
uint256 h_sig = libzcash::random_uint256();
|
uint256 h_sig = libzcash::random_uint256();
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0x20, phi, h_sig) == PRF_rho(phi, 0, h_sig)
|
test_prf(0x20, phi, h_sig) == PRF_rho(phi, 0, h_sig)
|
||||||
|
@ -178,13 +180,19 @@ TEST(noteencryption, prf_rho)
|
||||||
}
|
}
|
||||||
|
|
||||||
for (size_t i = 0; i < 100; i++) {
|
for (size_t i = 0; i < 100; i++) {
|
||||||
uint256 phi = libzcash::random_uint256();
|
uint252 phi = libzcash::random_uint252();
|
||||||
uint256 h_sig = libzcash::random_uint256();
|
uint256 h_sig = libzcash::random_uint256();
|
||||||
ASSERT_TRUE(
|
ASSERT_TRUE(
|
||||||
test_prf(0x60, phi, h_sig) == PRF_rho(phi, 1, h_sig)
|
test_prf(0x60, phi, h_sig) == PRF_rho(phi, 1, h_sig)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 dummy;
|
uint252 dummy_a;
|
||||||
ASSERT_THROW(PRF_rho(dummy, 2, dummy), std::domain_error);
|
uint256 dummy_b;
|
||||||
|
ASSERT_THROW(PRF_rho(dummy_a, 2, dummy_b), std::domain_error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(noteencryption, uint252)
|
||||||
|
{
|
||||||
|
ASSERT_THROW(uint252(uint256S("f6da8716682d600f74fc16bd0187faad6a26b4aa4c24d5c055b216d94516847e")), std::domain_error);
|
||||||
|
}
|
|
@ -0,0 +1,48 @@
|
||||||
|
#ifndef UINT252_H
|
||||||
|
#define UINT252_H
|
||||||
|
|
||||||
|
#include <vector>
|
||||||
|
#include "uint256.h"
|
||||||
|
#include "serialize.h"
|
||||||
|
|
||||||
|
// Wrapper of uint256 with guarantee that first
|
||||||
|
// four bits are zero.
|
||||||
|
class uint252 {
|
||||||
|
private:
|
||||||
|
uint256 contents;
|
||||||
|
|
||||||
|
public:
|
||||||
|
ADD_SERIALIZE_METHODS;
|
||||||
|
|
||||||
|
template <typename Stream, typename Operation>
|
||||||
|
inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) {
|
||||||
|
READWRITE(contents);
|
||||||
|
|
||||||
|
if ((*contents.begin()) & 0xF0) {
|
||||||
|
throw std::ios_base::failure("spending key has invalid leading bits");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const unsigned char* begin() const
|
||||||
|
{
|
||||||
|
return contents.begin();
|
||||||
|
}
|
||||||
|
|
||||||
|
const unsigned char* end() const
|
||||||
|
{
|
||||||
|
return contents.end();
|
||||||
|
}
|
||||||
|
|
||||||
|
uint252() : contents() {};
|
||||||
|
explicit uint252(const uint256& in) : contents(in) {
|
||||||
|
if (*contents.begin() & 0xF0) {
|
||||||
|
throw std::domain_error("leading bits are set in argument given to uint252 constructor");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
uint256 inner() const {
|
||||||
|
return contents;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif
|
|
@ -13,7 +13,7 @@ ViewingKey SpendingKey::viewing_key() {
|
||||||
}
|
}
|
||||||
|
|
||||||
SpendingKey SpendingKey::random() {
|
SpendingKey SpendingKey::random() {
|
||||||
return SpendingKey(random_uint256());
|
return SpendingKey(random_uint252());
|
||||||
}
|
}
|
||||||
|
|
||||||
PaymentAddress SpendingKey::address() {
|
PaymentAddress SpendingKey::address() {
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#define _ZCADDRESS_H_
|
#define _ZCADDRESS_H_
|
||||||
|
|
||||||
#include "uint256.h"
|
#include "uint256.h"
|
||||||
|
#include "uint252.h"
|
||||||
#include "serialize.h"
|
#include "serialize.h"
|
||||||
|
|
||||||
namespace libzcash {
|
namespace libzcash {
|
||||||
|
@ -37,10 +38,10 @@ public:
|
||||||
uint256 pk_enc();
|
uint256 pk_enc();
|
||||||
};
|
};
|
||||||
|
|
||||||
class SpendingKey : public uint256 {
|
class SpendingKey : public uint252 {
|
||||||
public:
|
public:
|
||||||
SpendingKey() : uint256() { }
|
SpendingKey() : uint252() { }
|
||||||
SpendingKey(uint256 a_sk) : uint256(a_sk) { }
|
SpendingKey(uint252 a_sk) : uint252(a_sk) { }
|
||||||
|
|
||||||
static SpendingKey random();
|
static SpendingKey random();
|
||||||
|
|
||||||
|
|
|
@ -191,7 +191,7 @@ public:
|
||||||
uint256 h_sig = this->h_sig(out_randomSeed, out_nullifiers, pubKeyHash);
|
uint256 h_sig = this->h_sig(out_randomSeed, out_nullifiers, pubKeyHash);
|
||||||
|
|
||||||
// Sample phi
|
// Sample phi
|
||||||
uint256 phi = random_uint256();
|
uint252 phi = random_uint252();
|
||||||
|
|
||||||
// Compute notes for outputs
|
// Compute notes for outputs
|
||||||
for (size_t i = 0; i < NumOutputs; i++) {
|
for (size_t i = 0; i < NumOutputs; i++) {
|
||||||
|
@ -320,19 +320,19 @@ uint256 JoinSplit<NumInputs, NumOutputs>::h_sig(
|
||||||
return output;
|
return output;
|
||||||
}
|
}
|
||||||
|
|
||||||
Note JSOutput::note(const uint256& phi, const uint256& r, size_t i, const uint256& h_sig) const {
|
Note JSOutput::note(const uint252& phi, const uint256& r, size_t i, const uint256& h_sig) const {
|
||||||
uint256 rho = PRF_rho(phi, i, h_sig);
|
uint256 rho = PRF_rho(phi, i, h_sig);
|
||||||
|
|
||||||
return Note(addr.a_pk, value, rho, r);
|
return Note(addr.a_pk, value, rho, r);
|
||||||
}
|
}
|
||||||
|
|
||||||
JSOutput::JSOutput() : addr(uint256(), uint256()), value(0) {
|
JSOutput::JSOutput() : addr(uint256(), uint256()), value(0) {
|
||||||
SpendingKey a_sk(random_uint256());
|
SpendingKey a_sk = SpendingKey::random();
|
||||||
addr = a_sk.address();
|
addr = a_sk.address();
|
||||||
}
|
}
|
||||||
|
|
||||||
JSInput::JSInput() : witness(ZCIncrementalMerkleTree().witness()),
|
JSInput::JSInput() : witness(ZCIncrementalMerkleTree().witness()),
|
||||||
key(random_uint256()) {
|
key(SpendingKey::random()) {
|
||||||
note = Note(key.address().a_pk, 0, random_uint256(), random_uint256());
|
note = Note(key.address().a_pk, 0, random_uint256(), random_uint256());
|
||||||
ZCIncrementalMerkleTree dummy_tree;
|
ZCIncrementalMerkleTree dummy_tree;
|
||||||
dummy_tree.append(note.cm());
|
dummy_tree.append(note.cm());
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
#include "NoteEncryption.hpp"
|
#include "NoteEncryption.hpp"
|
||||||
|
|
||||||
#include "uint256.h"
|
#include "uint256.h"
|
||||||
|
#include "uint252.h"
|
||||||
|
|
||||||
#include <boost/array.hpp>
|
#include <boost/array.hpp>
|
||||||
|
|
||||||
|
@ -37,7 +38,7 @@ public:
|
||||||
JSOutput();
|
JSOutput();
|
||||||
JSOutput(PaymentAddress addr, uint64_t value) : addr(addr), value(value) { }
|
JSOutput(PaymentAddress addr, uint64_t value) : addr(addr), value(value) { }
|
||||||
|
|
||||||
Note note(const uint256& phi, const uint256& r, size_t i, const uint256& h_sig) const;
|
Note note(const uint252& phi, const uint256& r, size_t i, const uint256& h_sig) const;
|
||||||
};
|
};
|
||||||
|
|
||||||
template<size_t NumInputs, size_t NumOutputs>
|
template<size_t NumInputs, size_t NumOutputs>
|
||||||
|
|
|
@ -136,7 +136,7 @@ typename NoteDecryption<MLEN>::Plaintext NoteDecryption<MLEN>::decrypt
|
||||||
}
|
}
|
||||||
|
|
||||||
template<size_t MLEN>
|
template<size_t MLEN>
|
||||||
uint256 NoteEncryption<MLEN>::generate_privkey(const uint256 &a_sk)
|
uint256 NoteEncryption<MLEN>::generate_privkey(const uint252 &a_sk)
|
||||||
{
|
{
|
||||||
uint256 sk = PRF_addr_sk_enc(a_sk);
|
uint256 sk = PRF_addr_sk_enc(a_sk);
|
||||||
|
|
||||||
|
@ -165,6 +165,14 @@ uint256 random_uint256()
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uint252 random_uint252()
|
||||||
|
{
|
||||||
|
uint256 rand = random_uint256();
|
||||||
|
(*rand.begin()) &= 0x0F;
|
||||||
|
|
||||||
|
return uint252(rand);
|
||||||
|
}
|
||||||
|
|
||||||
template class NoteEncryption<ZC_NOTEPLAINTEXT_LEADING + ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
|
template class NoteEncryption<ZC_NOTEPLAINTEXT_LEADING + ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
|
||||||
template class NoteDecryption<ZC_NOTEPLAINTEXT_LEADING + ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
|
template class NoteDecryption<ZC_NOTEPLAINTEXT_LEADING + ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
|
||||||
|
|
||||||
#include <boost/array.hpp>
|
#include <boost/array.hpp>
|
||||||
#include "uint256.h"
|
#include "uint256.h"
|
||||||
|
#include "uint252.h"
|
||||||
|
|
||||||
#include "zcash/Zcash.h"
|
#include "zcash/Zcash.h"
|
||||||
|
|
||||||
|
@ -43,7 +44,7 @@ public:
|
||||||
);
|
);
|
||||||
|
|
||||||
// Creates a NoteEncryption private key
|
// Creates a NoteEncryption private key
|
||||||
static uint256 generate_privkey(const uint256 &a_sk);
|
static uint256 generate_privkey(const uint252 &a_sk);
|
||||||
|
|
||||||
// Creates a NoteEncryption public key from a private key
|
// Creates a NoteEncryption public key from a private key
|
||||||
static uint256 generate_pubkey(const uint256 &sk_enc);
|
static uint256 generate_pubkey(const uint256 &sk_enc);
|
||||||
|
@ -70,6 +71,7 @@ public:
|
||||||
};
|
};
|
||||||
|
|
||||||
uint256 random_uint256();
|
uint256 random_uint256();
|
||||||
|
uint252 random_uint252();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -187,7 +187,7 @@ public:
|
||||||
}
|
}
|
||||||
|
|
||||||
void generate_r1cs_witness(
|
void generate_r1cs_witness(
|
||||||
const uint256& phi,
|
const uint252& phi,
|
||||||
const uint256& rt,
|
const uint256& rt,
|
||||||
const uint256& h_sig,
|
const uint256& h_sig,
|
||||||
const boost::array<JSInput, NumInputs>& inputs,
|
const boost::array<JSInput, NumInputs>& inputs,
|
||||||
|
@ -234,7 +234,7 @@ public:
|
||||||
// Witness phi
|
// Witness phi
|
||||||
zk_phi->bits.fill_with_bits(
|
zk_phi->bits.fill_with_bits(
|
||||||
this->pb,
|
this->pb,
|
||||||
trailing252(uint256_to_bool_vector(phi))
|
uint252_to_bool_vector(phi)
|
||||||
);
|
);
|
||||||
|
|
||||||
// Witness h_sig
|
// Witness h_sig
|
||||||
|
|
|
@ -131,7 +131,7 @@ public:
|
||||||
// Witness a_sk for the input
|
// Witness a_sk for the input
|
||||||
a_sk->bits.fill_with_bits(
|
a_sk->bits.fill_with_bits(
|
||||||
this->pb,
|
this->pb,
|
||||||
trailing252(uint256_to_bool_vector(key))
|
uint252_to_bool_vector(key)
|
||||||
);
|
);
|
||||||
|
|
||||||
// Witness a_pk for a_sk with PRF_addr
|
// Witness a_pk for a_sk with PRF_addr
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
#include "uint252.h"
|
||||||
|
|
||||||
template<typename FieldT>
|
template<typename FieldT>
|
||||||
pb_variable_array<FieldT> from_bits(std::vector<bool> bits, pb_variable<FieldT>& ZERO) {
|
pb_variable_array<FieldT> from_bits(std::vector<bool> bits, pb_variable<FieldT>& ZERO) {
|
||||||
pb_variable_array<FieldT> acc;
|
pb_variable_array<FieldT> acc;
|
||||||
|
@ -17,7 +19,8 @@ std::vector<bool> trailing252(std::vector<bool> input) {
|
||||||
return std::vector<bool>(input.begin() + 4, input.end());
|
return std::vector<bool>(input.begin() + 4, input.end());
|
||||||
}
|
}
|
||||||
|
|
||||||
std::vector<bool> uint256_to_bool_vector(uint256 input) {
|
template<typename T>
|
||||||
|
std::vector<bool> to_bool_vector(T input) {
|
||||||
std::vector<unsigned char> input_v(input.begin(), input.end());
|
std::vector<unsigned char> input_v(input.begin(), input.end());
|
||||||
std::vector<bool> output_bv(256, 0);
|
std::vector<bool> output_bv(256, 0);
|
||||||
libzerocash::convertBytesVectorToVector(
|
libzerocash::convertBytesVectorToVector(
|
||||||
|
@ -28,6 +31,14 @@ std::vector<bool> uint256_to_bool_vector(uint256 input) {
|
||||||
return output_bv;
|
return output_bv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::vector<bool> uint256_to_bool_vector(uint256 input) {
|
||||||
|
return to_bool_vector(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
std::vector<bool> uint252_to_bool_vector(uint252 input) {
|
||||||
|
return trailing252(to_bool_vector(input));
|
||||||
|
}
|
||||||
|
|
||||||
std::vector<bool> uint64_to_bool_vector(uint64_t input) {
|
std::vector<bool> uint64_to_bool_vector(uint64_t input) {
|
||||||
auto num_bv = convertIntToVectorLE(input);
|
auto num_bv = convertIntToVectorLE(input);
|
||||||
std::vector<bool> num_v(64, 0);
|
std::vector<bool> num_v(64, 0);
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
#include "crypto/sha256.h"
|
#include "crypto/sha256.h"
|
||||||
|
|
||||||
uint256 PRF(bool a, bool b, bool c, bool d,
|
uint256 PRF(bool a, bool b, bool c, bool d,
|
||||||
const uint256& x,
|
const uint252& x,
|
||||||
const uint256& y)
|
const uint256& y)
|
||||||
{
|
{
|
||||||
uint256 res;
|
uint256 res;
|
||||||
|
@ -21,7 +21,7 @@ uint256 PRF(bool a, bool b, bool c, bool d,
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_addr(const uint256& a_sk, unsigned char t)
|
uint256 PRF_addr(const uint252& a_sk, unsigned char t)
|
||||||
{
|
{
|
||||||
uint256 y;
|
uint256 y;
|
||||||
*(y.begin()) = t;
|
*(y.begin()) = t;
|
||||||
|
@ -29,22 +29,22 @@ uint256 PRF_addr(const uint256& a_sk, unsigned char t)
|
||||||
return PRF(1, 1, 0, 0, a_sk, y);
|
return PRF(1, 1, 0, 0, a_sk, y);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_addr_a_pk(const uint256& a_sk)
|
uint256 PRF_addr_a_pk(const uint252& a_sk)
|
||||||
{
|
{
|
||||||
return PRF_addr(a_sk, 0);
|
return PRF_addr(a_sk, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_addr_sk_enc(const uint256& a_sk)
|
uint256 PRF_addr_sk_enc(const uint252& a_sk)
|
||||||
{
|
{
|
||||||
return PRF_addr(a_sk, 1);
|
return PRF_addr(a_sk, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_nf(const uint256& a_sk, const uint256& rho)
|
uint256 PRF_nf(const uint252& a_sk, const uint256& rho)
|
||||||
{
|
{
|
||||||
return PRF(1, 1, 1, 0, a_sk, rho);
|
return PRF(1, 1, 1, 0, a_sk, rho);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_pk(const uint256& a_sk, size_t i0, const uint256& h_sig)
|
uint256 PRF_pk(const uint252& a_sk, size_t i0, const uint256& h_sig)
|
||||||
{
|
{
|
||||||
if ((i0 != 0) && (i0 != 1)) {
|
if ((i0 != 0) && (i0 != 1)) {
|
||||||
throw std::domain_error("PRF_pk invoked with index out of bounds");
|
throw std::domain_error("PRF_pk invoked with index out of bounds");
|
||||||
|
@ -53,7 +53,7 @@ uint256 PRF_pk(const uint256& a_sk, size_t i0, const uint256& h_sig)
|
||||||
return PRF(0, i0, 0, 0, a_sk, h_sig);
|
return PRF(0, i0, 0, 0, a_sk, h_sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 PRF_rho(const uint256& phi, size_t i0, const uint256& h_sig)
|
uint256 PRF_rho(const uint252& phi, size_t i0, const uint256& h_sig)
|
||||||
{
|
{
|
||||||
if ((i0 != 0) && (i0 != 1)) {
|
if ((i0 != 0) && (i0 != 1)) {
|
||||||
throw std::domain_error("PRF_rho invoked with index out of bounds");
|
throw std::domain_error("PRF_rho invoked with index out of bounds");
|
||||||
|
|
|
@ -7,11 +7,12 @@ within the zkSNARK circuit.
|
||||||
#define _PRF_H_
|
#define _PRF_H_
|
||||||
|
|
||||||
#include "uint256.h"
|
#include "uint256.h"
|
||||||
|
#include "uint252.h"
|
||||||
|
|
||||||
uint256 PRF_addr_a_pk(const uint256& a_sk);
|
uint256 PRF_addr_a_pk(const uint252& a_sk);
|
||||||
uint256 PRF_addr_sk_enc(const uint256& a_sk);
|
uint256 PRF_addr_sk_enc(const uint252& a_sk);
|
||||||
uint256 PRF_nf(const uint256& a_sk, const uint256& rho);
|
uint256 PRF_nf(const uint252& a_sk, const uint256& rho);
|
||||||
uint256 PRF_pk(const uint256& a_sk, size_t i0, const uint256& h_sig);
|
uint256 PRF_pk(const uint252& a_sk, size_t i0, const uint256& h_sig);
|
||||||
uint256 PRF_rho(const uint256& phi, size_t i0, const uint256& h_sig);
|
uint256 PRF_rho(const uint252& phi, size_t i0, const uint256& h_sig);
|
||||||
|
|
||||||
#endif // _PRF_H_
|
#endif // _PRF_H_
|
||||||
|
|
Loading…
Reference in New Issue