zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Extract spec::mod_r_p helper from spec::commit_ivk

This commit is contained in:
Jack Grigg 2021-03-16 14:24:50 +13:00
parent 680c917ce6
commit 1a37ca492d
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/spec.rs
View File

@ -30,6 +30,14 @@ pub(crate) fn to_scalar(x: [u8; 64]) -> pallas::Scalar {
pallas::Scalar::from_bytes_wide(&x) pallas::Scalar::from_bytes_wide(&x)
} }
/// Converts from pallas::Base to pallas::Scalar (aka $x \pmod{r_\mathbb{P}}$).
///
/// This requires no modular reduction because Pallas' base field is smaller than its
/// scalar field.
pub(crate) fn mod_r_p(x: pallas::Base) -> pallas::Scalar {
pallas::Scalar::from_repr(x.to_repr()).unwrap()
}
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
@ -41,16 +49,14 @@ pub(crate) fn commit_ivk(
// We rely on the API contract that to_le_bits() returns at least PrimeField::NUM_BITS // We rely on the API contract that to_le_bits() returns at least PrimeField::NUM_BITS
// bits, which is equal to L_ORCHARD_BASE. // bits, which is equal to L_ORCHARD_BASE.
let domain = sinsemilla::CommitDomain::new(&"z.cash:Orchard-CommitIvk"); let domain = sinsemilla::CommitDomain::new(&"z.cash:Orchard-CommitIvk");
let ivk = domain.short_commit( mod_r_p(
iter::empty() domain.short_commit(
.chain(ak.to_le_bits().iter().by_val().take(L_ORCHARD_BASE)) iter::empty()
.chain(nk.to_le_bits().iter().by_val().take(L_ORCHARD_BASE)), .chain(ak.to_le_bits().iter().by_val().take(L_ORCHARD_BASE))
rivk, .chain(nk.to_le_bits().iter().by_val().take(L_ORCHARD_BASE)),
); rivk,
),
// Convert from pallas::Base to pallas::Scalar. This requires no modular reduction )
// because Pallas' base field is smaller than its scalar field.
pallas::Scalar::from_repr(ivk.to_repr()).unwrap()
} }
/// Defined in [Zcash Protocol Spec § 5.4.1.6: DiversifyHash^Sapling and DiversifyHash^Orchard Hash Functions][concretediversifyhash]. /// Defined in [Zcash Protocol Spec § 5.4.1.6: DiversifyHash^Sapling and DiversifyHash^Orchard Hash Functions][concretediversifyhash].