zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Include ρ as an input to the derivation of ψ, esk, and rcm 

This brings the implementation in line with spec version 2021.2.0 and
the Orchard book.
This commit is contained in:
Jack Grigg 2021-05-11 18:50:01 +08:00
parent 736de1156b
commit 4423b50788
2 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/note.rs
View File

@ -6,7 +6,7 @@ use subtle::CtOption;
use crate::{ use crate::{
keys::{FullViewingKey, SpendingKey}, keys::{FullViewingKey, SpendingKey},
spec::{prf_expand, to_base, to_scalar}, spec::{prf_expand_vec, to_base, to_scalar},
value::NoteValue, value::NoteValue,
Address, Address,
}; };
@ -31,15 +31,25 @@ impl RandomSeed {
/// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend]. /// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend].
/// ///
/// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
fn psi(&self) -> pallas::Base { fn psi(&self, rho: &Nullifier) -> pallas::Base {
to_base(prf_expand(&self.0, &[0x09])) to_base(prf_expand_vec(&self.0, &[&[0x09], &rho.to_bytes()[..]]))
} }
/// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend]. /// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend].
/// ///
/// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
fn esk(&self) -> pallas::Scalar { fn esk(&self, rho: &Nullifier) -> pallas::Scalar {
to_scalar(prf_expand(&self.0, &[0x04])) to_scalar(prf_expand_vec(&self.0, &[&[0x04], &rho.to_bytes()[..]]))
}
/// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend].
///
/// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
fn rcm(&self, rho: &Nullifier) -> commitment::NoteCommitTrapdoor {
commitment::NoteCommitTrapdoor(to_scalar(prf_expand_vec(
&self.0,
&[&[0x05], &rho.to_bytes()[..]],
)))
} }
} }
@ -141,14 +151,19 @@ impl Note {
self.recipient.pk_d().to_bytes(), self.recipient.pk_d().to_bytes(),
self.value, self.value,
self.rho.0, self.rho.0,
self.rseed.psi(), self.rseed.psi(&self.rho),
(&self.rseed).into(), self.rseed.rcm(&self.rho),
) )
} }
/// Derives the nullifier for this note. /// Derives the nullifier for this note.
pub fn nullifier(&self, fvk: &FullViewingKey) -> Nullifier { pub fn nullifier(&self, fvk: &FullViewingKey) -> Nullifier {
Nullifier::derive(fvk.nk(), self.rho.0, self.rseed.psi(), self.commitment()) Nullifier::derive(
fvk.nk(),
self.rho.0,
self.rseed.psi(&self.rho),
self.commitment(),
)
} }
} }

17
src/note/commitment.rs
View File

@ -5,22 +5,9 @@ use ff::PrimeField;
use pasta_curves::{arithmetic::FieldExt, pallas}; use pasta_curves::{arithmetic::FieldExt, pallas};
use subtle::CtOption; use subtle::CtOption;
use crate::{ use crate::{constants::L_ORCHARD_BASE, primitives::sinsemilla, spec::extract_p, value::NoteValue};
constants::L_ORCHARD_BASE,
primitives::sinsemilla,
spec::{extract_p, prf_expand, to_scalar},
value::NoteValue,
};
use super::RandomSeed; pub(super) struct NoteCommitTrapdoor(pub(super) pallas::Scalar);
pub(super) struct NoteCommitTrapdoor(pallas::Scalar);
impl From<&RandomSeed> for NoteCommitTrapdoor {
fn from(rseed: &RandomSeed) -> Self {
NoteCommitTrapdoor(to_scalar(prf_expand(&rseed.0, &[0x05])))
}
}
/// A commitment to a note. /// A commitment to a note.
#[derive(Debug)] #[derive(Debug)]