zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use protocol spec URL anchors as link handles

This commit is contained in:
Jack Grigg 2021-03-06 01:17:51 +00:00
parent 71542f7ec2
commit 9455158190
3 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/keys.rs
View File

@ -20,9 +20,9 @@ use crate::{
/// A spending key, from which all key material is derived. /// A spending key, from which all key material is derived.
/// ///
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
#[derive(Debug)] #[derive(Debug)]
pub struct SpendingKey([u8; 32]); pub struct SpendingKey([u8; 32]);
@ -40,9 +40,9 @@ impl SpendingKey {
/// A spend authorizing key, used to create spend authorization signatures. /// A spend authorizing key, used to create spend authorization signatures.
/// ///
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
#[derive(Debug)] #[derive(Debug)]
pub(crate) struct SpendAuthorizingKey(redpallas::SigningKey<SpendAuth>); pub(crate) struct SpendAuthorizingKey(redpallas::SigningKey<SpendAuth>);
@ -81,11 +81,11 @@ impl From<&SpendAuthorizingKey> for AuthorizingKey {
/// A key used to derive [`Nullifier`]s from [`Note`]s. /// A key used to derive [`Nullifier`]s from [`Note`]s.
/// ///
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [`Nullifier`]: crate::note::Nullifier; /// [`Nullifier`]: crate::note::Nullifier;
/// [`Note`]: crate::note::Note; /// [`Note`]: crate::note::Note;
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
#[derive(Debug)] #[derive(Debug)]
pub(crate) struct NullifierDerivingKey(pallas::Base); pub(crate) struct NullifierDerivingKey(pallas::Base);
@ -117,9 +117,9 @@ impl From<&SpendingKey> for FullViewingKey {
} }
impl FullViewingKey { impl FullViewingKey {
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
fn derive_dk_ovk(&self) -> (DiversifierKey, OutgoingViewingKey) { fn derive_dk_ovk(&self) -> (DiversifierKey, OutgoingViewingKey) {
let k = self.rivk.to_bytes(); let k = self.rivk.to_bytes();
let b = [(&self.ak.0).into(), self.nk.0.to_bytes()]; let b = [(&self.ak.0).into(), self.nk.0.to_bytes()];
@ -238,9 +238,9 @@ impl From<&FullViewingKey> for OutgoingViewingKey {
pub(crate) struct DiversifiedTransmissionKey(pallas::Point); pub(crate) struct DiversifiedTransmissionKey(pallas::Point);
impl DiversifiedTransmissionKey { impl DiversifiedTransmissionKey {
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
fn derive(ivk: &IncomingViewingKey, d: &Diversifier) -> Self { fn derive(ivk: &IncomingViewingKey, d: &Diversifier) -> Self {
let g_d = diversify_hash(&d.0); let g_d = diversify_hash(&d.0);
DiversifiedTransmissionKey(ka_orchard(&ivk.0, &g_d)) DiversifiedTransmissionKey(ka_orchard(&ivk.0, &g_d))

16
src/primitives/sinsemilla.rs
View File

@ -69,9 +69,9 @@ fn Q(domain_prefix: &str) -> pallas::Point {
pallas::Point::hash_to_curve(GROUP_HASH_Q)(domain_prefix.as_bytes()) pallas::Point::hash_to_curve(GROUP_HASH_Q)(domain_prefix.as_bytes())
} }
/// `SinsemillaHashToPoint` from [§ 5.4.1.9]. /// `SinsemillaHashToPoint` from [§ 5.4.1.9][concretesinsemillahash].
/// ///
/// [§ 5.4.1.9]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash /// [concretesinsemillahash]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub(crate) fn hash_to_point(domain_prefix: &str, msg: impl Iterator<Item = bool>) -> pallas::Point { pub(crate) fn hash_to_point(domain_prefix: &str, msg: impl Iterator<Item = bool>) -> pallas::Point {
let padded: Vec<_> = Pad::new(msg).collect(); let padded: Vec<_> = Pad::new(msg).collect();
@ -84,16 +84,16 @@ pub(crate) fn hash_to_point(domain_prefix: &str, msg: impl Iterator<Item = bool>
.fold(Q(domain_prefix), |acc, chunk| acc.double() + S(chunk)) .fold(Q(domain_prefix), |acc, chunk| acc.double() + S(chunk))
} }
/// `SinsemillaHash` from [§ 5.4.1.9]. /// `SinsemillaHash` from [§ 5.4.1.9][concretesinsemillahash].
/// ///
/// [§ 5.4.1.9]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash /// [concretesinsemillahash]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
pub(crate) fn hash(domain_prefix: &str, msg: impl Iterator<Item = bool>) -> pallas::Base { pub(crate) fn hash(domain_prefix: &str, msg: impl Iterator<Item = bool>) -> pallas::Base {
extract_p(&hash_to_point(domain_prefix, msg)) extract_p(&hash_to_point(domain_prefix, msg))
} }
/// `SinsemillaCommit` from [§ 5.4.7.4]. /// `SinsemillaCommit` from [§ 5.4.7.4][concretesinsemillacommit].
/// ///
/// [§ 5.4.7.4]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit /// [concretesinsemillacommit]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit
#[allow(non_snake_case)] #[allow(non_snake_case)]
pub(crate) fn commit( pub(crate) fn commit(
domain_prefix: &str, domain_prefix: &str,
@ -108,9 +108,9 @@ pub(crate) fn commit(
hash_to_point(&m_prefix, msg) + hasher_r(&[]) * r hash_to_point(&m_prefix, msg) + hasher_r(&[]) * r
} }
/// `SinsemillaShortCommit` from [§ 5.4.7.4]. /// `SinsemillaShortCommit` from [§ 5.4.7.4][concretesinsemillacommit].
/// ///
/// [§ 5.4.7.4]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit /// [concretesinsemillacommit]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit
pub(crate) fn short_commit( pub(crate) fn short_commit(
domain_prefix: &str, domain_prefix: &str,
msg: impl Iterator<Item = bool>, msg: impl Iterator<Item = bool>,

30
src/spec.rs
View File

@ -16,25 +16,25 @@ const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
/// $\mathsf{ToBase}^\mathsf{Orchard}(x) := LEOS2IP_{\ell_\mathsf{PRFexpand}}(x) (mod q_P)$ /// $\mathsf{ToBase}^\mathsf{Orchard}(x) := LEOS2IP_{\ell_\mathsf{PRFexpand}}(x) (mod q_P)$
/// ///
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
pub(crate) fn to_base(hash: Hash) -> pallas::Base { pub(crate) fn to_base(hash: Hash) -> pallas::Base {
pallas::Base::from_bytes_wide(hash.as_array()) pallas::Base::from_bytes_wide(hash.as_array())
} }
/// $\mathsf{ToScalar}^\mathsf{Orchard}(x) := LEOS2IP_{\ell_\mathsf{PRFexpand}}(x) (mod r_P)$ /// $\mathsf{ToScalar}^\mathsf{Orchard}(x) := LEOS2IP_{\ell_\mathsf{PRFexpand}}(x) (mod r_P)$
/// ///
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
pub(crate) fn to_scalar(hash: Hash) -> pallas::Scalar { pub(crate) fn to_scalar(hash: Hash) -> pallas::Scalar {
pallas::Scalar::from_bytes_wide(hash.as_array()) pallas::Scalar::from_bytes_wide(hash.as_array())
} }
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][§4.2.3]. /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
/// ///
/// [§4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
pub(crate) fn commit_ivk( pub(crate) fn commit_ivk(
ak: &pallas::Base, ak: &pallas::Base,
nk: &pallas::Base, nk: &pallas::Base,
@ -53,18 +53,18 @@ pub(crate) fn commit_ivk(
pallas::Scalar::from_repr(ivk.to_repr()).unwrap() pallas::Scalar::from_repr(ivk.to_repr()).unwrap()
} }
/// Defined in [Zcash Protocol Spec § 5.4.1.6: DiversifyHash^Sapling and DiversifyHash^Orchard Hash Functions][§5.4.1.6]. /// Defined in [Zcash Protocol Spec § 5.4.1.6: DiversifyHash^Sapling and DiversifyHash^Orchard Hash Functions][concretediversifyhash].
/// ///
/// [§5.4.1.6]: https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash /// [concretediversifyhash]: https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash
pub(crate) fn diversify_hash(d: &[u8; 11]) -> pallas::Point { pub(crate) fn diversify_hash(d: &[u8; 11]) -> pallas::Point {
pallas::Point::hash_to_curve("z.cash:Orchard-gd")(d) pallas::Point::hash_to_curve("z.cash:Orchard-gd")(d)
} }
/// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$ /// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$
/// ///
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][§5.4.2]. /// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
/// ///
/// [§5.4.2]: https://zips.z.cash/protocol/orchard.pdf#concreteprfs /// [concreteprfs]: https://zips.z.cash/protocol/orchard.pdf#concreteprfs
pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> Hash { pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> Hash {
prf_expand_vec(sk, &[t]) prf_expand_vec(sk, &[t])
} }
@ -81,16 +81,18 @@ pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> Hash {
h.finalize() h.finalize()
} }
/// Defined in [Zcash Protocol Spec § 5.4.4.5: Orchard Key Agreement][§5.4.4.5]. /// Defined in [Zcash Protocol Spec § 5.4.4.5: Orchard Key Agreement][concreteorchardkeyagreement].
/// ///
/// [§5.4.4.5]: https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement /// [concreteorchardkeyagreement]: https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement
pub(crate) fn ka_orchard(sk: &pallas::Scalar, b: &pallas::Point) -> pallas::Point { pub(crate) fn ka_orchard(sk: &pallas::Scalar, b: &pallas::Point) -> pallas::Point {
b * sk b * sk
} }
/// Hash extractor for Pallas, from [§ 5.4.8.7]. /// Hash extractor for Pallas.
/// ///
/// [§ 5.4.8.7]: https://zips.z.cash/protocol/nu5.pdf#concreteextractorpallas /// Defined in [Zcash Protocol Spec § 5.4.8.7: Hash Extractor for Pallas][concreteextractorpallas].
///
/// [concreteextractorpallas]: https://zips.z.cash/protocol/nu5.pdf#concreteextractorpallas
pub(crate) fn extract_p(point: &pallas::Point) -> pallas::Base { pub(crate) fn extract_p(point: &pallas::Point) -> pallas::Base {
// TODO: Should we return the actual bits in a Vec, or allow the caller to use // TODO: Should we return the actual bits in a Vec, or allow the caller to use
// PrimeField::to_le_bits on the returned pallas::Base? // PrimeField::to_le_bits on the returned pallas::Base?