mirror of https://github.com/zcash/halo2.git
Add commit_from_hash_point
This commit is contained in:
parent
731bc1021a
commit
b1e397f5b1
|
@ -184,7 +184,8 @@ impl HashDomain {
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
#[allow(non_snake_case)]
|
#[allow(non_snake_case)]
|
||||||
pub struct CommitDomain {
|
pub struct CommitDomain {
|
||||||
M: HashDomain,
|
/// A domain in which $\mathsf{SinsemillaHashToPoint}$ and $\mathsf{SinsemillaHash}$ can be used
|
||||||
|
pub M: HashDomain,
|
||||||
R: pallas::Point,
|
R: pallas::Point,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -229,6 +230,19 @@ impl CommitDomain {
|
||||||
.map(|p| p + Wnaf::new().scalar(r).base(self.R))
|
.map(|p| p + Wnaf::new().scalar(r).base(self.R))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Returns `SinsemillaCommit_r(personalization, msg) = hash_point + \[r\]R`
|
||||||
|
/// where `SinsemillaHash(personalization, msg) = hash_point`
|
||||||
|
/// and `R` is derived from the `personalization`.
|
||||||
|
#[allow(non_snake_case)]
|
||||||
|
pub fn commit_from_hash_point(
|
||||||
|
&self,
|
||||||
|
hash_point: CtOption<pallas::Point>,
|
||||||
|
r: &pallas::Scalar,
|
||||||
|
) -> CtOption<pallas::Point> {
|
||||||
|
// We use complete addition for the blinding factor.
|
||||||
|
hash_point.map(|p| p + Wnaf::new().scalar(r).base(self.R))
|
||||||
|
}
|
||||||
|
|
||||||
/// $\mathsf{SinsemillaShortCommit}$ from [§ 5.4.8.4][concretesinsemillacommit].
|
/// $\mathsf{SinsemillaShortCommit}$ from [§ 5.4.8.4][concretesinsemillacommit].
|
||||||
///
|
///
|
||||||
/// [concretesinsemillacommit]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit
|
/// [concretesinsemillacommit]: https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit
|
||||||
|
@ -320,4 +334,32 @@ mod tests {
|
||||||
assert_eq!(computed, actual);
|
assert_eq!(computed, actual);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn commit_in_several_steps() {
|
||||||
|
use rand::{rngs::OsRng, Rng};
|
||||||
|
|
||||||
|
use ff::Field;
|
||||||
|
|
||||||
|
use crate::sinsemilla::primitives::CommitDomain;
|
||||||
|
|
||||||
|
let domain = CommitDomain::new("z.cash:ZSA-NoteCommit");
|
||||||
|
|
||||||
|
let mut os_rng = OsRng::default();
|
||||||
|
let msg: Vec<bool> = (0..36).map(|_| os_rng.gen::<bool>()).collect();
|
||||||
|
|
||||||
|
let rcm = pallas::Scalar::random(&mut os_rng);
|
||||||
|
|
||||||
|
// Evaluate the commitment with commit function
|
||||||
|
let commit1 = domain.commit(msg.clone().into_iter(), &rcm);
|
||||||
|
|
||||||
|
// Evaluate the commitment with the following steps
|
||||||
|
// 1. hash msg
|
||||||
|
// 2. evaluate the commitment from the hash point
|
||||||
|
let hash_point = domain.M.hash_to_point(msg.into_iter());
|
||||||
|
let commit2 = domain.commit_from_hash_point(hash_point, &rcm);
|
||||||
|
|
||||||
|
// Test equality
|
||||||
|
assert_eq!(commit1.unwrap(), commit2.unwrap());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue