mirror of https://github.com/zcash/halo2.git
Move prf_expand{_vec} into a submodule for clarity
This commit is contained in:
parent
f82d00e40d
commit
cea8a3ab69
25
src/spec.rs
25
src/spec.rs
|
@ -3,7 +3,6 @@
|
||||||
use std::iter;
|
use std::iter;
|
||||||
use std::ops::Deref;
|
use std::ops::Deref;
|
||||||
|
|
||||||
use blake2b_simd::Params;
|
|
||||||
use ff::{Field, PrimeField};
|
use ff::{Field, PrimeField};
|
||||||
use group::{Curve, Group};
|
use group::{Curve, Group};
|
||||||
use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt};
|
use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt};
|
||||||
|
@ -15,7 +14,8 @@ use crate::{
|
||||||
primitives::{poseidon, sinsemilla},
|
primitives::{poseidon, sinsemilla},
|
||||||
};
|
};
|
||||||
|
|
||||||
const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
|
mod prf_expand;
|
||||||
|
pub(crate) use prf_expand::{prf_expand, prf_expand_vec};
|
||||||
|
|
||||||
/// A Pallas point that is guaranteed to not be the identity.
|
/// A Pallas point that is guaranteed to not be the identity.
|
||||||
#[derive(Clone, Copy, Debug)]
|
#[derive(Clone, Copy, Debug)]
|
||||||
|
@ -138,27 +138,6 @@ pub(crate) fn diversify_hash(d: &[u8; 11]) -> NonIdentityPallasPoint {
|
||||||
NonIdentityPallasPoint(CtOption::new(pk_d, !pk_d.is_identity()).unwrap_or_else(|| hasher(&[])))
|
NonIdentityPallasPoint(CtOption::new(pk_d, !pk_d.is_identity()).unwrap_or_else(|| hasher(&[])))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$
|
|
||||||
///
|
|
||||||
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
|
|
||||||
///
|
|
||||||
/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs
|
|
||||||
pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> [u8; 64] {
|
|
||||||
prf_expand_vec(sk, &[t])
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> [u8; 64] {
|
|
||||||
let mut h = Params::new()
|
|
||||||
.hash_length(64)
|
|
||||||
.personal(PRF_EXPAND_PERSONALIZATION)
|
|
||||||
.to_state();
|
|
||||||
h.update(sk);
|
|
||||||
for t in ts {
|
|
||||||
h.update(t);
|
|
||||||
}
|
|
||||||
*h.finalize().as_array()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// $PRF^\mathsf{nfOrchard}(nk, \rho) := Poseidon(nk, \rho)$
|
/// $PRF^\mathsf{nfOrchard}(nk, \rho) := Poseidon(nk, \rho)$
|
||||||
///
|
///
|
||||||
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
|
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
use blake2b_simd::Params;
|
||||||
|
|
||||||
|
const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
|
||||||
|
|
||||||
|
/// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$
|
||||||
|
///
|
||||||
|
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
|
||||||
|
///
|
||||||
|
/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs
|
||||||
|
pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> [u8; 64] {
|
||||||
|
prf_expand_vec(sk, &[t])
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> [u8; 64] {
|
||||||
|
let mut h = Params::new()
|
||||||
|
.hash_length(64)
|
||||||
|
.personal(PRF_EXPAND_PERSONALIZATION)
|
||||||
|
.to_state();
|
||||||
|
h.update(sk);
|
||||||
|
for t in ts {
|
||||||
|
h.update(t);
|
||||||
|
}
|
||||||
|
*h.finalize().as_array()
|
||||||
|
}
|
Loading…
Reference in New Issue