mirror of https://github.com/zcash/orchard.git
Nullifier derivation
This commit is contained in:
parent
1a37ca492d
commit
0f6eb9ca6c
14
src/keys.rs
14
src/keys.rs
|
@ -14,8 +14,8 @@ use crate::{
|
||||||
address::Address,
|
address::Address,
|
||||||
primitives::redpallas::{self, SpendAuth},
|
primitives::redpallas::{self, SpendAuth},
|
||||||
spec::{
|
spec::{
|
||||||
commit_ivk, diversify_hash, extract_p, ka_orchard, prf_expand, prf_expand_vec, to_base,
|
commit_ivk, diversify_hash, extract_p, ka_orchard, prf_expand, prf_expand_vec, prf_nf,
|
||||||
to_scalar,
|
to_base, to_scalar,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -102,6 +102,12 @@ impl From<&SpendingKey> for NullifierDerivingKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl NullifierDerivingKey {
|
||||||
|
pub(crate) fn prf_nf(&self, rho: pallas::Base) -> pallas::Base {
|
||||||
|
prf_nf(self.0, rho)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// The randomness for $\mathsf{Commit}^\mathsf{ivk}$.
|
/// The randomness for $\mathsf{Commit}^\mathsf{ivk}$.
|
||||||
///
|
///
|
||||||
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
|
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
|
||||||
|
@ -142,6 +148,10 @@ impl From<&SpendingKey> for FullViewingKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl FullViewingKey {
|
impl FullViewingKey {
|
||||||
|
pub(crate) fn nk(&self) -> &NullifierDerivingKey {
|
||||||
|
&self.nk
|
||||||
|
}
|
||||||
|
|
||||||
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
|
/// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
|
||||||
///
|
///
|
||||||
/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
|
/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
|
||||||
|
|
11
src/note.rs
11
src/note.rs
|
@ -11,6 +11,9 @@ use crate::{
|
||||||
mod commitment;
|
mod commitment;
|
||||||
pub use self::commitment::NoteCommitment;
|
pub use self::commitment::NoteCommitment;
|
||||||
|
|
||||||
|
mod nullifier;
|
||||||
|
pub use self::nullifier::Nullifier;
|
||||||
|
|
||||||
/// The ZIP 212 seed randomness for a note.
|
/// The ZIP 212 seed randomness for a note.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
struct RandomSeed([u8; 32]);
|
struct RandomSeed([u8; 32]);
|
||||||
|
@ -69,15 +72,11 @@ impl Note {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Derives the nullifier for this note.
|
/// Derives the nullifier for this note.
|
||||||
pub fn nullifier(&self, _: &FullViewingKey) -> Nullifier {
|
pub fn nullifier(&self, fvk: &FullViewingKey) -> Nullifier {
|
||||||
todo!()
|
Nullifier::derive(self.rho.0, self.rseed.psi(), self.commitment(), fvk.nk())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// An encrypted note.
|
/// An encrypted note.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct EncryptedNote;
|
pub struct EncryptedNote;
|
||||||
|
|
||||||
/// A unique nullifier for a note.
|
|
||||||
#[derive(Debug)]
|
|
||||||
pub struct Nullifier(pallas::Base);
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ impl From<&RandomSeed> for NoteCommitTrapdoor {
|
||||||
|
|
||||||
/// A commitment to a note.
|
/// A commitment to a note.
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct NoteCommitment(pallas::Point);
|
pub struct NoteCommitment(pub(super) pallas::Point);
|
||||||
|
|
||||||
impl NoteCommitment {
|
impl NoteCommitment {
|
||||||
/// $NoteCommit^Orchard$.
|
/// $NoteCommit^Orchard$.
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
use halo2::arithmetic::CurveExt;
|
||||||
|
use pasta_curves::pallas;
|
||||||
|
|
||||||
|
use super::NoteCommitment;
|
||||||
|
use crate::{
|
||||||
|
keys::NullifierDerivingKey,
|
||||||
|
spec::{extract_p, mod_r_p},
|
||||||
|
};
|
||||||
|
|
||||||
|
/// A unique nullifier for a note.
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct Nullifier(pub(super) pallas::Base);
|
||||||
|
|
||||||
|
impl Nullifier {
|
||||||
|
/// $DeriveNullifier$.
|
||||||
|
///
|
||||||
|
/// Defined in [Zcash Protocol Spec § 4.16: Note Commitments and Nullifiers][commitmentsandnullifiers].
|
||||||
|
///
|
||||||
|
/// [commitmentsandnullifiers]: https://zips.z.cash/protocol/nu5.pdf#commitmentsandnullifiers
|
||||||
|
pub(super) fn derive(
|
||||||
|
rho: pallas::Base,
|
||||||
|
psi: pallas::Base,
|
||||||
|
cm: NoteCommitment,
|
||||||
|
nk: &NullifierDerivingKey,
|
||||||
|
) -> Self {
|
||||||
|
let k = pallas::Point::hash_to_curve("z.cash:Orchard")(b"K");
|
||||||
|
|
||||||
|
Nullifier(extract_p(&(k * mod_r_p(nk.prf_nf(rho) + psi) + cm.0)))
|
||||||
|
}
|
||||||
|
}
|
15
src/spec.rs
15
src/spec.rs
|
@ -8,7 +8,10 @@ use group::{Curve, Group};
|
||||||
use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt};
|
use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt};
|
||||||
use pasta_curves::pallas;
|
use pasta_curves::pallas;
|
||||||
|
|
||||||
use crate::{constants::L_ORCHARD_BASE, primitives::sinsemilla};
|
use crate::{
|
||||||
|
constants::L_ORCHARD_BASE,
|
||||||
|
primitives::{poseidon, sinsemilla},
|
||||||
|
};
|
||||||
|
|
||||||
const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
|
const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
|
||||||
|
|
||||||
|
@ -94,6 +97,16 @@ pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> [u8; 64] {
|
||||||
*h.finalize().as_array()
|
*h.finalize().as_array()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// $PRF^\mathsf{nfOrchard}(nk, \rho) := Poseidon(nk, \rho)$
|
||||||
|
///
|
||||||
|
/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
|
||||||
|
///
|
||||||
|
/// [concreteprfs]: https://zips.z.cash/protocol/orchard.pdf#concreteprfs
|
||||||
|
pub(crate) fn prf_nf(nk: pallas::Base, rho: pallas::Base) -> pallas::Base {
|
||||||
|
poseidon::Hash::init(poseidon::OrchardNullifier, poseidon::ConstantLength(2))
|
||||||
|
.hash(iter::empty().chain(Some(nk)).chain(Some(rho)))
|
||||||
|
}
|
||||||
|
|
||||||
/// Defined in [Zcash Protocol Spec § 5.4.5.5: Orchard Key Agreement][concreteorchardkeyagreement].
|
/// Defined in [Zcash Protocol Spec § 5.4.5.5: Orchard Key Agreement][concreteorchardkeyagreement].
|
||||||
///
|
///
|
||||||
/// [concreteorchardkeyagreement]: https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement
|
/// [concreteorchardkeyagreement]: https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement
|
||||||
|
|
Loading…
Reference in New Issue