zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #278 from zcash/203-shuffle-spends-and-outputs 

Shuffle spends and recipients before pairing them into Actions
This commit is contained in:
Kris Nuttycombe 2022-02-11 11:10:46 -07:00 committed by GitHub
parent 40491385c6 c1447d6af2
commit 62afe98f14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/builder.rs
View File

@ -7,7 +7,7 @@ use ff::Field;
use group::GroupEncoding;
use nonempty::NonEmpty;
use pasta_curves::pallas;
use rand::{CryptoRng, RngCore};
use rand::{prelude::SliceRandom, CryptoRng, RngCore};
use crate::{
address::Address,
@ -286,10 +286,6 @@ impl Builder {
mut rng: impl RngCore,
) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> {
// Pair up the spends and recipients, extending with dummy values as necessary.
//
// TODO: Do we want to shuffle the order like we do for Sapling? And if we do, do
// we need the extra logic for mapping the user-provided input order to the
// shuffled order?
let pre_actions: Vec<_> = {
let num_spends = self.spends.len();
let num_recipients = self.recipients.len();
@ -307,6 +303,12 @@ impl Builder {
.take(num_actions - num_recipients),
);
// Shuffle the spends and recipients, so that learning the position of a
// specific spent note or output note doesn't reveal anything on its own about
// the meaning of that note in the transaction context.
self.spends.shuffle(&mut rng);
self.recipients.shuffle(&mut rng);
self.spends
.into_iter()
.zip(self.recipients.into_iter())

4
src/keys.rs
View File

@ -12,7 +12,7 @@ use group::{
prime::PrimeCurveAffine,
Curve, GroupEncoding,
};
use pasta_curves::{arithmetic::FieldExt, pallas};
use pasta_curves::pallas;
use rand::RngCore;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
use zcash_note_encryption::EphemeralKeyBytes;
@ -324,7 +324,7 @@ impl FullViewingKey {
}
pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness {
let k = self.rivk.0.to_bytes();
let k = self.rivk.0.to_repr();
let ak = self.ak.to_bytes();
let nk = self.nk.to_bytes();
CommitIvkRandomness(to_scalar(