mirror of https://github.com/zcash/orchard.git
Merge pull request #278 from zcash/203-shuffle-spends-and-outputs
Shuffle spends and recipients before pairing them into Actions
This commit is contained in:
commit
62afe98f14
|
@ -7,7 +7,7 @@ use ff::Field;
|
||||||
use group::GroupEncoding;
|
use group::GroupEncoding;
|
||||||
use nonempty::NonEmpty;
|
use nonempty::NonEmpty;
|
||||||
use pasta_curves::pallas;
|
use pasta_curves::pallas;
|
||||||
use rand::{CryptoRng, RngCore};
|
use rand::{prelude::SliceRandom, CryptoRng, RngCore};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
address::Address,
|
address::Address,
|
||||||
|
@ -286,10 +286,6 @@ impl Builder {
|
||||||
mut rng: impl RngCore,
|
mut rng: impl RngCore,
|
||||||
) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> {
|
) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> {
|
||||||
// Pair up the spends and recipients, extending with dummy values as necessary.
|
// Pair up the spends and recipients, extending with dummy values as necessary.
|
||||||
//
|
|
||||||
// TODO: Do we want to shuffle the order like we do for Sapling? And if we do, do
|
|
||||||
// we need the extra logic for mapping the user-provided input order to the
|
|
||||||
// shuffled order?
|
|
||||||
let pre_actions: Vec<_> = {
|
let pre_actions: Vec<_> = {
|
||||||
let num_spends = self.spends.len();
|
let num_spends = self.spends.len();
|
||||||
let num_recipients = self.recipients.len();
|
let num_recipients = self.recipients.len();
|
||||||
|
@ -307,6 +303,12 @@ impl Builder {
|
||||||
.take(num_actions - num_recipients),
|
.take(num_actions - num_recipients),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Shuffle the spends and recipients, so that learning the position of a
|
||||||
|
// specific spent note or output note doesn't reveal anything on its own about
|
||||||
|
// the meaning of that note in the transaction context.
|
||||||
|
self.spends.shuffle(&mut rng);
|
||||||
|
self.recipients.shuffle(&mut rng);
|
||||||
|
|
||||||
self.spends
|
self.spends
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.zip(self.recipients.into_iter())
|
.zip(self.recipients.into_iter())
|
||||||
|
|
|
@ -12,7 +12,7 @@ use group::{
|
||||||
prime::PrimeCurveAffine,
|
prime::PrimeCurveAffine,
|
||||||
Curve, GroupEncoding,
|
Curve, GroupEncoding,
|
||||||
};
|
};
|
||||||
use pasta_curves::{arithmetic::FieldExt, pallas};
|
use pasta_curves::pallas;
|
||||||
use rand::RngCore;
|
use rand::RngCore;
|
||||||
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
|
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
|
||||||
use zcash_note_encryption::EphemeralKeyBytes;
|
use zcash_note_encryption::EphemeralKeyBytes;
|
||||||
|
@ -324,7 +324,7 @@ impl FullViewingKey {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness {
|
pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness {
|
||||||
let k = self.rivk.0.to_bytes();
|
let k = self.rivk.0.to_repr();
|
||||||
let ak = self.ak.to_bytes();
|
let ak = self.ak.to_bytes();
|
||||||
let nk = self.nk.to_bytes();
|
let nk = self.nk.to_bytes();
|
||||||
CommitIvkRandomness(to_scalar(
|
CommitIvkRandomness(to_scalar(
|
||||||
|
|
Loading…
Reference in New Issue