zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #278 from zcash/203-shuffle-spends-and-outputs 

Shuffle spends and recipients before pairing them into Actions
This commit is contained in:
Kris Nuttycombe 2022-02-11 11:10:46 -07:00 committed by GitHub
parent 40491385c6 c1447d6af2
commit 62afe98f14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/builder.rs
View File

@ -7,7 +7,7 @@ use ff::Field;
use group::GroupEncoding; use group::GroupEncoding;
use nonempty::NonEmpty; use nonempty::NonEmpty;
use pasta_curves::pallas; use pasta_curves::pallas;
use rand::{CryptoRng, RngCore}; use rand::{prelude::SliceRandom, CryptoRng, RngCore};
use crate::{ use crate::{
address::Address, address::Address,
@ -286,10 +286,6 @@ impl Builder {
mut rng: impl RngCore, mut rng: impl RngCore,
) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> { ) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> {
// Pair up the spends and recipients, extending with dummy values as necessary. // Pair up the spends and recipients, extending with dummy values as necessary.
//
// TODO: Do we want to shuffle the order like we do for Sapling? And if we do, do
// we need the extra logic for mapping the user-provided input order to the
// shuffled order?
let pre_actions: Vec<_> = { let pre_actions: Vec<_> = {
let num_spends = self.spends.len(); let num_spends = self.spends.len();
let num_recipients = self.recipients.len(); let num_recipients = self.recipients.len();
@ -307,6 +303,12 @@ impl Builder {
.take(num_actions - num_recipients), .take(num_actions - num_recipients),
); );
// Shuffle the spends and recipients, so that learning the position of a
// specific spent note or output note doesn't reveal anything on its own about
// the meaning of that note in the transaction context.
self.spends.shuffle(&mut rng);
self.recipients.shuffle(&mut rng);
self.spends self.spends
.into_iter() .into_iter()
.zip(self.recipients.into_iter()) .zip(self.recipients.into_iter())

4
src/keys.rs
View File

@ -12,7 +12,7 @@ use group::{
prime::PrimeCurveAffine, prime::PrimeCurveAffine,
Curve, GroupEncoding, Curve, GroupEncoding,
}; };
use pasta_curves::{arithmetic::FieldExt, pallas}; use pasta_curves::pallas;
use rand::RngCore; use rand::RngCore;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
use zcash_note_encryption::EphemeralKeyBytes; use zcash_note_encryption::EphemeralKeyBytes;
@ -324,7 +324,7 @@ impl FullViewingKey {
} }
pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness { pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness {
let k = self.rivk.0.to_bytes(); let k = self.rivk.0.to_repr();
let ak = self.ak.to_bytes(); let ak = self.ak.to_bytes();
let nk = self.nk.to_bytes(); let nk = self.nk.to_bytes();
CommitIvkRandomness(to_scalar( CommitIvkRandomness(to_scalar(