From 90e64cbac06314e0ea32a56733090dc54440d488 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Fri, 19 May 2023 16:40:33 +0000
Subject: [PATCH] Remove redundant checks during note encryption

The consistency check between `esk` and `ephemeral_key` is checked
inside `zcash_note_encryption::try_output_recovery_with_ock`, and the
requirement to check it inside the `Domain` implementation is being
lifted in zcash/librustzcash#848.

Removing the check here improves performance, both because we avoid an
extra scalar multiplication from `esk.derive_public()`, and because we
avoid an unnecessary `spec::diversify_hash()` call which is expensive
for Orchard.
---
 src/note_encryption.rs | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/src/note_encryption.rs b/src/note_encryption.rs
index e777fd45..31a5a8be 100644
--- a/src/note_encryption.rs
+++ b/src/note_encryption.rs
@@ -17,7 +17,6 @@ use crate::{
         OutgoingViewingKey, PreparedEphemeralPublicKey, PreparedIncomingViewingKey, SharedSecret,
     },
     note::{ExtractedNoteCommitment, Nullifier, RandomSeed},
-    spec::diversify_hash,
     value::{NoteValue, ValueCommitment},
     Address, Note,
 };
@@ -52,10 +51,10 @@ pub(crate) fn prf_ock_orchard(
 fn orchard_parse_note_plaintext_without_memo<F>(
     domain: &OrchardDomain,
     plaintext: &[u8],
-    get_validated_pk_d: F,
+    get_pk_d: F,
 ) -> Option<(Note, Address)>
 where
-    F: FnOnce(&Diversifier) -> Option<DiversifiedTransmissionKey>,
+    F: FnOnce(&Diversifier) -> DiversifiedTransmissionKey,
 {
     assert!(plaintext.len() >= COMPACT_NOTE_SIZE);
 
@@ -72,7 +71,7 @@ where
         &domain.rho,
     ))?;
 
-    let pk_d = get_validated_pk_d(&diversifier)?;
+    let pk_d = get_pk_d(&diversifier);
 
     let recipient = Address::from_parts(diversifier, pk_d);
     let note = Option::from(Note::from_parts(recipient, value, domain.rho, rseed))?;
@@ -209,29 +208,18 @@ impl Domain for OrchardDomain {
         plaintext: &[u8],
     ) -> Option<(Self::Note, Self::Recipient)> {
         orchard_parse_note_plaintext_without_memo(self, plaintext, |diversifier| {
-            Some(DiversifiedTransmissionKey::derive(ivk, diversifier))
+            DiversifiedTransmissionKey::derive(ivk, diversifier)
         })
     }
 
     fn parse_note_plaintext_without_memo_ovk(
         &self,
         pk_d: &Self::DiversifiedTransmissionKey,
-        esk: &Self::EphemeralSecretKey,
-        ephemeral_key: &EphemeralKeyBytes,
+        _esk: &Self::EphemeralSecretKey,
+        _ephemeral_key: &EphemeralKeyBytes,
         plaintext: &NotePlaintextBytes,
     ) -> Option<(Self::Note, Self::Recipient)> {
-        orchard_parse_note_plaintext_without_memo(self, &plaintext.0, |diversifier| {
-            if esk
-                .derive_public(diversify_hash(diversifier.as_array()))
-                .to_bytes()
-                .0
-                == ephemeral_key.0
-            {
-                Some(*pk_d)
-            } else {
-                None
-            }
-        })
+        orchard_parse_note_plaintext_without_memo(self, &plaintext.0, |_| *pk_d)
     }
 
     fn extract_memo(&self, plaintext: &NotePlaintextBytes) -> Self::Memo {