added note_type to value commit derivation

src/action.rs

@@ -137,6 +137,7 @@ pub(crate) mod testing {
         },
         value::{NoteValue, ValueCommitTrapdoor, ValueCommitment},
     };
+    use crate::note::NoteType;
 
     use super::Action;
 
@@ -150,7 +151,8 @@ pub(crate) mod testing {
             let cmx = ExtractedNoteCommitment::from(note.commitment());
             let cv_net = ValueCommitment::derive(
                 spend_value - output_value,
-                ValueCommitTrapdoor::zero()
+                ValueCommitTrapdoor::zero(),
+                NoteType::native()
             );
             // FIXME: make a real one from the note.
             let encrypted_note = TransmittedNoteCiphertext {
@@ -181,7 +183,8 @@ pub(crate) mod testing {
             let cmx = ExtractedNoteCommitment::from(note.commitment());
             let cv_net = ValueCommitment::derive(
                 spend_value - output_value,
-                ValueCommitTrapdoor::zero()
+                ValueCommitTrapdoor::zero(),
+                NoteType::native()
             );
 
             // FIXME: make a real one from the note.

src/builder.rs

@@ -23,6 +23,7 @@ use crate::{
     tree::{Anchor, MerklePath},
     value::{self, NoteValue, OverflowError, ValueCommitTrapdoor, ValueCommitment, ValueSum},
 };
+use crate::note::NoteType;
 
 const MIN_ACTIONS: usize = 2;
 
@@ -140,7 +141,7 @@ impl ActionInfo {
     /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
     fn build(self, mut rng: impl RngCore) -> (Action<SigningMetadata>, Circuit) {
         let v_net = self.value_sum();
-        let cv_net = ValueCommitment::derive(v_net, self.rcv.clone());
+        let cv_net = ValueCommitment::derive(v_net, self.rcv.clone(), NoteType::native());
 
         let nf_old = self.spend.note.nullifier(&self.spend.fvk);
         let sender_address = self.spend.note.recipient();
@@ -368,7 +369,7 @@ impl Builder {
 
         // Verify that bsk and bvk are consistent.
         let bvk = (actions.iter().map(|a| a.cv_net()).sum::<ValueCommitment>()
-            - ValueCommitment::derive(value_balance, ValueCommitTrapdoor::zero()))
+            - ValueCommitment::derive(value_balance, ValueCommitTrapdoor::zero(), NoteType::native()))
         .into_bvk();
         assert_eq!(redpallas::VerificationKey::from(&bsk), bvk);
 

src/bundle.rs

@@ -21,6 +21,7 @@ use crate::{
     tree::Anchor,
     value::{ValueCommitTrapdoor, ValueCommitment, ValueSum},
 };
+use crate::note::NoteType;
 
 impl<T> Action<T> {
     /// Prepares the public instance for this action, for creating and verifying the
@@ -374,9 +375,10 @@ impl<T: Authorization, V: Copy + Into<i64>> Bundle<T, V> {
             .map(|a| a.cv_net())
             .sum::<ValueCommitment>()
             - ValueCommitment::derive(
-                ValueSum::from_raw(self.value_balance.into()),
-                ValueCommitTrapdoor::zero(),
-            ))
+            ValueSum::from_raw(self.value_balance.into()),
+            ValueCommitTrapdoor::zero(),
+            NoteType::native(),
+        ))
         .into_bvk()
     }
 }

src/circuit.rs

@@ -888,6 +888,7 @@ mod tests {
         tree::MerklePath,
         value::{ValueCommitTrapdoor, ValueCommitment},
     };
+    use crate::note::NoteType;
 
     fn generate_circuit_instance<R: RngCore>(mut rng: R) -> (Circuit, Instance) {
         let (_, fvk, spent_note) = Note::dummy(&mut rng, None);
@@ -905,7 +906,7 @@ mod tests {
 
         let value = spent_note.value() - output_note.value();
         let rcv = ValueCommitTrapdoor::random(&mut rng);
-        let cv_net = ValueCommitment::derive(value, rcv.clone());
+        let cv_net = ValueCommitment::derive(value, rcv.clone(), NoteType::native());
 
         let path = MerklePath::dummy(&mut rng);
         let anchor = path.root(spent_note.commitment().into());

src/note/note_type.rs

@@ -1,33 +1,31 @@
-use group::ff::PrimeField;
+use group::GroupEncoding;
 use halo2_proofs::arithmetic::CurveExt;
-use pasta_curves::{pallas};
+use pasta_curves::pallas;
 use subtle::CtOption;
 
 use crate::constants::fixed_bases::{VALUE_COMMITMENT_PERSONALIZATION, VALUE_COMMITMENT_V_BYTES};
 use crate::keys::SpendValidatingKey;
-use crate::spec::extract_p;
 
 /// Note type identifier.
-#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct NoteType(pub(crate) pallas::Base);
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub struct NoteType(pub(crate) pallas::Point);
 
 // the hasher used to derive the assetID
 #[allow(non_snake_case)]
-fn assetID_hasher(msg: Vec<u8>) -> pallas::Base {
-    let hasher = pallas::Point::hash_to_curve(VALUE_COMMITMENT_PERSONALIZATION);
-    extract_p(&hasher(msg.as_bytes())))
+fn assetID_hasher(msg: Vec<u8>) -> pallas::Point {
+    // TODO(zsa) replace personalization, will require circuit change.
+    pallas::Point::hash_to_curve(VALUE_COMMITMENT_PERSONALIZATION)(&msg)
 }
 
 impl NoteType {
-
     /// Deserialize the note_type from a byte array.
     pub fn from_bytes(bytes: &[u8; 32]) -> CtOption<Self> {
-        pallas::Base::from_repr(*bytes).map(NoteType)
+        pallas::Point::from_bytes(bytes).map(NoteType)
     }
 
     /// Serialize the note_type to its canonical byte representation.
     pub fn to_bytes(self) -> [u8; 32] {
-        self.0.to_repr()
+        self.0.to_bytes()
     }
 
     /// $DeriveNoteType$.
@@ -63,7 +61,6 @@ pub mod testing {
     use std::convert::TryFrom;
 
     use super::NoteType;
-    use crate::spec::extract_p;
 
     prop_compose! {
         /// Generate a uniformly distributed note type
@@ -71,7 +68,7 @@ pub mod testing {
             bytes in vec(any::<u8>(), 64)
         ) -> NoteType {
             let point = pallas::Point::generator() * pallas::Scalar::from_bytes_wide(&<[u8; 64]>::try_from(bytes).unwrap());
-            NoteType(extract_p(&point))
+            NoteType(point)
         }
     }
 }

src/value.rs

@@ -50,9 +50,10 @@ use pasta_curves::{
 use rand::RngCore;
 use subtle::CtOption;
 
+use crate::note::NoteType;
 use crate::{
     constants::fixed_bases::{
-        VALUE_COMMITMENT_PERSONALIZATION, VALUE_COMMITMENT_R_BYTES, VALUE_COMMITMENT_V_BYTES,
+        VALUE_COMMITMENT_PERSONALIZATION, VALUE_COMMITMENT_R_BYTES,
     },
     primitives::redpallas::{self, Binding},
 };
@@ -292,9 +293,8 @@ impl ValueCommitment {
     ///
     /// [concretehomomorphiccommit]: https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit
     #[allow(non_snake_case)]
-    pub(crate) fn derive(value: ValueSum, rcv: ValueCommitTrapdoor) -> Self {
+    pub(crate) fn derive(value: ValueSum, rcv: ValueCommitTrapdoor, note_type: NoteType) -> Self {
         let hasher = pallas::Point::hash_to_curve(VALUE_COMMITMENT_PERSONALIZATION);
-        let V = hasher(&VALUE_COMMITMENT_V_BYTES);
         let R = hasher(&VALUE_COMMITMENT_R_BYTES);
         let abs_value = u64::try_from(value.0.abs()).expect("value must be in valid range");
 
@@ -304,7 +304,9 @@ impl ValueCommitment {
             pallas::Scalar::from(abs_value)
         };
 
-        ValueCommitment(V * value + R * rcv.0)
+        let V_zsa = note_type.0;
+
+        ValueCommitment(V_zsa * value + R * rcv.0)
     }
 
     pub(crate) fn into_bvk(self) -> redpallas::VerificationKey<Binding> {
@@ -407,6 +409,7 @@ pub mod testing {
 
 #[cfg(test)]
 mod tests {
+    use crate::note::NoteType;
     use proptest::prelude::*;
 
     use super::{
@@ -438,9 +441,9 @@ mod tests {
 
             let bvk = (values
                 .into_iter()
-                .map(|(value, rcv)| ValueCommitment::derive(value, rcv))
+                .map(|(value, rcv)| ValueCommitment::derive(value, rcv, NoteType::native()))
                 .sum::<ValueCommitment>()
-                - ValueCommitment::derive(value_balance, ValueCommitTrapdoor::zero()))
+                - ValueCommitment::derive(value_balance, ValueCommitTrapdoor::zero(), NoteType::native()))
             .into_bvk();
 
             assert_eq!(redpallas::VerificationKey::from(&bsk), bvk);