zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
334 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

49 Commits

Author SHA1 Message Date
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
Jack Grigg cbf7c3825f builder: Store alpha and use it to derive rsk for signing spends 
This was missed from zcash/orchard#49, but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
 2021-06-05 22:35:52 +01:00
str4d dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors 
Add test vectors for key components
 2021-06-02 22:23:54 +01:00
str4d 803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains 
Define explicit domains for PRF^expand
 2021-06-01 14:31:04 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg 7f47949b09 Take `self` directly in to_bytes methods where Self: Copy 2021-05-28 12:11:22 +01:00
Jack Grigg 5af73f7822 Add test vectors for key components 2021-05-28 11:57:21 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg d8cc596bbe Create separate types for protocol-level and user-level ivk 
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:

- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
  corresponding to the `ivk` type in the protocol spec. It is now
  crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
  `ivk`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
Kris Nuttycombe e72d74ccd6 Remove extraneous pub exports from the root. 2021-05-05 11:46:24 -06:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Jack Grigg f62bbbbb95 Small conversion helpers 2021-04-23 01:08:43 +12:00
Jack Grigg 35f65bb26a Expose RedPallas rerandomization 2021-04-23 01:06:10 +12:00
Jack Grigg 77121facb7 Dummy note generation 2021-04-23 00:46:39 +12:00
str4d 31d1a67837
Expand documentation of conditions on SpendingKeys 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 23:28:32 +01:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 680c917ce6 Note commitment derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 3911fb3202 Use Pallas directly from pasta_curves crate 2021-03-18 15:06:16 +13:00
Jack Grigg e0417268ad Make address generation infallible again 
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
 2021-03-18 08:30:22 +13:00
Jack Grigg 8e55b46dbf Deduplicate default address generation 2021-03-16 10:01:50 +13:00
Jack Grigg 46bf89c122 Update ivk derivation to match latest protocol spec draft 2021-03-16 09:33:07 +13:00
Jack Grigg e0b40cb3cb FullViewingKey::address_at(impl Into<DiversifierIndex>) 
This is a more usable API, which we can use when we have the full
viewing key and can obtain the DiversifierKey.
 2021-03-16 09:20:45 +13:00
Jack Grigg e98f324d7d Ensure diversify_hash does not return the identity 
This makes diversified address generation fallible (though with
negligible probability). We expose this to users, so they can decide how
to handle it (either just unwrapping, or incrementing the diversifier
index).

We alter spending key construction to reject spending keys that would
not result in a default address (with diversifier index 0).
 2021-03-16 09:03:44 +13:00
Jack Grigg 2462bb219b Use [u8; 64] as the output of prf_expand to match the spec 2021-03-09 10:33:56 +13:00
Jack Grigg cef44f5f53 Fix intra-crate doc links 2021-03-09 09:27:34 +13:00
Jack Grigg bf5fb7a668 Add missing spec links to key docs 2021-03-09 09:22:38 +13:00
Jack Grigg 307787ec17 Use spec name for SpendValidatingKey 2021-03-09 09:20:09 +13:00
Jack Grigg 26701c33af Fix commit_ivk specification 
Commit^ivk takes ak as a point, and commits to its entire serialization
(not just the x coordinate).
 2021-03-09 08:28:53 +13:00
str4d cfaa61ab14 Remove unnecessary conversions for DiversifierIndex 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-03-09 07:40:01 +13:00
Jack Grigg 57c64922f6 Add internal CommitIvkRandomness type 2021-03-09 07:38:15 +13:00
Jack Grigg 9455158190 Use protocol spec URL anchors as link handles 2021-03-06 01:18:58 +00:00
Jack Grigg 71542f7ec2 Add internal DiversifiedTransmissionKey type 2021-03-06 01:03:53 +00:00
str4d a61be5d58b
Fix typo in documentation 
Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
 2021-03-06 13:58:48 +13:00
Jack Grigg 27501702d5 Use orchard::redpallas types in orchard::keys implementation 2021-03-06 00:03:26 +00:00
Jack Grigg ceac39d74e Implement ZIP 32 diversifier derivation 2021-03-05 23:36:38 +00:00
Jack Grigg f0779792bc Orchard key components 2021-03-05 23:28:16 +00:00
Jack Grigg bf9e77b629 Move ovk to be derived from fvk instead of the spending key 2021-02-08 15:01:34 +00:00
Jack Grigg 1add6a7ef0 Fix FVK doc comment 2021-02-03 14:19:29 +00:00
Jack Grigg aeddfb64e5 Make Diversifier a newtype around [u8; 11] 2021-02-03 14:16:58 +00:00
Jack Grigg a564ba76ce Remove Chain and value::Constraint traits 
There was push-back on having this crate require these traits, due to the
additional complexity within this crate. My rationale for including them
was to make it simpler to reason about what is responsible for enforcing
chain-specific constraints, and to reduce duplication (by enabling the
wrapping chain implementation to use type definitions and leverage all
built-in behaviour, instead of newtypes and needing to add a bunch of
wrapping logic and boilerplate, some of which would encode chain-specific
logic).

We'll try working within the requirement that this crate enforces minimal
base constraints and hard-codes any constants, and then have the wrapping
chain provide encoding prefixes and additional value constraints where
necessary.
 2021-01-21 12:23:08 +00:00
Jack Grigg 5285737bf0 Add skeleton of key structure 2021-01-20 19:51:03 +00:00