zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
858 Commits 5 Branches 12 Tags 25 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
Kris Nuttycombe 8c96640826 Add diversifier index decryption to DiversifierKey. 2022-02-11 14:09:07 -07:00
Jack Grigg 369b99ee3f Add `doc_cfg` annotations 2021-12-17 22:08:58 +00:00
Jack Grigg 044844c0a0 Reject the identity in `SpendValidatingKey::from_bytes` 
`ak_P` is not allowed to be the identity in the Orchard protocol. We
were enforcing this by construction in most places, except for the
parsing of an Orchard full viewing key.

Closes zcash/orchard#261.
 2021-12-15 13:48:59 +00:00
Jack Grigg 37f1bba998 Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey` 2021-11-30 23:25:35 +00:00
Jack Grigg 674ceb54c8 `impl ConstantTimeEq for {Extended}SpendingKey` 2021-11-30 23:24:50 +00:00
Kris Nuttycombe 14c4b40dfc Add construction of DiversifierIndex directly from bytes. 2021-11-24 18:09:25 -07:00
Jack Grigg 235cd791b4 Fix `IncomingViewingKey::to_bytes` 
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.

Closes zcash/orchard#228.
 2021-11-17 12:12:20 +00:00
Jack Grigg 8c82ceecbf ff 0.11, group 0.11, pasta_curves 0.2 etc. 2021-09-06 20:39:43 +01:00
Kris Nuttycombe e4a54cdf61 Improve error handling in zip32 APIs. 2021-08-31 16:49:58 -06:00
therealyingtong c3e24794f0 zip32.rs: master and child key derivation for ExtendedSpendingKey 2021-08-31 15:49:32 -06:00
Kris Nuttycombe 77be355912 Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 0449edd5b8 Validate the sign of the y-coordinate for ak when deserializing. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 872f337811 Expose SpendingKey byte representation. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 52f0f158ef Add serialization and parsing of full viewing keys. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe 1fd00e6236 Add raw address serialization and parsing. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe e33cd4ade4 Add trial decryption of actions to Bundle 2021-08-23 11:28:25 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
Jack Grigg 79988a5317 Move the interpolation logic into `SharedSecret::batch_to_affine` 
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
 2021-08-13 14:27:20 +01:00
Jack Grigg c79acc0e08 Fix length of output Vec for `SharedSecret::batch_to_affine` 
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
 2021-08-12 13:40:56 +01:00
Jack Grigg 8e13986101 Implement `Domain::batch_epk` for note decryption 
Improves throughput of batched trial decryption by around 10%.
 2021-08-12 01:36:38 +01:00
Jack Grigg 8c15cc25be Benchmark batch trial decryption 2021-08-12 01:36:38 +01:00
therealyingtong 8cf7a6872c Minor refactors, text fixes, and docfixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-23 00:15:54 +08:00
therealyingtong 6f4b5b0340 circuit.rs: Constrain derived circuit values to equal public inputs. 2021-07-21 20:35:43 +08:00
therealyingtong d16b83816b Implement needed getters and conversions in other modules. 2021-07-21 20:35:43 +08:00
Daira Hopwood 81fb944997 Make this crate clippy clean for warnings on nightly. 
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:04:00 +01:00
Jack Grigg 769be6c080 Note encryption test vectors 2021-06-11 23:55:17 +01:00
Jack Grigg 99665572a2 Orchard note encryption 2021-06-11 23:55:16 +01:00
Jack Grigg 11350339f5 Ensure that derived esk is non-zero 
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
 2021-06-11 23:54:35 +01:00
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
Jack Grigg cbf7c3825f builder: Store alpha and use it to derive rsk for signing spends 
This was missed from zcash/orchard#49, but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
 2021-06-05 22:35:52 +01:00
str4d dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors 
Add test vectors for key components
 2021-06-02 22:23:54 +01:00
str4d 803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains 
Define explicit domains for PRF^expand
 2021-06-01 14:31:04 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg 7f47949b09 Take `self` directly in to_bytes methods where Self: Copy 2021-05-28 12:11:22 +01:00
Jack Grigg 5af73f7822 Add test vectors for key components 2021-05-28 11:57:21 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg d8cc596bbe Create separate types for protocol-level and user-level ivk 
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:

- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
  corresponding to the `ivk` type in the protocol spec. It is now
  crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
  `ivk`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
Kris Nuttycombe e72d74ccd6 Remove extraneous pub exports from the root. 2021-05-05 11:46:24 -06:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Jack Grigg f62bbbbb95 Small conversion helpers 2021-04-23 01:08:43 +12:00
Jack Grigg 35f65bb26a Expose RedPallas rerandomization 2021-04-23 01:06:10 +12:00
Jack Grigg 77121facb7 Dummy note generation 2021-04-23 00:46:39 +12:00