therealyingtong
99119f04fa
Derive internal full viewing key.
2022-02-01 18:55:21 +08:00
therealyingtong
2412e83400
Derive internal spending key.
2022-02-01 18:55:21 +08:00
Jack Grigg
0e1220acc9
Merge branch 'main' into orchard-mainnet-circuit
2021-12-20 15:20:33 +00:00
Jack Grigg
369b99ee3f
Add `doc_cfg` annotations
2021-12-17 22:08:58 +00:00
Jack Grigg
044844c0a0
Reject the identity in `SpendValidatingKey::from_bytes`
...
`ak_P` is not allowed to be the identity in the Orchard protocol. We
were enforcing this by construction in most places, except for the
parsing of an Orchard full viewing key.
Closes zcash/orchard#261 .
2021-12-15 13:48:59 +00:00
Jack Grigg
0378898289
Replace `FieldExt::{from, to}_bytes` with `PrimeField::{from, to}_repr`
2021-12-09 15:39:37 +00:00
Jack Grigg
37f1bba998
Remove `PartialEq, PartialOrd` impls from `{Extended}SpendingKey`
2021-11-30 23:25:35 +00:00
Jack Grigg
674ceb54c8
`impl ConstantTimeEq for {Extended}SpendingKey`
2021-11-30 23:24:50 +00:00
Kris Nuttycombe
14c4b40dfc
Add construction of DiversifierIndex directly from bytes.
2021-11-24 18:09:25 -07:00
Jack Grigg
235cd791b4
Fix `IncomingViewingKey::to_bytes`
...
`slice::copy_from_slice` panics if the source and destination slices are
not the same length.
Closes zcash/orchard#228 .
2021-11-17 12:12:20 +00:00
Jack Grigg
8c82ceecbf
ff 0.11, group 0.11, pasta_curves 0.2 etc.
2021-09-06 20:39:43 +01:00
Kris Nuttycombe
e4a54cdf61
Improve error handling in zip32 APIs.
2021-08-31 16:49:58 -06:00
therealyingtong
c3e24794f0
zip32.rs: master and child key derivation for ExtendedSpendingKey
2021-08-31 15:49:32 -06:00
Kris Nuttycombe
77be355912
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
0449edd5b8
Validate the sign of the y-coordinate for ak when deserializing.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
872f337811
Expose SpendingKey byte representation.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
5d78ab3508
Add Eq and Ord implementations for Orchard keys.
2021-08-23 11:29:06 -06:00
Kris Nuttycombe
52f0f158ef
Add serialization and parsing of full viewing keys.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
1fd00e6236
Add raw address serialization and parsing.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
e33cd4ade4
Add trial decryption of actions to Bundle
2021-08-23 11:28:25 -06:00
Kris Nuttycombe
77cf4c9831
Implement IncomingViewingKey::to_bytes
2021-08-23 11:27:02 -06:00
Jack Grigg
79988a5317
Move the interpolation logic into `SharedSecret::batch_to_affine`
...
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
2021-08-13 14:27:20 +01:00
Jack Grigg
c79acc0e08
Fix length of output Vec for `SharedSecret::batch_to_affine`
...
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
2021-08-12 13:40:56 +01:00
Jack Grigg
8e13986101
Implement `Domain::batch_epk` for note decryption
...
Improves throughput of batched trial decryption by around 10%.
2021-08-12 01:36:38 +01:00
Jack Grigg
8c15cc25be
Benchmark batch trial decryption
2021-08-12 01:36:38 +01:00
therealyingtong
8cf7a6872c
Minor refactors, text fixes, and docfixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-23 00:15:54 +08:00
therealyingtong
6f4b5b0340
circuit.rs: Constrain derived circuit values to equal public inputs.
2021-07-21 20:35:43 +08:00
therealyingtong
d16b83816b
Implement needed getters and conversions in other modules.
2021-07-21 20:35:43 +08:00
Daira Hopwood
81fb944997
Make this crate clippy clean for warnings on nightly.
...
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-21 18:04:00 +01:00
Jack Grigg
769be6c080
Note encryption test vectors
2021-06-11 23:55:17 +01:00
Jack Grigg
99665572a2
Orchard note encryption
2021-06-11 23:55:16 +01:00
Jack Grigg
11350339f5
Ensure that derived esk is non-zero
...
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
2021-06-11 23:54:35 +01:00
Jack Grigg
8a7ff1b28a
Structs representing note encryption key material
2021-06-11 23:54:35 +01:00
Jack Grigg
cbf7c3825f
builder: Store alpha and use it to derive rsk for signing spends
...
This was missed from zcash/orchard#49 , but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
2021-06-05 22:35:52 +01:00
str4d
dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors
...
Add test vectors for key components
2021-06-02 22:23:54 +01:00
str4d
803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains
...
Define explicit domains for PRF^expand
2021-06-01 14:31:04 +01:00
Jack Grigg
c4ffb7c617
Rework PRF^expand to use explicit domains
...
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
2021-05-28 13:12:25 +01:00
Jack Grigg
7f47949b09
Take `self` directly in to_bytes methods where Self: Copy
2021-05-28 12:11:22 +01:00
Jack Grigg
5af73f7822
Add test vectors for key components
2021-05-28 11:57:21 +01:00
str4d
f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7
...
Remove rand 0.7 usage
2021-05-21 21:25:34 +01:00
str4d
2bbbc3ec94
Update comments
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-05-21 21:24:08 +01:00
Jack Grigg
736de1156b
Ensure that Notes always have valid commitments
...
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
2021-05-11 18:51:57 +08:00
Jack Grigg
d8cc596bbe
Create separate types for protocol-level and user-level ivk
...
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:
- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
corresponding to the `ivk` type in the protocol spec. It is now
crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
`ivk`.
2021-05-11 18:51:57 +08:00
Jack Grigg
76a39d29c1
Change diversify_hash and ka_orchard to use non-zero types
...
This matches the changes to KA^Orchard in spec version 2021.1.23.
2021-05-11 18:51:57 +08:00
Jack Grigg
9a828febd7
Change `commit_ivk` to return a non-zero Pallas base field element
...
The type system now enforces that `ivk != 0`.
2021-05-11 18:51:57 +08:00
Jack Grigg
012d14073d
Remove rand 0.7 usage
...
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
2021-05-09 07:51:55 +12:00
Kris Nuttycombe
e72d74ccd6
Remove extraneous pub exports from the root.
2021-05-05 11:46:24 -06:00
Kris Nuttycombe
f91088d35b
Use builder to generate "valid" bundles via proptest.
2021-04-28 18:21:12 -06:00
Kris Nuttycombe
4d89d45332
Add proptest generators for action and bundle types.
2021-04-28 18:04:17 -06:00
Jack Grigg
30f01d122c
Bundle builder
2021-04-27 14:31:21 +12:00