Kris Nuttycombe
e4a54cdf61
Improve error handling in zip32 APIs.
2021-08-31 16:49:58 -06:00
therealyingtong
c3e24794f0
zip32.rs: master and child key derivation for ExtendedSpendingKey
2021-08-31 15:49:32 -06:00
Kris Nuttycombe
77be355912
Apply suggestions from code review
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
0449edd5b8
Validate the sign of the y-coordinate for ak when deserializing.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
872f337811
Expose SpendingKey byte representation.
2021-08-23 11:29:07 -06:00
Kris Nuttycombe
5d78ab3508
Add Eq and Ord implementations for Orchard keys.
2021-08-23 11:29:06 -06:00
Kris Nuttycombe
52f0f158ef
Add serialization and parsing of full viewing keys.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
1fd00e6236
Add raw address serialization and parsing.
2021-08-23 11:28:27 -06:00
Kris Nuttycombe
e33cd4ade4
Add trial decryption of actions to Bundle
2021-08-23 11:28:25 -06:00
Kris Nuttycombe
77cf4c9831
Implement IncomingViewingKey::to_bytes
2021-08-23 11:27:02 -06:00
Jack Grigg
79988a5317
Move the interpolation logic into `SharedSecret::batch_to_affine`
...
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
2021-08-13 14:27:20 +01:00
Jack Grigg
c79acc0e08
Fix length of output Vec for `SharedSecret::batch_to_affine`
...
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
2021-08-12 13:40:56 +01:00
Jack Grigg
8e13986101
Implement `Domain::batch_epk` for note decryption
...
Improves throughput of batched trial decryption by around 10%.
2021-08-12 01:36:38 +01:00
Jack Grigg
8c15cc25be
Benchmark batch trial decryption
2021-08-12 01:36:38 +01:00
therealyingtong
8cf7a6872c
Minor refactors, text fixes, and docfixes.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-07-23 00:15:54 +08:00
therealyingtong
6f4b5b0340
circuit.rs: Constrain derived circuit values to equal public inputs.
2021-07-21 20:35:43 +08:00
therealyingtong
d16b83816b
Implement needed getters and conversions in other modules.
2021-07-21 20:35:43 +08:00
Daira Hopwood
81fb944997
Make this crate clippy clean for warnings on nightly.
...
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-21 18:04:00 +01:00
Jack Grigg
769be6c080
Note encryption test vectors
2021-06-11 23:55:17 +01:00
Jack Grigg
99665572a2
Orchard note encryption
2021-06-11 23:55:16 +01:00
Jack Grigg
11350339f5
Ensure that derived esk is non-zero
...
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
2021-06-11 23:54:35 +01:00
Jack Grigg
8a7ff1b28a
Structs representing note encryption key material
2021-06-11 23:54:35 +01:00
Jack Grigg
cbf7c3825f
builder: Store alpha and use it to derive rsk for signing spends
...
This was missed from zcash/orchard#49 , but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
2021-06-05 22:35:52 +01:00
str4d
dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors
...
Add test vectors for key components
2021-06-02 22:23:54 +01:00
str4d
803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains
...
Define explicit domains for PRF^expand
2021-06-01 14:31:04 +01:00
Jack Grigg
c4ffb7c617
Rework PRF^expand to use explicit domains
...
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
2021-05-28 13:12:25 +01:00
Jack Grigg
7f47949b09
Take `self` directly in to_bytes methods where Self: Copy
2021-05-28 12:11:22 +01:00
Jack Grigg
5af73f7822
Add test vectors for key components
2021-05-28 11:57:21 +01:00
str4d
f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7
...
Remove rand 0.7 usage
2021-05-21 21:25:34 +01:00
str4d
2bbbc3ec94
Update comments
...
Co-authored-by: ying tong <yingtong@z.cash>
2021-05-21 21:24:08 +01:00
Jack Grigg
736de1156b
Ensure that Notes always have valid commitments
...
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
2021-05-11 18:51:57 +08:00
Jack Grigg
d8cc596bbe
Create separate types for protocol-level and user-level ivk
...
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:
- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
corresponding to the `ivk` type in the protocol spec. It is now
crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
`ivk`.
2021-05-11 18:51:57 +08:00
Jack Grigg
76a39d29c1
Change diversify_hash and ka_orchard to use non-zero types
...
This matches the changes to KA^Orchard in spec version 2021.1.23.
2021-05-11 18:51:57 +08:00
Jack Grigg
9a828febd7
Change `commit_ivk` to return a non-zero Pallas base field element
...
The type system now enforces that `ivk != 0`.
2021-05-11 18:51:57 +08:00
Jack Grigg
012d14073d
Remove rand 0.7 usage
...
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
2021-05-09 07:51:55 +12:00
Kris Nuttycombe
e72d74ccd6
Remove extraneous pub exports from the root.
2021-05-05 11:46:24 -06:00
Kris Nuttycombe
f91088d35b
Use builder to generate "valid" bundles via proptest.
2021-04-28 18:21:12 -06:00
Kris Nuttycombe
4d89d45332
Add proptest generators for action and bundle types.
2021-04-28 18:04:17 -06:00
Jack Grigg
30f01d122c
Bundle builder
2021-04-27 14:31:21 +12:00
Jack Grigg
f62bbbbb95
Small conversion helpers
2021-04-23 01:08:43 +12:00
Jack Grigg
35f65bb26a
Expose RedPallas rerandomization
2021-04-23 01:06:10 +12:00
Jack Grigg
77121facb7
Dummy note generation
2021-04-23 00:46:39 +12:00
str4d
31d1a67837
Expand documentation of conditions on SpendingKeys
...
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 23:28:32 +01:00
Jack Grigg
c08d12cc52
Use incomplete addition in SinsemillaHashToPoint
...
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:
- When we generate keys or notes, if we encounter ⊥ we discard and
re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
from bytes), we check for and reject ⊥.
2021-04-20 10:05:56 +12:00
Jack Grigg
0f6eb9ca6c
Nullifier derivation
2021-03-26 07:51:05 +13:00
Jack Grigg
680c917ce6
Note commitment derivation
2021-03-26 07:51:05 +13:00
Jack Grigg
3911fb3202
Use Pallas directly from pasta_curves crate
2021-03-18 15:06:16 +13:00
Jack Grigg
e0417268ad
Make address generation infallible again
...
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
2021-03-18 08:30:22 +13:00
Jack Grigg
8e55b46dbf
Deduplicate default address generation
2021-03-16 10:01:50 +13:00
Jack Grigg
46bf89c122
Update ivk derivation to match latest protocol spec draft
2021-03-16 09:33:07 +13:00