zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
740 Commits 5 Branches 12 Tags 25 MiB
Commit Graph

70 Commits

Author SHA1 Message Date
Kris Nuttycombe e4a54cdf61 Improve error handling in zip32 APIs. 2021-08-31 16:49:58 -06:00
therealyingtong c3e24794f0 zip32.rs: master and child key derivation for ExtendedSpendingKey 2021-08-31 15:49:32 -06:00
Kris Nuttycombe 77be355912 Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 0449edd5b8 Validate the sign of the y-coordinate for ak when deserializing. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 872f337811 Expose SpendingKey byte representation. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 52f0f158ef Add serialization and parsing of full viewing keys. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe 1fd00e6236 Add raw address serialization and parsing. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe e33cd4ade4 Add trial decryption of actions to Bundle 2021-08-23 11:28:25 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
Jack Grigg 79988a5317 Move the interpolation logic into `SharedSecret::batch_to_affine` 
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
 2021-08-13 14:27:20 +01:00
Jack Grigg c79acc0e08 Fix length of output Vec for `SharedSecret::batch_to_affine` 
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
 2021-08-12 13:40:56 +01:00
Jack Grigg 8e13986101 Implement `Domain::batch_epk` for note decryption 
Improves throughput of batched trial decryption by around 10%.
 2021-08-12 01:36:38 +01:00
Jack Grigg 8c15cc25be Benchmark batch trial decryption 2021-08-12 01:36:38 +01:00
therealyingtong 8cf7a6872c Minor refactors, text fixes, and docfixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-23 00:15:54 +08:00
therealyingtong 6f4b5b0340 circuit.rs: Constrain derived circuit values to equal public inputs. 2021-07-21 20:35:43 +08:00
therealyingtong d16b83816b Implement needed getters and conversions in other modules. 2021-07-21 20:35:43 +08:00
Daira Hopwood 81fb944997 Make this crate clippy clean for warnings on nightly. 
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:04:00 +01:00
Jack Grigg 769be6c080 Note encryption test vectors 2021-06-11 23:55:17 +01:00
Jack Grigg 99665572a2 Orchard note encryption 2021-06-11 23:55:16 +01:00
Jack Grigg 11350339f5 Ensure that derived esk is non-zero 
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
 2021-06-11 23:54:35 +01:00
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
Jack Grigg cbf7c3825f builder: Store alpha and use it to derive rsk for signing spends 
This was missed from zcash/orchard#49, but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
 2021-06-05 22:35:52 +01:00
str4d dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors 
Add test vectors for key components
 2021-06-02 22:23:54 +01:00
str4d 803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains 
Define explicit domains for PRF^expand
 2021-06-01 14:31:04 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg 7f47949b09 Take `self` directly in to_bytes methods where Self: Copy 2021-05-28 12:11:22 +01:00
Jack Grigg 5af73f7822 Add test vectors for key components 2021-05-28 11:57:21 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg d8cc596bbe Create separate types for protocol-level and user-level ivk 
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:

- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
  corresponding to the `ivk` type in the protocol spec. It is now
  crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
  `ivk`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
Kris Nuttycombe e72d74ccd6 Remove extraneous pub exports from the root. 2021-05-05 11:46:24 -06:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Jack Grigg f62bbbbb95 Small conversion helpers 2021-04-23 01:08:43 +12:00
Jack Grigg 35f65bb26a Expose RedPallas rerandomization 2021-04-23 01:06:10 +12:00
Jack Grigg 77121facb7 Dummy note generation 2021-04-23 00:46:39 +12:00
str4d 31d1a67837
Expand documentation of conditions on SpendingKeys 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 23:28:32 +01:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 680c917ce6 Note commitment derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 3911fb3202 Use Pallas directly from pasta_curves crate 2021-03-18 15:06:16 +13:00
Jack Grigg e0417268ad Make address generation infallible again 
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
 2021-03-18 08:30:22 +13:00
Jack Grigg 8e55b46dbf Deduplicate default address generation 2021-03-16 10:01:50 +13:00
Jack Grigg 46bf89c122 Update ivk derivation to match latest protocol spec draft 2021-03-16 09:33:07 +13:00