40 lines
992 B
Python
40 lines
992 B
Python
|
#!/usr/bin/env python3
|
||
|
from pyblake2 import blake2s
|
||
|
|
||
|
from sapling_jubjub import Point, JUBJUB_COFACTOR
|
||
|
|
||
|
# First 64 bytes of the BLAKE2s input during group hash.
|
||
|
# This is chosen to be some random string that we couldn't have
|
||
|
# anticipated when we designed the algorithm, for rigidity purposes.
|
||
|
# We deliberately use an ASCII hex string of 32 bytes here.
|
||
|
CRS = b'096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0'
|
||
|
|
||
|
def group_hash(d, m):
|
||
|
digest = blake2s(person=d)
|
||
|
digest.update(CRS)
|
||
|
digest.update(m)
|
||
|
p = Point.from_bytes(digest.digest())
|
||
|
if not p:
|
||
|
return None
|
||
|
q = p * JUBJUB_COFACTOR
|
||
|
if q == Point.ZERO:
|
||
|
return None
|
||
|
return q
|
||
|
|
||
|
def find_group_hash(d, m):
|
||
|
i = 0
|
||
|
while True:
|
||
|
p = group_hash(d, m + bytes([i]))
|
||
|
if p:
|
||
|
return p
|
||
|
i += 1
|
||
|
assert(i < 256)
|
||
|
|
||
|
|
||
|
#
|
||
|
# Sapling generators
|
||
|
#
|
||
|
|
||
|
SPENDING_KEY_BASE = find_group_hash(b'Zcash_G_', b'')
|
||
|
PROVING_KEY_BASE = find_group_hash(b'Zcash_H_', b'')
|