From b10115d363ab76c1c40595d2368d21dfaaeb337d Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Mon, 31 Jan 2022 18:05:14 +0000 Subject: [PATCH 1/6] Add test vectors for Sapling internal key derivation. Signed-off-by: Daira Hopwood --- test-vectors/rust/sapling_zip32.rs | 88 +++++++++++++++++++++++++++++ zcash_test_vectors/sapling/zip32.py | 59 ++++++++++++++++++- 2 files changed, 146 insertions(+), 1 deletion(-) diff --git a/test-vectors/rust/sapling_zip32.rs b/test-vectors/rust/sapling_zip32.rs index 9eba1b5..e35ccd1 100644 --- a/test-vectors/rust/sapling_zip32.rs +++ b/test-vectors/rust/sapling_zip32.rs @@ -14,6 +14,12 @@ d1: Option<[u8; 11]>, d2: Option<[u8; 11]>, dmax: Option<[u8; 11]>, + internal_nsk: Option<[u8; 32]>, + internal_ovk: [u8; 32], + internal_dk: [u8; 32], + internal_nk: [u8; 32], + internal_xsk: Option<[u8; 169]>, + internal_xfvk: [u8; 169], }; // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_zip32.py @@ -60,6 +66,24 @@ ]), d2: None, dmax: None, + internal_nsk: Some([ + 0x51, 0x12, 0x33, 0x63, 0x6b, 0x95, 0xfd, 0x0a, 0xfb, 0x6b, 0xf8, 0x19, 0x3a, 0x7d, 0x8f, 0x49, 0xef, 0xd7, 0x36, 0xa9, 0x88, 0x77, 0x5c, 0x54, 0xf9, 0x56, 0x68, 0x76, 0x46, 0xea, 0xab, 0x07 + ]), + internal_ovk: [ + 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a + ], + internal_dk: [ + 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed + ], + internal_nk: [ + 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5 + ], + internal_xsk: Some([ + 0x00, 0x14, 0xc2, 0x71, 0x3a, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0xb6, 0xc0, 0x0c, 0x93, 0xd3, 0x60, 0x32, 0xb9, 0xa2, 0x68, 0xe9, 0x9e, 0x86, 0xa8, 0x60, 0x77, 0x65, 0x60, 0xbf, 0x0e, 0x83, 0xc1, 0xa1, 0x0b, 0x51, 0xf6, 0x07, 0xc9, 0x54, 0x74, 0x25, 0x06, 0x51, 0x12, 0x33, 0x63, 0x6b, 0x95, 0xfd, 0x0a, 0xfb, 0x6b, 0xf8, 0x19, 0x3a, 0x7d, 0x8f, 0x49, 0xef, 0xd7, 0x36, 0xa9, 0x88, 0x77, 0x5c, 0x54, 0xf9, 0x56, 0x68, 0x76, 0x46, 0xea, 0xab, 0x07, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed + ]), + internal_xfvk: [ + 0x00, 0x14, 0xc2, 0x71, 0x3a, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0x93, 0x44, 0x2e, 0x5f, 0xef, 0xfb, 0xff, 0x16, 0xe7, 0x21, 0x72, 0x02, 0xdc, 0x73, 0x06, 0x72, 0x9f, 0xff, 0xfe, 0x85, 0xaf, 0x56, 0x83, 0xbc, 0xe2, 0x64, 0x2e, 0x3e, 0xeb, 0x5d, 0x38, 0x71, 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed + ], }, TestVector { ask: Some([ @@ -105,6 +129,24 @@ dmax: Some([ 0x63, 0x89, 0x57, 0x4c, 0xde, 0x0f, 0xbb, 0xc6, 0x36, 0x81, 0x31 ]), + internal_nsk: Some([ + 0x74, 0x92, 0x9f, 0x79, 0x0c, 0x11, 0xdc, 0xab, 0x3a, 0x2f, 0x93, 0x12, 0x35, 0xcd, 0xb2, 0x67, 0xf5, 0xa3, 0x1b, 0x9f, 0x13, 0x9f, 0x2c, 0x9f, 0xd8, 0x16, 0xb0, 0x44, 0x4f, 0xb8, 0x05, 0x05 + ]), + internal_ovk: [ + 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc + ], + internal_dk: [ + 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 + ], + internal_nk: [ + 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8 + ], + internal_xsk: Some([ + 0x01, 0xdb, 0x99, 0x9e, 0x07, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0x28, 0x2b, 0xc1, 0x97, 0xa5, 0x16, 0x28, 0x7c, 0x8e, 0xa8, 0xf6, 0x8c, 0x42, 0x4a, 0xba, 0xd3, 0x02, 0xb4, 0x5c, 0xdf, 0x95, 0x40, 0x79, 0x61, 0xd7, 0xb8, 0xb4, 0x55, 0x26, 0x7a, 0x35, 0x0c, 0x74, 0x92, 0x9f, 0x79, 0x0c, 0x11, 0xdc, 0xab, 0x3a, 0x2f, 0x93, 0x12, 0x35, 0xcd, 0xb2, 0x67, 0xf5, 0xa3, 0x1b, 0x9f, 0x13, 0x9f, 0x2c, 0x9f, 0xd8, 0x16, 0xb0, 0x44, 0x4f, 0xb8, 0x05, 0x05, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 + ]), + internal_xfvk: [ + 0x01, 0xdb, 0x99, 0x9e, 0x07, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0xdc, 0x14, 0xb5, 0x14, 0xd3, 0xa9, 0x25, 0x94, 0xc2, 0x19, 0x25, 0xaf, 0x2f, 0x77, 0x65, 0xa5, 0x47, 0xb3, 0x0e, 0x73, 0xfa, 0x7b, 0x70, 0x0e, 0xa1, 0xbf, 0xf2, 0xe5, 0xef, 0xaa, 0xa8, 0x8b, 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 + ], }, TestVector { ask: Some([ @@ -148,6 +190,24 @@ ]), d2: None, dmax: None, + internal_nsk: Some([ + 0x34, 0x78, 0x65, 0xac, 0xf4, 0x7e, 0x50, 0x45, 0x38, 0xf5, 0xef, 0x8b, 0x04, 0x70, 0x20, 0x80, 0xe6, 0x09, 0x1c, 0xda, 0x57, 0x97, 0xcd, 0x7d, 0x23, 0x5a, 0x54, 0x6e, 0xb1, 0x0f, 0x55, 0x08 + ]), + internal_ovk: [ + 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd + ], + internal_dk: [ + 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + ], + internal_nk: [ + 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b + ], + internal_xsk: Some([ + 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0x8b, 0xe8, 0x11, 0x3c, 0xee, 0x34, 0x13, 0xa7, 0x1f, 0x82, 0xc4, 0x1f, 0xc8, 0xda, 0x51, 0x7b, 0xe1, 0x34, 0x04, 0x98, 0x32, 0xe6, 0x82, 0x5c, 0x92, 0xda, 0x6b, 0x84, 0xfe, 0xe4, 0xc6, 0x0d, 0x34, 0x78, 0x65, 0xac, 0xf4, 0x7e, 0x50, 0x45, 0x38, 0xf5, 0xef, 0x8b, 0x04, 0x70, 0x20, 0x80, 0xe6, 0x09, 0x1c, 0xda, 0x57, 0x97, 0xcd, 0x7d, 0x23, 0x5a, 0x54, 0x6e, 0xb1, 0x0f, 0x55, 0x08, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + ]), + internal_xfvk: [ + 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + ], }, TestVector { ask: None, @@ -185,6 +245,20 @@ ]), d2: None, dmax: None, + internal_nsk: None, + internal_ovk: [ + 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd + ], + internal_dk: [ + 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + ], + internal_nk: [ + 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b + ], + internal_xsk: None, + internal_xfvk: [ + 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + ], }, TestVector { ask: None, @@ -224,5 +298,19 @@ dmax: Some([ 0x1a, 0x73, 0x0f, 0xeb, 0x00, 0x59, 0xcf, 0x1f, 0x5b, 0xde, 0xa8 ]), + internal_nsk: None, + internal_ovk: [ + 0xbf, 0x19, 0xe2, 0x57, 0xdd, 0x83, 0x3e, 0x02, 0x94, 0xec, 0x2a, 0xcb, 0xdf, 0xa4, 0x0e, 0x14, 0x52, 0xf8, 0xe6, 0xa1, 0xf0, 0xc7, 0xf6, 0xf3, 0xab, 0xe5, 0x6a, 0xfd, 0x5f, 0x6e, 0x26, 0x18 + ], + internal_dk: [ + 0x1f, 0xfd, 0x6f, 0x81, 0xfe, 0x85, 0xc4, 0x9f, 0xe3, 0xe7, 0x3e, 0xf7, 0x3e, 0x50, 0x11, 0x38, 0x22, 0xca, 0x62, 0x67, 0x31, 0x2b, 0x7a, 0xce, 0xd0, 0xc1, 0x56, 0xa3, 0x2b, 0x3f, 0x24, 0x38 + ], + internal_nk: [ + 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27 + ], + internal_xsk: None, + internal_xfvk: [ + 0x03, 0x2e, 0x08, 0x15, 0x6d, 0x03, 0x00, 0x00, 0x00, 0x8d, 0x93, 0x7b, 0xcf, 0x81, 0xba, 0x43, 0x0d, 0x5b, 0x49, 0xaf, 0xc0, 0xa4, 0x03, 0x36, 0x7b, 0x1f, 0xd9, 0x98, 0x79, 0xec, 0xba, 0x41, 0xbe, 0x05, 0x1c, 0x5a, 0x4a, 0xa7, 0xd6, 0xe7, 0xe8, 0xb1, 0x85, 0xc5, 0x7b, 0x50, 0x9c, 0x25, 0x36, 0xc4, 0xf2, 0xd3, 0x26, 0xd7, 0x66, 0xc8, 0xfa, 0xb2, 0x54, 0x47, 0xde, 0x53, 0x75, 0xa9, 0x32, 0x8d, 0x64, 0x9d, 0xda, 0xbd, 0x97, 0xa6, 0xa3, 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27, 0xbf, 0x19, 0xe2, 0x57, 0xdd, 0x83, 0x3e, 0x02, 0x94, 0xec, 0x2a, 0xcb, 0xdf, 0xa4, 0x0e, 0x14, 0x52, 0xf8, 0xe6, 0xa1, 0xf0, 0xc7, 0xf6, 0xf3, 0xab, 0xe5, 0x6a, 0xfd, 0x5f, 0x6e, 0x26, 0x18, 0x1f, 0xfd, 0x6f, 0x81, 0xfe, 0x85, 0xc4, 0x9f, 0xe3, 0xe7, 0x3e, 0xf7, 0x3e, 0x50, 0x11, 0x38, 0x22, 0xca, 0x62, 0x67, 0x31, 0x2b, 0x7a, 0xce, 0xd0, 0xc1, 0x56, 0xa3, 0x2b, 0x3f, 0x24, 0x38 + ], }, ]; diff --git a/zcash_test_vectors/sapling/zip32.py b/zcash_test_vectors/sapling/zip32.py index d4a14e0..f103d73 100755 --- a/zcash_test_vectors/sapling/zip32.py +++ b/zcash_test_vectors/sapling/zip32.py @@ -60,6 +60,16 @@ class ExtendedSpendingKey(DerivedAkNk, DerivedIvk, ExtendedBase): self._parent_tag = parent_tag self._i = i + def __eq__(self, other): + return (self._ask == other._ask and + self._nsk == other._nsk and + self._ovk == other._ovk and + self._dk == other._dk and + self._c == other._c and + self._depth == other._depth and + self._parent_tag == other._parent_tag and + self._i == other._i) + @classmethod def master(cls, S): I = blake2b(person=b'ZcashIP32Sapling', data=S).digest() @@ -111,6 +121,19 @@ class ExtendedSpendingKey(DerivedAkNk, DerivedIvk, ExtendedBase): c_i = I_R return self.__class__(ask_i, nsk_i, ovk_i, dk_i, c_i, self.depth()+1, self.tag(), i) + def internal(self): + FVK = encode_xfvk_parts(self.ak(), self.nk(), self.ovk(), self.dk()) + I = blake2b(person=b'Zcash_SaplingInt', digest_size=32, data=FVK).digest() + I_nsk = to_scalar(prf_expand(I, b'\x17')) + R = prf_expand(I, b'\x18') + nsk_internal = I_nsk + self.nsk() + dk_internal = R[:32] + ovk_internal = R[32:] + internal = self.__class__(self.ask(), nsk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.tag(), self._i) + # check commutative diagram + assert internal.to_extended_fvk() == self.to_extended_fvk().internal() + return internal + class ExtendedFullViewingKey(DerivedIvk, ExtendedBase): def __init__(self, ak, nk, ovk, dk, c, depth=0, parent_tag=i2leosp(32, 0), i=0): @@ -123,6 +146,16 @@ class ExtendedFullViewingKey(DerivedIvk, ExtendedBase): self._parent_tag = parent_tag self._i = i + def __eq__(self, other): + return (self._ak == other._ak and + self._nk == other._nk and + self._ovk == other._ovk and + self._dk == other._dk and + self._c == other._c and + self._depth == other._depth and + self._parent_tag == other._parent_tag and + self._i == other._i) + @classmethod def master(cls, S): return ExtendedSpendingKey.master(S).to_extended_fvk() @@ -170,6 +203,17 @@ class ExtendedFullViewingKey(DerivedIvk, ExtendedBase): c_i = I_R return self.__class__(ak_i, nk_i, ovk_i, dk_i, c_i, self.depth()+1, self.tag(), i) + def internal(self): + FVK = encode_xfvk_parts(self.ak(), self.nk(), self.ovk(), self.dk()) + I = blake2b(person=b'Zcash_SaplingInt', digest_size=32, data=FVK).digest() + I_nsk = to_scalar(prf_expand(I, b'\x17')) + R = prf_expand(I, b'\x18') + nk_internal = PROVING_KEY_BASE * I_nsk + self.nk() + dk_internal = R[:32] + ovk_internal = R[32:] + return self.__class__(self.ak(), nk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.tag(), self._i) + + def hardened(i): assert(i < (1<<31)) return i + (1<<31) @@ -184,6 +228,7 @@ def main(): m_1_2hv = m_1_2h.to_extended_fvk() m_1_2hv_3 = m_1_2hv.child(3) + keys_and_internals = [(k, k.internal()) for k in (m, m_1, m_1_2h, m_1_2hv, m_1_2hv_3)] test_vectors = [ {'ask' : Some(bytes(k.ask())) if k.is_xsk() else None, 'nsk' : Some(bytes(k.nsk())) if k.is_xsk() else None, @@ -200,8 +245,14 @@ def main(): 'd1' : option(k.diversifier(1)), 'd2' : option(k.diversifier(2)), 'dmax': option(k.diversifier((1<<88)-1)), + 'internal_nsk' : Some(bytes(internal.nsk())) if internal.is_xsk() else None, + 'internal_ovk' : bytes(internal.ovk()), + 'internal_dk' : bytes(internal.dk()), + 'internal_nk' : bytes(internal.nk()), + 'internal_xsk' : Some(bytes(internal)) if internal.is_xsk() else None, + 'internal_xfvk': bytes(internal.to_extended_fvk()), } - for k in (m, m_1, m_1_2h, m_1_2hv, m_1_2hv_3) + for (k, internal) in keys_and_internals ] render_tv( @@ -223,6 +274,12 @@ def main(): ('d1', 'Option<[u8; 11]>'), ('d2', 'Option<[u8; 11]>'), ('dmax','Option<[u8; 11]>'), + ('internal_nsk', 'Option<[u8; 32]>'), + ('internal_ovk', '[u8; 32]'), + ('internal_dk', '[u8; 32]'), + ('internal_nk', '[u8; 32]'), + ('internal_xsk', 'Option<[u8; 169]>'), + ('internal_xfvk','[u8; 169]'), ), test_vectors, ) From 6c2bac7b73e345d311cffb044522fc453f40cd73 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Mon, 31 Jan 2022 20:35:42 +0000 Subject: [PATCH 2/6] Add test vectors for Orchard internal key derivation. Signed-off-by: Daira Hopwood --- test-vectors/rust/orchard_key_components.rs | 124 +++++++++++++++++++ zcash_test_vectors/orchard/key_components.py | 20 ++- 2 files changed, 143 insertions(+), 1 deletion(-) diff --git a/test-vectors/rust/orchard_key_components.rs b/test-vectors/rust/orchard_key_components.rs index d3f87fa..587366d 100644 --- a/test-vectors/rust/orchard_key_components.rs +++ b/test-vectors/rust/orchard_key_components.rs @@ -9,6 +9,10 @@ dk: [u8; 32], default_d: [u8; 11], default_pk_d: [u8; 32], + internal_rivk: [u8; 32], + internal_ivk: [u8; 32], + internal_ovk: [u8; 32], + internal_dk: [u8; 32], note_v: u64, note_rho: [u8; 32], note_rseed: [u8; 32], @@ -49,6 +53,18 @@ default_pk_d: [ 0x08, 0xdd, 0x8e, 0xbd, 0x7d, 0xe9, 0x2a, 0x68, 0xe5, 0x86, 0xa3, 0x4d, 0xb8, 0xfe, 0xa9, 0x99, 0xef, 0xd2, 0x01, 0x6f, 0xae, 0x76, 0x75, 0x0a, 0xfa, 0xe7, 0xee, 0x94, 0x16, 0x46, 0xbc, 0xb9 ], + internal_rivk: [ + 0x90, 0x1a, 0x30, 0xb9, 0x9a, 0xe1, 0x57, 0x0c, 0xb8, 0x0b, 0xb6, 0x16, 0xae, 0xef, 0x3b, 0xb9, 0x16, 0xc6, 0x40, 0xc4, 0xcc, 0x62, 0x0f, 0x9b, 0x4b, 0x44, 0x99, 0xc7, 0x43, 0x32, 0xeb, 0x2a + ], + internal_ivk: [ + 0x90, 0x6e, 0x2d, 0x20, 0xd0, 0x0d, 0xc0, 0xbf, 0x7c, 0x52, 0x06, 0x87, 0xd9, 0xdf, 0x3c, 0xe9, 0x81, 0x4d, 0x30, 0xee, 0x05, 0xc2, 0x15, 0xf8, 0x76, 0x4a, 0x32, 0xc3, 0x62, 0xf9, 0x26, 0x2f + ], + internal_ovk: [ + 0xd7, 0x26, 0x8b, 0xeb, 0xbe, 0xe6, 0x92, 0x28, 0x62, 0x52, 0xac, 0x60, 0xbd, 0x4d, 0xf4, 0x05, 0xea, 0x49, 0x9d, 0x69, 0x7c, 0x45, 0x47, 0x73, 0xc5, 0xc4, 0x3c, 0xb1, 0x70, 0x93, 0x01, 0x23 + ], + internal_dk: [ + 0x6d, 0x61, 0xa0, 0x3f, 0x74, 0x6b, 0xa9, 0x3b, 0x93, 0x24, 0x02, 0xac, 0x10, 0x71, 0xfc, 0x27, 0x59, 0xd4, 0xf4, 0xd6, 0x84, 0xb2, 0xc5, 0x05, 0x6d, 0x5b, 0x17, 0x7a, 0xf0, 0xfa, 0x8a, 0xa9 + ], note_v: 15643327852135767324, note_rho: [ 0x2c, 0xb5, 0xb4, 0x06, 0xed, 0x89, 0x85, 0xe1, 0x81, 0x30, 0xab, 0x33, 0x36, 0x26, 0x97, 0xb0, 0xe4, 0xe4, 0xc7, 0x63, 0xcc, 0xb8, 0xf6, 0x76, 0x49, 0x5c, 0x22, 0x2f, 0x7f, 0xba, 0x1e, 0x31 @@ -94,6 +110,18 @@ default_pk_d: [ 0x3d, 0x3d, 0xe4, 0xd5, 0x2c, 0x77, 0xfd, 0x0b, 0x63, 0x0a, 0x40, 0xdc, 0x38, 0x21, 0x24, 0x87, 0xb2, 0xff, 0x6e, 0xee, 0xf5, 0x6d, 0x8c, 0x6a, 0x61, 0x63, 0xe8, 0x54, 0xaf, 0xf0, 0x41, 0x89 ], + internal_rivk: [ + 0x8a, 0x22, 0xa7, 0xf5, 0xa1, 0xe9, 0x1a, 0x92, 0xad, 0x39, 0x4b, 0x18, 0xeb, 0x73, 0x38, 0xb5, 0x92, 0x47, 0x0d, 0xd4, 0x2b, 0xe8, 0xef, 0x84, 0xc9, 0x3e, 0x7c, 0xd8, 0x45, 0xec, 0xfa, 0x32 + ], + internal_ivk: [ + 0x12, 0x11, 0x83, 0xcb, 0x3b, 0x8d, 0x06, 0xf5, 0x99, 0xbb, 0x38, 0xb3, 0x73, 0x22, 0x85, 0x1e, 0x5f, 0xc9, 0x5a, 0xd0, 0xc9, 0x70, 0x7e, 0xe8, 0x5f, 0xb6, 0x5e, 0x21, 0xf1, 0xa3, 0x0d, 0x13 + ], + internal_ovk: [ + 0x93, 0x25, 0x2b, 0x24, 0xb4, 0x91, 0xd9, 0xc9, 0xc9, 0x97, 0x65, 0xc8, 0x4d, 0x4a, 0xc7, 0xc2, 0xbf, 0xf0, 0x54, 0xcd, 0x9c, 0xad, 0xcd, 0x3e, 0x01, 0xb2, 0x6f, 0x21, 0xe2, 0x84, 0x09, 0x09 + ], + internal_dk: [ + 0x6e, 0xea, 0x18, 0xfd, 0x0d, 0x50, 0x70, 0x7f, 0x90, 0xdf, 0x00, 0x2c, 0xbf, 0x30, 0x9e, 0xca, 0x3c, 0x00, 0xd3, 0x98, 0xae, 0xde, 0x1f, 0xdc, 0x2a, 0xbf, 0xfc, 0x88, 0x35, 0x38, 0x59, 0xaf + ], note_v: 4481649511318637270, note_rho: [ 0xa5, 0x1b, 0x00, 0x52, 0xad, 0x80, 0x84, 0xa8, 0xb9, 0xda, 0x94, 0x8d, 0x32, 0x0d, 0xad, 0xd6, 0x4f, 0x54, 0x31, 0xe6, 0x1d, 0xdf, 0x65, 0x8d, 0x24, 0xae, 0x67, 0xc2, 0x2c, 0x8d, 0x13, 0x09 @@ -139,6 +167,18 @@ default_pk_d: [ 0xec, 0xcb, 0x6a, 0x57, 0x80, 0x20, 0x42, 0x37, 0x98, 0x72, 0x32, 0xbc, 0x09, 0x8f, 0x89, 0xac, 0xc4, 0x75, 0xc3, 0xf7, 0x4b, 0xd6, 0x9e, 0x2f, 0x35, 0xd4, 0x47, 0x36, 0xf4, 0x8f, 0x3c, 0x14 ], + internal_rivk: [ + 0x0a, 0xa9, 0xaa, 0xaa, 0x2c, 0xf1, 0x84, 0x90, 0xdd, 0xf9, 0xa7, 0xe5, 0x21, 0x07, 0x14, 0x07, 0xea, 0x9b, 0xff, 0xfe, 0x84, 0x34, 0x29, 0xbc, 0x94, 0xa2, 0x88, 0xe8, 0xa6, 0x06, 0xa7, 0x10 + ], + internal_ivk: [ + 0xa0, 0x6a, 0xbd, 0x29, 0xd5, 0xa1, 0x99, 0xe1, 0xc2, 0x10, 0x25, 0xb0, 0x33, 0x7e, 0x94, 0x1f, 0x6d, 0x4d, 0x84, 0xeb, 0x7c, 0xc3, 0x5a, 0x39, 0x7f, 0x9e, 0x75, 0x3f, 0xda, 0xed, 0x81, 0x0d + ], + internal_ovk: [ + 0xf8, 0x2e, 0xb2, 0x49, 0x06, 0xe2, 0x94, 0xff, 0x65, 0x71, 0xac, 0x7d, 0x83, 0x68, 0xea, 0x82, 0x80, 0xd4, 0x22, 0xf3, 0x47, 0x7c, 0xe7, 0x2a, 0xef, 0x5f, 0x9b, 0x9e, 0xca, 0x48, 0x46, 0x8f + ], + internal_dk: [ + 0x36, 0x56, 0xb5, 0x45, 0xa5, 0x0a, 0x6b, 0x26, 0x28, 0x74, 0x76, 0x64, 0x1b, 0x2b, 0x68, 0xc6, 0x3c, 0x36, 0xf3, 0x32, 0xe7, 0x45, 0x57, 0xe9, 0x16, 0x05, 0x0f, 0x0b, 0x91, 0x11, 0x17, 0x9b + ], note_v: 14496603531126387959, note_rho: [ 0x32, 0xb4, 0xf4, 0x73, 0xf4, 0x68, 0xa0, 0x08, 0xe7, 0x23, 0x89, 0xfc, 0x03, 0x88, 0x0d, 0x78, 0x0c, 0xb0, 0x7f, 0xcf, 0xaa, 0xbe, 0x3f, 0x1a, 0x84, 0xb2, 0x7d, 0xb5, 0x9a, 0x4a, 0x15, 0x3d @@ -184,6 +224,18 @@ default_pk_d: [ 0x04, 0xea, 0x8c, 0x13, 0x20, 0xff, 0xbb, 0xad, 0xfe, 0x96, 0xf0, 0xc6, 0xff, 0x16, 0xb6, 0x07, 0x11, 0x1b, 0x55, 0x83, 0xbf, 0xb6, 0xf1, 0xea, 0x45, 0x27, 0x5e, 0xf2, 0xaa, 0x2d, 0x87, 0x9b ], + internal_rivk: [ + 0x9e, 0x45, 0x2a, 0xb7, 0x2c, 0x6c, 0x8e, 0xcc, 0xf2, 0xe4, 0x39, 0xa0, 0xce, 0xc0, 0xa0, 0xac, 0x39, 0x4a, 0x1a, 0xa1, 0x21, 0xac, 0x60, 0x32, 0xa7, 0xeb, 0xc2, 0x9d, 0xb4, 0x85, 0x62, 0x26 + ], + internal_ivk: [ + 0x3b, 0xa9, 0x3b, 0x0f, 0xc3, 0xf2, 0x7a, 0xb2, 0x17, 0x63, 0x5d, 0x03, 0xf9, 0x0d, 0x0b, 0x84, 0x2d, 0x99, 0xa1, 0x2c, 0xdc, 0x37, 0xa8, 0x1c, 0x18, 0x1e, 0xc0, 0x18, 0xe5, 0xf4, 0x4c, 0x11 + ], + internal_ovk: [ + 0xe3, 0xc7, 0xf8, 0x6c, 0x1b, 0x23, 0x83, 0xb3, 0xbd, 0x41, 0xad, 0x1a, 0x8f, 0x11, 0xef, 0xa2, 0x55, 0x4a, 0x41, 0x0a, 0x98, 0xc8, 0x92, 0x07, 0xae, 0xb4, 0x31, 0x9b, 0x1a, 0xbd, 0x78, 0x79 + ], + internal_dk: [ + 0xd7, 0x1a, 0x68, 0xcf, 0xd6, 0xc7, 0x68, 0xf4, 0x30, 0x73, 0xf6, 0x98, 0x18, 0x9a, 0xc7, 0x5e, 0xe4, 0x21, 0xb4, 0x20, 0x4b, 0xb6, 0xf3, 0xc5, 0xd0, 0xfc, 0x43, 0x28, 0x49, 0xaa, 0x71, 0x61 + ], note_v: 6792346249443327211, note_rho: [ 0x4b, 0x19, 0x22, 0x32, 0xec, 0xb9, 0xf0, 0xc0, 0x24, 0x11, 0xe5, 0x25, 0x96, 0xbc, 0x5e, 0x90, 0x45, 0x7e, 0x74, 0x59, 0x39, 0xff, 0xed, 0xbd, 0x12, 0x86, 0x3c, 0xe7, 0x1a, 0x02, 0xaf, 0x11 @@ -229,6 +281,18 @@ default_pk_d: [ 0xb6, 0x53, 0x3d, 0xcb, 0xff, 0xf0, 0xf6, 0xc1, 0xce, 0xef, 0xa8, 0x47, 0x99, 0xbd, 0xa3, 0xde, 0x73, 0x34, 0x32, 0x6c, 0xcd, 0x65, 0xf7, 0xce, 0x92, 0xff, 0x3d, 0x9e, 0x6e, 0x1f, 0x14, 0x0b ], + internal_rivk: [ + 0x25, 0x44, 0x06, 0x72, 0x3b, 0x06, 0x67, 0xaf, 0x27, 0xe5, 0x1c, 0xb3, 0xce, 0x8f, 0xa1, 0x38, 0x81, 0x64, 0xd9, 0x43, 0x76, 0xc8, 0x50, 0xbd, 0xdb, 0x39, 0xe9, 0xbe, 0xa5, 0xfa, 0x96, 0x05 + ], + internal_ivk: [ + 0xba, 0xd4, 0x83, 0x7b, 0xa7, 0x88, 0x22, 0xb8, 0xb1, 0x65, 0xb0, 0xa1, 0x6e, 0x11, 0x04, 0xc7, 0x05, 0xc3, 0xc0, 0xe3, 0x82, 0xd3, 0xf1, 0x3c, 0x19, 0x5c, 0x0e, 0xf3, 0x11, 0xbb, 0x80, 0x04 + ], + internal_ovk: [ + 0xb9, 0x11, 0x3a, 0x95, 0x2d, 0xcc, 0x1e, 0x15, 0xc3, 0x4d, 0x13, 0x66, 0x03, 0xa2, 0xef, 0x25, 0x4a, 0x38, 0x75, 0x5a, 0x55, 0x7f, 0xa9, 0xf8, 0x8c, 0x14, 0x3b, 0xd3, 0x07, 0x64, 0x41, 0xb0 + ], + internal_dk: [ + 0x02, 0xb5, 0x2c, 0x6e, 0xd9, 0xad, 0x49, 0xfb, 0x38, 0xe4, 0x44, 0x7c, 0x69, 0xb5, 0x70, 0xeb, 0xd0, 0x55, 0xe4, 0xc7, 0xfd, 0x91, 0xc0, 0x20, 0xff, 0x43, 0x46, 0x1d, 0x14, 0xe0, 0x2f, 0x29 + ], note_v: 4079549063511228677, note_rho: [ 0x26, 0x70, 0xdc, 0x82, 0xd3, 0x90, 0x26, 0xc6, 0xcb, 0x4c, 0xd4, 0xb0, 0xf7, 0xf5, 0xaa, 0x2a, 0x4f, 0x5a, 0x53, 0x41, 0xec, 0x5d, 0xd7, 0x15, 0x40, 0x6f, 0x2f, 0xdd, 0x2a, 0xfa, 0x73, 0x3f @@ -274,6 +338,18 @@ default_pk_d: [ 0x3d, 0xa5, 0x27, 0x3a, 0x56, 0x67, 0xc7, 0x66, 0xb8, 0x23, 0x12, 0x06, 0x18, 0x0f, 0x15, 0x8a, 0xc0, 0x2a, 0xf3, 0xf0, 0x6e, 0xcc, 0xa6, 0xec, 0x7c, 0x38, 0xc7, 0x5d, 0x33, 0x60, 0x03, 0x20 ], + internal_rivk: [ + 0x88, 0xd7, 0xb1, 0x96, 0x99, 0xf3, 0x94, 0xa5, 0x50, 0xbc, 0x9c, 0xdc, 0x6b, 0xf3, 0xfc, 0x71, 0xf6, 0x10, 0xc3, 0x06, 0x56, 0x37, 0x61, 0x53, 0xa6, 0x96, 0x1f, 0xcd, 0x5b, 0x97, 0xfa, 0x19 + ], + internal_ivk: [ + 0x0a, 0x2d, 0xc9, 0x66, 0x61, 0xb9, 0x27, 0x25, 0x0d, 0x7e, 0x3c, 0xd2, 0xc7, 0xe0, 0x6d, 0x51, 0x74, 0xc6, 0x2c, 0xb1, 0x2e, 0x07, 0x16, 0x7f, 0x19, 0x4f, 0x4c, 0xe6, 0x4e, 0x68, 0x95, 0x02 + ], + internal_ovk: [ + 0xcc, 0x79, 0x65, 0xf3, 0x3a, 0xc0, 0x1c, 0x60, 0x68, 0x51, 0xb1, 0x29, 0xbd, 0xc9, 0xb6, 0xab, 0xd5, 0xca, 0x5b, 0x9d, 0x24, 0x1d, 0xbd, 0x5c, 0x18, 0xb2, 0x46, 0x9b, 0x7c, 0x8c, 0xc8, 0x9f + ], + internal_dk: [ + 0xda, 0xa2, 0x42, 0xd2, 0x0d, 0xfd, 0xce, 0x8f, 0xc1, 0x0f, 0x4d, 0x99, 0x39, 0x7d, 0xa2, 0x2c, 0x49, 0x1d, 0xc0, 0x9e, 0x1b, 0x12, 0x0f, 0x66, 0x93, 0xd6, 0x86, 0xec, 0xd4, 0x03, 0x0a, 0x00 + ], note_v: 5706402952489856202, note_rho: [ 0xa1, 0xdf, 0x0e, 0x5b, 0x87, 0xb5, 0xbe, 0xce, 0x47, 0x7a, 0x70, 0x96, 0x49, 0xe9, 0x50, 0x06, 0x05, 0x91, 0x39, 0x48, 0x12, 0x95, 0x1e, 0x1f, 0xe3, 0x89, 0x5b, 0x8c, 0xc3, 0xd1, 0x4d, 0x2c @@ -319,6 +395,18 @@ default_pk_d: [ 0xac, 0xdc, 0xd3, 0x48, 0xca, 0x45, 0xee, 0x58, 0x32, 0x78, 0x30, 0x38, 0x46, 0xca, 0x07, 0x84, 0x59, 0xd5, 0xbe, 0x5c, 0x5d, 0xcf, 0x34, 0x7e, 0x3b, 0x9a, 0x34, 0xcb, 0xa1, 0x24, 0xb4, 0xa3 ], + internal_rivk: [ + 0x94, 0x1a, 0x17, 0xe1, 0x20, 0x2a, 0x62, 0x71, 0xa4, 0x4a, 0x01, 0x66, 0x65, 0x53, 0xb5, 0x81, 0xbf, 0x25, 0xef, 0x99, 0xe8, 0xe9, 0x5f, 0x13, 0x2a, 0xce, 0x38, 0x1d, 0x96, 0x01, 0x84, 0x32 + ], + internal_ivk: [ + 0xa2, 0x76, 0x29, 0xac, 0x1c, 0x62, 0xc9, 0xf4, 0xda, 0xd5, 0x7c, 0x95, 0x30, 0xab, 0x2a, 0x59, 0x80, 0x0d, 0x2e, 0xf4, 0x55, 0xcd, 0x17, 0x44, 0x6f, 0x3f, 0xc6, 0x08, 0x1a, 0x58, 0x1e, 0x3b + ], + internal_ovk: [ + 0xe9, 0x89, 0x8e, 0xd6, 0xb6, 0x69, 0xc8, 0xd9, 0xd5, 0x90, 0xb7, 0x59, 0xd0, 0x29, 0x5f, 0xcf, 0xaf, 0x95, 0xe2, 0xda, 0xf7, 0xda, 0x99, 0x1c, 0x27, 0x57, 0xdc, 0xef, 0xe1, 0x62, 0x6e, 0x0e + ], + internal_dk: [ + 0x61, 0x0c, 0xbd, 0x9a, 0x57, 0x79, 0x79, 0xe1, 0xf7, 0x1d, 0xa8, 0x10, 0x0f, 0x6f, 0xe6, 0xb8, 0xf6, 0xd1, 0x0a, 0x74, 0x7f, 0xed, 0x2a, 0x1c, 0x91, 0xcb, 0xe1, 0x42, 0x47, 0x5c, 0x30, 0x82 + ], note_v: 2558469029534639129, note_rho: [ 0x72, 0x2d, 0xb0, 0x41, 0xa3, 0xef, 0x66, 0xfa, 0x48, 0x3a, 0xfd, 0x3c, 0x2e, 0x19, 0xe5, 0x94, 0x44, 0xa6, 0x4a, 0xdd, 0x6d, 0xf1, 0xd9, 0x63, 0xf5, 0xdd, 0x5b, 0x50, 0x10, 0xd3, 0xd0, 0x25 @@ -364,6 +452,18 @@ default_pk_d: [ 0xeb, 0x2c, 0x6f, 0xee, 0x34, 0x1e, 0xad, 0xe0, 0x7d, 0x74, 0x87, 0x99, 0x7a, 0xa7, 0x23, 0x69, 0x7d, 0x05, 0xe6, 0x29, 0x60, 0xdf, 0x37, 0x9c, 0x9e, 0x4a, 0x8d, 0x47, 0x6d, 0xfa, 0xc5, 0xbf ], + internal_rivk: [ + 0x66, 0x3b, 0x67, 0xd3, 0xac, 0x15, 0x99, 0x27, 0xf0, 0x6e, 0x6c, 0x8d, 0xab, 0x80, 0xa5, 0x89, 0x67, 0xc5, 0x45, 0xda, 0xac, 0x3d, 0x98, 0x72, 0x9a, 0x0b, 0xcc, 0x41, 0xfd, 0x53, 0x6d, 0x2b + ], + internal_ivk: [ + 0xaa, 0x6a, 0xcc, 0x8a, 0x7a, 0xa9, 0xa8, 0x05, 0x20, 0x04, 0xff, 0x93, 0x83, 0x3f, 0x4a, 0xbb, 0x15, 0x3b, 0x45, 0x79, 0x7f, 0xd9, 0x07, 0xe3, 0x05, 0xc8, 0x92, 0x7b, 0xb0, 0x37, 0x82, 0x20 + ], + internal_ovk: [ + 0xbf, 0xd1, 0x09, 0x67, 0x27, 0xb6, 0xd5, 0xa2, 0xe1, 0x7a, 0xcb, 0xc5, 0xb2, 0x46, 0x80, 0xcb, 0x88, 0xdb, 0x34, 0xcf, 0x53, 0xb6, 0xb7, 0x46, 0x6c, 0xef, 0x67, 0x6f, 0xb3, 0xf7, 0x22, 0x29 + ], + internal_dk: [ + 0x47, 0xbd, 0xf9, 0x27, 0x1e, 0xcc, 0x50, 0xe7, 0x05, 0xc5, 0x21, 0xcd, 0x0d, 0xbb, 0xaf, 0x1c, 0x4e, 0x6a, 0x96, 0x2f, 0xc9, 0x14, 0x13, 0x48, 0xb8, 0xbd, 0x7b, 0x35, 0xc4, 0x00, 0x1e, 0x62 + ], note_v: 15425828902564319772, note_rho: [ 0x73, 0x6c, 0x23, 0x35, 0x7c, 0x85, 0xf4, 0x57, 0x91, 0xe1, 0x70, 0x80, 0x29, 0xd9, 0x82, 0x4d, 0x90, 0x70, 0x46, 0x07, 0xf3, 0x87, 0xa0, 0x3e, 0x49, 0xbf, 0x98, 0x36, 0x57, 0x44, 0x31, 0x34 @@ -409,6 +509,18 @@ default_pk_d: [ 0x26, 0x8c, 0xc2, 0x4b, 0x38, 0xa6, 0x28, 0x80, 0xb6, 0xee, 0x3c, 0xbc, 0xb8, 0x5a, 0x71, 0x2f, 0xa6, 0x86, 0xcf, 0xfc, 0xa6, 0xdb, 0x2f, 0xee, 0xc5, 0xf3, 0xc3, 0x56, 0x6f, 0x84, 0x21, 0x8f ], + internal_rivk: [ + 0x00, 0x57, 0x37, 0x74, 0x61, 0xf2, 0x19, 0x1a, 0x7e, 0xca, 0x2b, 0x02, 0xed, 0xfd, 0x9c, 0x9b, 0x44, 0x84, 0x5d, 0x2f, 0xdb, 0x8a, 0x99, 0xc7, 0x61, 0x20, 0x52, 0x7e, 0x53, 0xdd, 0x09, 0x17 + ], + internal_ivk: [ + 0x81, 0x62, 0x97, 0x35, 0x09, 0x47, 0x0c, 0x44, 0x24, 0x19, 0x11, 0xc0, 0x6d, 0x04, 0x02, 0x9f, 0x5f, 0x1f, 0x0e, 0x98, 0x51, 0xe3, 0x2b, 0xa6, 0x9b, 0x18, 0xe5, 0x81, 0x05, 0xdd, 0x4e, 0x2b + ], + internal_ovk: [ + 0x69, 0x47, 0x91, 0x0e, 0xa3, 0xe7, 0x33, 0x1d, 0x15, 0xa7, 0x1a, 0x64, 0xb2, 0xa8, 0xc1, 0x6a, 0x6d, 0xa0, 0x8e, 0x6f, 0x34, 0x29, 0xdb, 0x26, 0xf9, 0x37, 0xab, 0x9d, 0xd1, 0x33, 0xb5, 0xfd + ], + internal_dk: [ + 0x32, 0x7f, 0x76, 0xcc, 0x42, 0x44, 0xce, 0x0a, 0x91, 0x48, 0xa3, 0x5a, 0x7e, 0xa6, 0x22, 0x8d, 0x44, 0x1c, 0x4c, 0x7b, 0x05, 0xbd, 0x02, 0x65, 0x7c, 0xea, 0xab, 0xb6, 0x09, 0xbc, 0x3c, 0x52 + ], note_v: 12606128263924155660, note_rho: [ 0x12, 0xf6, 0xb0, 0x2f, 0xe8, 0x06, 0xb9, 0x45, 0x69, 0xcd, 0x40, 0x59, 0xf3, 0x96, 0xbf, 0x29, 0xb9, 0x9d, 0x0a, 0x40, 0xe5, 0xe1, 0x71, 0x1c, 0xa9, 0x44, 0xf7, 0x2d, 0x43, 0x6a, 0x10, 0x2f @@ -454,6 +566,18 @@ default_pk_d: [ 0xf5, 0x17, 0x17, 0x4b, 0xe2, 0x58, 0x92, 0x32, 0x78, 0xcf, 0x45, 0x89, 0x08, 0xc0, 0x73, 0x56, 0x49, 0xf1, 0x89, 0x9d, 0xb9, 0x9c, 0x3b, 0xa9, 0x00, 0x3f, 0x4b, 0xa3, 0x0a, 0xb0, 0xd2, 0x10 ], + internal_rivk: [ + 0xd8, 0x09, 0xa2, 0xa3, 0xd3, 0x6e, 0xf9, 0x6d, 0xc5, 0x63, 0xf8, 0xa7, 0xb4, 0x13, 0x90, 0x8b, 0xfd, 0xff, 0xc0, 0x6d, 0x51, 0x06, 0x48, 0x49, 0xef, 0x88, 0x6b, 0x6a, 0x1d, 0x1d, 0x7c, 0x3f + ], + internal_ivk: [ + 0xae, 0x18, 0xa9, 0xa4, 0x25, 0x12, 0x38, 0x7f, 0x92, 0xee, 0xc1, 0x34, 0xbd, 0xe5, 0x28, 0xb6, 0x2b, 0x61, 0xe9, 0x95, 0x6f, 0x9f, 0xb3, 0xc7, 0xd6, 0x5e, 0x19, 0x45, 0xda, 0x34, 0xf3, 0x09 + ], + internal_ovk: [ + 0x67, 0xa6, 0xd8, 0x4a, 0x81, 0x66, 0x32, 0x6c, 0xf3, 0x4c, 0xed, 0xff, 0xd4, 0x29, 0x8a, 0x13, 0xb8, 0x01, 0xcb, 0x12, 0x2d, 0x5f, 0x33, 0x29, 0xa1, 0x59, 0x9f, 0x31, 0xea, 0xdf, 0x5b, 0x17 + ], + internal_dk: [ + 0xa0, 0x07, 0x3a, 0xdd, 0xfb, 0x89, 0xc9, 0xcc, 0x34, 0x9e, 0xad, 0x5a, 0x92, 0xb7, 0xd4, 0x17, 0xfe, 0x0e, 0x61, 0xf4, 0xa7, 0xe5, 0x66, 0x69, 0xc9, 0x07, 0xd4, 0x17, 0x46, 0xc0, 0x72, 0xb9 + ], note_v: 625536973899669523, note_rho: [ 0x03, 0xfd, 0x69, 0x44, 0x2e, 0xb7, 0x68, 0x1e, 0xc2, 0xa0, 0x56, 0x00, 0x05, 0x4e, 0x92, 0xee, 0xd5, 0x55, 0x02, 0x8f, 0x21, 0xb6, 0xa1, 0x55, 0x26, 0x8a, 0x2d, 0xd6, 0x64, 0x0a, 0x69, 0x30 diff --git a/zcash_test_vectors/orchard/key_components.py b/zcash_test_vectors/orchard/key_components.py index b630928..0eae5d2 100755 --- a/zcash_test_vectors/orchard/key_components.py +++ b/zcash_test_vectors/orchard/key_components.py @@ -54,7 +54,11 @@ class SpendingKey: class FullViewingKey(object): def __init__(self, sk): - (self.rivk, self.ak, self.nk) = (sk.rivk, sk.ak, sk.nk) + if isinstance(sk, SpendingKey): + (self.rivk, self.ak, self.nk) = (sk.rivk, sk.ak, sk.nk) + else: + (self.rivk, self.ak, self.nk) = sk + K = i2leosp(256, self.rivk.s) R = prf_expand(K, b'\x82' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s)) self.dk = R[:32] @@ -73,6 +77,11 @@ class FullViewingKey(object): def default_pkd(self): return self.default_gd() * Scalar(self.ivk().s) + def internal(self): + K = i2leosp(256, self.rivk.s) + rivk_internal = to_scalar(prf_expand(K, b'\x83' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s))) + return self.__class__((rivk_internal, self.ak, self.nk)) + def main(): args = render_args() @@ -109,6 +118,7 @@ def main(): note_cm = note.note_commitment() note_nf = derive_nullifier(fvk.nk, note_rho, note.psi, note_cm) + internal = fvk.internal() test_vectors.append({ 'sk': sk.data, 'ask': bytes(sk.ask), @@ -120,6 +130,10 @@ def main(): 'dk': fvk.dk, 'default_d': default_d, 'default_pk_d': bytes(default_pk_d), + 'internal_rivk': bytes(internal.rivk), + 'internal_ivk': bytes(internal.ivk()), + 'internal_ovk': internal.ovk, + 'internal_dk': internal.dk, 'note_v': note_v, 'note_rho': bytes(note_rho), 'note_rseed': bytes(note_rseed), @@ -141,6 +155,10 @@ def main(): ('dk', '[u8; 32]'), ('default_d', '[u8; 11]'), ('default_pk_d', '[u8; 32]'), + ('internal_rivk', '[u8; 32]'), + ('internal_ivk', '[u8; 32]'), + ('internal_ovk', '[u8; 32]'), + ('internal_dk', '[u8; 32]'), ('note_v', 'u64'), ('note_rho', '[u8; 32]'), ('note_rseed', '[u8; 32]'), From 2234fa124268fb035e156f98c6ab17232808f345 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 1 Feb 2022 15:54:50 +0000 Subject: [PATCH 3/6] Refactor the Orchard FullViewingKey constructor by adding FullViewingKey.from_spending_key. Signed-off-by: Daira Hopwood --- unified_address.py | 2 +- unified_full_viewing_keys.py | 2 +- zcash_test_vectors/orchard/key_components.py | 16 ++++++++-------- zcash_test_vectors/orchard/note.py | 2 +- zcash_test_vectors/orchard/note_encryption.py | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/unified_address.py b/unified_address.py index 059983f..e415004 100755 --- a/unified_address.py +++ b/unified_address.py @@ -42,7 +42,7 @@ def main(): has_o_addr = (not has_s_addr) or rand.bool() if has_o_addr: orchard_sk = orchard_key_components.SpendingKey(rand.b(32)) - orchard_fvk = orchard_key_components.FullViewingKey(orchard_sk) + orchard_fvk = orchard_key_components.FullViewingKey.from_spending_key(orchard_sk) orchard_default_d = orchard_fvk.default_d() orchard_default_pk_d = orchard_fvk.default_pkd() orchard_raw_addr = b"".join([orchard_default_d[:11], bytes(orchard_default_pk_d)[:32]]) diff --git a/unified_full_viewing_keys.py b/unified_full_viewing_keys.py index 0c29384..3ab75d4 100755 --- a/unified_full_viewing_keys.py +++ b/unified_full_viewing_keys.py @@ -58,7 +58,7 @@ def main(): has_o_key = (not has_s_key) or rand.bool() if has_o_key: orchard_sk = orchard_key_components.SpendingKey(rand.b(32)) - orchard_fvk = orchard_key_components.FullViewingKey(orchard_sk) + orchard_fvk = orchard_key_components.FullViewingKey.from_spending_key(orchard_sk) orchard_fvk_bytes = b"".join([ bytes(orchard_fvk.ak), bytes(orchard_fvk.nk), diff --git a/zcash_test_vectors/orchard/key_components.py b/zcash_test_vectors/orchard/key_components.py index 0eae5d2..8f2be14 100755 --- a/zcash_test_vectors/orchard/key_components.py +++ b/zcash_test_vectors/orchard/key_components.py @@ -53,17 +53,17 @@ class SpendingKey: class FullViewingKey(object): - def __init__(self, sk): - if isinstance(sk, SpendingKey): - (self.rivk, self.ak, self.nk) = (sk.rivk, sk.ak, sk.nk) - else: - (self.rivk, self.ak, self.nk) = sk - + def __init__(self, rivk, ak, nk): + (self.rivk, self.ak, self.nk) = (rivk, ak, nk) K = i2leosp(256, self.rivk.s) R = prf_expand(K, b'\x82' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s)) self.dk = R[:32] self.ovk = R[32:] + @classmethod + def from_spending_key(cls, sk): + return cls(sk.rivk, sk.ak, sk.nk) + def ivk(self): return commit_ivk(self.rivk, self.ak, self.nk) @@ -80,7 +80,7 @@ class FullViewingKey(object): def internal(self): K = i2leosp(256, self.rivk.s) rivk_internal = to_scalar(prf_expand(K, b'\x83' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s))) - return self.__class__((rivk_internal, self.ak, self.nk)) + return self.__class__(rivk_internal, self.ak, self.nk) def main(): @@ -101,7 +101,7 @@ def main(): test_vectors = [] for _ in range(0, 10): sk = SpendingKey(rand.b(32)) - fvk = FullViewingKey(sk) + fvk = FullViewingKey.from_spending_key(sk) default_d = fvk.default_d() default_pk_d = fvk.default_pkd() diff --git a/zcash_test_vectors/orchard/note.py b/zcash_test_vectors/orchard/note.py index 2a9cebc..7f8f066 100644 --- a/zcash_test_vectors/orchard/note.py +++ b/zcash_test_vectors/orchard/note.py @@ -63,7 +63,7 @@ class OrchardNotePlaintext(object): def dummy_nullifier(self, rand): sk = SpendingKey(rand.b(32)) - fvk = FullViewingKey(sk) + fvk = FullViewingKey.from_spending_key(sk) pk_d = fvk.default_pkd() d = fvk.default_d() diff --git a/zcash_test_vectors/orchard/note_encryption.py b/zcash_test_vectors/orchard/note_encryption.py index 701b469..9414bc0 100755 --- a/zcash_test_vectors/orchard/note_encryption.py +++ b/zcash_test_vectors/orchard/note_encryption.py @@ -214,7 +214,7 @@ def main(): sender_ovk = rand.b(32) receiver_sk = SpendingKey(rand.b(32)) - receiver_fvk = FullViewingKey(receiver_sk) + receiver_fvk = FullViewingKey.from_spending_key(receiver_sk) ivk = receiver_fvk.ivk() d = receiver_fvk.default_d() pk_d = receiver_fvk.default_pkd() From b955625f521da395273ae92da13fb5c4929ac331 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 1 Feb 2022 16:07:23 +0000 Subject: [PATCH 4/6] Calls to `self.tag()` in Sapling internal key derivation should have been to `self.parent_tag()` Co-authored-by: Ying Tong Lai Signed-off-by: Daira Hopwood --- test-vectors/rust/sapling_zip32.rs | 16 ++++++++-------- zcash_test_vectors/sapling/zip32.py | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/test-vectors/rust/sapling_zip32.rs b/test-vectors/rust/sapling_zip32.rs index e35ccd1..7069686 100644 --- a/test-vectors/rust/sapling_zip32.rs +++ b/test-vectors/rust/sapling_zip32.rs @@ -79,10 +79,10 @@ 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5 ], internal_xsk: Some([ - 0x00, 0x14, 0xc2, 0x71, 0x3a, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0xb6, 0xc0, 0x0c, 0x93, 0xd3, 0x60, 0x32, 0xb9, 0xa2, 0x68, 0xe9, 0x9e, 0x86, 0xa8, 0x60, 0x77, 0x65, 0x60, 0xbf, 0x0e, 0x83, 0xc1, 0xa1, 0x0b, 0x51, 0xf6, 0x07, 0xc9, 0x54, 0x74, 0x25, 0x06, 0x51, 0x12, 0x33, 0x63, 0x6b, 0x95, 0xfd, 0x0a, 0xfb, 0x6b, 0xf8, 0x19, 0x3a, 0x7d, 0x8f, 0x49, 0xef, 0xd7, 0x36, 0xa9, 0x88, 0x77, 0x5c, 0x54, 0xf9, 0x56, 0x68, 0x76, 0x46, 0xea, 0xab, 0x07, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0xb6, 0xc0, 0x0c, 0x93, 0xd3, 0x60, 0x32, 0xb9, 0xa2, 0x68, 0xe9, 0x9e, 0x86, 0xa8, 0x60, 0x77, 0x65, 0x60, 0xbf, 0x0e, 0x83, 0xc1, 0xa1, 0x0b, 0x51, 0xf6, 0x07, 0xc9, 0x54, 0x74, 0x25, 0x06, 0x51, 0x12, 0x33, 0x63, 0x6b, 0x95, 0xfd, 0x0a, 0xfb, 0x6b, 0xf8, 0x19, 0x3a, 0x7d, 0x8f, 0x49, 0xef, 0xd7, 0x36, 0xa9, 0x88, 0x77, 0x5c, 0x54, 0xf9, 0x56, 0x68, 0x76, 0x46, 0xea, 0xab, 0x07, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed ]), internal_xfvk: [ - 0x00, 0x14, 0xc2, 0x71, 0x3a, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0x93, 0x44, 0x2e, 0x5f, 0xef, 0xfb, 0xff, 0x16, 0xe7, 0x21, 0x72, 0x02, 0xdc, 0x73, 0x06, 0x72, 0x9f, 0xff, 0xfe, 0x85, 0xaf, 0x56, 0x83, 0xbc, 0xe2, 0x64, 0x2e, 0x3e, 0xeb, 0x5d, 0x38, 0x71, 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0x93, 0x44, 0x2e, 0x5f, 0xef, 0xfb, 0xff, 0x16, 0xe7, 0x21, 0x72, 0x02, 0xdc, 0x73, 0x06, 0x72, 0x9f, 0xff, 0xfe, 0x85, 0xaf, 0x56, 0x83, 0xbc, 0xe2, 0x64, 0x2e, 0x3e, 0xeb, 0x5d, 0x38, 0x71, 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed ], }, TestVector { @@ -142,10 +142,10 @@ 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8 ], internal_xsk: Some([ - 0x01, 0xdb, 0x99, 0x9e, 0x07, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0x28, 0x2b, 0xc1, 0x97, 0xa5, 0x16, 0x28, 0x7c, 0x8e, 0xa8, 0xf6, 0x8c, 0x42, 0x4a, 0xba, 0xd3, 0x02, 0xb4, 0x5c, 0xdf, 0x95, 0x40, 0x79, 0x61, 0xd7, 0xb8, 0xb4, 0x55, 0x26, 0x7a, 0x35, 0x0c, 0x74, 0x92, 0x9f, 0x79, 0x0c, 0x11, 0xdc, 0xab, 0x3a, 0x2f, 0x93, 0x12, 0x35, 0xcd, 0xb2, 0x67, 0xf5, 0xa3, 0x1b, 0x9f, 0x13, 0x9f, 0x2c, 0x9f, 0xd8, 0x16, 0xb0, 0x44, 0x4f, 0xb8, 0x05, 0x05, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 + 0x01, 0x14, 0xc2, 0x71, 0x3a, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0x28, 0x2b, 0xc1, 0x97, 0xa5, 0x16, 0x28, 0x7c, 0x8e, 0xa8, 0xf6, 0x8c, 0x42, 0x4a, 0xba, 0xd3, 0x02, 0xb4, 0x5c, 0xdf, 0x95, 0x40, 0x79, 0x61, 0xd7, 0xb8, 0xb4, 0x55, 0x26, 0x7a, 0x35, 0x0c, 0x74, 0x92, 0x9f, 0x79, 0x0c, 0x11, 0xdc, 0xab, 0x3a, 0x2f, 0x93, 0x12, 0x35, 0xcd, 0xb2, 0x67, 0xf5, 0xa3, 0x1b, 0x9f, 0x13, 0x9f, 0x2c, 0x9f, 0xd8, 0x16, 0xb0, 0x44, 0x4f, 0xb8, 0x05, 0x05, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 ]), internal_xfvk: [ - 0x01, 0xdb, 0x99, 0x9e, 0x07, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0xdc, 0x14, 0xb5, 0x14, 0xd3, 0xa9, 0x25, 0x94, 0xc2, 0x19, 0x25, 0xaf, 0x2f, 0x77, 0x65, 0xa5, 0x47, 0xb3, 0x0e, 0x73, 0xfa, 0x7b, 0x70, 0x0e, 0xa1, 0xbf, 0xf2, 0xe5, 0xef, 0xaa, 0xa8, 0x8b, 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 + 0x01, 0x14, 0xc2, 0x71, 0x3a, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0xdc, 0x14, 0xb5, 0x14, 0xd3, 0xa9, 0x25, 0x94, 0xc2, 0x19, 0x25, 0xaf, 0x2f, 0x77, 0x65, 0xa5, 0x47, 0xb3, 0x0e, 0x73, 0xfa, 0x7b, 0x70, 0x0e, 0xa1, 0xbf, 0xf2, 0xe5, 0xef, 0xaa, 0xa8, 0x8b, 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 ], }, TestVector { @@ -203,10 +203,10 @@ 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b ], internal_xsk: Some([ - 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0x8b, 0xe8, 0x11, 0x3c, 0xee, 0x34, 0x13, 0xa7, 0x1f, 0x82, 0xc4, 0x1f, 0xc8, 0xda, 0x51, 0x7b, 0xe1, 0x34, 0x04, 0x98, 0x32, 0xe6, 0x82, 0x5c, 0x92, 0xda, 0x6b, 0x84, 0xfe, 0xe4, 0xc6, 0x0d, 0x34, 0x78, 0x65, 0xac, 0xf4, 0x7e, 0x50, 0x45, 0x38, 0xf5, 0xef, 0x8b, 0x04, 0x70, 0x20, 0x80, 0xe6, 0x09, 0x1c, 0xda, 0x57, 0x97, 0xcd, 0x7d, 0x23, 0x5a, 0x54, 0x6e, 0xb1, 0x0f, 0x55, 0x08, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0x8b, 0xe8, 0x11, 0x3c, 0xee, 0x34, 0x13, 0xa7, 0x1f, 0x82, 0xc4, 0x1f, 0xc8, 0xda, 0x51, 0x7b, 0xe1, 0x34, 0x04, 0x98, 0x32, 0xe6, 0x82, 0x5c, 0x92, 0xda, 0x6b, 0x84, 0xfe, 0xe4, 0xc6, 0x0d, 0x34, 0x78, 0x65, 0xac, 0xf4, 0x7e, 0x50, 0x45, 0x38, 0xf5, 0xef, 0x8b, 0x04, 0x70, 0x20, 0x80, 0xe6, 0x09, 0x1c, 0xda, 0x57, 0x97, 0xcd, 0x7d, 0x23, 0x5a, 0x54, 0x6e, 0xb1, 0x0f, 0x55, 0x08, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ]), internal_xfvk: [ - 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ], }, TestVector { @@ -257,7 +257,7 @@ ], internal_xsk: None, internal_xfvk: [ - 0x02, 0x48, 0xc1, 0x83, 0x75, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb + 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ], }, TestVector { @@ -310,7 +310,7 @@ ], internal_xsk: None, internal_xfvk: [ - 0x03, 0x2e, 0x08, 0x15, 0x6d, 0x03, 0x00, 0x00, 0x00, 0x8d, 0x93, 0x7b, 0xcf, 0x81, 0xba, 0x43, 0x0d, 0x5b, 0x49, 0xaf, 0xc0, 0xa4, 0x03, 0x36, 0x7b, 0x1f, 0xd9, 0x98, 0x79, 0xec, 0xba, 0x41, 0xbe, 0x05, 0x1c, 0x5a, 0x4a, 0xa7, 0xd6, 0xe7, 0xe8, 0xb1, 0x85, 0xc5, 0x7b, 0x50, 0x9c, 0x25, 0x36, 0xc4, 0xf2, 0xd3, 0x26, 0xd7, 0x66, 0xc8, 0xfa, 0xb2, 0x54, 0x47, 0xde, 0x53, 0x75, 0xa9, 0x32, 0x8d, 0x64, 0x9d, 0xda, 0xbd, 0x97, 0xa6, 0xa3, 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27, 0xbf, 0x19, 0xe2, 0x57, 0xdd, 0x83, 0x3e, 0x02, 0x94, 0xec, 0x2a, 0xcb, 0xdf, 0xa4, 0x0e, 0x14, 0x52, 0xf8, 0xe6, 0xa1, 0xf0, 0xc7, 0xf6, 0xf3, 0xab, 0xe5, 0x6a, 0xfd, 0x5f, 0x6e, 0x26, 0x18, 0x1f, 0xfd, 0x6f, 0x81, 0xfe, 0x85, 0xc4, 0x9f, 0xe3, 0xe7, 0x3e, 0xf7, 0x3e, 0x50, 0x11, 0x38, 0x22, 0xca, 0x62, 0x67, 0x31, 0x2b, 0x7a, 0xce, 0xd0, 0xc1, 0x56, 0xa3, 0x2b, 0x3f, 0x24, 0x38 + 0x03, 0x48, 0xc1, 0x83, 0x75, 0x03, 0x00, 0x00, 0x00, 0x8d, 0x93, 0x7b, 0xcf, 0x81, 0xba, 0x43, 0x0d, 0x5b, 0x49, 0xaf, 0xc0, 0xa4, 0x03, 0x36, 0x7b, 0x1f, 0xd9, 0x98, 0x79, 0xec, 0xba, 0x41, 0xbe, 0x05, 0x1c, 0x5a, 0x4a, 0xa7, 0xd6, 0xe7, 0xe8, 0xb1, 0x85, 0xc5, 0x7b, 0x50, 0x9c, 0x25, 0x36, 0xc4, 0xf2, 0xd3, 0x26, 0xd7, 0x66, 0xc8, 0xfa, 0xb2, 0x54, 0x47, 0xde, 0x53, 0x75, 0xa9, 0x32, 0x8d, 0x64, 0x9d, 0xda, 0xbd, 0x97, 0xa6, 0xa3, 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27, 0xbf, 0x19, 0xe2, 0x57, 0xdd, 0x83, 0x3e, 0x02, 0x94, 0xec, 0x2a, 0xcb, 0xdf, 0xa4, 0x0e, 0x14, 0x52, 0xf8, 0xe6, 0xa1, 0xf0, 0xc7, 0xf6, 0xf3, 0xab, 0xe5, 0x6a, 0xfd, 0x5f, 0x6e, 0x26, 0x18, 0x1f, 0xfd, 0x6f, 0x81, 0xfe, 0x85, 0xc4, 0x9f, 0xe3, 0xe7, 0x3e, 0xf7, 0x3e, 0x50, 0x11, 0x38, 0x22, 0xca, 0x62, 0x67, 0x31, 0x2b, 0x7a, 0xce, 0xd0, 0xc1, 0x56, 0xa3, 0x2b, 0x3f, 0x24, 0x38 ], }, ]; diff --git a/zcash_test_vectors/sapling/zip32.py b/zcash_test_vectors/sapling/zip32.py index f103d73..86c92b6 100755 --- a/zcash_test_vectors/sapling/zip32.py +++ b/zcash_test_vectors/sapling/zip32.py @@ -129,7 +129,7 @@ class ExtendedSpendingKey(DerivedAkNk, DerivedIvk, ExtendedBase): nsk_internal = I_nsk + self.nsk() dk_internal = R[:32] ovk_internal = R[32:] - internal = self.__class__(self.ask(), nsk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.tag(), self._i) + internal = self.__class__(self.ask(), nsk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.parent_tag(), self._i) # check commutative diagram assert internal.to_extended_fvk() == self.to_extended_fvk().internal() return internal @@ -211,7 +211,7 @@ class ExtendedFullViewingKey(DerivedIvk, ExtendedBase): nk_internal = PROVING_KEY_BASE * I_nsk + self.nk() dk_internal = R[:32] ovk_internal = R[32:] - return self.__class__(self.ak(), nk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.tag(), self._i) + return self.__class__(self.ak(), nk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.parent_tag(), self._i) def hardened(i): From f7f726bf0d259e23e9530dd28150d524ec33d9fa Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 1 Feb 2022 16:14:51 +0000 Subject: [PATCH 5/6] Add `internal_ivk` and `internal_fp` to Sapling internal key test vector fields. Signed-off-by: Daira Hopwood --- test-vectors/rust/sapling_zip32.rs | 32 +++++++++++++++++++++++++++++ zcash_test_vectors/sapling/zip32.py | 4 ++++ 2 files changed, 36 insertions(+) diff --git a/test-vectors/rust/sapling_zip32.rs b/test-vectors/rust/sapling_zip32.rs index 7069686..f6a2a0c 100644 --- a/test-vectors/rust/sapling_zip32.rs +++ b/test-vectors/rust/sapling_zip32.rs @@ -18,8 +18,10 @@ internal_ovk: [u8; 32], internal_dk: [u8; 32], internal_nk: [u8; 32], + internal_ivk: [u8; 32], internal_xsk: Option<[u8; 169]>, internal_xfvk: [u8; 169], + internal_fp: [u8; 32], }; // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_zip32.py @@ -78,12 +80,18 @@ internal_nk: [ 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5 ], + internal_ivk: [ + 0x79, 0x05, 0x77, 0x32, 0x1c, 0x51, 0x18, 0x04, 0x63, 0x6e, 0xe6, 0xba, 0xa4, 0xee, 0xa7, 0x79, 0xb4, 0xa4, 0x6a, 0x5a, 0x12, 0xf8, 0x5d, 0x36, 0x50, 0x74, 0xa0, 0x9d, 0x05, 0x4f, 0x34, 0x01 + ], internal_xsk: Some([ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0xb6, 0xc0, 0x0c, 0x93, 0xd3, 0x60, 0x32, 0xb9, 0xa2, 0x68, 0xe9, 0x9e, 0x86, 0xa8, 0x60, 0x77, 0x65, 0x60, 0xbf, 0x0e, 0x83, 0xc1, 0xa1, 0x0b, 0x51, 0xf6, 0x07, 0xc9, 0x54, 0x74, 0x25, 0x06, 0x51, 0x12, 0x33, 0x63, 0x6b, 0x95, 0xfd, 0x0a, 0xfb, 0x6b, 0xf8, 0x19, 0x3a, 0x7d, 0x8f, 0x49, 0xef, 0xd7, 0x36, 0xa9, 0x88, 0x77, 0x5c, 0x54, 0xf9, 0x56, 0x68, 0x76, 0x46, 0xea, 0xab, 0x07, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed ]), internal_xfvk: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0, 0x94, 0x7c, 0x4b, 0x03, 0xbf, 0x72, 0xa3, 0x7a, 0xb4, 0x4f, 0x72, 0x27, 0x6d, 0x1c, 0xf3, 0xfd, 0xcd, 0x7e, 0xbf, 0x3e, 0x73, 0x34, 0x8b, 0x7e, 0x55, 0x0d, 0x75, 0x20, 0x18, 0x66, 0x8e, 0x93, 0x44, 0x2e, 0x5f, 0xef, 0xfb, 0xff, 0x16, 0xe7, 0x21, 0x72, 0x02, 0xdc, 0x73, 0x06, 0x72, 0x9f, 0xff, 0xfe, 0x85, 0xaf, 0x56, 0x83, 0xbc, 0xe2, 0x64, 0x2e, 0x3e, 0xeb, 0x5d, 0x38, 0x71, 0xa3, 0x83, 0x1a, 0x5c, 0x69, 0x33, 0xf8, 0xec, 0x6a, 0xa5, 0xce, 0x31, 0x6c, 0x50, 0x8b, 0x79, 0x91, 0xcd, 0x94, 0xd3, 0xbd, 0xb7, 0x00, 0xa1, 0xc4, 0x27, 0xa6, 0xae, 0x15, 0xe7, 0x2f, 0xb5, 0x9d, 0xc4, 0x77, 0xfe, 0x1e, 0x7d, 0x28, 0x29, 0x13, 0xf6, 0x51, 0x65, 0x4d, 0x39, 0x85, 0xf0, 0x9d, 0x53, 0xc2, 0xd3, 0xb5, 0x76, 0x3d, 0x7a, 0x72, 0x3b, 0xcb, 0xd6, 0xee, 0x05, 0x3d, 0x5a, 0x40, 0xdd, 0xc5, 0x6e, 0x69, 0x75, 0x13, 0x8c, 0x08, 0x39, 0xe5, 0x80, 0xb5, 0x4d, 0x6d, 0x99, 0x9d, 0xc6, 0x16, 0x84, 0x3c, 0xfe, 0x04, 0x1e, 0x8f, 0x38, 0x8b, 0x12, 0x4e, 0xf7, 0xb5, 0xed ], + internal_fp: [ + 0x82, 0x64, 0xed, 0xec, 0x63, 0xb1, 0x55, 0x00, 0x1d, 0x84, 0x96, 0x68, 0x5c, 0xc7, 0xc2, 0x1e, 0xa9, 0x57, 0xc6, 0xf5, 0x91, 0x09, 0x0a, 0x1c, 0x20, 0xe5, 0x2a, 0x41, 0x89, 0xb8, 0xbb, 0x96 + ], }, TestVector { ask: Some([ @@ -141,12 +149,18 @@ internal_nk: [ 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8 ], + internal_ivk: [ + 0xdf, 0x44, 0x54, 0xa6, 0x76, 0xd1, 0xde, 0x32, 0xe2, 0x0a, 0xe6, 0x28, 0x7a, 0x92, 0xfa, 0xfe, 0xfb, 0xbb, 0x3e, 0x54, 0xb5, 0x88, 0xc8, 0xda, 0x28, 0x07, 0xec, 0x43, 0x68, 0x2c, 0x85, 0x00 + ], internal_xsk: Some([ 0x01, 0x14, 0xc2, 0x71, 0x3a, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0x28, 0x2b, 0xc1, 0x97, 0xa5, 0x16, 0x28, 0x7c, 0x8e, 0xa8, 0xf6, 0x8c, 0x42, 0x4a, 0xba, 0xd3, 0x02, 0xb4, 0x5c, 0xdf, 0x95, 0x40, 0x79, 0x61, 0xd7, 0xb8, 0xb4, 0x55, 0x26, 0x7a, 0x35, 0x0c, 0x74, 0x92, 0x9f, 0x79, 0x0c, 0x11, 0xdc, 0xab, 0x3a, 0x2f, 0x93, 0x12, 0x35, 0xcd, 0xb2, 0x67, 0xf5, 0xa3, 0x1b, 0x9f, 0x13, 0x9f, 0x2c, 0x9f, 0xd8, 0x16, 0xb0, 0x44, 0x4f, 0xb8, 0x05, 0x05, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 ]), internal_xfvk: [ 0x01, 0x14, 0xc2, 0x71, 0x3a, 0x01, 0x00, 0x00, 0x00, 0x01, 0x47, 0x11, 0x0c, 0x69, 0x1a, 0x03, 0xb9, 0xd9, 0xf0, 0xba, 0x90, 0x05, 0xc5, 0xe7, 0x90, 0xa5, 0x95, 0xb7, 0xf0, 0x4e, 0x33, 0x29, 0xd2, 0xfa, 0x43, 0x8a, 0x67, 0x05, 0xda, 0xbc, 0xe6, 0xdc, 0x14, 0xb5, 0x14, 0xd3, 0xa9, 0x25, 0x94, 0xc2, 0x19, 0x25, 0xaf, 0x2f, 0x77, 0x65, 0xa5, 0x47, 0xb3, 0x0e, 0x73, 0xfa, 0x7b, 0x70, 0x0e, 0xa1, 0xbf, 0xf2, 0xe5, 0xef, 0xaa, 0xa8, 0x8b, 0x2b, 0x5c, 0x78, 0xa2, 0xfb, 0xa5, 0x01, 0x9c, 0x15, 0xa7, 0x51, 0x50, 0x2b, 0xa9, 0x91, 0x6f, 0xae, 0xda, 0xe1, 0xfc, 0x14, 0xdc, 0x81, 0xb0, 0xb8, 0x35, 0xf2, 0xbf, 0x95, 0xc0, 0x68, 0xe8, 0x0c, 0xd4, 0xd7, 0xc5, 0xcc, 0x7f, 0x53, 0x4b, 0x96, 0xd2, 0x41, 0x82, 0xa3, 0x14, 0x65, 0xb4, 0x78, 0x11, 0x05, 0x48, 0x9c, 0xd1, 0x0d, 0x50, 0x0c, 0xf5, 0x29, 0x5a, 0x6f, 0xd8, 0x18, 0xcc, 0xd2, 0x78, 0xb7, 0x2c, 0x62, 0x1d, 0x19, 0xcb, 0x00, 0xf9, 0x70, 0x07, 0x9c, 0x89, 0x22, 0x76, 0x1c, 0xdd, 0x3a, 0xe7, 0xf2, 0x7b, 0x18, 0x47, 0xc5, 0x53, 0x60, 0xdb, 0xeb, 0xf6, 0x54, 0x92 ], + internal_fp: [ + 0x0d, 0xe5, 0x83, 0xca, 0x50, 0x2b, 0x1c, 0x4b, 0x87, 0xca, 0xc8, 0xc9, 0x78, 0x6c, 0x61, 0x9b, 0x79, 0xe1, 0x69, 0xb4, 0x15, 0x61, 0xf2, 0x44, 0xee, 0xec, 0x86, 0x86, 0xb8, 0xdb, 0xc4, 0xe1 + ], }, TestVector { ask: Some([ @@ -202,12 +216,18 @@ internal_nk: [ 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b ], + internal_ivk: [ + 0x1d, 0x59, 0xea, 0x20, 0x17, 0x88, 0x18, 0x64, 0xd2, 0x4e, 0xad, 0xb5, 0xcf, 0x34, 0x68, 0xa4, 0x1a, 0x1b, 0x2a, 0xaa, 0x0d, 0x1b, 0x3a, 0x72, 0xc6, 0xda, 0x9c, 0xe6, 0x50, 0x2a, 0x0a, 0x05 + ], internal_xsk: Some([ 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0x8b, 0xe8, 0x11, 0x3c, 0xee, 0x34, 0x13, 0xa7, 0x1f, 0x82, 0xc4, 0x1f, 0xc8, 0xda, 0x51, 0x7b, 0xe1, 0x34, 0x04, 0x98, 0x32, 0xe6, 0x82, 0x5c, 0x92, 0xda, 0x6b, 0x84, 0xfe, 0xe4, 0xc6, 0x0d, 0x34, 0x78, 0x65, 0xac, 0xf4, 0x7e, 0x50, 0x45, 0x38, 0xf5, 0xef, 0x8b, 0x04, 0x70, 0x20, 0x80, 0xe6, 0x09, 0x1c, 0xda, 0x57, 0x97, 0xcd, 0x7d, 0x23, 0x5a, 0x54, 0x6e, 0xb1, 0x0f, 0x55, 0x08, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ]), internal_xfvk: [ 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ], + internal_fp: [ + 0x30, 0xfe, 0x0d, 0x61, 0x0f, 0x94, 0x7b, 0x2c, 0x26, 0x0e, 0x7b, 0x29, 0xe7, 0x9e, 0x5c, 0x2e, 0x7d, 0x3e, 0x14, 0xab, 0xf9, 0x79, 0xf6, 0x40, 0x6d, 0x07, 0xba, 0xf8, 0xfa, 0xdd, 0xf4, 0x95 + ], }, TestVector { ask: None, @@ -255,10 +275,16 @@ internal_nk: [ 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b ], + internal_ivk: [ + 0x1d, 0x59, 0xea, 0x20, 0x17, 0x88, 0x18, 0x64, 0xd2, 0x4e, 0xad, 0xb5, 0xcf, 0x34, 0x68, 0xa4, 0x1a, 0x1b, 0x2a, 0xaa, 0x0d, 0x1b, 0x3a, 0x72, 0xc6, 0xda, 0x9c, 0xe6, 0x50, 0x2a, 0x0a, 0x05 + ], internal_xsk: None, internal_xfvk: [ 0x02, 0xdb, 0x99, 0x9e, 0x07, 0x02, 0x00, 0x00, 0x80, 0x97, 0xce, 0x15, 0xf4, 0xed, 0x1b, 0x97, 0x39, 0xb0, 0x26, 0x2a, 0x46, 0x3b, 0xcb, 0x3d, 0xc9, 0xb3, 0xbd, 0x23, 0x23, 0xa9, 0xba, 0xa4, 0x41, 0xca, 0x42, 0x77, 0x73, 0x83, 0xa8, 0xd4, 0x35, 0xa6, 0xc5, 0x92, 0x5a, 0x0f, 0x85, 0xfa, 0x4f, 0x1e, 0x40, 0x5e, 0x3a, 0x49, 0x70, 0xd0, 0xc4, 0xa4, 0xb4, 0x81, 0x44, 0x38, 0xf4, 0xe9, 0xd4, 0x52, 0x0e, 0x20, 0xf7, 0xfd, 0xcf, 0x38, 0x41, 0xf9, 0x12, 0x87, 0xc0, 0x6e, 0x30, 0xb6, 0x5e, 0xa1, 0xbd, 0xb7, 0x16, 0xb2, 0x31, 0xde, 0x67, 0x78, 0xa5, 0xd8, 0x0e, 0xe5, 0xcd, 0x9c, 0x06, 0x0d, 0x1a, 0xba, 0xca, 0xe0, 0xaa, 0xe2, 0x3b, 0xdd, 0xba, 0xc2, 0xa4, 0x93, 0xf5, 0x3c, 0x3b, 0x09, 0x33, 0xd9, 0x13, 0xde, 0xf8, 0x88, 0x48, 0x65, 0x4c, 0x08, 0x7c, 0x12, 0x60, 0x9d, 0xf0, 0x1b, 0xaf, 0x94, 0x05, 0xce, 0x78, 0x04, 0xfd, 0x60, 0x2c, 0xd3, 0x17, 0xb7, 0xce, 0xa1, 0x1e, 0x8c, 0xc7, 0xae, 0x2e, 0xa4, 0x05, 0xb4, 0x0d, 0x46, 0xb1, 0x59, 0x2a, 0x30, 0xf0, 0xcb, 0x6e, 0x8c, 0x4f, 0x17, 0xd7, 0xf7, 0xc4, 0x7f, 0xeb ], + internal_fp: [ + 0x30, 0xfe, 0x0d, 0x61, 0x0f, 0x94, 0x7b, 0x2c, 0x26, 0x0e, 0x7b, 0x29, 0xe7, 0x9e, 0x5c, 0x2e, 0x7d, 0x3e, 0x14, 0xab, 0xf9, 0x79, 0xf6, 0x40, 0x6d, 0x07, 0xba, 0xf8, 0xfa, 0xdd, 0xf4, 0x95 + ], }, TestVector { ask: None, @@ -308,9 +334,15 @@ internal_nk: [ 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27 ], + internal_ivk: [ + 0xf9, 0x8a, 0x76, 0x09, 0x8e, 0x91, 0x05, 0x03, 0xe8, 0x02, 0x77, 0x52, 0x04, 0x2d, 0xe8, 0x7e, 0x7d, 0x89, 0x3a, 0xb0, 0x14, 0x5e, 0xbc, 0x3b, 0x05, 0x97, 0xc2, 0x39, 0x7f, 0x69, 0xd2, 0x01 + ], internal_xsk: None, internal_xfvk: [ 0x03, 0x48, 0xc1, 0x83, 0x75, 0x03, 0x00, 0x00, 0x00, 0x8d, 0x93, 0x7b, 0xcf, 0x81, 0xba, 0x43, 0x0d, 0x5b, 0x49, 0xaf, 0xc0, 0xa4, 0x03, 0x36, 0x7b, 0x1f, 0xd9, 0x98, 0x79, 0xec, 0xba, 0x41, 0xbe, 0x05, 0x1c, 0x5a, 0x4a, 0xa7, 0xd6, 0xe7, 0xe8, 0xb1, 0x85, 0xc5, 0x7b, 0x50, 0x9c, 0x25, 0x36, 0xc4, 0xf2, 0xd3, 0x26, 0xd7, 0x66, 0xc8, 0xfa, 0xb2, 0x54, 0x47, 0xde, 0x53, 0x75, 0xa9, 0x32, 0x8d, 0x64, 0x9d, 0xda, 0xbd, 0x97, 0xa6, 0xa3, 0x82, 0x2f, 0x2f, 0x70, 0x96, 0x0f, 0x05, 0xd6, 0x96, 0x74, 0x58, 0xe3, 0x92, 0x10, 0xd5, 0x77, 0x1f, 0x98, 0x47, 0xae, 0xf9, 0xe3, 0x4d, 0x94, 0xb8, 0xaf, 0xbf, 0x95, 0xbb, 0xc4, 0xd2, 0x27, 0xbf, 0x19, 0xe2, 0x57, 0xdd, 0x83, 0x3e, 0x02, 0x94, 0xec, 0x2a, 0xcb, 0xdf, 0xa4, 0x0e, 0x14, 0x52, 0xf8, 0xe6, 0xa1, 0xf0, 0xc7, 0xf6, 0xf3, 0xab, 0xe5, 0x6a, 0xfd, 0x5f, 0x6e, 0x26, 0x18, 0x1f, 0xfd, 0x6f, 0x81, 0xfe, 0x85, 0xc4, 0x9f, 0xe3, 0xe7, 0x3e, 0xf7, 0x3e, 0x50, 0x11, 0x38, 0x22, 0xca, 0x62, 0x67, 0x31, 0x2b, 0x7a, 0xce, 0xd0, 0xc1, 0x56, 0xa3, 0x2b, 0x3f, 0x24, 0x38 ], + internal_fp: [ + 0xba, 0x64, 0xe4, 0x0d, 0x08, 0x6d, 0x36, 0x2c, 0xa5, 0xa1, 0x7f, 0x5e, 0x3b, 0x1b, 0xee, 0x63, 0x24, 0xc8, 0x4f, 0x10, 0x12, 0x44, 0xa4, 0x00, 0x2a, 0x2e, 0xca, 0xaf, 0x05, 0xbd, 0xd9, 0x81 + ], }, ]; diff --git a/zcash_test_vectors/sapling/zip32.py b/zcash_test_vectors/sapling/zip32.py index 86c92b6..27174d3 100755 --- a/zcash_test_vectors/sapling/zip32.py +++ b/zcash_test_vectors/sapling/zip32.py @@ -249,8 +249,10 @@ def main(): 'internal_ovk' : bytes(internal.ovk()), 'internal_dk' : bytes(internal.dk()), 'internal_nk' : bytes(internal.nk()), + 'internal_ivk' : bytes(internal.ivk()), 'internal_xsk' : Some(bytes(internal)) if internal.is_xsk() else None, 'internal_xfvk': bytes(internal.to_extended_fvk()), + 'internal_fp' : internal.fingerprint(), } for (k, internal) in keys_and_internals ] @@ -278,8 +280,10 @@ def main(): ('internal_ovk', '[u8; 32]'), ('internal_dk', '[u8; 32]'), ('internal_nk', '[u8; 32]'), + ('internal_ivk', '[u8; 32]'), ('internal_xsk', 'Option<[u8; 169]>'), ('internal_xfvk','[u8; 169]'), + ('internal_fp', '[u8; 32]'), ), test_vectors, ) From 674dc7c0547a88624093a84ecb3e26336557473c Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 1 Feb 2022 20:24:29 +0000 Subject: [PATCH 6/6] Cosmetics. Signed-off-by: Daira Hopwood --- unified_full_viewing_keys.py | 12 ++++++------ zcash_test_vectors/sapling/zip32.py | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/unified_full_viewing_keys.py b/unified_full_viewing_keys.py index 3ab75d4..3796623 100755 --- a/unified_full_viewing_keys.py +++ b/unified_full_viewing_keys.py @@ -47,9 +47,9 @@ def main(): sapling_fvk = account_key.to_extended_fvk() sapling_fvk_bytes = b"".join([ - bytes(sapling_fvk.ak()), - bytes(sapling_fvk.nk()), - sapling_fvk.ovk(), + bytes(sapling_fvk.ak()), + bytes(sapling_fvk.nk()), + sapling_fvk.ovk(), sapling_fvk.dk() ]) else: @@ -60,17 +60,17 @@ def main(): orchard_sk = orchard_key_components.SpendingKey(rand.b(32)) orchard_fvk = orchard_key_components.FullViewingKey.from_spending_key(orchard_sk) orchard_fvk_bytes = b"".join([ - bytes(orchard_fvk.ak), + bytes(orchard_fvk.ak), bytes(orchard_fvk.nk), bytes(orchard_fvk.rivk) ]) else: orchard_fvk_bytes = None - # include an unknown item 1/4 of the time + # include an unknown item 1/4 of the time has_unknown_item = rand.bool() and rand.bool() # use the range reserved for experimental typecodes for unknowns - unknown_tc = rng.randrange(0xFFFA, 0xFFFF+1) + unknown_tc = rng.randrange(0xFFFA, 0xFFFF+1) unknown_len = rng.randrange(32, 256) if has_unknown_item: unknown_bytes = b"".join([rand.b(unknown_len)]) diff --git a/zcash_test_vectors/sapling/zip32.py b/zcash_test_vectors/sapling/zip32.py index 27174d3..5d2ec2f 100755 --- a/zcash_test_vectors/sapling/zip32.py +++ b/zcash_test_vectors/sapling/zip32.py @@ -214,10 +214,11 @@ class ExtendedFullViewingKey(DerivedIvk, ExtendedBase): return self.__class__(self.ak(), nk_internal, ovk_internal, dk_internal, self._c, self.depth(), self.parent_tag(), self._i) -def hardened(i): +def hardened(i): assert(i < (1<<31)) return i + (1<<31) + def main(): args = render_args()