Update sapling keys derived from spending key via blake2b

2020-03-29 03:19:02 -04:00 · 2020-03-29 03:19:02 -04:00 · 097d4617df
parent b167a3b96e
commit 097d4617df
1 changed files with 25 additions and 30 deletions
--- a/zebra-chain/src/keys/sapling.rs
+++ b/zebra-chain/src/keys/sapling.rs
@ -53,22 +53,21 @@ impl From<[u8; 32]> for SpendingKey {
 pub type SpendAuthorizationKey = Scalar;

 impl From<SpendingKey> for SpendAuthorizationKey {
-    /// Invokes Blake2b-512 as PRF^expand to derive a
+    /// Invokes Blake2b-512 as PRF^expand, t=0, to derive a
    /// SpendAuthorizationKey from a SpendingKey.
    ///
    /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
    /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
    fn from(spending_key: SpendingKey) -> SpendAuthorizationKey {
-        let mut block = [0u8; 33]; // Last byte is t=0;
+        let hash = blake2b_simd::Params::new()
+            .hash_length(64) // Blake2b-512
+            .personal(b"Zcash_ExpandSeed")
+            .to_state()
+            .update(spending_key.0[..])
+            .update([0]) // t=0
+            .finalize();

-        block[0..32].copy_from_slice(&spending_key.0[..]);
-
-        let mut hasher = Blake2b::new();
-        // TODO: check that this counts as personalization.
-        hasher.input("Zcash_ExpandSeed");
-        hasher.input(block);
-
-        Self::from(hasher.result())
+        Self::from(hash)
    }
 }

@ -89,17 +88,15 @@ impl From<SpendingKey> for ProofAuthorizingKey {
    /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
    /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
    fn from(spending_key: SpendingKey) -> ProofAuthorizingKey {
-        let mut block = [0u8; 33];
-        block[33] = 1; // Last byte is t=1;
+        let hash = blake2b_simd::Params::new()
+            .hash_length(64)
+            .personal(b"Zcash_ExpandSeed")
+            .to_state()
+            .update(spending_key.0[..])
+            .update([1])
+            .finalize();

-        block[0..32].copy_from_slice(&spending_key.0[..]);
-
-        let mut hasher = Blake2b::new();
-        // TODO: check that this counts as personalization.
-        hasher.input("Zcash_ExpandSeed");
-        hasher.input(block);
-
-        Self::from(hasher.result())
+        Self::from(hash)
    }
 }

@ -121,17 +118,15 @@ impl From<SpendingKey> for OutgoingViewingKey {
    /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
    /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
    fn from(spending_key: SpendingKey) -> OutgoingViewingKey {
-        let mut block = [0u8; 33];
-        block[33] = 2u8; // Last byte is t=2;
+        let hash = blake2b_simd::Params::new()
+            .hash_length(64)
+            .personal(b"Zcash_ExpandSeed")
+            .to_state()
+            .update(spending_key.0[..])
+            .update([2])
+            .finalize();

-        block[0..32].copy_from_slice(&spending_key.0[..]);
-
-        let mut hasher = Blake2b::new();
-        // TODO: check that this counts as personalization.
-        hasher.input("Zcash_ExpandSeed");
-        hasher.input(block);
-
-        Self(hasher.result()[0..31])
+        Self::from(hash[0..32])
    }
 }