diff --git a/zebra-chain/src/orchard/commitment.rs b/zebra-chain/src/orchard/commitment.rs index 259e8498c..a4180ff94 100644 --- a/zebra-chain/src/orchard/commitment.rs +++ b/zebra-chain/src/orchard/commitment.rs @@ -115,7 +115,7 @@ impl NoteCommitment { /// /// NoteCommit^Orchard_rcm(repr_P(gd),repr_P(pkd), v, ρ, ψ) := /// - /// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit + /// https://zips.z.cash/protocol/nu5.pdf#concretewindowedcommit #[allow(non_snake_case)] pub fn new( csprng: &mut T, @@ -165,7 +165,7 @@ impl NoteCommitment { /// Hash Extractor for Pallas /// - /// https://zips.z.cash/protocol/protocol.pdf#concreteextractorpallas + /// https://zips.z.cash/protocol/nu5.pdf#concreteextractorpallas pub fn extract_x(&self) -> pallas::Base { match self.0.get_xy().into() { // If Some, it's not the identity. @@ -178,7 +178,7 @@ impl NoteCommitment { /// A homomorphic Pedersen commitment to the net value of a _note_, used in /// Action descriptions. /// -/// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit +/// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit #[derive(Clone, Copy, Deserialize, PartialEq, Serialize)] pub struct ValueCommitment(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine); @@ -231,7 +231,7 @@ impl Eq for ValueCommitment {} /// LEBS2OSP256(repr_P(cv)) /// -/// https://zips.z.cash/protocol/protocol.pdf#pallasandvesta +/// https://zips.z.cash/protocol/nu5.pdf#pallasandvesta impl From for [u8; 32] { fn from(cm: ValueCommitment) -> [u8; 32] { cm.0.to_bytes() @@ -274,7 +274,7 @@ impl std::iter::Sum for ValueCommitment { /// LEBS2OSP256(repr_P(cv)) /// -/// https://zips.z.cash/protocol/protocol.pdf#pallasandvesta +/// https://zips.z.cash/protocol/nu5.pdf#pallasandvesta impl TryFrom<[u8; 32]> for ValueCommitment { type Error = &'static str; @@ -305,7 +305,7 @@ impl ZcashDeserialize for ValueCommitment { impl ValueCommitment { /// Generate a new _ValueCommitment_. /// - /// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit + /// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit pub fn randomized(csprng: &mut T, value: Amount) -> Self where T: RngCore + CryptoRng, @@ -319,7 +319,7 @@ impl ValueCommitment { /// /// ValueCommit^Orchard(v) := /// - /// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit + /// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit #[allow(non_snake_case)] pub fn new(rcv: pallas::Scalar, value: Amount) -> Self { lazy_static! { diff --git a/zebra-chain/src/orchard/keys.rs b/zebra-chain/src/orchard/keys.rs index ab669ed00..d41fe91b5 100644 --- a/zebra-chain/src/orchard/keys.rs +++ b/zebra-chain/src/orchard/keys.rs @@ -61,7 +61,7 @@ fn prp_d(K: [u8; 32], d: [u8; 11]) -> [u8; 11] { /// /// PRF^expand(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t) /// -/// https://zips.z.cash/protocol/protocol.pdf#concreteprfs +/// https://zips.z.cash/protocol/nu5.pdf#concreteprfs // TODO: This is basically a duplicate of the one in our sapling module, its // definition in the draft Nu5 spec is incomplete so I'm putting it here in case // it changes. @@ -108,7 +108,7 @@ fn prf_ock(ovk: [u8; 32], cv: [u8; 32], cm_x: [u8; 32], ephemeral_key: [u8; 32]) /// /// where P = GroupHash^P(("z.cash:Orchard-gd", LEBS2OSP_l_d(d))) /// -/// https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash +/// https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash fn diversify_hash(d: &[u8]) -> pallas::Point { let p = pallas_group_hash(b"z.cash:Orchard-gd", &d); @@ -133,7 +133,7 @@ mod sk_hrp { /// Our root secret key of the Orchard key derivation tree. All other Orchard /// key types derive from the [`SpendingKey`] value. /// -/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, Debug, Eq, PartialEq)] #[cfg_attr( any(test, feature = "proptest-impl"), @@ -248,8 +248,8 @@ impl From for SpendAuthorizingKey { /// /// ask := ToScalar^Orchard(PRF^expand(sk, [6])) /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents - /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#concreteprfs fn from(spending_key: SpendingKey) -> SpendAuthorizingKey { let hash_bytes = prf_expand(spending_key.bytes, vec![&[6]]); @@ -270,7 +270,7 @@ impl PartialEq<[u8; 32]> for SpendAuthorizingKey { /// Used to validate Orchard _Spend Authorization Signatures_, proving ownership /// of notes. /// -/// [orchardkeycomponents]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, Debug)] pub struct SpendValidatingKey(pub redpallas::VerificationKey); @@ -313,7 +313,7 @@ impl PartialEq<[u8; 32]> for SpendValidatingKey { /// /// Used to create a _Nullifier_ per note. /// -/// [orchardkeycomponents]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, PartialEq)] pub struct NullifierDerivingKey(pub pallas::Base); @@ -352,7 +352,7 @@ impl From<[u8; 32]> for NullifierDerivingKey { impl From for NullifierDerivingKey { /// nk = ToBase^Orchard(PRF^expand_sk ([7])) /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents fn from(sk: SpendingKey) -> Self { Self(pallas::Base::from_bytes_wide(&prf_expand( sk.into(), @@ -387,7 +387,7 @@ impl fmt::Debug for IvkCommitRandomness { impl From for IvkCommitRandomness { /// rivk = ToScalar^Orchard(PRF^expand_sk ([8])) /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents fn from(sk: SpendingKey) -> Self { let scalar = pallas::Scalar::from_bytes_wide(&prf_expand(sk.into(), vec![&[8]])); @@ -435,7 +435,7 @@ mod ivk_hrp { /// /// Used to decrypt incoming notes without spending them. /// -/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, Eq, PartialEq)] pub struct IncomingViewingKey { network: Network, @@ -465,8 +465,8 @@ impl From for IncomingViewingKey { /// Commit^ivk_rivk(ak, nk) := /// SinsemillaShortCommit_rcm (︁"z.cash:Orchard-CommitIvk", I2LEBSP_l(ak) || I2LEBSP_l(nk)︁) mod r_P /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents - /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#concreteprfs #[allow(non_snake_case)] fn from(fvk: FullViewingKey) -> Self { let mut M: BitVec = BitVec::new(); @@ -551,7 +551,7 @@ mod fvk_hrp { /// Human-Readable Part is “zviewo”. For incoming viewing keys on the /// test network, the Human-Readable Part is “zviewtestorchard”. /// -/// https://zips.z.cash/protocol/protocol.pdf#orchardfullviewingkeyencoding +/// https://zips.z.cash/protocol/nu5.pdf#orchardfullviewingkeyencoding #[derive(Copy, Clone, Eq, PartialEq)] pub struct FullViewingKey { network: Network, @@ -616,7 +616,7 @@ impl FromStr for FullViewingKey { } impl FullViewingKey { - /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[allow(non_snake_case)] pub fn to_R(self) -> [u8; 64] { // let K = I2LEBSP_l_sk(rivk) @@ -655,7 +655,7 @@ impl FullViewingKey { /// /// Used to decrypt outgoing notes without spending them. /// -/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, Eq, PartialEq)] pub struct OutgoingViewingKey(pub [u8; 32]); @@ -683,7 +683,7 @@ impl From for [u8; 32] { impl From for OutgoingViewingKey { /// Derive an `OutgoingViewingKey` from a `FullViewingKey`. /// - /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[allow(non_snake_case)] fn from(fvk: FullViewingKey) -> OutgoingViewingKey { let R = fvk.to_R(); @@ -712,7 +712,7 @@ impl PartialEq<[u8; 32]> for OutgoingViewingKey { /// the sequence, which matches the capabilities of a Sapling _extended full /// viewing key_ but simplifies the key structure." /// -/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation #[derive(Copy, Clone, PartialEq)] pub struct DiversifierKey([u8; 32]); @@ -729,7 +729,7 @@ impl From for DiversifierKey { /// /// Derived as specied in section [4.2.3] of the spec, and [ZIP-32]. /// - /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents /// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation #[allow(non_snake_case)] fn from(fvk: FullViewingKey) -> DiversifierKey { @@ -751,7 +751,7 @@ impl From for [u8; 32] { /// Combined with an `IncomingViewingKey`, produces a _diversified /// payment address_. /// -/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents +/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, Eq, PartialEq)] #[cfg_attr( any(test, feature = "proptest-impl"), @@ -823,7 +823,7 @@ impl TryFrom for pallas::Affine { impl Diversifier { /// Generate a new `Diversifier`. /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents pub fn new(csprng: &mut T) -> Self where T: RngCore + CryptoRng, @@ -845,7 +845,7 @@ impl Diversifier { /// Derived by multiplying a Pallas point [derived][concretediversifyhash] from /// a `Diversifier` by the `IncomingViewingKey` scalar. /// -/// [concretediversifyhash]: https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash +/// [concretediversifyhash]: https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents #[derive(Copy, Clone, PartialEq)] pub struct TransmissionKey(pub pallas::Affine); @@ -891,8 +891,8 @@ impl From<(IncomingViewingKey, Diversifier)> for TransmissionKey { /// /// KA^Orchard.DerivePublic(sk, B) := [sk] B /// - /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents - /// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement + /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents + /// https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement fn from((ivk, d): (IncomingViewingKey, Diversifier)) -> Self { let g_d = pallas::Point::from(d); @@ -908,7 +908,7 @@ impl PartialEq<[u8; 32]> for TransmissionKey { /// An ephemeral public key for Orchard key agreement. /// -/// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement +/// https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement /// https://zips.z.cash/protocol/nu5.pdf#saplingandorchardencrypt #[derive(Copy, Clone, Deserialize, PartialEq, Serialize)] pub struct EphemeralPublicKey(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine); diff --git a/zebra-chain/src/orchard/note/nullifiers.rs b/zebra-chain/src/orchard/note/nullifiers.rs index a7e2466f2..0ef180a3d 100644 --- a/zebra-chain/src/orchard/note/nullifiers.rs +++ b/zebra-chain/src/orchard/note/nullifiers.rs @@ -28,7 +28,7 @@ fn poseidon_hash(_x: pallas::Base, _y: pallas::Base) -> pallas::Base { /// /// PRF^nfOrchard(nk*, ρ*) := PoseidonHash(nk*, ρ*) /// -/// [concreteprfs]: https://zips.z.cash/protocol/protocol.pdf#concreteprfs +/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs /// [poseidonhash]: https://zips.z.cash/protocol/nu5.pdf#poseidonhash fn prf_nf(nk: pallas::Base, rho: pallas::Base) -> pallas::Base { poseidon_hash(nk, rho) diff --git a/zebra-chain/src/orchard/sinsemilla.rs b/zebra-chain/src/orchard/sinsemilla.rs index 10d8fe7c9..a11d358c3 100644 --- a/zebra-chain/src/orchard/sinsemilla.rs +++ b/zebra-chain/src/orchard/sinsemilla.rs @@ -26,7 +26,7 @@ pub fn extract_p(point: pallas::Point) -> pallas::Base { /// as a domain separator to distinguish uses of the group hash for different /// purposes; the second input element is the message. /// -/// https://zips.z.cash/protocol/protocol.pdf#concretegrouphashpallasandvesta +/// https://zips.z.cash/protocol/nu5.pdf#concretegrouphashpallasandvesta #[allow(non_snake_case)] pub fn pallas_group_hash(D: &[u8], M: &[u8]) -> pallas::Point { let domain_separator = std::str::from_utf8(D).unwrap(); @@ -36,7 +36,7 @@ pub fn pallas_group_hash(D: &[u8], M: &[u8]) -> pallas::Point { /// Q(D) := GroupHash^P(︀“z.cash:SinsemillaQ”, D) /// -/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash +/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash #[allow(non_snake_case)] fn Q(D: &[u8]) -> pallas::Point { pallas_group_hash(b"z.cash:SinsemillaQ", D) @@ -46,7 +46,7 @@ fn Q(D: &[u8]) -> pallas::Point { /// /// S: {0 .. 2^k - 1} -> P^*, aka 10 bits hashed into the group /// -/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash +/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash #[allow(non_snake_case)] fn S(j: &u16) -> pallas::Point { // The value of j is a 10-bit value, therefore must never exceed 2^10 in @@ -64,7 +64,7 @@ fn S(j: &u16) -> pallas::Point { /// the Sinsemilla hash for the Orchard incremental Merkle tree (§ 5.4.1.3 /// ‘MerkleCRH^Orchard Hash Function’). /// -/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash +/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash /// /// # Panics /// @@ -81,7 +81,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec) -> pallas::Point // Split M into n segments of k bits, where k = 10 and c = 253, padding // the last segment with zeros. // - // https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash + // https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash for chunk in M.chunks(k) { // Pad each chunk with zeros. let mut store = 0u16; @@ -113,7 +113,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec) -> pallas::Point /// PedersenHash) is to make efcient use of the lookups available in recent /// proof systems including Halo 2." /// -/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash +/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash /// /// # Panics /// diff --git a/zebra-chain/src/orchard/tree.rs b/zebra-chain/src/orchard/tree.rs index 9e819b7d0..1c7578e0b 100644 --- a/zebra-chain/src/orchard/tree.rs +++ b/zebra-chain/src/orchard/tree.rs @@ -50,7 +50,7 @@ fn merkle_crh_orchard(layer: u8, left: [u8; 32], right: [u8; 32]) -> [u8; 32] { lazy_static! { /// Orchard note commitment trees have a max depth of 32. /// - /// https://zips.z.cash/protocol/protocol.pdf#constants + /// https://zips.z.cash/protocol/nu5.pdf#constants static ref EMPTY_ROOTS: Vec<[u8; 32]> = { // Uncommitted^Orchard = I2LEBSP_l_MerkleOrchard(1) let mut v = vec![jubjub::Fq::one().to_bytes()]; @@ -68,7 +68,7 @@ lazy_static! { /// The index of a note’s commitment at the leafmost layer of its /// `NoteCommitmentTree`. /// -/// https://zips.z.cash/protocol/protocol.pdf#merkletree +/// https://zips.z.cash/protocol/nu5.pdf#merkletree // XXX: dedupe with sapling? pub struct Position(pub(crate) u64);