zcash-hackworks
/
zcash-test-vectors
mirror of https://github.com/zcash-hackworks/zcash-test-vectors.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Address review comments 

Co-authored-by: Jack Grigg <jack@electriccoin.co>
This commit is contained in:
therealyingtong 2021-05-28 23:37:49 +08:00
parent 70ccff9bd9
commit d25805a893
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
orchard_note.py
View File

@ -9,6 +9,7 @@ from utils import leos2bsp
class OrchardNote(object): class OrchardNote(object):
def __init__(self, d, pk_d, v, rho, rseed): def __init__(self, d, pk_d, v, rho, rseed):
assert isinstance(v, int)
self.d = d self.d = d
self.pk_d = pk_d self.pk_d = pk_d
self.v = v self.v = v

12
orchard_note_encryption.py
View File

@ -1,5 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys; assert sys.version_info[0] >= 3, "Python 3 required." import sys; assert sys.version_info[0] >= 3, "Python 3 required."
import struct
from chacha20poly1305 import ChaCha20Poly1305 from chacha20poly1305 import ChaCha20Poly1305
import os import os
@ -126,19 +127,20 @@ class TransmittedNoteCipherText(object):
assert(leadbyte == 2) assert(leadbyte == 2)
np = OrchardNotePlaintext( np = OrchardNotePlaintext(
p_enc[1:12], # d p_enc[1:12], # d
struct.unpack('<Q', p_enc[12:20]), # v struct.unpack('<Q', p_enc[12:20])[0], # v
p_enc[20:52], # rseed p_enc[20:52], # rseed
p_enc[52:564], # memo p_enc[52:564], # memo
) )
g_d = diversify_hash(np.d) g_d = diversify_hash(np.d)
pk_d = OrchardKeyAgreement.derive_public(ivk, g_d)
note = OrchardNote(np.d, pk_d, np.v, rho, np.rseed)
esk = OrchardKeyAgreement.esk(np.rseed, rho) esk = OrchardKeyAgreement.esk(np.rseed, rho)
if OrchardKeyAgreement.derive_public(esk, g_d) != epk: if OrchardKeyAgreement.derive_public(esk, g_d) != epk:
return None return None
pk_d = OrchardKeyAgreement.derive_public(ivk, g_d)
note = OrchardNote(np.d, pk_d, np.v, rho, np.rseed)
cm = note.note_commitment() cm = note.note_commitment()
if cm is None: if cm is None:
return None return None
@ -152,6 +154,7 @@ class TransmittedNoteCipherText(object):
# and to decode epk from it. That is required for consensus compatibility # and to decode epk from it. That is required for consensus compatibility
# in Sapling decryption before ZIP 216, but the reverse is okay here # in Sapling decryption before ZIP 216, but the reverse is okay here
# because Pallas points have no non-canonical encodings. # because Pallas points have no non-canonical encodings.
ephemeral_key = bytes(self.epk)
ock = prf_ock_orchard(ovk, bytes(cv), bytes(cm_star), bytes(self.epk)) ock = prf_ock_orchard(ovk, bytes(cv), bytes(cm_star), bytes(self.epk))
op = OrchardSym.decrypt(ock, self.c_out) op = OrchardSym.decrypt(ock, self.c_out)
if op is None: if op is None:
@ -164,7 +167,6 @@ class TransmittedNoteCipherText(object):
return None return None
shared_secret = OrchardKeyAgreement.agree(esk, pk_d) shared_secret = OrchardKeyAgreement.agree(esk, pk_d)
ephemeral_key = bytes(self.epk)
k_enc = kdf_orchard(shared_secret, ephemeral_key) k_enc = kdf_orchard(shared_secret, ephemeral_key)
p_enc = OrchardSym.decrypt(k_enc, self.c_enc) p_enc = OrchardSym.decrypt(k_enc, self.c_enc)
if p_enc is None: if p_enc is None:
@ -174,7 +176,7 @@ class TransmittedNoteCipherText(object):
assert(leadbyte == 2) assert(leadbyte == 2)
np = OrchardNotePlaintext( np = OrchardNotePlaintext(
p_enc[1:12], # d p_enc[1:12], # d
struct.unpack('<Q', p_enc[12:20]), # v struct.unpack('<Q', p_enc[12:20])[0], # v
p_enc[20:52], # rseed p_enc[20:52], # rseed
p_enc[52:564], # memo p_enc[52:564], # memo
) )