Move personalization constants to submodule.
This commit is contained in:
parent
25a8050df8
commit
c7c8d3c039
|
@ -27,6 +27,8 @@ use jubjub::{
|
||||||
edwards
|
edwards
|
||||||
};
|
};
|
||||||
|
|
||||||
|
use constants;
|
||||||
|
|
||||||
trait Assignment<T> {
|
trait Assignment<T> {
|
||||||
fn get(&self) -> Result<&T, SynthesisError>;
|
fn get(&self) -> Result<&T, SynthesisError>;
|
||||||
}
|
}
|
||||||
|
@ -157,7 +159,7 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
|
||||||
let mut ivk = blake2s::blake2s(
|
let mut ivk = blake2s::blake2s(
|
||||||
cs.namespace(|| "computation of ivk"),
|
cs.namespace(|| "computation of ivk"),
|
||||||
&vk,
|
&vk,
|
||||||
::CRH_IVK_PERSONALIZATION
|
constants::CRH_IVK_PERSONALIZATION
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
// Little endian bit order
|
// Little endian bit order
|
||||||
|
@ -301,7 +303,7 @@ impl<'a, E: JubjubEngine> Circuit<E> for Spend<'a, E> {
|
||||||
let mut rho = blake2s::blake2s(
|
let mut rho = blake2s::blake2s(
|
||||||
cs.namespace(|| "rho computation"),
|
cs.namespace(|| "rho computation"),
|
||||||
&rho_preimage,
|
&rho_preimage,
|
||||||
::PRF_NR_PERSONALIZATION
|
constants::PRF_NR_PERSONALIZATION
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
// Little endian bit order
|
// Little endian bit order
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
// BLAKE2s invocation personalizations
|
||||||
|
/// BLAKE2s Personalization for CRH^ivk = BLAKE2s(ak | rk)
|
||||||
|
pub const CRH_IVK_PERSONALIZATION: &'static [u8; 8] = b"Zcashivk";
|
||||||
|
/// BLAKE2s Personalization for PRF^nr = BLAKE2s(rk | cm + position)
|
||||||
|
pub const PRF_NR_PERSONALIZATION: &'static [u8; 8] = b"WhatTheH";
|
||||||
|
|
||||||
|
// Group hash personalizations
|
||||||
|
/// BLAKE2s Personalization for Pedersen hash generators.
|
||||||
|
pub const PEDERSEN_HASH_GENERATORS_PERSONALIZATION: &'static [u8; 8] = b"PEDERSEN";
|
||||||
|
/// BLAKE2s Personalization for the group hash for key diversification
|
||||||
|
pub const KEY_DIVERSIFICATION_PERSONALIZATION: &'static [u8; 8] = b"Zcash_gh";
|
||||||
|
/// BLAKE2s Personalization for the proof generation key base point
|
||||||
|
pub const PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"12345678";
|
||||||
|
/// BLAKE2s Personalization for the note commitment randomness generator
|
||||||
|
pub const NOTE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"abcdefgh";
|
||||||
|
/// BLAKE2s Personalization for the nullifier position generator (for PRF^nr)
|
||||||
|
pub const NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"nfnfnfnf";
|
||||||
|
/// BLAKE2s Personalization for the value commitment generator for the value
|
||||||
|
pub const VALUE_COMMITMENT_VALUE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"45u8gh45";
|
||||||
|
/// BLAKE2s Personalization for the value commitment randomness generator
|
||||||
|
pub const VALUE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"11111111";
|
||||||
|
/// BLAKE2s Personalization for the spending key base point
|
||||||
|
pub const SPENDING_KEY_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"sksksksk";
|
|
@ -24,7 +24,9 @@ use pairing::{
|
||||||
SqrtField
|
SqrtField
|
||||||
};
|
};
|
||||||
|
|
||||||
use super::group_hash::group_hash;
|
use group_hash::group_hash;
|
||||||
|
|
||||||
|
use constants;
|
||||||
|
|
||||||
use pairing::bls12_381::{
|
use pairing::bls12_381::{
|
||||||
Bls12,
|
Bls12,
|
||||||
|
@ -188,7 +190,7 @@ impl JubjubBls12 {
|
||||||
let mut pedersen_hash_generators = vec![];
|
let mut pedersen_hash_generators = vec![];
|
||||||
|
|
||||||
while pedersen_hash_generators.len() < 5 {
|
while pedersen_hash_generators.len() < 5 {
|
||||||
let gh = group_hash(&[cur], ::PEDERSEN_HASH_GENERATORS_PERSONALIZATION, &tmp);
|
let gh = group_hash(&[cur], constants::PEDERSEN_HASH_GENERATORS_PERSONALIZATION, &tmp);
|
||||||
// We don't want to overflow and start reusing generators
|
// We don't want to overflow and start reusing generators
|
||||||
assert!(cur != u8::max_value());
|
assert!(cur != u8::max_value());
|
||||||
cur += 1;
|
cur += 1;
|
||||||
|
@ -228,22 +230,22 @@ impl JubjubBls12 {
|
||||||
for c in 0..(FixedGenerators::Max as usize) {
|
for c in 0..(FixedGenerators::Max as usize) {
|
||||||
let p = match c {
|
let p = match c {
|
||||||
c if c == (FixedGenerators::ProofGenerationKey as usize) => {
|
c if c == (FixedGenerators::ProofGenerationKey as usize) => {
|
||||||
::PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION
|
constants::PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
c if c == (FixedGenerators::NoteCommitmentRandomness as usize) => {
|
c if c == (FixedGenerators::NoteCommitmentRandomness as usize) => {
|
||||||
::NOTE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION
|
constants::NOTE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
c if c == (FixedGenerators::NullifierPosition as usize) => {
|
c if c == (FixedGenerators::NullifierPosition as usize) => {
|
||||||
::NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION
|
constants::NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
c if c == (FixedGenerators::ValueCommitmentValue as usize) => {
|
c if c == (FixedGenerators::ValueCommitmentValue as usize) => {
|
||||||
::VALUE_COMMITMENT_VALUE_GENERATOR_PERSONALIZATION
|
constants::VALUE_COMMITMENT_VALUE_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
c if c == (FixedGenerators::ValueCommitmentRandomness as usize) => {
|
c if c == (FixedGenerators::ValueCommitmentRandomness as usize) => {
|
||||||
::VALUE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION
|
constants::VALUE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
c if c == (FixedGenerators::SpendingKeyGenerator as usize) => {
|
c if c == (FixedGenerators::SpendingKeyGenerator as usize) => {
|
||||||
::SPENDING_KEY_GENERATOR_PERSONALIZATION
|
constants::SPENDING_KEY_GENERATOR_PERSONALIZATION
|
||||||
},
|
},
|
||||||
_ => unreachable!()
|
_ => unreachable!()
|
||||||
};
|
};
|
||||||
|
|
26
src/lib.rs
26
src/lib.rs
|
@ -3,7 +3,6 @@ extern crate bellman;
|
||||||
extern crate blake2_rfc;
|
extern crate blake2_rfc;
|
||||||
extern crate digest;
|
extern crate digest;
|
||||||
extern crate rand;
|
extern crate rand;
|
||||||
|
|
||||||
extern crate byteorder;
|
extern crate byteorder;
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
@ -15,27 +14,4 @@ pub mod circuit;
|
||||||
pub mod group_hash;
|
pub mod group_hash;
|
||||||
pub mod pedersen_hash;
|
pub mod pedersen_hash;
|
||||||
pub mod primitives;
|
pub mod primitives;
|
||||||
|
mod constants;
|
||||||
// BLAKE2s invocation personalizations
|
|
||||||
/// BLAKE2s Personalization for CRH^ivk = BLAKE2s(ak | rk)
|
|
||||||
const CRH_IVK_PERSONALIZATION: &'static [u8; 8] = b"Zcashivk";
|
|
||||||
/// BLAKE2s Personalization for PRF^nr = BLAKE2s(rk | cm + position)
|
|
||||||
const PRF_NR_PERSONALIZATION: &'static [u8; 8] = b"WhatTheH";
|
|
||||||
|
|
||||||
// Group hash personalizations
|
|
||||||
/// BLAKE2s Personalization for Pedersen hash generators.
|
|
||||||
const PEDERSEN_HASH_GENERATORS_PERSONALIZATION: &'static [u8; 8] = b"PEDERSEN";
|
|
||||||
/// BLAKE2s Personalization for the group hash for key diversification
|
|
||||||
const KEY_DIVERSIFICATION_PERSONALIZATION: &'static [u8; 8] = b"Zcash_gh";
|
|
||||||
/// BLAKE2s Personalization for the proof generation key base point
|
|
||||||
const PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"12345678";
|
|
||||||
/// BLAKE2s Personalization for the note commitment randomness generator
|
|
||||||
const NOTE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"abcdefgh";
|
|
||||||
/// BLAKE2s Personalization for the nullifier position generator (for PRF^nr)
|
|
||||||
const NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"nfnfnfnf";
|
|
||||||
/// BLAKE2s Personalization for the value commitment generator for the value
|
|
||||||
const VALUE_COMMITMENT_VALUE_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"45u8gh45";
|
|
||||||
/// BLAKE2s Personalization for the value commitment randomness generator
|
|
||||||
const VALUE_COMMITMENT_RANDOMNESS_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"11111111";
|
|
||||||
/// BLAKE2s Personalization for the spending key base point
|
|
||||||
const SPENDING_KEY_GENERATOR_PERSONALIZATION: &'static [u8; 8] = b"sksksksk";
|
|
||||||
|
|
|
@ -3,6 +3,8 @@ use pairing::{
|
||||||
PrimeFieldRepr
|
PrimeFieldRepr
|
||||||
};
|
};
|
||||||
|
|
||||||
|
use constants;
|
||||||
|
|
||||||
use group_hash::group_hash;
|
use group_hash::group_hash;
|
||||||
|
|
||||||
use pedersen_hash::{
|
use pedersen_hash::{
|
||||||
|
@ -52,7 +54,7 @@ impl<E: JubjubEngine> ViewingKey<E> {
|
||||||
self.ak.write(&mut preimage[0..32]).unwrap();
|
self.ak.write(&mut preimage[0..32]).unwrap();
|
||||||
self.rk.write(&mut preimage[32..64]).unwrap();
|
self.rk.write(&mut preimage[32..64]).unwrap();
|
||||||
|
|
||||||
let mut h = Blake2s::with_params(32, &[], &[], ::CRH_IVK_PERSONALIZATION);
|
let mut h = Blake2s::with_params(32, &[], &[], constants::CRH_IVK_PERSONALIZATION);
|
||||||
h.update(&preimage);
|
h.update(&preimage);
|
||||||
let mut h = h.finalize().as_ref().to_vec();
|
let mut h = h.finalize().as_ref().to_vec();
|
||||||
|
|
||||||
|
@ -91,7 +93,7 @@ impl Diversifier {
|
||||||
params: &E::Params
|
params: &E::Params
|
||||||
) -> Option<edwards::Point<E, PrimeOrder>>
|
) -> Option<edwards::Point<E, PrimeOrder>>
|
||||||
{
|
{
|
||||||
group_hash::<E>(&self.0, ::KEY_DIVERSIFICATION_PERSONALIZATION, params)
|
group_hash::<E>(&self.0, constants::KEY_DIVERSIFICATION_PERSONALIZATION, params)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -167,7 +169,7 @@ impl<E: JubjubEngine> Note<E> {
|
||||||
let mut nr_preimage = [0u8; 64];
|
let mut nr_preimage = [0u8; 64];
|
||||||
viewing_key.rk.write(&mut nr_preimage[0..32]).unwrap();
|
viewing_key.rk.write(&mut nr_preimage[0..32]).unwrap();
|
||||||
cm_plus_position.write(&mut nr_preimage[32..64]).unwrap();
|
cm_plus_position.write(&mut nr_preimage[32..64]).unwrap();
|
||||||
let mut h = Blake2s::with_params(32, &[], &[], ::PRF_NR_PERSONALIZATION);
|
let mut h = Blake2s::with_params(32, &[], &[], constants::PRF_NR_PERSONALIZATION);
|
||||||
h.update(&nr_preimage);
|
h.update(&nr_preimage);
|
||||||
let mut h = h.finalize().as_ref().to_vec();
|
let mut h = h.finalize().as_ref().to_vec();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue