zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
735 Commits 5 Branches 11 Tags 24 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
Kris Nuttycombe 77be355912 Apply suggestions from code review 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: ying tong <yingtong@z.cash>
 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 0449edd5b8 Validate the sign of the y-coordinate for ak when deserializing. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 872f337811 Expose SpendingKey byte representation. 2021-08-23 11:29:07 -06:00
Kris Nuttycombe 5d78ab3508 Add Eq and Ord implementations for Orchard keys. 2021-08-23 11:29:06 -06:00
Kris Nuttycombe 52f0f158ef Add serialization and parsing of full viewing keys. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe 1fd00e6236 Add raw address serialization and parsing. 2021-08-23 11:28:27 -06:00
Kris Nuttycombe e33cd4ade4 Add trial decryption of actions to Bundle 2021-08-23 11:28:25 -06:00
Kris Nuttycombe 77cf4c9831 Implement IncomingViewingKey::to_bytes 2021-08-23 11:27:02 -06:00
Jack Grigg 79988a5317 Move the interpolation logic into `SharedSecret::batch_to_affine` 
This makes the method interface clearer, as the same pattern of shared
secrets is returned as was provided.
 2021-08-13 14:27:20 +01:00
Jack Grigg c79acc0e08 Fix length of output Vec for `SharedSecret::batch_to_affine` 
It was too long, and `group::Curve::batch_normalize` panics if its
inputs are not the same length (which would be the case if a batch
included an output with an invalid `ephemeral_key`).
 2021-08-12 13:40:56 +01:00
Jack Grigg 8e13986101 Implement `Domain::batch_epk` for note decryption 
Improves throughput of batched trial decryption by around 10%.
 2021-08-12 01:36:38 +01:00
Jack Grigg 8c15cc25be Benchmark batch trial decryption 2021-08-12 01:36:38 +01:00
therealyingtong 8cf7a6872c Minor refactors, text fixes, and docfixes. 
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-23 00:15:54 +08:00
therealyingtong 6f4b5b0340 circuit.rs: Constrain derived circuit values to equal public inputs. 2021-07-21 20:35:43 +08:00
therealyingtong d16b83816b Implement needed getters and conversions in other modules. 2021-07-21 20:35:43 +08:00
Daira Hopwood 81fb944997 Make this crate clippy clean for warnings on nightly. 
One .clone() removal; all of the other changes are removing needless borrows that are immediately
dereferenced: https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-06-21 18:04:00 +01:00
Jack Grigg 769be6c080 Note encryption test vectors 2021-06-11 23:55:17 +01:00
Jack Grigg 99665572a2 Orchard note encryption 2021-06-11 23:55:16 +01:00
Jack Grigg 11350339f5 Ensure that derived esk is non-zero 
There's a (negligble) chance that we could generate (or be sent
adversarially) a RandomSeed which derives esk == 0. It's not hard to
detect and reject, in order to satisfy the type system.
 2021-06-11 23:54:35 +01:00
Jack Grigg 8a7ff1b28a Structs representing note encryption key material 2021-06-11 23:54:35 +01:00
Jack Grigg cbf7c3825f builder: Store alpha and use it to derive rsk for signing spends 
This was missed from zcash/orchard#49, but could not have caused a
consensus failure or loss-of-funds because `alpha` _was_ being sampled
and used to derive `rk`, meaning that the signatures would fail to
validate.
 2021-06-05 22:35:52 +01:00
str4d dc075e7971
Merge pull request #91 from zcash/key-component-test-vectors 
Add test vectors for key components
 2021-06-02 22:23:54 +01:00
str4d 803fc2bea3
Merge pull request #93 from zcash/prf_expand-domains 
Define explicit domains for PRF^expand
 2021-06-01 14:31:04 +01:00
Jack Grigg c4ffb7c617 Rework PRF^expand to use explicit domains 
`prf_expand{_vec}` have been replaced by the `PrfExpand` enum, which
has `PrfExpand::{expand, with_ad, with_ad_slices}` methods for use
within each domain as necessary.
 2021-05-28 13:12:25 +01:00
Jack Grigg 7f47949b09 Take `self` directly in to_bytes methods where Self: Copy 2021-05-28 12:11:22 +01:00
Jack Grigg 5af73f7822 Add test vectors for key components 2021-05-28 11:57:21 +01:00
str4d f82d00e40d
Merge pull request #77 from zcash/remove-rand-0.7 
Remove rand 0.7 usage
 2021-05-21 21:25:34 +01:00
str4d 2bbbc3ec94
Update comments 
Co-authored-by: ying tong <yingtong@z.cash>
 2021-05-21 21:24:08 +01:00
Jack Grigg 736de1156b Ensure that Notes always have valid commitments 
Implements the change from spec version 2021.1.23 to sample a new rseed
if a note is generated without a valid commitment.
 2021-05-11 18:51:57 +08:00
Jack Grigg d8cc596bbe Create separate types for protocol-level and user-level ivk 
Spec version 2021.1.24 added the diversifier key to the encoding of an
incoming viewing key (to make them more usable). As a result, we now
have two separate types:

- `KeyAgreementPrivateKey`: what was previously `IncomingViewingKey`,
  corresponding to the `ivk` type in the protocol spec. It is now
  crate-internal.
- `IncomingViewingKey`: the user-facing type that encompasses `dk` and
  `ivk`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 76a39d29c1 Change diversify_hash and ka_orchard to use non-zero types 
This matches the changes to KA^Orchard in spec version 2021.1.23.
 2021-05-11 18:51:57 +08:00
Jack Grigg 9a828febd7 Change `commit_ivk` to return a non-zero Pallas base field element 
The type system now enforces that `ivk != 0`.
 2021-05-11 18:51:57 +08:00
Jack Grigg 012d14073d Remove rand 0.7 usage 
Upstream redjubjub (on which our reddsa dependency is based) has
migrated to rand 0.8.
 2021-05-09 07:51:55 +12:00
Kris Nuttycombe e72d74ccd6 Remove extraneous pub exports from the root. 2021-05-05 11:46:24 -06:00
Kris Nuttycombe f91088d35b Use builder to generate "valid" bundles via proptest. 2021-04-28 18:21:12 -06:00
Kris Nuttycombe 4d89d45332 Add proptest generators for action and bundle types. 2021-04-28 18:04:17 -06:00
Jack Grigg 30f01d122c Bundle builder 2021-04-27 14:31:21 +12:00
Jack Grigg f62bbbbb95 Small conversion helpers 2021-04-23 01:08:43 +12:00
Jack Grigg 35f65bb26a Expose RedPallas rerandomization 2021-04-23 01:06:10 +12:00
Jack Grigg 77121facb7 Dummy note generation 2021-04-23 00:46:39 +12:00
str4d 31d1a67837
Expand documentation of conditions on SpendingKeys 
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
 2021-04-21 23:28:32 +01:00
Jack Grigg c08d12cc52 Use incomplete addition in SinsemillaHashToPoint 
This requires exposing the ⊥ case throughout the return types. We
prevent it from propagating into the Orchard note and key types by
ensuring that:

- When we generate keys or notes, if we encounter ⊥ we discard and
  re-generate.
- When we construct keys or notes via any other pathway (e.g. parsing
  from bytes), we check for and reject ⊥.
 2021-04-20 10:05:56 +12:00
Jack Grigg 0f6eb9ca6c Nullifier derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 680c917ce6 Note commitment derivation 2021-03-26 07:51:05 +13:00
Jack Grigg 3911fb3202 Use Pallas directly from pasta_curves crate 2021-03-18 15:06:16 +13:00
Jack Grigg e0417268ad Make address generation infallible again 
DiversifyHash is altered to replace the identity with another fixed
point that is known to not be the identity.
 2021-03-18 08:30:22 +13:00
Jack Grigg 8e55b46dbf Deduplicate default address generation 2021-03-16 10:01:50 +13:00
Jack Grigg 46bf89c122 Update ivk derivation to match latest protocol spec draft 2021-03-16 09:33:07 +13:00
Jack Grigg e0b40cb3cb FullViewingKey::address_at(impl Into<DiversifierIndex>) 
This is a more usable API, which we can use when we have the full
viewing key and can obtain the DiversifierKey.
 2021-03-16 09:20:45 +13:00
Jack Grigg e98f324d7d Ensure diversify_hash does not return the identity 
This makes diversified address generation fallible (though with
negligible probability). We expose this to users, so they can decide how
to handle it (either just unwrapping, or incrementing the diversifier
index).

We alter spending key construction to reject spending keys that would
not result in a default address (with diversifier index 0).
 2021-03-16 09:03:44 +13:00