zec
/
sapling-crypto
mirror of https://github.com/zcash/sapling-crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move first block of group hash to constants submodule.

This commit is contained in:
Sean Bowe 2018-03-08 00:09:34 -07:00
parent c7c8d3c039
commit 896b144a7d
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/constants.rs
View File

@ -1,3 +1,9 @@
/// First 64 bytes of the BLAKE2s input during group hash.
/// This is chosen to be some random string that we couldn't have anticipated when we designed
/// the algorithm, for rigidity purposes.
/// We deliberately use an ASCII hex string of 32 bytes here.
pub const GH_FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
// BLAKE2s invocation personalizations
/// BLAKE2s Personalization for CRH^ivk = BLAKE2s(ak | rk)
pub const CRH_IVK_PERSONALIZATION: &'static [u8; 8] = b"Zcashivk";

7
src/group_hash.rs
View File

@ -1,10 +1,7 @@
use jubjub::*;
use pairing::*;
use blake2_rfc::blake2s::Blake2s;
/// This is chosen to be some random string that we couldn't have anticipated when we designed
/// the algorithm, for rigidity purposes.
pub const FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
use constants;
/// Produces a random point in the Jubjub curve.
/// The point is guaranteed to be prime order
@ -21,7 +18,7 @@ pub fn group_hash<E: JubjubEngine>(
assert!(E::Fr::NUM_BITS == 255);
let mut h = Blake2s::with_params(32, &[], &[], personalization);
h.update(FIRST_BLOCK);
h.update(constants::GH_FIRST_BLOCK);
h.update(tag);
let mut h = h.finalize().as_ref().to_vec();
assert!(h.len() == 32);