2018-05-17 12:21:42 -07:00
|
|
|
#!/usr/bin/env python3
|
2018-07-21 03:24:50 -07:00
|
|
|
import sys; assert sys.version_info[0] >= 3, "Python 3 required."
|
|
|
|
|
2022-02-01 18:25:52 -08:00
|
|
|
from hashlib import blake2b, blake2s
|
2018-05-17 12:21:42 -07:00
|
|
|
|
2022-01-07 06:52:55 -08:00
|
|
|
from .generators import PROVING_KEY_BASE, SPENDING_KEY_BASE, group_hash
|
|
|
|
from .jubjub import Fr
|
|
|
|
from .merkle_tree import MERKLE_DEPTH
|
|
|
|
from .notes import note_commit, note_nullifier
|
|
|
|
from ..utils import leos2bsp, leos2ip
|
|
|
|
from ..output import render_args, render_tv
|
2018-06-04 05:33:50 -07:00
|
|
|
|
|
|
|
#
|
|
|
|
# Utilities
|
|
|
|
#
|
|
|
|
|
|
|
|
def to_scalar(buf):
|
|
|
|
return Fr(leos2ip(buf))
|
|
|
|
|
2018-05-17 12:21:42 -07:00
|
|
|
|
|
|
|
#
|
|
|
|
# PRFs and hashes
|
|
|
|
#
|
|
|
|
|
|
|
|
def prf_expand(sk, t):
|
|
|
|
digest = blake2b(person=b'Zcash_ExpandSeed')
|
|
|
|
digest.update(sk)
|
|
|
|
digest.update(t)
|
|
|
|
return digest.digest()
|
|
|
|
|
|
|
|
def crh_ivk(ak, nk):
|
|
|
|
digest = blake2s(person=b'Zcashivk')
|
|
|
|
digest.update(ak)
|
|
|
|
digest.update(nk)
|
|
|
|
ivk = digest.digest()
|
2018-06-04 05:33:50 -07:00
|
|
|
return leos2ip(ivk) % 2**251
|
2018-05-17 12:21:42 -07:00
|
|
|
|
2018-07-21 06:15:15 -07:00
|
|
|
def diversify_hash(d):
|
|
|
|
return group_hash(b'Zcash_gd', d)
|
2018-05-17 12:21:42 -07:00
|
|
|
|
|
|
|
#
|
|
|
|
# Key components
|
|
|
|
#
|
|
|
|
|
|
|
|
def cached(f):
|
|
|
|
def wrapper(self):
|
|
|
|
if not hasattr(self, '_cached'):
|
|
|
|
self._cached = {}
|
|
|
|
if not self._cached.get(f):
|
|
|
|
self._cached[f] = f(self)
|
|
|
|
return self._cached[f]
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2018-07-21 06:17:20 -07:00
|
|
|
class DerivedAkNk(object):
|
2018-05-17 12:21:42 -07:00
|
|
|
@cached
|
|
|
|
def ak(self):
|
|
|
|
return SPENDING_KEY_BASE * self.ask()
|
|
|
|
|
|
|
|
@cached
|
|
|
|
def nk(self):
|
|
|
|
return PROVING_KEY_BASE * self.nsk()
|
|
|
|
|
2018-07-21 06:17:20 -07:00
|
|
|
|
|
|
|
class DerivedIvk(object):
|
2018-05-17 12:21:42 -07:00
|
|
|
@cached
|
|
|
|
def ivk(self):
|
2018-06-04 05:33:50 -07:00
|
|
|
return Fr(crh_ivk(bytes(self.ak()), bytes(self.nk())))
|
2018-05-17 12:21:42 -07:00
|
|
|
|
2018-07-21 06:17:20 -07:00
|
|
|
|
|
|
|
class SpendingKey(DerivedAkNk, DerivedIvk):
|
|
|
|
def __init__(self, data):
|
|
|
|
self.data = data
|
|
|
|
|
|
|
|
@cached
|
|
|
|
def ask(self):
|
|
|
|
return to_scalar(prf_expand(self.data, b'\x00'))
|
|
|
|
|
|
|
|
@cached
|
|
|
|
def nsk(self):
|
|
|
|
return to_scalar(prf_expand(self.data, b'\x01'))
|
|
|
|
|
|
|
|
@cached
|
|
|
|
def ovk(self):
|
|
|
|
return prf_expand(self.data, b'\x02')[:32]
|
|
|
|
|
2018-05-17 12:21:42 -07:00
|
|
|
@cached
|
|
|
|
def default_d(self):
|
|
|
|
i = 0
|
|
|
|
while True:
|
|
|
|
d = prf_expand(self.data, bytes([3, i]))[:11]
|
2018-07-21 06:15:15 -07:00
|
|
|
if diversify_hash(d):
|
2018-05-17 12:21:42 -07:00
|
|
|
return d
|
|
|
|
i += 1
|
2018-05-17 23:00:45 -07:00
|
|
|
assert i < 256
|
2018-05-17 12:21:42 -07:00
|
|
|
|
|
|
|
@cached
|
|
|
|
def default_pkd(self):
|
2018-07-21 06:15:15 -07:00
|
|
|
return diversify_hash(self.default_d()) * self.ivk()
|
2018-05-17 12:21:42 -07:00
|
|
|
|
|
|
|
|
|
|
|
def main():
|
2018-06-05 01:36:37 -07:00
|
|
|
args = render_args()
|
|
|
|
|
2018-06-04 22:30:16 -07:00
|
|
|
test_vectors = []
|
2018-05-17 12:21:42 -07:00
|
|
|
for i in range(0, 10):
|
|
|
|
sk = SpendingKey(bytes([i] * 32))
|
2018-05-18 12:19:09 -07:00
|
|
|
note_v = (2548793025584392057432895043257984320*i) % 2**64
|
|
|
|
note_r = Fr(8890123457840276890326754358439057438290574382905).exp(i+1)
|
|
|
|
note_cm = note_commit(
|
|
|
|
note_r,
|
2018-07-21 06:15:15 -07:00
|
|
|
leos2bsp(bytes(diversify_hash(sk.default_d()))),
|
2018-05-18 12:19:09 -07:00
|
|
|
leos2bsp(bytes(sk.default_pkd())),
|
|
|
|
note_v)
|
2018-05-18 12:47:22 -07:00
|
|
|
note_pos = (980705743285409327583205473820957432*i) % 2**MERKLE_DEPTH
|
|
|
|
note_nf = note_nullifier(sk.nk(), note_cm, Fr(note_pos))
|
2018-06-04 22:30:16 -07:00
|
|
|
test_vectors.append({
|
|
|
|
'sk': sk.data,
|
|
|
|
'ask': bytes(sk.ask()),
|
|
|
|
'nsk': bytes(sk.nsk()),
|
|
|
|
'ovk': sk.ovk(),
|
|
|
|
'ak': bytes(sk.ak()),
|
|
|
|
'nk': bytes(sk.nk()),
|
|
|
|
'ivk': bytes(sk.ivk()),
|
|
|
|
'default_d': sk.default_d(),
|
|
|
|
'default_pk_d': bytes(sk.default_pkd()),
|
|
|
|
'note_v': note_v,
|
|
|
|
'note_r': bytes(note_r),
|
2018-08-03 07:38:18 -07:00
|
|
|
'note_cmu': bytes(note_cm.u),
|
2018-06-04 22:30:16 -07:00
|
|
|
'note_pos': note_pos,
|
|
|
|
'note_nf': note_nf,
|
|
|
|
})
|
|
|
|
|
2018-06-05 01:36:37 -07:00
|
|
|
render_tv(
|
|
|
|
args,
|
2018-06-04 22:30:16 -07:00
|
|
|
'sapling_key_components',
|
|
|
|
(
|
|
|
|
('sk', '[u8; 32]'),
|
|
|
|
('ask', '[u8; 32]'),
|
|
|
|
('nsk', '[u8; 32]'),
|
|
|
|
('ovk', '[u8; 32]'),
|
|
|
|
('ak', '[u8; 32]'),
|
|
|
|
('nk', '[u8; 32]'),
|
|
|
|
('ivk', '[u8; 32]'),
|
|
|
|
('default_d', '[u8; 11]'),
|
|
|
|
('default_pk_d', '[u8; 32]'),
|
|
|
|
('note_v', 'u64'),
|
|
|
|
('note_r', '[u8; 32]'),
|
2018-08-03 07:38:18 -07:00
|
|
|
('note_cmu', '[u8; 32]'),
|
2018-06-04 22:30:16 -07:00
|
|
|
('note_pos', 'u64'),
|
|
|
|
('note_nf', '[u8; 32]'),
|
|
|
|
),
|
|
|
|
test_vectors,
|
|
|
|
)
|
2018-05-17 12:21:42 -07:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|