2018-05-17 17:48:53 -07:00
|
|
|
#!/usr/bin/env python3
|
2018-07-21 03:24:50 -07:00
|
|
|
import sys; assert sys.version_info[0] >= 3, "Python 3 required."
|
|
|
|
|
2022-01-07 06:52:55 -08:00
|
|
|
from .generators import (
|
2018-05-17 23:00:45 -07:00
|
|
|
find_group_hash,
|
|
|
|
NOTE_POSITION_BASE,
|
|
|
|
WINDOWED_PEDERSEN_RANDOMNESS_BASE,
|
|
|
|
)
|
2022-01-07 06:52:55 -08:00
|
|
|
from .jubjub import Fr, Point
|
|
|
|
from ..utils import cldiv, i2leosp
|
2018-05-17 17:48:53 -07:00
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Pedersen hashes
|
|
|
|
#
|
|
|
|
|
|
|
|
def I_D_i(D, i):
|
2018-05-17 19:38:32 -07:00
|
|
|
return find_group_hash(D, i2leosp(32, i - 1))
|
2018-05-17 17:48:53 -07:00
|
|
|
|
|
|
|
def encode_chunk(mj):
|
|
|
|
(s0, s1, s2) = mj
|
|
|
|
return (1 - 2*s2) * (1 + s0 + 2*s1)
|
|
|
|
|
|
|
|
def encode_segment(Mi):
|
2018-05-17 21:40:21 -07:00
|
|
|
ki = len(Mi) // 3
|
2018-05-17 17:48:53 -07:00
|
|
|
Michunks = [Mi[i:i+3] for i in range(0, len(Mi), 3)]
|
2018-05-17 23:00:45 -07:00
|
|
|
assert len(Michunks) == ki
|
2018-05-17 17:48:53 -07:00
|
|
|
return Fr(sum([encode_chunk(Michunks[j-1]) * 2**(4*(j-1)) for j in range(1, ki + 1)]))
|
|
|
|
|
|
|
|
c = 63
|
|
|
|
|
|
|
|
def pedersen_hash_to_point(D, M):
|
|
|
|
# Pad M to a multiple of 3 bits
|
|
|
|
Mdash = M + [0] * ((-len(M)) % 3)
|
2018-05-17 23:00:45 -07:00
|
|
|
assert (len(Mdash) // 3) * 3 == len(Mdash)
|
2018-05-17 17:48:53 -07:00
|
|
|
n = cldiv(len(Mdash), 3 * c)
|
|
|
|
Msegs = [Mdash[i:i+(3*c)] for i in range(0, len(Mdash), 3*c)]
|
2018-05-17 23:00:45 -07:00
|
|
|
assert len(Msegs) == n
|
2018-05-17 21:40:21 -07:00
|
|
|
return sum([I_D_i(D, i) * encode_segment(Msegs[i-1]) for i in range(1, n + 1)], Point.ZERO)
|
2018-05-17 17:48:53 -07:00
|
|
|
|
|
|
|
def pedersen_hash(D, M):
|
|
|
|
return pedersen_hash_to_point(D, M).u.bits(255)
|
|
|
|
|
|
|
|
def mixing_pedersen_hash(P, x):
|
|
|
|
return P + NOTE_POSITION_BASE * x
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Pedersen commitments
|
|
|
|
#
|
|
|
|
|
|
|
|
def windowed_pedersen_commitment(r, s):
|
|
|
|
return pedersen_hash_to_point(b'Zcash_PH', s) + WINDOWED_PEDERSEN_RANDOMNESS_BASE * r
|
|
|
|
|
|
|
|
def homomorphic_pedersen_commitment(rcv, D, v):
|
|
|
|
return find_group_hash(D, b'v') * v + find_group_hash(D, b'r') * rcv
|