2021-05-02 23:26:44 -07:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
import sys; assert sys.version_info[0] >= 3, "Python 3 required."
|
|
|
|
|
2022-01-07 06:52:55 -08:00
|
|
|
from .group_hash import group_hash
|
|
|
|
from .pallas import Fp, Scalar
|
|
|
|
from .sinsemilla import sinsemilla_hash_to_point
|
|
|
|
from ..utils import i2lebsp
|
2021-05-02 23:26:44 -07:00
|
|
|
|
|
|
|
# Commitment schemes used in Orchard https://zips.z.cash/protocol/nu5.pdf#concretecommit
|
|
|
|
|
|
|
|
# https://zips.z.cash/protocol/nu5.pdf#constants
|
|
|
|
L_ORCHARD_BASE = 255
|
|
|
|
|
|
|
|
# https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit
|
|
|
|
def homomorphic_pedersen_commitment(rcv: Scalar, D, v: Scalar):
|
|
|
|
return group_hash(D, b"v") * v + group_hash(D, b"r") * rcv
|
|
|
|
|
|
|
|
def value_commit(rcv: Scalar, v: Scalar):
|
|
|
|
return homomorphic_pedersen_commitment(rcv, b"z.cash:Orchard-cv", v)
|
|
|
|
|
2021-05-06 20:54:19 -07:00
|
|
|
def rcv_trapdoor(rand):
|
|
|
|
return Scalar.random(rand)
|
2021-05-02 23:26:44 -07:00
|
|
|
|
|
|
|
# https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit
|
|
|
|
def sinsemilla_commit(r: Scalar, D, M):
|
2021-05-06 07:54:33 -07:00
|
|
|
assert isinstance(r, Scalar)
|
2021-09-28 14:34:25 -07:00
|
|
|
return sinsemilla_hash_to_point(D + b"-M", M) + (
|
2021-05-06 07:54:33 -07:00
|
|
|
group_hash(D + b"-r", b"") * r
|
2021-05-02 23:26:44 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
def sinsemilla_short_commit(r: Scalar, D, M):
|
|
|
|
return sinsemilla_commit(r, D, M).extract()
|
|
|
|
|
|
|
|
# https://zips.z.cash/protocol/nu5.pdf#concreteorchardnotecommit
|
|
|
|
def note_commit(rcm, g_d, pk_d, v, rho, psi):
|
|
|
|
return sinsemilla_commit(
|
|
|
|
rcm,
|
2021-05-12 21:57:07 -07:00
|
|
|
b"z.cash:Orchard-NoteCommit",
|
2021-05-06 07:54:33 -07:00
|
|
|
g_d + pk_d + i2lebsp(64, v) + i2lebsp(L_ORCHARD_BASE, rho.s) + i2lebsp(L_ORCHARD_BASE, psi.s)
|
2021-05-02 23:26:44 -07:00
|
|
|
)
|
|
|
|
|
2021-05-06 20:54:19 -07:00
|
|
|
def rcm_trapdoor(rand):
|
|
|
|
return Scalar.random(rand)
|
2021-05-02 23:26:44 -07:00
|
|
|
|
|
|
|
# https://zips.z.cash/protocol/nu5.pdf#concreteorchardnotecommit
|
2021-05-06 07:54:33 -07:00
|
|
|
def commit_ivk(rivk: Scalar, ak: Fp, nk: Fp):
|
2021-05-11 05:06:32 -07:00
|
|
|
return sinsemilla_short_commit(
|
2021-05-02 23:26:44 -07:00
|
|
|
rivk,
|
2021-05-12 21:57:07 -07:00
|
|
|
b"z.cash:Orchard-CommitIvk",
|
2021-05-06 07:54:33 -07:00
|
|
|
i2lebsp(L_ORCHARD_BASE, ak.s) + i2lebsp(L_ORCHARD_BASE, nk.s)
|
2021-05-11 05:06:32 -07:00
|
|
|
)
|
2021-05-02 23:26:44 -07:00
|
|
|
|
2021-05-06 20:54:19 -07:00
|
|
|
def rivk_trapdoor(rand):
|
|
|
|
return Scalar.random(rand)
|
2021-05-02 23:26:44 -07:00
|
|
|
|
|
|
|
# Test consistency of ValueCommit^{Orchard} with precomputed generators
|
|
|
|
def test_value_commit():
|
|
|
|
from random import Random
|
2022-01-07 06:52:55 -08:00
|
|
|
from ..rand import Rand
|
|
|
|
from .generators import VALUE_COMMITMENT_RANDOMNESS_BASE, VALUE_COMMITMENT_VALUE_BASE
|
2021-05-02 23:26:44 -07:00
|
|
|
|
|
|
|
rng = Random(0xabad533d)
|
|
|
|
def randbytes(l):
|
|
|
|
ret = []
|
|
|
|
while len(ret) < l:
|
|
|
|
ret.append(rng.randrange(0, 256))
|
|
|
|
return bytes(ret)
|
2021-05-06 20:54:19 -07:00
|
|
|
rand = Rand(randbytes)
|
2021-05-02 23:26:44 -07:00
|
|
|
|
2021-05-06 20:54:19 -07:00
|
|
|
rcv = rcv_trapdoor(rand)
|
2021-05-02 23:26:44 -07:00
|
|
|
v = Scalar(100000000)
|
|
|
|
|
|
|
|
assert value_commit(rcv, v) == VALUE_COMMITMENT_RANDOMNESS_BASE * rcv + VALUE_COMMITMENT_VALUE_BASE * v
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
test_value_commit()
|