zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use complete addition instead of incomplete addition inside sinsemilla_commit (#2807)

This commit is contained in:
Deirdre Connolly 2021-09-29 13:00:25 -04:00 committed by GitHub
parent 37595c4b32
commit 679b4768df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
zebra-chain/src/orchard/sinsemilla.rs
View File

@ -164,7 +164,8 @@ pub fn sinsemilla_hash(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Base> {
/// Sinsemilla commit
///
/// We construct Sinsemilla commitments by hashing to a point with Sinsemilla
/// hash, and adding a randomized point on the Pallas curve.
/// hash, and adding a randomized point on the Pallas curve (with complete
/// addition, vs incomplete addition as used in [`sinsemilla_hash_to_point`]).
///
/// SinsemillaCommit_r(D, M) := SinsemillaHashToPoint(D || "-M", M) + [r]GroupHash^P(D || "-r", "")
///
@ -175,10 +176,8 @@ pub fn sinsemilla_commit(
D: &[u8],
M: &BitVec<Lsb0, u8>,
) -> Option<pallas::Point> {
incomplete_addition(
sinsemilla_hash_to_point(&[D, b"-M"].concat(), M),
Some(pallas_group_hash(&[D, b"-r"].concat(), b"") * r),
)
sinsemilla_hash_to_point(&[D, b"-M"].concat(), M)
.map(|point| point + pallas_group_hash(&[D, b"-r"].concat(), b"") * r)
}
/// SinsemillaShortCommit_r(D, M) := Extract⊥ P(SinsemillaCommit_r(D, M))