From 679b4768df690d43d9134724fb369a62bd336284 Mon Sep 17 00:00:00 2001
From: Deirdre Connolly <deirdre@zfnd.org>
Date: Wed, 29 Sep 2021 13:00:25 -0400
Subject: [PATCH] Use complete addition instead of incomplete addition inside
 sinsemilla_commit (#2807)

---
 zebra-chain/src/orchard/sinsemilla.rs | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/zebra-chain/src/orchard/sinsemilla.rs b/zebra-chain/src/orchard/sinsemilla.rs
index 0e11be082..d3b2da9ff 100644
--- a/zebra-chain/src/orchard/sinsemilla.rs
+++ b/zebra-chain/src/orchard/sinsemilla.rs
@@ -164,7 +164,8 @@ pub fn sinsemilla_hash(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Base> {
 /// Sinsemilla commit
 ///
 /// We construct Sinsemilla commitments by hashing to a point with Sinsemilla
-/// hash, and adding a randomized point on the Pallas curve.
+/// hash, and adding a randomized point on the Pallas curve (with complete
+/// addition, vs incomplete addition as used in [`sinsemilla_hash_to_point`]).
 ///
 /// SinsemillaCommit_r(D, M) := SinsemillaHashToPoint(D || "-M", M) + [r]GroupHash^P(D || "-r", "")
 ///
@@ -175,10 +176,8 @@ pub fn sinsemilla_commit(
     D: &[u8],
     M: &BitVec<Lsb0, u8>,
 ) -> Option<pallas::Point> {
-    incomplete_addition(
-        sinsemilla_hash_to_point(&[D, b"-M"].concat(), M),
-        Some(pallas_group_hash(&[D, b"-r"].concat(), b"") * r),
-    )
+    sinsemilla_hash_to_point(&[D, b"-M"].concat(), M)
+        .map(|point| point + pallas_group_hash(&[D, b"-r"].concat(), b"") * r)
 }
 
 /// SinsemillaShortCommit_r(D, M) := Extract⊥ P(SinsemillaCommit_r(D, M))