zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Orchard: fix some tests, etc

This commit is contained in:
Deirdre Connolly 2021-03-17 05:00:15 -04:00 committed by Deirdre Connolly
parent 87f65b8b01
commit 73e0f4f98a
9 changed files with 268 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
zebra-chain/src/orchard/address.rs
View File

@ -138,15 +138,14 @@ mod tests {
let spending_key = keys::SpendingKey::new(&mut OsRng); let spending_key = keys::SpendingKey::new(&mut OsRng);
let spend_authorizing_key = keys::SpendAuthorizingKey::from(spending_key); let full_viewing_key = keys::FullViewingKey::from(spending_key);
let proof_authorizing_key = keys::ProofAuthorizingKey::from(spending_key);
let authorizing_key = keys::AuthorizingKey::from(spend_authorizing_key); // Default diversifier, where index = 0.
let nullifier_deriving_key = keys::NullifierDerivingKey::from(proof_authorizing_key); let diversifier_key = keys::DiversifierKey::from(full_viewing_key);
let incoming_viewing_key =
keys::IncomingViewingKey::from((authorizing_key, nullifier_deriving_key));
let diversifier = keys::Diversifier::new(&mut OsRng); let incoming_viewing_key = keys::IncomingViewingKey::from(full_viewing_key);
let diversifier = keys::Diversifier::from(diversifier_key);
let transmission_key = keys::TransmissionKey::from((incoming_viewing_key, diversifier)); let transmission_key = keys::TransmissionKey::from((incoming_viewing_key, diversifier));
let _orchard_shielded_address = Address { let _orchard_shielded_address = Address {

10
zebra-chain/src/orchard/arbitrary.rs
View File

@ -30,3 +30,13 @@ impl Arbitrary for Action {
type Strategy = BoxedStrategy<Self>; type Strategy = BoxedStrategy<Self>;
} }
impl Arbitrary for note::Nullifier {
type Parameters = ();
fn arbitrary_with(_args: Self::Parameters) -> Self::Strategy {
array::uniform32(any::<u8>()).prop_map(Self::from).boxed()
}
type Strategy = BoxedStrategy<Self>;
}

255
zebra-chain/src/orchard/commitment.rs
View File

@ -1,8 +1,5 @@
//! Note and value commitments. //! Note and value commitments.
// #[cfg(test)]
// mod test_vectors;
use std::{convert::TryFrom, fmt, io}; use std::{convert::TryFrom, fmt, io};
use bitvec::prelude::*; use bitvec::prelude::*;
@ -109,7 +106,7 @@ impl NoteCommitment {
diversifier: Diversifier, diversifier: Diversifier,
transmission_key: TransmissionKey, transmission_key: TransmissionKey,
value: Amount<NonNegative>, value: Amount<NonNegative>,
note: Note, _note: Note,
) -> Option<(CommitmentRandomness, Self)> ) -> Option<(CommitmentRandomness, Self)>
where where
T: RngCore + CryptoRng, T: RngCore + CryptoRng,
@ -311,161 +308,161 @@ impl ValueCommitment {
} }
} }
#[cfg(test)] // #[cfg(test)]
mod tests { // mod tests {
use std::ops::Neg; // use std::ops::Neg;
use super::*; // use super::*;
// #[test] // #[test]
// fn sinsemilla_hash_to_point_test_vectors() { // fn sinsemilla_hash_to_point_test_vectors() {
// zebra_test::init(); // zebra_test::init();
// const D: [u8; 8] = *b"Zcash_PH"; // const D: [u8; 8] = *b"Zcash_PH";
// for test_vector in test_vectors::TEST_VECTORS.iter() { // for test_vector in test_vectors::TEST_VECTORS.iter() {
// let result = // let result =
// pallas::Affine::from(sinsemilla_hash_to_point(D, &test_vector.input_bits.clone())); // pallas::Affine::from(sinsemilla_hash_to_point(D, &test_vector.input_bits.clone()));
// assert_eq!(result, test_vector.output_point); // assert_eq!(result, test_vector.output_point);
// } // }
// } // }
// TODO: these test vectors for ops are from Jubjub, replace with Pallas ones // TODO: these test vectors for ops are from Jubjub, replace with Pallas ones
#[test] // #[test]
fn add() { // fn add() {
zebra_test::init(); // zebra_test::init();
let identity = ValueCommitment(pallas::Affine::identity()); // let identity = ValueCommitment(pallas::Affine::identity());
let g = ValueCommitment(pallas::Affine::from_raw_unchecked( // let g = ValueCommitment(pallas::Affine::from_raw_unchecked(
pallas::Base::from_raw([ // pallas::Base::from_raw([
0xe4b3_d35d_f1a7_adfe, // 0xe4b3_d35d_f1a7_adfe,
0xcaf5_5d1b_29bf_81af, // 0xcaf5_5d1b_29bf_81af,
0x8b0f_03dd_d60a_8187, // 0x8b0f_03dd_d60a_8187,
0x62ed_cbb8_bf37_87c8, // 0x62ed_cbb8_bf37_87c8,
]), // ]),
pallas::Base::from_raw([ // pallas::Base::from_raw([
0x0000_0000_0000_000b, // 0x0000_0000_0000_000b,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
]), // ]),
)); // ));
assert_eq!(identity + g, g); // assert_eq!(identity + g, g);
} // }
#[test] // #[test]
fn add_assign() { // fn add_assign() {
zebra_test::init(); // zebra_test::init();
let mut identity = ValueCommitment(pallas::Affine::identity()); // let mut identity = ValueCommitment(pallas::Affine::identity());
let g = ValueCommitment(pallas::Affine::from_raw_unchecked( // let g = ValueCommitment(pallas::Affine::from_raw_unchecked(
pallas::Base::from_raw([ // pallas::Base::from_raw([
0xe4b3_d35d_f1a7_adfe, // 0xe4b3_d35d_f1a7_adfe,
0xcaf5_5d1b_29bf_81af, // 0xcaf5_5d1b_29bf_81af,
0x8b0f_03dd_d60a_8187, // 0x8b0f_03dd_d60a_8187,
0x62ed_cbb8_bf37_87c8, // 0x62ed_cbb8_bf37_87c8,
]), // ]),
pallas::Base::from_raw([ // pallas::Base::from_raw([
0x0000_0000_0000_000b, // 0x0000_0000_0000_000b,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
]), // ]),
)); // ));
identity += g; // identity += g;
let new_g = identity; // let new_g = identity;
assert_eq!(new_g, g); // assert_eq!(new_g, g);
} // }
#[test] // #[test]
fn sub() { // fn sub() {
zebra_test::init(); // zebra_test::init();
let g_point = pallas::Affine::from_raw_unchecked( // let g_point = pallas::Affine::from_raw_unchecked(
pallas::Base::from_raw([ // pallas::Base::from_raw([
0xe4b3_d35d_f1a7_adfe, // 0xe4b3_d35d_f1a7_adfe,
0xcaf5_5d1b_29bf_81af, // 0xcaf5_5d1b_29bf_81af,
0x8b0f_03dd_d60a_8187, // 0x8b0f_03dd_d60a_8187,
0x62ed_cbb8_bf37_87c8, // 0x62ed_cbb8_bf37_87c8,
]), // ]),
pallas::Base::from_raw([ // pallas::Base::from_raw([
0x0000_0000_0000_000b, // 0x0000_0000_0000_000b,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
]), // ]),
); // );
let identity = ValueCommitment(pallas::Affine::identity()); // let identity = ValueCommitment(pallas::Affine::identity());
let g = ValueCommitment(g_point); // let g = ValueCommitment(g_point);
assert_eq!(identity - g, ValueCommitment(g_point.neg())); // assert_eq!(identity - g, ValueCommitment(g_point.neg()));
} // }
#[test] // #[test]
fn sub_assign() { // fn sub_assign() {
zebra_test::init(); // zebra_test::init();
let g_point = pallas::Affine::from_raw_unchecked( // let g_point = pallas::Affine::from_raw_unchecked(
pallas::Base::from_raw([ // pallas::Base::from_raw([
0xe4b3_d35d_f1a7_adfe, // 0xe4b3_d35d_f1a7_adfe,
0xcaf5_5d1b_29bf_81af, // 0xcaf5_5d1b_29bf_81af,
0x8b0f_03dd_d60a_8187, // 0x8b0f_03dd_d60a_8187,
0x62ed_cbb8_bf37_87c8, // 0x62ed_cbb8_bf37_87c8,
]), // ]),
pallas::Base::from_raw([ // pallas::Base::from_raw([
0x0000_0000_0000_000b, // 0x0000_0000_0000_000b,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
]), // ]),
); // );
let mut identity = ValueCommitment(pallas::Affine::identity()); // let mut identity = ValueCommitment(pallas::Affine::identity());
let g = ValueCommitment(g_point); // let g = ValueCommitment(g_point);
identity -= g; // identity -= g;
let new_g = identity; // let new_g = identity;
assert_eq!(new_g, ValueCommitment(g_point.neg())); // assert_eq!(new_g, ValueCommitment(g_point.neg()));
} // }
#[test] // #[test]
fn sum() { // fn sum() {
zebra_test::init(); // zebra_test::init();
let g_point = pallas::Affine::from_raw_unchecked( // let g_point = pallas::Affine::from_raw_unchecked(
pallas::Base::from_raw([ // pallas::Base::from_raw([
0xe4b3_d35d_f1a7_adfe, // 0xe4b3_d35d_f1a7_adfe,
0xcaf5_5d1b_29bf_81af, // 0xcaf5_5d1b_29bf_81af,
0x8b0f_03dd_d60a_8187, // 0x8b0f_03dd_d60a_8187,
0x62ed_cbb8_bf37_87c8, // 0x62ed_cbb8_bf37_87c8,
]), // ]),
pallas::Base::from_raw([ // pallas::Base::from_raw([
0x0000_0000_0000_000b, // 0x0000_0000_0000_000b,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
0x0000_0000_0000_0000, // 0x0000_0000_0000_0000,
]), // ]),
); // );
let g = ValueCommitment(g_point); // let g = ValueCommitment(g_point);
let other_g = ValueCommitment(g_point); // let other_g = ValueCommitment(g_point);
let sum: ValueCommitment = vec![g, other_g].into_iter().sum(); // let sum: ValueCommitment = vec![g, other_g].into_iter().sum();
let doubled_g = ValueCommitment(g_point.into().double().into()); // let doubled_g = ValueCommitment(g_point.into().double().into());
assert_eq!(sum, doubled_g); // assert_eq!(sum, doubled_g);
} // }
} // }

151
zebra-chain/src/orchard/keys.rs
View File

@ -4,8 +4,6 @@
#![allow(clippy::unit_arg)] #![allow(clippy::unit_arg)]
#![allow(dead_code)] #![allow(dead_code)]
// #[cfg(test)]
// mod test_vectors;
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;
@ -261,57 +259,6 @@ impl PartialEq<[u8; 32]> for SpendAuthorizingKey {
} }
} }
/// An outgoing viewing key, as described in [protocol specification
/// §4.2.3][ps].
///
/// Used to decrypt outgoing notes without spending them.
///
/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
#[derive(Copy, Clone, Eq, PartialEq)]
pub struct OutgoingViewingKey(pub [u8; 32]);
impl fmt::Debug for OutgoingViewingKey {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
f.debug_tuple("OutgoingViewingKey")
.field(&hex::encode(&self.0))
.finish()
}
}
impl From<[u8; 32]> for OutgoingViewingKey {
/// Generate an `OutgoingViewingKey` from existing bytes.
fn from(bytes: [u8; 32]) -> Self {
Self(bytes)
}
}
impl From<OutgoingViewingKey> for [u8; 32] {
fn from(ovk: OutgoingViewingKey) -> [u8; 32] {
ovk.0
}
}
impl From<FullViewingKey> for OutgoingViewingKey {
/// Derive an `OutgoingViewingKey` from a `FullViewingKey`.
///
/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
#[allow(non_snake_case)]
fn from(fvk: FullViewingKey) -> OutgoingViewingKey {
let R = fvk.to_R();
// let ovk be the remaining [32] bytes of R [which is 64 bytes]
let ovk_bytes: [u8; 32] = R[32..64].try_into().expect("32 byte array");
Self::from(ovk_bytes)
}
}
impl PartialEq<[u8; 32]> for OutgoingViewingKey {
fn eq(&self, other: &[u8; 32]) -> bool {
self.0 == *other
}
}
/// A Spend validating key, as described in [protocol specification /// A Spend validating key, as described in [protocol specification
/// §4.2.3][orchardkeycomponents]. /// §4.2.3][orchardkeycomponents].
/// ///
@ -417,6 +364,9 @@ impl PartialEq<[u8; 32]> for NullifierDerivingKey {
} }
} }
/// Commit^ivk randomness.
///
/// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
// XXX: Should this be replaced by commitment::CommitmentRandomness? // XXX: Should this be replaced by commitment::CommitmentRandomness?
#[derive(Copy, Clone, Eq, PartialEq)] #[derive(Copy, Clone, Eq, PartialEq)]
pub struct IvkCommitRandomness(pallas::Scalar); pub struct IvkCommitRandomness(pallas::Scalar);
@ -544,6 +494,7 @@ impl From<FullViewingKey> for IncomingViewingKey {
); );
Self { Self {
// TODO: handle the network better, maybe an enum variant constraint?
network: Network::default(), network: Network::default(),
// mod r_P // mod r_P
scalar: pallas::Scalar::from_bytes(&commit_x.into()).unwrap(), scalar: pallas::Scalar::from_bytes(&commit_x.into()).unwrap(),
@ -638,6 +589,20 @@ impl fmt::Display for FullViewingKey {
} }
} }
impl From<SpendingKey> for FullViewingKey {
fn from(sk: SpendingKey) -> FullViewingKey {
let spend_authorizing_key = SpendAuthorizingKey::from(sk);
Self {
// TODO: handle setting the Network better.
network: Network::default(),
spend_validating_key: SpendValidatingKey::from(spend_authorizing_key),
nullifier_deriving_key: NullifierDerivingKey::from(sk),
ivk_commit_randomness: IvkCommitRandomness::from(sk),
}
}
}
impl FromStr for FullViewingKey { impl FromStr for FullViewingKey {
type Err = SerializationError; type Err = SerializationError;
@ -685,6 +650,70 @@ impl FullViewingKey {
} }
} }
/// An outgoing viewing key, as described in [protocol specification
/// §4.2.3][ps].
///
/// Used to decrypt outgoing notes without spending them.
///
/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
#[derive(Copy, Clone, Eq, PartialEq)]
pub struct OutgoingViewingKey(pub [u8; 32]);
impl fmt::Debug for OutgoingViewingKey {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
f.debug_tuple("OutgoingViewingKey")
.field(&hex::encode(&self.0))
.finish()
}
}
impl From<[u8; 32]> for OutgoingViewingKey {
/// Generate an `OutgoingViewingKey` from existing bytes.
fn from(bytes: [u8; 32]) -> Self {
Self(bytes)
}
}
impl From<OutgoingViewingKey> for [u8; 32] {
fn from(ovk: OutgoingViewingKey) -> [u8; 32] {
ovk.0
}
}
impl From<FullViewingKey> for OutgoingViewingKey {
/// Derive an `OutgoingViewingKey` from a `FullViewingKey`.
///
/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
#[allow(non_snake_case)]
fn from(fvk: FullViewingKey) -> OutgoingViewingKey {
let R = fvk.to_R();
// let ovk be the remaining [32] bytes of R [which is 64 bytes]
let ovk_bytes: [u8; 32] = R[32..64].try_into().expect("32 byte array");
Self::from(ovk_bytes)
}
}
impl PartialEq<[u8; 32]> for OutgoingViewingKey {
fn eq(&self, other: &[u8; 32]) -> bool {
self.0 == *other
}
}
/// A _diversifier key_.
///
/// "We define a mechanism for deterministically deriving a sequence of
/// diversifiers, without leaking how many diversified addresses have already
/// been generated for an account. Unlike Sapling, we do so by deriving a
/// _diversifier key_ directly from the _full viewing key_, instead of as part
/// of the _extended spending key_. This means that the _full viewing key_
/// provides the capability to determine the position of a _diversifier_ within
/// the sequence, which matches the capabilities of a Sapling _extended full
/// viewing key_ but simplifies the key structure."
///
/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
/// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation
#[derive(Copy, Clone, PartialEq)] #[derive(Copy, Clone, PartialEq)]
pub struct DiversifierKey([u8; 32]); pub struct DiversifierKey([u8; 32]);
@ -698,7 +727,7 @@ impl From<FullViewingKey> for DiversifierKey {
/// that cannot be distinguished (without knowledge of the /// that cannot be distinguished (without knowledge of the
/// spending key) from one with a random diversifier...' /// spending key) from one with a random diversifier...'
/// ///
/// Derived as specied in [ZIP-32]. /// Derived as specied in section [4.2.3] of the spec, and [ZIP-32].
/// ///
/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
/// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation /// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation
@ -717,9 +746,9 @@ impl From<DiversifierKey> for [u8; 32] {
} }
} }
/// A _Diversifier_, as described in [protocol specification §4.2.3][ps]. /// A _diversifier_, as described in [protocol specification §4.2.3][ps].
/// ///
/// Combined with an _IncomingViewingKey_, produces a _diversified /// Combined with an `IncomingViewingKey`, produces a _diversified
/// payment address_. /// payment address_.
/// ///
/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents /// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
@ -811,10 +840,11 @@ impl Diversifier {
/// recipient without requiring an out-of-band communication channel, the /// recipient without requiring an out-of-band communication channel, the
/// transmission key is used to encrypt them. /// transmission key is used to encrypt them.
/// ///
/// Derived by multiplying a Pallas point [derived][ps] from a `Diversifier` by /// Derived by multiplying a Pallas point [derived][concretediversifyhash] from
/// the `IncomingViewingKey` scalar. /// a `Diversifier` by the `IncomingViewingKey` scalar.
/// ///
/// [ps]: https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash /// [concretediversifyhash]: https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash
/// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
#[derive(Copy, Clone, PartialEq)] #[derive(Copy, Clone, PartialEq)]
pub struct TransmissionKey(pub pallas::Affine); pub struct TransmissionKey(pub pallas::Affine);
@ -853,6 +883,8 @@ impl From<(IncomingViewingKey, Diversifier)> for TransmissionKey {
/// This includes _KA^Orchard.DerivePublic(ivk, G_d)_, which is just a /// This includes _KA^Orchard.DerivePublic(ivk, G_d)_, which is just a
/// scalar mult _\[ivk\]G_d_. /// scalar mult _\[ivk\]G_d_.
/// ///
/// KA^Orchard.DerivePublic(sk, B) := [sk] B
///
/// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
/// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement /// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement
fn from((ivk, d): (IncomingViewingKey, Diversifier)) -> Self { fn from((ivk, d): (IncomingViewingKey, Diversifier)) -> Self {
@ -869,6 +901,7 @@ impl PartialEq<[u8; 32]> for TransmissionKey {
/// An ephemeral public key for Orchard key agreement. /// An ephemeral public key for Orchard key agreement.
/// ///
/// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement /// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement
/// https://zips.z.cash/protocol/nu5.pdf#saplingandorchardencrypt
#[derive(Copy, Clone, Deserialize, PartialEq, Serialize)] #[derive(Copy, Clone, Deserialize, PartialEq, Serialize)]
pub struct EphemeralPublicKey(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine); pub struct EphemeralPublicKey(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine);

87
zebra-chain/src/orchard/keys/tests.rs
View File

@ -11,16 +11,12 @@ impl Arbitrary for TransmissionKey {
fn arbitrary_with(_args: Self::Parameters) -> Self::Strategy { fn arbitrary_with(_args: Self::Parameters) -> Self::Strategy {
(any::<SpendingKey>()) (any::<SpendingKey>())
.prop_map(|spending_key| { .prop_map(|spending_key| {
let spend_authorizing_key = SpendAuthorizingKey::from(spending_key); let full_viewing_key = FullViewingKey::from(spending_key);
let spend_validating_key = SpendValidatingKey::from(spending_key); let diversifier_key = DiversifierKey::from(full_viewing_key);
let nullifier_deriving_key = NullifierDerivingKey::from(spending_key);
let ivk_commit_randomness = IvkCommitRandomness::from();
let incoming_viewing_key = let diversifier = Diversifier::from(diversifier_key);
IncomingViewingKey::from((authorizing_key, nullifier_deriving_key)); let incoming_viewing_key = IncomingViewingKey::from(full_viewing_key);
let diversifier = Diversifier::from(spending_key);
Self::from((incoming_viewing_key, diversifier)) Self::from((incoming_viewing_key, diversifier))
}) })
@ -30,49 +26,6 @@ impl Arbitrary for TransmissionKey {
type Strategy = BoxedStrategy<Self>; type Strategy = BoxedStrategy<Self>;
} }
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn derive_for_each_test_vector() {
zebra_test::init();
for test_vector in test_vectors::TEST_VECTORS.iter() {
let spending_key = SpendingKey::from(test_vector.sk);
let spend_authorizing_key = SpendAuthorizingKey::from(spending_key);
assert_eq!(spend_authorizing_key, test_vector.ask);
let proof_authorizing_key = ProofAuthorizingKey::from(spending_key);
assert_eq!(proof_authorizing_key, test_vector.nsk);
let outgoing_viewing_key = OutgoingViewingKey::from(spending_key);
assert_eq!(outgoing_viewing_key, test_vector.ovk);
let authorizing_key = AuthorizingKey::from(spend_authorizing_key);
assert_eq!(authorizing_key, test_vector.ak);
let nullifier_deriving_key = NullifierDerivingKey::from(proof_authorizing_key);
assert_eq!(nullifier_deriving_key, test_vector.nk);
let incoming_viewing_key =
IncomingViewingKey::from((authorizing_key, nullifier_deriving_key));
assert_eq!(incoming_viewing_key, test_vector.ivk);
let diversifier = Diversifier::from(spending_key);
assert_eq!(diversifier, test_vector.default_d);
let transmission_key = TransmissionKey::from((incoming_viewing_key, diversifier));
assert_eq!(transmission_key, test_vector.default_pk_d);
let _full_viewing_key = FullViewingKey {
network: Network::default(),
authorizing_key,
nullifier_deriving_key,
outgoing_viewing_key,
};
}
}
}
#[cfg(test)] #[cfg(test)]
proptest! { proptest! {
@ -85,29 +38,35 @@ proptest! {
prop_assert_eq![spending_key, spending_key_2]; prop_assert_eq![spending_key, spending_key_2];
let spend_authorizing_key = SpendAuthorizingKey::from(spending_key); let spend_authorizing_key = SpendAuthorizingKey::from(spending_key);
let proof_authorizing_key = ProofAuthorizingKey::from(spending_key);
let outgoing_viewing_key = OutgoingViewingKey::from(spending_key);
let authorizing_key = AuthorizingKey::from(spend_authorizing_key); let spend_validating_key = SpendValidatingKey::from(spend_authorizing_key);
let nullifier_deriving_key = NullifierDerivingKey::from(proof_authorizing_key); let nullifier_deriving_key = NullifierDerivingKey::from(spending_key);
let mut incoming_viewing_key = let ivk_commit_randomness = IvkCommitRandomness::from(spending_key);
IncomingViewingKey::from((authorizing_key, nullifier_deriving_key));
incoming_viewing_key.network = spending_key.network;
let ivk_string = incoming_viewing_key.to_string();
let incoming_viewing_key_2: IncomingViewingKey = ivk_string.parse().unwrap();
prop_assert_eq![incoming_viewing_key, incoming_viewing_key_2];
let full_viewing_key = FullViewingKey { let full_viewing_key = FullViewingKey {
network: spending_key.network, network: spending_key.network,
authorizing_key, spend_validating_key,
nullifier_deriving_key, nullifier_deriving_key,
outgoing_viewing_key, ivk_commit_randomness,
}; };
let fvk_string = full_viewing_key.to_string(); let fvk_string = full_viewing_key.to_string();
let full_viewing_key_2: FullViewingKey = fvk_string.parse().unwrap(); let full_viewing_key_2: FullViewingKey = fvk_string.parse().unwrap();
prop_assert_eq![full_viewing_key, full_viewing_key_2]; prop_assert_eq![full_viewing_key, full_viewing_key_2];
let diversifier_key = DiversifierKey::from(full_viewing_key);
let mut incoming_viewing_key = IncomingViewingKey::from(full_viewing_key);
incoming_viewing_key.network = spending_key.network;
let ivk_string = incoming_viewing_key.to_string();
let incoming_viewing_key_2: IncomingViewingKey = ivk_string.parse().unwrap();
prop_assert_eq![incoming_viewing_key, incoming_viewing_key_2];
let _outgoing_viewing_key = OutgoingViewingKey::from(full_viewing_key);
let diversifier = Diversifier::from(diversifier_key);
let _transmission_key = TransmissionKey::from((incoming_viewing_key, diversifier));
} }
} }

4
zebra-chain/src/orchard/note/nullifiers.rs
View File

@ -43,10 +43,6 @@ fn prf_nf(nk: pallas::Base, rho: pallas::Base) -> pallas::Base {
Serialize, Serialize,
Deserialize, Deserialize,
)] )]
#[cfg_attr(
any(test, feature = "proptest-impl"),
derive(proptest_derive::Arbitrary)
)]
pub struct Nullifier(#[serde(with = "serde_helpers::Base")] pallas::Base); pub struct Nullifier(#[serde(with = "serde_helpers::Base")] pallas::Base);
impl From<[u8; 32]> for Nullifier { impl From<[u8; 32]> for Nullifier {

2
zebra-chain/src/orchard/sinsemilla.rs
View File

@ -89,7 +89,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> pallas::Point
// An instance of LEBS2IP_k // An instance of LEBS2IP_k
let j = &bits.iter().fold(0u16, |j, &bit| j * 2 + bit as u16); let j = &bits.iter().fold(0u16, |j, &bit| j * 2 + bit as u16);
acc += acc + S(j.to_le_bytes()); acc = acc + acc + S(j.to_le_bytes());
} }
acc acc

2
zebra-chain/src/primitives/redpallas/signing_key.rs
View File

@ -18,7 +18,7 @@ pub struct SigningKey<T: SigType> {
impl<'a, T: SigType> From<&'a SigningKey<T>> for VerificationKey<T> { impl<'a, T: SigType> From<&'a SigningKey<T>> for VerificationKey<T> {
fn from(sk: &'a SigningKey<T>) -> VerificationKey<T> { fn from(sk: &'a SigningKey<T>) -> VerificationKey<T> {
sk.pk.clone() sk.pk
} }
} }

18
zebra-chain/src/primitives/redpallas/verification_key.rs
View File

@ -1,6 +1,6 @@
use std::{ use std::{
convert::TryFrom, convert::TryFrom,
hash::{Hash, Hasher}, // hash::{Hash, Hasher},
marker::PhantomData, marker::PhantomData,
}; };
@ -36,12 +36,12 @@ impl<T: SigType> From<VerificationKeyBytes<T>> for [u8; 32] {
} }
} }
impl<T: SigType> Hash for VerificationKeyBytes<T> { // impl<T: SigType> Hash for VerificationKeyBytes<T> {
fn hash<H: Hasher>(&self, state: &mut H) { // fn hash<H: Hasher>(&self, state: &mut H) {
self.bytes.hash(state); // self.bytes.hash(state);
self._marker.hash(state); // self._marker.hash(state);
} // }
} // }
/// A valid RedPallas verification key. /// A valid RedPallas verification key.
/// ///
@ -80,7 +80,7 @@ impl<T: SigType> From<VerificationKey<T>> for [u8; 32] {
impl<T: SigType> From<&pallas::Scalar> for VerificationKey<T> { impl<T: SigType> From<&pallas::Scalar> for VerificationKey<T> {
fn from(s: &pallas::Scalar) -> VerificationKey<T> { fn from(s: &pallas::Scalar) -> VerificationKey<T> {
let point = &T::basepoint() * s; let point = T::basepoint() * s;
let bytes = VerificationKeyBytes { let bytes = VerificationKeyBytes {
bytes: pallas::Affine::from(&point).to_bytes(), bytes: pallas::Affine::from(&point).to_bytes(),
_marker: PhantomData, _marker: PhantomData,
@ -101,7 +101,7 @@ impl<T: SigType> TryFrom<VerificationKeyBytes<T>> for VerificationKey<T> {
let point: pallas::Point = maybe_point.unwrap().into(); let point: pallas::Point = maybe_point.unwrap().into();
// This checks that the verification key is not of small order. // This checks that the verification key is not of small order.
if <bool>::from(point.is_small_order()) == false { if !<bool>::from(point.is_small_order()) {
Ok(VerificationKey { point, bytes }) Ok(VerificationKey { point, bytes })
} else { } else {
Err(Error::MalformedVerificationKey) Err(Error::MalformedVerificationKey)