octo
/
Zebra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update sapling keys derived from spending key via blake2b

This commit is contained in:
Deirdre Connolly 2020-03-29 03:19:02 -04:00 committed by Deirdre Connolly
parent b167a3b96e
commit 097d4617df
1 changed files with 25 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
zebra-chain/src/keys/sapling.rs
View File

@ -53,22 +53,21 @@ impl From<[u8; 32]> for SpendingKey {
pub type SpendAuthorizationKey = Scalar; pub type SpendAuthorizationKey = Scalar;
impl From<SpendingKey> for SpendAuthorizationKey { impl From<SpendingKey> for SpendAuthorizationKey {
/// Invokes Blake2b-512 as PRF^expand to derive a /// Invokes Blake2b-512 as PRF^expand, t=0, to derive a
/// SpendAuthorizationKey from a SpendingKey. /// SpendAuthorizationKey from a SpendingKey.
/// ///
/// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
/// https://zips.z.cash/protocol/protocol.pdf#concreteprfs /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
fn from(spending_key: SpendingKey) -> SpendAuthorizationKey { fn from(spending_key: SpendingKey) -> SpendAuthorizationKey {
let mut block = [0u8; 33]; // Last byte is t=0; let hash = blake2b_simd::Params::new()
.hash_length(64) // Blake2b-512
.personal(b"Zcash_ExpandSeed")
.to_state()
.update(spending_key.0[..])
.update([0]) // t=0
.finalize();
block[0..32].copy_from_slice(&spending_key.0[..]); Self::from(hash)
let mut hasher = Blake2b::new();
// TODO: check that this counts as personalization.
hasher.input("Zcash_ExpandSeed");
hasher.input(block);
Self::from(hasher.result())
} }
} }
@ -89,17 +88,15 @@ impl From<SpendingKey> for ProofAuthorizingKey {
/// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
/// https://zips.z.cash/protocol/protocol.pdf#concreteprfs /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
fn from(spending_key: SpendingKey) -> ProofAuthorizingKey { fn from(spending_key: SpendingKey) -> ProofAuthorizingKey {
let mut block = [0u8; 33]; let hash = blake2b_simd::Params::new()
block[33] = 1; // Last byte is t=1; .hash_length(64)
.personal(b"Zcash_ExpandSeed")
.to_state()
.update(spending_key.0[..])
.update([1])
.finalize();
block[0..32].copy_from_slice(&spending_key.0[..]); Self::from(hash)
let mut hasher = Blake2b::new();
// TODO: check that this counts as personalization.
hasher.input("Zcash_ExpandSeed");
hasher.input(block);
Self::from(hasher.result())
} }
} }
@ -121,17 +118,15 @@ impl From<SpendingKey> for OutgoingViewingKey {
/// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents /// https://zips.z.cash/protocol/protocol.pdf#saplingkeycomponents
/// https://zips.z.cash/protocol/protocol.pdf#concreteprfs /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
fn from(spending_key: SpendingKey) -> OutgoingViewingKey { fn from(spending_key: SpendingKey) -> OutgoingViewingKey {
let mut block = [0u8; 33]; let hash = blake2b_simd::Params::new()
block[33] = 2u8; // Last byte is t=2; .hash_length(64)
.personal(b"Zcash_ExpandSeed")
.to_state()
.update(spending_key.0[..])
.update([2])
.finalize();
block[0..32].copy_from_slice(&spending_key.0[..]); Self::from(hash[0..32])
let mut hasher = Blake2b::new();
// TODO: check that this counts as personalization.
hasher.input("Zcash_ExpandSeed");
hasher.input(block);
Self(hasher.result()[0..31])
} }
} }