Flesh out windowed_pedersen_commitment_r
This commit is contained in:
Deirdre Connolly
Deirdre Connolly
parent
9d87f30d18
commit
579f1ed134
|
|
@ -203,6 +203,15 @@ version = "1.2.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
|
||||
|
||||
[[package]]
|
||||
name = "bitmaps"
|
||||
version = "2.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "031043d04099746d8db04daf1fa424b2bc8bd69d92b25962dcde24da39ab64a2"
|
||||
dependencies = [
|
||||
"typenum",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "bitvec"
|
||||
version = "0.17.4"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
use std::{fmt, io};
|
||||
|
||||
use bitvec::prelude::*;
|
||||
use rand_core::{CryptoRng, RngCore};
|
||||
|
||||
use crate::{
|
||||
|
|
@ -13,6 +14,37 @@ use crate::{
|
|||
// exported.
|
||||
type Scalar = jubjub::Fr;
|
||||
|
||||
pub fn pedersen_hash_to_point(D: [u8; 8], M: BitVec<Lsb0, u8>) -> jubjub::ExtendedPoint {
|
||||
// Expects i to be 0-indexed
|
||||
fn I_i(D: [u8; 8], i: u32) -> jubjub::ExtendedPoint {
|
||||
find_group_hash(D, &i.to_le_bytes())
|
||||
}
|
||||
|
||||
jubjub::ExtendedPoint::identity()
|
||||
}
|
||||
|
||||
/// Construct a “windowed” Pedersen commitment by reusing a Perderson
|
||||
/// hash constructon, and adding a randomized point on the Jubjub
|
||||
/// curve.
|
||||
///
|
||||
/// WindowedPedersenCommit_r (s) := \
|
||||
/// PedersenHashToPoint(“Zcash_PH”, s) + [r]FindGroupHash^J^(r)(“Zcash_PH”, “r”)
|
||||
///
|
||||
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
||||
pub fn windowed_pedersen_commitment_r<T>(
|
||||
csprng: &mut T,
|
||||
s: BitVec<Lsb0, u8>,
|
||||
) -> jubjub::ExtendedPoint
|
||||
where
|
||||
T: RngCore + CryptoRng,
|
||||
{
|
||||
let mut r_bytes = [0u8; 32];
|
||||
csprng.fill_bytes(&mut r_bytes);
|
||||
let r = Scalar::from_bytes(&r_bytes).unwrap();
|
||||
|
||||
pedersen_hash_to_point(*b"Zcash_PH", s) + find_group_hash(*b"Zcash_PH", b"r") * r
|
||||
}
|
||||
|
||||
/// The randomness used in the Pedersen Hash for note commitment.
|
||||
#[derive(Copy, Clone, Debug, PartialEq)]
|
||||
pub struct CommitmentRandomness(redjubjub::Randomizer);
|
||||
|
|
@ -37,6 +69,12 @@ impl From<[u8; 32]> for NoteCommitment {
|
|||
}
|
||||
}
|
||||
|
||||
impl From<jubjub::ExtendedPoint> for NoteCommitment {
|
||||
fn from(extended_point: jubjub::ExtendedPoint) -> Self {
|
||||
Self(jubjub::AffinePoint::from(extended_point))
|
||||
}
|
||||
}
|
||||
|
||||
impl Eq for NoteCommitment {}
|
||||
|
||||
impl From<NoteCommitment> for [u8; 32] {
|
||||
|
|
@ -63,6 +101,9 @@ impl ZcashDeserialize for NoteCommitment {
|
|||
impl NoteCommitment {
|
||||
/// Generate a new _NoteCommitment_.
|
||||
///
|
||||
/// NoteCommit^Sapling_rcm (g*_d , pk*_d , v) := \
|
||||
/// WindowedPedersenCommit_rcm([1; 6] || I2LEBSP_64(v) || g*_d || pk*_d)
|
||||
///
|
||||
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
||||
#[allow(non_snake_case)]
|
||||
pub fn new<T>(
|
||||
|
|
@ -74,35 +115,23 @@ impl NoteCommitment {
|
|||
where
|
||||
T: RngCore + CryptoRng,
|
||||
{
|
||||
// use bitvec::prelude::*;
|
||||
// // s as in the argument name for WindowedPedersenCommit_r(s)
|
||||
// let mut s = BitVec::new();
|
||||
// s as in the argument name for WindowedPedersenCommit_r(s)
|
||||
let mut s: BitVec<Lsb0, u8> = BitVec::new();
|
||||
|
||||
// // Prefix
|
||||
// s.extend([1, 1, 1, 1, 1, 1].iter());
|
||||
// Prefix
|
||||
s.append(&mut bitvec![1; 6]);
|
||||
|
||||
// // Jubjub repr_J canonical byte encoding
|
||||
// // https://zips.z.cash/protocol/protocol.pdf#jubjub
|
||||
// let g_d_bytes = jubjub::AffinePoint::from(diversifier).to_bytes();
|
||||
// let pk_d_bytes = transmission_key.into();
|
||||
// let v_bytes = value.to_bytes();
|
||||
// Jubjub repr_J canonical byte encoding
|
||||
// https://zips.z.cash/protocol/protocol.pdf#jubjub
|
||||
let g_d_bytes = jubjub::AffinePoint::from(diversifier).to_bytes();
|
||||
let pk_d_bytes = <[u8; 32]>::from(transmission_key);
|
||||
let v_bytes = value.to_bytes();
|
||||
|
||||
// // Expects i to be 0-indexed
|
||||
// fn I_i(D: [u8; 8], i: u32) -> jubjub::ExtendedPoint {
|
||||
// find_group_hash(D, i.to_le_bytes())
|
||||
// }
|
||||
// // let v = Scalar::from_bytes(&value_bytes).unwrap();
|
||||
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&g_d_bytes[..]));
|
||||
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&pk_d_bytes[..]));
|
||||
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&v_bytes[..]));
|
||||
|
||||
// // let mut rcv_bytes = [0u8; 32];
|
||||
// // csprng.fill_bytes(&mut rcv_bytes);
|
||||
// // let rcv = Scalar::from_bytes(&rcv_bytes).unwrap();
|
||||
|
||||
// // let V = find_group_hash(*b"Zcash_cv", b"v");
|
||||
// // let R = find_group_hash(*b"Zcash_cv", b"r");
|
||||
|
||||
// // Self::from(V * v + R * rcv)
|
||||
|
||||
unimplemented!()
|
||||
Self::from(windowed_pedersen_commitment_r(csprng, s))
|
||||
}
|
||||
|
||||
/// Hash Extractor for Jubjub (?)
|
||||
|
|
|
|||
Loading…
Reference in New Issue