octo
/
Zebra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use complete addition instead of incomplete addition inside sinsemilla_commit (#2807)

This commit is contained in:
Deirdre Connolly 2021-09-29 13:00:25 -04:00 committed by GitHub
parent 37595c4b32
commit 679b4768df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
zebra-chain/src/orchard/sinsemilla.rs
View File

@ -164,7 +164,8 @@ pub fn sinsemilla_hash(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Base> {
/// Sinsemilla commit /// Sinsemilla commit
/// ///
/// We construct Sinsemilla commitments by hashing to a point with Sinsemilla /// We construct Sinsemilla commitments by hashing to a point with Sinsemilla
/// hash, and adding a randomized point on the Pallas curve. /// hash, and adding a randomized point on the Pallas curve (with complete
/// addition, vs incomplete addition as used in [`sinsemilla_hash_to_point`]).
/// ///
/// SinsemillaCommit_r(D, M) := SinsemillaHashToPoint(D || "-M", M) + [r]GroupHash^P(D || "-r", "") /// SinsemillaCommit_r(D, M) := SinsemillaHashToPoint(D || "-M", M) + [r]GroupHash^P(D || "-r", "")
/// ///
@ -175,10 +176,8 @@ pub fn sinsemilla_commit(
D: &[u8], D: &[u8],
M: &BitVec<Lsb0, u8>, M: &BitVec<Lsb0, u8>,
) -> Option<pallas::Point> { ) -> Option<pallas::Point> {
incomplete_addition( sinsemilla_hash_to_point(&[D, b"-M"].concat(), M)
sinsemilla_hash_to_point(&[D, b"-M"].concat(), M), .map(|point| point + pallas_group_hash(&[D, b"-r"].concat(), b"") * r)
Some(pallas_group_hash(&[D, b"-r"].concat(), b"") * r),
)
} }
/// SinsemillaShortCommit_r(D, M) := Extract⊥ P(SinsemillaCommit_r(D, M)) /// SinsemillaShortCommit_r(D, M) := Extract⊥ P(SinsemillaCommit_r(D, M))