Correctly generate a sapling NoteCommitment from the NoteCommitmentRandomness
This commit is contained in:
Deirdre Connolly
Deirdre Connolly
parent
b6385ca36f
commit
ed888b38ef
|
|
@ -85,20 +85,13 @@ pub fn pedersen_hash(domain: [u8; 8], M: &BitVec<Lsb0, u8>) -> jubjub::Fq {
|
||||||
/// PedersenHashToPoint(“Zcash_PH”, s) + [r]FindGroupHash^J^(r)(“Zcash_PH”, “r”)
|
/// PedersenHashToPoint(“Zcash_PH”, s) + [r]FindGroupHash^J^(r)(“Zcash_PH”, “r”)
|
||||||
///
|
///
|
||||||
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
||||||
pub fn windowed_pedersen_commitment_r<T>(
|
pub fn windowed_pedersen_commitment_r(
|
||||||
csprng: &mut T,
|
rcm: CommitmentRandomness,
|
||||||
s: &BitVec<Lsb0, u8>,
|
s: &BitVec<Lsb0, u8>,
|
||||||
) -> jubjub::ExtendedPoint
|
) -> jubjub::ExtendedPoint {
|
||||||
where
|
|
||||||
T: RngCore + CryptoRng,
|
|
||||||
{
|
|
||||||
const D: [u8; 8] = *b"Zcash_PH";
|
const D: [u8; 8] = *b"Zcash_PH";
|
||||||
|
|
||||||
let mut r_bytes = [0u8; 32];
|
pedersen_hash_to_point(D, &s) + find_group_hash(D, b"r") * rcm.0
|
||||||
csprng.fill_bytes(&mut r_bytes);
|
|
||||||
let r = Scalar::from_bytes(&r_bytes).unwrap();
|
|
||||||
|
|
||||||
pedersen_hash_to_point(D, &s) + find_group_hash(D, b"r") * r
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The randomness used in the Pedersen Hash for note commitment.
|
/// The randomness used in the Pedersen Hash for note commitment.
|
||||||
|
|
@ -150,10 +143,8 @@ impl From<Note> for NoteCommitment {
|
||||||
///
|
///
|
||||||
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
||||||
fn from(note: Note) -> NoteCommitment {
|
fn from(note: Note) -> NoteCommitment {
|
||||||
use rand_core::OsRng;
|
|
||||||
|
|
||||||
NoteCommitment::new(
|
NoteCommitment::new(
|
||||||
&mut OsRng,
|
note.rcm,
|
||||||
note.diversifier,
|
note.diversifier,
|
||||||
note.transmission_key,
|
note.transmission_key,
|
||||||
note.value,
|
note.value,
|
||||||
|
|
@ -186,15 +177,12 @@ impl NoteCommitment {
|
||||||
///
|
///
|
||||||
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
/// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
|
||||||
#[allow(non_snake_case)]
|
#[allow(non_snake_case)]
|
||||||
pub fn new<T>(
|
pub fn new(
|
||||||
csprng: &mut T,
|
rcm: CommitmentRandomness,
|
||||||
diversifier: Diversifier,
|
diversifier: Diversifier,
|
||||||
transmission_key: TransmissionKey,
|
transmission_key: TransmissionKey,
|
||||||
value: Amount<NonNegative>,
|
value: Amount<NonNegative>,
|
||||||
) -> Self
|
) -> Self {
|
||||||
where
|
|
||||||
T: RngCore + CryptoRng,
|
|
||||||
{
|
|
||||||
// s as in the argument name for WindowedPedersenCommit_r(s)
|
// s as in the argument name for WindowedPedersenCommit_r(s)
|
||||||
let mut s: BitVec<Lsb0, u8> = BitVec::new();
|
let mut s: BitVec<Lsb0, u8> = BitVec::new();
|
||||||
|
|
||||||
|
|
@ -211,7 +199,7 @@ impl NoteCommitment {
|
||||||
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&pk_d_bytes[..]));
|
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&pk_d_bytes[..]));
|
||||||
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&v_bytes[..]));
|
s.append(&mut BitVec::<Lsb0, u8>::from_slice(&v_bytes[..]));
|
||||||
|
|
||||||
Self::from(windowed_pedersen_commitment_r(csprng, &s))
|
Self::from(windowed_pedersen_commitment_r(rcm, &s))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Hash Extractor for Jubjub (?)
|
/// Hash Extractor for Jubjub (?)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue