diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 11dc387..835e9c7 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -5,7 +5,6 @@ use ff::{Field, PrimeField, PrimeFieldRepr}; pub enum Personalization { NoteCommitment, MerkleTree(usize), - Empty, } impl Personalization { @@ -17,9 +16,6 @@ impl Personalization { (0..6).map(|i| (num >> i) & 1 == 1).collect() } - Personalization::Empty => { - vec![true, true, true, true, true, true] - } } } } @@ -42,14 +38,12 @@ where let mut generators = params.pedersen_hash_exp_table().iter(); loop { - // acc is let mut acc = E::Fs::zero(); let mut cur = E::Fs::one(); let mut chunks_remaining = params.pedersen_hash_chunks_per_generator(); let mut encountered_bits = false; // Grab three bits from the input - // spec: iterate over chunks (a,b,c) while let Some(a) = bits.next() { encountered_bits = true; @@ -57,7 +51,6 @@ where let c = bits.next().unwrap_or(false); // Start computing this portion of the scalar - // tmp is enc(m_j) let mut tmp = cur; if a { tmp.add_assign(&cur); @@ -112,29 +105,3 @@ where result } - -#[cfg(test)] -mod test { - use crate::{ - jubjub::*, - pedersen_hash::{pedersen_hash, Personalization}, - }; - use pairing::bls12_381::{Bls12, Fr}; - - #[test] - fn test_pedersen_hash_noncircuit() { - let params = &JubjubBls12::new(); - /* - for (i, generator) in params.pedersen_hash_generators().iter().enumerate() { - println!("generator {}, x={}, y={}", i, generator.to_xy().0, generator.to_xy().1) - } - */ - - let mut input: Vec = vec![]; - for i in 0..(63*3*4+1) { - input.push(true); - } - let p = pedersen_hash::(Personalization::Empty, input, ¶ms).to_xy(); - println!("hash = {}, {}", p.0, p.1); - } -} diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 409f30e..acaf7c9 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -207,4 +207,57 @@ mod test { } } } + + #[test] + fn test_pedersen_hash_external_test_vectors() { + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, + 0xbc, 0xe5, + ]); + let params = &JubjubBls12::new(); + + let expected_xs = [ + "28161926966428986673895580777285905189725480206811328272001879986576840909576", + "39669831794597628158501766225645040955899576179071014703006420393381978263045", + ]; + let expected_ys = [ + "26869991781071974894722407757894142583682396277979904369818887810555917099932", + "2112827187110048608327330788910224944044097981650120385961435904443901436107", + ]; + for length in 300..302 { + let mut input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); + + let mut cs = TestConstraintSystem::::new(); + + let input_bools: Vec = input + .iter() + .enumerate() + .map(|(i, b)| { + Boolean::from( + AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)) + .unwrap(), + ) + }) + .collect(); + + let res = pedersen_hash( + cs.namespace(|| "pedersen hash"), + Personalization::MerkleTree(1), + &input_bools, + params, + ) + .unwrap(); + + assert!(cs.is_satisfied()); + + assert_eq!( + res.get_x().get_value().unwrap(), + Fr::from_str(expected_xs[length - 300]).unwrap() + ); + assert_eq!( + res.get_y().get_value().unwrap(), + Fr::from_str(expected_ys[length - 300]).unwrap() + ); + } + } }