Qortal/pirate-librustzcash
1
0
Fork 1
mirror of https://github.com/Qortal/pirate-librustzcash.git synced 2025-11-02 04:17:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Sapling proving and binding signature

Browse Source
This commit is contained in:
Jack Grigg
2018-12-01 00:06:50 +00:00
parent e1841806c5
commit 922ffe6002
1 changed files with 45 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
librustzcash/src/rustzcash.rs
View File

@@ -1024,15 +1024,15 @@ pub extern "system" fn librustzcash_sapling_output_proof(
diversifier: diversifier, diversifier: diversifier,
}; };
// Initialize secure RNG
let mut rng = OsRng::new().expect("should be able to construct RNG");
// The caller provides the commitment randomness for the output note // The caller provides the commitment randomness for the output note
let rcm = match Fs::from_repr(read_fs(&(unsafe { &*rcm })[..])) { let rcm = match Fs::from_repr(read_fs(&(unsafe { &*rcm })[..])) {
Ok(p) => p, Ok(p) => p,
Err(_) => return false, Err(_) => return false,
}; };
// Initialize secure RNG
let mut rng = OsRng::new().expect("should be able to construct RNG");
// We construct ephemeral randomness for the value commitment. This // We construct ephemeral randomness for the value commitment. This
// randomness is not given back to the caller, but the synthetic // randomness is not given back to the caller, but the synthetic
// blinding factor `bsk` is accumulated in the context. // blinding factor `bsk` is accumulated in the context.
@@ -1070,11 +1070,6 @@ pub extern "system" fn librustzcash_sapling_output_proof(
&mut rng, &mut rng,
).expect("proving should not fail"); ).expect("proving should not fail");
// Write the proof out to the caller
proof
.write(&mut (unsafe { &mut *zkproof })[..])
.expect("should be able to serialize a proof");
// Compute the value commitment // Compute the value commitment
let value_commitment: edwards::Point<Bls12, Unknown> = value_commitment.cm(&JUBJUB).into(); let value_commitment: edwards::Point<Bls12, Unknown> = value_commitment.cm(&JUBJUB).into();
@@ -1088,6 +1083,11 @@ pub extern "system" fn librustzcash_sapling_output_proof(
unsafe { &mut *ctx }.bvk = tmp; unsafe { &mut *ctx }.bvk = tmp;
} }
// Write the proof out to the caller
proof
.write(&mut (unsafe { &mut *zkproof })[..])
.expect("should be able to serialize a proof");
// Write the value commitment to the caller // Write the value commitment to the caller
value_commitment value_commitment
.write(&mut (unsafe { &mut *cv })[..]) .write(&mut (unsafe { &mut *cv })[..])
@@ -1152,6 +1152,9 @@ pub extern "system" fn librustzcash_sapling_binding_sig(
sighash: *const [c_uchar; 32], sighash: *const [c_uchar; 32],
result: *mut [c_uchar; 64], result: *mut [c_uchar; 64],
) -> bool { ) -> bool {
// Initialize secure RNG
let mut rng = OsRng::new().expect("should be able to construct RNG");
// Grab the current `bsk` from the context // Grab the current `bsk` from the context
let bsk = redjubjub::PrivateKey::<Bls12>(unsafe { &*ctx }.bsk); let bsk = redjubjub::PrivateKey::<Bls12>(unsafe { &*ctx }.bsk);
@@ -1191,7 +1194,6 @@ pub extern "system" fn librustzcash_sapling_binding_sig(
(&mut data_to_be_signed[32..64]).copy_from_slice(&(unsafe { &*sighash })[..]); (&mut data_to_be_signed[32..64]).copy_from_slice(&(unsafe { &*sighash })[..]);
// Sign // Sign
let mut rng = OsRng::new().expect("should be able to construct RNG");
let sig = bsk.sign( let sig = bsk.sign(
&data_to_be_signed, &data_to_be_signed,
&mut rng, &mut rng,
@@ -1221,26 +1223,6 @@ pub extern "system" fn librustzcash_sapling_spend_proof(
rk_out: *mut [c_uchar; 32], rk_out: *mut [c_uchar; 32],
zkproof: *mut [c_uchar; GROTH_PROOF_SIZE], zkproof: *mut [c_uchar; GROTH_PROOF_SIZE],
) -> bool { ) -> bool {
let mut rng = OsRng::new().expect("should be able to construct RNG");
// We create the randomness of the value commitment
let rcv = Fs::rand(&mut rng);
// Accumulate the value commitment randomness in the context
{
let mut tmp = rcv.clone();
tmp.add_assign(&unsafe { &*ctx }.bsk);
// Update the context
unsafe { &mut *ctx }.bsk = tmp;
}
// Construct the value commitment
let value_commitment = ValueCommitment::<Bls12> {
value: value,
randomness: rcv,
};
// Grab `ak` from the caller, which should be a point. // Grab `ak` from the caller, which should be a point.
let ak = match edwards::Point::<Bls12, Unknown>::read(&(unsafe { &*ak })[..], &JUBJUB) { let ak = match edwards::Point::<Bls12, Unknown>::read(&(unsafe { &*ak })[..], &JUBJUB) {
Ok(p) => p, Ok(p) => p,
@@ -1265,18 +1247,9 @@ pub extern "system" fn librustzcash_sapling_spend_proof(
nsk, nsk,
}; };
// Construct the viewing key
let viewing_key = proof_generation_key.into_viewing_key(&JUBJUB);
// Grab the diversifier from the caller // Grab the diversifier from the caller
let diversifier = sapling_crypto::primitives::Diversifier(unsafe { *diversifier }); let diversifier = sapling_crypto::primitives::Diversifier(unsafe { *diversifier });
// Construct the payment address with the viewing key / diversifier
let payment_address = match viewing_key.into_payment_address(diversifier, &JUBJUB) {
Some(p) => p,
None => return false,
};
// The caller chooses the note randomness // The caller chooses the note randomness
let rcm = match Fs::from_repr(read_fs(&(unsafe { &*rcm })[..])) { let rcm = match Fs::from_repr(read_fs(&(unsafe { &*rcm })[..])) {
Ok(p) => p, Ok(p) => p,
@@ -1289,6 +1262,36 @@ pub extern "system" fn librustzcash_sapling_spend_proof(
Err(_) => return false, Err(_) => return false,
}; };
// Initialize secure RNG
let mut rng = OsRng::new().expect("should be able to construct RNG");
// We create the randomness of the value commitment
let rcv = Fs::rand(&mut rng);
// Accumulate the value commitment randomness in the context
{
let mut tmp = rcv.clone();
tmp.add_assign(&unsafe { &*ctx }.bsk);
// Update the context
unsafe { &mut *ctx }.bsk = tmp;
}
// Construct the value commitment
let value_commitment = ValueCommitment::<Bls12> {
value: value,
randomness: rcv,
};
// Construct the viewing key
let viewing_key = proof_generation_key.into_viewing_key(&JUBJUB);
// Construct the payment address with the viewing key / diversifier
let payment_address = match viewing_key.into_payment_address(diversifier, &JUBJUB) {
Some(p) => p,
None => return false,
};
// This is the result of the re-randomization, we compute it for the caller // This is the result of the re-randomization, we compute it for the caller
let rk = redjubjub::PublicKey::<Bls12>(ak.into()).randomize( let rk = redjubjub::PublicKey::<Bls12>(ak.into()).randomize(
ar, ar,
@@ -1296,10 +1299,6 @@ pub extern "system" fn librustzcash_sapling_spend_proof(
&JUBJUB, &JUBJUB,
); );
// Write out `rk` to the caller
rk.write(&mut unsafe { &mut *rk_out }[..])
.expect("should be able to write to rk_out");
// We need to compute the anchor of the Spend. // We need to compute the anchor of the Spend.
let anchor = match Fr::from_repr(read_le(unsafe { &(&*anchor)[..] })) { let anchor = match Fr::from_repr(read_le(unsafe { &(&*anchor)[..] })) {
Ok(p) => p, Ok(p) => p,
@@ -1453,6 +1452,10 @@ pub extern "system" fn librustzcash_sapling_spend_proof(
.write(&mut (unsafe { &mut *zkproof })[..]) .write(&mut (unsafe { &mut *zkproof })[..])
.expect("should be able to serialize a proof"); .expect("should be able to serialize a proof");
// Write out `rk` to the caller
rk.write(&mut unsafe { &mut *rk_out }[..])
.expect("should be able to write to rk_out");
true true
} }