Make pk_d validity an invariant of PaymentAddress

Introduces a PaymentAddress::from_parts constructor, and getters for the diversifier and pk_d fields (which are now private).
2025-07-30 20:11:23 +00:00 · 2019-08-23 23:08:09 +01:00
parent 86142d044c
commit abbd43ff57
9 changed files with 85 additions and 62 deletions
--- a/zcash_proofs/src/circuit/sapling.rs
+++ b/zcash_proofs/src/circuit/sapling.rs
@@ -464,7 +464,7 @@ impl<'a, E: JubjubEngine> Circuit<E> for Output<'a, E> {
        // they would like.
        {
            // Just grab pk_d from the witness
-            let pk_d = self.payment_address.as_ref().map(|e| e.pk_d.to_xy());
+            let pk_d = self.payment_address.as_ref().map(|e| e.pk_d().to_xy());

            // Witness the y-coordinate, encoded as little
            // endian bits (to match the representation)
@@ -584,7 +584,7 @@ fn test_input_circuit_with_bls12_381() {
            }
        }

-        let g_d = payment_address.diversifier.g_d(params).unwrap();
+        let g_d = payment_address.diversifier().g_d(params).unwrap();
        let commitment_randomness = fs::Fs::random(rng);
        let auth_path = vec![Some((Fr::random(rng), rng.next_u32() % 2 != 0)); tree_depth];
        let ar = fs::Fs::random(rng);
@@ -595,7 +595,7 @@ fn test_input_circuit_with_bls12_381() {
            let note = Note {
                value: value_commitment.value,
                g_d: g_d.clone(),
-                pk_d: payment_address.pk_d.clone(),
+                pk_d: payment_address.pk_d().clone(),
                r: commitment_randomness.clone(),
            };

--- a/zcash_proofs/src/sapling/prover.rs
+++ b/zcash_proofs/src/sapling/prover.rs
@@ -100,7 +100,7 @@ impl SaplingProvingContext {
            g_d: diversifier
                .g_d::<Bls12>(params)
                .expect("was a valid diversifier before"),
-            pk_d: payment_address.pk_d.clone(),
+            pk_d: payment_address.pk_d().clone(),
            r: rcm,
        };