Qortal/pirate-librustzcash
3
0
Fork 0
mirror of https://github.com/Qortal/pirate-librustzcash.git synced 2025-02-01 00:02:14 +00:00
Code Issues Projects Releases Wiki Activity

Change group_hash to output points in the twisted Edwards form.

Browse Source
This commit is contained in:
Sean Bowe 2018-01-29 08:56:58 -07:00
parent 55598e4d4f
commit f00e8a8292
No known key found for this signature in database
GPG Key ID: 95684257D8F8B031
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/group_hash.rs
View File

@ -10,7 +10,7 @@ use digest::{FixedOutput, Input};
pub fn group_hash<E: JubjubEngine>( pub fn group_hash<E: JubjubEngine>(
tag: &[u8], tag: &[u8],
params: &E::Params params: &E::Params
) -> Option<montgomery::Point<E, PrimeOrder>> ) -> Option<edwards::Point<E, PrimeOrder>>
{ {
// Check to see that scalar field is 255 bits // Check to see that scalar field is 255 bits
assert!(E::Fr::NUM_BITS == 255); assert!(E::Fr::NUM_BITS == 255);
@ -25,15 +25,15 @@ pub fn group_hash<E: JubjubEngine>(
h[0] &= 0b0111_1111; // unset s from h h[0] &= 0b0111_1111; // unset s from h
// cast to prime field representation // cast to prime field representation
let mut x0 = <E::Fr as PrimeField>::Repr::default(); let mut y0 = <E::Fr as PrimeField>::Repr::default();
x0.read_be(&h[..]).expect("hash is sufficiently large"); y0.read_be(&h[..]).expect("hash is sufficiently large");
if let Ok(x0) = E::Fr::from_repr(x0) { if let Ok(y0) = E::Fr::from_repr(y0) {
if let Some(p) = montgomery::Point::<E, _>::get_for_x(x0, s, params) { if let Some(p) = edwards::Point::<E, _>::get_for_y(y0, s, params) {
// Enter into the prime order subgroup // Enter into the prime order subgroup
let p = p.mul_by_cofactor(params); let p = p.mul_by_cofactor(params);
if p != montgomery::Point::zero() { if p != edwards::Point::zero() {
Some(p) Some(p)
} else { } else {
None None

4
src/jubjub/mod.rs
View File

@ -110,10 +110,12 @@ impl JubjubBls12 {
while pedersen_hash_generators.len() < 10 { while pedersen_hash_generators.len() < 10 {
let gh = group_hash(&[cur], &tmp); let gh = group_hash(&[cur], &tmp);
// We don't want to overflow and start reusing generators
assert!(cur != u8::max_value());
cur += 1; cur += 1;
if let Some(gh) = gh { if let Some(gh) = gh {
pedersen_hash_generators.push(edwards::Point::from_montgomery(&gh, &tmp)); pedersen_hash_generators.push(gh);
} }
} }