librustzcash APIs for wallet key manipulation #9
Conversation
|
Can you rebase this on top of the latest librustzcash? |
|
Rebased |
arcalinea
force-pushed
the
wallet-apis
branch
4 times, most recently
from
77b724f
to
b184cc6
Compare
str4d
changed the title
arcalinea
force-pushed
the
wallet-apis
branch
2 times, most recently
from
115f152
to
06990af
Compare
| } | ||
|
|
||
| #[no_mangle] | ||
| pub extern "system" fn librustzcash_crh_ivk( |
There was a problem hiding this comment.
Psst! There's an API for this in sapling-crypto.
https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/primitives/mod.rs#L89
There was a problem hiding this comment.
I can see why you might not want to use it though. It looks like you do the right thing here, so meh, it's okay.
There was a problem hiding this comment.
Well, kinda. I think you should do what my code does, interpret it as a scalar (it should always work) and then use a write_fs afterwards, which should be implemented to write out in little endian bit order.
There was a problem hiding this comment.
Using that API requires six additional conversion read/write operations (to convert ak and nk to scalars and back, and to convert ivk to a Point and back). It didn't seem worth the cycles.
There was a problem hiding this comment.
Once this has been rebased, we should test this function against the test vectors.
src/rustzcash.rs
Outdated
|
|
||
| let result = unsafe { &mut *result }; | ||
|
|
||
| scalar.as_mut().reverse(); |
There was a problem hiding this comment.
We should be doing some kind of write_fs here instead.
There was a problem hiding this comment.
So extract it into a separate function like we did for read_fs?
There was a problem hiding this comment.
I tried this in latest commit
| /// Reads an FsRepr from [u8] of length 32 | ||
| /// This will panic (abort) if length provided is | ||
| /// not correct | ||
| fn read_fs(from: &[u8]) -> FsRepr { |
There was a problem hiding this comment.
This will read from bytes into an Fs in little-endian bit order, which is what we want, but the function librustzcash_crh_ivk produces a little-endian byte order result and writes that out. Then, when you call librustzcash_ivk_to_pkd, it's not going to work correctly.
There was a problem hiding this comment.
Does it? I thought the intention was that the output of BLAKE2s was exactly the representation we wanted. More precisely, I think this is fine, because:
- Here we are reading a little-endian byte array in big-endian, and then flipping, which means we need to flip both the u64s and their bits.
- In
ViewingKey.ivk()we flip the little-endian byte array before reading it as big endian, and since the endianness of the bits within each byte doesn't matter for reading, that should mean the result is the same as we get here by flipping the bits above.
I'll try and generate some test vectors to confirm.
There was a problem hiding this comment.
Now that #12 has been merged, this function needs to be updated (to use read_le and not swap bits).
| /// Reads an FsRepr from [u8] of length 32 | ||
| /// This will panic (abort) if length provided is | ||
| /// not correct | ||
| fn read_fs(from: &[u8]) -> FsRepr { |
There was a problem hiding this comment.
Now that #12 has been merged, this function needs to be updated (to use read_le and not swap bits).
src/rustzcash.rs
Outdated
| *b = swap_bits_u64(*b); | ||
| } | ||
|
|
||
| f.write_be(to).expect("length is 32 bytes"); |
There was a problem hiding this comment.
Now that #12 has been merged, this function needs to be updated (to use read_le and not swap bits).
| } | ||
|
|
||
| #[no_mangle] | ||
| pub extern "system" fn librustzcash_crh_ivk( |
There was a problem hiding this comment.
Once this has been rebased, we should test this function against the test vectors.
src/rustzcash.rs
Outdated
| let mut f = <<Bls12 as JubjubEngine>::Fs as PrimeField>::Repr::default(); | ||
| f.read_le(from).expect("length is 32 bytes"); | ||
|
|
||
| f.as_mut().reverse(); |
There was a problem hiding this comment.
This needed to be removed as well.
src/rustzcash.rs
Outdated
| fn write_fs(mut f: FsRepr, to: &mut [u8]) { | ||
| assert_eq!(to.len(), 32); | ||
|
|
||
| f.as_mut().reverse(); |
There was a problem hiding this comment.
This needed to be removed as well.
There was a problem hiding this comment.
Should the reverse() on line 80 also be removed?
|
I rebased this PR on master to fix merge conflicts and remove some stray commits that had crept in. |
| ) { | ||
| // Should be okay, because caller is responsible for ensuring | ||
| // the pointer is a valid pointer to 32 bytes, and that is the | ||
| // size of the representation |
There was a problem hiding this comment.
Comment is out-of-date (I think it might be intended to apply to the unsafe conversion of result).
Add Sapling key classes to wallet Leverages new librustzcash APIs added in zcash/librustzcash#9
Various improvements to project structure and implementation This makes wNAF/multiexp more modularized and abstract (for use later in remodeling groth) and starts moving other things around. Also, good chance to start working on buildbot.
librustzcash_to_scalarlibrustzcash_ask_to_aklibrustzcash_nsk_to_nklibrustzcash_crh_ivklibrustzcash_check_diversifierlibrustzcash_ivk_to_pkd