From 0738b42b1cbdd0a9b9caeadf010f1d9ecfdd5197 Mon Sep 17 00:00:00 2001 From: zero Date: Tue, 30 Jan 2024 12:12:56 +0100 Subject: [PATCH] money: change the coin_attribute serial to coin_blind. We no longer use the serial, and its sole purpose is to blind the coin. Also move it to the end, consistent with all bullas and commits used in darkfi core. --- .../proof/dao-auth-money-transfer-enc-coin.zk | 18 +++++++++--------- .../dao/proof/dao-auth-money-transfer.zk | 8 ++++---- src/contract/dao/proof/dao-propose-input.zk | 4 ++-- src/contract/dao/proof/dao-vote-input.zk | 4 ++-- src/contract/dao/src/client/auth_xfer.rs | 8 ++++---- src/contract/dao/src/client/exec.rs | 2 -- src/contract/dao/src/client/propose.rs | 4 ++-- src/contract/dao/src/client/vote.rs | 4 ++-- src/contract/dao/tests/integration.rs | 2 +- src/contract/money/proof/burn_v1.zk | 6 +++--- src/contract/money/proof/fee_v1.zk | 12 ++++++------ src/contract/money/proof/mint_v1.zk | 6 +++--- src/contract/money/src/client/fee_v1.rs | 16 ++++++++-------- .../money/src/client/genesis_mint_v1.rs | 8 ++++---- src/contract/money/src/client/mod.rs | 4 ++-- src/contract/money/src/client/pow_reward_v1.rs | 8 ++++---- src/contract/money/src/client/swap_v1.rs | 10 +++++----- src/contract/money/src/client/token_mint_v1.rs | 14 +++++++------- .../money/src/client/transfer_v1/builder.rs | 4 ++-- .../money/src/client/transfer_v1/mod.rs | 4 ++-- .../money/src/client/transfer_v1/proof.rs | 10 +++++----- src/contract/money/src/model.rs | 6 +++--- src/contract/test-harness/src/dao_exec.rs | 9 +-------- src/contract/test-harness/src/lib.rs | 9 ++++++--- src/contract/test-harness/src/money_airdrop.rs | 2 +- src/contract/test-harness/src/vks.rs | 4 ++-- 26 files changed, 90 insertions(+), 96 deletions(-) diff --git a/src/contract/dao/proof/dao-auth-money-transfer-enc-coin.zk b/src/contract/dao/proof/dao-auth-money-transfer-enc-coin.zk index ad69e2d56..401afa6ca 100644 --- a/src/contract/dao/proof/dao-auth-money-transfer-enc-coin.zk +++ b/src/contract/dao/proof/dao-auth-money-transfer-enc-coin.zk @@ -12,9 +12,9 @@ witness "DaoAuthMoneyTransferEncCoin" { EcNiPoint public_key, Base value, Base token_id, - Base serial, Base spend_hook, Base user_data, + Base coin_blind, # Epehemeral secret used for diffie-hellman shared secret derivation Base ephem_secret, @@ -31,9 +31,9 @@ circuit "DaoAuthMoneyTransferEncCoin" { ec_get_y(pubkey), value, token_id, - serial, spend_hook, user_data, + coin_blind, ); constrain_instance(coin); @@ -72,15 +72,15 @@ circuit "DaoAuthMoneyTransferEncCoin" { constrain_instance(enc_token_id); shared_secret_3 = poseidon_hash(shared_secret, const_3); - enc_serial = base_add(serial, shared_secret_3); - constrain_instance(enc_serial); - - shared_secret_4 = poseidon_hash(shared_secret, const_4); - enc_spend_hook = base_add(spend_hook, shared_secret_4); + enc_spend_hook = base_add(spend_hook, shared_secret_3); constrain_instance(enc_spend_hook); - shared_secret_5 = poseidon_hash(shared_secret, const_5); - enc_user_data = base_add(user_data, shared_secret_5); + shared_secret_4 = poseidon_hash(shared_secret, const_4); + enc_user_data = base_add(user_data, shared_secret_4); constrain_instance(enc_user_data); + + shared_secret_5 = poseidon_hash(shared_secret, const_5); + enc_coin_blind = base_add(coin_blind, shared_secret_5); + constrain_instance(enc_coin_blind); } diff --git a/src/contract/dao/proof/dao-auth-money-transfer.zk b/src/contract/dao/proof/dao-auth-money-transfer.zk index b9f70c334..99ab87e72 100644 --- a/src/contract/dao/proof/dao-auth-money-transfer.zk +++ b/src/contract/dao/proof/dao-auth-money-transfer.zk @@ -30,7 +30,7 @@ witness "DaoAuthMoneyTransfer" { # Dao output coin attrs Base dao_value, Base dao_token_id, - Base dao_serial, + Base dao_coin_blind, # Should be set to DAO_CONTRACT_ID Base dao_contract_id, @@ -85,9 +85,9 @@ circuit "DaoAuthMoneyTransfer" { dao_value, # Likewise the token_id must match the other output coins. dao_token_id, - dao_serial, dao_contract_id, dao_bulla, + dao_coin_blind, ); constrain_instance(dao_change_coin); constrain_instance(dao_contract_id); @@ -126,7 +126,7 @@ circuit "DaoAuthMoneyTransfer" { # Serial shared_secret_3 = poseidon_hash(shared_secret, const_3); - enc_serial = base_add(dao_serial, shared_secret_3); - constrain_instance(enc_serial); + enc_coin_blind = base_add(dao_coin_blind, shared_secret_3); + constrain_instance(enc_coin_blind); } diff --git a/src/contract/dao/proof/dao-propose-input.zk b/src/contract/dao/proof/dao-propose-input.zk index a97858d0f..5b3890380 100644 --- a/src/contract/dao/proof/dao-propose-input.zk +++ b/src/contract/dao/proof/dao-propose-input.zk @@ -9,9 +9,9 @@ constant "DaoProposeInput" { witness "DaoProposeInput" { Base secret, - Base serial, Base spend_hook, Base user_data, + Base coin_blind, Base value, Base token, Scalar value_blind, @@ -31,9 +31,9 @@ circuit "DaoProposeInput" { pub_y, value, token, - serial, spend_hook, user_data, + coin_blind, ); # We need this to detect whether the above coin was already spent. diff --git a/src/contract/dao/proof/dao-vote-input.zk b/src/contract/dao/proof/dao-vote-input.zk index 6d02b3ca8..665867e11 100644 --- a/src/contract/dao/proof/dao-vote-input.zk +++ b/src/contract/dao/proof/dao-vote-input.zk @@ -9,9 +9,9 @@ constant "DaoVoteInput" { witness "DaoVoteInput" { Base secret, - Base serial, Base spend_hook, Base user_data, + Base coin_blind, Base value, Base gov_token_id, Scalar value_blind, @@ -30,9 +30,9 @@ circuit "DaoVoteInput" { pub_y, value, gov_token_id, - serial, spend_hook, user_data, + coin_blind, ); # This is the same as for money::transfer() calls. We could use diff --git a/src/contract/dao/src/client/auth_xfer.rs b/src/contract/dao/src/client/auth_xfer.rs index 71b0c069a..9910bb4de 100644 --- a/src/contract/dao/src/client/auth_xfer.rs +++ b/src/contract/dao/src/client/auth_xfer.rs @@ -67,9 +67,9 @@ impl DaoAuthMoneyTransferCall { let note = [ value_base, coin_attrs.token_id.inner(), - coin_attrs.serial, coin_attrs.spend_hook, coin_attrs.user_data, + coin_attrs.blind, ]; let enc_note = ElGamalEncryptedNote::encrypt(note, &ephem_secret, &coin_attrs.public_key); @@ -78,9 +78,9 @@ impl DaoAuthMoneyTransferCall { Witness::EcNiPoint(Value::known(coin_attrs.public_key.inner())), Witness::Base(Value::known(value_base)), Witness::Base(Value::known(coin_attrs.token_id.inner())), - Witness::Base(Value::known(coin_attrs.serial)), Witness::Base(Value::known(coin_attrs.spend_hook)), Witness::Base(Value::known(coin_attrs.user_data)), + Witness::Base(Value::known(coin_attrs.blind)), Witness::Base(Value::known(ephem_secret.inner())), ]; @@ -114,7 +114,7 @@ impl DaoAuthMoneyTransferCall { let dao_change_value = pallas::Base::from(self.dao_coin_attrs.value); let note = - [dao_change_value, self.dao_coin_attrs.token_id.inner(), self.dao_coin_attrs.serial]; + [dao_change_value, self.dao_coin_attrs.token_id.inner(), self.dao_coin_attrs.blind]; let dao_change_attrs = ElGamalEncryptedNote::encrypt(note, &ephem_secret, &self.dao.public_key); @@ -148,7 +148,7 @@ impl DaoAuthMoneyTransferCall { // Dao output coin attrs Witness::Base(Value::known(dao_change_value)), Witness::Base(Value::known(self.dao_coin_attrs.token_id.inner())), - Witness::Base(Value::known(self.dao_coin_attrs.serial)), + Witness::Base(Value::known(self.dao_coin_attrs.blind)), // DAO_CONTRACT_ID Witness::Base(Value::known(DAO_CONTRACT_ID.inner())), // Encrypted change DAO output diff --git a/src/contract/dao/src/client/exec.rs b/src/contract/dao/src/client/exec.rs index 1f90645e9..78d25314d 100644 --- a/src/contract/dao/src/client/exec.rs +++ b/src/contract/dao/src/client/exec.rs @@ -39,8 +39,6 @@ pub struct DaoExecCall { pub all_vote_value: u64, pub yes_vote_blind: pallas::Scalar, pub all_vote_blind: pallas::Scalar, - pub user_serial: pallas::Base, - pub dao_serial: pallas::Base, pub input_value: u64, pub input_value_blind: pallas::Scalar, pub input_user_data_blind: pallas::Base, diff --git a/src/contract/dao/src/client/propose.rs b/src/contract/dao/src/client/propose.rs index 0abb01434..3696b518a 100644 --- a/src/contract/dao/src/client/propose.rs +++ b/src/contract/dao/src/client/propose.rs @@ -82,9 +82,9 @@ impl DaoProposeCall { let prover_witnesses = vec![ Witness::Base(Value::known(input.secret.inner())), - Witness::Base(Value::known(note.serial)), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(pallas::Base::ZERO)), + Witness::Base(Value::known(note.coin_blind)), Witness::Base(Value::known(pallas::Base::from(note.value))), Witness::Base(Value::known(note.token_id.inner())), Witness::Scalar(Value::known(funds_blind)), @@ -99,9 +99,9 @@ impl DaoProposeCall { public_key, value: note.value, token_id: note.token_id, - serial: note.serial, spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: note.coin_blind, } .to_coin(); diff --git a/src/contract/dao/src/client/vote.rs b/src/contract/dao/src/client/vote.rs index e33c425c0..5917a0961 100644 --- a/src/contract/dao/src/client/vote.rs +++ b/src/contract/dao/src/client/vote.rs @@ -107,9 +107,9 @@ impl DaoVoteCall { let prover_witnesses = vec![ Witness::Base(Value::known(input.secret.inner())), - Witness::Base(Value::known(note.serial)), Witness::Base(Value::known(pallas::Base::ZERO)), Witness::Base(Value::known(pallas::Base::ZERO)), + Witness::Base(Value::known(note.coin_blind)), Witness::Base(Value::known(pallas::Base::from(note.value))), Witness::Base(Value::known(note.token_id.inner())), Witness::Scalar(Value::known(value_blind)), @@ -124,9 +124,9 @@ impl DaoVoteCall { public_key, value: note.value, token_id: note.token_id, - serial: note.serial, spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: note.coin_blind, } .to_coin(); diff --git a/src/contract/dao/tests/integration.rs b/src/contract/dao/tests/integration.rs index 86a9ef947..f0cf33772 100644 --- a/src/contract/dao/tests/integration.rs +++ b/src/contract/dao/tests/integration.rs @@ -186,9 +186,9 @@ fn integration_test() -> Result<()> { public_key: th.holders.get(&Holder::Rachel).unwrap().keypair.public, value: PROPOSAL_AMOUNT, token_id: drk_token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }]; // We can add whatever we want in here, even arbitrary text // It's up to the auth module to decide what to do with it. diff --git a/src/contract/money/proof/burn_v1.zk b/src/contract/money/proof/burn_v1.zk index 2ba3dffc2..0c186c5bc 100644 --- a/src/contract/money/proof/burn_v1.zk +++ b/src/contract/money/proof/burn_v1.zk @@ -19,12 +19,12 @@ witness "Burn_V1" { Scalar value_blind, # Random blinding factor for the token ID Base token_blind, - # Unique serial number corresponding to this coin - Base serial, # Allows composing this ZK proof to invoke other contracts Base spend_hook, # Data passed from this coin to the invoked contract Base user_data, + # Unique serial number corresponding to this coin + Base coin_blind, # Blinding factor for the encrypted user_data Base user_data_blind, # Secret key used to derive nullifier and coin's public key @@ -47,9 +47,9 @@ circuit "Burn_V1" { ec_get_y(pub), value, token, - serial, spend_hook, user_data, + coin_blind, ); # Poseidon hash of the nullifier diff --git a/src/contract/money/proof/fee_v1.zk b/src/contract/money/proof/fee_v1.zk index 86037926b..86be24abc 100644 --- a/src/contract/money/proof/fee_v1.zk +++ b/src/contract/money/proof/fee_v1.zk @@ -20,12 +20,12 @@ witness "Fee_V1" { Base input_value, # Random blinding factor for the input value commitment Scalar input_value_blind, - # Unique serial corresponding to the input coin - Base input_serial, # Input coin's spend hook Base input_spend_hook, # Data passed from the input to the invoked contract Base input_user_data, + # Unique coin blind corresponding to the input coin + Base input_coin_blind, # Blinding factor for the encrypted user_data Base input_user_data_blind, # Value of the output coin @@ -36,8 +36,8 @@ witness "Fee_V1" { Base output_user_data, # Random blinding factor for the output value commitment Scalar output_value_blind, - # Unique serial corresponding to the output coin - Base output_serial, + # Unique coin blind corresponding to the output coin + Base output_coin_blind, # Token ID Base token, # Random blinding factor for the token ID @@ -55,9 +55,9 @@ circuit "Fee_V1" { pub_y, input_value, token, - input_serial, input_spend_hook, input_user_data, + input_coin_blind, ); nullifier = poseidon_hash(input_secret, input_coin); @@ -97,9 +97,9 @@ circuit "Fee_V1" { pub_y, output_value, token, - output_serial, output_spend_hook, output_user_data, + output_coin_blind, ); constrain_instance(output_coin); diff --git a/src/contract/money/proof/mint_v1.zk b/src/contract/money/proof/mint_v1.zk index c07721e2d..4fbafc4d3 100644 --- a/src/contract/money/proof/mint_v1.zk +++ b/src/contract/money/proof/mint_v1.zk @@ -19,12 +19,12 @@ witness "Mint_V1" { Base value, # The token ID Base token, - # Unique serial number corresponding to this coin - Base serial, # Allows composing this ZK proof to invoke other contracts Base spend_hook, # Data passed from this coin to the invoked contract Base user_data, + # Unique serial number corresponding to this coin + Base coin_blind, # Random blinding factor for the value commitment Scalar value_blind, # Random blinding factor for the token ID @@ -39,9 +39,9 @@ circuit "Mint_V1" { pub_y, value, token, - serial, spend_hook, user_data, + coin_blind, ); constrain_instance(C); diff --git a/src/contract/money/src/client/fee_v1.rs b/src/contract/money/src/client/fee_v1.rs index cd45680ab..6f93ca9c3 100644 --- a/src/contract/money/src/client/fee_v1.rs +++ b/src/contract/money/src/client/fee_v1.rs @@ -106,9 +106,9 @@ pub async fn append_fee_call( public_key: keypair.public, value: change_value, token_id: coin.note.token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }; let token_blind = pallas::Base::random(&mut OsRng); @@ -127,20 +127,20 @@ pub async fn append_fee_call( input_value_blind, &output, output_value_blind, - output.serial, output.spend_hook, output.user_data, + output.blind, token_blind, signature_secret, )?; // Encrypted note for the output let note = MoneyNote { - serial: output.serial, value: output.value, token_id: output.token_id, spend_hook: output.spend_hook, user_data: output.user_data, + coin_blind: output.blind, value_blind: output_value_blind, token_blind, memo: vec![], @@ -258,9 +258,9 @@ fn create_fee_proof( input_value_blind: pallas::Scalar, output: &FeeCallOutput, output_value_blind: pallas::Scalar, - output_serial: pallas::Base, output_spend_hook: pallas::Base, output_user_data: pallas::Base, + output_coin_blind: pallas::Base, token_blind: pallas::Base, signature_secret: SecretKey, ) -> Result<(Proof, FeeRevealed)> { @@ -272,9 +272,9 @@ fn create_fee_proof( public_key, value: input.note.value, token_id: input.note.token_id, - serial: input.note.serial, spend_hook: input.note.spend_hook, user_data: input.note.user_data, + blind: input.note.coin_blind, } .to_coin(); @@ -305,9 +305,9 @@ fn create_fee_proof( public_key: output.public_key, value: output.value, token_id: output.token_id, - serial: output_serial, spend_hook: output_spend_hook, user_data: output_user_data, + blind: output_coin_blind, } .to_coin(); @@ -330,15 +330,15 @@ fn create_fee_proof( Witness::Base(Value::known(signature_secret.inner())), Witness::Base(Value::known(pallas::Base::from(input.note.value))), Witness::Scalar(Value::known(input_value_blind)), - Witness::Base(Value::known(input.note.serial)), Witness::Base(Value::known(input.note.spend_hook)), Witness::Base(Value::known(input.note.user_data)), + Witness::Base(Value::known(input.note.coin_blind)), Witness::Base(Value::known(input.user_data_blind)), Witness::Base(Value::known(pallas::Base::from(output.value))), Witness::Base(Value::known(output_spend_hook)), Witness::Base(Value::known(output_user_data)), Witness::Scalar(Value::known(output_value_blind)), - Witness::Base(Value::known(output_serial)), + Witness::Base(Value::known(output_coin_blind)), Witness::Base(Value::known(input.note.token_id.inner())), Witness::Base(Value::known(token_blind)), ]; diff --git a/src/contract/money/src/client/genesis_mint_v1.rs b/src/contract/money/src/client/genesis_mint_v1.rs index cc97d54ae..765e15f01 100644 --- a/src/contract/money/src/client/genesis_mint_v1.rs +++ b/src/contract/money/src/client/genesis_mint_v1.rs @@ -94,9 +94,9 @@ impl GenesisMintCallBuilder { public_key: self.keypair.public, value: self.amount, token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }; // We just create the commitment blinds here. We simply encofce @@ -113,7 +113,7 @@ impl GenesisMintCallBuilder { signature_public: PublicKey::from_secret(input.signature_secret), }; - let serial = pallas::Base::random(&mut OsRng); + let coin_blind = pallas::Base::random(&mut OsRng); info!("Creating token mint proof for output"); let (proof, public_inputs) = create_transfer_mint_proof( @@ -122,17 +122,17 @@ impl GenesisMintCallBuilder { &output, value_blind, token_blind, - serial, self.spend_hook, self.user_data, + coin_blind, )?; let note = MoneyNote { - serial, value: output.value, token_id: output.token_id, spend_hook: self.spend_hook, user_data: self.user_data, + coin_blind, value_blind, token_blind, memo: vec![], diff --git a/src/contract/money/src/client/mod.rs b/src/contract/money/src/client/mod.rs index 7b4b74b7b..3d5fe8d58 100644 --- a/src/contract/money/src/client/mod.rs +++ b/src/contract/money/src/client/mod.rs @@ -101,8 +101,6 @@ pub const MONEY_ALIASES_COL_TOKEN_ID: &str = "token_id"; /// All other coin attributes must be present. #[derive(Debug, Clone, Eq, PartialEq, SerialEncodable, SerialDecodable)] pub struct MoneyNote { - /// Serial number of the coin, used for the nullifier - pub serial: pallas::Base, /// Value of the coin pub value: u64, /// Token ID of the coin @@ -112,6 +110,8 @@ pub struct MoneyNote { pub spend_hook: pallas::Base, /// User data used by protocol when spend hook is enabled pub user_data: pallas::Base, + /// Blinding factor for the coin + pub coin_blind: pallas::Base, // TODO: look into removing these fields. We potentially don't need them [ /// Blinding factor for the value pedersen commitment pub value_blind: pallas::Scalar, diff --git a/src/contract/money/src/client/pow_reward_v1.rs b/src/contract/money/src/client/pow_reward_v1.rs index 5c54ca42d..3a6b033b8 100644 --- a/src/contract/money/src/client/pow_reward_v1.rs +++ b/src/contract/money/src/client/pow_reward_v1.rs @@ -102,9 +102,9 @@ impl PoWRewardCallBuilder { public_key: self.recipient, value, token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }; // We just create the commitment blinds here. We simply encofce @@ -121,7 +121,7 @@ impl PoWRewardCallBuilder { signature_public: PublicKey::from_secret(input.signature_secret), }; - let serial = pallas::Base::random(&mut OsRng); + let coin_blind = pallas::Base::random(&mut OsRng); info!("Creating token mint proof for output"); let (proof, public_inputs) = create_transfer_mint_proof( @@ -130,17 +130,17 @@ impl PoWRewardCallBuilder { &output, value_blind, token_blind, - serial, self.spend_hook, self.user_data, + coin_blind, )?; let note = MoneyNote { - serial, value: output.value, token_id: output.token_id, spend_hook: self.spend_hook, user_data: self.user_data, + coin_blind, value_blind, token_blind, memo: vec![], diff --git a/src/contract/money/src/client/swap_v1.rs b/src/contract/money/src/client/swap_v1.rs index ebca6b9db..012d4eedc 100644 --- a/src/contract/money/src/client/swap_v1.rs +++ b/src/contract/money/src/client/swap_v1.rs @@ -122,9 +122,9 @@ impl SwapCallBuilder { public_key: self.pubkey, value: self.value_recv, token_id: self.token_id_recv, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }; // Now we fill this with necessary stuff @@ -157,8 +157,8 @@ impl SwapCallBuilder { proofs.push(proof); - // For the output, we create a new serial - let serial = pallas::Base::random(&mut OsRng); + // For the output, we create a new coin blind + let coin_blind = pallas::Base::random(&mut OsRng); info!("Creating mint proof for output"); let (proof, public_inputs) = create_transfer_mint_proof( @@ -167,20 +167,20 @@ impl SwapCallBuilder { &output, self.value_blinds[1], self.token_blinds[1], - serial, self.spend_hook_recv, self.user_data_recv, + coin_blind, )?; proofs.push(proof); // Encrypted note let note = MoneyNote { - serial, value: output.value, token_id: output.token_id, spend_hook: self.spend_hook_recv, user_data: self.user_data_recv, + coin_blind, value_blind: self.value_blinds[1], token_blind: self.token_blinds[1], // Here we store our secret key we use for signing diff --git a/src/contract/money/src/client/token_mint_v1.rs b/src/contract/money/src/client/token_mint_v1.rs index cec7ce749..0507a481c 100644 --- a/src/contract/money/src/client/token_mint_v1.rs +++ b/src/contract/money/src/client/token_mint_v1.rs @@ -108,9 +108,9 @@ impl TokenMintCallBuilder { public_key: self.recipient, value: self.amount, token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }; // We just create the pedersen commitment blinds here. We simply @@ -128,7 +128,7 @@ impl TokenMintCallBuilder { signature_public: PublicKey::from_secret(input.signature_secret), }; - let serial = pallas::Base::random(&mut OsRng); + let coin_blind = pallas::Base::random(&mut OsRng); info!("Creating token mint proof for output"); let (proof, public_inputs) = create_token_mint_proof( @@ -138,17 +138,17 @@ impl TokenMintCallBuilder { &self.mint_authority, value_blind, token_blind, - serial, self.spend_hook, self.user_data, + coin_blind, )?; let note = MoneyNote { - serial, value: output.value, token_id: output.token_id, spend_hook: self.spend_hook, user_data: self.user_data, + coin_blind, value_blind, token_blind, memo: vec![], @@ -177,9 +177,9 @@ pub fn create_token_mint_proof( mint_authority: &Keypair, value_blind: pallas::Scalar, token_blind: pallas::Base, - serial: pallas::Base, spend_hook: pallas::Base, user_data: pallas::Base, + coin_blind: pallas::Base, ) -> Result<(Proof, TokenMintRevealed)> { let token_id = TokenId::derive(mint_authority.secret); @@ -193,9 +193,9 @@ pub fn create_token_mint_proof( rcpt_y, pallas::Base::from(output.value), token_id.inner(), - serial, spend_hook, user_data, + coin_blind, ])); let public_inputs = TokenMintRevealed { @@ -211,9 +211,9 @@ pub fn create_token_mint_proof( Witness::Base(Value::known(pallas::Base::from(output.value))), Witness::Base(Value::known(rcpt_x)), Witness::Base(Value::known(rcpt_y)), - Witness::Base(Value::known(serial)), Witness::Base(Value::known(spend_hook)), Witness::Base(Value::known(user_data)), + Witness::Base(Value::known(coin_blind)), Witness::Scalar(Value::known(value_blind)), Witness::Base(Value::known(token_blind)), ]; diff --git a/src/contract/money/src/client/transfer_v1/builder.rs b/src/contract/money/src/client/transfer_v1/builder.rs index ba8866674..01db2cfbe 100644 --- a/src/contract/money/src/client/transfer_v1/builder.rs +++ b/src/contract/money/src/client/transfer_v1/builder.rs @@ -153,20 +153,20 @@ impl TransferCallBuilder { output, value_blind, token_blind, - output.serial, output.spend_hook, output.user_data, + output.blind, )?; proofs.push(proof); // Encrypted note let note = MoneyNote { - serial: output.serial, value: output.value, token_id: output.token_id, spend_hook: output.spend_hook, user_data: output.user_data, + coin_blind: output.blind, value_blind, token_blind, memo: vec![], diff --git a/src/contract/money/src/client/transfer_v1/mod.rs b/src/contract/money/src/client/transfer_v1/mod.rs index 7f873f0cf..5607bf6bf 100644 --- a/src/contract/money/src/client/transfer_v1/mod.rs +++ b/src/contract/money/src/client/transfer_v1/mod.rs @@ -126,9 +126,9 @@ pub fn make_transfer_call( public_key: recipient, value, token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }); if change_value > 0 { @@ -136,9 +136,9 @@ pub fn make_transfer_call( public_key: keypair.public, value: change_value, token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: pallas::Base::ZERO, user_data: pallas::Base::ZERO, + blind: pallas::Base::random(&mut OsRng), }); } diff --git a/src/contract/money/src/client/transfer_v1/proof.rs b/src/contract/money/src/client/transfer_v1/proof.rs index b08a3752b..d5c1ddbbc 100644 --- a/src/contract/money/src/client/transfer_v1/proof.rs +++ b/src/contract/money/src/client/transfer_v1/proof.rs @@ -97,9 +97,9 @@ pub fn create_transfer_burn_proof( public_key, value: input.note.value, token_id: input.note.token_id, - serial: input.note.serial, spend_hook: input.note.spend_hook, user_data: input.note.user_data, + blind: input.note.coin_blind, } .to_coin(); @@ -138,9 +138,9 @@ pub fn create_transfer_burn_proof( Witness::Base(Value::known(input.note.token_id.inner())), Witness::Scalar(Value::known(value_blind)), Witness::Base(Value::known(token_blind)), - Witness::Base(Value::known(input.note.serial)), Witness::Base(Value::known(input.note.spend_hook)), Witness::Base(Value::known(input.note.user_data)), + Witness::Base(Value::known(input.note.coin_blind)), Witness::Base(Value::known(input.user_data_blind)), Witness::Base(Value::known(input.secret.inner())), Witness::Uint32(Value::known(u64::from(input.leaf_position).try_into().unwrap())), @@ -161,9 +161,9 @@ pub fn create_transfer_mint_proof( output: &TransferCallOutput, value_blind: pallas::Scalar, token_blind: pallas::Base, - serial: pallas::Base, spend_hook: pallas::Base, user_data: pallas::Base, + coin_blind: pallas::Base, ) -> Result<(Proof, TransferMintRevealed)> { let value_commit = pedersen_commitment_u64(output.value, value_blind); let token_commit = poseidon_hash([output.token_id.inner(), token_blind]); @@ -173,9 +173,9 @@ pub fn create_transfer_mint_proof( public_key: output.public_key, value: output.value, token_id: output.token_id, - serial, spend_hook, user_data, + blind: coin_blind, }; debug!("Created coin: {:?}", coin); let coin = coin.to_coin(); @@ -187,9 +187,9 @@ pub fn create_transfer_mint_proof( Witness::Base(Value::known(pub_y)), Witness::Base(Value::known(pallas::Base::from(output.value))), Witness::Base(Value::known(output.token_id.inner())), - Witness::Base(Value::known(serial)), Witness::Base(Value::known(spend_hook)), Witness::Base(Value::known(user_data)), + Witness::Base(Value::known(coin_blind)), Witness::Scalar(Value::known(value_blind)), Witness::Base(Value::known(token_blind)), ]; diff --git a/src/contract/money/src/model.rs b/src/contract/money/src/model.rs index c6725c142..3f157b84f 100644 --- a/src/contract/money/src/model.rs +++ b/src/contract/money/src/model.rs @@ -67,10 +67,10 @@ pub struct CoinAttributes { pub public_key: PublicKey, pub value: u64, pub token_id: TokenId, - /// Simultaneously blinds the coin and ensures uniqueness - pub serial: pallas::Base, pub spend_hook: pallas::Base, pub user_data: pallas::Base, + /// Simultaneously blinds the coin and ensures uniqueness + pub blind: pallas::Base, } // ANCHOR_END: coin-attributes @@ -82,9 +82,9 @@ impl CoinAttributes { pub_y, pallas::Base::from(self.value), self.token_id.inner(), - self.serial, self.spend_hook, self.user_data, + self.blind, ]); Coin(coin) } diff --git a/src/contract/test-harness/src/dao_exec.rs b/src/contract/test-harness/src/dao_exec.rs index ff5c6ea9d..83a80819c 100644 --- a/src/contract/test-harness/src/dao_exec.rs +++ b/src/contract/test-harness/src/dao_exec.rs @@ -119,9 +119,9 @@ impl TestHarness { public_key: dao_wallet.keypair.public, value: change_value, token_id: proposal_token_id, - serial: pallas::Base::random(&mut OsRng), spend_hook: DAO_CONTRACT_ID.inner(), user_data: dao_bulla.inner(), + blind: pallas::Base::random(&mut OsRng), }; outputs.push(dao_coin_attrs.clone()); @@ -153,11 +153,6 @@ impl TestHarness { xfer_params.inputs.iter().map(|input| input.value_commit).sum() ); - // First output is change, second output is recipient. - let minted_coins = xfer_secrets.minted_coins(&xfer_params); - let user_serial = minted_coins[0].note.serial; - let dao_serial = minted_coins[1].note.serial; - let exec_builder = DaoExecCall { proposal: proposal.clone(), dao: dao.clone(), @@ -165,8 +160,6 @@ impl TestHarness { all_vote_value, yes_vote_blind, all_vote_blind, - user_serial, - dao_serial, input_value, input_value_blind, input_user_data_blind, diff --git a/src/contract/test-harness/src/lib.rs b/src/contract/test-harness/src/lib.rs index d140f19fd..6ca02fba2 100644 --- a/src/contract/test-harness/src/lib.rs +++ b/src/contract/test-harness/src/lib.rs @@ -304,7 +304,10 @@ impl TestHarness { coin: output.coin, note: note.clone(), secret: secret_key, - nullifier: Nullifier::from(poseidon_hash([wallet.keypair.secret.inner(), note.serial])), + nullifier: Nullifier::from(poseidon_hash([ + wallet.keypair.secret.inner(), + output.coin.inner(), + ])), leaf_position, }; @@ -334,7 +337,7 @@ impl TestHarness { secret: secret_key, nullifier: Nullifier::from(poseidon_hash([ wallet.keypair.secret.inner(), - note.serial, + output.coin.inner(), ])), leaf_position, }; @@ -367,7 +370,7 @@ impl TestHarness { secret: secret_key, nullifier: Nullifier::from(poseidon_hash([ wallet.keypair.secret.inner(), - note.serial, + output.coin.inner(), ])), leaf_position, }; diff --git a/src/contract/test-harness/src/money_airdrop.rs b/src/contract/test-harness/src/money_airdrop.rs index 195b507b1..4c1e1ec95 100644 --- a/src/contract/test-harness/src/money_airdrop.rs +++ b/src/contract/test-harness/src/money_airdrop.rs @@ -72,9 +72,9 @@ impl TestHarness { public_key: recipient, value, token_id: *DARK_TOKEN_ID, - serial: pallas::Base::random(&mut OsRng), spend_hook: rcpt_spend_hook.unwrap_or(pallas::Base::ZERO), user_data: rcpt_user_data.unwrap_or(pallas::Base::ZERO), + blind: pallas::Base::random(&mut OsRng), }], mint_zkbin: mint_zkbin.clone(), mint_pk: mint_pk.clone(), diff --git a/src/contract/test-harness/src/vks.rs b/src/contract/test-harness/src/vks.rs index 50edf76de..0b59bae9f 100644 --- a/src/contract/test-harness/src/vks.rs +++ b/src/contract/test-harness/src/vks.rs @@ -46,8 +46,8 @@ use darkfi_serial::{deserialize, serialize}; use log::debug; /// Update this if any circuits are changed -const VKS_HASH: &str = "d02c1709830fb6f2fb5672b2dc9052e8b85c9e1179c4b0fbbeea2ae50ae3b5b3"; -const PKS_HASH: &str = "98e95fce2f80b9d2a8adffa258e37316354fa3f236d2f25d3fd5d9fc04a089f9"; +const VKS_HASH: &str = "8d491e5f127c14ddaa4eb9ac0de25fa3971c5ce7c794a62807c1c7283bcdaeae"; +const PKS_HASH: &str = "a9e4e440db9d467bbd61fb9ddc900c9bd155bbbd02f7c73e9012b558daf4af00"; fn pks_path(typ: &str) -> Result { let output = Command::new("git").arg("rev-parse").arg("--show-toplevel").output()?.stdout;