From 08f44bab86cd6e8af4a6beab0195d1c78cf3d03b Mon Sep 17 00:00:00 2001 From: narodnik Date: Mon, 3 May 2021 12:16:31 +0200 Subject: [PATCH] Diffie Hellman functions for encrypting output notes --- Cargo.toml | 1 + src/crypto/diffie_hellman.rs | 32 ++++++++++++++++++++++++++++++++ src/crypto/mod.rs | 1 + 3 files changed, 34 insertions(+) create mode 100644 src/crypto/diffie_hellman.rs diff --git a/Cargo.toml b/Cargo.toml index 0e94b5a7d..cef3f8f40 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -27,6 +27,7 @@ rand_core = "0.5.1" sha2 = "0.9.1" rand_xorshift = "0.2" blake2s_simd = "0.5" +blake2b_simd = "0.5.11" bitvec = "0.18" bimap = "0.5.2" async-trait = "0.1.42" diff --git a/src/crypto/diffie_hellman.rs b/src/crypto/diffie_hellman.rs new file mode 100644 index 000000000..9dc2b45fa --- /dev/null +++ b/src/crypto/diffie_hellman.rs @@ -0,0 +1,32 @@ +use blake2b_simd::{Hash as Blake2bHash, Params as Blake2bParams}; +use group::{cofactor::CofactorGroup, GroupEncoding}; + +pub const KDF_SAPLING_PERSONALIZATION: &[u8; 16] = b"DarkFiSaplingKDF"; + +/// Functions used for encrypting the note in transaction outputs. + +/// Sapling key agreement for note encryption. +/// +/// Implements section 5.4.4.3 of the Zcash Protocol Specification. +pub fn sapling_ka_agree(esk: &jubjub::Fr, pk_d: &jubjub::ExtendedPoint) -> jubjub::SubgroupPoint { + // [8 esk] pk_d + // ::clear_cofactor is implemented using + // ExtendedPoint::mul_by_cofactor in the jubjub crate. + + let mut wnaf = group::Wnaf::new(); + wnaf.scalar(esk).base(*pk_d).clear_cofactor() +} + +/// Sapling KDF for note encryption. +/// +/// Implements section 5.4.4.4 of the Zcash Protocol Specification. +fn kdf_sapling(dhsecret: jubjub::SubgroupPoint, epk: &jubjub::ExtendedPoint) -> Blake2bHash { + Blake2bParams::new() + .hash_length(32) + .personal(KDF_SAPLING_PERSONALIZATION) + .to_state() + .update(&dhsecret.to_bytes()) + .update(&epk.to_bytes()) + .finalize() +} + diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs index 5f34d2281..eea56e436 100644 --- a/src/crypto/mod.rs +++ b/src/crypto/mod.rs @@ -1,3 +1,4 @@ +pub mod diffie_hellman; pub mod mint_proof; pub mod spend_proof;