github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-10 07:08:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

sdk/crypto/diffie_hellman: remove .clear_cofactor() call which is useless with Pallas/Vesta curves in sapling_ka_agree().

Browse Source
This commit is contained in:
zero
2024-01-22 10:51:24 +01:00
parent 613f3b3445
commit 51440e732f
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/sdk/src/crypto/diffie_hellman.rs
View File

@@ -27,8 +27,11 @@ pub const KDF_SAPLING_PERSONALIZATION: &[u8; 16] = b"DarkFiSaplingKDF";
/// Implements section 5.4.4.3 of the Zcash Protocol Specification
pub fn sapling_ka_agree(esk: &SecretKey, pk_d: &PublicKey) -> PublicKey {
let esk_s = mod_r_p(esk.inner());
// Windowed multiplication is constant time. Hence that is used here vs naive EC mult.
// Decrypting notes is a an amortized operation, so you want successful rare-case note
// decryptions to be indistinguishable from the usual case.
let mut wnaf = Wnaf::new();
PublicKey::from(wnaf.scalar(&esk_s).base(pk_d.inner()).clear_cofactor())
PublicKey::from(wnaf.scalar(&esk_s).base(pk_d.inner()))
}
/// Sapling KDF for note encryption.