money: change DARK_TOKEN_ID = hash_to_base("DarkFi:DRK_Native_Token")

2026-01-09 14:48:08 -05:00 · 2024-03-26 16:37:14 +01:00
parent 3349ea5cd8
commit f8f446f916
3 changed files with 30 additions and 13 deletions
--- a/src/contract/money/src/model/token_id.rs
+++ b/src/contract/money/src/model/token_id.rs
@@ -16,7 +16,13 @@
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

-use darkfi_sdk::{crypto::pasta_prelude::PrimeField, error::ContractError, pasta::pallas};
+use darkfi_sdk::{
+    crypto::{
+        constants::DRK_TOKEN_ID_PERSONALIZATION, pasta_prelude::PrimeField, util::hash_to_base,
+    },
+    error::ContractError,
+    pasta::pallas,
+};
 use darkfi_serial::{SerialDecodable, SerialEncodable};
 use lazy_static::lazy_static;

@@ -26,17 +32,14 @@ use darkfi_serial::async_trait;
 use super::{poseidon_hash, PublicKey, SecretKey};

 lazy_static! {
-    // The idea here is that 0 is not a valid x coordinate for any pallas point,
-    // therefore a signature cannot be produced for such IDs. This allows us to
-    // avoid hardcoding contract IDs for arbitrary contract deployments, because
-    // the contracts with 0 as their x coordinate can never have a valid signature.
-
+    // Is this even needed? Not used elsewhere except here.
    /// Derivation prefix for `TokenId`
    pub static ref TOKEN_ID_PREFIX: pallas::Base = pallas::Base::from(69);

-    /// Native DARK token ID
-    pub static ref DARK_TOKEN_ID: TokenId =
-        TokenId::from(poseidon_hash([*TOKEN_ID_PREFIX, pallas::Base::zero(), pallas::Base::from(42)]));
+    /// Native DARK token ID.
+    /// It does not correspond to any real commitment since we only rely on this value as
+    /// a constant.
+    pub static ref DARK_TOKEN_ID: TokenId = TokenId(hash_to_base(&[0x69], &[DRK_TOKEN_ID_PERSONALIZATION]));
 }

 /// TokenId represents an on-chain identifier for a certain token.
--- a/src/sdk/src/crypto/constants.rs
+++ b/src/sdk/src/crypto/constants.rs
@@ -49,3 +49,6 @@ pub(crate) const L_VALUE: usize = 64;

 /// WIF checksum length
 pub const WIF_CHECKSUM_LEN: usize = 4;
+
+/// Domain prefix used for Schnorr signatures, with `hash_to_scalar`.
+pub const DRK_TOKEN_ID_PERSONALIZATION: &[u8] = b"DarkFi:DRK_Native_Token";
--- a/src/sdk/src/crypto/util.rs
+++ b/src/sdk/src/crypto/util.rs
@@ -25,16 +25,27 @@ use pasta_curves::{
 use std::io::Cursor;
 use subtle::CtOption;

-/// Hash a slice of values together with a prefix `persona` using BLAKE2b
-/// and return a `pallas::Scalar` element from the digest.
-pub fn hash_to_scalar(persona: &[u8], vals: &[&[u8]]) -> pallas::Scalar {
+#[inline]
+fn hash_to_field_elem<F: FromUniformBytes<64>>(persona: &[u8], vals: &[&[u8]]) -> F {
    let mut hasher = blake2b_simd::Params::new().hash_length(64).personal(persona).to_state();

    for v in vals {
        hasher.update(v);
    }

-    pallas::Scalar::from_uniform_bytes(hasher.finalize().as_array())
+    F::from_uniform_bytes(hasher.finalize().as_array())
+}
+
+/// Hash a slice of values together with a prefix `persona` using BLAKE2b
+/// and return a `pallas::Scalar` element from the digest.
+pub fn hash_to_scalar(persona: &[u8], vals: &[&[u8]]) -> pallas::Scalar {
+    hash_to_field_elem(persona, vals)
+}
+
+/// Hash a slice of values together with a prefix `persona` using BLAKE2b
+/// and return a `pallas::Scalar` element from the digest.
+pub fn hash_to_base(persona: &[u8], vals: &[&[u8]]) -> pallas::Base {
+    hash_to_field_elem(persona, vals)
 }

 /// Converts from pallas::Base to pallas::Scalar (aka $x \pmod{r_\mathbb{P}}$).