Skip to content

Commit

Permalink
Address comments from code review.
Browse files Browse the repository at this point in the history
  • Loading branch information
nuttycom committed Mar 10, 2024
1 parent 562896f commit 67f7e8f
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 33 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of

### Added
- `orchard::note::Rho`
- `orchard::action::Action::rho`
- `orchard::note_encryption::CompactAction::rho`

### Changed
- The following methods have their `Nullifier`-typed argument or return value
Expand All @@ -17,6 +19,10 @@ and this project adheres to Rust's notion of
- `orchard::note::Note::from_parts`
- `orchard::note::Note::rho`

### Removed
- `orchard::note_encryption::OrchardDomain::for_nullifier` (use `for_action`
or `for_compact_action` instead).

## [0.7.1] - 2024-02-29
### Added
- `impl subtle::ConstantTimeEq for orchard::note::Nullifier`
Expand Down
7 changes: 6 additions & 1 deletion src/action.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use memuse::DynamicUsage;

use crate::{
note::{ExtractedNoteCommitment, Nullifier, TransmittedNoteCiphertext},
note::{ExtractedNoteCommitment, Nullifier, Rho, TransmittedNoteCiphertext},
primitives::redpallas::{self, SpendAuth},
value::ValueCommitment,
};
Expand Down Expand Up @@ -66,6 +66,11 @@ impl<T> Action<T> {
&self.encrypted_note
}

/// Obtains the [`Rho`] value that was used to construct the new note being created.
pub fn rho(&self) -> Rho {
Rho::from_paired_spend_revealed_nf(self.nf)
}

/// Returns the commitment to the net value created or consumed by this action.
pub fn cv_net(&self) -> &ValueCommitment {
&self.cv_net
Expand Down
9 changes: 4 additions & 5 deletions src/builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ use nonempty::NonEmpty;
use pasta_curves::pallas;
use rand::{prelude::SliceRandom, CryptoRng, RngCore};

use crate::note::Rho;
use crate::{
action::Action,
address::Address,
Expand All @@ -19,7 +18,7 @@ use crate::{
FullViewingKey, OutgoingViewingKey, Scope, SpendAuthorizingKey, SpendValidatingKey,
SpendingKey,
},
note::{Note, TransmittedNoteCiphertext},
note::{Note, Rho, TransmittedNoteCiphertext},
note_encryption::OrchardNoteEncryption,
primitives::redpallas::{self, Binding, SpendAuth},
tree::{Anchor, MerklePath},
Expand Down Expand Up @@ -335,8 +334,8 @@ impl ActionInfo {
let v_net = self.value_sum();
let cv_net = ValueCommitment::derive(v_net, self.rcv.clone());

let nf_revealed = self.spend.note.nullifier(&self.spend.fvk);
let rho = Rho::from_paired_spend_revealed_nf(nf_revealed);
let nf_old = self.spend.note.nullifier(&self.spend.fvk);
let rho = Rho::from_paired_spend_revealed_nf(nf_old);
let ak: SpendValidatingKey = self.spend.fvk.clone().into();
let alpha = pallas::Scalar::random(&mut rng);
let rk = ak.randomize(&alpha);
Expand All @@ -355,7 +354,7 @@ impl ActionInfo {

(
Action::from_parts(
nf_revealed,
nf_old,
rk,
cmx,
encrypted_note,
Expand Down
2 changes: 1 addition & 1 deletion src/circuit.rs
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
let rho_old = assign_free_advice(
layouter.namespace(|| "witness rho_old"),
config.advices[0],
self.rho_old.map(|rho| rho.0),
self.rho_old.map(|rho| rho.into_inner()),
)?;

// Witness cm_old
Expand Down
40 changes: 23 additions & 17 deletions src/note.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,22 @@ pub use self::commitment::{ExtractedNoteCommitment, NoteCommitment};
pub(crate) mod nullifier;
pub use self::nullifier::Nullifier;

// We know that `pallas::Base` doesn't allocate internally.
memuse::impl_no_dynamic_usage!(Rho);

/// The randomness used to construct a note.
///
/// The [`Rho`] value for a note should always be constructed from the revealed nullifier of the
/// paired spend in the process of creating an [`Action`].
///
/// [`Action`]: crate::action::Action
#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
pub struct Rho(pub(crate) pallas::Base);
pub struct Rho(pallas::Base);

impl Rho {
/// Constructs the [`Rho`] value to be used to construct a new note from the revealed nullifier
/// of the note being spent in the [`Action`] under construction.
///
/// [`Action`]: crate::action::Action
pub fn from_paired_spend_revealed_nf(nf: Nullifier) -> Self {
Rho(nf.0)
}
// We know that `pallas::Base` doesn't allocate internally.
memuse::impl_no_dynamic_usage!(Rho);

impl Rho {
/// Deserialize the rho value from a byte array.
///
/// This should only be used in cases where the components of a `Note` are being serialized and
/// stored individually. Use [`Action::rho`] or [`CompactAction::rho`] to obtain the [`Rho`]
/// value otherwise.
///
/// [`Action::rho`] crate::action::Action::rho
/// [`CompactAction::rho`] crate::note_encryption::CompactAction::rho
pub fn from_bytes(bytes: &[u8; 32]) -> CtOption<Self> {
pallas::Base::from_repr(*bytes).map(Rho)
}
Expand All @@ -51,6 +45,18 @@ impl Rho {
pub fn to_bytes(self) -> [u8; 32] {
self.0.to_repr()
}

/// Constructs the [`Rho`] value to be used to construct a new note from the revealed nullifier
/// of the note being spent in the [`Action`] under construction.
///
/// [`Action`] crate::action::Action
pub(crate) fn from_paired_spend_revealed_nf(nf: Nullifier) -> Self {
Rho(nf.0)
}

pub(crate) fn into_inner(self) -> pallas::Base {
self.0
}
}

/// The ZIP 212 seed randomness for a note.
Expand Down
18 changes: 9 additions & 9 deletions src/note_encryption.rs
Original file line number Diff line number Diff line change
Expand Up @@ -97,17 +97,12 @@ impl memuse::DynamicUsage for OrchardDomain {
impl OrchardDomain {
/// Constructs a domain that can be used to trial-decrypt this action's output note.
pub fn for_action<T>(act: &Action<T>) -> Self {
Self::for_nullifier(*act.nullifier())
Self { rho: act.rho() }
}

/// Constructs a domain from a nullifier.
///
/// The provided nullifier must be the nullifier revealed in the action of the note being
/// encrypted or decrypted.
pub fn for_nullifier(nullifier: Nullifier) -> Self {
OrchardDomain {
rho: Rho::from_paired_spend_revealed_nf(nullifier),
}
/// Constructs a domain that can be used to trial-decrypt this action's output note.
pub fn for_compact_action(act: &CompactAction) -> Self {
Self { rho: act.rho() }
}
}

Expand Down Expand Up @@ -338,6 +333,11 @@ impl CompactAction {
pub fn cmx(&self) -> ExtractedNoteCommitment {
self.cmx
}

/// Obtains the [`Rho`] value that was used to construct the new note being created.
pub fn rho(&self) -> Rho {
Rho::from_paired_spend_revealed_nf(self.nullifier)
}
}

#[cfg(test)]
Expand Down

0 comments on commit 67f7e8f

Please sign in to comment.