Add crh_ivk

2025-02-14 10:45:47 +00:00 · 2018-05-14 21:23:21 -07:00 · 2018-05-14 21:23:21 -07:00 · 23c2f0e527
commit 23c2f0e527
parent c44d70299b
2 changed files with 27 additions and 1 deletions
--- a/include/librustzcash.h
+++ b/include/librustzcash.h
@ -12,6 +12,8 @@ extern "C" {

    void librustzcash_nsk_to_nk(const unsigned char *nsk, unsigned char *result);

+    void librustzcash_crh_ivk(const unsigned char *ak, const unsigned char *nk, unsigned char *result);
+
    /// Loads the zk-SNARK parameters into memory and saves
    /// paths as necessary. Only called once.
    void librustzcash_init_zksnark_params(
--- a/src/rustzcash.rs
+++ b/src/rustzcash.rs
@ -11,7 +11,7 @@ extern crate lazy_static;

 use pairing::{BitIterator, Field, PrimeField, PrimeFieldRepr, bls12_381::{Bls12, Fr, FrRepr}};

-use sapling_crypto::{circuit::multipack,
+use sapling_crypto::{circuit::multipack, constants::CRH_IVK_PERSONALIZATION,
                     jubjub::{edwards, FixedGenerators, JubjubBls12, JubjubEngine, JubjubParams,
                              PrimeOrder, ToUniform, Unknown, fs::FsRepr},
                     pedersen_hash::{pedersen_hash, Personalization}, redjubjub::{self, Signature}};
@ -21,6 +21,8 @@ use sapling_crypto::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};
 use bellman::groth16::{create_random_proof, prepare_verifying_key, verify_proof, Parameters,
                       PreparedVerifyingKey, Proof, VerifyingKey};

+use blake2_rfc::blake2s::Blake2s;
+
 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};

 use rand::OsRng;
@ -241,6 +243,28 @@ pub extern "system" fn librustzcash_nsk_to_nk(
    nk.write(&mut result[..]).expect("length is 32 bytes");
 }

+#[no_mangle]
+pub extern "system" fn librustzcash_crh_ivk(
+    ak: *const [c_uchar; 32],
+    nk: *const [c_uchar; 32],
+    result: *mut [c_uchar; 32],
+) {
+    let ak = unsafe { &*ak };
+    let nk = unsafe { &*nk };
+
+    let mut h = Blake2s::with_params(32, &[], &[], CRH_IVK_PERSONALIZATION);
+    h.update(ak);
+    h.update(nk);
+    let mut h = h.finalize().as_ref().to_vec();
+
+    // Drop the last five bits, so it can be interpreted as a scalar.
+    h[31] &= 0b0000_0111;
+
+    let result = unsafe { &mut *result };
+
+    result.copy_from_slice(&h);
+}
+
 /// XOR two uint64_t values and return the result, used
 /// as a temporary mechanism for introducing Rust into
 /// Zcash.