Adjusts final_check functions to expect/compute the correct message

anoma · May 15, 2024 · bae7a22 · bae7a22
1 parent 8100219
commit bae7a22
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/masp_proofs/src/sapling/verifier.rs b/masp_proofs/src/sapling/verifier.rs
@@ -175,7 +175,7 @@ impl SaplingVerificationContextInner {
         value_balance: I128Sum,
         sighash_value: &[u8; 32],
         binding_sig: Signature,
-        binding_sig_verifier: impl FnOnce(PublicKey, [u8; 64], Signature) -> bool,
+        binding_sig_verifier: impl FnOnce(PublicKey, &[u8; 32], Signature) -> bool,
     ) -> bool {
         // Obtain current cv_sum from the context
         let mut bvk = PublicKey(self.cv_sum);
@@ -198,12 +198,7 @@ impl SaplingVerificationContextInner {
             Err(_) => return false,
         };
 
-        // Compute the signature's message for bvk/binding_sig
-        let mut data_to_be_signed = [0u8; 64];
-        data_to_be_signed[0..32].copy_from_slice(&bvk.0.to_bytes());
-        data_to_be_signed[32..64].copy_from_slice(&sighash_value[..]);
-
         // Verify the binding_sig
-        binding_sig_verifier(bvk, data_to_be_signed, binding_sig)
+        binding_sig_verifier(bvk, sighash_value, binding_sig)
     }
 }
diff --git a/masp_proofs/src/sapling/verifier/single.rs b/masp_proofs/src/sapling/verifier/single.rs
@@ -1,5 +1,6 @@
 use bellman::groth16::{verify_proof, PreparedVerifyingKey, Proof};
 use bls12_381::Bls12;
+use group::GroupEncoding;
 use masp_primitives::{
     constants::{SPENDING_KEY_GENERATOR, VALUE_COMMITMENT_RANDOMNESS_GENERATOR},
     sapling::redjubjub::{PublicKey, Signature},
@@ -107,8 +108,13 @@ impl SaplingVerificationContext {
             sighash_value,
             binding_sig,
             |bvk, msg, binding_sig| {
+                // Compute the signature's message for bvk/binding_sig
+                let mut data_to_be_signed = [0u8; 64];
+                data_to_be_signed[0..32].copy_from_slice(&bvk.0.to_bytes());
+                data_to_be_signed[32..64].copy_from_slice(msg);
+
                 bvk.verify_with_zip216(
-                    &msg,
+                    &data_to_be_signed,
                     &binding_sig,
                     VALUE_COMMITMENT_RANDOMNESS_GENERATOR,
                     self.zip216_enabled,