Merge pull request #413 from zcash/zcash_spec-0.1

Migrate to `zcash_spec 0.1`
zcash · Jan 11, 2024 · d5fa3e1 · d5fa3e1
2 parents 9a85034 + 4b09ef6
commit d5fa3e1
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 87 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,6 +43,7 @@ serde = { version = "1.0", features = ["derive"] }
 subtle = "2.3"
 zcash_note_encryption = "0.4"
 incrementalmerkletree = "0.5"
+zcash_spec = "0.1"
 
 # Logging
 tracing = "0.1"

diff --git a/src/keys.rs b/src/keys.rs
@@ -115,7 +115,7 @@ pub struct SpendAuthorizingKey(redpallas::SigningKey<SpendAuth>);
 impl SpendAuthorizingKey {
     /// Derives ask from sk. Internal use only, does not enforce all constraints.
     fn derive_inner(sk: &SpendingKey) -> pallas::Scalar {
-        to_scalar(PrfExpand::OrchardAsk.expand(&sk.0))
+        to_scalar(PrfExpand::ORCHARD_ASK.with(&sk.0))
     }
 
     /// Randomizes this spend authorizing key with the given `randomizer`.
@@ -222,7 +222,7 @@ impl NullifierDerivingKey {
 
 impl From<&SpendingKey> for NullifierDerivingKey {
     fn from(sk: &SpendingKey) -> Self {
-        NullifierDerivingKey(to_base(PrfExpand::OrchardNk.expand(&sk.0)))
+        NullifierDerivingKey(to_base(PrfExpand::ORCHARD_NK.with(&sk.0)))
     }
 }
 
@@ -257,7 +257,7 @@ pub(crate) struct CommitIvkRandomness(pallas::Scalar);
 
 impl From<&SpendingKey> for CommitIvkRandomness {
     fn from(sk: &SpendingKey) -> Self {
-        CommitIvkRandomness(to_scalar(PrfExpand::OrchardRivk.expand(&sk.0)))
+        CommitIvkRandomness(to_scalar(PrfExpand::ORCHARD_RIVK.with(&sk.0)))
     }
 }
 
@@ -351,7 +351,7 @@ impl FullViewingKey {
                 let ak = self.ak.to_bytes();
                 let nk = self.nk.to_bytes();
                 CommitIvkRandomness(to_scalar(
-                    PrfExpand::OrchardRivkInternal.with_ad_slices(&k, &[&ak, &nk]),
+                    PrfExpand::ORCHARD_RIVK_INTERNAL.with(&k, &ak, &nk),
                 ))
             }
         }
@@ -363,7 +363,7 @@ impl FullViewingKey {
     fn derive_dk_ovk(&self) -> (DiversifierKey, OutgoingViewingKey) {
         let k = self.rivk.0.to_repr();
         let b = [(&self.ak.0).into(), self.nk.0.to_repr()];
-        let r = PrfExpand::OrchardDkOvk.with_ad_slices(&k, &[&b[0][..], &b[1][..]]);
+        let r = PrfExpand::ORCHARD_DK_OVK.with(&k, &b[0], &b[1]);
         (
             DiversifierKey(r[..32].try_into().unwrap()),
             OutgoingViewingKey(r[32..].try_into().unwrap()),

diff --git a/src/note.rs b/src/note.rs
@@ -53,15 +53,15 @@ impl RandomSeed {
     ///
     /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
     pub(crate) fn psi(&self, rho: &Nullifier) -> pallas::Base {
-        to_base(PrfExpand::Psi.with_ad(&self.0, &rho.to_bytes()[..]))
+        to_base(PrfExpand::PSI.with(&self.0, &rho.to_bytes()))
     }
 
     /// Defined in [Zcash Protocol Spec § 4.7.3: Sending Notes (Orchard)][orchardsend].
     ///
     /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
     fn esk_inner(&self, rho: &Nullifier) -> CtOption<NonZeroPallasScalar> {
         NonZeroPallasScalar::from_scalar(to_scalar(
-            PrfExpand::Esk.with_ad(&self.0, &rho.to_bytes()[..]),
+            PrfExpand::ORCHARD_ESK.with(&self.0, &rho.to_bytes()),
         ))
     }
 
@@ -78,7 +78,7 @@ impl RandomSeed {
     /// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
     pub(crate) fn rcm(&self, rho: &Nullifier) -> commitment::NoteCommitTrapdoor {
         commitment::NoteCommitTrapdoor(to_scalar(
-            PrfExpand::Rcm.with_ad(&self.0, &rho.to_bytes()[..]),
+            PrfExpand::ORCHARD_RCM.with(&self.0, &rho.to_bytes()),
         ))
     }
 }

diff --git a/src/spec.rs b/src/spec.rs
@@ -16,8 +16,7 @@ use crate::constants::{
     KEY_DIVERSIFICATION_PERSONALIZATION, L_ORCHARD_BASE,
 };
 
-mod prf_expand;
-pub(crate) use prf_expand::PrfExpand;
+pub(crate) use zcash_spec::PrfExpand;
 
 /// A Pallas point that is guaranteed to not be the identity.
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]

diff --git a/src/spec/prf_expand.rs b/src/spec/prf_expand.rs
diff --git a/src/zip32.rs b/src/zip32.rs
@@ -174,9 +174,10 @@ impl ExtendedSpendingKey {
     /// Discards index if it results in an invalid sk
     fn derive_child(&self, index: ChildIndex) -> Result<Self, Error> {
         // I := PRF^Expand(c_par, [0x81] || sk_par || I2LEOSP(i))
-        let I: [u8; 64] = PrfExpand::OrchardZip32Child.with_ad_slices(
+        let I: [u8; 64] = PrfExpand::ORCHARD_ZIP32_CHILD.with(
             &self.chain_code.0,
-            &[self.sk.to_bytes(), &index.0.to_le_bytes()],
+            self.sk.to_bytes(),
+            &index.0.to_le_bytes(),
         );
 
         // I_L is used as the child spending key sk_i.