feat(rust,zkp): Update personalizations for PRF and value commitment (#…

…3668) * feat(rust,zkp): Update personalizations for PRF and value commitment * fix(ironfish): Update fixtures
iron-fish · Mar 20, 2023 · b0901ff · b0901ff
1 parent 2d97f3a
commit b0901ff
Show file tree

Hide file tree

Showing 65 changed files with 7,591 additions and 13,605 deletions.
diff --git a/ironfish-rust/src/assets/asset.rs b/ironfish-rust/src/assets/asset.rs
@@ -199,7 +199,7 @@ mod test {
 
     #[test]
     fn test_asset_new_with_nonce_invalid_nonce() {
-        let nonce = 0;
+        let nonce = 5;
         let public_address = [
             81, 229, 109, 20, 111, 174, 52, 91, 120, 215, 34, 107, 174, 123, 78, 102, 189, 188,
             226, 7, 173, 7, 76, 135, 130, 203, 71, 131, 62, 219, 240, 68,

diff --git a/ironfish-rust/src/assets/asset_identifier.rs b/ironfish-rust/src/assets/asset_identifier.rs
@@ -8,8 +8,8 @@ use jubjub::{ExtendedPoint, SubgroupPoint};
 use std::io;
 
 pub const NATIVE_ASSET: AssetIdentifier = AssetIdentifier([
-    215, 200, 103, 6, 245, 129, 122, 167, 24, 205, 28, 250, 208, 50, 51, 188, 214, 74, 119, 137,
-    253, 148, 34, 211, 177, 122, 246, 130, 58, 126, 106, 198,
+    81, 243, 58, 47, 20, 249, 39, 53, 229, 98, 220, 101, 138, 86, 57, 39, 157, 220, 163, 213, 7,
+    154, 109, 18, 66, 178, 165, 136, 169, 203, 244, 76,
 ]);
 
 /// A convenience wrapper around an asset id byte-array, allowing us to push the

diff --git a/ironfish-rust/src/sapling_params/sapling-mint.params b/ironfish-rust/src/sapling_params/sapling-mint.params
diff --git a/ironfish-rust/src/sapling_params/sapling-output.params b/ironfish-rust/src/sapling_params/sapling-output.params
diff --git a/ironfish-rust/src/sapling_params/sapling-spend.params b/ironfish-rust/src/sapling_params/sapling-spend.params
diff --git a/ironfish-zkp/src/circuits/mint_asset.rs b/ironfish-zkp/src/circuits/mint_asset.rs
@@ -3,15 +3,15 @@ use bellman::{
     Circuit,
 };
 use ff::PrimeField;
-use zcash_primitives::{constants::CRH_IVK_PERSONALIZATION, sapling::ProofGenerationKey};
+use zcash_primitives::sapling::ProofGenerationKey;
 use zcash_proofs::{
     circuit::ecc,
     constants::{PROOF_GENERATION_KEY_GENERATOR, SPENDING_KEY_GENERATOR},
 };
 
 use crate::{
     circuits::util::asset_id_preimage,
-    constants::{proof::PUBLIC_KEY_GENERATOR, ASSET_ID_PERSONALIZATION},
+    constants::{proof::PUBLIC_KEY_GENERATOR, ASSET_ID_PERSONALIZATION, CRH_IVK_PERSONALIZATION},
 };
 
 pub struct MintAsset {

diff --git a/ironfish-zkp/src/circuits/output.rs b/ironfish-zkp/src/circuits/output.rs
@@ -5,7 +5,7 @@ use bellman::{gadgets::blake2s, Circuit, ConstraintSystem, SynthesisError};
 use group::Curve;
 use jubjub::SubgroupPoint;
 
-use zcash_primitives::{constants::CRH_IVK_PERSONALIZATION, sapling::ProofGenerationKey};
+use zcash_primitives::sapling::ProofGenerationKey;
 use zcash_proofs::{
     circuit::{ecc, pedersen_hash},
     constants::{
@@ -16,7 +16,7 @@ use zcash_proofs::{
 
 use crate::{
     circuits::util::assert_valid_asset_generator,
-    constants::{proof::PUBLIC_KEY_GENERATOR, ASSET_ID_LENGTH},
+    constants::{proof::PUBLIC_KEY_GENERATOR, ASSET_ID_LENGTH, CRH_IVK_PERSONALIZATION},
     primitives::ValueCommitment,
 };
 
@@ -324,7 +324,7 @@ mod test {
                 assert_eq!(cs.num_constraints(), 54009);
                 assert_eq!(
                     cs.hash(),
-                    "73a0f2943a2944b2a7a4bce45e1e4acf75df8adc8dffe342b691fc0d6632dfc1"
+                    "c34430aa14387607c190af7d3d086c8c8e793e9aef640a34be834efeaff39e01"
                 );
 
                 let commitment = commitment_full_point(

diff --git a/ironfish-zkp/src/circuits/spend.rs b/ironfish-zkp/src/circuits/spend.rs
@@ -2,6 +2,7 @@ use bellman::{Circuit, ConstraintSystem, SynthesisError};
 use ff::PrimeField;
 use jubjub::SubgroupPoint;
 
+use crate::constants::{CRH_IVK_PERSONALIZATION, PRF_NF_PERSONALIZATION};
 use crate::{constants::proof::PUBLIC_KEY_GENERATOR, primitives::ValueCommitment};
 
 use super::util::expose_value_commitment;
@@ -10,10 +11,7 @@ use bellman::gadgets::boolean;
 use bellman::gadgets::multipack;
 use bellman::gadgets::num;
 use bellman::gadgets::Assignment;
-use zcash_primitives::{
-    constants::CRH_IVK_PERSONALIZATION, constants::PRF_NF_PERSONALIZATION,
-    sapling::ProofGenerationKey,
-};
+use zcash_primitives::sapling::ProofGenerationKey;
 use zcash_proofs::{
     circuit::{ecc, pedersen_hash},
     constants::{
@@ -344,17 +342,14 @@ mod test {
     use ff::{Field, PrimeField, PrimeFieldBits};
     use group::{Curve, Group, GroupEncoding};
     use rand::{rngs::StdRng, RngCore, SeedableRng};
-    use zcash_primitives::{
-        constants::VALUE_COMMITMENT_VALUE_GENERATOR,
-        sapling::{pedersen_hash, Note, ProofGenerationKey, Rseed},
-    };
-    use zcash_primitives::{
-        constants::{NULLIFIER_POSITION_GENERATOR, PRF_NF_PERSONALIZATION},
-        sapling::Nullifier,
-    };
+    use zcash_primitives::sapling::{pedersen_hash, Note, ProofGenerationKey, Rseed};
+    use zcash_primitives::{constants::NULLIFIER_POSITION_GENERATOR, sapling::Nullifier};
 
     use crate::{
-        circuits::spend::Spend, constants::PUBLIC_KEY_GENERATOR, primitives::ValueCommitment,
+        circuits::spend::Spend,
+        constants::PUBLIC_KEY_GENERATOR,
+        constants::{PRF_NF_PERSONALIZATION, VALUE_COMMITMENT_VALUE_GENERATOR},
+        primitives::ValueCommitment,
         util::commitment_full_point,
     };
 
@@ -482,7 +477,7 @@ mod test {
                 assert_eq!(cs.num_constraints(), 98118);
                 assert_eq!(
                     cs.hash(),
-                    "21cab0a7448c5b2997ffe5c6695c5821a963b858230b94bbc419c7c919a1c424"
+                    "3beab29b9ac7e33812cbe357ffc05997c891947395468720485b335050cac706"
                 );
 
                 assert_eq!(cs.get("randomization of note commitment/u3/num"), cmu);
@@ -651,7 +646,7 @@ mod test {
                 assert_eq!(cs.num_constraints(), 98118);
                 assert_eq!(
                     cs.hash(),
-                    "21cab0a7448c5b2997ffe5c6695c5821a963b858230b94bbc419c7c919a1c424"
+                    "3beab29b9ac7e33812cbe357ffc05997c891947395468720485b335050cac706"
                 );
 
                 assert_eq!(cs.get("randomization of note commitment/u3/num"), cmu);

diff --git a/ironfish-zkp/src/circuits/util.rs b/ironfish-zkp/src/circuits/util.rs
@@ -6,13 +6,15 @@ use bellman::{
     ConstraintSystem, SynthesisError,
 };
 use ff::PrimeField;
-use zcash_primitives::constants::VALUE_COMMITMENT_GENERATOR_PERSONALIZATION;
 use zcash_proofs::{
     circuit::ecc::{self, EdwardsPoint},
     constants::VALUE_COMMITMENT_RANDOMNESS_GENERATOR,
 };
 
-use crate::{constants::ASSET_ID_LENGTH, primitives::ValueCommitment};
+use crate::{
+    constants::{ASSET_ID_LENGTH, VALUE_COMMITMENT_GENERATOR_PERSONALIZATION},
+    primitives::ValueCommitment,
+};
 
 pub fn asset_id_preimage<CS: bellman::ConstraintSystem<bls12_381::Scalar>>(
     cs: &mut CS,

diff --git a/ironfish-zkp/src/constants.rs b/ironfish-zkp/src/constants.rs
@@ -1,8 +1,7 @@
 use jubjub::SubgroupPoint;
 pub use zcash_primitives::constants::{
     CRH_IVK_PERSONALIZATION, NOTE_COMMITMENT_RANDOMNESS_GENERATOR, NULLIFIER_POSITION_GENERATOR,
-    PRF_NF_PERSONALIZATION, PROOF_GENERATION_KEY_GENERATOR, SPENDING_KEY_GENERATOR,
-    VALUE_COMMITMENT_GENERATOR_PERSONALIZATION, VALUE_COMMITMENT_RANDOMNESS_GENERATOR,
+    PROOF_GENERATION_KEY_GENERATOR, SPENDING_KEY_GENERATOR, VALUE_COMMITMENT_RANDOMNESS_GENERATOR,
     VALUE_COMMITMENT_VALUE_GENERATOR,
 };
 
@@ -20,6 +19,12 @@ pub const ASSET_ID_PERSONALIZATION_PEDERSEN: pedersen_hash::Personalization =
 /// BLAKE2s personalization for deriving asset identifier from asset name
 pub const ASSET_ID_PERSONALIZATION: &[u8; 8] = b"ironf_A_";
 
+/// BLAKE2s personalization for PRF^nf = BLAKE2s(nk | rho)
+pub const PRF_NF_PERSONALIZATION: &[u8; 8] = b"ironf_nf";
+
+/// BLAKE2s personalization for the value commitment generator for the value
+pub const VALUE_COMMITMENT_GENERATOR_PERSONALIZATION: &[u8; 8] = b"ironf_cv";
+
 pub const PUBLIC_KEY_GENERATOR: SubgroupPoint = SubgroupPoint::from_raw_unchecked(
     bls12_381::Scalar::from_raw([
         0x3edc_c85f_4d1a_44cd,
@@ -37,16 +42,16 @@ pub const PUBLIC_KEY_GENERATOR: SubgroupPoint = SubgroupPoint::from_raw_unchecke
 
 pub const NATIVE_VALUE_COMMITMENT_GENERATOR: SubgroupPoint = SubgroupPoint::from_raw_unchecked(
     bls12_381::Scalar::from_raw([
-        0x80c7_f5ae_1da3_8af3,
-        0x98ba_f7d9_30ae_9fb4,
-        0x4013_b536_9827_f490,
-        0x6f7d_4197_52cb_de81,
+        0x94d2_7f25_df35_ab48,
+        0xd63c_001a_a39a_7991,
+        0x7398_aab3_c907_f5ab,
+        0x6623_5382_bd3b_3741,
     ]),
     bls12_381::Scalar::from_raw([
-        0xf2c7_679e_d68b_3d8e,
-        0x1802_9e88_8161_324d,
-        0xe533_69d9_0048_0967,
-        0x6e93_e7d5_5427_ef9c,
+        0x6f79_906c_2a58_8644,
+        0x48e2_9b1a_efc3_a67c,
+        0x4808_b27f_848e_59b3,
+        0x074c_0767_fd99_d42f,
     ]),
 );
 

diff --git a/ironfish-zkp/src/util.rs b/ironfish-zkp/src/util.rs
@@ -4,10 +4,12 @@ use byteorder::{LittleEndian, WriteBytesExt};
 use ff::PrimeField;
 use group::{cofactor::CofactorGroup, Group, GroupEncoding};
 use zcash_primitives::{
-    constants::{NOTE_COMMITMENT_RANDOMNESS_GENERATOR, VALUE_COMMITMENT_GENERATOR_PERSONALIZATION},
+    constants::NOTE_COMMITMENT_RANDOMNESS_GENERATOR,
     sapling::pedersen_hash::{pedersen_hash, Personalization},
 };
 
+use crate::constants::VALUE_COMMITMENT_GENERATOR_PERSONALIZATION;
+
 /// Computes the note commitment with sender address, returning the full point.
 pub fn commitment_full_point(
     asset_generator: jubjub::ExtendedPoint,