Merge pull request #78 from anoma/murisi/receive-randomness

Receive the randomness used to create descriptions
anoma · May 14, 2024 · 16fae96 · 16fae96
2 parents 95cf327 + 5525d73
commit 16fae96
Show file tree

Hide file tree

Showing 7 changed files with 337 additions and 158 deletions.
diff --git a/masp_primitives/src/sapling.rs b/masp_primitives/src/sapling.rs
@@ -696,7 +696,7 @@ impl From<NoteValue> for u64 {
 }
 
 #[derive(Clone, Debug, Copy)]
-pub struct Note {
+pub struct Note<R = Rseed> {
     /// The asset type that the note represents
     pub asset_type: AssetType,
     /// The value of the note
@@ -706,7 +706,7 @@ pub struct Note {
     /// The public key of the address, g_d^ivk
     pub pk_d: jubjub::SubgroupPoint,
     /// rseed
-    pub rseed: Rseed,
+    pub rseed: R,
 }
 
 impl PartialEq for Note {
@@ -826,30 +826,30 @@ impl Note {
     }
 }
 
-impl BorshSchema for Note {
+impl<T: BorshSchema> BorshSchema for Note<T> {
     fn add_definitions_recursively(definitions: &mut BTreeMap<Declaration, Definition>) {
         let definition = Definition::Struct {
             fields: Fields::NamedFields(vec![
                 ("asset_type".into(), AssetType::declaration()),
                 ("value".into(), u64::declaration()),
                 ("g_d".into(), <[u8; 32]>::declaration()),
                 ("pk_d".into(), <[u8; 32]>::declaration()),
-                ("rseed".into(), Rseed::declaration()),
+                ("rseed".into(), T::declaration()),
             ]),
         };
         add_definition(Self::declaration(), definition, definitions);
         AssetType::add_definitions_recursively(definitions);
         u64::add_definitions_recursively(definitions);
         <[u8; 32]>::add_definitions_recursively(definitions);
-        Rseed::add_definitions_recursively(definitions);
+        T::add_definitions_recursively(definitions);
     }
 
     fn declaration() -> Declaration {
-        "Note".into()
+        format!("Note<{}>", T::declaration())
     }
 }
 
-impl BorshSerialize for Note {
+impl<T: BorshSerialize> BorshSerialize for Note<T> {
     fn serialize<W: std::io::Write>(&self, writer: &mut W) -> io::Result<()> {
         // Write asset type
         self.asset_type.serialize(writer)?;
@@ -865,7 +865,7 @@ impl BorshSerialize for Note {
     }
 }
 
-impl BorshDeserialize for Note {
+impl<T: BorshDeserialize> BorshDeserialize for Note<T> {
     fn deserialize_reader<R: Read>(reader: &mut R) -> io::Result<Self> {
         // Read asset type
         let asset_type = AssetType::deserialize_reader(reader)?;
@@ -880,7 +880,7 @@ impl BorshDeserialize for Note {
         let pk_d = Option::from(jubjub::SubgroupPoint::from_bytes(&pk_d_bytes))
             .ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "pk_d not in field"))?;
         // Read note plaintext lead byte
-        let rseed = Rseed::deserialize_reader(reader)?;
+        let rseed = T::deserialize_reader(reader)?;
         // Finally construct note object
         Ok(Note {
             asset_type,

diff --git a/masp_primitives/src/sapling/prover.rs b/masp_primitives/src/sapling/prover.rs
@@ -38,12 +38,14 @@ pub trait TxProver {
         value: u64,
         anchor: bls12_381::Scalar,
         merkle_path: MerklePath<Node>,
+        rcv: jubjub::Fr,
     ) -> Result<([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint, PublicKey), ()>;
 
     /// Create the value commitment and proof for a MASP OutputDescription,
     /// while accumulating its value commitment randomness inside the context for later
     /// use.
     ///
+    #[allow(clippy::too_many_arguments)]
     fn output_proof(
         &self,
         ctx: &mut Self::SaplingProvingContext,
@@ -52,6 +54,7 @@ pub trait TxProver {
         rcm: jubjub::Fr,
         asset_type: AssetType,
         value: u64,
+        rcv: jubjub::Fr,
     ) -> ([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint);
 
     /// Create the value commitment, and proof for a MASP ConvertDescription,
@@ -65,6 +68,7 @@ pub trait TxProver {
         value: u64,
         anchor: bls12_381::Scalar,
         merkle_path: MerklePath<Node>,
+        rcv: jubjub::Fr,
     ) -> Result<([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint), ()>;
 
     /// Create the `bindingSig` for a Sapling transaction. All calls to
@@ -80,9 +84,6 @@ pub trait TxProver {
 
 #[cfg(any(test, feature = "test-dependencies"))]
 pub mod mock {
-    use ff::Field;
-    use rand_core::OsRng;
-
     use crate::{
         asset_type::AssetType,
         constants::SPENDING_KEY_GENERATOR,
@@ -115,13 +116,9 @@ pub mod mock {
             value: u64,
             _anchor: bls12_381::Scalar,
             _merkle_path: MerklePath<Node>,
+            rcv: jubjub::Fr,
         ) -> Result<([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint, PublicKey), ()> {
-            let mut rng = OsRng;
-
-            let cv = asset_type
-                .value_commitment(value, jubjub::Fr::random(&mut rng))
-                .commitment()
-                .into();
+            let cv = asset_type.value_commitment(value, rcv).commitment().into();
 
             let rk =
                 PublicKey(proof_generation_key.ak.into()).randomize(ar, SPENDING_KEY_GENERATOR);
@@ -137,13 +134,9 @@ pub mod mock {
             _rcm: jubjub::Fr,
             asset_type: AssetType,
             value: u64,
+            rcv: jubjub::Fr,
         ) -> ([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint) {
-            let mut rng = OsRng;
-
-            let cv = asset_type
-                .value_commitment(value, jubjub::Fr::random(&mut rng))
-                .commitment()
-                .into();
+            let cv = asset_type.value_commitment(value, rcv).commitment().into();
 
             ([0u8; GROTH_PROOF_SIZE], cv)
         }
@@ -155,11 +148,10 @@ pub mod mock {
             value: u64,
             _anchor: bls12_381::Scalar,
             _merkle_path: MerklePath<Node>,
+            rcv: jubjub::Fr,
         ) -> Result<([u8; GROTH_PROOF_SIZE], jubjub::ExtendedPoint), ()> {
-            let mut rng = OsRng;
-
             let cv = allowed_conversion
-                .value_commitment(value, jubjub::Fr::random(&mut rng))
+                .value_commitment(value, rcv)
                 .commitment()
                 .into();
 

diff --git a/masp_primitives/src/sapling/util.rs b/masp_primitives/src/sapling/util.rs
@@ -1,10 +1,10 @@
 use blake2b_simd::Params;
-use ff::Field;
-use rand_core::{CryptoRng, RngCore};
 
 use crate::consensus::{self, BlockHeight, NetworkUpgrade};
 
 use super::Rseed;
+use ff::Field;
+use rand_core::{CryptoRng, RngCore};
 
 pub fn hash_to_scalar(persona: &[u8], a: &[u8], b: &[u8]) -> jubjub::Fr {
     let mut hasher = Params::new().hash_length(64).personal(persona).to_state();
@@ -19,19 +19,24 @@ pub fn generate_random_rseed<P: consensus::Parameters, R: RngCore + CryptoRng>(
     height: BlockHeight,
     rng: &mut R,
 ) -> Rseed {
-    generate_random_rseed_internal(params, height, rng)
+    if params.is_nu_active(NetworkUpgrade::MASP, height) {
+        let mut buffer = [0u8; 32];
+        rng.fill_bytes(&mut buffer);
+        Rseed::AfterZip212(buffer)
+    } else {
+        Rseed::BeforeZip212(jubjub::Fr::random(rng))
+    }
 }
 
-pub(crate) fn generate_random_rseed_internal<P: consensus::Parameters, R: RngCore>(
+pub(crate) fn generate_random_rseed_internal<P: consensus::Parameters>(
     params: &P,
     height: BlockHeight,
-    rng: &mut R,
+    before: jubjub::Fr,
+    after: [u8; 32],
 ) -> Rseed {
     if params.is_nu_active(NetworkUpgrade::MASP, height) {
-        let mut buffer = [0u8; 32];
-        rng.fill_bytes(&mut buffer);
-        Rseed::AfterZip212(buffer)
+        Rseed::AfterZip212(after)
     } else {
-        Rseed::BeforeZip212(jubjub::Fr::random(rng))
+        Rseed::BeforeZip212(before)
     }
 }