Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Blake for stealth addresses #147

Merged
merged 5 commits into from
Apr 5, 2024
Merged

Use Blake for stealth addresses #147

merged 5 commits into from
Apr 5, 2024

Conversation

xevisalle
Copy link
Member

@xevisalle xevisalle commented Mar 27, 2024
edited
Loading

Resolves: #150

@moCello
Copy link
Member

moCello commented Mar 28, 2024
edited
Loading

I was also looking into this last week. Now that we change how the hash is created, there are some things to keep in mind:

  • first of all: yes, unfortunately we need to go over the conversion to JubJubAffine, since only a JubJubAffine stores the real coordinates of a point on the jubjub curve. You can check here how a JubJubExtended relates to a JubJubAffine (note that a ExtendedPoint is our JubJubExtended)
  • I think the module should not be called permutation since it is not a permutation. Preferably I would remove the module all together and add the hash function in 'lib.rs' or 'keys.rs' (since the hash is only used for generating the keys), or alternatively rename the module to 'hash' (this is less nice though since then we have a 'hash::hash' path for the hash function).
  • this point is an important one for research to think about: we should check if we want to use the to_bytes function of JubJubAffine to get our hash-input. It will serialize only the BlsScalar x-coordinate of the point and use the first bit of that serialization to indicate whether the positive or negative y-coordinated is used with the point (this means that the serialization of point P has only a one bit difference to the serialization of point -P). If we want to have the actual coordinates as hash-inputs then we need to use the to_hash_inputs functionality of jubjub-points and serialize the two resulting BlsScalar one by one. Theoretically it shouldn't matter so much which input we take for the hash-function (as long as we always pick the same one ;)) since even only a one bit difference in the input should result in a completely different hash, but that's something I'll leave research to think about
  • concretely regarding your commit: you don't need to use the entire path dusk_jubjub::Fr::hash_to_scalar, since you are importing JubJubScalar above already, you can simply go: JubJubScalar::hash_to_scalar.

@xevisalle xevisalle marked this pull request as ready for review April 4, 2024 15:31
moCello
moCello approved these changes Apr 5, 2024
View reviewed changes
Copy link
Member

@moCello moCello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM,
just the comment on the export!

src/lib.rs Show resolved Hide resolved
@xevisalle xevisalle merged commit 529035e into master Apr 5, 2024
5 checks passed
@xevisalle xevisalle deleted the poseidon_to_blake branch April 5, 2024 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moCello moCello moCello approved these changes

@ureeves ureeves Awaiting requested review from ureeves

@herr-seppia herr-seppia Awaiting requested review from herr-seppia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use Blake for Stealth Addresses
2 participants
@xevisalle @moCello