Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check jubjub key correctness independent of redjubjub / jubjub #3154

Merged
merged 24 commits into from
Dec 22, 2021
Merged

Check jubjub key correctness independent of redjubjub / jubjub #3154

merged 24 commits into from
Dec 22, 2021

Conversation

dconnolly
Copy link
Contributor

@dconnolly dconnolly commented Dec 3, 2021
edited by conradoplg
Loading

Motivation

In the spec there are a bunch of small-order, identity or prime-order checks. Some of those were being validated in redjubjub crate but that was not appropriate since it's a Zcash-specific rule. See #2549

Additionally, some checks were missing.

Specifications

Designs

Solution

  • Sapling Spend and Output cv (value commitments): add new type to specify a not-small-order value commitment and use those in the Spend and Output structs
  • Sapling rk validating key: create type for it, enforce not small order
  • Sapling epk (EphemeralPublicKey): enforce not small order
  • Sapling pkd (TransmisisonKey): enforce prime-order
  • Sapling ak: enforce prime order (not a consensus rule, used by wallets)
  • Orchard Action epk: enforce not identity

Orchard Action cv and rk can be the identity, so no change was needed.

Closes #2549

Review

Reviewer Checklist

  • Code implements Specs and Designs
  • Tests for Expected Behaviour
  • Tests for Errors

Follow Up Work

@dconnolly dconnolly changed the title Check jubjub key correctness Check jubjub key correctness independent of redjubjub / jubjub Dec 3, 2021
@dconnolly dconnolly force-pushed the check-jubjub-key-correctness branch from 04203f8 to ab38d70 Compare December 4, 2021 17:33
@teor2345 teor2345 mentioned this pull request Dec 8, 2021
Closed
@dconnolly dconnolly assigned conradoplg and unassigned dconnolly Dec 13, 2021
conradoplg
conradoplg reviewed Dec 17, 2021
View reviewed changes
Copy link
Collaborator

@conradoplg conradoplg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is done, so I'm moving out of draft, but I want to review it myself to make sure I didn't forget anything.

zebra-chain/src/sapling/keys.rs Outdated Show resolved Hide resolved
@conradoplg conradoplg marked this pull request as ready for review December 17, 2021 21:31
@conradoplg conradoplg force-pushed the check-jubjub-key-correctness branch from 0cd7c8a to b8760ce Compare December 20, 2021 17:38
conradoplg
conradoplg reviewed Dec 20, 2021
View reviewed changes
Copy link
Collaborator

@conradoplg conradoplg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fixed the issue which was caused by some ValueCommitments being the identity point in the middle of computations (e.g. binding_verification_key()) which caused a panic. The non-small order rule only applies to the ValueCommitments that are inside Spends and Outputs. So I created a NotSmallOrderValueCommiment for those. (Feel free to suggest a better name 😛 )

@dconnolly could you please take a look on these recent changes? b8760ce and 0531b5f

@conradoplg conradoplg marked this pull request as ready for review December 20, 2021 18:20
dconnolly
dconnolly commented Dec 22, 2021
View reviewed changes
Copy link
Contributor Author

@dconnolly dconnolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I can't approve a PR I opened, so @conradoplg I think can approve this 😁

@dconnolly dconnolly enabled auto-merge (squash) December 22, 2021 00:00
@codecov
Copy link

codecov bot commented Dec 22, 2021
edited
Loading

Codecov Report

Merging #3154 (df59366) into main (3611250) will increase coverage by 0.68%.
The diff coverage is 93.75%.

❗ Current head df59366 differs from pull request most recent head fbad308. Consider uploading reports for the commit fbad308 to get more accurate results

@@            Coverage Diff             @@
##             main    #3154      +/-   ##
==========================================
+ Coverage   77.03%   77.71%   +0.68%     
==========================================
  Files         265      264       -1     
  Lines       31267    31060     -207     
==========================================
+ Hits        24086    24139      +53     
+ Misses       7181     6921     -260

conradoplg
conradoplg approved these changes Dec 22, 2021
View reviewed changes
Copy link
Collaborator

@conradoplg conradoplg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving as requested

zebra-chain/src/sapling/keys.rs Show resolved Hide resolved
zebra-chain/src/sapling/keys.rs Show resolved Hide resolved
@dconnolly dconnolly merged commit 9734ea1 into main Dec 22, 2021
@dconnolly dconnolly deleted the check-jubjub-key-correctness branch December 22, 2021 15:10
@dconnolly dconnolly mentioned this pull request Jan 12, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conradoplg conradoplg conradoplg approved these changes

Assignees

@conradoplg conradoplg

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@dconnolly @conradoplg @teor2345 @mpguerra