Merge pull request #83 from str4d/blake2_simd

Migrate to blake2b_simd and blake2s_simd crates
zkcrypto · Jul 18, 2019 · 9e758dc · 9e758dc
2 parents 5e3409e + 8361674
commit 9e758dc
Show file tree

Hide file tree

Showing 21 changed files with 173 additions and 130 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,6 @@
 language: rust
 rust:
-  - 1.32.0
+  - 1.36.0
 
 cache: cargo
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/librustzcash/Cargo.toml b/librustzcash/Cargo.toml
@@ -15,6 +15,8 @@ crate-type = ["staticlib"]
 
 [dependencies]
 bellman = { path = "../bellman" }
+blake2b_simd = "0.5"
+blake2s_simd = "0.5"
 ff = { path = "../ff" }
 libc = "0.2"
 pairing = { path = "../pairing" }
@@ -24,7 +26,3 @@ rand = "0.4"
 sapling-crypto = { path = "../sapling-crypto" }
 zcash_primitives = { path = "../zcash_primitives" }
 zcash_proofs = { path = "../zcash_proofs" }
-
-[dependencies.blake2-rfc]
-git = "https://github.com/gtank/blake2-rfc"
-rev = "7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"
diff --git a/librustzcash/src/equihash.rs b/librustzcash/src/equihash.rs
@@ -1,4 +1,4 @@
-use blake2_rfc::blake2b::{Blake2b, Blake2bResult};
+use blake2b_simd::{Hash as Blake2bHash, Params as Blake2bParams, State as Blake2bState};
 use byteorder::{BigEndian, LittleEndian, ReadBytesExt, WriteBytesExt};
 use std::io::Cursor;
 use std::mem::size_of;
@@ -33,7 +33,7 @@ impl Params {
 }
 
 impl Node {
-    fn new(p: &Params, state: &Blake2b, i: u32) -> Self {
+    fn new(p: &Params, state: &Blake2bState, i: u32) -> Self {
         let hash = generate_hash(state, i / p.indices_per_hash_output());
         let start = ((i % p.indices_per_hash_output()) * p.n / 8) as usize;
         let end = start + (p.n as usize) / 8;
@@ -99,15 +99,18 @@ impl Node {
     }
 }
 
-fn initialise_state(n: u32, k: u32, digest_len: u8) -> Blake2b {
+fn initialise_state(n: u32, k: u32, digest_len: u8) -> Blake2bState {
     let mut personalization: Vec<u8> = Vec::from("ZcashPoW");
     personalization.write_u32::<LittleEndian>(n).unwrap();
     personalization.write_u32::<LittleEndian>(k).unwrap();
 
-    Blake2b::with_params(digest_len as usize, &[], &[], &personalization)
+    Blake2bParams::new()
+        .hash_length(digest_len as usize)
+        .personal(&personalization)
+        .to_state()
 }
 
-fn generate_hash(base_state: &Blake2b, i: u32) -> Blake2bResult {
+fn generate_hash(base_state: &Blake2bState, i: u32) -> Blake2bHash {
     let mut lei = [0u8; 4];
     (&mut lei[..]).write_u32::<LittleEndian>(i).unwrap();
 
@@ -249,7 +252,7 @@ pub fn is_valid_solution_iterative(
     return rows[0].is_zero(hash_len);
 }
 
-fn tree_validator(p: &Params, state: &Blake2b, indices: &[u32]) -> Option<Node> {
+fn tree_validator(p: &Params, state: &Blake2bState, indices: &[u32]) -> Option<Node> {
     if indices.len() > 1 {
         let end = indices.len();
         let mid = end / 2;

diff --git a/librustzcash/src/rustzcash.rs b/librustzcash/src/rustzcash.rs
@@ -1,5 +1,6 @@
 extern crate bellman;
-extern crate blake2_rfc;
+extern crate blake2b_simd;
+extern crate blake2s_simd;
 extern crate byteorder;
 extern crate ff;
 extern crate libc;
@@ -32,7 +33,7 @@ use bellman::groth16::{
     create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
 };
 
-use blake2_rfc::blake2s::Blake2s;
+use blake2s_simd::Params as Blake2sParams;
 
 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
 
@@ -319,7 +320,10 @@ pub extern "system" fn librustzcash_crh_ivk(
     let ak = unsafe { &*ak };
     let nk = unsafe { &*nk };
 
-    let mut h = Blake2s::with_params(32, &[], &[], CRH_IVK_PERSONALIZATION);
+    let mut h = Blake2sParams::new()
+        .hash_length(32)
+        .personal(CRH_IVK_PERSONALIZATION)
+        .to_state();
     h.update(ak);
     h.update(nk);
     let mut h = h.finalize().as_ref().to_vec();

diff --git a/sapling-crypto/Cargo.toml b/sapling-crypto/Cargo.toml
@@ -14,15 +14,13 @@ features = ["expose-arith"]
 
 [dependencies]
 bellman = { path = "../bellman" }
+blake2b_simd = "0.5"
+blake2s_simd = "0.5"
 ff = { path = "../ff" }
 rand = "0.4"
 digest = "0.7"
 byteorder = "1"
 
-[dependencies.blake2-rfc]
-git = "https://github.com/gtank/blake2-rfc"
-rev = "7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"
-
 [dev-dependencies]
 hex-literal = "0.1"
 rust-crypto = "0.2"
diff --git a/sapling-crypto/src/circuit/blake2s.rs b/sapling-crypto/src/circuit/blake2s.rs
@@ -320,13 +320,13 @@ pub fn blake2s<E: Engine, CS: ConstraintSystem<E>>(
 
 #[cfg(test)]
 mod test {
+    use blake2s_simd::Params as Blake2sParams;
     use rand::{XorShiftRng, SeedableRng, Rng};
     use pairing::bls12_381::{Bls12};
     use ::circuit::boolean::{Boolean, AllocatedBit};
     use ::circuit::test::TestConstraintSystem;
     use super::blake2s;
     use bellman::{ConstraintSystem};
-    use blake2_rfc::blake2s::Blake2s;
 
     #[test]
     fn test_blank_hash() {
@@ -392,7 +392,7 @@ mod test {
 
         for input_len in (0..32).chain((32..256).filter(|a| a % 8 == 0))
         {
-            let mut h = Blake2s::with_params(32, &[], &[], b"12345678");
+            let mut h = Blake2sParams::new().hash_length(32).personal(b"12345678").to_state();
 
             let data: Vec<u8> = (0..input_len).map(|_| rng.gen()).collect();
 

diff --git a/sapling-crypto/src/circuit/test/mod.rs b/sapling-crypto/src/circuit/test/mod.rs
@@ -16,7 +16,7 @@ use byteorder::{BigEndian, ByteOrder};
 use std::cmp::Ordering;
 use std::collections::BTreeMap;
 
-use blake2_rfc::blake2s::Blake2s;
+use blake2s_simd::{Params as Blake2sParams, State as Blake2sState};
 
 #[derive(Debug)]
 enum NamedObject {
@@ -96,7 +96,7 @@ fn proc_lc<E: Engine>(
 
 fn hash_lc<E: Engine>(
     terms: &[(Variable, E::Fr)],
-    h: &mut Blake2s
+    h: &mut Blake2sState
 )
 {
     let map = proc_lc::<E>(terms);
@@ -226,7 +226,7 @@ impl<E: Engine> TestConstraintSystem<E> {
     }
 
     pub fn hash(&self) -> String {
-        let mut h = Blake2s::new(32);
+        let mut h = Blake2sParams::new().hash_length(32).to_state();
         {
             let mut buf = [0u8; 24];
 

diff --git a/sapling-crypto/src/group_hash.rs b/sapling-crypto/src/group_hash.rs
@@ -8,7 +8,7 @@ use ff::{
     PrimeField
 };
 
-use blake2_rfc::blake2s::Blake2s;
+use blake2s_simd::Params;
 use constants;
 
 /// Produces a random point in the Jubjub curve.
@@ -25,13 +25,15 @@ pub fn group_hash<E: JubjubEngine>(
     // Check to see that scalar field is 255 bits
     assert!(E::Fr::NUM_BITS == 255);
 
-    let mut h = Blake2s::with_params(32, &[], &[], personalization);
-    h.update(constants::GH_FIRST_BLOCK);
-    h.update(tag);
-    let h = h.finalize().as_ref().to_vec();
-    assert!(h.len() == 32);
+    let h = Params::new()
+        .hash_length(32)
+        .personal(personalization)
+        .to_state()
+        .update(constants::GH_FIRST_BLOCK)
+        .update(tag)
+        .finalize();
 
-    match edwards::Point::<E, _>::read(&h[..], params) {
+    match edwards::Point::<E, _>::read(h.as_ref(), params) {
         Ok(p) => {
             let p = p.mul_by_cofactor(params);
 

diff --git a/sapling-crypto/src/lib.rs b/sapling-crypto/src/lib.rs
@@ -1,6 +1,7 @@
 extern crate pairing;
 extern crate bellman;
-extern crate blake2_rfc;
+extern crate blake2b_simd;
+extern crate blake2s_simd;
 extern crate digest;
 extern crate ff;
 extern crate rand;

diff --git a/sapling-crypto/src/primitives/mod.rs b/sapling-crypto/src/primitives/mod.rs
@@ -22,7 +22,7 @@ use jubjub::{
     FixedGenerators
 };
 
-use blake2_rfc::blake2s::Blake2s;
+use blake2s_simd::Params as Blake2sParams;
 
 #[derive(Clone)]
 pub struct ValueCommitment<E: JubjubEngine> {
@@ -87,9 +87,12 @@ impl<E: JubjubEngine> ViewingKey<E> {
         self.ak.write(&mut preimage[0..32]).unwrap();
         self.nk.write(&mut preimage[32..64]).unwrap();
 
-        let mut h = Blake2s::with_params(32, &[], &[], constants::CRH_IVK_PERSONALIZATION);
-        h.update(&preimage);
-        let mut h = h.finalize().as_ref().to_vec();
+        let mut h = [0; 32];
+        h.copy_from_slice(Blake2sParams::new()
+            .hash_length(32)
+            .personal(constants::CRH_IVK_PERSONALIZATION)
+            .hash(&preimage)
+            .as_bytes());
 
         // Drop the most significant five bits, so it can be interpreted as a scalar.
         h[31] &= 0b0000_0111;
@@ -255,10 +258,12 @@ impl<E: JubjubEngine> Note<E> {
         let mut nf_preimage = [0u8; 64];
         viewing_key.nk.write(&mut nf_preimage[0..32]).unwrap();
         rho.write(&mut nf_preimage[32..64]).unwrap();
-        let mut h = Blake2s::with_params(32, &[], &[], constants::PRF_NF_PERSONALIZATION);
-        h.update(&nf_preimage);
-
-        h.finalize().as_ref().to_vec()
+        Blake2sParams::new()
+            .hash_length(32)
+            .personal(constants::PRF_NF_PERSONALIZATION)
+            .hash(&nf_preimage)
+            .as_bytes()
+            .to_vec()
     }
 
     /// Computes the note commitment

diff --git a/sapling-crypto/src/util.rs b/sapling-crypto/src/util.rs
@@ -1,9 +1,9 @@
-use blake2_rfc::blake2b::Blake2b;
+use blake2b_simd::Params;
 
 use jubjub::{JubjubEngine, ToUniform};
 
 pub fn hash_to_scalar<E: JubjubEngine>(persona: &[u8], a: &[u8], b: &[u8]) -> E::Fs {
-    let mut hasher = Blake2b::with_params(64, &[], &[], persona);
+    let mut hasher = Params::new().hash_length(64).personal(persona).to_state();
     hasher.update(a);
     hasher.update(b);
     let ret = hasher.finalize();

diff --git a/zcash_primitives/Cargo.toml b/zcash_primitives/Cargo.toml
@@ -7,6 +7,7 @@ authors = [
 
 [dependencies]
 aes = "0.2"
+blake2b_simd = "0.5"
 byteorder = "1"
 crypto_api_chachapoly = "0.1"
 ff = { path = "../ff" }
@@ -17,7 +18,3 @@ pairing = { path = "../pairing" }
 rand = "0.4"
 sapling-crypto = { path = "../sapling-crypto" }
 sha2 = "0.8"
-
-[dependencies.blake2-rfc]
-git = "https://github.com/gtank/blake2-rfc"
-rev = "7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"