def _create_zeth_notes(
phi: bytes, hsig: bytes, output0: Tuple[OwnershipPublicKey, int],
output1: Tuple[OwnershipPublicKey, int]) -> Tuple[ZethNote, ZethNote]:
"""
Create two ordered ZethNotes. Used to generate new output
notes to be passed to the prover server.
"""
(recipient0, value0) = output0
(recipient1, value1) = output1
rho0 = _compute_rho_i(phi, hsig, 0)
trap_r0 = _trap_r_randomness()
note0 = ZethNote(apk=ownership_key_as_hex(recipient0),
value=int64_to_hex(value0),
rho=rho0.hex(),
trap_r=trap_r0)
rho1 = _compute_rho_i(phi, hsig, 1)
trap_r1 = _trap_r_randomness()
note1 = ZethNote(apk=ownership_key_as_hex(recipient1),
value=int64_to_hex(value1),
rho=rho1.hex(),
trap_r=trap_r1)
return note0, note1
def create_prover_inputs(
mix_call_desc: MixCallDescription
) -> Tuple[api.ProofInputs, signing.SigningKeyPair]:
"""
Given the basic parameters for a mix call, compute the input to the prover
server, and the signing key pair.
"""
# Compute Merkle paths
mk_tree = mix_call_desc.mk_tree
sender_ask = mix_call_desc.sender_ownership_keypair.a_sk
def _create_api_input(input_address: int,
input_note: api.ZethNote) -> api.JoinsplitInput:
mk_path = compute_merkle_path(input_address, mk_tree)
input_nullifier = compute_nullifier(input_note, sender_ask)
return create_api_joinsplit_input(mk_path, input_address,
input_note, sender_ask,
input_nullifier)
inputs = mix_call_desc.inputs
api_inputs = [_create_api_input(addr, note) for addr, note in inputs]
mk_root = mk_tree.get_root()
# Extract (<ownership-address>, <value>) tuples
outputs_with_a_pk = \
[(zeth_addr.a_pk, to_zeth_units(value))
for (zeth_addr, value) in mix_call_desc.outputs]
# Public input and output values as Zeth units
public_in_value_zeth_units = to_zeth_units(mix_call_desc.v_in)
public_out_value_zeth_units = to_zeth_units(mix_call_desc.v_out)
# Generate the signing key
signing_keypair = signing.gen_signing_keypair()
# Use the specified or default h_sig computation
compute_h_sig_cb = mix_call_desc.compute_h_sig_cb or compute_h_sig
h_sig = compute_h_sig_cb(
[bytes.fromhex(input.nullifier) for input in api_inputs],
signing_keypair.vk)
phi = _phi_randomness()
# Create the api.ZethNote objects
api_outputs = _create_api_zeth_notes(phi, h_sig, outputs_with_a_pk)
proof_inputs = api.ProofInputs(
mk_root=mk_root.hex(),
js_inputs=api_inputs,
js_outputs=api_outputs,
pub_in_value=int64_to_hex(public_in_value_zeth_units),
pub_out_value=int64_to_hex(public_out_value_zeth_units),
h_sig=h_sig.hex(),
phi=phi.hex())
return (proof_inputs, signing_keypair)
def _create_api_zeth_note(out_index: int, recipient: OwnershipPublicKey,
value: int) -> api.ZethNote:
rho = _compute_rho_i(phi, hsig, out_index)
trap_r = _trap_r_randomness()
return api.ZethNote(apk=ownership_key_as_hex(recipient),
value=int64_to_hex(value),
rho=rho.hex(),
trap_r=trap_r)
def compute_joinsplit2x2_inputs(
mk_root: bytes,
input0: Tuple[int, ZethNote],
mk_path0: List[str],
input1: Tuple[int, ZethNote],
mk_path1: List[str],
sender_ask: OwnershipSecretKey,
output0: Tuple[OwnershipPublicKey, int],
output1: Tuple[OwnershipPublicKey, int],
public_in_value_zeth_units: int,
public_out_value_zeth_units: int,
sign_vk: JoinsplitSigVerificationKey,
compute_h_sig_cb: Optional[ComputeHSigCB] = None) -> ProofInputs:
"""
Create a ProofInput object for joinsplit parameters
"""
(input_address0, input_note0) = input0
(input_address1, input_note1) = input1
input_nullifier0 = compute_nullifier(input_note0, sender_ask)
input_nullifier1 = compute_nullifier(input_note1, sender_ask)
js_inputs: List[JoinsplitInput] = [
create_joinsplit_input(mk_path0, input_address0, input_note0,
sender_ask, input_nullifier0),
create_joinsplit_input(mk_path1, input_address1, input_note1,
sender_ask, input_nullifier1)
]
# Use the specified or default h_sig computation
compute_h_sig_cb = compute_h_sig_cb or compute_h_sig
h_sig = compute_h_sig_cb(input_nullifier0, input_nullifier1, sign_vk)
phi = _phi_randomness()
output_note0, output_note1 = create_zeth_notes(phi, h_sig, output0,
output1)
js_outputs = [output_note0, output_note1]
return ProofInputs(mk_root=mk_root.hex(),
js_inputs=js_inputs,
js_outputs=js_outputs,
pub_in_value=int64_to_hex(public_in_value_zeth_units),
pub_out_value=int64_to_hex(public_out_value_zeth_units),
h_sig=h_sig.hex(),
phi=phi)
def create_prover_inputs(
mix_call_desc: MixCallDescription
) -> Tuple[ProofInputs, signing.SigningKeyPair]:
"""
Given the basic parameters for a mix call, compute the input to the prover
server, and the signing key pair.
"""
# Compute Merkle paths
mk_tree = mix_call_desc.mk_tree
mk_root = mk_tree.get_root()
inputs = mix_call_desc.inputs
mk_paths = [compute_merkle_path(addr, mk_tree) for addr, _ in inputs]
# Extract (<ownership-address>, <value>) tuples
outputs_with_a_pk = \
[(zeth_addr.a_pk, to_zeth_units(value))
for (zeth_addr, value) in mix_call_desc.outputs]
output0 = outputs_with_a_pk[0]
output1 = outputs_with_a_pk[1]
# Public input and output values as Zeth units
public_in_value_zeth_units = to_zeth_units(mix_call_desc.v_in)
public_out_value_zeth_units = to_zeth_units(mix_call_desc.v_out)
# Generate the signing key
signing_keypair = signing.gen_signing_keypair()
sender_ask = mix_call_desc.sender_ownership_keypair.a_sk
# Compute the input note nullifiers
(input_address0, input_note0) = mix_call_desc.inputs[0]
(input_address1, input_note1) = mix_call_desc.inputs[1]
input_nullifier0 = compute_nullifier(input_note0, sender_ask)
input_nullifier1 = compute_nullifier(input_note1, sender_ask)
# Convert to JoinsplitInput objects
js_inputs: List[JoinsplitInput] = [
create_joinsplit_input(mk_paths[0], input_address0, input_note0,
sender_ask, input_nullifier0),
create_joinsplit_input(mk_paths[1], input_address1, input_note1,
sender_ask, input_nullifier1)
]
# Use the specified or default h_sig computation
compute_h_sig_cb = mix_call_desc.compute_h_sig_cb or compute_h_sig
h_sig = compute_h_sig_cb(input_nullifier0, input_nullifier1,
signing_keypair.vk)
phi = _phi_randomness()
# Joinsplit Output Notes
output_note0, output_note1 = _create_zeth_notes(
phi, h_sig, output0, output1)
js_outputs = [output_note0, output_note1]
proof_inputs = ProofInputs(
mk_root=mk_root.hex(),
js_inputs=js_inputs,
js_outputs=js_outputs,
pub_in_value=int64_to_hex(public_in_value_zeth_units),
pub_out_value=int64_to_hex(public_out_value_zeth_units),
h_sig=h_sig.hex(),
phi=phi.hex())
return (proof_inputs, signing_keypair)