def verify(self, vk, M, sig): mid = cldiv(self.l_G, 8) (Rbar, Sbar) = (sig[:mid], sig[mid:]) # TODO: bitlength(r_j) R = Point.from_bytes(Rbar) S = leos2ip(Sbar) c = h_star(Rbar + M) return R and S < r_j and self.P_g * Fr(S) == R + vk * c
def __init__(self, rand): self.cv = find_group_hash(b'TVRandPt', rand.b(32)) self.cmu = Fq(leos2ip(rand.b(32))) self.ephemeralKey = find_group_hash(b'TVRandPt', rand.b(32)) self.encCiphertext = rand.b(ZC_SAPLING_ENCCIPHERTEXT_SIZE) self.outCipherText = rand.b(ZC_SAPLING_OUTCIPHERTEXT_SIZE) self.proof = GrothProof(rand)
def __init__(self, rand): self.cv = find_group_hash(b'TVRandPt', rand.b(32)) self.anchor = Fq(leos2ip(rand.b(32))) self.nullifier = rand.b(32) self.rk = Point.rand(rand) self.proof = GrothProof(rand) self.spendAuthSig = rand.b(64) # Invalid
def from_bytes(buf): return Fq(leos2ip(buf), strict=True)
def crh_ivk(ak, nk): digest = blake2s(person=b'Zcashivk') digest.update(ak) digest.update(nk) ivk = digest.digest() return leos2ip(ivk) % 2**251
def to_scalar(buf): return Fr(leos2ip(buf))
def h_star(B): return Fr(leos2ip(H(B)))
def private(random): return Fr(leos2ip(random(32)))
def from_bytes(buf): return Fq(leos2ip(buf))