def main(): args = render_args() test_vectors = [] for i in range(0, 10): sk = SpendingKey(bytes([i] * 32)) note_v = (2548793025584392057432895043257984320 * i) % 2**64 note_r = Fr(8890123457840276890326754358439057438290574382905).exp(i + 1) note_cm = note_commit(note_r, leos2bsp(bytes(diversify_hash(sk.default_d()))), leos2bsp(bytes(sk.default_pkd())), note_v) note_pos = (980705743285409327583205473820957432 * i) % 2**MERKLE_DEPTH note_nf = note_nullifier(sk.nk(), note_cm, Fr(note_pos)) test_vectors.append({ 'sk': sk.data, 'ask': bytes(sk.ask()), 'nsk': bytes(sk.nsk()), 'ovk': sk.ovk(), 'ak': bytes(sk.ak()), 'nk': bytes(sk.nk()), 'ivk': bytes(sk.ivk()), 'default_d': sk.default_d(), 'default_pk_d': bytes(sk.default_pkd()), 'note_v': note_v, 'note_r': bytes(note_r), 'note_cmu': bytes(note_cm.u), 'note_pos': note_pos, 'note_nf': note_nf, }) render_tv( args, 'sapling_key_components', ( ('sk', '[u8; 32]'), ('ask', '[u8; 32]'), ('nsk', '[u8; 32]'), ('ovk', '[u8; 32]'), ('ak', '[u8; 32]'), ('nk', '[u8; 32]'), ('ivk', '[u8; 32]'), ('default_d', '[u8; 11]'), ('default_pk_d', '[u8; 32]'), ('note_v', 'u64'), ('note_r', '[u8; 32]'), ('note_cmu', '[u8; 32]'), ('note_pos', 'u64'), ('note_nf', '[u8; 32]'), ), test_vectors, )
def main(): print(''' struct TestVector { sk: [u8; 32], ask: [u8; 32], nsk: [u8; 32], ovk: [u8; 32], ak: [u8; 32], nk: [u8; 32], ivk: [u8; 32], default_d: [u8; 11], default_pk_d: [u8; 32], note_v: u64, note_r: [u8; 32], note_cm: [u8; 32], note_pos: u64, note_nf: [u8; 32], }; // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_key_components.py let test_vectors = vec![''') for i in range(0, 10): sk = SpendingKey(bytes([i] * 32)) note_v = (2548793025584392057432895043257984320 * i) % 2**64 note_r = Fr(8890123457840276890326754358439057438290574382905).exp(i + 1) note_cm = note_commit( note_r, leos2bsp(bytes(group_hash(b'Zcash_gd', sk.default_d()))), leos2bsp(bytes(sk.default_pkd())), note_v) note_pos = (980705743285409327583205473820957432 * i) % 2**MERKLE_DEPTH note_nf = note_nullifier(sk.nk(), note_cm, Fr(note_pos)) print(''' TestVector { sk: [ %s ], ask: [ %s ], nsk: [ %s ], ovk: [ %s ], ak: [ %s ], nk: [ %s ], ivk: [ %s ], default_d: [ %s ], default_pk_d: [ %s ], note_v: %s, note_r: [ %s ], note_cm: [ %s ], note_pos: %s, note_nf: [ %s ], },''' % ( chunk(hexlify(sk.data)), chunk(hexlify(bytes(sk.ask()))), chunk(hexlify(bytes(sk.nsk()))), chunk(hexlify(sk.ovk())), chunk(hexlify(bytes(sk.ak()))), chunk(hexlify(bytes(sk.nk()))), chunk(hexlify(bytes(sk.ivk()))), chunk(hexlify(sk.default_d())), chunk(hexlify(bytes(sk.default_pkd()))), note_v, chunk(hexlify(bytes(note_r))), chunk(hexlify(bytes(note_cm.u))), note_pos, chunk(hexlify(note_nf)), )) print(' ];')
#!/usr/bin/env python3 from binascii import unhexlify from sapling_pedersen import pedersen_hash from sapling_utils import i2lebsp, leos2bsp MERKLE_DEPTH = 32 def merkle_crh(layer, left, right): assert layer < MERKLE_DEPTH assert len(left) == 255 assert len(right) == 255 l = i2lebsp(6, MERKLE_DEPTH - 1 - layer) return pedersen_hash(b'Zcash_PH', l + left + right) a = unhexlify('87a086ae7d2252d58729b30263fb7b66308bf94ef59a76c9c86e7ea016536505')[::-1] b = unhexlify('a75b84a125b2353da7e8d96ee2a15efe4de23df9601b9d9564ba59de57130406')[::-1] c = unhexlify('5bf43b5736c19b714d1f462c9d22ba3492c36e3d9bbd7ca24d94b440550aa561')[::-1] a = leos2bsp(a)[:255] b = leos2bsp(b)[:255] c = leos2bsp(c)[:255] assert merkle_crh(MERKLE_DEPTH - 1 - 25, a, b) == c assert merkle_crh(MERKLE_DEPTH - 1 - 26, a, b) != c
def main(): args = render_args() from random import Random rng = Random(0xabad533d) def randbytes(l): ret = [] while len(ret) < l: ret.append(rng.randrange(0, 256)) return bytes(ret) ne = SaplingNoteEncryption(randbytes) test_vectors = [] for i in range(0, 10): sk = SpendingKey(bytes([i] * 32)) pk_d = sk.default_pkd() g_d = diversify_hash(sk.default_d()) np = SaplingNotePlaintext( sk.default_d(), 100000000 * (i+1), Fr(8890123457840276890326754358439057438290574382905).exp(i+1), b'\xf6' + b'\x00'*511) cv = VALUE_COMMITMENT_VALUE_BASE * Fr(np.v) + VALUE_COMMITMENT_RANDOMNESS_BASE * np.rcm cm = note_commit( np.rcm, leos2bsp(bytes(g_d)), leos2bsp(bytes(pk_d)), np.v) ( esk, epk, shared_secret, k_enc, p_enc, c_enc, ock, op, c_out, ) = ne.encrypt(np, pk_d, g_d, cv, cm, sk.ovk()) test_vectors.append({ 'ovk': sk.ovk(), 'ivk': bytes(sk.ivk()), 'default_d': sk.default_d(), 'default_pk_d': bytes(sk.default_pkd()), 'v': np.v, 'rcm': bytes(np.rcm), 'memo': np.memo, 'cv': bytes(cv), 'cmu': bytes(cm.u), 'esk': bytes(esk), 'epk': bytes(epk), 'shared_secret': bytes(shared_secret), 'k_enc': k_enc, 'p_enc': p_enc, 'c_enc': c_enc, 'ock': ock, 'op': op, 'c_out': c_out, }) render_tv( args, 'sapling_note_encryption', ( ('ovk', '[u8; 32]'), ('ivk', '[u8; 32]'), ('default_d', '[u8; 11]'), ('default_pk_d', '[u8; 32]'), ('v', 'u64'), ('rcm', '[u8; 32]'), ('memo', '[u8; 512]'), ('cv', '[u8; 32]'), ('cmu', '[u8; 32]'), ('esk', '[u8; 32]'), ('epk', '[u8; 32]'), ('shared_secret', '[u8; 32]'), ('k_enc', '[u8; 32]'), ('p_enc', '[u8; 564]'), ('c_enc', '[u8; 580]'), ('ock', '[u8; 32]'), ('op', '[u8; 64]'), ('c_out', '[u8; 80]'), ), test_vectors, )