Update random nullifier for split notes by ConstanceBeguier · Pull Request #76 · QED-it/orchard

ConstanceBeguier · 2023-06-20T15:23:12Z

To be secure against roadblock attacks, we update the process to obtain a random nullifier for split notes.
Now we have the following formula to evaluate nf_old

for non split_notes, nf_old = Extract_P([PRF^{nfOrchard}_{nk}(rho_old) + psi_nf) mod q_P] NullifierK + cm_old)
for split notes, nf_old = Extract_P([PRF^{nfOrchard}_{nk}(rho_old) + psi_nf) mod q_P] NullifierK + cm_old + NullifierL)
where psi_nf is equal to
psi_old for non split notes
a random pallas Base element for split notes

The following constraints have been updated into the circuit

nf_old = nf_old_pub for all notes
derived_pk_d_old = pk_d_old for all notes
if split_flag=0, then psi_old = psi_new

…ircuit

…ng a split note

PaulLaux

Added minor comment.

Also, please remove comment on line 144 for bundle.rs

Cargo.toml

src/builder.rs

src/note.rs

ConstanceBeguier force-pushed the split_note_old_nf branch from 1b83a60 to b465485 Compare June 20, 2023 18:37

ConstanceBeguier added 4 commits June 22, 2023 09:55

Add rseed_split_note into Note struct

c5cc881

Update split_note creation

f8d6aa1

Update nullifier method

a73a5cf

Update create_split_spend

cd4975d

ConstanceBeguier force-pushed the split_note_old_nf branch from b465485 to cd4975d Compare June 22, 2023 07:55

ConstanceBeguier added 10 commits June 22, 2023 10:17

Renaming

6e5a371

Add psi_nf into Circuit

09c2f94

Evaluate nf_old with psi_nf instead of psi_old

18d16a0

Constraint nf_old=nf_old_pub for all notes

b365b4b

Constraint derived_pk_d_old=pk_d_old for all notes

ca014c3

Remove 'add l' from plain nullifier to be able to check the current c…

b0e234e

…ircuit

Fix orchard_circuit_negative_test to not use a random fvk when creati…

3d3d811

…ng a split note

Revert plain nullifier to have +l

ac2f04e

Circuit: add NullifierL to nf_old for split note

446bcf9

Add constraint split_flag=0 => psi_old=psi_nf

13cbf6e

ConstanceBeguier requested a review from PaulLaux June 22, 2023 15:01

Renaming and comments

c2c8eb1

PaulLaux approved these changes Jun 23, 2023

View reviewed changes

Cargo.toml Outdated Show resolved Hide resolved

Cargo.toml Outdated Show resolved Hide resolved

src/builder.rs Outdated Show resolved Hide resolved

src/note.rs Show resolved Hide resolved

ConstanceBeguier added 2 commits June 23, 2023 10:32

Use zsa1 branch of halo2

e388f0c

Replace is_split_note by create_split_note

6ea8307

PaulLaux merged commit 477f949 into zsa1 Jun 23, 2023

PaulLaux mentioned this pull request May 14, 2025

enable webassembly support #164

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update random nullifier for split notes#76

Update random nullifier for split notes#76
PaulLaux merged 17 commits intozsa1from
split_note_old_nf

ConstanceBeguier commented Jun 20, 2023 •

edited

Loading

Uh oh!

PaulLaux left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ConstanceBeguier commented Jun 20, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

PaulLaux left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ConstanceBeguier commented Jun 20, 2023 •

edited

Loading