Add the ironfish prefix to crates, and use ironfish-jubjub

Author: andiflabs

Cargo.toml

@@ -5,8 +5,8 @@ members = [
     "components/zcash_address",
     "components/zcash_encoding",
     "components/zcash_note_encryption",
-    "zcash_primitives",
-    "zcash_proofs",
+    "ironfish-primitives",
+    "ironfish-proofs",
 ]
 
 [profile.release]

components/zcash_note_encryption/Cargo.toml

@@ -25,8 +25,8 @@ subtle = { version = "2.2.3", default-features = false }
 
 [dev-dependencies]
 ff = { version = "0.12", default-features = false }
-zcash_primitives = { version = "0.7", path = "../../zcash_primitives" }
-jubjub = { git = "https://github.com/iron-fish/jubjub.git", branch = "blstrs" }
+ironfish-primitives = { version = "0.1.0", path = "../../ironfish-primitives" }
+ironfish-jubjub = { version = "0.1.0" }
 
 [features]
 default = ["alloc"]

components/zcash_note_encryption/src/lib.rs

@@ -347,11 +347,11 @@ pub trait ShieldedOutput<D: Domain, const CIPHERTEXT_SIZE: usize> {
 /// ```
 /// extern crate ff;
 /// extern crate rand_core;
-/// extern crate zcash_primitives;
+/// extern crate ironfish_primitives;
 ///
 /// use ff::Field;
 /// use rand_core::OsRng;
-/// use zcash_primitives::{
+/// use ironfish_primitives::{
 ///     keys::{OutgoingViewingKey, prf_expand},
 ///     consensus::{TEST_NETWORK, TestNetwork, NetworkUpgrade, Parameters},
 ///     memo::MemoBytes,
@@ -370,7 +370,7 @@ pub trait ShieldedOutput<D: Domain, const CIPHERTEXT_SIZE: usize> {
 /// let ovk = Some(OutgoingViewingKey([0; 32]));
 ///
 /// let value = 1000;
-/// let rcv = jubjub::Fr::random(&mut rng);
+/// let rcv = ironfish_jubjub::Fr::random(&mut rng);
 /// let cv = ValueCommitment {
 ///     value,
 ///     randomness: rcv.clone(),

ironfish-primitives

@@ -0,0 +1 @@
+zcash_primitives

ironfish-proofs

@@ -0,0 +1 @@
+zcash_proofs

zcash_extensions/Cargo.toml

@@ -14,7 +14,7 @@ zcash_primitives = { version = "0.7", path = "../zcash_primitives", features = [
 
 [dev-dependencies]
 ff = "0.12"
-jubjub = "0.9"
+ironfish-jubjub = { version = "0.1.0", path = "../../jubjub" }
 rand_core = "0.6"
 zcash_address = { version = "0.1", path = "../components/zcash_address" }
 zcash_proofs = { version = "0.7", path = "../zcash_proofs" }

zcash_primitives/Cargo.toml

@@ -1,13 +1,12 @@
 [package]
-name = "zcash_primitives"
+name = "ironfish-primitives"
 description = "Rust implementations of the Zcash primitives"
-version = "0.7.0"
+version = "0.1.0"
 authors = [
     "Jack Grigg <[email protected]>",
     "Kris Nuttycombe <[email protected]>"
 ]
-homepage = "https://github.com/zcash/librustzcash"
-repository = "https://github.com/zcash/librustzcash"
+repository = "https://github.com/iron-fish/librustzcash"
 readme = "README.md"
 license = "MIT OR Apache-2.0"
 edition = "2018"
@@ -33,7 +32,7 @@ group = "0.12"
 hdwallet = { version = "0.3.1", optional = true }
 hex = "0.4"
 incrementalmerkletree = "0.3"
-jubjub = { git = "https://github.com/iron-fish/jubjub.git", branch = "blstrs" }
+ironfish-jubjub = { version = "0.1.0" }
 lazy_static = "1"
 memuse = "0.2"
 nonempty = "0.7"

zcash_primitives/src/constants.rs

@@ -2,7 +2,7 @@
 
 use ff::PrimeField;
 use group::Group;
-use jubjub::SubgroupPoint;
+use ironfish_jubjub::SubgroupPoint;
 use lazy_static::lazy_static;
 
 pub mod mainnet;
@@ -255,7 +255,7 @@ fn generate_pedersen_hash_exp_table() -> Vec<Vec<Vec<SubgroupPoint>>> {
             let mut tables = vec![];
 
             let mut num_bits = 0;
-            while num_bits <= jubjub::Fr::NUM_BITS {
+            while num_bits <= ironfish_jubjub::Fr::NUM_BITS {
                 let mut table = Vec::with_capacity(1 << window);
                 let mut base = SubgroupPoint::identity();
 
@@ -279,7 +279,7 @@ fn generate_pedersen_hash_exp_table() -> Vec<Vec<Vec<SubgroupPoint>>> {
 
 #[cfg(test)]
 mod tests {
-    use jubjub::SubgroupPoint;
+    use ironfish_jubjub::SubgroupPoint;
 
     use super::*;
     use crate::sapling::group_hash::group_hash;
@@ -391,7 +391,7 @@ mod tests {
     /// Check for simple relations between the generators, that make finding collisions easy;
     /// far worse than spec inconsistencies!
     fn check_consistency_of_pedersen_hash_generators(
-        pedersen_hash_generators: &[jubjub::SubgroupPoint],
+        pedersen_hash_generators: &[ironfish_jubjub::SubgroupPoint],
     ) {
         for (i, p1) in pedersen_hash_generators.iter().enumerate() {
             if p1.is_identity().into() {

zcash_primitives/src/merkle_tree.rs

@@ -315,7 +315,7 @@ impl<Node: Hashable> CommitmentTree<Node> {
 /// ```
 /// use ff::{Field, PrimeField};
 /// use rand_core::OsRng;
-/// use zcash_primitives::{
+/// use ironfish_primitives::{
 ///     merkle_tree::{CommitmentTree, IncrementalWitness},
 ///     sapling::Node,
 /// };

zcash_primitives/src/sapling.rs

@@ -55,7 +55,7 @@ pub fn merkle_hash(depth: usize, lhs: &[u8; 32], rhs: &[u8; 32]) -> [u8; 32] {
         tmp
     };
 
-    jubjub::ExtendedPoint::from(pedersen_hash(
+    ironfish_jubjub::ExtendedPoint::from(pedersen_hash(
         Personalization::MerkleTree(depth),
         lhs.iter()
             .copied()
@@ -134,7 +134,7 @@ lazy_static! {
 /// Create the spendAuthSig for a Sapling SpendDescription.
 pub fn spend_sig<R: RngCore + CryptoRng>(
     ask: PrivateKey,
-    ar: jubjub::Fr,
+    ar: ironfish_jubjub::Fr,
     sighash: &[u8; 32],
     rng: &mut R,
 ) -> Signature {
@@ -143,7 +143,7 @@ pub fn spend_sig<R: RngCore + CryptoRng>(
 
 pub(crate) fn spend_sig_internal<R: RngCore>(
     ask: PrivateKey,
-    ar: jubjub::Fr,
+    ar: ironfish_jubjub::Fr,
     sighash: &[u8; 32],
     rng: &mut R,
 ) -> Signature {
@@ -165,20 +165,20 @@ pub(crate) fn spend_sig_internal<R: RngCore>(
 #[derive(Clone)]
 pub struct ValueCommitment {
     pub value: u64,
-    pub randomness: jubjub::Fr,
+    pub randomness: ironfish_jubjub::Fr,
 }
 
 impl ValueCommitment {
-    pub fn commitment(&self) -> jubjub::SubgroupPoint {
-        (*constants::VALUE_COMMITMENT_VALUE_GENERATOR * jubjub::Fr::from(self.value))
+    pub fn commitment(&self) -> ironfish_jubjub::SubgroupPoint {
+        (*constants::VALUE_COMMITMENT_VALUE_GENERATOR * ironfish_jubjub::Fr::from(self.value))
             + (*constants::VALUE_COMMITMENT_RANDOMNESS_GENERATOR * self.randomness)
     }
 }
 
 #[derive(Clone)]
 pub struct ProofGenerationKey {
-    pub ak: jubjub::SubgroupPoint,
-    pub nsk: jubjub::Fr,
+    pub ak: ironfish_jubjub::SubgroupPoint,
+    pub nsk: ironfish_jubjub::Fr,
 }
 
 impl ProofGenerationKey {
@@ -192,12 +192,12 @@ impl ProofGenerationKey {
 
 #[derive(Debug, Clone)]
 pub struct ViewingKey {
-    pub ak: jubjub::SubgroupPoint,
-    pub nk: jubjub::SubgroupPoint,
+    pub ak: ironfish_jubjub::SubgroupPoint,
+    pub nk: ironfish_jubjub::SubgroupPoint,
 }
 
 impl ViewingKey {
-    pub fn rk(&self, ar: jubjub::Fr) -> jubjub::SubgroupPoint {
+    pub fn rk(&self, ar: ironfish_jubjub::Fr) -> ironfish_jubjub::SubgroupPoint {
         self.ak + *constants::SPENDING_KEY_GENERATOR * ar
     }
 
@@ -217,7 +217,7 @@ impl ViewingKey {
         // Drop the most significant five bits, so it can be interpreted as a scalar.
         h[31] &= 0b0000_0111;
 
-        SaplingIvk(jubjub::Fr::from_repr(h).unwrap())
+        SaplingIvk(ironfish_jubjub::Fr::from_repr(h).unwrap())
     }
 
     pub fn to_payment_address(&self, diversifier: Diversifier) -> Option<PaymentAddress> {
@@ -226,7 +226,7 @@ impl ViewingKey {
 }
 
 #[derive(Debug, Clone)]
-pub struct SaplingIvk(pub jubjub::Fr);
+pub struct SaplingIvk(pub ironfish_jubjub::Fr);
 
 impl SaplingIvk {
     pub fn to_payment_address(&self, diversifier: Diversifier) -> Option<PaymentAddress> {
@@ -246,7 +246,7 @@ impl SaplingIvk {
 pub struct Diversifier(pub [u8; 11]);
 
 impl Diversifier {
-    pub fn g_d(&self) -> Option<jubjub::SubgroupPoint> {
+    pub fn g_d(&self) -> Option<ironfish_jubjub::SubgroupPoint> {
         group_hash(&self.0, constants::KEY_DIVERSIFICATION_PERSONALIZATION)
     }
 }
@@ -259,7 +259,7 @@ impl Diversifier {
 /// and not the identity).
 #[derive(Clone, Debug)]
 pub struct PaymentAddress {
-    pk_d: jubjub::SubgroupPoint,
+    pk_d: ironfish_jubjub::SubgroupPoint,
     diversifier: Diversifier,
 }
 
@@ -273,7 +273,7 @@ impl PaymentAddress {
     /// Constructs a PaymentAddress from a diversifier and a Jubjub point.
     ///
     /// Returns None if `pk_d` is the identity.
-    pub fn from_parts(diversifier: Diversifier, pk_d: jubjub::SubgroupPoint) -> Option<Self> {
+    pub fn from_parts(diversifier: Diversifier, pk_d: ironfish_jubjub::SubgroupPoint) -> Option<Self> {
         if pk_d.is_identity().into() {
             None
         } else {
@@ -287,7 +287,7 @@ impl PaymentAddress {
     #[cfg(test)]
     pub(crate) fn from_parts_unchecked(
         diversifier: Diversifier,
-        pk_d: jubjub::SubgroupPoint,
+        pk_d: ironfish_jubjub::SubgroupPoint,
     ) -> Self {
         PaymentAddress { pk_d, diversifier }
     }
@@ -302,7 +302,7 @@ impl PaymentAddress {
         // Check that the diversifier is valid
         diversifier.g_d()?;
 
-        let pk_d = jubjub::SubgroupPoint::from_bytes(bytes[11..43].try_into().unwrap());
+        let pk_d = ironfish_jubjub::SubgroupPoint::from_bytes(bytes[11..43].try_into().unwrap());
         if pk_d.is_some().into() {
             PaymentAddress::from_parts(diversifier, pk_d.unwrap())
         } else {
@@ -324,11 +324,11 @@ impl PaymentAddress {
     }
 
     /// Returns `pk_d` for this `PaymentAddress`.
-    pub fn pk_d(&self) -> &jubjub::SubgroupPoint {
+    pub fn pk_d(&self) -> &ironfish_jubjub::SubgroupPoint {
         &self.pk_d
     }
 
-    pub fn g_d(&self) -> Option<jubjub::SubgroupPoint> {
+    pub fn g_d(&self) -> Option<ironfish_jubjub::SubgroupPoint> {
         self.diversifier.g_d()
     }
 
@@ -349,7 +349,7 @@ impl PaymentAddress {
 /// both the note commitment trapdoor `rcm` and the ephemeral private key `esk`.
 #[derive(Copy, Clone, Debug)]
 pub enum Rseed {
-    BeforeZip212(jubjub::Fr),
+    BeforeZip212(ironfish_jubjub::Fr),
     AfterZip212([u8; 32]),
 }
 
@@ -404,9 +404,9 @@ pub struct Note {
     /// The value of the note
     pub value: u64,
     /// The diversified base of the address, GH(d)
-    pub g_d: jubjub::SubgroupPoint,
+    pub g_d: ironfish_jubjub::SubgroupPoint,
     /// The public key of the address, g_d^ivk
-    pub pk_d: jubjub::SubgroupPoint,
+    pub pk_d: ironfish_jubjub::SubgroupPoint,
     /// rseed
     pub rseed: Rseed,
 }
@@ -428,7 +428,7 @@ impl Note {
     }
 
     /// Computes the note commitment, returning the full point.
-    fn cm_full_point(&self) -> jubjub::SubgroupPoint {
+    fn cm_full_point(&self) -> ironfish_jubjub::SubgroupPoint {
         // Calculate the note contents, as bytes
         let mut note_contents = vec![];
 
@@ -462,7 +462,7 @@ impl Note {
     pub fn nf(&self, viewing_key: &ViewingKey, position: u64) -> Nullifier {
         // Compute rho = cm + position.G
         let rho = self.cm_full_point()
-            + (*constants::NULLIFIER_POSITION_GENERATOR * jubjub::Fr::from(position));
+            + (*constants::NULLIFIER_POSITION_GENERATOR * ironfish_jubjub::Fr::from(position));
 
         // Compute nf = BLAKE2s(nk | rho)
         Nullifier::from_slice(
@@ -482,36 +482,36 @@ impl Note {
     pub fn cmu(&self) -> blstrs::Scalar {
         // The commitment is in the prime order subgroup, so mapping the
         // commitment to the u-coordinate is an injective encoding.
-        jubjub::ExtendedPoint::from(self.cm_full_point())
+        ironfish_jubjub::ExtendedPoint::from(self.cm_full_point())
             .to_affine()
             .get_u()
     }
 
-    pub fn rcm(&self) -> jubjub::Fr {
+    pub fn rcm(&self) -> ironfish_jubjub::Fr {
         match self.rseed {
             Rseed::BeforeZip212(rcm) => rcm,
             Rseed::AfterZip212(rseed) => {
-                jubjub::Fr::from_bytes_wide(prf_expand(&rseed, &[0x04]).as_array())
+                ironfish_jubjub::Fr::from_bytes_wide(prf_expand(&rseed, &[0x04]).as_array())
             }
         }
     }
 
-    pub fn generate_or_derive_esk<R: RngCore + CryptoRng>(&self, rng: &mut R) -> jubjub::Fr {
+    pub fn generate_or_derive_esk<R: RngCore + CryptoRng>(&self, rng: &mut R) -> ironfish_jubjub::Fr {
         self.generate_or_derive_esk_internal(rng)
     }
 
-    pub(crate) fn generate_or_derive_esk_internal<R: RngCore>(&self, rng: &mut R) -> jubjub::Fr {
+    pub(crate) fn generate_or_derive_esk_internal<R: RngCore>(&self, rng: &mut R) -> ironfish_jubjub::Fr {
         match self.derive_esk() {
-            None => jubjub::Fr::random(rng),
+            None => ironfish_jubjub::Fr::random(rng),
             Some(esk) => esk,
         }
     }
 
     /// Returns the derived `esk` if this note was created after ZIP 212 activated.
-    pub fn derive_esk(&self) -> Option<jubjub::Fr> {
+    pub fn derive_esk(&self) -> Option<ironfish_jubjub::Fr> {
         match self.rseed {
             Rseed::BeforeZip212(_) => None,
-            Rseed::AfterZip212(rseed) => Some(jubjub::Fr::from_bytes_wide(
+            Rseed::AfterZip212(rseed) => Some(ironfish_jubjub::Fr::from_bytes_wide(
                 prf_expand(&rseed, &[0x05]).as_array(),
             )),
         }