Address comments from code review.

zcash · Mar 10, 2024 · 1f164b3 · 1f164b3
1 parent 562896f
commit 1f164b3
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 20 deletions.
diff --git a/src/builder.rs b/src/builder.rs
@@ -9,7 +9,6 @@ use nonempty::NonEmpty;
 use pasta_curves::pallas;
 use rand::{prelude::SliceRandom, CryptoRng, RngCore};
 
-use crate::note::Rho;
 use crate::{
     action::Action,
     address::Address,
@@ -19,7 +18,7 @@ use crate::{
         FullViewingKey, OutgoingViewingKey, Scope, SpendAuthorizingKey, SpendValidatingKey,
         SpendingKey,
     },
-    note::{Note, TransmittedNoteCiphertext},
+    note::{Note, Rho, TransmittedNoteCiphertext},
     note_encryption::OrchardNoteEncryption,
     primitives::redpallas::{self, Binding, SpendAuth},
     tree::{Anchor, MerklePath},
@@ -335,8 +334,8 @@ impl ActionInfo {
         let v_net = self.value_sum();
         let cv_net = ValueCommitment::derive(v_net, self.rcv.clone());
 
-        let nf_revealed = self.spend.note.nullifier(&self.spend.fvk);
-        let rho = Rho::from_paired_spend_revealed_nf(nf_revealed);
+        let nf_old = self.spend.note.nullifier(&self.spend.fvk);
+        let rho = Rho::from_paired_spend_revealed_nf(nf_old);
         let ak: SpendValidatingKey = self.spend.fvk.clone().into();
         let alpha = pallas::Scalar::random(&mut rng);
         let rk = ak.randomize(&alpha);
@@ -355,7 +354,7 @@ impl ActionInfo {
 
         (
             Action::from_parts(
-                nf_revealed,
+                nf_old,
                 rk,
                 cmx,
                 encrypted_note,

diff --git a/src/circuit.rs b/src/circuit.rs
@@ -406,7 +406,7 @@ impl plonk::Circuit<pallas::Base> for Circuit {
             let rho_old = assign_free_advice(
                 layouter.namespace(|| "witness rho_old"),
                 config.advices[0],
-                self.rho_old.map(|rho| rho.0),
+                self.rho_old.map(|rho| rho.into_inner()),
             )?;
 
             // Witness cm_old

diff --git a/src/note.rs b/src/note.rs
@@ -10,9 +10,10 @@ use subtle::CtOption;
 
 use crate::{
     keys::{EphemeralSecretKey, FullViewingKey, Scope, SpendingKey},
+    note_encryption::CompactAction,
     spec::{to_base, to_scalar, NonZeroPallasScalar, PrfExpand},
     value::NoteValue,
-    Address,
+    Action, Address,
 };
 
 pub(crate) mod commitment;
@@ -21,28 +22,34 @@ pub use self::commitment::{ExtractedNoteCommitment, NoteCommitment};
 pub(crate) mod nullifier;
 pub use self::nullifier::Nullifier;
 
-// We know that `pallas::Base` doesn't allocate internally.
-memuse::impl_no_dynamic_usage!(Rho);
-
 /// The randomness used to construct a note.
 ///
 /// The [`Rho`] value for a note should always be constructed from the revealed nullifier of the
 /// paired spend in the process of creating an [`Action`].
-///
-/// [`Action`]: crate::action::Action
 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
-pub struct Rho(pub(crate) pallas::Base);
+pub struct Rho(pallas::Base);
+
+// We know that `pallas::Base` doesn't allocate internally.
+memuse::impl_no_dynamic_usage!(Rho);
 
 impl Rho {
-    /// Constructs the [`Rho`] value to be used to construct a new note from the revealed nullifier
-    /// of the note being spent in the [`Action`] under construction.
-    ///
-    /// [`Action`]: crate::action::Action
-    pub fn from_paired_spend_revealed_nf(nf: Nullifier) -> Self {
-        Rho(nf.0)
+    /// Obtains the [`Rho`] value that was used to construct the output note of
+    /// the provided [`Action`].
+    pub fn for_action<T>(act: &Action<T>) -> Self {
+        Self::from_paired_spend_revealed_nf(*act.nullifier())
+    }
+
+    /// Obtains the [`Rho`] value that was used to construct the output note of
+    /// the provided [`CompactAction`].
+    pub fn for_compact_action(act: &CompactAction) -> Self {
+        Self::from_paired_spend_revealed_nf(act.nullifier())
     }
 
     /// Deserialize the rho value from a byte array.
+    ///
+    /// This should only be used in cases where the components of a `Note` are being stored
+    /// individually; when parsing an [`Action`] or [`CompactAction`] [`Nullifier::from_bytes`]
+    /// must be used.
     pub fn from_bytes(bytes: &[u8; 32]) -> CtOption<Self> {
         pallas::Base::from_repr(*bytes).map(Rho)
     }
@@ -51,6 +58,16 @@ impl Rho {
     pub fn to_bytes(self) -> [u8; 32] {
         self.0.to_repr()
     }
+
+    /// Constructs the [`Rho`] value to be used to construct a new note from the revealed nullifier
+    /// of the note being spent in the [`Action`] under construction.
+    pub(crate) fn from_paired_spend_revealed_nf(nf: Nullifier) -> Self {
+        Rho(nf.0)
+    }
+
+    pub(crate) fn into_inner(self) -> pallas::Base {
+        self.0
+    }
 }
 
 /// The ZIP 212 seed randomness for a note.

diff --git a/src/note_encryption.rs b/src/note_encryption.rs
@@ -100,11 +100,16 @@ impl OrchardDomain {
         Self::for_nullifier(*act.nullifier())
     }
 
+    /// Constructs a domain that can be used to trial-decrypt this action's output note.
+    pub fn for_compact_action(act: &CompactAction) -> Self {
+        Self::for_nullifier(act.nullifier())
+    }
+
     /// Constructs a domain from a nullifier.
     ///
     /// The provided nullifier must be the nullifier revealed in the action of the note being
     /// encrypted or decrypted.
-    pub fn for_nullifier(nullifier: Nullifier) -> Self {
+    fn for_nullifier(nullifier: Nullifier) -> Self {
         OrchardDomain {
             rho: Rho::from_paired_spend_revealed_nf(nullifier),
         }