search

ZcashFoundation / zebra

Zcash - Financial Privacy in Rust 🦓
https://zfnd.org/zebra/
Apache License 2.0
404 stars 96 forks source link

Fix Redjubjub to support low-order Jubjub points, move small-order exclusion checks to Sapling SpendAuthorizationKey and ValueCommit #2549

Closed dconnolly closed 2 years ago

dconnolly commented 3 years ago

Motivation

There is a bug in redjubjub where it rejects Jubjub small order points and the identity when they should be valid VerificationKeys to conform to the Zcash Spec. While those points are rejected when the VerificationKey is being used as a SpendAuthorizationKey, they should not be rejected to conform to the pure RedJubjub spec in other cases. See https://github.com/ZcashFoundation/redjubjub/issues/127 for more.

If redjubjub changes to strictly conform and resolve https://github.com/ZcashFoundation/redjubjub/issues/127, we need to expliticly make our derived key types and Sapling value commit to check and reject small order values:

image

Related Work

redjubjub https://github.com/ZcashFoundation/redjubjub/issues/127

dconnolly commented 2 years ago

@conradoplg is going to shepherd this to completion 🙏