-
Notifications
You must be signed in to change notification settings - Fork 311
/
Copy pathindex.ts
86 lines (75 loc) · 3.53 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import { AztecAddress } from '@aztec/foundation/aztec-address';
import { poseidon2Hash, sha512ToGrumpkinScalar } from '@aztec/foundation/crypto';
import { type Fr, type GrumpkinScalar } from '@aztec/foundation/fields';
import { Grumpkin } from '../barretenberg/crypto/grumpkin/index.js';
import { GeneratorIndex } from '../constants.gen.js';
import { type GrumpkinPrivateKey } from '../types/grumpkin_private_key.js';
import { type PublicKey } from '../types/public_key.js';
export function computeAppNullifierSecretKey(masterNullifierSecretKey: GrumpkinPrivateKey, app: AztecAddress): Fr {
return poseidon2Hash([masterNullifierSecretKey.high, masterNullifierSecretKey.low, app, GeneratorIndex.NSK_M]);
}
export function deriveMasterNullifierSecretKey(secretKey: Fr): GrumpkinScalar {
return sha512ToGrumpkinScalar([secretKey, GeneratorIndex.NSK_M]);
}
export function deriveMasterIncomingViewingSecretKey(secretKey: Fr): GrumpkinScalar {
return sha512ToGrumpkinScalar([secretKey, GeneratorIndex.IVSK_M]);
}
export function deriveSigningKey(secretKey: Fr): GrumpkinScalar {
// TODO(#5837): come up with a standard signing key derivation scheme instead of using ivsk_m as signing keys here
return sha512ToGrumpkinScalar([secretKey, GeneratorIndex.IVSK_M]);
}
export function computePublicKeysHash(
masterNullifierPublicKey: PublicKey,
masterIncomingViewingPublicKey: PublicKey,
masterOutgoingViewingPublicKey: PublicKey,
masterTaggingPublicKey: PublicKey,
): Fr {
return poseidon2Hash([
masterNullifierPublicKey,
masterIncomingViewingPublicKey,
masterOutgoingViewingPublicKey,
masterTaggingPublicKey,
GeneratorIndex.PUBLIC_KEYS_HASH,
]);
}
export function computeAddress(publicKeysHash: Fr, partialAddress: Fr) {
const addressFr = poseidon2Hash([publicKeysHash, partialAddress, GeneratorIndex.CONTRACT_ADDRESS_V1]);
return AztecAddress.fromField(addressFr);
}
/**
* Computes secret and public keys and public keys hash from a secret key.
* @param secretKey - The secret key to derive keys from.
* @returns The derived keys.
*/
export function deriveKeys(secretKey: Fr) {
const curve = new Grumpkin();
// First we derive master secret keys - we use sha512 here because this derivation will never take place
// in a circuit
const masterNullifierSecretKey = deriveMasterNullifierSecretKey(secretKey);
const masterIncomingViewingSecretKey = deriveMasterIncomingViewingSecretKey(secretKey);
const masterOutgoingViewingSecretKey = sha512ToGrumpkinScalar([secretKey, GeneratorIndex.OVSK_M]);
const masterTaggingSecretKey = sha512ToGrumpkinScalar([secretKey, GeneratorIndex.TSK_M]);
// Then we derive master public keys
const masterNullifierPublicKey = curve.mul(curve.generator(), masterNullifierSecretKey);
const masterIncomingViewingPublicKey = curve.mul(curve.generator(), masterIncomingViewingSecretKey);
const masterOutgoingViewingPublicKey = curve.mul(curve.generator(), masterOutgoingViewingSecretKey);
const masterTaggingPublicKey = curve.mul(curve.generator(), masterTaggingSecretKey);
// We hash the public keys to get the public keys hash
const publicKeysHash = computePublicKeysHash(
masterNullifierPublicKey,
masterIncomingViewingPublicKey,
masterOutgoingViewingPublicKey,
masterTaggingPublicKey,
);
return {
masterNullifierSecretKey,
masterIncomingViewingSecretKey,
masterOutgoingViewingSecretKey,
masterTaggingSecretKey,
masterNullifierPublicKey,
masterIncomingViewingPublicKey,
masterOutgoingViewingPublicKey,
masterTaggingPublicKey,
publicKeysHash,
};
}