Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant checks during note encryption #394

Merged
merged 1 commit into from
May 26, 2023
Merged

Remove redundant checks during note encryption #394

merged 1 commit into from
May 26, 2023

Conversation

str4d
Copy link
Contributor

@str4d str4d commented May 19, 2023

The consistency check between esk and ephemeral_key is checked inside zcash_note_encryption::try_output_recovery_with_ock, and the requirement to check it inside the Domain implementation is being lifted in zcash/librustzcash#848.

Removing the check here improves performance, both because we avoid an extra scalar multiplication from esk.derive_public(), and because we avoid an unnecessary spec::diversify_hash() call which is expensive for Orchard.

@str4d
Remove redundant checks during note encryption
90e64cb 
The consistency check between `esk` and `ephemeral_key` is checked
inside `zcash_note_encryption::try_output_recovery_with_ock`, and the
requirement to check it inside the `Domain` implementation is being
lifted in zcash/librustzcash#848.

Removing the check here improves performance, both because we avoid an
extra scalar multiplication from `esk.derive_public()`, and because we
avoid an unnecessary `spec::diversify_hash()` call which is expensive
for Orchard.
This was referenced May 19, 2023
Merged
Closed
@codecov-commenter
Copy link

codecov-commenter commented May 19, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.37 ⚠️

Comparison is base (3619b86) 83.42% compared to head (90e64cb) 83.06%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #394      +/-   ##
==========================================
- Coverage   83.42%   83.06%   -0.37%     
==========================================
  Files          32       32              
  Lines        2691     2627      -64     
==========================================
- Hits         2245     2182      -63     
+ Misses        446      445       -1
Impacted Files Coverage Δ
src/note_encryption.rs 84.37% <100.00%> (+0.21%) ⬆️

... and 8 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

daira
daira reviewed May 19, 2023
View reviewed changes
src/note_encryption.rs
Comment on lines +218 to +219
_esk: &Self::EphemeralSecretKey,
_ephemeral_key: &EphemeralKeyBytes,
Copy link
Contributor

@daira daira May 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_esk: &Self::EphemeralSecretKey,
_ephemeral_key: &EphemeralKeyBytes,

See https://github.com/zcash/librustzcash/pull/848/files#r1199198303

It may seem as though this is making life more difficult because removing these arguments is a breaking change, but strictly speaking the change to the guarantee of the method is a breaking API change anyway, even if not one that would otherwise be detected by the Rust compiler.

That is, it would be incorrect to mix a version of orchard from after this PR with a version of zcash_note_encryption from before zcash/librustzcash#848 — not (as it happens) because it would be insecure per se, but because that usage hasn't been reviewed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mixing in the way you describe cannot happen, because the traits would not be version-compatible. Rust code is never dynamically linked internally.

daira
daira approved these changes May 19, 2023
View reviewed changes
Copy link
Contributor

@daira daira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK modulo comment (if this suggestion is followed).

@daira
Copy link
Contributor

daira commented May 19, 2023

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.37 ⚠️

Comparison is base (3619b86) 83.42% compared to head (90e64cb) 83.06%.

Additional details and impacted files

umbrella View full report in Codecov by Sentry. 📢 Do you have feedback about the report comment? Let us know in this issue.

Looking at the full report, it's actually an increase in coverage — which makes sense, because we previously had a error case that wasn't reachable. I think the reported overall decrease is due to nondeterminism.

@mpguerra mpguerra mentioned this pull request May 24, 2023
Closed
nuttycom
nuttycom approved these changes May 26, 2023
View reviewed changes
Copy link
Contributor

@nuttycom nuttycom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@nuttycom nuttycom merged commit 729def6 into main May 26, 2023
@nuttycom nuttycom deleted the note-encryption-avoid-redundant-checks branch May 26, 2023 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daira daira daira approved these changes

@nuttycom nuttycom nuttycom approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@str4d @codecov-commenter @daira @nuttycom