├── .github └── workflows │ └── test_vectors.yml ├── .gitignore ├── COPYING.md ├── LICENSE-APACHE ├── LICENSE-MIT ├── README.md ├── orchard_vesta.py ├── poetry.lock ├── pyproject.toml ├── regenerate.sh ├── test-vectors ├── json │ ├── bip_0032.json │ ├── f4jumble.json │ ├── f4jumble_long.json │ ├── orchard_empty_roots.json │ ├── orchard_generators.json │ ├── orchard_group_hash.json │ ├── orchard_key_components.json │ ├── orchard_map_to_curve.json │ ├── orchard_merkle_tree.json │ ├── orchard_note_encryption.json │ ├── orchard_poseidon.json │ ├── orchard_poseidon_hash.json │ ├── orchard_sinsemilla.json │ ├── orchard_zip32.json │ ├── sapling_generators.json │ ├── sapling_key_components.json │ ├── sapling_note_encryption.json │ ├── sapling_signatures.json │ ├── sapling_zip32.json │ ├── sapling_zip32_hard.json │ ├── unified_address.json │ ├── unified_full_viewing_keys.json │ ├── unified_incoming_viewing_keys.json │ ├── zip_0032_arbitrary.json │ ├── zip_0032_registered.json │ ├── zip_0143.json │ ├── zip_0243.json │ ├── zip_0244.json │ ├── zip_0316.json │ └── zip_0320.json ├── rust │ ├── bip_0032.rs │ ├── f4jumble.rs │ ├── f4jumble_long.rs │ ├── orchard_empty_roots.rs │ ├── orchard_generators.rs │ ├── orchard_group_hash.rs │ ├── orchard_key_components.rs │ ├── orchard_map_to_curve.rs │ ├── orchard_merkle_tree.rs │ ├── orchard_note_encryption.rs │ ├── orchard_poseidon.rs │ ├── orchard_poseidon_hash.rs │ ├── orchard_sinsemilla.rs │ ├── orchard_zip32.rs │ ├── sapling_generators.rs │ ├── sapling_key_components.rs │ ├── sapling_note_encryption.rs │ ├── sapling_signatures.rs │ ├── sapling_zip32.rs │ ├── sapling_zip32_hard.rs │ ├── unified_address.rs │ ├── unified_full_viewing_keys.rs │ ├── unified_incoming_viewing_keys.rs │ ├── zip_0032_arbitrary.rs │ ├── zip_0032_registered.rs │ ├── zip_0143.rs │ ├── zip_0243.rs │ ├── zip_0244.rs │ ├── zip_0316.rs │ └── zip_0320.rs └── zcash │ ├── bip_0032.json │ ├── f4jumble.json │ ├── f4jumble_long.json │ ├── orchard_empty_roots.json │ ├── orchard_generators.json │ ├── orchard_group_hash.json │ ├── orchard_key_components.json │ ├── orchard_map_to_curve.json │ ├── orchard_merkle_tree.json │ ├── orchard_note_encryption.json │ ├── orchard_poseidon.json │ ├── orchard_poseidon_hash.json │ ├── orchard_sinsemilla.json │ ├── orchard_zip32.json │ ├── sapling_generators.json │ ├── sapling_key_components.json │ ├── sapling_note_encryption.json │ ├── sapling_signatures.json │ ├── sapling_zip32.json │ ├── sapling_zip32_hard.json │ ├── unified_address.json │ ├── unified_full_viewing_keys.json │ ├── unified_incoming_viewing_keys.json │ ├── zip_0032_arbitrary.json │ ├── zip_0032_registered.json │ ├── zip_0143.json │ ├── zip_0243.json │ ├── zip_0244.json │ ├── zip_0316.json │ └── zip_0320.json └── zcash_test_vectors ├── __init__.py ├── bech32m.py ├── f4jumble.py ├── ff1.py ├── hd_common.py ├── orchard ├── __init__.py ├── commitments.py ├── empty_roots.py ├── generators.py ├── group_hash.py ├── iso_pallas.py ├── key_components.py ├── merkle_tree.py ├── note.py ├── note_encryption.py ├── pallas.py ├── poseidon.py ├── sinsemilla.py ├── utils.py └── zip32.py ├── output.py ├── rand.py ├── sapling ├── __init__.py ├── generators.py ├── jubjub.py ├── key_components.py ├── merkle_tree.py ├── note_encryption.py ├── notes.py ├── pedersen.py ├── redjubjub.py └── zip32.py ├── transaction.py ├── transparent ├── __init__.py ├── bip_0032.py ├── zip_0316.py └── zip_0320.py ├── unified_address.py ├── unified_encoding.py ├── unified_full_viewing_keys.py ├── unified_incoming_viewing_keys.py ├── utils.py ├── zc_utils.py ├── zip_0032.py ├── zip_0143.py ├── zip_0243.py └── zip_0244.py /.github/workflows/test_vectors.yml: -------------------------------------------------------------------------------- 1 | name: Check test vectors 2 | 3 | on: pull_request 4 | 5 | jobs: 6 | verify: 7 | name: ${{ matrix.name }} 8 | runs-on: ubuntu-latest 9 | strategy: 10 | matrix: 11 | kind: ['rust', 'json', 'zcash'] 12 | include: 13 | - kind: 'rust' 14 | name: 'Rust' 15 | - kind: 'json' 16 | name: 'JSON' 17 | - kind: 'zcash' 18 | name: 'Bitcoin-flavoured JSON' 19 | fail-fast: false 20 | 21 | steps: 22 | - uses: actions/checkout@v2 23 | 24 | - name: Install gnome-keyring 25 | run: sudo apt-get install gnome-keyring 26 | 27 | - name: Install poetry 28 | run: pip install --user poetry 29 | 30 | - name: Install dependencies 31 | run: poetry install --no-root 32 | 33 | - name: Regenerate test vectors 34 | run: ./regenerate.sh ${{ matrix.kind }} all 35 | 36 | - name: Verify there are no changes 37 | run: git diff; git ls-files --others --exclude-standard; test -z "$(git status --porcelain)" 38 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | env/ 2 | __pycache__/ 3 | 4 | .*.swp 5 | *.*~* 6 | *.bak 7 | *.pyc 8 | *.pyo 9 | -------------------------------------------------------------------------------- /COPYING.md: -------------------------------------------------------------------------------- 1 | # License 2 | 3 | Licensed under either of 4 | 5 | * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) 6 | * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) 7 | 8 | at your option. 9 | 10 | # Contribution 11 | 12 | Unless you explicitly state otherwise, any contribution intentionally 13 | submitted for inclusion in the work by you, as defined in the Apache-2.0 14 | license, shall be dual licensed as above, without any additional terms or 15 | conditions. 16 | 17 | -------------------------------------------------------------------------------- /LICENSE-MIT: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2018-2021 The Electric Coin Company 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Zcash Python test vectors 2 | 3 | Code to generate test vectors for various parts of Zcash. 4 | 5 | The generated test vectors are checked into the repository: 6 | - `test-vectors/json/`: JSON format. 7 | - `test-vectors/rust/`: Rust format, suitable for copying into a Rust library or 8 | application to use from `#[cfg(test)]` code. 9 | - `test-vectors/zcash/`: Bitcoin-flavoured JSON format (where 256-bit values are 10 | encoded as byte-reversed hex strings), for use in `zcashd` unit tests. 11 | 12 | To generate the test vectors yourself (for example, to generate a larger set 13 | after adjusting: 14 | 15 | - Install [`poetry`](https://python-poetry.org/). 16 | - `poetry install` 17 | - `poetry run SCRIPT_NAME [-t json|rust|zcash]` 18 | - `SCRIPT_NAME` is one of the scripts listed in `pyproject.toml`. 19 | 20 | ## License 21 | 22 | Licensed under either of 23 | 24 | * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) 25 | * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) 26 | 27 | at your option. 28 | 29 | ### Contribution 30 | 31 | Unless you explicitly state otherwise, any contribution intentionally 32 | submitted for inclusion in the work by you, as defined in the Apache-2.0 33 | license, shall be dual licensed as above, without any additional terms or 34 | conditions. 35 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "zcash-test-vectors" 3 | version = "0.1.0" 4 | description = "Zcash test vectors" 5 | authors = [ 6 | "Jack Grigg ", 7 | "Daira-Emma Hopwood ", 8 | "Ying Tong Lai ", 9 | "Taylor Hornby ", 10 | "Kris Nuttycombe ", 11 | "Simon ", 12 | "Ariel Gabizon ", 13 | "Deirdre Connolly ", 14 | ] 15 | license = "MIT OR Apache-2.0" 16 | readme = "README.md" 17 | homepage = "https://github.com/zcash-hackworks/zcash-test-vectors/" 18 | repository = "https://github.com/zcash-hackworks/zcash-test-vectors/" 19 | documentation = "https://github.com/zcash-hackworks/zcash-test-vectors/" 20 | classifiers = [ 21 | "Private :: Do Not Upload", 22 | ] 23 | 24 | [build-system] 25 | requires = ["poetry-core"] 26 | build-backend = "poetry.core.masonry.api" 27 | 28 | [tool.poetry.dependencies] 29 | python = "^3.9" 30 | numpy = "1.26.4" 31 | chacha20poly1305 = "0.0.3" 32 | cryptography = "38.0.1" 33 | secp256k1 = "0.14.0" 34 | base58 = "2.1.1" 35 | ripemd-hash = "^1.0.1" 36 | 37 | [tool.poetry.scripts] 38 | # General test vectors 39 | f4jumble = "zcash_test_vectors.f4jumble:main" 40 | f4jumble_long = "zcash_test_vectors.f4jumble:long_test_vectors" 41 | unified_address = "zcash_test_vectors.unified_address:main" 42 | unified_full_viewing_keys = "zcash_test_vectors.unified_full_viewing_keys:main" 43 | unified_incoming_viewing_keys = "zcash_test_vectors.unified_incoming_viewing_keys:main" 44 | zip_0032_registered = "zcash_test_vectors.zip_0032:registered_key_derivation_tvs" 45 | zip_0032_arbitrary = "zcash_test_vectors.zip_0032:arbitrary_key_derivation_tvs" 46 | zip_0143 = "zcash_test_vectors.zip_0143:main" 47 | zip_0243 = "zcash_test_vectors.zip_0243:main" 48 | zip_0244 = "zcash_test_vectors.zip_0244:main" 49 | 50 | # Transparent test vectors 51 | bip_0032 = "zcash_test_vectors.transparent.bip_0032:main" 52 | zip_0316 = "zcash_test_vectors.transparent.zip_0316:main" 53 | zip_0320 = "zcash_test_vectors.transparent.zip_0320:main" 54 | 55 | # Sapling test vectors 56 | sapling_generators = "zcash_test_vectors.sapling.generators:main" 57 | sapling_key_components = "zcash_test_vectors.sapling.key_components:main" 58 | sapling_note_encryption = "zcash_test_vectors.sapling.note_encryption:main" 59 | sapling_signatures = "zcash_test_vectors.sapling.redjubjub:main" 60 | sapling_zip32 = "zcash_test_vectors.sapling.zip32:main" 61 | sapling_zip32_hard = "zcash_test_vectors.sapling.zip32:hard" 62 | 63 | # Orchard test vectors 64 | orchard_empty_roots = "zcash_test_vectors.orchard.empty_roots:main" 65 | orchard_generators = "zcash_test_vectors.orchard.generators:main" 66 | orchard_group_hash = "zcash_test_vectors.orchard.group_hash:main" 67 | orchard_map_to_curve = "zcash_test_vectors.orchard.group_hash:map_to_curve_test_vectors" 68 | orchard_key_components = "zcash_test_vectors.orchard.key_components:main" 69 | orchard_merkle_tree = "zcash_test_vectors.orchard.merkle_tree:main" 70 | orchard_note_encryption = "zcash_test_vectors.orchard.note_encryption:main" 71 | orchard_poseidon = "zcash_test_vectors.orchard.poseidon:main" 72 | orchard_poseidon_hash = "zcash_test_vectors.orchard.poseidon:hash_test_vectors" 73 | orchard_sinsemilla = "zcash_test_vectors.orchard.sinsemilla:main" 74 | orchard_zip32 = "zcash_test_vectors.orchard.zip32:main" 75 | -------------------------------------------------------------------------------- /regenerate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | case "$1" in 4 | "rust" ) 5 | gen_types=(rust) 6 | ;; 7 | "zcash" ) 8 | gen_types=(zcash) 9 | ;; 10 | "json") 11 | gen_types=(json) 12 | ;; 13 | "all") 14 | gen_types=(rust zcash json) 15 | ;; 16 | *) 17 | echo "Unexpected generation type: $1" 18 | exit 1 19 | ;; 20 | esac 21 | 22 | case "$2" in 23 | "all" ) 24 | tv_scripts=( 25 | bip_0032 26 | f4jumble 27 | f4jumble_long 28 | orchard_empty_roots 29 | orchard_generators 30 | orchard_group_hash 31 | orchard_key_components 32 | orchard_map_to_curve 33 | orchard_merkle_tree 34 | orchard_note_encryption 35 | orchard_poseidon 36 | orchard_poseidon_hash 37 | orchard_sinsemilla 38 | orchard_zip32 39 | sapling_generators 40 | sapling_key_components 41 | sapling_note_encryption 42 | sapling_signatures 43 | sapling_zip32 44 | sapling_zip32_hard 45 | unified_address 46 | unified_full_viewing_keys 47 | unified_incoming_viewing_keys 48 | zip_0032_registered 49 | zip_0032_arbitrary 50 | zip_0143 51 | zip_0243 52 | zip_0244 53 | zip_0316 54 | zip_0320) 55 | ;; 56 | *) 57 | tv_scripts=($2) 58 | ;; 59 | esac 60 | 61 | for gen_type in "${gen_types[@]}" 62 | do 63 | echo "Generating $gen_type test vectors..." 64 | case "$gen_type" in 65 | "rust" ) 66 | extension="rs" 67 | ;; 68 | "zcash" ) 69 | extension="json" 70 | ;; 71 | "json") 72 | extension="json" 73 | ;; 74 | esac 75 | 76 | for generator in "${tv_scripts[@]}" 77 | do 78 | echo "# $generator" 79 | poetry run $generator -t $gen_type >test-vectors/$gen_type/$generator.$extension 80 | done 81 | echo "Finished $gen_type." 82 | done 83 | -------------------------------------------------------------------------------- /test-vectors/json/bip_0032.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/bip_0032.py"], 3 | ["c, pk, address, external_ovk, internal_ovk, account"], 4 | ["9ba0439c6a2d3d903883d4537c362288626da62c6299012e362d8fb6efebab47", "02ed638532c475f67400350fb1d6eda559cdc289a19b4319eb175140aa86893836", "6725f262bba6422fd47c305b8378c4994241c442", "d486352dd1d66698a61634ab219a2a6ea3c2ee9879cc828403ba9969505774dd", "7390ae2df31ceeb264cfbbcbbffd2d973db68cf572a756d32d5bd3ec0046597f", 0], 5 | ["fa9291b353be21ac452f85cb96e4fc978d352e34c5c0259ac28d0beab1b8e298", "03fc399e613d010865d5a1fa8765b7109f9db1ed56218983f9bd54b8c712478829", "04631ad8902ad2fc5641bbe935dea67950bb9c59", "d2bd69a3d3e825e3633f497fc1b504baf67329a9167487d0fd98cae5d1a96613", "c801859bd2fb9f090d6518e1fe192784e75ab769c8ec6621f7bc0c1320820b0a", 1], 6 | ["f6a704fc093882166a88eeb243e2658f0eb7b5b7943ce47c3924c67c96474cea", "029f1794895562430d5dc8be5e88cfeee3261d6be4e6eb5b238ecc9e7ebdeb1bf0", "0bec65aa3cf1af84a95da1e6b9e4a52b74428ff6", "a60caa830f08d4a54c39802c0adc1c2ba422ceb8097cd126a20813f57e4d2f82", "14f5959221338f3adb60df69042dea7cfbd8720c3fad1debaa0bea8174cea56e", 2], 7 | ["3ebe46d6204feeb43bd83511cd816134c2f03d8582c664318cc60063eca38a04", "020f8aed7690bc84e3fa6510c362bb9290904b6ff5b75e4e5ca6de821bf3389fae", "752c53a43b8a44182550ed668d49941c4fef5502", "0096ddb9cea03e17f2430ce3f61df8cd43309450f01efd6f5b33aec7ace165bd", "23b2ef2b1ee48af6459ce7f06125143dc95cbe1ebf49d411db91e88b59341406", 3], 8 | ["934d5c7b67ecebc7fe717ffba06f30973ecdb4735dd8c8173528c357ec23311f", "039efddc9cc1bf9f4214a09a7f0188540789b26197cdededc993be5381587f79de", "1a8faa82b6fe128553c2f3f38b2251d8888048ab", "ed3ec5b6232762b0da1b1cc4c62e1e4f3029274048e3f1808146401fc4d1f61c", "19d7d937ae9a49b1a5237a06c5ef3c7da8de44e6cd643be3fde7091468cc249c", 4], 9 | ["03eb452dae94c4eea9077f245d72b1a1e08fa7d496702e6d45b9f5b3d493b694", "03e032029bfe0abdf00e26eee77e4c3b55674486c903428648b26adb5c11ced5b3", "e59b1c45cfda3f6f2df78d04bd0df8a593178836", "c73cd390f8f47dba4c874c12c223ea478e2b40c4fc8f5ecfc5a1da1038ec4529", "4b15904c8c31ea272280eb75fbfa5ebdfa31607083ac560d8f6e6ee3690c00a4", 5], 10 | ["decf85430db48489cdd894aa29a78b3315d23bb625882757e3396df6e3bad6ca", "028efe8fa9b8827f87484aa186873372a46e538a1c3f341adb9c3369ac4d4f707a", "3a9c2ad950098f111c3edd0d3eb3091c96ea8356", "5c49a56adfff55b7fba28f52f20e3064dedb2a65b30f19f68aed5889cdd7e430", "4d55d6dd2870c2f62948685d0e70271a45e490f6b8c36502835abc92ca925ff3", 6], 11 | ["694cc09dd242e4a7b74e3b3cd795fe6959fa577ba56fdeb5fcf4c1a4502dec75", "0214158dc4631f2a3784bfb42b9ad44dcb779dcf0f26a1def9120f81c9836bf4b5", "0ff6c3ebc62538ff1d690dc8e07a913b15fee1c5", "a26104003527bbf939b60026d728d56cdaa5cded07209a2c62f86de7298618ad", "917f767b534bd821b24639860049ef4c8ef8a2ecfb6291dc15a8bda2f65b8c23", 7], 12 | ["3eea1408bffa9c4c02df5dd174e8b56e4506caade7839267761227e4da2506a5", "035d0d7224c3beb78bc67c214f56731b3ffb27b06310a1e6093384f6eb72b6c5f6", "9ff43f3f0121bf054c14ea0d9d849e0b02e94687", "7aa8b1f66da9febf1a8ca92faa4b3f838ab4503ea4183dcf05f67c1b13587910", "77d19354bdc0eaf3b40065b9c7fac8c2f704081774abde2d15131f80964d76fd", 8], 13 | ["b60895766bdad050ed932d0099832255dc0966eab8f98a3b1577f450f226a941", "0295599fc048f2181156f9e453735d989eb61623f6eee8a060b8f3fa59666cdfe1", "daebdd957be54702db56dd0d1c19a77606dfecd5", "a53077620617c1d1ceada1212ee5483e1cd31034821c598c0490e897a960e8cb", "48162080f8574d87ab7141450646e2837917dfd838daac0b5932d156dcecbb2f", 9] 14 | ] 15 | -------------------------------------------------------------------------------- /test-vectors/json/f4jumble_long.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/f4jumble_long.py"], 3 | ["length, jumbled_hash"], 4 | [3246395, "3fc2ecdfb68696571d89e8beddb647e6990b63a0171c36442273d687bd99257ec5002ec8197801b621732d6b05b8d70f688620a4c08873c12e4439a0127dc945"], 5 | [4194368, "a5f18f163e598d4adb6ea7248057e24c1b61f29b33b7abcdabd420a0f2ee6c3ed31394652f28b59c44d3ea9ecf85f4d501e6aac14df288efd62cf80d1829d025"] 6 | ] 7 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_empty_roots.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_empty_roots.py"], 3 | ["empty_roots"], 4 | [["0200000000000000000000000000000000000000000000000000000000000000", "d1ab2507c809c2713c000f525e9fbdcb06c958384e51b9cc7f792dde6c97f411", "c7413f4614cd64043abbab7cc1095c9bb104231cea89e2c3e0df83769556d030", "2111fc397753e5fd50ec74816df27d6ada7ed2a9ac3816aab2573c8fac794204", "806afbfeb45c64d4f2384c51eff30764b84599ae56a7ab3d4a46d9ce3aeab431", "873e4157f2c0f0c645e899360069fcc9d2ed9bc11bf59827af0230ed52edab18", "27ab1320953ae1ad70c8c15a1253a0a86fbc8a0aa36a84207293f8a495ffc402", "4e14563df191a2a65b4b37113b5230680555051b22d74a8e1f1d706f90f3133b", "b3bbe4f993d18a0f4eb7f4174b1d8555ce3396855d04676f1ce4f06dda07371f", "4ef5bde9c6f0d76aeb9e27e93fba28c679dfcb991cbcb8395a2b57924cbd170e", "a3c02568acebf5ca1ec30d6a7d7cd217a47d6a1b8311bf9462a5f939c6b74307", "3ef9b30bae6122da1605bad6ec5d49b41d4d40caa96c1cf6302b66c5d2d10d39", "22ae2800cb93abe63b70c172de70362d9830e53800398884a7a64ff68ed99e0b", "187110d92672c24cedb0979cdfc917a6053b310d145c031c7292bb1d65b7661b", "3f98adbe364f148b0cc2042cafc6be1166fae39090ab4b354bfb6217b964453b", "63f8dbd10df936f1734973e0b3bd25f4ed440566c923085903f696bc6347ec0f", "2182163eac4061885a313568148dfae564e478066dcbe389a0ddb1ecb7f5dc34", "bd9dc0681918a3f3f9cd1f9e06aa1ad68927da63acc13b92a2578b2738a6d331", "ca2ced953b7fb95e3ba986333da9e69cd355223c929731094b6c2174c7638d2e", "55354b96b56f9e45aae1e0094d71ee248dabf668117778bdc3c19ca5331a4e1a", "7097b04c2aa045a0deffcaca41c5ac92e694466578f5909e72bb78d33310f705", "e81d6821ff813bd410867a3f22e8e5cb7ac5599a610af5c354eb392877362e01", "157de8567f7c4996b8c4fdc94938fd808c3b2a5ccb79d1a63858adaa9a6dd824", "fe1fce51cd6120c12c124695c4f98b275918fceae6eb209873ed73fe73775d0b", "1f91982912012669f74d0cfa1030ff37b152324e5b8346b3335a0aaeb63a0a2d", "5dec15f52af17da3931396183cbbbfbea7ed950714540aec06c645c754975522", "e8ae2ad91d463bab75ee941d33cc5817b613c63cda943a4c07f600591b088a25", "d53fdee371cef596766823f4a518a583b1158243afe89700f0da76da46d0060f", "15d2444cefe7914c9a61e829c730eceb216288fee825f6b3b6298f6f6b6bd62e", "4c57a617a0aa10ea7a83aa6b6b0ed685b6a3d9e5b8fd14f56cdc18021b12253f", "3fd4915c19bd831a7920be55d969b2ac23359e2559da77de2373f06ca014ba27", "87d063cd07ee4944222b7762840eb94c688bec743fa8bdf7715c8fe29f104c2a", "ae2935f1dfd8a24aed7c70df7de3a668eb7a49b1319880dde2bbd9031ae5d82f"]] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_generators.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_generators.py"], 3 | ["skb, nkb, vcvb, vcrb, cmb, cmq, ivkb, ivkq, mcq"], 4 | ["63c975b884721a8d0ca1707be30c7f0c5f445f3e7c188d3b06d6f128b32355b7", "75ca47e4a76a6fd39bdbb5cc92b17e5ecfc9f4fa7155372e8d19a89c16aae725", "6743f93a6ebda72a8c7c5a2b7fa304fe32b29b4f706aa8f7420f3d8e7a59702f", "915a3c8868c6c30e2f8090ee45d76e4048208dea5b23664fbb09a40f5544f407", "136efc0f482c022c7ca414fc5cc59e23f23d6f93ab9f23cd3345a928c306b2a6", "5d74a84009ba0e322add46fd5a0f96c55dedb079b4f29ff70dcdfb56a0078097", "18a1f85f6e482398c7ed1ad3e27f9502488980400a2934164e137050cd2ca2a5", "f2820f79922fcb6b32a2285124cc1b42fa41a25ab881cc7d11c8a94af10cbc05", "a0c6297ff9c7b9f870108dc055b9bec9990e89ef5a360fa0b918a86396d21616"] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_group_hash.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_group_hash.py"], 3 | ["domain, msg, point"], 4 | ["7a2e636173683a74657374", "5472616e7320726967687473206e6f7721", "d36b0b649b5c6936027a180f7d254023956fc2883ddf23ffc3c8fd1fa3cd1818"], 5 | ["7a2e636173683a746573742d6c6f6e676572", "8f739a2d9e945b0ce152a8049e294c4d6e66b164939daffa2ef6ee6921481cdd86b3cc4318d9614fc820905d042bb1ef9ca3f24988c7b3534201cfb1cd8dbf69b8250c18ef41294ca97993db546c1fe01f7e9c8e36d6a5e29d4e30a73594bf5098421c69378af1e40f64e125946f62c2fa7b2fecbcb64b696891", "d3603e4f2667e77c77248fd5be8d807723d727e22fc4a11d1ff557dd61dd4db4"], 6 | ["7a2e636173683a74657374", "81ce3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d06a745f44ab023752cb5b406ed8985e18130ab33362697b0e4e4c763ccb8f676495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c3e", "f61d4de9907a6593d4c6b642475f51ca2893fccf9c48f5282df25c9bb6dad903"], 7 | ["7a2e636173683a74657374", "360c1d3710acd20b183e31d49f25c9a138f49b1a537edcf04be34a9851a7af9db6990ed83dd64af3597c04323ea51b0052ad8084a8b9da948d320dadd64f5431e61ddf658d24ae67c22c8d1309131fc00fe7f235734276d38d47f1e191e00c7a1d48af046827591e9733a97fa6b679f3dc601d008285edcbdae69ce8fc1be4aac00ff2711ebd931de518856878f73476f21a482ec9378365c8f7393c94e2885315eb4671098b79535e790fe53e29fef2b3766697ac32b4f473f468a008e72389fc03880d780cb07fcfaabe3f1a84b27db59a4a", "e9dcf5fd98cb6fd4fdc0f8f9dd462d59e1de9c69c6042d1aee40d1b5f82ef934"], 8 | ["7a2e636173683a746573742d6c6f6e676572", "882d2b2103596555ed9494c6ac893c49723833ec8926c1039586a7afcf4a0d9c731e985d99589c8bb838e8aaf745533ed9e8ae3a1cd074a51a20da8aba", "f38cb5e1607c7122cef731c8e61875b8c1f3e2ec06c59e9ccadbd3a2cae8683f"], 9 | ["7a2e636173683a74657374", "dbebbc862ded42435e92476930d069896cff30eb414f727b89e001afa2fb8dc3436d75a4a6f26572504b192232ecb9f0c02411e52596bc5e90457e745939ffedbd12863ce71a02af117d417adb3d15cc54dcb1fce467500c6b8fb86b12b56da9c382857deecc40a98d5f2935395ee4762dd21afdbb5d47fa9a6dd984d567db2857b927b7fae2db587105415d4642789d38f50b8dbcc129cab3d17d19f3355bcf73cecb8cb8a5da01307152f13936a270572670dc82d39026c6cb4cd4b0f7f5aa2a4f5a5341ec5dd715406f2fdd2afa733f", "3dec032860f1a851516af37b68acccf36e2a80be13ee367eac1aac725dbcf685"], 10 | ["7a2e636173683a746573742d6c6f6e676572", "1c8c21862a1bafce2609d9eecfa158cfb5cd79f88008e315dc7d8388e76c1782fd2795d18a763624c25fa959cc97489ce75745824b77868c53239cfbdf73caec65604037314faaceb56218c6bd30f8374ac13386793f21a9fb80ad03bc0cda4a44946c00", "ae528872f06cc179a154eec2ddf74dcf5c49c4115c6ab74d7f316e46b1648e19"], 11 | ["7a2e636173683a746573742d6c6f6e676572", "a1df0e5b87b5bece477a709649e950060591394812951e1fe3895b8cc3d14d2cf6556df6ed4b4ddd3d9a69f53357d7767f4f5ccbdbc596631277f8fecd08cb056b95e3025b9792fff7f244fc716269b926d62e9596fa825c6bf21aff9e68625a192440ea06828123d97884806f15fa08da52754a1095e3ff1abd5ce4fddfccfc3a6128aef784a64610a89d1a7099216d0814d3a2d452431c32d411ac1cce82ad0229407bbc48985675e3f874a4533f1d63", "cc904e5e31834b4f85d6a662c54e7daa8d3e34ce22428c3e8a53cc6ee83387a9"], 12 | ["7a2e636173683a74657374", "fa3e0f460fe2f57e34fbc75423c3737f5b2a0615f5722db041a3ef66fa483afd3c2e19e59444a64add6df1d963f5dd5b5010d3d025f0287c4cf19c75f33d51ddddba5d657b43ee8da645443814", "b05eb0cc20ef29fdb9f58f6b5599114d1bf821497af7c107ea0bdff974f17f3b"], 13 | ["7a2e636173683a74657374", "29f3e9b4e54c236c29af3923101756d9fa4bd0f7d2ddaacb6b0f86a2658e0a07a05ac5b950051cd24c47a88d13d659ba2a46ca1830816d09cd7646f76f716abec5de07fe9b523410806ea6f288f8736c23357c85f45791e1708029d9824d90704607f387a03e49bf9836574431345a7877efaa", "5271bed5911339a7c61797a99e87c6b4cd85ae10d0d4aa7e7adb0749816305ae"], 14 | ["7a2e636173683a74657374", "e73081ef8d62cb78", "b61744c0c70d654c025370557aac7fbe421a49707718ba90ff7d9ebdc51d1919"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_map_to_curve.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_map_to_curve.py"], 3 | ["u, point"], 4 | ["0000000000000000000000000000000000000000000000000000000000000000", "0038a6bc533233af74b6e2e05c6ecaf66071c6a0f15b58e93df06bd23107152c"], 5 | ["0100000000000000000000000000000000000000000000000000000000000000", "20a13bbf7d671dce4ac9fcd9f9f50714392c28c4e1e9e0373378c972fb22b28b"], 6 | ["2301efcdab89674523f1debc9a78563412efcdab89674523f1debc9a78563412", "2357b297ef830b046cd78e8118742ba1a9658eda8fc1039cc3db36d5647ff2a4"], 7 | ["5c7a8f73adfc70fb3f139449ac6b57074c4d6e66b164939daffa2ef6ee692108", "14266ff4553e4a133570a0a44b6e9b47332eab0077bb132bbc060acc4bfe6037"], 8 | ["1add86b3f2e1bda62a5d2e0e982b77e6b0ef9ca3f24988c7b3534201cfb1cd0d", "f079fce79a0eeb55386df998bd4550c67d04bf5ca27bb1f24d5a60b778897c22"], 9 | ["bd69b82532b6940ff2590f679ba9c7271fe01f7e9c8e36d6a5e29d4e30a73514", "8cbea3a57cd97d81672a714c342f794cfed3d33d36f58461976acbd7eaae97b5"], 10 | ["bc50984255d6afbe9ef92848ed5ac00862c2fa7b2fecbcb64b6968912a63810e", "8f4b9cdcde69cf0a43ad468c9e4203737cd7b0ad5809d872c358daa587a6ca2d"], 11 | ["3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d", "ad6664d8526c29d0adfd5741f1c96430b37132e5447f1584234f5177c21bc4b7"], 12 | ["05a745f45d7ff6db10bc67fdf0f03ebf8130ab33362697b0e4e4c763ccb8f636", "e11bf6864be79d111e3286d3bb039dcdcfccad0e121a3b60c539cf744c48a488"], 13 | ["495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c", "6b468c75af38b6386ad083b2e05ca9dbdbdb9e8ab192de804909f9136e850caa"], 14 | ["3d0ad3361fec097790d9be0e42988d7d25c9a138f49b1a537edcf04be34a9811", "429cdce496a896cf1ebf267260269c866fd83862cf0274c2a79478c612dc139d"], 15 | ["a4af9db6d27b5072835f0c3e88395ed7a41b0052ad8084a8b9da948d320dad16", "afbdfbbc646d2a5604023c2b01563ab24d2f2336706a865084938e6ecbb3c22e"], 16 | ["4d5431e6437d0b5bedbbcdaf345b86c4121fc00fe7f235734276d38d47f1e111", "43cb909391ed2fae2f3f38e95912dda238f21fc9911767c15e58a3b8e0b00a91"] 17 | ] 18 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_poseidon.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_poseidon.py"], 3 | ["initial_state, final_state"], 4 | [["0000000000000000000000000000000000000000000000000000000000000000", "0100000000000000000000000000000000000000000000000000000000000000", "0200000000000000000000000000000000000000000000000000000000000000"], ["56a4ec4a02bcb1aea042b6d0719ae6f70f2466f964b3ef9453b4640bcd6a522a", "2ab8e528963e2a01fedad9be7f2ed4dc12553d34ae7dff7630a44a8b56d1c513", "dd9d4ed3a12990357b2ca4bde1dfcff71a56847959cd6f25446597c668c8490a"]], 5 | [["5c7a8f73adfc70fb3f139449ac6b57074c4d6e66b164939daffa2ef6ee692108", "1add86b3f2e1bda62a5d2e0e982b77e6b0ef9ca3f24988c7b3534201cfb1cd0d", "bd69b82532b6940ff2590f679ba9c7271fe01f7e9c8e36d6a5e29d4e30a73514"], ["d06e2f8338928a7ee7380c77928087cda2fd2961a15269037a22d6d120aedd21", "2955a45f416f10d6bc79ac94d0c069c949e5f4bd09481e1f368cb9b8ee51140d", "0d8376bbe9d65d2b1e136fb7d982ab87c51c403044be5c799d56bb68acf95b10"]], 6 | [["bc50984255d6afbe9ef92848ed5ac00862c2fa7b2fecbcb64b6968912a63810e", "3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d", "05a745f45d7ff6db10bc67fdf0f03ebf8130ab33362697b0e4e4c763ccb8f636"], ["0b77ec5307145a0c052dc7a9d6f96ac341ae72640832d58e51eb92a417801712", "3b523f44f00e463f8b0fd7d4fc0e280cdbdeb927f18168077bb362f2675a2e18", "957a9706ffcc351564ae802a9911314c05e23e22afcf834059df80fac1057626"]], 7 | [["495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c", "3d0ad3361fec097790d9be0e42988d7d25c9a138f49b1a537edcf04be34a9811", "a4af9db6d27b5072835f0c3e88395ed7a41b0052ad8084a8b9da948d320dad16"], ["6780083f7f82cb4254e7b66f4b83846ac9773fb9c39c6ec9818b06222309552a", "a5f9a57e2c40b158d8165343e602652c3efc0b64ddcaeee5ce3d951fd59f5008", "dca46436127c477e83950fa07cc68a566e541855adc268529787352488921e3b"]], 8 | [["4d5431e6437d0b5bedbbcdaf345b86c4121fc00fe7f235734276d38d47f1e111", "dd0c7a1d811c7d9cd46d377b3fdeab3fb679f3dc601d008285edcbdae69ce83c", "19e4aac0359017ec85a183d22053db33f73476f21a482ec9378365c8f7393c14"], ["89998e5e0fa1952a40b8b52b62d94570a49a7d91dd226d692bc9b1a613c90830", "d0ee44d9a90d9079effb2486d3d84d1a184edf14970bac36c74804c7ffbee50b", "048145a661ce787c7e122ac6447e9ba393d367ac054faac5b7b5f7192b2fde21"]], 9 | [["e2885315eb4671098b79535e790fe53e29fef2b3766697ac32b4f473f468a008", "e62389fc1657e0def0b632c6ae25f9f783b27db59a4a153d882d2b2103596515", "eb9494c6d227e2163b4699d991f433bf9486a7afcf4a0d9c731e985d99589c0b"], ["ce2d1f8d677ffbfd73b235e8c687fb42187f7881c3ce9c794f2bd46140f7cc2a", "af829239b6d55d5f43ec6f32b84a2a011e64c574739f87cb47dc702383fa5a34", "03d1085b214c69b8bfe89102bd617ece0c54001796404105c53330d249581d0f"]], 10 | [["b738e8aa0a1526a5bdef613120372e831a20da8aba18d1dbebbc862ded42431e", "91476930e3385cd3e3379e3853d93467e001afa2fb8dc3436d75a4a6f2657210", "4b192232ecb9f0c02411e52596bc5e90457e745939ffedbd12863ce71a02af11"], ["5fccd87d2f667b9ee388f34c1c710687127bff5b0221fd8a529488669157942b", "8962b58030aa6352d990f3b9001ccbe88a5627581bbfb901ac4a6aedfae5c634", "7c0b7659f24c98af310e3e8d82b5f399433cdda58f48d9ef8dd0ca864272da3f"]], 11 | [["7b417adb63b37122a5bf62d26f1e7f268fb86b12b56da9c382857deecc40a90d", "5e29353971b34994b621b0b261aeb3786dd984d567db2857b927b7fae2db5831", "05415d4642789d38f50b8dbcc129cab3d17d19f3355bcf73cecb8cb8a5da0130"], ["9ee1addc6f64dab6acdceaecc1fbbc8a32458e49c19e798556c64b598ba6ff14", "42cc10364fd659c3cc772584db91c49a38672b692493b9075f1653ca1fae1c33", "ff41f351801456c4960b393affa86213a7eac06c66213b45c3b50ec648d67d0d"]], 12 | [["7152f13936a270572670dc82d39026c6cb4cd4b0f7f5aa2a4f5a5341ec5dd715", "406f2fdd2afa733f5f641c8c21862a1bafce2609d9eecfa158cfb5cd79f88008", "e215dc7d9657bad3fb88b01e993844543624c25fa959cc97489ce75745824b37"], ["630915d7d825eb7437b0e46e37286a88b389dc69859307116d347b98ca145c31", "aa581baee94fb546a761f17a5d6eaa7029527842f31c3987b868ed7daffdb534", "7dc117b3391aab85de9f424db6651e0045ab7998f28e54101535906199ce1f1a"]], 13 | [["868c53239cfbdf73caec65604037314faaceb56218c6bd30f8374ac13386793f", "21a9fb80ad03bc0cda4a44946c00e1b1a1df0e5b87b5bece477a709649e95006", "049139482564f185c7900e83c738070af6556df6ed4b4ddd3d9a69f53357d736"], ["6a5a1919a449a5e029711f488adbd6b03e5c927b6f9d9d35c5b3cceb76605203", "80475b4689596147ab2adf0173db289b3a26a104842173e88bdbfec04a28671b", "1ef3c8d0f54444f555b15f7bc9fa4ffa0f567c0f19ac7d0ff944fd36426e323a"]], 14 | [["7d4f5ccb01643c31db845eecd5d63dc16a95e3025b9792fff7f244fc71626939", "26d62e9596fa825c6bf21aff9e68625a192440ea06828123d97884806f15fa08", "d952754a2364b666ffc30fdb014786da3a6128aef784a64610a89d1a7099212d"], ["1b4ac9bef56bdb6fb42d3e3cd3a2ac70a4c40c425b0bd6679ca57b307ef1d42f", "1a2ef41194aaa23432e086ed8adbd1deec3c7cb396de35bae95aaf5a08a0ec36", "68eb80c73e2ccbdee1ba71247761d5b5ecc620e6e48e003b023d9f5561662f20"]] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_poseidon_hash.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_poseidon_hash.py"], 3 | ["input, output"], 4 | [["0000000000000000000000000000000000000000000000000000000000000000", "0100000000000000000000000000000000000000000000000000000000000000"], "8358d711a0329d38becd54fba7c283ed3e089a39c91b6a9d10efb02bc3f12f06"], 5 | [["5c7a8f73adfc70fb3f139449ac6b57074c4d6e66b164939daffa2ef6ee692108", "1add86b3f2e1bda62a5d2e0e982b77e6b0ef9ca3f24988c7b3534201cfb1cd0d"], "db2675ff3ef8fe30c4d5de61cac02a8ef1a08523be92394b79d26726303be603"], 6 | [["bd69b82532b6940ff2590f679ba9c7271fe01f7e9c8e36d6a5e29d4e30a73514", "bc50984255d6afbe9ef92848ed5ac00862c2fa7b2fecbcb64b6968912a63810e"], "f5121d1e1d5cfe8da896ac0f9c183d760031f6ef8c7a41e65eb007cddc1d143d"], 7 | [["3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d", "05a745f45d7ff6db10bc67fdf0f03ebf8130ab33362697b0e4e4c763ccb8f636"], "a416a5e7135136a05056900058fa50bf186ad73390ace6323d8d81aa8adbd411"], 8 | [["495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c", "3d0ad3361fec097790d9be0e42988d7d25c9a138f49b1a537edcf04be34a9811"], "1abaf306fed05fa892848c49f6ba104163433f3f633108a13bc15b2a1d55d40c"], 9 | [["a4af9db6d27b5072835f0c3e88395ed7a41b0052ad8084a8b9da948d320dad16", "4d5431e6437d0b5bedbbcdaf345b86c4121fc00fe7f235734276d38d47f1e111"], "04a18aeb593f790b76a399b7c1528acdede93b3b2c496bd71bd587cbd7cfdf35"], 10 | [["dd0c7a1d811c7d9cd46d377b3fdeab3fb679f3dc601d008285edcbdae69ce83c", "19e4aac0359017ec85a183d22053db33f73476f21a482ec9378365c8f7393c14"], "1103ccdc00d0f35f658314116bc2bcd94374a91ff9877e70663329042bd2f61f"], 11 | [["e2885315eb4671098b79535e790fe53e29fef2b3766697ac32b4f473f468a008", "e62389fc1657e0def0b632c6ae25f9f783b27db59a4a153d882d2b2103596515"], "f8f8c65f437c45beac11eb7d9e47586d879afd6f930435be0c01d19c895b8d10"], 12 | [["eb9494c6d227e2163b4699d991f433bf9486a7afcf4a0d9c731e985d99589c0b", "b738e8aa0a1526a5bdef613120372e831a20da8aba18d1dbebbc862ded42431e"], "5aeb489621b02e8e6927b94fd29a610183df7f4287e9cbf1ccc881d7d0b73827"], 13 | [["91476930e3385cd3e3379e3853d93467e001afa2fb8dc3436d75a4a6f2657210", "4b192232ecb9f0c02411e52596bc5e90457e745939ffedbd12863ce71a02af11"], "b0144720f5f2a25d492a504ec0737f097ed852174f55f5863091306c1af20035"], 14 | [["7b417adb63b37122a5bf62d26f1e7f268fb86b12b56da9c382857deecc40a90d", "5e29353971b34994b621b0b261aeb3786dd984d567db2857b927b7fae2db5831"], "bbbeb742d6e7c01adbf4d3855e35fec462043089c18ba80290647bb0e581ad11"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_sinsemilla.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_sinsemilla.py"], 3 | ["domain, msg, point, hash"], 4 | ["7a2e636173683a746573742d53696e73656d696c6c61", [0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0], "9854aa384363b5708e06b419b643586839653fba5a782d2db14ced13c19a83ab", "9854aa384363b5708e06b419b643586839653fba5a782d2db14ced13c19a832b"], 5 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "0101000100000100010000000001000100000100010101000000000101000001000100010001010100000001000101010001000100010101000101010101010100010000010101000101010100000100010000000000010001000001010001000000000101000100010001010001000000010100000001010001", "ed5b988e4e98171f618feeb123e5cd0dc2d36711c506d5be115cfe388f03c480", "ed5b988e4e98171f618feeb123e5cd0dc2d36711c506d5be115cfe388f03c400"], 6 | ["7a2e636173683a746573742d53696e73656d696c6c61", "010001010001000100010001010101010101000100010100010001000100010000010001010000000101000100000101010101000101000001000000010100000000010000010100000100000100010100010100000101010101000000010000010000", "d95ee58fbdaa6f3de5e4fd7afc35fa9dcfe82ad19306b07e6cda0c30e5983407", "d95ee58fbdaa6f3de5e4fd7afc35fa9dcfe82ad19306b07e6cda0c30e5983407"], 7 | ["7a2e636173683a746573742d53696e73656d696c6c61", "00000101000000010000010001010101000001000100000001010000010101010001000001000001010000000001010000010000000100000100010100010001000101010100000100000101010101000101000101000001010101010100000001000100000101000101010100000101000001000001010100000000000100000001000100010101010001000001000000000000010101010001010000000001010100010101010100010101000100000100000100000000010000000001010100010001000000010100000100000001010000", "6a924b41398429910a78832b61192a0b6740d62777eb71545032eb6ce93ec9b8", "6a924b41398429910a78832b61192a0b6740d62777eb71545032eb6ce93ec938"], 8 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "00010101010101010100000000010001000001000100010101000101010001000100000101000001000000000101010001000000000000010000000000", "dc5ff05b6f18b076b6128237a759edc7c8778c70222c79b734037b69393abfbe", "dc5ff05b6f18b076b6128237a759edc7c8778c70222c79b734037b69393abf3e"], 9 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0101000001010001000001010000010100010001010100010100010100010101010101000000010000010100000001000000010101000000000100000101010101000000010000010101010001010100000001000001000001010001000101010100010100000001010101010100000001000001010101000001010001010100010101010000010001010101000000010001010100010100010101010101010101000100000100010001000101000000010000000001000000010000000101000001000101000101010001010100000101", "c76c8d7c4355041bd7a7c99b548644196f419456207537c282858a9b192d07bb", "c76c8d7c4355041bd7a7c99b548644196f419456207537c282858a9b192d073b"], 10 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "00000100000101000001010001010001010101000000010100010100010001000101010100000000000101010001000001010100010100000101000101010000010000010101000001000000010000010001010001010101010001010000000000000000", "1ae825eb42d74e1bca7ee8a1f8f3ded801ffcd1f22ba75c34bd6e06a2c7c5aa0", "1ae825eb42d74e1bca7ee8a1f8f3ded801ffcd1f22ba75c34bd6e06a2c7c5a20"], 11 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "010100010101000001000000010100000101010000010001010101000101010000010100010101010100010101010100010100010101000100010000010001010101010001010001010000000100010100000001000000000100000100000000010000000000010101000000010100000000010000010101000100000101000000010000010000000000010000010101000001000000010000000100000000010001000100000000010100000001010101", "38cfa600afd8670e1f9a79cb22425fa950cc4d3a3f5afe3976d71bb111460c2b", "38cfa600afd8670e1f9a79cb22425fa950cc4d3a3f5afe3976d71bb111460c2b"], 12 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0000010001000100000101000101010101000001010001000101010000000001000001010000000001010101010101010000010001000000000100010101010101000101010100010001000000", "826fcbedfc83b9faa5711aab59bfc91bd445581467725dde941d58e626566615", "826fcbedfc83b9faa5711aab59bfc91bd445581467725dde941d58e626566615"], 13 | ["7a2e636173683a746573742d53696e73656d696c6c61", "01010100010001000101010100010001000100010001000101010000010000010000010100010000000100010100010000000000000101010100000101010000010001000100000000000000000001000101000100010101000001010001000000010101000001010000010001000000010100", "0bf06ce81005b81a14809fa6ebcb94e2b6375f87ce51958c9498ed1a313c6a94", "0bf06ce81005b81a14809fa6ebcb94e2b6375f87ce51958c9498ed1a313c6a14"], 14 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0100010101000100", "806acc247ac9ba90d25f583dadb5e0ee5c03e1ab3570b362b4be5a8bceb60b00", "806acc247ac9ba90d25f583dadb5e0ee5c03e1ab3570b362b4be5a8bceb60b00"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/json/orchard_zip32.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_zip32.py"], 3 | ["sk, c, xsk, fp"], 4 | ["7eee3c1017870990a3dd6891b82f80be8976c1e7dc20d60817a5e88e8b2cd4b8", "ab8b7a00509ef20e469b5292b61d474b7cffcb1657924cda720250ae40526677", "000000000000000000ab8b7a00509ef20e469b5292b61d474b7cffcb1657924cda720250ae405266777eee3c1017870990a3dd6891b82f80be8976c1e7dc20d60817a5e88e8b2cd4b8", "ff4cda5002c8d182058807b84e616b6d339e1bbeecea01650568d891a438e706"], 5 | ["98d703fcb40504c95b3b6ed10ecd50082cff97dfd1dd9aa0913c78f977c962af", "6a041dfb9cfebee97cb1854fdc481cc04f02c9577aa6f13b2c445b80a9669a22", "01ff4cda50010000806a041dfb9cfebee97cb1854fdc481cc04f02c9577aa6f13b2c445b80a9669a2298d703fcb40504c95b3b6ed10ecd50082cff97dfd1dd9aa0913c78f977c962af", "32bbdc921d066f235dc93e913b8fe1fd5b9f7f6a13d56f18ec0d3620d1f7b9a6"], 6 | ["99afd8894baad58784d0ec08f5148ee2c2a17b2b294b08ef9e0a0cf14bcc0920", "6da8b57a36c77ad6412a9dc0115f12aced0ee01c402a0cf0a507cb17fc7bbd1d", "0232bbdc92020000806da8b57a36c77ad6412a9dc0115f12aced0ee01c402a0cf0a507cb17fc7bbd1d99afd8894baad58784d0ec08f5148ee2c2a17b2b294b08ef9e0a0cf14bcc0920", "36a57c4fc5b8b4a3d62f22a5500878f393856b7ecce771ad597ca964b98637d9"], 7 | ["96439ea348a4b2ce4ec7beb4543c70274c8f76495d60c5fa5f018b68f3c32367", "b196e9b5809d76577a8944c3f8c8a83f93f0c8f5ace6e7bc9ce4396c034d93fe", "0336a57c4f03000080b196e9b5809d76577a8944c3f8c8a83f93f0c8f5ace6e7bc9ce4396c034d93fe96439ea348a4b2ce4ec7beb4543c70274c8f76495d60c5fa5f018b68f3c32367", "be1a1b661d2ca319822a32550d6dc488b6571e0cd781d5078b8f7ba366ddd368"] 8 | ] 9 | -------------------------------------------------------------------------------- /test-vectors/json/sapling_generators.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_generators.py"], 3 | ["skb, pkb, npb, wprb, vcvb, vcrb, pb0, pb1, pb2, pb3"], 4 | ["30b5f2aaad325630bcdddbce4d67656d05fd1cc2d037bb5375b6e96d9e01a1d7", "e7e85de0f7f97a46d249a1f5ea51df50cc48490f8401c9de7a2adf1807d1b6d4", "65002bc736faf7a3422effffe8b855e18fba96a0158a9efca584bf40549d36e1", "ac776c796563fcd44cc49cfaea8bb796952c266e47779d94574c10ad01754b11", "d7c86706f5817aa718cd1cfad03233bcd64a7789fd9422d3b17af6823a7e6ac6", "8b6a0b38b9faae3c3b803b47b0f146ad50ab221e6e2afbe6dbde45cba9d381ed", "ca3c2432d4abbf7732464ec08b2e47f95edc7e836b16c979571b52d3a2879ea8", "9118bf4e3cc50d7be8d3fa98ebbe3a1f25d901c0421189f733fe435b7f8c5d01", "57d493972c50ed8098b484177f2ab28b53e88c8e6ca400e09eee4ed200152eb6", "e97035a3ec4b7184856a1fa1a1af0351b747d9d8cb0a0791d8ca564b0ce47e2f"] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/json/sapling_signatures.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_signatures.py"], 3 | ["sk, vk, alpha, rsk, rvk, m, sig, rsig"], 4 | ["18e28dea5c11817aeeb21a19981d28368ec438afc25a8db94ebe08d7a0288e09", "9b0153b03d320fe23e2834d5d61dbb1f519b3f41f8f946152bf0c3f247d11807", "ffd1a1273252b187f4ed326dfc98853e2917c2b36379b175da63b9ef6dda6c08", "6087383b30559b31609085b9009645ceb6a0c6612599d72880728e61244e7d03", "c1babcb6eae2b994ee6d65c10b9dad5940dc735b07504daed1e46b0709b45136", "0000000000000000000000000000000000000000000000000000000000000000", "eaa057476b4ab482288b93df8fe0c5ce9d788367f2be551b7f7a82a6db360468deb9a7b7afaadfeca6f481193dc6575747f60a1a8a48ff0ad70cf8cb8d528e08", "d56f0d91af424e1f1c7fb86ba4eed143cc16660c5fe8d7dc0d284bcf65a089e98b561f9f201a633d700cd3981e8cac07b5a87efa6186062dd8e5d6325e7b8202"], 5 | ["059654f961273dafda3b2677b35c18af6b11adfb9ee90b48935e557c8d5d9c04", "faf6c3b737e8e611aafea52f03bb2786e18353ebe0d3139e3c54498780c8c199", "c30b96208da800e10af02542ce694b7ed76a28299f85998e5d610812681bf003", "c8a1ea19efcf3d90e52b4cb981c6632d437cd5243e6fa5d6f0bf5d8ef5788c08", "d524dce7734069758a91f007a869505dfc4aba1720594d4d74f007700e62ee00", "0101010101010101010101010101010101010101010101010101010101010101", "22355494a8316ab13473f55e6266b2fb4197315eac62f82cc73dcaca199090f15be198ce7d3f9fc8fff550e10881ec49ff27369e7d4fd9640153492a0a062508", "f4b894ba84ce1ec38a63152fc409f947d61abb1f4891636bc3ee19ef6d4b30c0fd22866b84ffbc7e2a78c43f5783d2d2ead0785955037443c2f4d52f785eee07"], 6 | ["ade7abb551c79d0f0e42ef7f1206b87712a84a61dea3f37b42496d7efd12520c", "369ea751762f839d25701a5eeb551ec4f06c1290b3b9c3a724402dec02739221", "81922529a63ee743fc4fbbac45c4988316bc9b6e428b01a8d31fc1c2a6ca6205", "774dda0799f7ed828781e25fc4a9e8542829b2ce1ff48d1d6db9fadbb9283703", "0d92ad6d46edacd023d4d2ef703a6ca0a792cfc4b7da11c2353bc845a27a974d", "0202020202020202020202020202020202020202020202020202020202020202", "dd6521014dff706e3a38527a86b6c16e941480e733eff79ebe0c430379d757049db790cd5e14447c386f5fcb419f27c4413f3588fa2142d2cfbaed082cc6db07", "d89445cb9bd1033569231dd628aa628109fe93502bf22f9a5f37b14e517f9a2054aee3c81b60b3f0551e32f7935abc2f37b99ab3ec996802efd65069e1281208"], 7 | ["c9d2ae1f6d32a675d09eb0823f467fa921b3284acb35fabdfc994de549b8590d", "2d2f316e5c369ae4dd2c825f3d86460058407184603b212cf3459f36c8697fd8", "ebbc89031107c44f47889ed4d4375a4114cf8a75dd33b962f2d759d3f4c6df06", "fd62414c1f2bd3f49416878a805d714435477fbea72e4c1a46c2735354cabb05", "f0430e953be60bf438dbdcc2303f0e32a6f7ce2fbedfb13ac518f75a3fd10eb5", "0303030303030303030303030303030303030303030303030303030303030303", "7279a75c013675b32984e5c73a9891ebf0b229b16e6235ba36dfa1b5a10c5e44578191897c06b8524a2674aa7a0c8c235f52d33ac92c7056b2be953c3faa3d07", "aad4828cb342cf09b00e302cbbe7cc3e95fe1ff828748e5f5bc69cbfde6e2722d76435687e850cd307a9c182ec10e6881dd65eedc11fa7b46de3a71959cec002"], 8 | ["33bcd2864541b8bb7fdc77a19d970f924eaeecf4103c38c8d2b0668142f27d09", "741794e62cf9320c58bac594a2b90e340a6d8a68056f6ed5c7868c5ff3e4d616", "7ce725a5fef61bd4a1e9c77328e8210eb7292d954c64e99e8bedd07ab3ab0e0d", "f8760155e5293dbf9eb57748325fc9f9049de5885c65ba60b5ee03970be90e08", "6662ba09950accd2cea3c7a81290cd5978a62b5ac5bbc48d9f5819cdc9646f0a", "0404040404040404040404040404040404040404040404040404040404040404", "5123b31f84af0c355e13e78a64d7a3cdfd6bdffdc73338d9317f734391a55ae6258f6980b9c7d190cfa36581a9a47a863fd3bf7659422295b75fd122c3dd8a05", "5bae254fbded607a5c48b53029f59ba706324879aa18d9c47319004be02cece0b8bb024a7aabaa0a640f3a54dcdaf21131469a5006be2781a567ffa6503a3503"], 9 | ["ca3506d6af7767b5790ef0c5190fb3f3877c4aab40e0dd651abbdacb544ed005", "bab6cfb5c8ea3491251b46d52aca25d9e9af69faa9b4e40b03ad0086de59b51f", "bea387203f43760ad37d61de0eb59fca6cab7560df64fabb9511579f6f682606", "88d98df6eebaddbf4c8c51a428c452bef427c00b2045d821b0cc316bc4b6f60b", "11267d14d5e0b2bb3ce099e8ef8449471cbcfc6939a4b348dea2c17356a1e8dd", "0505050505050505050505050505050505050505050505050505050505050505", "dc18c88d964442406d650aa2ffbd83d113bf6a19da78f2665b294fa5fa450b9281a07e320c1aa31d32449e00c5c32db2f413df0b63d0728fa40941a8da024f01", "59e2e818766c50fc8f3840b272af9ad94756c8413295fc795fafbcc0718e6c08169a00d58302772a282843e888d981fa04795d014cf9c8cdb907ff1b430d9200"], 10 | ["bc27838de2a614cfba6c3e922a8f8424d9856f6816f3bc6102313b7faf5c3a0c", "d79be9ff229a2e35f5bca448e5eb4a8aa97fb418029125cfbaa78a91a382b094", "21a7150e194fedfef90c5d10e420858bca4004040eb681d14e75c4471351cb02", "26a2a1c49ce76afd3169d3d57a8fa109a38b3f6b236ed72ca8f6cb61d8f88700", "54bf1be72e6d41208b8aec1161d3ba59519fb93da01a55e678e27520066036c9", "0606060606060606060606060606060606060606060606060606060606060606", "9af6f2800f4b80f793be648a439f86e57da1b919999e41910999d42ed0f3896db76e06388b272c99858b5504d02ec6b4d525b8713810505f4fc031083a14bf09", "3f7d5071b87617490571a8be91749e69f6bcba5ab626e42ff92d0d7dab73f30361e5a224998e1f5ea1e5f8689a06a27748bf741963ef513322f4a1ba99aa3603"], 11 | ["b20859b88ee3338a64954f8a9e8e9bf3e7115acf7c6e7f01432c5f7696d2d005", "a81fe6846dbe0a75c0f49b213232beadd1f9a564673d25b91ee0f17ce9caa363", "44d908e1c15e6bd9380a8b235ace02fac1c08794454bcdb4a6f48cea78a74a04", "f6e1619950429f639d9fdaadf85c9eeda9d2e163c2b94cb6e920ec600f7a1b0a", "0b68d50f913cd1b78b59921e1656d576b0eb171ed3870d39fec69441b34b2538", "0707070707070707070707070707070707070707070707070707070707070707", "6459676a941634ecb61e59b79a98abe5876f356f728aa09e0cca9efe05761a3309aa88b2fa0ee2d04c1c46e9f2a048d59d5565afa6c3f15bce708daaab7b340e", "c96684ec7ea60bde878822ddcaf6b8b0bd31985154df9ad4f6907df8fed95c1d84fe67e67875a539550eb2514f193b8ed457256c8d30281d6f8bb9544924ca0c"], 12 | ["3216ae47e9f53e8a52796f24b62460776bd5f205a78e1595bc8efedc519d360b", "df74bf047961cc5cdac82890c76ec675bd4e89ead280c952d7c33eeaf2b5a66b", "c961f2dd93682adb93f5c05a73fdbc6d43c70e1b15e8d53e3f17a82494e3f209", "444ba94e1e50d294635e68b29501b53eae61cd1fbb3b84cd52f6729cfbcbab06", "0afbe406a891c3b8c310c215bc68a913de7cda06af29420056468d0c08855b28", "0808080808080808080808080808080808080808080808080808080808080808", "24932c1faa0163ca9a7fcde4761129d2e5e99cf5efa25d2704588e1c75677b5eebe455048d7ce1b0d2012753f71b2725012ee18549287318f9cd73f07f0fb502", "f7fa26ca22f386c43c191a0b3ea6577e8eeaa3f36b9bd1a3ac3df6f883a3ffdb31320bde627ff46fc2264a3263b9ab67123ba5e1084320d910b394ef8c65ba09"], 13 | ["85836f9832b28de7c63613e2a6ed36fb1ab44fb0c13fa8798cd9cd3030d45503", "bfd5bc00c7c022aa8901ae083c12d54b82f0ddff8ed6db9a12d59a5ef6a5a2e0", "a2e8b9e16d6ff3ca6c53d4e88abbb99be7af7e3659631f1eae1eff23874d8e0c", "703f32a34113eae1b0791ffe9d8888f001299ae519686091914899efcc6c6601", "eb9297036cf517e15e9efe3975328db48ee7c2694e946db25f528788f6a1db14", "0909090909090909090909090909090909090909090909090909090909090909", "64abd125bfc4c654faf2b6dd753ec690224dbcab8cd632dd593c91ce3ab0bcadca927634021c31476c78c5ac7cccabbd6f927df205eaa707cc00d47d39f3e40c", "eb7a065d75f845dc0941b709c0b149eafd805ea58f380b92b9d3108a561bda1785df8f101e0e140fcaee99b7dbb7dfbf7e61f3a12f46095069e06e8896a9e404"] 14 | ] 15 | -------------------------------------------------------------------------------- /test-vectors/json/zip_0032_arbitrary.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_arbitrary.py"], 3 | ["context_string, seed, ikm, path, sk, c"], 4 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "125a63617368207465737420766563746f727320000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", [], "e9da8806409dc3c3ebd1fc2a71c879c13dd7aa93ede803bf1a83414b9d3b158a", "65a748f2905f7a8aab9f3d02f1b26c3d65c82994ce59a086d4c651d8a81cec51"], 5 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649], "e8409aaa832cc2378f2badeb77150562153742fee876dcf4783a6ccd119da66a", "cc084922a0ead2da5338bd82200a1946bc8585b8d9ee416df6a09a71ab0e5b58"], 6 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649, 2147483650], "464f90a364cff805fee93a85b72f4894ce4e1358dcdc1e61a3d430301c60910e", "f9d2544a5528ae6bd9f036f42f9f05d83dff507aeb2a8141af11d9f167e221ae"], 7 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483649, 2147483650, 2147483651], "fc4b6e93b0e42f7a762ca0c6522ccd1045cab506b372452af7306c87389ab62c", "e89bf2ed73f5e0887542e36793fac82c508ab5d99198578227b241fbac198429"], 8 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483680], "c430c4defd03d7578b2bb09e58135cdd1d7b7c975f01a890847ee0b5c468bc98", "0f473789fe7d5585b79ad5f7e0a469d9a30146647764485150db78d7209dcb30"], 9 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483680, 2147483781], "43e5484679fdfa0f6176ae86795d0d44c40e149ef4ba1b0e2ebd883c71f49187", "db42c3b725f32459b2cf8215418b8e8f8e7b1b3f4aba2f5b5e8129e6f0575784"], 10 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", null, [2147483680, 2147483781, 2147483648], "bf60078362a09234fcbc6bf6c8a87bde9fc73776bf93f37adbcc439a85574a9a", "2b657e08f67a570c53b9ed30611e6a2f822662b4887a8cfb469e9d0d9817011a"] 11 | ] 12 | -------------------------------------------------------------------------------- /test-vectors/json/zip_0032_registered.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_registered.py"], 3 | ["context_string, seed, zip_number, subpath, sk, c, full_width"], 4 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 1, [], "53a71507e6dfda588bc1e138c2657c9269e55f5d9b99e3887c134008193a2f47", "08bb26aae21d4efdc3249b9557fcd9131e8b9827241d9f61d0d774bb4fed3de6", null], 5 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 1, [[2147483650, "7472616e7320726967687473206172652068756d616e20726967687473"]], "02dc25cc40310eed08b028e07fae9adbee2fbe56a4694def0401e656dfae0211", "d8f9d8a1f81d1b5d5506b5ff942d2ff3dae7a63f57d6b8c7fbe58149823cc6ec", "255d75b5f97dd880a14460ab0a28938e7ba497ceb1457fff2992e9015a8403f8c08112b7a94cf539c21c9da7ee99897be9476b6813532ee22c8947d753b72bdf"], 6 | ["5a63617368207465737420766563746f7273", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 1, [[2147483650, "7472616e7320726967687473206172652068756d616e20726967687473"], [2147483651, ""]], "a127db66628b256e5b664d54050c1e6b028963aea22b04d1bc6f48123674ed82", "340084033605edca11463ffec56bf0cac425c410e953628671cec6a6514c32a8", "7f853eef001b1bc5a1a5e67f5dfd0e90427596d4842f5b10a111e97c4073203cedf6b80a85145e5061acd29bc5a4e349b14f8557a7033e23b066b7ce2409d973"] 7 | ] 8 | -------------------------------------------------------------------------------- /test-vectors/json/zip_0316.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0316.py"], 3 | ["c, pk, external_ovk, internal_ovk"], 4 | ["5d7a8f739a2d9e945b0ce152a8049e294c4d6e66b164939daffa2ef6ee692148", "0216884f1dbc929089a4176e840bb581c80e16e9b1abd654e62c8b0b957020b748", "dce7fb7f20eb7764d5124fbd23c4d7ca8c3219ec1db3ff1e081350ad039b4079", "4d46c714eddad94a40ac21286aff327d7ebf119e8685109b44e80283d8c8a400"], 5 | ["bf69b8250c18ef41294ca97993db546c1fe01f7e9c8e36d6a5e29d4e30a73594", "037273b657d971a45e72240c7aaaa7d0685d06d7999b0a19c4cea32788a6ab513d", "8d31537b388f4023e648708bfbde2ba1ff1a4ee112ea670ad16744f4583e9552", "16774900769d9c03be063245cf1c2244a92e4851015473613fbf38d242d754f6"], 6 | ["3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d", "03ec05bb7f065e256ff454f8a8df6f2f9b8a8c9508caacfee9521cbe689dd1120f", "db97520e2fe368ad502deff842f0c0ee5d203b48337a0fff75be24525977f37e", "bc4acb5f52b8ae21e332b17c29631f68e9682a46c4a7abc8edf90d37aeead36c"], 7 | ["495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c", "02818f50ce4710f4eb11e743e6408544aa3c123c7f07e2aabb91afc4ec48788de9", "b8a36d62a63f69367be3f4bed420264adb637bbb470e1f56e0338b38e2a69097", "4ff6faf206631ecb01f95730f7e55bfcff8b02a314885a6d248e6ebeb74d3e50"], 8 | ["a7af9db6990ed83dd64af3597c04323ea51b0052ad8084a8b9da948d320dadd6", "02ae36b61a3d10f1aa752ab1dc16e3e49b6ac0d2ae1907d2e69425ec12c93aaebc", "da6f470f425b3d27f4286ef03b7e87017c20a710b3ffb9c1b66c716092e3d9bc", "09b54f75cb7032671dc68aaa07305f38cdbc879ee15bec04713c24dce3ca7026"], 9 | ["e00c7a1d48af046827591e9733a97fa6b679f3dc601d008285edcbdae69ce8fc", "0249265380d2b02e0a1d988f3de3458b6e00291db0e62e174791d009299f61fec4", "60a7a08eefa24e75ccbb29dc8494672d730fb3887cb26ef51c6a1a78e88a7839", "3bab409808108ba9e5a1bb6a4224599d62ccee63ff2f38154c7fb0c9a9a5790f"], 10 | ["e2885315eb4671098b79535e790fe53e29fef2b3766697ac32b4f473f468a008", "039a0e4639b4691f027c0db7fef1bb5ef90acdb708626d2e1f3e383ee75b31cf57", "bb47872c2509bf3c72dedf4fc1770f9193e2c190d7aa8e9e881ad2f173484ef2", "5f36dfa36ca7657450294eaaddad78aff2b3dc385a57735ac00d3d9a292b8c77"], 11 | ["ed9494c6ac893c49723833ec8926c1039586a7afcf4a0d9c731e985d99589c8b", "03bbf44982f1ba3a2b9dd3c1774d71ce3360599b07f211c816b8c43b9842230924", "ede8fb11379b15aec4fa4ec5124c9500adf40eb6f7caa5e9ce80f6bd9e73d0e7", "250b4dfc34dd5776745157f382ce6de4f6fe22d79802f39fe134778b794042d3"], 12 | ["92476930d069896cff30eb414f727b89e001afa2fb8dc3436d75a4a6f2657250", "03ff63c789251c1043c6f96c66bf5b0f61c9d65fef5aaf4284a6a56994941c05fa", "b311520642710101bbc81bbe92851f9e6536223ed6e6a1285906621efae64110", "f446c0c1741c9442568e12f055efd50c1efe4d71533d976b08e994414449c4ac"], 13 | ["7d417adb3d15cc54dcb1fce467500c6b8fb86b12b56da9c382857deecc40a98d", "02bf3920ce2e9e95b0eece130a50ba7dcc6f26512a9fc7b804aff089f50cbcfff7", "ae6384f807721c5f46c8aa833b669b01c4227c0018cb2729a9799101eab85ab9", "ef708eb826d8bfcd7faa4f90df461ded08d16e191b4e51b8a3a91c020b32cc07"] 14 | ] 15 | -------------------------------------------------------------------------------- /test-vectors/json/zip_0320.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zcash_test_vectors/transparent/zip_0320.py"], 3 | ["t_addr, p2pkh_bytes, tex_addr, account, child_index"], 4 | ["t1V9mnyk5Z5cTNMCkLbaDwSskgJZucTLdgW", "7bb83570b8fae146e03c5331a020b1e0892f631d", "tex10wur2u9clts5dcpu2vc6qg93uzyj7cca2xm732", 0, 0], 5 | ["t1LZdE42PAt1wREUv1YMYRFwJDPHPW8toLL", "1d81e86791c72d292f906e7c039a729e4b1ff7fc", "tex1rkq7seu3cukjjtusde7q8xnjne93laluyvdxu7", 0, 1], 6 | ["t1M5AgJw56FNFRBNGtzAGX4AHfQh7ZCxd4w", "231839e305c0a02ed681406faf222585f6623904", "tex1yvvrncc9czsza45pgph67g39shmxywgyvsypwn", 0, 2], 7 | ["t1bh6KjXccz6Ed45vFc3GeqoxWbwPxe8w2n", "c3755398b8b77f633fca7ccbda900831478979c9", "tex1cd648x9ckalkx0720n9a4yqgx9rcj7wfvjcq63", 1, 0], 8 | ["t1WvCtHojWHSHBdDtCFgorUN1TzUFV8sCth", "8f17950e22b08886ac4832e22e24f2e8f3cb6b21", "tex13ute2r3zkzygdtzgxt3zuf8jareuk6ep7qd8ty", 1, 1], 9 | ["t1U2MF7f81qrXkWouT3Xt4hLDAMjC9LniTK", "6f58adaf02bb48e6b398a442a2b294589e041620", "tex1dav2mtczhdywdvuc53p29v55tz0qg93qvfjp46", 1, 2], 10 | ["t1awMYfhispKsnJPHn7jgUxNnVW1DTpTJx9", "bb2fbb540f0f7e434636680eaea2eefe375a7591", "tex1hvhmk4q0palyx33kdq82aghwlcm45av3ezlrzn", 2, 0], 11 | ["t1Kgn7v5a2rKkxC24LoXNyHRn4q4Gs3KEEF", "13e41e47448122cad13c5c7f5bd31c77639a9f99", "tex1z0jpu36ysy3v45fut3l4h5cuwa3e48uea95pc6", 2, 1], 12 | ["t1c1ixUTuStCzo19qPg89U9XFYmWDLru9mt", "c6fb64d8757e5c85b230a3358711697ae6540b44", "tex1cmakfkr40ewgtv3s5v6cwytf0tn9gz6y9j5z8e", 2, 2], 13 | ["t1WBxR5jNWgg4Cqeot3FvNkBb9ztYyjVELp", "871a089d446268aa7ac03d2a6f60ae70808f3974", "tex1sudq382yvf5257kq854x7c9wwzqg7wt5h2c24u", 3, 0], 14 | ["t1VEuDXP1QocoNaxrq4gZArTqqKCZdrwjG7", "7cb07c31b58040ac7cc12bfaaa138cfbefb38457", "tex10jc8cvd4spq2clxp90a25yuvl0hm8pzheuufxw", 3, 1], 15 | ["t1PXVM8oR6qVrVjtcnU1iNmH2CfvZyBai8u", "3e02e08b5965fce9c20ce6de6f9407674d01ba02", "tex18cpwpz6evh7wnssvum0xl9q8vaxsrwsz83vght", 3, 2], 16 | ["t1M3p1MgJCgjq4FMogS84kVvuszJbxPnpSM", "22d68debb3928da4046370d25ed2bbe8d5e985d0", "tex1yttgm6anj2x6gprrwrf9a54mar27npws73jwdy", 4, 0], 17 | ["t1aqnebXhA45WpgQHLiXTPU1Kk6rp8vVDDr", "ba2230b41fdc81714328231f40ab73feb52645a4", "tex1hg3rpdqlmjqhzsegyv05p2mnl66jv3dykth955", 4, 1], 18 | ["t1UG6FVxexmJRFXG4gvEmSF9HSTwHMFaSDT", "71f1fc6fd69370f23611536b3b64e7df1cebef69", "tex1w8clcm7kjdc0yds32d4nke88muwwhmmfunhkhd", 4, 2] 19 | ] 20 | -------------------------------------------------------------------------------- /test-vectors/rust/f4jumble_long.rs: -------------------------------------------------------------------------------- 1 | struct TestVector { 2 | length: usize, 3 | jumbled_hash: [u8; 64], 4 | } 5 | 6 | // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/f4jumble_long.py 7 | const TEST_VECTORS: &[TestVector] = &[ 8 | TestVector { 9 | length: 3246395, 10 | jumbled_hash: [ 11 | 0x3f, 0xc2, 0xec, 0xdf, 0xb6, 0x86, 0x96, 0x57, 0x1d, 0x89, 0xe8, 0xbe, 0xdd, 0xb6, 0x47, 0xe6, 0x99, 0x0b, 0x63, 0xa0, 0x17, 0x1c, 0x36, 0x44, 0x22, 0x73, 0xd6, 0x87, 0xbd, 0x99, 0x25, 0x7e, 0xc5, 0x00, 0x2e, 0xc8, 0x19, 0x78, 0x01, 0xb6, 0x21, 0x73, 0x2d, 0x6b, 0x05, 0xb8, 0xd7, 0x0f, 0x68, 0x86, 0x20, 0xa4, 0xc0, 0x88, 0x73, 0xc1, 0x2e, 0x44, 0x39, 0xa0, 0x12, 0x7d, 0xc9, 0x45 12 | ], 13 | }, 14 | TestVector { 15 | length: 4194368, 16 | jumbled_hash: [ 17 | 0xa5, 0xf1, 0x8f, 0x16, 0x3e, 0x59, 0x8d, 0x4a, 0xdb, 0x6e, 0xa7, 0x24, 0x80, 0x57, 0xe2, 0x4c, 0x1b, 0x61, 0xf2, 0x9b, 0x33, 0xb7, 0xab, 0xcd, 0xab, 0xd4, 0x20, 0xa0, 0xf2, 0xee, 0x6c, 0x3e, 0xd3, 0x13, 0x94, 0x65, 0x2f, 0x28, 0xb5, 0x9c, 0x44, 0xd3, 0xea, 0x9e, 0xcf, 0x85, 0xf4, 0xd5, 0x01, 0xe6, 0xaa, 0xc1, 0x4d, 0xf2, 0x88, 0xef, 0xd6, 0x2c, 0xf8, 0x0d, 0x18, 0x29, 0xd0, 0x25 18 | ], 19 | }, 20 | ]; 21 | -------------------------------------------------------------------------------- /test-vectors/rust/orchard_generators.rs: -------------------------------------------------------------------------------- 1 | struct TestVector { 2 | skb: [u8; 32], 3 | nkb: [u8; 32], 4 | vcvb: [u8; 32], 5 | vcrb: [u8; 32], 6 | cmb: [u8; 32], 7 | cmq: [u8; 32], 8 | ivkb: [u8; 32], 9 | ivkq: [u8; 32], 10 | mcq: [u8; 32], 11 | } 12 | 13 | // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_generators.py 14 | const TEST_VECTOR: TestVector = TestVector { 15 | skb: [ 16 | 0x63, 0xc9, 0x75, 0xb8, 0x84, 0x72, 0x1a, 0x8d, 0x0c, 0xa1, 0x70, 0x7b, 0xe3, 0x0c, 0x7f, 0x0c, 0x5f, 0x44, 0x5f, 0x3e, 0x7c, 0x18, 0x8d, 0x3b, 0x06, 0xd6, 0xf1, 0x28, 0xb3, 0x23, 0x55, 0xb7 17 | ], 18 | nkb: [ 19 | 0x75, 0xca, 0x47, 0xe4, 0xa7, 0x6a, 0x6f, 0xd3, 0x9b, 0xdb, 0xb5, 0xcc, 0x92, 0xb1, 0x7e, 0x5e, 0xcf, 0xc9, 0xf4, 0xfa, 0x71, 0x55, 0x37, 0x2e, 0x8d, 0x19, 0xa8, 0x9c, 0x16, 0xaa, 0xe7, 0x25 20 | ], 21 | vcvb: [ 22 | 0x67, 0x43, 0xf9, 0x3a, 0x6e, 0xbd, 0xa7, 0x2a, 0x8c, 0x7c, 0x5a, 0x2b, 0x7f, 0xa3, 0x04, 0xfe, 0x32, 0xb2, 0x9b, 0x4f, 0x70, 0x6a, 0xa8, 0xf7, 0x42, 0x0f, 0x3d, 0x8e, 0x7a, 0x59, 0x70, 0x2f 23 | ], 24 | vcrb: [ 25 | 0x91, 0x5a, 0x3c, 0x88, 0x68, 0xc6, 0xc3, 0x0e, 0x2f, 0x80, 0x90, 0xee, 0x45, 0xd7, 0x6e, 0x40, 0x48, 0x20, 0x8d, 0xea, 0x5b, 0x23, 0x66, 0x4f, 0xbb, 0x09, 0xa4, 0x0f, 0x55, 0x44, 0xf4, 0x07 26 | ], 27 | cmb: [ 28 | 0x13, 0x6e, 0xfc, 0x0f, 0x48, 0x2c, 0x02, 0x2c, 0x7c, 0xa4, 0x14, 0xfc, 0x5c, 0xc5, 0x9e, 0x23, 0xf2, 0x3d, 0x6f, 0x93, 0xab, 0x9f, 0x23, 0xcd, 0x33, 0x45, 0xa9, 0x28, 0xc3, 0x06, 0xb2, 0xa6 29 | ], 30 | cmq: [ 31 | 0x5d, 0x74, 0xa8, 0x40, 0x09, 0xba, 0x0e, 0x32, 0x2a, 0xdd, 0x46, 0xfd, 0x5a, 0x0f, 0x96, 0xc5, 0x5d, 0xed, 0xb0, 0x79, 0xb4, 0xf2, 0x9f, 0xf7, 0x0d, 0xcd, 0xfb, 0x56, 0xa0, 0x07, 0x80, 0x97 32 | ], 33 | ivkb: [ 34 | 0x18, 0xa1, 0xf8, 0x5f, 0x6e, 0x48, 0x23, 0x98, 0xc7, 0xed, 0x1a, 0xd3, 0xe2, 0x7f, 0x95, 0x02, 0x48, 0x89, 0x80, 0x40, 0x0a, 0x29, 0x34, 0x16, 0x4e, 0x13, 0x70, 0x50, 0xcd, 0x2c, 0xa2, 0xa5 35 | ], 36 | ivkq: [ 37 | 0xf2, 0x82, 0x0f, 0x79, 0x92, 0x2f, 0xcb, 0x6b, 0x32, 0xa2, 0x28, 0x51, 0x24, 0xcc, 0x1b, 0x42, 0xfa, 0x41, 0xa2, 0x5a, 0xb8, 0x81, 0xcc, 0x7d, 0x11, 0xc8, 0xa9, 0x4a, 0xf1, 0x0c, 0xbc, 0x05 38 | ], 39 | mcq: [ 40 | 0xa0, 0xc6, 0x29, 0x7f, 0xf9, 0xc7, 0xb9, 0xf8, 0x70, 0x10, 0x8d, 0xc0, 0x55, 0xb9, 0xbe, 0xc9, 0x99, 0x0e, 0x89, 0xef, 0x5a, 0x36, 0x0f, 0xa0, 0xb9, 0x18, 0xa8, 0x63, 0x96, 0xd2, 0x16, 0x16 41 | ], 42 | }; 43 | -------------------------------------------------------------------------------- /test-vectors/rust/orchard_zip32.rs: -------------------------------------------------------------------------------- 1 | struct TestVector { 2 | sk: [u8; 32], 3 | c: [u8; 32], 4 | xsk: [u8; 73], 5 | fp: [u8; 32], 6 | } 7 | 8 | // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_zip32.py 9 | const TEST_VECTORS: &[TestVector] = &[ 10 | TestVector { 11 | sk: [ 12 | 0x7e, 0xee, 0x3c, 0x10, 0x17, 0x87, 0x09, 0x90, 0xa3, 0xdd, 0x68, 0x91, 0xb8, 0x2f, 0x80, 0xbe, 0x89, 0x76, 0xc1, 0xe7, 0xdc, 0x20, 0xd6, 0x08, 0x17, 0xa5, 0xe8, 0x8e, 0x8b, 0x2c, 0xd4, 0xb8 13 | ], 14 | c: [ 15 | 0xab, 0x8b, 0x7a, 0x00, 0x50, 0x9e, 0xf2, 0x0e, 0x46, 0x9b, 0x52, 0x92, 0xb6, 0x1d, 0x47, 0x4b, 0x7c, 0xff, 0xcb, 0x16, 0x57, 0x92, 0x4c, 0xda, 0x72, 0x02, 0x50, 0xae, 0x40, 0x52, 0x66, 0x77 16 | ], 17 | xsk: [ 18 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xab, 0x8b, 0x7a, 0x00, 0x50, 0x9e, 0xf2, 0x0e, 0x46, 0x9b, 0x52, 0x92, 0xb6, 0x1d, 0x47, 0x4b, 0x7c, 0xff, 0xcb, 0x16, 0x57, 0x92, 0x4c, 0xda, 0x72, 0x02, 0x50, 0xae, 0x40, 0x52, 0x66, 0x77, 0x7e, 0xee, 0x3c, 0x10, 0x17, 0x87, 0x09, 0x90, 0xa3, 0xdd, 0x68, 0x91, 0xb8, 0x2f, 0x80, 0xbe, 0x89, 0x76, 0xc1, 0xe7, 0xdc, 0x20, 0xd6, 0x08, 0x17, 0xa5, 0xe8, 0x8e, 0x8b, 0x2c, 0xd4, 0xb8 19 | ], 20 | fp: [ 21 | 0xff, 0x4c, 0xda, 0x50, 0x02, 0xc8, 0xd1, 0x82, 0x05, 0x88, 0x07, 0xb8, 0x4e, 0x61, 0x6b, 0x6d, 0x33, 0x9e, 0x1b, 0xbe, 0xec, 0xea, 0x01, 0x65, 0x05, 0x68, 0xd8, 0x91, 0xa4, 0x38, 0xe7, 0x06 22 | ], 23 | }, 24 | TestVector { 25 | sk: [ 26 | 0x98, 0xd7, 0x03, 0xfc, 0xb4, 0x05, 0x04, 0xc9, 0x5b, 0x3b, 0x6e, 0xd1, 0x0e, 0xcd, 0x50, 0x08, 0x2c, 0xff, 0x97, 0xdf, 0xd1, 0xdd, 0x9a, 0xa0, 0x91, 0x3c, 0x78, 0xf9, 0x77, 0xc9, 0x62, 0xaf 27 | ], 28 | c: [ 29 | 0x6a, 0x04, 0x1d, 0xfb, 0x9c, 0xfe, 0xbe, 0xe9, 0x7c, 0xb1, 0x85, 0x4f, 0xdc, 0x48, 0x1c, 0xc0, 0x4f, 0x02, 0xc9, 0x57, 0x7a, 0xa6, 0xf1, 0x3b, 0x2c, 0x44, 0x5b, 0x80, 0xa9, 0x66, 0x9a, 0x22 30 | ], 31 | xsk: [ 32 | 0x01, 0xff, 0x4c, 0xda, 0x50, 0x01, 0x00, 0x00, 0x80, 0x6a, 0x04, 0x1d, 0xfb, 0x9c, 0xfe, 0xbe, 0xe9, 0x7c, 0xb1, 0x85, 0x4f, 0xdc, 0x48, 0x1c, 0xc0, 0x4f, 0x02, 0xc9, 0x57, 0x7a, 0xa6, 0xf1, 0x3b, 0x2c, 0x44, 0x5b, 0x80, 0xa9, 0x66, 0x9a, 0x22, 0x98, 0xd7, 0x03, 0xfc, 0xb4, 0x05, 0x04, 0xc9, 0x5b, 0x3b, 0x6e, 0xd1, 0x0e, 0xcd, 0x50, 0x08, 0x2c, 0xff, 0x97, 0xdf, 0xd1, 0xdd, 0x9a, 0xa0, 0x91, 0x3c, 0x78, 0xf9, 0x77, 0xc9, 0x62, 0xaf 33 | ], 34 | fp: [ 35 | 0x32, 0xbb, 0xdc, 0x92, 0x1d, 0x06, 0x6f, 0x23, 0x5d, 0xc9, 0x3e, 0x91, 0x3b, 0x8f, 0xe1, 0xfd, 0x5b, 0x9f, 0x7f, 0x6a, 0x13, 0xd5, 0x6f, 0x18, 0xec, 0x0d, 0x36, 0x20, 0xd1, 0xf7, 0xb9, 0xa6 36 | ], 37 | }, 38 | TestVector { 39 | sk: [ 40 | 0x99, 0xaf, 0xd8, 0x89, 0x4b, 0xaa, 0xd5, 0x87, 0x84, 0xd0, 0xec, 0x08, 0xf5, 0x14, 0x8e, 0xe2, 0xc2, 0xa1, 0x7b, 0x2b, 0x29, 0x4b, 0x08, 0xef, 0x9e, 0x0a, 0x0c, 0xf1, 0x4b, 0xcc, 0x09, 0x20 41 | ], 42 | c: [ 43 | 0x6d, 0xa8, 0xb5, 0x7a, 0x36, 0xc7, 0x7a, 0xd6, 0x41, 0x2a, 0x9d, 0xc0, 0x11, 0x5f, 0x12, 0xac, 0xed, 0x0e, 0xe0, 0x1c, 0x40, 0x2a, 0x0c, 0xf0, 0xa5, 0x07, 0xcb, 0x17, 0xfc, 0x7b, 0xbd, 0x1d 44 | ], 45 | xsk: [ 46 | 0x02, 0x32, 0xbb, 0xdc, 0x92, 0x02, 0x00, 0x00, 0x80, 0x6d, 0xa8, 0xb5, 0x7a, 0x36, 0xc7, 0x7a, 0xd6, 0x41, 0x2a, 0x9d, 0xc0, 0x11, 0x5f, 0x12, 0xac, 0xed, 0x0e, 0xe0, 0x1c, 0x40, 0x2a, 0x0c, 0xf0, 0xa5, 0x07, 0xcb, 0x17, 0xfc, 0x7b, 0xbd, 0x1d, 0x99, 0xaf, 0xd8, 0x89, 0x4b, 0xaa, 0xd5, 0x87, 0x84, 0xd0, 0xec, 0x08, 0xf5, 0x14, 0x8e, 0xe2, 0xc2, 0xa1, 0x7b, 0x2b, 0x29, 0x4b, 0x08, 0xef, 0x9e, 0x0a, 0x0c, 0xf1, 0x4b, 0xcc, 0x09, 0x20 47 | ], 48 | fp: [ 49 | 0x36, 0xa5, 0x7c, 0x4f, 0xc5, 0xb8, 0xb4, 0xa3, 0xd6, 0x2f, 0x22, 0xa5, 0x50, 0x08, 0x78, 0xf3, 0x93, 0x85, 0x6b, 0x7e, 0xcc, 0xe7, 0x71, 0xad, 0x59, 0x7c, 0xa9, 0x64, 0xb9, 0x86, 0x37, 0xd9 50 | ], 51 | }, 52 | TestVector { 53 | sk: [ 54 | 0x96, 0x43, 0x9e, 0xa3, 0x48, 0xa4, 0xb2, 0xce, 0x4e, 0xc7, 0xbe, 0xb4, 0x54, 0x3c, 0x70, 0x27, 0x4c, 0x8f, 0x76, 0x49, 0x5d, 0x60, 0xc5, 0xfa, 0x5f, 0x01, 0x8b, 0x68, 0xf3, 0xc3, 0x23, 0x67 55 | ], 56 | c: [ 57 | 0xb1, 0x96, 0xe9, 0xb5, 0x80, 0x9d, 0x76, 0x57, 0x7a, 0x89, 0x44, 0xc3, 0xf8, 0xc8, 0xa8, 0x3f, 0x93, 0xf0, 0xc8, 0xf5, 0xac, 0xe6, 0xe7, 0xbc, 0x9c, 0xe4, 0x39, 0x6c, 0x03, 0x4d, 0x93, 0xfe 58 | ], 59 | xsk: [ 60 | 0x03, 0x36, 0xa5, 0x7c, 0x4f, 0x03, 0x00, 0x00, 0x80, 0xb1, 0x96, 0xe9, 0xb5, 0x80, 0x9d, 0x76, 0x57, 0x7a, 0x89, 0x44, 0xc3, 0xf8, 0xc8, 0xa8, 0x3f, 0x93, 0xf0, 0xc8, 0xf5, 0xac, 0xe6, 0xe7, 0xbc, 0x9c, 0xe4, 0x39, 0x6c, 0x03, 0x4d, 0x93, 0xfe, 0x96, 0x43, 0x9e, 0xa3, 0x48, 0xa4, 0xb2, 0xce, 0x4e, 0xc7, 0xbe, 0xb4, 0x54, 0x3c, 0x70, 0x27, 0x4c, 0x8f, 0x76, 0x49, 0x5d, 0x60, 0xc5, 0xfa, 0x5f, 0x01, 0x8b, 0x68, 0xf3, 0xc3, 0x23, 0x67 61 | ], 62 | fp: [ 63 | 0xbe, 0x1a, 0x1b, 0x66, 0x1d, 0x2c, 0xa3, 0x19, 0x82, 0x2a, 0x32, 0x55, 0x0d, 0x6d, 0xc4, 0x88, 0xb6, 0x57, 0x1e, 0x0c, 0xd7, 0x81, 0xd5, 0x07, 0x8b, 0x8f, 0x7b, 0xa3, 0x66, 0xdd, 0xd3, 0x68 64 | ], 65 | }, 66 | ]; 67 | -------------------------------------------------------------------------------- /test-vectors/rust/sapling_generators.rs: -------------------------------------------------------------------------------- 1 | struct TestVector { 2 | skb: [u8; 32], 3 | pkb: [u8; 32], 4 | npb: [u8; 32], 5 | wprb: [u8; 32], 6 | vcvb: [u8; 32], 7 | vcrb: [u8; 32], 8 | pb0: [u8; 32], 9 | pb1: [u8; 32], 10 | pb2: [u8; 32], 11 | pb3: [u8; 32], 12 | } 13 | 14 | // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_generators.py 15 | const TEST_VECTOR: TestVector = TestVector { 16 | skb: [ 17 | 0x30, 0xb5, 0xf2, 0xaa, 0xad, 0x32, 0x56, 0x30, 0xbc, 0xdd, 0xdb, 0xce, 0x4d, 0x67, 0x65, 0x6d, 0x05, 0xfd, 0x1c, 0xc2, 0xd0, 0x37, 0xbb, 0x53, 0x75, 0xb6, 0xe9, 0x6d, 0x9e, 0x01, 0xa1, 0xd7 18 | ], 19 | pkb: [ 20 | 0xe7, 0xe8, 0x5d, 0xe0, 0xf7, 0xf9, 0x7a, 0x46, 0xd2, 0x49, 0xa1, 0xf5, 0xea, 0x51, 0xdf, 0x50, 0xcc, 0x48, 0x49, 0x0f, 0x84, 0x01, 0xc9, 0xde, 0x7a, 0x2a, 0xdf, 0x18, 0x07, 0xd1, 0xb6, 0xd4 21 | ], 22 | npb: [ 23 | 0x65, 0x00, 0x2b, 0xc7, 0x36, 0xfa, 0xf7, 0xa3, 0x42, 0x2e, 0xff, 0xff, 0xe8, 0xb8, 0x55, 0xe1, 0x8f, 0xba, 0x96, 0xa0, 0x15, 0x8a, 0x9e, 0xfc, 0xa5, 0x84, 0xbf, 0x40, 0x54, 0x9d, 0x36, 0xe1 24 | ], 25 | wprb: [ 26 | 0xac, 0x77, 0x6c, 0x79, 0x65, 0x63, 0xfc, 0xd4, 0x4c, 0xc4, 0x9c, 0xfa, 0xea, 0x8b, 0xb7, 0x96, 0x95, 0x2c, 0x26, 0x6e, 0x47, 0x77, 0x9d, 0x94, 0x57, 0x4c, 0x10, 0xad, 0x01, 0x75, 0x4b, 0x11 27 | ], 28 | vcvb: [ 29 | 0xd7, 0xc8, 0x67, 0x06, 0xf5, 0x81, 0x7a, 0xa7, 0x18, 0xcd, 0x1c, 0xfa, 0xd0, 0x32, 0x33, 0xbc, 0xd6, 0x4a, 0x77, 0x89, 0xfd, 0x94, 0x22, 0xd3, 0xb1, 0x7a, 0xf6, 0x82, 0x3a, 0x7e, 0x6a, 0xc6 30 | ], 31 | vcrb: [ 32 | 0x8b, 0x6a, 0x0b, 0x38, 0xb9, 0xfa, 0xae, 0x3c, 0x3b, 0x80, 0x3b, 0x47, 0xb0, 0xf1, 0x46, 0xad, 0x50, 0xab, 0x22, 0x1e, 0x6e, 0x2a, 0xfb, 0xe6, 0xdb, 0xde, 0x45, 0xcb, 0xa9, 0xd3, 0x81, 0xed 33 | ], 34 | pb0: [ 35 | 0xca, 0x3c, 0x24, 0x32, 0xd4, 0xab, 0xbf, 0x77, 0x32, 0x46, 0x4e, 0xc0, 0x8b, 0x2e, 0x47, 0xf9, 0x5e, 0xdc, 0x7e, 0x83, 0x6b, 0x16, 0xc9, 0x79, 0x57, 0x1b, 0x52, 0xd3, 0xa2, 0x87, 0x9e, 0xa8 36 | ], 37 | pb1: [ 38 | 0x91, 0x18, 0xbf, 0x4e, 0x3c, 0xc5, 0x0d, 0x7b, 0xe8, 0xd3, 0xfa, 0x98, 0xeb, 0xbe, 0x3a, 0x1f, 0x25, 0xd9, 0x01, 0xc0, 0x42, 0x11, 0x89, 0xf7, 0x33, 0xfe, 0x43, 0x5b, 0x7f, 0x8c, 0x5d, 0x01 39 | ], 40 | pb2: [ 41 | 0x57, 0xd4, 0x93, 0x97, 0x2c, 0x50, 0xed, 0x80, 0x98, 0xb4, 0x84, 0x17, 0x7f, 0x2a, 0xb2, 0x8b, 0x53, 0xe8, 0x8c, 0x8e, 0x6c, 0xa4, 0x00, 0xe0, 0x9e, 0xee, 0x4e, 0xd2, 0x00, 0x15, 0x2e, 0xb6 42 | ], 43 | pb3: [ 44 | 0xe9, 0x70, 0x35, 0xa3, 0xec, 0x4b, 0x71, 0x84, 0x85, 0x6a, 0x1f, 0xa1, 0xa1, 0xaf, 0x03, 0x51, 0xb7, 0x47, 0xd9, 0xd8, 0xcb, 0x0a, 0x07, 0x91, 0xd8, 0xca, 0x56, 0x4b, 0x0c, 0xe4, 0x7e, 0x2f 45 | ], 46 | }; 47 | -------------------------------------------------------------------------------- /test-vectors/rust/zip_0032_registered.rs: -------------------------------------------------------------------------------- 1 | struct TestVector { 2 | context_string: &'static [u8], 3 | seed: [u8; 32], 4 | zip_number: u16, 5 | subpath: &'static [(u32, &'static [u8])], 6 | sk: [u8; 32], 7 | c: [u8; 32], 8 | full_width: Option<[u8; 64]>, 9 | } 10 | 11 | // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_registered.py 12 | const TEST_VECTORS: &[TestVector] = &[ 13 | TestVector { 14 | context_string: &[ 15 | 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 16 | ], 17 | seed: [ 18 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 19 | ], 20 | zip_number: 1, 21 | subpath: &[ 22 | ], 23 | sk: [ 24 | 0x53, 0xa7, 0x15, 0x07, 0xe6, 0xdf, 0xda, 0x58, 0x8b, 0xc1, 0xe1, 0x38, 0xc2, 0x65, 0x7c, 0x92, 0x69, 0xe5, 0x5f, 0x5d, 0x9b, 0x99, 0xe3, 0x88, 0x7c, 0x13, 0x40, 0x08, 0x19, 0x3a, 0x2f, 0x47 25 | ], 26 | c: [ 27 | 0x08, 0xbb, 0x26, 0xaa, 0xe2, 0x1d, 0x4e, 0xfd, 0xc3, 0x24, 0x9b, 0x95, 0x57, 0xfc, 0xd9, 0x13, 0x1e, 0x8b, 0x98, 0x27, 0x24, 0x1d, 0x9f, 0x61, 0xd0, 0xd7, 0x74, 0xbb, 0x4f, 0xed, 0x3d, 0xe6 28 | ], 29 | full_width: None, 30 | }, 31 | TestVector { 32 | context_string: &[ 33 | 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 34 | ], 35 | seed: [ 36 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 37 | ], 38 | zip_number: 1, 39 | subpath: &[ 40 | (2147483650, &[0x74, 0x72, 0x61, 0x6e, 0x73, 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x68, 0x75, 0x6d, 0x61, 0x6e, 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73]), 41 | ], 42 | sk: [ 43 | 0x02, 0xdc, 0x25, 0xcc, 0x40, 0x31, 0x0e, 0xed, 0x08, 0xb0, 0x28, 0xe0, 0x7f, 0xae, 0x9a, 0xdb, 0xee, 0x2f, 0xbe, 0x56, 0xa4, 0x69, 0x4d, 0xef, 0x04, 0x01, 0xe6, 0x56, 0xdf, 0xae, 0x02, 0x11 44 | ], 45 | c: [ 46 | 0xd8, 0xf9, 0xd8, 0xa1, 0xf8, 0x1d, 0x1b, 0x5d, 0x55, 0x06, 0xb5, 0xff, 0x94, 0x2d, 0x2f, 0xf3, 0xda, 0xe7, 0xa6, 0x3f, 0x57, 0xd6, 0xb8, 0xc7, 0xfb, 0xe5, 0x81, 0x49, 0x82, 0x3c, 0xc6, 0xec 47 | ], 48 | full_width: Some([ 49 | 0x25, 0x5d, 0x75, 0xb5, 0xf9, 0x7d, 0xd8, 0x80, 0xa1, 0x44, 0x60, 0xab, 0x0a, 0x28, 0x93, 0x8e, 0x7b, 0xa4, 0x97, 0xce, 0xb1, 0x45, 0x7f, 0xff, 0x29, 0x92, 0xe9, 0x01, 0x5a, 0x84, 0x03, 0xf8, 0xc0, 0x81, 0x12, 0xb7, 0xa9, 0x4c, 0xf5, 0x39, 0xc2, 0x1c, 0x9d, 0xa7, 0xee, 0x99, 0x89, 0x7b, 0xe9, 0x47, 0x6b, 0x68, 0x13, 0x53, 0x2e, 0xe2, 0x2c, 0x89, 0x47, 0xd7, 0x53, 0xb7, 0x2b, 0xdf 50 | ]), 51 | }, 52 | TestVector { 53 | context_string: &[ 54 | 0x5a, 0x63, 0x61, 0x73, 0x68, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73 55 | ], 56 | seed: [ 57 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 58 | ], 59 | zip_number: 1, 60 | subpath: &[ 61 | (2147483650, &[0x74, 0x72, 0x61, 0x6e, 0x73, 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x68, 0x75, 0x6d, 0x61, 0x6e, 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73]), 62 | (2147483651, &[]), 63 | ], 64 | sk: [ 65 | 0xa1, 0x27, 0xdb, 0x66, 0x62, 0x8b, 0x25, 0x6e, 0x5b, 0x66, 0x4d, 0x54, 0x05, 0x0c, 0x1e, 0x6b, 0x02, 0x89, 0x63, 0xae, 0xa2, 0x2b, 0x04, 0xd1, 0xbc, 0x6f, 0x48, 0x12, 0x36, 0x74, 0xed, 0x82 66 | ], 67 | c: [ 68 | 0x34, 0x00, 0x84, 0x03, 0x36, 0x05, 0xed, 0xca, 0x11, 0x46, 0x3f, 0xfe, 0xc5, 0x6b, 0xf0, 0xca, 0xc4, 0x25, 0xc4, 0x10, 0xe9, 0x53, 0x62, 0x86, 0x71, 0xce, 0xc6, 0xa6, 0x51, 0x4c, 0x32, 0xa8 69 | ], 70 | full_width: Some([ 71 | 0x7f, 0x85, 0x3e, 0xef, 0x00, 0x1b, 0x1b, 0xc5, 0xa1, 0xa5, 0xe6, 0x7f, 0x5d, 0xfd, 0x0e, 0x90, 0x42, 0x75, 0x96, 0xd4, 0x84, 0x2f, 0x5b, 0x10, 0xa1, 0x11, 0xe9, 0x7c, 0x40, 0x73, 0x20, 0x3c, 0xed, 0xf6, 0xb8, 0x0a, 0x85, 0x14, 0x5e, 0x50, 0x61, 0xac, 0xd2, 0x9b, 0xc5, 0xa4, 0xe3, 0x49, 0xb1, 0x4f, 0x85, 0x57, 0xa7, 0x03, 0x3e, 0x23, 0xb0, 0x66, 0xb7, 0xce, 0x24, 0x09, 0xd9, 0x73 72 | ]), 73 | }, 74 | ]; 75 | -------------------------------------------------------------------------------- /test-vectors/zcash/bip_0032.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/bip_0032.py"], 3 | ["c, pk, address, external_ovk, internal_ovk, account"], 4 | ["47abebefb68f2d362e0199622ca66d628822367c53d48338903d2d6a9c43a09b", "02ed638532c475f67400350fb1d6eda559cdc289a19b4319eb175140aa86893836", "6725f262bba6422fd47c305b8378c4994241c442", "dd7457506999ba038482cc7998eec2a36e2a9a21ab3416a69866d6d12d3586d4", "7f594600ecd35b2dd356a772f58cb63d972dfdbfcbbbcf64b2ee1cf32dae9073", 0], 5 | ["98e2b8b1ea0b8dc29a25c0c5342e358d97fce496cb852f45ac21be53b39192fa", "03fc399e613d010865d5a1fa8765b7109f9db1ed56218983f9bd54b8c712478829", "04631ad8902ad2fc5641bbe935dea67950bb9c59", "1366a9d1e5ca98fdd0877416a92973f6ba04b5c17f493f63e325e8d3a369bdd2", "0a0b8220130cbcf72166ecc869b75ae7842719fee118650d099ffbd29b8501c8", 1], 6 | ["ea4c47967cc624397ce43c94b7b5b70e8f65e243b2ee886a16823809fc04a7f6", "029f1794895562430d5dc8be5e88cfeee3261d6be4e6eb5b238ecc9e7ebdeb1bf0", "0bec65aa3cf1af84a95da1e6b9e4a52b74428ff6", "822f4d7ef51308a226d17c09b8ce22a42b1cdc0a2c80394ca5d4080f83aa0ca6", "6ea5ce7481ea0baaeb1dad3f0c72d8fb7cea2d0469df60db3a8f33219295f514", 2], 7 | ["048aa3ec6300c68c3164c682853df0c2346181cd1135d83bb4ee4f20d646be3e", "020f8aed7690bc84e3fa6510c362bb9290904b6ff5b75e4e5ca6de821bf3389fae", "752c53a43b8a44182550ed668d49941c4fef5502", "bd65e1acc7ae335b6ffd1ef050943043cdf81df6e30c43f2173ea0ceb9dd9600", "061434598be891db11d449bf1ebe5cc93d142561f0e79c45f68ae41e2befb223", 3], 8 | ["1f3123ec57c3283517c8d85d73b4cd3e97306fa0fb7f71fec7ebec677b5c4d93", "039efddc9cc1bf9f4214a09a7f0188540789b26197cdededc993be5381587f79de", "1a8faa82b6fe128553c2f3f38b2251d8888048ab", "1cf6d1c41f40468180f1e348402729304f1e2ec6c41c1bdab0622723b6c53eed", "9c24cc681409e7fde33b64cde644dea87d3cefc5067a23a5b1499aae37d9d719", 4], 9 | ["94b693d4b3f5b9456d2e7096d4a78fe0a1b1725d247f07a9eec494ae2d45eb03", "03e032029bfe0abdf00e26eee77e4c3b55674486c903428648b26adb5c11ced5b3", "e59b1c45cfda3f6f2df78d04bd0df8a593178836", "2945ec3810daa1c5cf5e8ffcc4402b8e47ea23c2124c874cba7df4f890d33cc7", "a4000c69e36e6e8f0d56ac83706031fabd5efafb75eb802227ea318c4c90154b", 5], 10 | ["cad6bae3f66d39e357278825b63bd215338ba729aa94d8cd8984b40d4385cfde", "028efe8fa9b8827f87484aa186873372a46e538a1c3f341adb9c3369ac4d4f707a", "3a9c2ad950098f111c3edd0d3eb3091c96ea8356", "30e4d7cd8958ed8af6190fb3652adbde64300ef2528fa2fbb755ffdf6aa5495c", "f35f92ca92bc5a830265c3b8f690e4451a27700e5d684829f6c27028ddd6554d", 6], 11 | ["75ec2d50a4c1f4fcb5de6fa57b57fa5969fe95d73c3b4eb7a7e442d29dc04c69", "0214158dc4631f2a3784bfb42b9ad44dcb779dcf0f26a1def9120f81c9836bf4b5", "0ff6c3ebc62538ff1d690dc8e07a913b15fee1c5", "ad188629e76df8622c9a2007edcda5da6cd528d72600b639f9bb2735000461a2", "238c5bf6a2bda815dc9162fbeca2f88e4cef4900863946b221d84b537b767f91", 7], 12 | ["a50625dae4271276679283e7adca06456eb5e874d15ddf024c9cfabf0814ea3e", "035d0d7224c3beb78bc67c214f56731b3ffb27b06310a1e6093384f6eb72b6c5f6", "9ff43f3f0121bf054c14ea0d9d849e0b02e94687", "107958131b7cf605cf3d18a43e50b48a833f4baa2fa98c1abffea96df6b1a87a", "fd764d96801f13152ddeab74170804f7c2c8fac7b96500b4f3eac0bd5493d177", 8], 13 | ["41a926f250f477153b8af9b8ea6609dc55228399002d93ed50d0da6b769508b6", "0295599fc048f2181156f9e453735d989eb61623f6eee8a060b8f3fa59666cdfe1", "daebdd957be54702db56dd0d1c19a77606dfecd5", "cbe860a997e890048c591c823410d31c3e48e52e21a1adced1c11706627730a5", "2fbbecdc56d132590bacda38d8df177983e24606454171ab874d57f880201648", 9] 14 | ] 15 | -------------------------------------------------------------------------------- /test-vectors/zcash/f4jumble_long.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/f4jumble_long.py"], 3 | ["length, jumbled_hash"], 4 | [3246395, "3fc2ecdfb68696571d89e8beddb647e6990b63a0171c36442273d687bd99257ec5002ec8197801b621732d6b05b8d70f688620a4c08873c12e4439a0127dc945"], 5 | [4194368, "a5f18f163e598d4adb6ea7248057e24c1b61f29b33b7abcdabd420a0f2ee6c3ed31394652f28b59c44d3ea9ecf85f4d501e6aac14df288efd62cf80d1829d025"] 6 | ] 7 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_empty_roots.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_empty_roots.py"], 3 | ["empty_roots"], 4 | [["0000000000000000000000000000000000000000000000000000000000000002", "11f4976cde2d797fccb9514e3858c906cbbd9f5e520f003c71c209c80725abd1", "30d056957683dfe0c3e289ea1c2304b19b5c09c17cabbb3a0464cd14463f41c7", "044279ac8f3c57b2aa1638aca9d27eda6a7df26d8174ec50fde5537739fc1121", "31b4ea3aced9464a3daba756ae9945b86407f3ef514c38f2d4645cb4fefb6a80", "18abed52ed3002af2798f51bc19bedd2c9fc69003699e845c6f0c0f257413e87", "02c4ff95a4f8937220846aa30a8abc6fa8a053125ac1c870ade13a952013ab27", "3b13f3906f701d1f8e4ad7221b0555056830523b11374b5ba6a291f13d56144e", "1f3707da6df0e41c6f67045d859633ce55851d4b17f4b74e0f8ad193f9e4bbb3", "0e17bd4c92572b5a39b8bc1c99cbdf79c628ba3fe9279eeb6ad7f0c6e9bdf54e", "0743b7c639f9a56294bf11831b6a7da417d27c7d6a0dc31ecaf5ebac6825c0a3", "390dd1d2c5662b30f61c6ca9ca404d1db4495decd6ba0516da2261ae0bb3f93e", "0b9ed98ef64fa6a78488390038e530982d3670de72c1703be6ab93cb0028ae22", "1b66b7651dbb92721c035c140d313b05a617c9df9c97b0ed4cc27226d9107118", "3b4564b91762fb4b354bab9090e3fa6611bec6af2c04c20c8b144f36bead983f", "0fec4763bc96f603590823c9660544edf425bdb3e0734973f136f90dd1dbf863", "34dcf5b7ecb1dda089e3cb6d0678e464e5fa8d146835315a886140ac3e168221", "31d3a638278b57a2923bc1ac63da2789d61aaa069e1fcdf9f3a3181968c09dbd", "2e8d63c774216c4b093197923c2255d39ce6a93d3386a93b5eb97f3b95ed2cca", "1a4e1a33a59cc1c3bd78771168f6ab8d24ee714d09e0e1aa459e6fb5964b3555", "05f71033d378bb729e90f578654694e692acc541cacaffdea045a02a4cb09770", "012e36772839eb54c3f50a619a59c57acbe5e8223f7a8610d43b81ff21681de8", "24d86d9aaaad5838a6d179cb5c2a3b8c80fd3849c9fdc4b896497c7f56e87d15", "0b5d7773fe73ed739820ebe6eafc1859278bf9c49546122cc12061cd51ce1ffe", "2d0a3ab6ae0a5a33b346835b4e3252b137ff3010fa0c4df7692601122998911f", "22559754c745c606ec0a54140795eda7bebfbb3c18961393a37df12af515ec5d", "258a081b5900f6074c3a94da3cc613b61758cc331d94ee75ab3b461dd92aaee8", "0f06d046da76daf00097e8af438215b183a518a5f423687696f5ce71e3de3fd5", "2ed66b6b6f8f29b6b3f625e8fe886221ebec30c729e8619a4c91e7ef4c44d215", "3f25121b0218dc6cf514fdb8e5d9a3b685d60e6b6baa837aea10aaa017a6574c", "27ba14a06cf07323de77da59259e3523acb269d955be20791a83bd195c91d43f", "2a4c109fe28f5c71f7bda83f74ec8b684cb90e8462772b224449ee07cd63d087", "2fd8e51a03d9bbe2dd809831b1497aeb68a6e37ddf707ced4aa2d8dff13529ae"]] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_generators.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_generators.py"], 3 | ["skb, nkb, vcvb, vcrb, cmb, cmq, ivkb, ivkq, mcq"], 4 | ["b75523b328f1d6063b8d187c3e5f445f0c7f0ce37b70a10c8d1a7284b875c963", "25e7aa169ca8198d2e375571faf4c9cf5e7eb192ccb5db9bd36f6aa7e447ca75", "2f70597a8e3d0f42f7a86a704f9bb232fe04a37f2b5a7c8c2aa7bd6e3af94367", "07f444550fa409bb4f66235bea8d2048406ed745ee90802f0ec3c668883c5a91", "a6b206c328a94533cd239fab936f3df2239ec55cfc14a47c2c022c480ffc6e13", "978007a056fbcd0df79ff2b479b0ed5dc5960f5afd46dd2a320eba0940a8745d", "a5a22ccd5070134e1634290a4080894802957fe2d31aedc79823486e5ff8a118", "05bc0cf14aa9c8117dcc81b85aa241fa421bcc245128a2326bcb2f92790f82f2", "1616d29663a818b9a00f365aef890e99c9beb955c08d1070f8b9c7f97f29c6a0"] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_group_hash.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_group_hash.py"], 3 | ["domain, msg, point"], 4 | ["7a2e636173683a74657374", "5472616e7320726967687473206e6f7721", "1818cda31ffdc8c3ff23df3d88c26f952340257d0f187a0236695c9b640b6bd3"], 5 | ["7a2e636173683a746573742d6c6f6e676572", "8f739a2d9e945b0ce152a8049e294c4d6e66b164939daffa2ef6ee6921481cdd86b3cc4318d9614fc820905d042bb1ef9ca3f24988c7b3534201cfb1cd8dbf69b8250c18ef41294ca97993db546c1fe01f7e9c8e36d6a5e29d4e30a73594bf5098421c69378af1e40f64e125946f62c2fa7b2fecbcb64b696891", "b44ddd61dd57f51f1da1c42fe227d72377808dbed58f24777ce767264f3e60d3"], 6 | ["7a2e636173683a74657374", "81ce3dc166d56a1d62f5a8d7551db5fd9313e8c7203d996af7d477083756d59af80d06a745f44ab023752cb5b406ed8985e18130ab33362697b0e4e4c763ccb8f676495c222f7fba1e31defa3d5a57efc2e1e9b01a035587d5fb1a38e01d94903d3c3e", "03d9dab69b5cf22d28f5489ccffc9328ca515f4742b6c6d493657a90e94d1df6"], 7 | ["7a2e636173683a74657374", "360c1d3710acd20b183e31d49f25c9a138f49b1a537edcf04be34a9851a7af9db6990ed83dd64af3597c04323ea51b0052ad8084a8b9da948d320dadd64f5431e61ddf658d24ae67c22c8d1309131fc00fe7f235734276d38d47f1e191e00c7a1d48af046827591e9733a97fa6b679f3dc601d008285edcbdae69ce8fc1be4aac00ff2711ebd931de518856878f73476f21a482ec9378365c8f7393c94e2885315eb4671098b79535e790fe53e29fef2b3766697ac32b4f473f468a008e72389fc03880d780cb07fcfaabe3f1a84b27db59a4a", "34f92ef8b5d140ee1a2d04c6699cdee1592d46ddf9f8c0fdd46fcb98fdf5dce9"], 8 | ["7a2e636173683a746573742d6c6f6e676572", "882d2b2103596555ed9494c6ac893c49723833ec8926c1039586a7afcf4a0d9c731e985d99589c8bb838e8aaf745533ed9e8ae3a1cd074a51a20da8aba", "3f68e8caa2d3dbca9c9ec506ece2f3c1b87518e6c831f7ce22717c60e1b58cf3"], 9 | ["7a2e636173683a74657374", "dbebbc862ded42435e92476930d069896cff30eb414f727b89e001afa2fb8dc3436d75a4a6f26572504b192232ecb9f0c02411e52596bc5e90457e745939ffedbd12863ce71a02af117d417adb3d15cc54dcb1fce467500c6b8fb86b12b56da9c382857deecc40a98d5f2935395ee4762dd21afdbb5d47fa9a6dd984d567db2857b927b7fae2db587105415d4642789d38f50b8dbcc129cab3d17d19f3355bcf73cecb8cb8a5da01307152f13936a270572670dc82d39026c6cb4cd4b0f7f5aa2a4f5a5341ec5dd715406f2fdd2afa733f", "85f6bc5d72ac1aac7e36ee13be802a6ef3ccac687bf36a5151a8f1602803ec3d"], 10 | ["7a2e636173683a746573742d6c6f6e676572", "1c8c21862a1bafce2609d9eecfa158cfb5cd79f88008e315dc7d8388e76c1782fd2795d18a763624c25fa959cc97489ce75745824b77868c53239cfbdf73caec65604037314faaceb56218c6bd30f8374ac13386793f21a9fb80ad03bc0cda4a44946c00", "198e64b1466e317f4db76a5c11c4495ccf4df7ddc2ee54a179c16cf0728852ae"], 11 | ["7a2e636173683a746573742d6c6f6e676572", "a1df0e5b87b5bece477a709649e950060591394812951e1fe3895b8cc3d14d2cf6556df6ed4b4ddd3d9a69f53357d7767f4f5ccbdbc596631277f8fecd08cb056b95e3025b9792fff7f244fc716269b926d62e9596fa825c6bf21aff9e68625a192440ea06828123d97884806f15fa08da52754a1095e3ff1abd5ce4fddfccfc3a6128aef784a64610a89d1a7099216d0814d3a2d452431c32d411ac1cce82ad0229407bbc48985675e3f874a4533f1d63", "a98733e86ecc538a3e8c4222ce343e8daa7d4ec562a6d6854f4b83315e4e90cc"], 12 | ["7a2e636173683a74657374", "fa3e0f460fe2f57e34fbc75423c3737f5b2a0615f5722db041a3ef66fa483afd3c2e19e59444a64add6df1d963f5dd5b5010d3d025f0287c4cf19c75f33d51ddddba5d657b43ee8da645443814", "3b7ff174f9df0bea07c1f77a4921f81b4d1199556b8ff5b9fd29ef20ccb05eb0"], 13 | ["7a2e636173683a74657374", "29f3e9b4e54c236c29af3923101756d9fa4bd0f7d2ddaacb6b0f86a2658e0a07a05ac5b950051cd24c47a88d13d659ba2a46ca1830816d09cd7646f76f716abec5de07fe9b523410806ea6f288f8736c23357c85f45791e1708029d9824d90704607f387a03e49bf9836574431345a7877efaa", "ae0563814907db7a7eaad4d010ae85cdb4c6879ea99717c6a7391391d5be7152"], 14 | ["7a2e636173683a74657374", "e73081ef8d62cb78", "19191dc5bd9e7dff90ba187770491a42be7fac7a557053024c650dc7c04417b6"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_map_to_curve.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_map_to_curve.py"], 3 | ["u, point"], 4 | ["0000000000000000000000000000000000000000000000000000000000000000", "2c150731d26bf03de9585bf1a0c67160f6ca6e5ce0e2b674af333253bca63800"], 5 | ["0000000000000000000000000000000000000000000000000000000000000001", "8bb222fb72c9783337e0e9e1c4282c391407f5f9d9fcc94ace1d677dbf3ba120"], 6 | ["123456789abcdef123456789abcdef123456789abcdef123456789abcdef0123", "a4f27f64d536dbc39c03c18fda8e65a9a12b7418818ed76c040b83ef97b25723"], 7 | ["082169eef62efaaf9d9364b1666e4d4c07576bac4994133ffb70fcad738f7a5c", "3760fe4bcc0a06bc2b13bb7700ab2e33479b6e4ba4a07035134a3e55f46f2614"], 8 | ["0dcdb1cf014253b3c78849f2a39cefb0e6772b980e2e5d2aa6bde1f2b386dd1a", "227c8978b7605a4df2b17ba25cbf047dc65045bd98f96d3855eb0e9ae7fc79f0"], 9 | ["1435a7304e9de2a5d6368e9c7e1fe01f27c7a99b670f59f20f94b63225b869bd", "b597aeead7cb6a976184f5363dd3d3fe4c792f344c712a67817dd97ca5a3be8c"], 10 | ["0e81632a9168694bb6bcec2f7bfac26208c05aed4828f99ebeafd655429850bc", "2dcaa687a5da58c372d80958adb0d77c7303429e8c46ad430acf69dedc9c4b8f"], 11 | ["0df89ad556370877d4f76a993d20c7e81393fdb51d55d7a8f5621d6ad566c13d", "b7c41bc277514f2384157f44e53271b33064c9f14157fdadd0296c52d86466ad"], 12 | ["36f6b8cc63c7e4e4b097263633ab3081bf3ef0f0fd67bc10dbf67f5df445a705", "88a4484c74cf39c5603b1a120eadcccfcd9d03bbd386321e119de74b86f61be1"], 13 | ["3c3d90941de0381afbd58755031ab0e9e1c2ef575a3dfade311eba7f2f225c49", "aa0c856e13f9094980de92b18a9edbdbdba95ce0b283d06a38b638af758c466b"], 14 | ["11984ae34bf0dc7e531a9bf438a1c9257d8d98420ebed9907709ec1f36d30a3d", "9d13dc12c67894a7c27402cf6238d86f869c26607226bf1ecf96a896e4dc9c42"], 15 | ["16ad0d328d94dab9a88480ad52001ba4d75e39883e0c5f8372507bd2b69dafa4", "2ec2b3cb6e8e938450866a7036232f4db23a56012b3c0204562a6d64bcfbbdaf"], 16 | ["11e1f1478dd376427335f2e70fc01f12c4865b34afcdbbed5b0b7d43e631544d", "910ab0e0b8a3585ec1671791c91ff238a2dd1259e9383f2fae2fed919390cb43"] 17 | ] 18 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_poseidon.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_poseidon.py"], 3 | ["initial_state, final_state"], 4 | [["0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000001", "0000000000000000000000000000000000000000000000000000000000000002"], ["2a526acd0b64b45394efb364f966240ff7e69a71d0b642a0aeb1bc024aeca456", "13c5d1568b4aa43076ff7dae343d5512dcd42e7fbed9dafe012a3e9628e5b82a", "0a49c868c6976544256fcd597984561af7cfdfe1bda42c7b359029a1d34e9ddd"]], 5 | [["082169eef62efaaf9d9364b1666e4d4c07576bac4994133ffb70fcad738f7a5c", "0dcdb1cf014253b3c78849f2a39cefb0e6772b980e2e5d2aa6bde1f2b386dd1a", "1435a7304e9de2a5d6368e9c7e1fe01f27c7a99b670f59f20f94b63225b869bd"], ["21ddae20d1d6227a036952a16129fda2cd878092770c38e77e8a9238832f6ed0", "0d1451eeb8b98c361f1e4809bdf4e549c969c0d094ac79bcd6106f415fa45529", "105bf9ac68bb569d795cbe4430401cc587ab82d9b76f131e2b5dd6e9bb76830d"]], 6 | [["0e81632a9168694bb6bcec2f7bfac26208c05aed4828f99ebeafd655429850bc", "0df89ad556370877d4f76a993d20c7e81393fdb51d55d7a8f5621d6ad566c13d", "36f6b8cc63c7e4e4b097263633ab3081bf3ef0f0fd67bc10dbf67f5df445a705"], ["12178017a492eb518ed532086472ae41c36af9d6a9c72d050c5a140753ec770b", "182e5a67f262b37b076881f127b9dedb0c280efcd4d70f8b3f460ef0443f523b", "267605c1fa80df594083cfaf223ee2054c3111992a80ae641535ccff06977a95"]], 7 | [["3c3d90941de0381afbd58755031ab0e9e1c2ef575a3dfade311eba7f2f225c49", "11984ae34bf0dc7e531a9bf438a1c9257d8d98420ebed9907709ec1f36d30a3d", "16ad0d328d94dab9a88480ad52001ba4d75e39883e0c5f8372507bd2b69dafa4"], ["2a55092322068b81c96e9cc3b93f77c96a84834b6fb6e75442cb827f3f088067", "08509fd51f953dcee5eecadd640bfc3e2c6502e6435316d858b1402c7ea5f9a5", "3b1e9288243587975268c2ad5518546e568ac67ca00f95837e477c123664a4dc"]], 8 | [["11e1f1478dd376427335f2e70fc01f12c4865b34afcdbbed5b0b7d43e631544d", "3ce89ce6dacbed8582001d60dcf379b63fabde3f7b376dd49c7d1c811d7a0cdd", "143c39f7c8658337c92e481af27634f733db5320d283a185ec179035c0aae419"], ["3008c913a6b1c92b696d22dd917d9aa47045d9622bb5b8402a95a10f5e8e9989", "0be5beffc70448c736ac0b9714df4e181a4dd8d38624fbef79900da9d944eed0", "21de2f2b19f7b5b7c5aa4f05ac67d393a39b7e44c62a127e7c78ce61a6458104"]], 9 | [["08a068f473f4b432ac976676b3f2fe293ee50f795e53798b097146eb155388e2", "15655903212b2d883d154a9ab57db283f7f925aec632b6f0dee05716fc8923e6", "0b9c58995d981e739c0d4acfafa78694bf33f491d999463b16e227d2c69494eb"], ["2accf74061d42b4f799ccec381787f1842fb87c6e835b273fdfb7f678d1f2dce", "345afa832370dc47cb879f7374c5641e012a4ab8326fec435f5dd5b6399282af", "0f1d5849d23033c5054140961700540cce7e61bd0291e8bfb8694c215b08d103"]], 10 | [["1e4342ed2d86bcebdbd118ba8ada201a832e37203161efbda526150aaae838b7", "107265f2a6a4756d43c38dfba2af01e06734d953389e37e3d35c38e330694791", "11af021ae73c8612bdedff3959747e45905ebc9625e51124c0f0b9ec3222194b"], ["2b945791668894528afd21025bff7b128706711c4cf388e39e7b662f7dd8cc5f", "34c6e5faed6a4aac01b9bf1b5827568ae8cb1c00b9f390d95263aa3080b56289", "3fda724286cad08defd9488fa5dd3c4399f3b5828d3e0e31af984cf259760b7c"]], 11 | [["0da940ccee7d8582c3a96db5126bb88f267f1e6fd262bfa52271b363db7a417b", "3158dbe2fab727b95728db67d584d96d78b3ae61b2b021b69449b3713935295e", "3001daa5b88ccbce73cf5b35f3197dd1b3ca29c1bc8d0bf5389d7842465d4105"], ["14ffa68b594bc65685799ec1498e45328abcfbc1eceadcacb6da646fdcade19e", "331cae1fca53165f07b99324692b67389ac491db842577ccc359d64f3610cc42", "0d7dd648c60eb5c3453b21666cc0eaa71362a8ff3a390b96c456148051f341ff"]], 12 | [["15d75dec41535a4f2aaaf5f7b0d44ccbc62690d382dc70265770a23639f15271", "0880f879cdb5cf58a1cfeed90926ceaf1b2a86218c1c645f3f73fa2add2f6f40", "374b824557e79c4897cc59a95fc22436544438991eb088fbd3ba57967ddc15e2"], ["315c14ca987b346d1107938569dc89b3886a28376ee4b03774eb25d8d7150963", "34b5fdaf7ded68b887391cf34278522970aa6e5d7af161a746b54fe9ae1b58aa", "1a1fce996190351510548ef29879ab45001e65b64d429fde85ab1a39b317c17d"]], 13 | [["3f798633c14a37f830bdc61862b5ceaa4f3137406065ecca73dffb9c23538c86", "0650e94996707a47cebeb5875b0edfa1b1e1006c94444ada0cbc03ad80fba921", "36d75733f5699a3ddd4d4bedf66d55f60a0738c7830e90c785f1642548399104"], ["03526076ebccb3c5359d9d6f7b925c3eb0d6db8a481f7129e0a549a419195a6a", "1b67284ac0fedb8be873218404a1263a9b28db7301df2aab47615989465b4780", "3a326e4236fd44f90f7dac190f7c560ffa4ffac97b5fb155f54444f5d0c8f31e"]], 14 | [["39696271fc44f2f7ff92975b02e3956ac13dd6d5ec5e84db313c6401cb5c4f7d", "08fa156f808478d923818206ea4024195a62689eff1af26b5c82fa96952ed626", "2d2199701a9da81046a684f7ae28613ada864701db0fc3ff66b664234a7552d9"], ["2fd4f17e307ba59c67d60b5b420cc4a470aca2d33c3e2db46fdb6bf5bec94a1b", "36eca0085aaf5ae9ba35de96b37c3cecded1db8aed86e03234a2aa9411f42e1a", "202f6661559f3d023b008ee4e620c6ecb5d561772471bae1decb2c3ec780eb68"]] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_poseidon_hash.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_poseidon_hash.py"], 3 | ["input, output"], 4 | [["0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000001"], "062ff1c32bb0ef109d6a1bc9399a083eed83c2a7fb54cdbe389d32a011d75883"], 5 | [["082169eef62efaaf9d9364b1666e4d4c07576bac4994133ffb70fcad738f7a5c", "0dcdb1cf014253b3c78849f2a39cefb0e6772b980e2e5d2aa6bde1f2b386dd1a"], "03e63b302667d2794b3992be2385a0f18e2ac0ca61ded5c430fef83eff7526db"], 6 | [["1435a7304e9de2a5d6368e9c7e1fe01f27c7a99b670f59f20f94b63225b869bd", "0e81632a9168694bb6bcec2f7bfac26208c05aed4828f99ebeafd655429850bc"], "3d141ddccd07b05ee6417a8ceff63100763d189c0fac96a88dfe5c1d1e1d12f5"], 7 | [["0df89ad556370877d4f76a993d20c7e81393fdb51d55d7a8f5621d6ad566c13d", "36f6b8cc63c7e4e4b097263633ab3081bf3ef0f0fd67bc10dbf67f5df445a705"], "11d4db8aaa818d3d32e6ac9033d76a18bf50fa5800905650a0365113e7a516a4"], 8 | [["3c3d90941de0381afbd58755031ab0e9e1c2ef575a3dfade311eba7f2f225c49", "11984ae34bf0dc7e531a9bf438a1c9257d8d98420ebed9907709ec1f36d30a3d"], "0cd4551d2a5bc13ba10831633f3f43634110baf6498c8492a85fd0fe06f3ba1a"], 9 | [["16ad0d328d94dab9a88480ad52001ba4d75e39883e0c5f8372507bd2b69dafa4", "11e1f1478dd376427335f2e70fc01f12c4865b34afcdbbed5b0b7d43e631544d"], "35dfcfd7cb87d51bd76b492c3b3be9edcd8a52c1b799a3760b793f59eb8aa104"], 10 | [["3ce89ce6dacbed8582001d60dcf379b63fabde3f7b376dd49c7d1c811d7a0cdd", "143c39f7c8658337c92e481af27634f733db5320d283a185ec179035c0aae419"], "1ff6d22b04293366707e87f91fa97443d9bcc26b111483655ff3d000dccc0311"], 11 | [["08a068f473f4b432ac976676b3f2fe293ee50f795e53798b097146eb155388e2", "15655903212b2d883d154a9ab57db283f7f925aec632b6f0dee05716fc8923e6"], "108d5b899cd1010cbe3504936ffd9a876d58479e7deb11acbe457c435fc6f8f8"], 12 | [["0b9c58995d981e739c0d4acfafa78694bf33f491d999463b16e227d2c69494eb", "1e4342ed2d86bcebdbd118ba8ada201a832e37203161efbda526150aaae838b7"], "2738b7d0d781c8ccf1cbe987427fdf8301619ad24fb927698e2eb0219648eb5a"], 13 | [["107265f2a6a4756d43c38dfba2af01e06734d953389e37e3d35c38e330694791", "11af021ae73c8612bdedff3959747e45905ebc9625e51124c0f0b9ec3222194b"], "3500f21a6c30913086f5554f1752d87e097f73c04e502a495da2f2f5204714b0"], 14 | [["0da940ccee7d8582c3a96db5126bb88f267f1e6fd262bfa52271b363db7a417b", "3158dbe2fab727b95728db67d584d96d78b3ae61b2b021b69449b3713935295e"], "11ad81e5b07b649002a88bc189300462c4fe355e85d3f4db1ac0e7d642b7bebb"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_sinsemilla.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_sinsemilla.py"], 3 | ["domain, msg, point, hash"], 4 | ["7a2e636173683a746573742d53696e73656d696c6c61", [0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0], "ab839ac113ed4cb12d2d785aba3f6539685843b619b4068e70b5634338aa5498", "2b839ac113ed4cb12d2d785aba3f6539685843b619b4068e70b5634338aa5498"], 5 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "0101000100000100010000000001000100000100010101000000000101000001000100010001010100000001000101010001000100010101000101010101010100010000010101000101010100000100010000000000010001000001010001000000000101000100010001010001000000010100000001010001", "80c4038f38fe5c11bed506c51167d3c20dcde523b1ee8f611f17984e8e985bed", "00c4038f38fe5c11bed506c51167d3c20dcde523b1ee8f611f17984e8e985bed"], 6 | ["7a2e636173683a746573742d53696e73656d696c6c61", "010001010001000100010001010101010101000100010100010001000100010000010001010000000101000100000101010101000101000001000000010100000000010000010100000100000100010100010100000101010101000000010000010000", "073498e5300cda6c7eb00693d12ae8cf9dfa35fc7afde4e53d6faabd8fe55ed9", "073498e5300cda6c7eb00693d12ae8cf9dfa35fc7afde4e53d6faabd8fe55ed9"], 7 | ["7a2e636173683a746573742d53696e73656d696c6c61", "00000101000000010000010001010101000001000100000001010000010101010001000001000001010000000001010000010000000100000100010100010001000101010100000100000101010101000101000101000001010101010100000001000100000101000101010100000101000001000001010100000000000100000001000100010101010001000001000000000000010101010001010000000001010100010101010100010101000100000100000100000000010000000001010100010001000000010100000100000001010000", "b8c93ee96ceb32505471eb7727d640670b2a19612b83780a91298439414b926a", "38c93ee96ceb32505471eb7727d640670b2a19612b83780a91298439414b926a"], 8 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "00010101010101010100000000010001000001000100010101000101010001000100000101000001000000000101010001000000000000010000000000", "bebf3a39697b0334b7792c22708c77c8c7ed59a7378212b676b0186f5bf05fdc", "3ebf3a39697b0334b7792c22708c77c8c7ed59a7378212b676b0186f5bf05fdc"], 9 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0101000001010001000001010000010100010001010100010100010100010101010101000000010000010100000001000000010101000000000100000101010101000000010000010101010001010100000001000001000001010001000101010100010100000001010101010100000001000001010101000001010001010100010101010000010001010101000000010001010100010100010101010101010101000100000100010001000101000000010000000001000000010000000101000001000101000101010001010100000101", "bb072d199b8a8582c23775205694416f194486549bc9a7d71b0455437c8d6cc7", "3b072d199b8a8582c23775205694416f194486549bc9a7d71b0455437c8d6cc7"], 10 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "00000100000101000001010001010001010101000000010100010100010001000101010100000000000101010001000001010100010100000101000101010000010000010101000001000000010000010001010001010101010001010000000000000000", "a05a7c2c6ae0d64bc375ba221fcdff01d8def3f8a1e87eca1b4ed742eb25e81a", "205a7c2c6ae0d64bc375ba221fcdff01d8def3f8a1e87eca1b4ed742eb25e81a"], 11 | ["7a2e636173683a746573742d53696e73656d696c6c612d6c6f6e676572", "010100010101000001000000010100000101010000010001010101000101010000010100010101010100010101010100010100010101000100010000010001010101010001010001010000000100010100000001000000000100000100000000010000000000010101000000010100000000010000010101000100000101000000010000010000000000010000010101000001000000010000000100000000010001000100000000010100000001010101", "2b0c4611b11bd77639fe5a3f3a4dcc50a95f4222cb799a1f0e67d8af00a6cf38", "2b0c4611b11bd77639fe5a3f3a4dcc50a95f4222cb799a1f0e67d8af00a6cf38"], 12 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0000010001000100000101000101010101000001010001000101010000000001000001010000000001010101010101010000010001000000000100010101010101000101010100010001000000", "15665626e6581d94de5d7267145845d41bc9bf59ab1a71a5fab983fcedcb6f82", "15665626e6581d94de5d7267145845d41bc9bf59ab1a71a5fab983fcedcb6f82"], 13 | ["7a2e636173683a746573742d53696e73656d696c6c61", "01010100010001000101010100010001000100010001000101010000010000010000010100010000000100010100010000000000000101010100000101010000010001000100000000000000000001000101000100010101000001010001000000010101000001010000010001000000010100", "946a3c311aed98948c9551ce875f37b6e294cbeba69f80141ab80510e86cf00b", "146a3c311aed98948c9551ce875f37b6e294cbeba69f80141ab80510e86cf00b"], 14 | ["7a2e636173683a746573742d53696e73656d696c6c61", "0100010101000100", "000bb6ce8b5abeb462b37035abe1035ceee0b5ad3d585fd290bac97a24cc6a80", "000bb6ce8b5abeb462b37035abe1035ceee0b5ad3d585fd290bac97a24cc6a80"] 15 | ] 16 | -------------------------------------------------------------------------------- /test-vectors/zcash/orchard_zip32.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_zip32.py"], 3 | ["sk, c, xsk, fp"], 4 | ["b8d42c8b8ee8a51708d620dce7c17689be802fb89168dda390098717103cee7e", "77665240ae500272da4c925716cbff7c4b471db692529b460ef29e50007a8bab", "000000000000000000ab8b7a00509ef20e469b5292b61d474b7cffcb1657924cda720250ae405266777eee3c1017870990a3dd6891b82f80be8976c1e7dc20d60817a5e88e8b2cd4b8", "06e738a491d868056501eaecbe1b9e336d6b614eb807880582d1c80250da4cff"], 5 | ["af62c977f9783c91a09addd1df97ff2c0850cd0ed16e3b5bc90405b4fc03d798", "229a66a9805b442c3bf1a67a57c9024fc01c48dc4f85b17ce9befe9cfb1d046a", "01ff4cda50010000806a041dfb9cfebee97cb1854fdc481cc04f02c9577aa6f13b2c445b80a9669a2298d703fcb40504c95b3b6ed10ecd50082cff97dfd1dd9aa0913c78f977c962af", "a6b9f7d120360dec186fd5136a7f9f5bfde18f3b913ec95d236f061d92dcbb32"], 6 | ["2009cc4bf10c0a9eef084b292b7ba1c2e28e14f508ecd08487d5aa4b89d8af99", "1dbd7bfc17cb07a5f00c2a401ce00eedac125f11c09d2a41d67ac7367ab5a86d", "0232bbdc92020000806da8b57a36c77ad6412a9dc0115f12aced0ee01c402a0cf0a507cb17fc7bbd1d99afd8894baad58784d0ec08f5148ee2c2a17b2b294b08ef9e0a0cf14bcc0920", "d93786b964a97c59ad71e7cc7e6b8593f3780850a5222fd6a3b4b8c54f7ca536"], 7 | ["6723c3f3688b015ffac5605d49768f4c27703c54b4bec74eceb2a448a39e4396", "fe934d036c39e49cbce7e6acf5c8f0933fa8c8f8c344897a57769d80b5e996b1", "0336a57c4f03000080b196e9b5809d76577a8944c3f8c8a83f93f0c8f5ace6e7bc9ce4396c034d93fe96439ea348a4b2ce4ec7beb4543c70274c8f76495d60c5fa5f018b68f3c32367", "68d3dd66a37b8f8b07d581d70c1e57b688c46d0d55322a8219a32c1d661b1abe"] 8 | ] 9 | -------------------------------------------------------------------------------- /test-vectors/zcash/sapling_generators.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_generators.py"], 3 | ["skb, pkb, npb, wprb, vcvb, vcrb, pb0, pb1, pb2, pb3"], 4 | ["d7a1019e6de9b67553bb37d0c21cfd056d65674dcedbddbc305632adaaf2b530", "d4b6d10718df2a7adec901840f4948cc50df51eaf5a149d2467af9f7e05de8e7", "e1369d5440bf84a5fc9e8a15a096ba8fe155b8e8ffff2e42a3f7fa36c72b0065", "114b7501ad104c57949d77476e262c9596b78beafa9cc44cd4fc6365796c77ac", "c66a7e3a82f67ab1d32294fd89774ad6bc3332d0fa1ccd18a77a81f50667c8d7", "ed81d3a9cb45dedbe6fb2a6e1e22ab50ad46f1b0473b803b3caefab9380b6a8b", "a89e87a2d3521b5779c9166b837edc5ef9472e8bc04e463277bfabd432243cca", "015d8c7f5b43fe33f7891142c001d9251f3abeeb98fad3e87b0dc53c4ebf1891", "b62e1500d24eee9ee000a46c8e8ce8538bb22a7f1784b49880ed502c9793d457", "2f7ee40c4b56cad891070acbd8d947b75103afa1a11f6a8584714beca33570e9"] 5 | ] 6 | -------------------------------------------------------------------------------- /test-vectors/zcash/zip_0032_arbitrary.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_arbitrary.py"], 3 | ["context_string, seed, ikm, path, sk, c"], 4 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", "125a63617368207465737420766563746f727320000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", [], "8a153b9d4b41831abf03e8ed93aad73dc179c8712afcd1ebc3c39d400688dae9", "51ec1ca8d851c6d486a059ce9429c8653d6cb2f1023d9fab8a7a5f90f248a765"], 5 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649], "6aa69d11cd6c3a78f4dc76e8fe42371562051577ebad2b8f37c22c83aa9a40e8", "585b0eab719aa0f66d41eed9b88585bc46190a2082bd3853dad2eaa0224908cc"], 6 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649, 2147483650], "0e91601c3030d4a3611edcdc58134ece94482fb7853ae9fe05f8cf64a3904f46", "ae21e267f1d911af41812aeb7a50ff3dd8059f2ff436f0d96bae28554a54d2f9"], 7 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483649, 2147483650, 2147483651], "2cb69a38876c30f72a4572b306b5ca4510cd2c52c6a02c767a2fe4b0936e4bfc", "298419acfb41b22782579891d9b58a502cc8fa9367e3427588e0f573edf29be8"], 8 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483680], "98bc68c4b5e07e8490a8015f977c7b1ddd5c13589eb02b8b57d703fddec430c4", "30cb9d20d778db5051486477644601a3d969a4e0f7d59ab785557dfe8937470f"], 9 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483680, 2147483781], "8791f4713c88bd2e0e1bbaf49e140ec4440d5d7986ae76610ffafd794648e543", "845757f0e629815e5b2fba4a3f1b7b8e8f8e8b411582cfb25924f325b7c342db"], 10 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", null, [2147483680, 2147483781, 2147483648], "9a4a57859a43ccdb7af393bf7637c79fde7ba8c8f66bbcfc3492a062830760bf", "1a0117980d9d9e46fb8c7a88b46226822f6a1e6130edb9530c577af6087e652b"] 11 | ] 12 | -------------------------------------------------------------------------------- /test-vectors/zcash/zip_0032_registered.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0032_registered.py"], 3 | ["context_string, seed, zip_number, subpath, sk, c, full_width"], 4 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", 1, [], "472f3a190840137c88e3999b5d5fe569927c65c238e1c18b58dadfe60715a753", "e63ded4fbb74d7d0619f1d2427988b1e13d9fc57959b24c3fd4e1de2aa26bb08", null], 5 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", 1, [[2147483650, "7472616e7320726967687473206172652068756d616e20726967687473"]], "1102aedf56e60104ef4d69a456be2feedb9aae7fe028b008ed0e3140cc25dc02", "ecc63c824981e5fbc7b8d6573fa6e7daf32f2d94ffb506555d1b1df8a1d8f9d8", "255d75b5f97dd880a14460ab0a28938e7ba497ceb1457fff2992e9015a8403f8c08112b7a94cf539c21c9da7ee99897be9476b6813532ee22c8947d753b72bdf"], 6 | ["5a63617368207465737420766563746f7273", "1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100", 1, [[2147483650, "7472616e7320726967687473206172652068756d616e20726967687473"], [2147483651, ""]], "82ed743612486fbcd1042ba2ae6389026b1e0c05544d665b6e258b6266db27a1", "a8324c51a6c6ce71866253e910c425c4caf06bc5fe3f4611caed053603840034", "7f853eef001b1bc5a1a5e67f5dfd0e90427596d4842f5b10a111e97c4073203cedf6b80a85145e5061acd29bc5a4e349b14f8557a7033e23b066b7ce2409d973"] 7 | ] 8 | -------------------------------------------------------------------------------- /test-vectors/zcash/zip_0316.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zip_0316.py"], 3 | ["c, pk, external_ovk, internal_ovk"], 4 | ["482169eef62efaaf9d9364b1666e4d4c299e04a852e10c5b949e2d9a738f7a5d", "0216884f1dbc929089a4176e840bb581c80e16e9b1abd654e62c8b0b957020b748", "79409b03ad5013081effb31dec19328ccad7c423bd4f12d56477eb207ffbe7dc", "00a4c8d88302e8449b1085869e11bf7e7d32ff6a2821ac404ad9daed14c7464d"], 5 | ["9435a7304e9de2a5d6368e9c7e1fe01f6c54db9379a94c2941ef180c25b869bf", "037273b657d971a45e72240c7aaaa7d0685d06d7999b0a19c4cea32788a6ab513d", "52953e58f44467d10a67ea12e14e1affa12bdefb8b7048e623408f387b53318d", "f654d742d238bf3f6173540151482ea944221ccf453206be039c9d7600497716"], 6 | ["0df89ad556370877d4f76a993d20c7e81393fdb51d55d7a8f5621d6ad566c13d", "03ec05bb7f065e256ff454f8a8df6f2f9b8a8c9508caacfee9521cbe689dd1120f", "7ef377595224be75ff0f7a33483b205deec0f042f8ef2d50ad68e32f0e5297db", "6cd3eaae370df9edc8aba7c4462a68e9681f63297cb132e321aeb8525fcb4abc"], 7 | ["3c3d90941de0381afbd58755031ab0e9e1c2ef575a3dfade311eba7f2f225c49", "02818f50ce4710f4eb11e743e6408544aa3c123c7f07e2aabb91afc4ec48788de9", "9790a6e2388b33e0561f0e47bb7b63db4a2620d4bef4e37b36693fa6626da3b8", "503e4db7be6e8e246d5a8814a3028bfffc5be5f73057f901cb1e6306f2faf64f"], 8 | ["d6ad0d328d94dab9a88480ad52001ba53e32047c59f34ad63dd80e99b69dafa7", "02ae36b61a3d10f1aa752ab1dc16e3e49b6ac0d2ae1907d2e69425ec12c93aaebc", "bcd9e39260716cb6c1b9ffb310a7207c01877e3bf06e28f4273d5b420f476fda", "2670cae3dc243c7104ec5be19e87bccd385f3007aa8ac61d673270cb754fb509"], 9 | ["fce89ce6dacbed8582001d60dcf379b6a67fa933971e59276804af481d7a0ce0", "0249265380d2b02e0a1d988f3de3458b6e00291db0e62e174791d009299f61fec4", "39788ae8781a6a1cf56eb27c88b30f732d679484dc29bbcc754ea2ef8ea0a760", "0f79a5a9c9b07f4c15382fff63eecc629d5924426abba1e5a98b10089840ab3b"], 10 | ["08a068f473f4b432ac976676b3f2fe293ee50f795e53798b097146eb155388e2", "039a0e4639b4691f027c0db7fef1bb5ef90acdb708626d2e1f3e383ee75b31cf57", "f24e4873f1d21a889e8eaad790c1e293910f77c14fdfde723cbf09252c8747bb", "778c2b299a3d0dc05a73575a38dcb3f2af78adddaa4e29507465a76ca3df365f"], 11 | ["8b9c58995d981e739c0d4acfafa7869503c12689ec333872493c89acc69494ed", "03bbf44982f1ba3a2b9dd3c1774d71ce3360599b07f211c816b8c43b9842230924", "e7d0739ebdf680cee9a5caf7b60ef4ad00954c12c54efac4ae159b3711fbe8ed", "d34240798b7734e19ff30298d722fef6e46dce82f35751747657dd34fc4d0b25"], 12 | ["507265f2a6a4756d43c38dfba2af01e0897b724f41eb30ff6c8969d030694792", "03ff63c789251c1043c6f96c66bf5b0f61c9d65fef5aaf4284a6a56994941c05fa", "1041e6fa1e62065928a1e6d63e2236659e1f8592be1bc8bb01017142065211b3", "acc449444194e9086b973d53714dfe1e0cd5ef55f0128e5642941c74c1c046f4"], 13 | ["8da940ccee7d8582c3a96db5126bb88f6b0c5067e4fcb1dc54cc153ddb7a417d", "02bf3920ce2e9e95b0eece130a50ba7dcc6f26512a9fc7b804aff089f50cbcfff7", "b95ab8ea019179a92927cb18007c22c4019b663b83aac8465f1c7207f88463ae", "07cc320b021ca9a3b8514e1b196ed108ed1d46df904faa7fcdbfd826b88e70ef"] 14 | ] 15 | -------------------------------------------------------------------------------- /test-vectors/zcash/zip_0320.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/zcash_test_vectors/transparent/zip_0320.py"], 3 | ["t_addr, p2pkh_bytes, tex_addr, account, child_index"], 4 | ["t1V9mnyk5Z5cTNMCkLbaDwSskgJZucTLdgW", "7bb83570b8fae146e03c5331a020b1e0892f631d", "tex10wur2u9clts5dcpu2vc6qg93uzyj7cca2xm732", 0, 0], 5 | ["t1LZdE42PAt1wREUv1YMYRFwJDPHPW8toLL", "1d81e86791c72d292f906e7c039a729e4b1ff7fc", "tex1rkq7seu3cukjjtusde7q8xnjne93laluyvdxu7", 0, 1], 6 | ["t1M5AgJw56FNFRBNGtzAGX4AHfQh7ZCxd4w", "231839e305c0a02ed681406faf222585f6623904", "tex1yvvrncc9czsza45pgph67g39shmxywgyvsypwn", 0, 2], 7 | ["t1bh6KjXccz6Ed45vFc3GeqoxWbwPxe8w2n", "c3755398b8b77f633fca7ccbda900831478979c9", "tex1cd648x9ckalkx0720n9a4yqgx9rcj7wfvjcq63", 1, 0], 8 | ["t1WvCtHojWHSHBdDtCFgorUN1TzUFV8sCth", "8f17950e22b08886ac4832e22e24f2e8f3cb6b21", "tex13ute2r3zkzygdtzgxt3zuf8jareuk6ep7qd8ty", 1, 1], 9 | ["t1U2MF7f81qrXkWouT3Xt4hLDAMjC9LniTK", "6f58adaf02bb48e6b398a442a2b294589e041620", "tex1dav2mtczhdywdvuc53p29v55tz0qg93qvfjp46", 1, 2], 10 | ["t1awMYfhispKsnJPHn7jgUxNnVW1DTpTJx9", "bb2fbb540f0f7e434636680eaea2eefe375a7591", "tex1hvhmk4q0palyx33kdq82aghwlcm45av3ezlrzn", 2, 0], 11 | ["t1Kgn7v5a2rKkxC24LoXNyHRn4q4Gs3KEEF", "13e41e47448122cad13c5c7f5bd31c77639a9f99", "tex1z0jpu36ysy3v45fut3l4h5cuwa3e48uea95pc6", 2, 1], 12 | ["t1c1ixUTuStCzo19qPg89U9XFYmWDLru9mt", "c6fb64d8757e5c85b230a3358711697ae6540b44", "tex1cmakfkr40ewgtv3s5v6cwytf0tn9gz6y9j5z8e", 2, 2], 13 | ["t1WBxR5jNWgg4Cqeot3FvNkBb9ztYyjVELp", "871a089d446268aa7ac03d2a6f60ae70808f3974", "tex1sudq382yvf5257kq854x7c9wwzqg7wt5h2c24u", 3, 0], 14 | ["t1VEuDXP1QocoNaxrq4gZArTqqKCZdrwjG7", "7cb07c31b58040ac7cc12bfaaa138cfbefb38457", "tex10jc8cvd4spq2clxp90a25yuvl0hm8pzheuufxw", 3, 1], 15 | ["t1PXVM8oR6qVrVjtcnU1iNmH2CfvZyBai8u", "3e02e08b5965fce9c20ce6de6f9407674d01ba02", "tex18cpwpz6evh7wnssvum0xl9q8vaxsrwsz83vght", 3, 2], 16 | ["t1M3p1MgJCgjq4FMogS84kVvuszJbxPnpSM", "22d68debb3928da4046370d25ed2bbe8d5e985d0", "tex1yttgm6anj2x6gprrwrf9a54mar27npws73jwdy", 4, 0], 17 | ["t1aqnebXhA45WpgQHLiXTPU1Kk6rp8vVDDr", "ba2230b41fdc81714328231f40ab73feb52645a4", "tex1hg3rpdqlmjqhzsegyv05p2mnl66jv3dykth955", 4, 1], 18 | ["t1UG6FVxexmJRFXG4gvEmSF9HSTwHMFaSDT", "71f1fc6fd69370f23611536b3b64e7df1cebef69", "tex1w8clcm7kjdc0yds32d4nke88muwwhmmfunhkhd", 4, 2] 19 | ] 20 | -------------------------------------------------------------------------------- /zcash_test_vectors/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zcash/zcash-test-vectors/ba707b10f570182d48196d97b3c648840ba7a21d/zcash_test_vectors/__init__.py -------------------------------------------------------------------------------- /zcash_test_vectors/bech32m.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, 2020 Pieter Wuille 2 | # 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to deal 5 | # in the Software without restriction, including without limitation the rights 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | # copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | # 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | # 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | # THE SOFTWARE. 20 | 21 | """Reference implementation for Bech32/Bech32m and segwit addresses.""" 22 | 23 | from enum import Enum 24 | 25 | class Encoding(Enum): 26 | """Enumeration type to list the various supported encodings.""" 27 | BECH32 = 1 28 | BECH32M = 2 29 | 30 | CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l" 31 | BECH32M_CONST = 0x2bc830a3 32 | 33 | def bech32_polymod(values): 34 | """Internal function that computes the Bech32 checksum.""" 35 | generator = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3] 36 | chk = 1 37 | for value in values: 38 | top = chk >> 25 39 | chk = (chk & 0x1ffffff) << 5 ^ value 40 | for i in range(5): 41 | chk ^= generator[i] if ((top >> i) & 1) else 0 42 | return chk 43 | 44 | 45 | def bech32_hrp_expand(hrp): 46 | """Expand the HRP into values for checksum computation.""" 47 | return [ord(x) >> 5 for x in hrp] + [0] + [ord(x) & 31 for x in hrp] 48 | 49 | 50 | def bech32_verify_checksum(hrp, data): 51 | """Verify a checksum given HRP and converted data characters.""" 52 | const = bech32_polymod(bech32_hrp_expand(hrp) + data) 53 | if const == 1: 54 | return Encoding.BECH32 55 | if const == BECH32M_CONST: 56 | return Encoding.BECH32M 57 | return None 58 | 59 | def bech32_create_checksum(hrp, data, spec): 60 | """Compute the checksum values given HRP and data.""" 61 | values = bech32_hrp_expand(hrp) + data 62 | const = BECH32M_CONST if spec == Encoding.BECH32M else 1 63 | polymod = bech32_polymod(values + [0, 0, 0, 0, 0, 0]) ^ const 64 | return [(polymod >> 5 * (5 - i)) & 31 for i in range(6)] 65 | 66 | 67 | def bech32_encode(hrp, data, spec): 68 | """Compute a Bech32 string given HRP and data values.""" 69 | combined = data + bech32_create_checksum(hrp, data, spec) 70 | return hrp + '1' + ''.join([CHARSET[d] for d in combined]) 71 | 72 | def bech32_decode(bech): 73 | """Validate a Bech32/Bech32m string, and determine HRP and data.""" 74 | if ((any(ord(x) < 33 or ord(x) > 126 for x in bech)) or 75 | (bech.lower() != bech and bech.upper() != bech)): 76 | return (None, None, None) 77 | bech = bech.lower() 78 | pos = bech.rfind('1') 79 | if pos < 1 or pos + 7 > len(bech): 80 | return (None, None, None) 81 | if not all(x in CHARSET for x in bech[pos+1:]): 82 | return (None, None, None) 83 | hrp = bech[:pos] 84 | data = [CHARSET.find(x) for x in bech[pos+1:]] 85 | spec = bech32_verify_checksum(hrp, data) 86 | if spec is None: 87 | return (None, None, None) 88 | return (hrp, data[:-6], spec) 89 | 90 | def convertbits(data, frombits, tobits, pad=True): 91 | """General power-of-2 base conversion.""" 92 | acc = 0 93 | bits = 0 94 | ret = [] 95 | maxv = (1 << tobits) - 1 96 | max_acc = (1 << (frombits + tobits - 1)) - 1 97 | for value in data: 98 | if value < 0 or (value >> frombits): 99 | return None 100 | acc = ((acc << frombits) | value) & max_acc 101 | bits += frombits 102 | while bits >= tobits: 103 | bits -= tobits 104 | ret.append((acc >> bits) & maxv) 105 | if pad: 106 | if bits: 107 | ret.append((acc << (tobits - bits)) & maxv) 108 | elif bits >= frombits or ((acc << (tobits - bits)) & maxv): 109 | return None 110 | return ret 111 | 112 | 113 | def decode(hrp, addr): 114 | """Decode a segwit address.""" 115 | hrpgot, data, spec = bech32_decode(addr) 116 | if hrpgot != hrp: 117 | return (None, None) 118 | decoded = convertbits(data[1:], 5, 8, False) 119 | if decoded is None or len(decoded) < 2 or len(decoded) > 40: 120 | return (None, None) 121 | if data[0] > 16: 122 | return (None, None) 123 | if data[0] == 0 and len(decoded) != 20 and len(decoded) != 32: 124 | return (None, None) 125 | if data[0] == 0 and spec != Encoding.BECH32 or data[0] != 0 and spec != Encoding.BECH32M: 126 | return (None, None) 127 | return (data[0], decoded) 128 | 129 | 130 | def encode(hrp, witver, witprog): 131 | """Encode a segwit address.""" 132 | spec = Encoding.BECH32 if witver == 0 else Encoding.BECH32M 133 | ret = bech32_encode(hrp, [witver] + convertbits(witprog, 8, 5), spec) 134 | if decode(hrp, ret) == (None, None): 135 | return None 136 | return ret 137 | 138 | -------------------------------------------------------------------------------- /zcash_test_vectors/f4jumble.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b 5 | import math 6 | import struct 7 | 8 | from .output import render_args, render_tv 9 | from .rand import Rand 10 | from .utils import i2leosp 11 | 12 | 13 | # Maximum output length of BLAKE2b 14 | l_H = 64 15 | assert 8*l_H == 512 16 | 17 | MIN_l_M = 48 18 | MAX_l_M = 4194368 19 | assert MAX_l_M == 65537*l_H 20 | 21 | def instantiate(l_L, l_R): 22 | def H(i, u): 23 | digest = blake2b( 24 | digest_size=l_L, 25 | person=b'UA_F4Jumble_H' + bytes([i, 0, 0]), 26 | ) 27 | digest.update(u) 28 | return digest.digest() 29 | 30 | def G(i, u): 31 | def inner(j): 32 | digest = blake2b( 33 | digest_size=l_H, 34 | person=b'UA_F4Jumble_G' + bytes([i]) + i2leosp(16, j), 35 | ) 36 | digest.update(u) 37 | return digest.digest() 38 | 39 | return b''.join([inner(j) for j in range(0, math.ceil(l_R/l_H))])[:l_R] 40 | 41 | return (H, G) 42 | 43 | def xor(x, y): 44 | return bytes([a ^ b for (a, b) in zip(x, y)]) 45 | 46 | def f4jumble(M): 47 | l_M = len(M) 48 | assert MIN_l_M <= l_M and l_M <= MAX_l_M 49 | 50 | l_L = min([l_H, l_M//2]) 51 | l_R = l_M - l_L 52 | (H, G) = instantiate(l_L, l_R) 53 | a = M[:l_L] 54 | b = M[l_L:] 55 | 56 | x = xor(b, G(0, a)) 57 | y = xor(a, H(0, x)) 58 | d = xor(x, G(1, y)) 59 | c = xor(y, H(1, d)) 60 | 61 | return c + d 62 | 63 | def f4jumble_inv(M): 64 | l_M = len(M) 65 | assert MIN_l_M <= l_M and l_M <= MAX_l_M 66 | 67 | l_L = min([l_H, l_M//2]) 68 | l_R = l_M - l_L 69 | (H, G) = instantiate(l_L, l_R) 70 | c = M[:l_L] 71 | d = M[l_L:] 72 | 73 | y = xor(c, H(1, d)) 74 | x = xor(d, G(1, y)) 75 | a = xor(y, H(0, x)) 76 | b = xor(x, G(0, a)) 77 | 78 | return a + b 79 | 80 | 81 | def main(): 82 | args = render_args() 83 | 84 | from random import Random 85 | rng = Random(0xabad533d) 86 | def randbytes(l): 87 | ret = [] 88 | while len(ret) < l: 89 | ret.append(rng.randrange(0, 256)) 90 | return bytes(ret) 91 | rand = Rand(randbytes) 92 | 93 | plain_test_vectors = [] 94 | 95 | # Generate test vectors with various lengths: 96 | for l_M in [ 97 | MIN_l_M, 98 | l_H, 99 | 2*l_H, 100 | 2*l_H + 1, 101 | 3*l_H, 102 | 3*l_H + 1, 103 | 257*l_H, 104 | 257*l_H + 1, 105 | ]: 106 | M = rand.b(l_M) 107 | jumbled = f4jumble(M) 108 | assert len(jumbled) == len(M) 109 | assert f4jumble_inv(jumbled) == M 110 | 111 | plain_test_vectors.append({ 112 | 'normal': M, 113 | 'jumbled': jumbled, 114 | }) 115 | 116 | render_tv( 117 | args, 118 | 'f4jumble', 119 | ( 120 | ('normal', 'Vec'), 121 | ('jumbled', 'Vec'), 122 | ), 123 | plain_test_vectors, 124 | ) 125 | 126 | def long_test_vectors(): 127 | args = render_args() 128 | 129 | hashed_test_vectors = [] 130 | 131 | for l_M in [ 132 | 3246395, 133 | MAX_l_M, 134 | ]: 135 | M = bytes([i & 0xFF for i in range(l_M)]) 136 | jumbled = f4jumble(M) 137 | assert len(jumbled) == len(M) 138 | assert f4jumble_inv(jumbled) == M 139 | 140 | hashed_test_vectors.append({ 141 | 'length': l_M, 142 | 'jumbled_hash': blake2b(jumbled).digest() 143 | }) 144 | 145 | render_tv( 146 | args, 147 | 'f4jumble_long', 148 | ( 149 | ('length', 'usize'), 150 | ('jumbled_hash', '[u8; 64]'), 151 | ), 152 | hashed_test_vectors, 153 | ) 154 | 155 | 156 | if __name__ == "__main__": 157 | main() 158 | -------------------------------------------------------------------------------- /zcash_test_vectors/ff1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | import os 5 | from binascii import unhexlify, hexlify 6 | 7 | from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes 8 | from cryptography.hazmat.backends import default_backend 9 | 10 | from .utils import bebs2ip, i2bebsp, beos2ip, bebs2osp, cldiv 11 | 12 | # Morris Dworkin 13 | # NIST Special Publication 800-38G 14 | # Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption 15 | # 16 | # specialized to the parameters below and a single-block PRF; unoptimized 17 | 18 | radix = 2 19 | minlen = maxlen = 88 20 | maxTlen = 255 21 | assert 2 <= radix and radix < 256 22 | assert radix**minlen >= 100 23 | assert 2 <= minlen and minlen <= maxlen and maxlen < 256 24 | 25 | NUM_2 = bebs2ip 26 | STR_2 = i2bebsp 27 | 28 | 29 | def ff1_aes256_encrypt(key, tweak, x): 30 | n = len(x) 31 | t = len(tweak) 32 | assert minlen <= n and n <= maxlen 33 | assert t <= maxTlen 34 | 35 | u = n//2; v = n-u 36 | assert u == v 37 | A = x[:u]; B = x[u:] 38 | assert radix == 2 39 | b = cldiv(v, 8) 40 | d = 4*cldiv(b, 4) + 4 41 | assert d <= 16 42 | P = bytes([1, 2, 1, 0, 0, radix, 10, u % 256, 0, 0, 0, n, 0, 0, 0, t]) 43 | for i in range(10): 44 | Q = tweak + b'\0'*((-t-b-1) % 16) + bytes([i]) + bebs2osp(B) 45 | y = beos2ip(aes_cbcmac(key, P + Q)[:d]) 46 | c = (NUM_2(A)+y) % (1<. 79 | 80 | key = unhexlify("2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F7F036D6F04FC6A94") 81 | 82 | tweak = b'' 83 | x = [0]*88 84 | ct = ff1_aes256_encrypt(key, tweak, x) 85 | assert ''.join(map(str, ct)) == "0000100100110101011101111111110011000001101100111110011101110101011010100100010011001111", ct 86 | pt = ff1_aes256_decrypt(key, tweak, ct) 87 | assert pt == x, (ct, pt) 88 | 89 | x = list(map(int, "0000100100110101011101111111110011000001101100111110011101110101011010100100010011001111")) 90 | ct = ff1_aes256_encrypt(key, tweak, x) 91 | assert ''.join(map(str, ct)) == "1101101011010001100011110000010011001111110110011101010110100001111001000101011111011000", ct 92 | pt = ff1_aes256_decrypt(key, tweak, ct) 93 | assert pt == x, (ct, pt) 94 | 95 | x = [0, 1]*44 96 | ct = ff1_aes256_encrypt(key, tweak, x) 97 | assert ''.join(map(str, ct)) == "0000111101000001111011010111011111110001100101000000001101101110100010010111001100100110", ct 98 | pt = ff1_aes256_decrypt(key, tweak, ct) 99 | assert pt == x, (ct, pt) 100 | 101 | tweak = bytes(range(maxTlen)) 102 | ct = ff1_aes256_encrypt(key, tweak, x) 103 | assert ''.join(map(str, ct)) == "0111110110001000000111010110000100010101101000000011100111100100100010101101111010100011", ct 104 | pt = ff1_aes256_decrypt(key, tweak, ct) 105 | assert pt == x, (ct, pt) 106 | 107 | key = os.urandom(32) 108 | tweak = b'' 109 | ct = ff1_aes256_encrypt(key, tweak, x) 110 | pt = ff1_aes256_decrypt(key, tweak, ct) 111 | assert pt == x, (ct, pt) 112 | 113 | tweak = os.urandom(maxTlen) 114 | ct = ff1_aes256_encrypt(key, tweak, x) 115 | pt = ff1_aes256_decrypt(key, tweak, ct) 116 | assert pt == x, (ct, pt) 117 | 118 | 119 | def aes_cbcmac(key, input): 120 | encryptor = Cipher(algorithms.AES(key), modes.CBC(b'\0'*16), backend=default_backend()).encryptor() 121 | return (encryptor.update(input) + encryptor.finalize())[-16:] 122 | 123 | def test_aes(): 124 | # Check we're actually using AES-256. 125 | 126 | # 127 | # 128 | 129 | # Simple test (this wouldn't catch a byte order error in the key): 130 | # ECBVarTxt256.rsp COUNT = 0 131 | KEY = unhexlify("0000000000000000000000000000000000000000000000000000000000000000") 132 | PLAINTEXT = unhexlify("80000000000000000000000000000000") 133 | CIPHERTEXT = unhexlify("ddc6bf790c15760d8d9aeb6f9a75fd4e") 134 | assert aes_cbcmac(KEY, PLAINTEXT) == CIPHERTEXT 135 | 136 | # Now something more rigorous: 137 | # ECBMCT256.rsp COUNT = 0 138 | key = unhexlify("f9e8389f5b80712e3886cc1fa2d28a3b8c9cd88a2d4a54c6aa86ce0fef944be0") 139 | acc = unhexlify("b379777f9050e2a818f2940cbbd9aba4") 140 | ct = unhexlify("6893ebaf0a1fccc704326529fdfb60db") 141 | for i in range(1000): 142 | acc = aes_cbcmac(key, acc) 143 | assert acc == ct, hexlify(acc) 144 | 145 | 146 | if __name__ == '__main__': 147 | test_aes() 148 | test_ff1() 149 | -------------------------------------------------------------------------------- /zcash_test_vectors/hd_common.py: -------------------------------------------------------------------------------- 1 | # Common definitions for hierarchical derivation. 2 | 3 | ZCASH_MAIN_COINTYPE = 133 4 | ZCASH_TEST_COINTYPE = 1 5 | 6 | def hardened(i): 7 | assert 0 <= i and i < (1<<31) 8 | return i + (1<<31) 9 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zcash/zcash-test-vectors/ba707b10f570182d48196d97b3c648840ba7a21d/zcash_test_vectors/orchard/__init__.py -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/commitments.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from .group_hash import group_hash 5 | from .pallas import Fp, Scalar 6 | from .sinsemilla import sinsemilla_hash_to_point 7 | from ..utils import i2lebsp 8 | 9 | # Commitment schemes used in Orchard https://zips.z.cash/protocol/nu5.pdf#concretecommit 10 | 11 | # https://zips.z.cash/protocol/nu5.pdf#constants 12 | L_ORCHARD_BASE = 255 13 | 14 | # https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit 15 | def homomorphic_pedersen_commitment(rcv: Scalar, D, v: Scalar): 16 | return group_hash(D, b"v") * v + group_hash(D, b"r") * rcv 17 | 18 | def value_commit(rcv: Scalar, v: Scalar): 19 | return homomorphic_pedersen_commitment(rcv, b"z.cash:Orchard-cv", v) 20 | 21 | def rcv_trapdoor(rand): 22 | return Scalar.random(rand) 23 | 24 | # https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit 25 | def sinsemilla_commit(r: Scalar, D, M): 26 | assert isinstance(r, Scalar) 27 | return sinsemilla_hash_to_point(D + b"-M", M) + ( 28 | group_hash(D + b"-r", b"") * r 29 | ) 30 | 31 | def sinsemilla_short_commit(r: Scalar, D, M): 32 | return sinsemilla_commit(r, D, M).extract() 33 | 34 | # https://zips.z.cash/protocol/nu5.pdf#concreteorchardnotecommit 35 | def note_commit(rcm, g_d, pk_d, v, rho, psi): 36 | return sinsemilla_commit( 37 | rcm, 38 | b"z.cash:Orchard-NoteCommit", 39 | g_d + pk_d + i2lebsp(64, v) + i2lebsp(L_ORCHARD_BASE, rho.s) + i2lebsp(L_ORCHARD_BASE, psi.s) 40 | ) 41 | 42 | def rcm_trapdoor(rand): 43 | return Scalar.random(rand) 44 | 45 | # https://zips.z.cash/protocol/nu5.pdf#concreteorchardnotecommit 46 | def commit_ivk(rivk: Scalar, ak: Fp, nk: Fp): 47 | return sinsemilla_short_commit( 48 | rivk, 49 | b"z.cash:Orchard-CommitIvk", 50 | i2lebsp(L_ORCHARD_BASE, ak.s) + i2lebsp(L_ORCHARD_BASE, nk.s) 51 | ) 52 | 53 | def rivk_trapdoor(rand): 54 | return Scalar.random(rand) 55 | 56 | # Test consistency of ValueCommit^{Orchard} with precomputed generators 57 | def test_value_commit(): 58 | from random import Random 59 | from ..rand import Rand 60 | from .generators import VALUE_COMMITMENT_RANDOMNESS_BASE, VALUE_COMMITMENT_VALUE_BASE 61 | 62 | rng = Random(0xabad533d) 63 | def randbytes(l): 64 | ret = [] 65 | while len(ret) < l: 66 | ret.append(rng.randrange(0, 256)) 67 | return bytes(ret) 68 | rand = Rand(randbytes) 69 | 70 | rcv = rcv_trapdoor(rand) 71 | v = Scalar(100000000) 72 | 73 | assert value_commit(rcv, v) == VALUE_COMMITMENT_RANDOMNESS_BASE * rcv + VALUE_COMMITMENT_VALUE_BASE * v 74 | 75 | if __name__ == '__main__': 76 | test_value_commit() 77 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/empty_roots.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from .merkle_tree import empty_roots 5 | from .pallas import Fp 6 | 7 | from ..output import render_args, render_tv 8 | from ..utils import i2lebsp 9 | 10 | 11 | def main(): 12 | args = render_args() 13 | 14 | render_tv( 15 | args, 16 | 'orchard_empty_roots', 17 | ( 18 | ('empty_roots', '[[u8; 32]; 33]'), 19 | ), 20 | { 21 | 'empty_roots': list(map(bytes, empty_roots())), 22 | }, 23 | ) 24 | 25 | 26 | if __name__ == '__main__': 27 | main() 28 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/generators.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2s 5 | 6 | from ..output import render_args, render_tv 7 | from .group_hash import group_hash 8 | from .sinsemilla import sinsemilla_hash_to_point 9 | 10 | # https://zips.z.cash/protocol/nu5.pdf#concretespendauthsig 11 | SPENDING_KEY_BASE = group_hash(b'z.cash:Orchard', b'G') 12 | 13 | # https://zips.z.cash/protocol/nu5.pdf#commitmentsandnullifiers 14 | NULLIFIER_K_BASE = group_hash(b'z.cash:Orchard', b'K') 15 | 16 | # https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit 17 | VALUE_COMMITMENT_VALUE_BASE = group_hash(b'z.cash:Orchard-cv', b'v') 18 | VALUE_COMMITMENT_RANDOMNESS_BASE = group_hash(b'z.cash:Orchard-cv', b'r') 19 | 20 | # Used in SinsemillaCommit (https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit) 21 | NOTE_COMMITMENT_BASE = group_hash(b'z.cash:Orchard-NoteCommit-r', b'') 22 | NOTE_COMMITMENT_Q = group_hash(b'z.cash:SinsemillaQ', b'z.cash:Orchard-NoteCommit-M') 23 | 24 | # Used in SinsemillaShortCommit (https://zips.z.cash/protocol/nu5.pdf#concretesinsemillacommit) 25 | IVK_COMMITMENT_BASE = group_hash(b'z.cash:Orchard-CommitIvk-r', b'') 26 | IVK_COMMITMENT_Q = group_hash(b'z.cash:SinsemillaQ', b'z.cash:Orchard-CommitIvk-M') 27 | 28 | # Used in SinsemillaHash (https://zips.z.cash/protocol/nu5.pdf#orchardmerklecrh) 29 | MERKLE_CRH_Q = group_hash(b'z.cash:SinsemillaQ', b'z.cash:Orchard-MerkleCRH') 30 | 31 | def main(): 32 | render_tv( 33 | render_args(), 34 | 'orchard_generators', 35 | ( 36 | ('skb', '[u8; 32]'), 37 | ('nkb', '[u8; 32]'), 38 | ('vcvb', '[u8; 32]'), 39 | ('vcrb', '[u8; 32]'), 40 | ('cmb', '[u8; 32]'), 41 | ('cmq', '[u8; 32]'), 42 | ('ivkb', '[u8; 32]'), 43 | ('ivkq', '[u8; 32]'), 44 | ('mcq', '[u8; 32]'), 45 | ), 46 | { 47 | 'skb': bytes(SPENDING_KEY_BASE), 48 | 'nkb': bytes(NULLIFIER_K_BASE), 49 | 'vcvb': bytes(VALUE_COMMITMENT_VALUE_BASE), 50 | 'vcrb': bytes(VALUE_COMMITMENT_RANDOMNESS_BASE), 51 | 'cmb': bytes(NOTE_COMMITMENT_BASE), 52 | 'cmq': bytes(NOTE_COMMITMENT_Q), 53 | 'ivkb': bytes(IVK_COMMITMENT_BASE), 54 | 'ivkq': bytes(IVK_COMMITMENT_Q), 55 | 'mcq': bytes(MERKLE_CRH_Q), 56 | }, 57 | ) 58 | 59 | 60 | if __name__ == '__main__': 61 | main() 62 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/key_components.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from ..ff1 import ff1_aes256_encrypt 5 | from ..sapling.key_components import prf_expand 6 | from ..zip_0032 import CKDh, HardenedOnlyContext, MKGh 7 | 8 | from .generators import NULLIFIER_K_BASE, SPENDING_KEY_BASE, group_hash 9 | from .pallas import Fp, Scalar, Point 10 | from . import poseidon 11 | from .commitments import commit_ivk 12 | from ..utils import i2leosp, i2lebsp, lebs2osp 13 | from .utils import to_base, to_scalar 14 | from ..output import render_args, render_tv 15 | 16 | # 17 | # PRFs and hashes 18 | # 19 | 20 | def diversify_hash(d): 21 | P = group_hash(b'z.cash:Orchard-gd', d) 22 | if P == Point.identity(): 23 | P = group_hash(b'z.cash:Orchard-gd', b'') 24 | return P 25 | 26 | def prf_nf_orchard(nk, rho): 27 | return poseidon.hash(nk, rho) 28 | 29 | def derive_nullifier(nk, rho: Fp, psi: Fp, cm): 30 | scalar = prf_nf_orchard(nk, rho) + psi # addition mod p 31 | point = NULLIFIER_K_BASE * Scalar(scalar.s) + cm 32 | return point.extract() 33 | 34 | # 35 | # Key components 36 | # 37 | 38 | class SpendingKey(object): 39 | def __init__(self, data): 40 | self.data = data 41 | 42 | self.ask = to_scalar(prf_expand(self.data, b'\x06')) 43 | self.nk = to_base(prf_expand(self.data, b'\x07')) 44 | self.rivk = to_scalar(prf_expand(self.data, b'\x08')) 45 | if self.ask == Scalar.ZERO: 46 | raise ValueError("invalid spending key") 47 | 48 | self.akP = SPENDING_KEY_BASE * self.ask 49 | if bytes(self.akP)[-1] & 0x80 != 0: 50 | self.ask = -self.ask 51 | 52 | self.ak = self.akP.extract() 53 | assert commit_ivk(self.rivk, self.ak, self.nk) is not None 54 | 55 | 56 | class ExtendedSpendingKey(SpendingKey): 57 | Orchard = HardenedOnlyContext(b'ZcashIP32Orchard', b'\x81') 58 | 59 | def __init__(self, chaincode, data): 60 | SpendingKey.__init__(self, data) 61 | self.chaincode = chaincode 62 | 63 | @classmethod 64 | def master(cls, S): 65 | (sk, chaincode) = MKGh(cls.Orchard, S) 66 | return cls(chaincode, sk) 67 | 68 | def child(self, i): 69 | (sk_i, c_i) = CKDh(self.Orchard, self.data, self.chaincode, i, 0, b"") 70 | return self.__class__(c_i, sk_i) 71 | 72 | 73 | class FullViewingKey(object): 74 | def __init__(self, rivk, ak, nk): 75 | (self.rivk, self.ak, self.nk) = (rivk, ak, nk) 76 | K = i2leosp(256, self.rivk.s) 77 | R = prf_expand(K, b'\x82' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s)) 78 | self.dk = R[:32] 79 | self.ovk = R[32:] 80 | 81 | @classmethod 82 | def from_spending_key(cls, sk): 83 | return cls(sk.rivk, sk.ak, sk.nk) 84 | 85 | def ivk(self): 86 | return commit_ivk(self.rivk, self.ak, self.nk) 87 | 88 | def diversifier(self, j): 89 | return lebs2osp(ff1_aes256_encrypt(self.dk, b'', i2lebsp(88, j))) 90 | 91 | def default_d(self): 92 | return self.diversifier(0) 93 | 94 | def g_d(self, j): 95 | return diversify_hash(self.diversifier(j)) 96 | 97 | def pk_d(self, j): 98 | return self.g_d(j) * Scalar(self.ivk().s) 99 | 100 | def default_pkd(self): 101 | return self.pk_d(0) 102 | 103 | def internal(self): 104 | K = i2leosp(256, self.rivk.s) 105 | rivk_internal = to_scalar(prf_expand(K, b'\x83' + i2leosp(256, self.ak.s) + i2leosp(256, self.nk.s))) 106 | return self.__class__(rivk_internal, self.ak, self.nk) 107 | 108 | 109 | def main(): 110 | args = render_args() 111 | 112 | from .note import OrchardNote 113 | from random import Random 114 | from ..rand import Rand 115 | 116 | rng = Random(0xabad533d) 117 | def randbytes(l): 118 | ret = [] 119 | while len(ret) < l: 120 | ret.append(rng.randrange(0, 256)) 121 | return bytes(ret) 122 | rand = Rand(randbytes) 123 | 124 | test_vectors = [] 125 | for _ in range(0, 10): 126 | sk = SpendingKey(rand.b(32)) 127 | fvk = FullViewingKey.from_spending_key(sk) 128 | default_d = fvk.default_d() 129 | default_pk_d = fvk.default_pkd() 130 | 131 | note_v = rand.u64() 132 | note_rho = Fp.random(rand) 133 | note_rseed = rand.b(32) 134 | note = OrchardNote( 135 | default_d, 136 | default_pk_d, 137 | note_v, 138 | note_rho, 139 | note_rseed, 140 | ) 141 | note_cm = note.note_commitment() 142 | note_nf = derive_nullifier(fvk.nk, note_rho, note.psi, note_cm) 143 | 144 | internal = fvk.internal() 145 | test_vectors.append({ 146 | 'sk': sk.data, 147 | 'ask': bytes(sk.ask), 148 | 'ak': bytes(fvk.ak), 149 | 'nk': bytes(fvk.nk), 150 | 'rivk': bytes(fvk.rivk), 151 | 'ivk': bytes(fvk.ivk()), 152 | 'ovk': fvk.ovk, 153 | 'dk': fvk.dk, 154 | 'default_d': default_d, 155 | 'default_pk_d': bytes(default_pk_d), 156 | 'internal_rivk': bytes(internal.rivk), 157 | 'internal_ivk': bytes(internal.ivk()), 158 | 'internal_ovk': internal.ovk, 159 | 'internal_dk': internal.dk, 160 | 'note_v': note_v, 161 | 'note_rho': bytes(note_rho), 162 | 'note_rseed': bytes(note_rseed), 163 | 'note_cmx': bytes(note_cm.extract()), 164 | 'note_nf': bytes(note_nf), 165 | }) 166 | 167 | render_tv( 168 | args, 169 | 'orchard_key_components', 170 | ( 171 | ('sk', '[u8; 32]'), 172 | ('ask', '[u8; 32]'), 173 | ('ak', '[u8; 32]'), 174 | ('nk', '[u8; 32]'), 175 | ('rivk', '[u8; 32]'), 176 | ('ivk', '[u8; 32]'), 177 | ('ovk', '[u8; 32]'), 178 | ('dk', '[u8; 32]'), 179 | ('default_d', '[u8; 11]'), 180 | ('default_pk_d', '[u8; 32]'), 181 | ('internal_rivk', '[u8; 32]'), 182 | ('internal_ivk', '[u8; 32]'), 183 | ('internal_ovk', '[u8; 32]'), 184 | ('internal_dk', '[u8; 32]'), 185 | ('note_v', 'u64'), 186 | ('note_rho', '[u8; 32]'), 187 | ('note_rseed', '[u8; 32]'), 188 | ('note_cmx', '[u8; 32]'), 189 | ('note_nf', '[u8; 32]'), 190 | ), 191 | test_vectors, 192 | ) 193 | 194 | 195 | if __name__ == '__main__': 196 | main() 197 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/merkle_tree.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from binascii import unhexlify 5 | 6 | from .pallas import Fp 7 | from .sinsemilla import sinsemilla_hash 8 | 9 | from ..output import render_args, render_tv 10 | from ..utils import i2lebsp, leos2bsp 11 | 12 | # https://zips.z.cash/protocol/nu5.pdf#constants 13 | MERKLE_DEPTH = 32 14 | L_MERKLE = 255 15 | UNCOMMITTED_ORCHARD = Fp(2) 16 | 17 | # https://zips.z.cash/protocol/nu5.pdf#orchardmerklecrh 18 | def merkle_crh(layer, left, right, depth=MERKLE_DEPTH): 19 | assert layer < depth 20 | assert len(left) == L_MERKLE 21 | assert len(right) == L_MERKLE 22 | l = i2lebsp(10, depth - 1 - layer) 23 | return sinsemilla_hash(b"z.cash:Orchard-MerkleCRH", l + left + right) 24 | 25 | left = unhexlify("87a086ae7d2252d58729b30263fb7b66308bf94ef59a76c9c86e7ea016536505")[::-1] 26 | right = unhexlify("a75b84a125b2353da7e8d96ee2a15efe4de23df9601b9d9564ba59de57130406")[::-1] 27 | 28 | left = leos2bsp(left)[:L_MERKLE] 29 | right = leos2bsp(right)[:L_MERKLE] 30 | 31 | # parent = merkle_crh(MERKLE_DEPTH - 1 - 25, left, right) 32 | parent = Fp(626278560043615083774572461435172561667439770708282630516615972307985967801) 33 | assert merkle_crh(MERKLE_DEPTH - 1 - 25, left, right) == parent 34 | assert merkle_crh(MERKLE_DEPTH - 1 - 26, left, right) != parent 35 | 36 | def empty_roots(): 37 | empty_roots = [UNCOMMITTED_ORCHARD] 38 | for layer in range(0, MERKLE_DEPTH)[::-1]: 39 | bits = i2lebsp(L_MERKLE, empty_roots[-1].s) 40 | empty_roots.append(merkle_crh(layer, bits, bits)) 41 | return empty_roots 42 | 43 | 44 | def main(): 45 | args = render_args() 46 | 47 | from random import Random 48 | from ..rand import Rand 49 | 50 | rng = Random(0xabad533d) 51 | def randbytes(l): 52 | ret = [] 53 | while len(ret) < l: 54 | ret.append(rng.randrange(0, 256)) 55 | return bytes(ret) 56 | rand = Rand(randbytes) 57 | 58 | SMALL_DEPTH = 4 59 | 60 | # Derive path for each leaf in a tree of depth 4. 61 | def get_paths_and_root(leaves): 62 | assert(len(leaves) == (1 << SMALL_DEPTH)) 63 | paths = [[] for _ in range(1 << SMALL_DEPTH)] 64 | 65 | # At layer 0, we want: 66 | # - leaf 0: sibling 1 67 | # - leaf 1: sibling 0 68 | # - leaf 2: sibling 3 69 | # - leaf 3: sibling 2 (etc.) 70 | # We repeat this all the way up, just with shorter arrays. 71 | cur_layer = leaves 72 | next_layer = [] 73 | for l in range(0, SMALL_DEPTH): 74 | # Iterate over nodes in the current layer. 75 | for i in range(0, len(cur_layer)): 76 | is_left = (i % 2) == 0 77 | sibling = cur_layer[i + 1] if is_left else cur_layer[i - 1] 78 | 79 | # As we compute the tree, we start appending siblings to 80 | # multiple paths. Each sibling corresponds to (1 << layer) 81 | # leaves. 82 | leaves_per_sibling = (1 << l) 83 | for j in range(leaves_per_sibling * i, leaves_per_sibling * (i+1)): 84 | paths[j].append(sibling) 85 | 86 | # Compute the parent of the current pair of siblings. 87 | if is_left: 88 | layer = SMALL_DEPTH - 1 - l 89 | left = leos2bsp(bytes(cur_layer[i]))[:L_MERKLE] 90 | right = leos2bsp(bytes(sibling))[:L_MERKLE] 91 | next_layer.append(merkle_crh(layer, left, right, depth=SMALL_DEPTH)) 92 | 93 | cur_layer = next_layer 94 | next_layer = [] 95 | 96 | # We should have reached the root of the tree. 97 | assert(len(cur_layer) == 1) 98 | return (paths, cur_layer[0]) 99 | 100 | # Test vectors: 101 | # - Create empty tree of depth 4. 102 | # - Append random leaves 103 | # - After each leaf is appended, derive the Merkle paths for every leaf 104 | # position (using the empty leaf for positions that have not been filled). 105 | test_vectors = [] 106 | leaves = [UNCOMMITTED_ORCHARD] * (1 << SMALL_DEPTH) 107 | for i in range(0, (1 << SMALL_DEPTH)): 108 | print("Appending leaf", i + 1, file = sys.stderr) 109 | # Append next leaf 110 | leaves[i] = Fp.random(rand) 111 | 112 | # Derive Merkle paths for all leaves 113 | (paths, root) = get_paths_and_root(leaves) 114 | 115 | test_vectors.append({ 116 | 'leaves': [bytes(leaf) for leaf in leaves], 117 | 'paths': [[bytes(node) for node in path] for path in paths], 118 | 'root': bytes(root), 119 | }) 120 | 121 | render_tv( 122 | args, 123 | 'orchard_merkle_tree', 124 | ( 125 | ('leaves', '[[u8; 32]; %d]' % (1 << SMALL_DEPTH)), 126 | ('paths', '[[[u8; 32]; %d]; %d]' % (SMALL_DEPTH, (1 << SMALL_DEPTH))), 127 | ('root', '[u8; 32]'), 128 | ), 129 | test_vectors, 130 | ) 131 | 132 | 133 | if __name__ == '__main__': 134 | main() 135 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/note.py: -------------------------------------------------------------------------------- 1 | import struct 2 | 3 | from .commitments import note_commit 4 | from .key_components import diversify_hash, prf_expand, derive_nullifier, FullViewingKey, SpendingKey 5 | from .pallas import Point, Scalar 6 | from .utils import to_base, to_scalar 7 | 8 | from ..utils import leos2bsp 9 | 10 | class OrchardNote(object): 11 | def __init__(self, d, pk_d, v, rho, rseed): 12 | assert isinstance(v, int) 13 | self.d = d 14 | self.pk_d = pk_d 15 | self.v = v 16 | self.rho = rho 17 | self.rseed = rseed 18 | self.rcm = self.rcm() 19 | self.psi = self.psi() 20 | 21 | def __eq__(self, other): 22 | if other is None: 23 | return False 24 | return ( 25 | self.d == other.d and 26 | self.pk_d == other.pk_d and 27 | self.v == other.v and 28 | self.rho == other.rho and 29 | self.rcm == other.rcm and 30 | self.psi == other.psi 31 | ) 32 | 33 | def rcm(self): 34 | return to_scalar(prf_expand(self.rseed, b'\x05' + bytes(self.rho))) 35 | 36 | def psi(self): 37 | return to_base(prf_expand(self.rseed, b'\x09' + bytes(self.rho))) 38 | 39 | def note_commitment(self): 40 | g_d = diversify_hash(self.d) 41 | return note_commit(self.rcm, leos2bsp(bytes(g_d)), leos2bsp(bytes(self.pk_d)), self.v, self.rho, self.psi) 42 | 43 | def note_plaintext(self, memo): 44 | return OrchardNotePlaintext(self.d, self.v, self.rseed, memo) 45 | 46 | # https://zips.z.cash/protocol/nu5.pdf#notept 47 | class OrchardNotePlaintext(object): 48 | def __init__(self, d, v, rseed, memo): 49 | self.leadbyte = bytes.fromhex('02') 50 | self.d = d 51 | self.v = v 52 | self.rseed = rseed 53 | self.memo = memo 54 | 55 | def __bytes__(self): 56 | return ( 57 | self.leadbyte + 58 | self.d + 59 | struct.pack('= 3, "Python 3 required." 3 | 4 | import math 5 | 6 | from .pallas import Fp, Point 7 | from ..utils import cldiv, lebs2ip, i2leosp 8 | from .group_hash import group_hash 9 | from ..output import render_args, render_tv 10 | from ..rand import Rand 11 | 12 | SINSEMILLA_K = 10 13 | 14 | # Interprets a string or a list as a sequence of bits. 15 | def str_to_bits(s): 16 | for c in s: 17 | assert c in ['0', '1', 0, 1, False, True] 18 | # Regular Python truthiness is fine here except for bool('0') == True. 19 | return [c != '0' and bool(c) for c in s] 20 | 21 | def pad(n, m): 22 | padding_needed = n * SINSEMILLA_K - len(m) 23 | zeros = [0] * padding_needed 24 | m = list(m) + zeros 25 | 26 | return [lebs2ip(str_to_bits(m[i*SINSEMILLA_K : (i+1)*SINSEMILLA_K])) for i in range(n)] 27 | 28 | def sinsemilla_hash_to_point(d, m): 29 | n = cldiv(len(m), SINSEMILLA_K) 30 | m = pad(n, m) 31 | acc = group_hash(b"z.cash:SinsemillaQ", d) 32 | 33 | for m_i in m: 34 | acc = acc.checked_incomplete_add( 35 | group_hash(b"z.cash:SinsemillaS", i2leosp(32, m_i)) 36 | ).checked_incomplete_add(acc) 37 | 38 | return acc 39 | 40 | def sinsemilla_hash(d, m): 41 | return sinsemilla_hash_to_point(d, m).extract() 42 | 43 | 44 | def main(): 45 | test_vectors = [ 46 | # 40 bits, so no padding 47 | (b"z.cash:test-Sinsemilla", [0,0,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0]), 48 | ] 49 | 50 | sh = sinsemilla_hash_to_point(test_vectors[0][0], test_vectors[0][1]) 51 | assert sh == Point(Fp(19681977528872088480295086998934490146368213853811658798708435106473481753752), 52 | Fp(14670850419772526047574141291705097968771694788047376346841674072293161339903)) 53 | 54 | from random import Random 55 | rng = Random(0xabad533d) 56 | def randbytes(l): 57 | ret = [] 58 | while len(ret) < l: 59 | ret.append(rng.randrange(0, 256)) 60 | return bytes(ret) 61 | rand = Rand(randbytes) 62 | 63 | # Generate test vectors with the following properties: 64 | # - One of two domains. 65 | # - Random message lengths between 0 and 255 bytes. 66 | # - Random message bits. 67 | for _ in range(10): 68 | domain = b"z.cash:test-Sinsemilla-longer" if rand.bool() else b"z.cash:test-Sinsemilla" 69 | msg_len = rand.u8() 70 | msg = bytes([rand.bool() for _ in range(msg_len)]) 71 | test_vectors.append((domain, msg)) 72 | 73 | test_vectors = [{ 74 | 'domain': domain, 75 | 'msg': msg, 76 | 'point': bytes(sinsemilla_hash_to_point(domain, msg)), 77 | 'hash': bytes(sinsemilla_hash(domain, msg)), 78 | } for (domain, msg) in test_vectors] 79 | 80 | render_tv( 81 | render_args(), 82 | 'orchard_sinsemilla', 83 | ( 84 | ('domain', {'rust_type': 'Vec', 'bitcoin_flavoured': False}), 85 | ('msg', { 86 | 'rust_type': 'Vec', 87 | 'rust_fmt': lambda x: str_to_bits(x), 88 | }), 89 | ('point', '[u8; 32]'), 90 | ('hash', '[u8; 32]'), 91 | ), 92 | test_vectors, 93 | ) 94 | 95 | 96 | if __name__ == "__main__": 97 | main() 98 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from .pallas import Fp, Scalar 5 | from ..utils import leos2ip 6 | 7 | # 8 | # Utilities 9 | # 10 | 11 | def to_scalar(buf): 12 | return Scalar(leos2ip(buf)) 13 | 14 | def to_base(buf): 15 | return Fp(leos2ip(buf)) 16 | -------------------------------------------------------------------------------- /zcash_test_vectors/orchard/zip32.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b 5 | 6 | from .key_components import FullViewingKey, ExtendedSpendingKey 7 | 8 | from ..hd_common import hardened 9 | from ..utils import i2leosp 10 | from ..output import render_args, render_tv 11 | 12 | 13 | class DerivedSpendingKey(object): 14 | def __init__(self, extsk, depth=0, parent_tag=i2leosp(32, 0), i=0): 15 | self._extsk = extsk 16 | self._depth = depth 17 | self._parent_tag = parent_tag 18 | self._i = i 19 | 20 | def __eq__(self, other): 21 | return (self._extsk == other._extsk and 22 | self._depth == other._depth and 23 | self._parent_tag == other._parent_tag and 24 | self._i == other._i) 25 | 26 | @classmethod 27 | def master(cls, S): 28 | return cls(ExtendedSpendingKey.master(S)) 29 | 30 | def sk(self): 31 | return self._extsk.data 32 | 33 | def c(self): 34 | return self._extsk.chaincode 35 | 36 | def depth(self): 37 | return self._depth 38 | 39 | def parent_tag(self): 40 | return self._parent_tag 41 | 42 | def i(self): 43 | return self._i 44 | 45 | def fingerprint(self): 46 | fvk = FullViewingKey.from_spending_key(self._extsk) 47 | digest = blake2b(person=b'ZcashOrchardFVFP', digest_size=32) 48 | digest.update(bytes(fvk.ak) + bytes(fvk.nk) + bytes(fvk.rivk)) 49 | return digest.digest() 50 | 51 | def tag(self): 52 | return self.fingerprint()[:4] 53 | 54 | def __bytes__(self): 55 | return (i2leosp(8, self.depth()) + 56 | self.parent_tag() + 57 | i2leosp(32, self.i()) + 58 | self.c() + 59 | self.sk()) 60 | 61 | def child(self, i): 62 | return self.__class__(self._extsk.child(i), self.depth()+1, self.tag(), i) 63 | 64 | 65 | def main(): 66 | args = render_args() 67 | 68 | seed = bytes(range(32)) 69 | m = DerivedSpendingKey.master(seed) 70 | m_1h = m.child(hardened(1)) 71 | m_1h_2h = m_1h.child(hardened(2)) 72 | m_1h_2h_3h = m_1h_2h.child(hardened(3)) 73 | 74 | keys = [m, m_1h, m_1h_2h, m_1h_2h_3h] 75 | 76 | render_tvs(args, keys) 77 | 78 | def render_tvs(args, keys): 79 | test_vectors = [ 80 | {'sk' : k.sk(), 81 | 'c' : k.c(), 82 | 'xsk' : bytes(k), 83 | 'fp' : k.fingerprint(), 84 | } 85 | for k in keys 86 | ] 87 | 88 | render_tv( 89 | args, 90 | 'orchard_zip32', 91 | ( 92 | ('sk', '[u8; 32]'), 93 | ('c', '[u8; 32]'), 94 | ('xsk', '[u8; 73]'), 95 | ('fp', '[u8; 32]'), 96 | ), 97 | test_vectors, 98 | ) 99 | 100 | if __name__ == '__main__': 101 | main() 102 | -------------------------------------------------------------------------------- /zcash_test_vectors/rand.py: -------------------------------------------------------------------------------- 1 | import os 2 | import struct 3 | 4 | def randbytes_inner(rng, l): 5 | ret = [] 6 | while len(ret) < l: 7 | ret.append(rng.randrange(0, 256)) 8 | return bytes(ret) 9 | 10 | def randbytes(rng): 11 | return lambda l: randbytes_inner(rng, l) 12 | 13 | class Rand(object): 14 | def __init__(self, random=os.urandom): 15 | self._random = random 16 | 17 | def b(self, l): 18 | return self._random(l) 19 | 20 | def v(self, l, f): 21 | return struct.unpack(f, self.b(l))[0] 22 | 23 | def i8(self): 24 | return self.v(1, 'b') 25 | 26 | def u8(self): 27 | return self.v(1, 'B') 28 | 29 | def u32(self): 30 | return self.v(4, ' 0 37 | 38 | def a(self, vals): 39 | return vals[self.u8() % len(vals)] 40 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zcash/zcash-test-vectors/ba707b10f570182d48196d97b3c648840ba7a21d/zcash_test_vectors/sapling/__init__.py -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/generators.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2s 5 | 6 | from .jubjub import Point, JUBJUB_COFACTOR 7 | from ..output import render_args, render_tv 8 | from ..utils import i2leosp 9 | 10 | # First 64 bytes of the BLAKE2s input during group hash. 11 | # This is chosen to be some random string that we couldn't have 12 | # anticipated when we designed the algorithm, for rigidity purposes. 13 | # We deliberately use an ASCII hex string of 32 bytes here. 14 | URS = b'096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0' 15 | 16 | 17 | # 18 | # Group hash 19 | # 20 | 21 | def group_hash(D, M): 22 | digest = blake2s(person=D) 23 | digest.update(URS) 24 | digest.update(M) 25 | p = Point.from_bytes(digest.digest()) 26 | if p is None: 27 | return None 28 | q = p * JUBJUB_COFACTOR 29 | if q == Point.ZERO: 30 | return None 31 | return q 32 | 33 | def find_group_hash(D, M): 34 | i = 0 35 | while True: 36 | p = group_hash(D, M + bytes([i])) 37 | if p is not None: 38 | return p 39 | i += 1 40 | assert i < 256 41 | 42 | 43 | # 44 | # Sapling generators 45 | # 46 | 47 | SPENDING_KEY_BASE = find_group_hash(b'Zcash_G_', b'') 48 | PROVING_KEY_BASE = find_group_hash(b'Zcash_H_', b'') 49 | NOTE_POSITION_BASE = find_group_hash(b'Zcash_J_', b'') 50 | WINDOWED_PEDERSEN_RANDOMNESS_BASE = find_group_hash(b'Zcash_PH', b'r') 51 | VALUE_COMMITMENT_VALUE_BASE = find_group_hash(b'Zcash_cv', b'v') 52 | VALUE_COMMITMENT_RANDOMNESS_BASE = find_group_hash(b'Zcash_cv', b'r') 53 | 54 | required_bases = 4 55 | PEDERSEN_BASES = [find_group_hash(b'Zcash_PH', i2leosp(32, iminus1)) 56 | for iminus1 in range(0, required_bases)] 57 | 58 | def main(): 59 | render_tv( 60 | render_args(), 61 | 'sapling_generators', 62 | ( 63 | ('skb', '[u8; 32]'), 64 | ('pkb', '[u8; 32]'), 65 | ('npb', '[u8; 32]'), 66 | ('wprb', '[u8; 32]'), 67 | ('vcvb', '[u8; 32]'), 68 | ('vcrb', '[u8; 32]'), 69 | ('pb0', '[u8; 32]'), 70 | ('pb1', '[u8; 32]'), 71 | ('pb2', '[u8; 32]'), 72 | ('pb3', '[u8; 32]'), 73 | ), 74 | { 75 | 'skb': bytes(SPENDING_KEY_BASE), 76 | 'pkb': bytes(PROVING_KEY_BASE), 77 | 'npb': bytes(NOTE_POSITION_BASE), 78 | 'wprb': bytes(WINDOWED_PEDERSEN_RANDOMNESS_BASE), 79 | 'vcvb': bytes(VALUE_COMMITMENT_VALUE_BASE), 80 | 'vcrb': bytes(VALUE_COMMITMENT_RANDOMNESS_BASE), 81 | 'pb0': bytes(PEDERSEN_BASES[0]), 82 | 'pb1': bytes(PEDERSEN_BASES[1]), 83 | 'pb2': bytes(PEDERSEN_BASES[2]), 84 | 'pb3': bytes(PEDERSEN_BASES[3]), 85 | }, 86 | ) 87 | 88 | 89 | if __name__ == '__main__': 90 | main() 91 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/jubjub.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from ..utils import i2lebsp, leos2ip, i2leosp 5 | 6 | q_j = 52435875175126190479447740508185965837690552500527637822603658699938581184513 7 | r_j = 6554484396890773809930967563523245729705921265872317281365359162392183254199 8 | 9 | qm1d2 = 26217937587563095239723870254092982918845276250263818911301829349969290592256 10 | assert (q_j - 1) // 2 == qm1d2 11 | 12 | 13 | # 14 | # Field arithmetic 15 | # 16 | 17 | class FieldElement(object): 18 | def __init__(self, t, s, modulus, strict=False): 19 | if strict and not (0 <= s and s < modulus): 20 | raise ValueError 21 | self.t = t 22 | self.s = s % modulus 23 | self.m = modulus 24 | 25 | def __neg__(self): 26 | return self.t(-self.s) 27 | 28 | def __add__(self, a): 29 | return self.t(self.s + a.s) 30 | 31 | def __sub__(self, a): 32 | return self.t(self.s - a.s) 33 | 34 | def __mul__(self, a): 35 | return self.t(self.s * a.s) 36 | 37 | def __truediv__(self, a): 38 | assert a.s != 0 39 | return self * a.inv() 40 | 41 | def exp(self, e): 42 | e = format(e, '0256b') 43 | ret = self.t(1) 44 | for c in e: 45 | ret = ret * ret 46 | if int(c): 47 | ret = ret * self 48 | return ret 49 | 50 | def inv(self): 51 | return self.exp(self.m - 2) 52 | 53 | def bits(self, l): 54 | return i2lebsp(l, self.s) 55 | 56 | def __bytes__(self): 57 | return i2leosp(256, self.s) 58 | 59 | def __eq__(self, a): 60 | return self.s == a.s 61 | 62 | 63 | 64 | class Fq(FieldElement): 65 | @staticmethod 66 | def from_bytes(buf): 67 | return Fq(leos2ip(buf), strict=True) 68 | 69 | def __init__(self, s, strict=False): 70 | FieldElement.__init__(self, Fq, s, q_j, strict=strict) 71 | 72 | def __str__(self): 73 | return 'Fq(%s)' % self.s 74 | 75 | def sqrt(self): 76 | # Tonelli-Shank's algorithm for q mod 16 = 1 77 | # https://eprint.iacr.org/2012/685.pdf (page 12, algorithm 5) 78 | a = self.exp(qm1d2) 79 | if a == self.ONE: 80 | c = Fq(10238227357739495823651030575849232062558860180284477541189508159991286009131) 81 | r = self.exp(6104339283789297388802252303364915521546564123189034618274734669824) 82 | t = self.exp(12208678567578594777604504606729831043093128246378069236549469339647) 83 | m = 32 84 | 85 | # 7: while b != 1 do 86 | while t != self.ONE: 87 | # 8: Find least integer k >= 0 such that b^(2^k) == 1 88 | i = 1 89 | t2i = t * t 90 | while t2i != self.ONE: 91 | t2i = t2i * t2i 92 | i += 1 93 | assert i < m 94 | 95 | # 9: 96 | # w <- z^(2^(v-k-1)) 97 | for _ in range(0, m - i - 1): 98 | c = c * c 99 | # b <- bz 100 | r = r * c 101 | # z <- w^2 102 | c = c * c 103 | # x <- xw 104 | t = t * c 105 | # v <- k 106 | m = i 107 | assert r * r == self 108 | return r 109 | elif a == self.MINUS_ONE: 110 | return None 111 | return self.ZERO 112 | 113 | 114 | class Fr(FieldElement): 115 | def __init__(self, s, strict=False): 116 | FieldElement.__init__(self, Fr, s, r_j, strict=strict) 117 | 118 | def __str__(self): 119 | return 'Fr(%s)' % self.s 120 | 121 | Fq.ZERO = Fq(0) 122 | Fq.ONE = Fq(1) 123 | Fq.MINUS_ONE = Fq(-1) 124 | 125 | assert Fq.ZERO + Fq.ZERO == Fq.ZERO 126 | assert Fq.ZERO + Fq.ONE == Fq.ONE 127 | assert Fq.ONE + Fq.ZERO == Fq.ONE 128 | assert Fq.ZERO - Fq.ONE == Fq.MINUS_ONE 129 | assert Fq.ZERO * Fq.ONE == Fq.ZERO 130 | assert Fq.ONE * Fq.ZERO == Fq.ZERO 131 | 132 | _A = Fq(-13443226831829260228624682877674385705155231329884953466695813022153219761455) 133 | _A_SQUARED = Fq(1615918303262283860389448007513155112015187847020867660361132469416696757234) 134 | assert _A * _A == _A_SQUARED 135 | assert _A.exp(2) == _A_SQUARED 136 | assert _A_SQUARED.sqrt() == _A 137 | 138 | 139 | # 140 | # Point arithmetic 141 | # 142 | 143 | JUBJUB_A = Fq.MINUS_ONE 144 | JUBJUB_D = Fq(-10240) / Fq(10241) 145 | JUBJUB_COFACTOR = Fr(8) 146 | 147 | class Point(object): 148 | @staticmethod 149 | def rand(rand): 150 | while True: 151 | data = rand.b(32) 152 | p = Point.from_bytes(data) 153 | if p is not None: 154 | return p 155 | 156 | @staticmethod 157 | def from_bytes(buf): 158 | assert len(buf) == 32 159 | u_sign = buf[31] >> 7 160 | buf = buf[:31] + bytes([buf[31] & 0b01111111]) 161 | try: 162 | v = Fq.from_bytes(buf) 163 | except ValueError: 164 | return None 165 | 166 | vv = v * v 167 | u2 = (vv - Fq.ONE) / (vv * JUBJUB_D - JUBJUB_A) 168 | 169 | u = u2.sqrt() 170 | if u is None: 171 | return None 172 | 173 | if u.s % 2 != u_sign: 174 | u = Fq.ZERO - u 175 | 176 | return Point(u, v) 177 | 178 | def __init__(self, u, v): 179 | self.u = u 180 | self.v = v 181 | 182 | def __add__(self, a): 183 | (u1, v1) = (self.u, self.v) 184 | (u2, v2) = (a.u, a.v) 185 | u3 = (u1*v2 + v1*u2) / (Fq.ONE + JUBJUB_D*u1*u2*v1*v2) 186 | v3 = (v1*v2 - JUBJUB_A*u1*u2) / (Fq.ONE - JUBJUB_D*u1*u2*v1*v2) 187 | return Point(u3, v3) 188 | 189 | def double(self): 190 | return self + self 191 | 192 | def __mul__(self, s): 193 | s = format(s.s, '0256b') 194 | ret = self.ZERO 195 | for c in s: 196 | ret = ret.double() 197 | if int(c): 198 | ret = ret + self 199 | return ret 200 | 201 | def __bytes__(self): 202 | buf = bytes(self.v) 203 | if self.u.s % 2 == 1: 204 | buf = buf[:31] + bytes([buf[31] | (1 << 7)]) 205 | return buf 206 | 207 | def __eq__(self, a): 208 | return self.u == a.u and self.v == a.v 209 | 210 | def __str__(self): 211 | return 'Point(%s, %s)' % (self.u, self.v) 212 | 213 | 214 | Point.ZERO = Point(Fq.ZERO, Fq.ONE) 215 | 216 | assert Point.ZERO + Point.ZERO == Point.ZERO 217 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/key_components.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b, blake2s 5 | 6 | from .generators import PROVING_KEY_BASE, SPENDING_KEY_BASE, group_hash 7 | from .jubjub import Fr 8 | from .merkle_tree import MERKLE_DEPTH 9 | from .notes import note_commit, note_nullifier 10 | from ..utils import leos2bsp, leos2ip 11 | from ..output import render_args, render_tv 12 | 13 | # 14 | # Utilities 15 | # 16 | 17 | def to_scalar(buf): 18 | return Fr(leos2ip(buf)) 19 | 20 | 21 | # 22 | # PRFs and hashes 23 | # 24 | 25 | def prf_expand(sk, t): 26 | digest = blake2b(person=b'Zcash_ExpandSeed') 27 | digest.update(sk) 28 | digest.update(t) 29 | return digest.digest() 30 | 31 | def crh_ivk(ak, nk): 32 | digest = blake2s(person=b'Zcashivk') 33 | digest.update(ak) 34 | digest.update(nk) 35 | ivk = digest.digest() 36 | return leos2ip(ivk) % 2**251 37 | 38 | def diversify_hash(d): 39 | return group_hash(b'Zcash_gd', d) 40 | 41 | # 42 | # Key components 43 | # 44 | 45 | def cached(f): 46 | def wrapper(self): 47 | if not hasattr(self, '_cached'): 48 | self._cached = {} 49 | if not self._cached.get(f): 50 | self._cached[f] = f(self) 51 | return self._cached[f] 52 | return wrapper 53 | 54 | 55 | class DerivedAkNk(object): 56 | @cached 57 | def ak(self): 58 | return SPENDING_KEY_BASE * self.ask() 59 | 60 | @cached 61 | def nk(self): 62 | return PROVING_KEY_BASE * self.nsk() 63 | 64 | 65 | class DerivedIvk(object): 66 | @cached 67 | def ivk(self): 68 | return Fr(crh_ivk(bytes(self.ak()), bytes(self.nk()))) 69 | 70 | 71 | class SpendingKey(DerivedAkNk, DerivedIvk): 72 | def __init__(self, data): 73 | self.data = data 74 | 75 | @cached 76 | def ask(self): 77 | return to_scalar(prf_expand(self.data, b'\x00')) 78 | 79 | @cached 80 | def nsk(self): 81 | return to_scalar(prf_expand(self.data, b'\x01')) 82 | 83 | @cached 84 | def ovk(self): 85 | return prf_expand(self.data, b'\x02')[:32] 86 | 87 | @cached 88 | def default_d(self): 89 | i = 0 90 | while True: 91 | d = prf_expand(self.data, bytes([3, i]))[:11] 92 | if diversify_hash(d): 93 | return d 94 | i += 1 95 | assert i < 256 96 | 97 | @cached 98 | def default_pkd(self): 99 | return diversify_hash(self.default_d()) * self.ivk() 100 | 101 | 102 | def main(): 103 | args = render_args() 104 | 105 | test_vectors = [] 106 | for i in range(0, 10): 107 | sk = SpendingKey(bytes([i] * 32)) 108 | note_v = (2548793025584392057432895043257984320*i) % 2**64 109 | note_r = Fr(8890123457840276890326754358439057438290574382905).exp(i+1) 110 | note_cm = note_commit( 111 | note_r, 112 | leos2bsp(bytes(diversify_hash(sk.default_d()))), 113 | leos2bsp(bytes(sk.default_pkd())), 114 | note_v) 115 | note_pos = (980705743285409327583205473820957432*i) % 2**MERKLE_DEPTH 116 | note_nf = note_nullifier(sk.nk(), note_cm, Fr(note_pos)) 117 | test_vectors.append({ 118 | 'sk': sk.data, 119 | 'ask': bytes(sk.ask()), 120 | 'nsk': bytes(sk.nsk()), 121 | 'ovk': sk.ovk(), 122 | 'ak': bytes(sk.ak()), 123 | 'nk': bytes(sk.nk()), 124 | 'ivk': bytes(sk.ivk()), 125 | 'default_d': sk.default_d(), 126 | 'default_pk_d': bytes(sk.default_pkd()), 127 | 'note_v': note_v, 128 | 'note_r': bytes(note_r), 129 | 'note_cmu': bytes(note_cm.u), 130 | 'note_pos': note_pos, 131 | 'note_nf': note_nf, 132 | }) 133 | 134 | render_tv( 135 | args, 136 | 'sapling_key_components', 137 | ( 138 | ('sk', '[u8; 32]'), 139 | ('ask', '[u8; 32]'), 140 | ('nsk', '[u8; 32]'), 141 | ('ovk', '[u8; 32]'), 142 | ('ak', '[u8; 32]'), 143 | ('nk', '[u8; 32]'), 144 | ('ivk', '[u8; 32]'), 145 | ('default_d', '[u8; 11]'), 146 | ('default_pk_d', '[u8; 32]'), 147 | ('note_v', 'u64'), 148 | ('note_r', '[u8; 32]'), 149 | ('note_cmu', '[u8; 32]'), 150 | ('note_pos', 'u64'), 151 | ('note_nf', '[u8; 32]'), 152 | ), 153 | test_vectors, 154 | ) 155 | 156 | 157 | if __name__ == '__main__': 158 | main() 159 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/merkle_tree.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from binascii import unhexlify 5 | 6 | from .pedersen import pedersen_hash 7 | from ..utils import i2lebsp, leos2bsp 8 | 9 | MERKLE_DEPTH = 32 10 | 11 | def merkle_crh(layer, left, right): 12 | assert layer < MERKLE_DEPTH 13 | assert len(left) == 255 14 | assert len(right) == 255 15 | l = i2lebsp(6, MERKLE_DEPTH - 1 - layer) 16 | return pedersen_hash(b'Zcash_PH', l + left + right) 17 | 18 | 19 | a = unhexlify('87a086ae7d2252d58729b30263fb7b66308bf94ef59a76c9c86e7ea016536505')[::-1] 20 | b = unhexlify('a75b84a125b2353da7e8d96ee2a15efe4de23df9601b9d9564ba59de57130406')[::-1] 21 | c = unhexlify('5bf43b5736c19b714d1f462c9d22ba3492c36e3d9bbd7ca24d94b440550aa561')[::-1] 22 | a = leos2bsp(a)[:255] 23 | b = leos2bsp(b)[:255] 24 | c = leos2bsp(c)[:255] 25 | assert merkle_crh(MERKLE_DEPTH - 1 - 25, a, b) == c 26 | assert merkle_crh(MERKLE_DEPTH - 1 - 26, a, b) != c 27 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/note_encryption.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from chacha20poly1305 import ChaCha20Poly1305 5 | from hashlib import blake2b 6 | import os 7 | import struct 8 | 9 | from .generators import VALUE_COMMITMENT_VALUE_BASE, VALUE_COMMITMENT_RANDOMNESS_BASE 10 | from .jubjub import Fr, JUBJUB_COFACTOR 11 | from .key_components import SpendingKey, diversify_hash 12 | from .notes import note_commit 13 | from ..utils import leos2bsp, leos2ip 14 | from ..output import render_args, render_tv 15 | 16 | 17 | def kdf_sapling(shared_secret, epk): 18 | digest = blake2b(digest_size=32, person=b'Zcash_SaplingKDF') 19 | digest.update(bytes(shared_secret)) 20 | digest.update(bytes(epk)) 21 | return digest.digest() 22 | 23 | def prf_ock(ovk, cv, cmu, ephemeral_key): 24 | digest = blake2b(digest_size=32, person=b'Zcash_Derive_ock') 25 | digest.update(ovk) 26 | digest.update(cv) 27 | digest.update(cmu) 28 | digest.update(ephemeral_key) 29 | return digest.digest() 30 | 31 | class SaplingKeyAgreement(object): 32 | @staticmethod 33 | def private(random): 34 | return Fr(leos2ip(random(32))) 35 | 36 | @staticmethod 37 | def derive_public(esk, g_d): 38 | return g_d * esk 39 | 40 | @staticmethod 41 | def agree(esk, pk_d): 42 | return pk_d * esk * JUBJUB_COFACTOR 43 | 44 | class SaplingSym(object): 45 | @staticmethod 46 | def k(random): 47 | return random(32) 48 | 49 | @staticmethod 50 | def encrypt(key, plaintext): 51 | cip = ChaCha20Poly1305(key) 52 | return bytes(cip.encrypt(b'\x00' * 12, plaintext)) 53 | 54 | 55 | class SaplingNotePlaintext(object): 56 | def __init__(self, d, v, rcm, memo): 57 | self.d = d 58 | self.v = v 59 | self.rcm = rcm 60 | self.memo = memo 61 | 62 | def __bytes__(self): 63 | return ( 64 | b'\x01' + 65 | self.d + 66 | struct.pack('= 3, "Python 3 required." 3 | 4 | from hashlib import blake2s 5 | 6 | from .pedersen import ( 7 | mixing_pedersen_hash, 8 | windowed_pedersen_commitment, 9 | ) 10 | from ..utils import i2lebsp 11 | 12 | def note_commit(rcm, g_d, pk_d, v): 13 | return windowed_pedersen_commitment(rcm, [1] * 6 + i2lebsp(64, v) + g_d + pk_d) 14 | 15 | def prf_nf_sapling(nk_star, rho_star): 16 | digest = blake2s(person=b'Zcash_nf') 17 | digest.update(nk_star) 18 | digest.update(rho_star) 19 | return digest.digest() 20 | 21 | def note_nullifier(nk, cm, pos): 22 | rho = mixing_pedersen_hash(cm, pos) 23 | return prf_nf_sapling(bytes(nk), bytes(rho)) 24 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/pedersen.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from .generators import ( 5 | find_group_hash, 6 | NOTE_POSITION_BASE, 7 | WINDOWED_PEDERSEN_RANDOMNESS_BASE, 8 | ) 9 | from .jubjub import Fr, Point 10 | from ..utils import cldiv, i2leosp 11 | 12 | 13 | # 14 | # Pedersen hashes 15 | # 16 | 17 | def I_D_i(D, i): 18 | return find_group_hash(D, i2leosp(32, i - 1)) 19 | 20 | def encode_chunk(mj): 21 | (s0, s1, s2) = mj 22 | return (1 - 2*s2) * (1 + s0 + 2*s1) 23 | 24 | def encode_segment(Mi): 25 | ki = len(Mi) // 3 26 | Michunks = [Mi[i:i+3] for i in range(0, len(Mi), 3)] 27 | assert len(Michunks) == ki 28 | return Fr(sum([encode_chunk(Michunks[j-1]) * 2**(4*(j-1)) for j in range(1, ki + 1)])) 29 | 30 | c = 63 31 | 32 | def pedersen_hash_to_point(D, M): 33 | # Pad M to a multiple of 3 bits 34 | Mdash = M + [0] * ((-len(M)) % 3) 35 | assert (len(Mdash) // 3) * 3 == len(Mdash) 36 | n = cldiv(len(Mdash), 3 * c) 37 | Msegs = [Mdash[i:i+(3*c)] for i in range(0, len(Mdash), 3*c)] 38 | assert len(Msegs) == n 39 | return sum([I_D_i(D, i) * encode_segment(Msegs[i-1]) for i in range(1, n + 1)], Point.ZERO) 40 | 41 | def pedersen_hash(D, M): 42 | return pedersen_hash_to_point(D, M).u.bits(255) 43 | 44 | def mixing_pedersen_hash(P, x): 45 | return P + NOTE_POSITION_BASE * x 46 | 47 | 48 | # 49 | # Pedersen commitments 50 | # 51 | 52 | def windowed_pedersen_commitment(r, s): 53 | return pedersen_hash_to_point(b'Zcash_PH', s) + WINDOWED_PEDERSEN_RANDOMNESS_BASE * r 54 | 55 | def homomorphic_pedersen_commitment(rcv, D, v): 56 | return find_group_hash(D, b'v') * v + find_group_hash(D, b'r') * rcv 57 | -------------------------------------------------------------------------------- /zcash_test_vectors/sapling/redjubjub.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b 5 | import os 6 | 7 | from .generators import SPENDING_KEY_BASE 8 | from .jubjub import Fr, Point, r_j 9 | from .key_components import to_scalar 10 | from ..utils import cldiv, leos2ip 11 | from ..output import render_args, render_tv 12 | 13 | 14 | def H(x): 15 | digest = blake2b(person=b'Zcash_RedJubjubH') 16 | digest.update(x) 17 | return digest.digest() 18 | 19 | def h_star(B): 20 | return Fr(leos2ip(H(B))) 21 | 22 | 23 | class RedJubjub(object): 24 | l_G = 256 # l_J 25 | l_H = 512 26 | Public = Point 27 | Private = Fr 28 | Random = Fr 29 | 30 | def __init__(self, P_g, random=os.urandom): 31 | self.P_g = P_g 32 | self._random = random 33 | 34 | def gen_private(self): 35 | return to_scalar(self._random(64)) 36 | 37 | def derive_public(self, sk): 38 | return self.P_g * sk 39 | 40 | def gen_random(self): 41 | T = self._random((self.l_H + 128) // 8) 42 | return h_star(T) 43 | 44 | @staticmethod 45 | def randomize_private(sk, alpha): 46 | return sk + alpha 47 | 48 | def randomize_public(self, vk, alpha): 49 | return vk + self.P_g * alpha 50 | 51 | def sign(self, sk, M): 52 | T = self._random((self.l_H + 128) // 8) 53 | r = h_star(T + M) 54 | R = self.P_g * r 55 | Rbar = bytes(R) 56 | S = r + h_star(Rbar + M) * sk 57 | Sbar = bytes(S) # TODO: bitlength(r_j) 58 | return Rbar + Sbar 59 | 60 | def verify(self, vk, M, sig): 61 | mid = cldiv(self.l_G, 8) 62 | (Rbar, Sbar) = (sig[:mid], sig[mid:]) # TODO: bitlength(r_j) 63 | R = Point.from_bytes(Rbar) 64 | S = leos2ip(Sbar) 65 | c = h_star(Rbar + M) 66 | return R and S < r_j and self.P_g * Fr(S) == R + vk * c 67 | 68 | 69 | def main(): 70 | args = render_args() 71 | 72 | from random import Random 73 | rng = Random(0xabad533d) 74 | def randbytes(l): 75 | ret = [] 76 | while len(ret) < l: 77 | ret.append(rng.randrange(0, 256)) 78 | return bytes(ret) 79 | rj = RedJubjub(SPENDING_KEY_BASE, randbytes) 80 | 81 | test_vectors = [] 82 | for i in range(0, 10): 83 | sk = rj.gen_private() 84 | vk = rj.derive_public(sk) 85 | alpha = rj.gen_random() 86 | rsk = rj.randomize_private(sk, alpha) 87 | rvk = rj.randomize_public(vk, alpha) 88 | 89 | M = bytes([i] * 32) 90 | sig = rj.sign(sk, M) 91 | rsig = rj.sign(rsk, M) 92 | assert rj.verify(vk, M, sig) 93 | assert rj.verify(rvk, M, rsig) 94 | assert not rj.verify(vk, M, rsig) 95 | assert not rj.verify(rvk, M, sig) 96 | 97 | test_vectors.append({ 98 | 'sk': bytes(sk), 99 | 'vk': bytes(vk), 100 | 'alpha': bytes(alpha), 101 | 'rsk': bytes(rsk), 102 | 'rvk': bytes(rvk), 103 | 'm': M, 104 | 'sig': sig, 105 | 'rsig': rsig, 106 | }) 107 | 108 | render_tv( 109 | args, 110 | 'sapling_signatures', 111 | ( 112 | ('sk', '[u8; 32]'), 113 | ('vk', '[u8; 32]'), 114 | ('alpha', '[u8; 32]'), 115 | ('rsk', '[u8; 32]'), 116 | ('rvk', '[u8; 32]'), 117 | ('m', '[u8; 32]'), 118 | ('sig', '[u8; 64]'), 119 | ('rsig', '[u8; 64]'), 120 | ), 121 | test_vectors, 122 | ) 123 | 124 | 125 | if __name__ == '__main__': 126 | main() 127 | -------------------------------------------------------------------------------- /zcash_test_vectors/transparent/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zcash/zcash-test-vectors/ba707b10f570182d48196d97b3c648840ba7a21d/zcash_test_vectors/transparent/__init__.py -------------------------------------------------------------------------------- /zcash_test_vectors/transparent/zip_0316.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from ..output import render_args, render_tv 5 | from ..rand import Rand 6 | from ..sapling.key_components import prf_expand 7 | from secp256k1 import PrivateKey 8 | 9 | 10 | def derive_ovks(chaincode, pk): 11 | assert len(pk) == 33 and pk[0] in (0x02, 0x03) 12 | I_ovk = prf_expand(chaincode, b'\xD0' + pk) 13 | ovk_external = I_ovk[:32] 14 | ovk_internal = I_ovk[32:] 15 | return (ovk_external, ovk_internal) 16 | 17 | 18 | def main(): 19 | args = render_args() 20 | 21 | from random import Random 22 | rng = Random(0xabad533d) 23 | def randbytes(l): 24 | ret = [] 25 | while len(ret) < l: 26 | ret.append(rng.randrange(0, 256)) 27 | return bytes(ret) 28 | rand = Rand(randbytes) 29 | 30 | test_vectors = [] 31 | for i in range(10): 32 | chaincode = rand.b(32) 33 | pk = PrivateKey(rand.b(32), True).pubkey.serialize(compressed=True) 34 | (external_ovk, internal_ovk) = derive_ovks(chaincode, pk) 35 | test_vectors.append({ 36 | 'c' : chaincode, 37 | 'pk': pk, 38 | 'external_ovk': external_ovk, 39 | 'internal_ovk': internal_ovk, 40 | }) 41 | 42 | render_tv( 43 | args, 44 | 'zip_0316', 45 | ( 46 | ('c', '[u8; 32]'), 47 | ('pk', '[u8; 33]'), 48 | ('external_ovk', '[u8; 32]'), 49 | ('internal_ovk', '[u8; 32]'), 50 | ), 51 | test_vectors, 52 | ) 53 | 54 | if __file__ == '__main__': 55 | main() 56 | -------------------------------------------------------------------------------- /zcash_test_vectors/transparent/zip_0320.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | import math 5 | from random import Random 6 | import struct 7 | import base58 8 | 9 | from ..bech32m import bech32_encode, bech32_decode, convertbits, Encoding 10 | from ..output import render_args, render_tv, Some 11 | from ..rand import Rand, randbytes 12 | from ..hd_common import ZCASH_MAIN_COINTYPE, ZCASH_TEST_COINTYPE, hardened 13 | from .bip_0032 import ExtendedSecretKey 14 | 15 | class HrpMismatch(Exception): 16 | pass 17 | 18 | class InvalidEncoding(Exception): 19 | pass 20 | 21 | def encode(hrp, p2pkh_bytes): 22 | converted = convertbits(p2pkh_bytes, 8, 5) 23 | return bech32_encode(hrp, converted, Encoding.BECH32M) 24 | 25 | def decode(hrp_expected, tex_addr): 26 | (hrp, data, encoding) = bech32_decode(tex_addr) 27 | if data is None or encoding != Encoding.BECH32M: 28 | raise InvalidEncoding("ZIP 320 addresses must be encoded using Bech32m") 29 | if hrp != hrp_expected: 30 | raise HrpMismatch("Expected: " + hrp_expected + "; got " + hrp) 31 | return bytes(convertbits(data, 5, 8, False)) 32 | 33 | ADDRESS_CONSTANTS = { 34 | "mainnet": { "coin_type": ZCASH_MAIN_COINTYPE, "p2pkh_lead": [0x1c, 0xb8], "tex_hrp": "tex" }, 35 | "testnet": { "coin_type": ZCASH_TEST_COINTYPE, "p2pkh_lead": [0x1d, 0x25], "tex_hrp": "textest" }, 36 | "regtest": { "coin_type": ZCASH_TEST_COINTYPE, "p2pkh_lead": [0x1d, 0x25], "tex_hrp": "texregtest" }, 37 | } 38 | 39 | def main(): 40 | args = render_args() 41 | 42 | network = "mainnet" 43 | constants = ADDRESS_CONSTANTS[network] 44 | 45 | rng = Random(0xabad533d) 46 | rand = Rand(randbytes(rng)) 47 | seed = bytes(range(32)) 48 | 49 | t_root_key = ExtendedSecretKey.master(seed) 50 | t_purpose_key = t_root_key.child(hardened(44)) 51 | t_coin_key = t_purpose_key.child(hardened(constants["coin_type"])) 52 | 53 | test_vectors = [] 54 | for account in range(0, 5): 55 | for j in range(0, 3): 56 | t_account_key = t_coin_key.child(hardened(account)) 57 | t_external_key = t_account_key.child(0) 58 | t_index_key = t_external_key.child(j) 59 | t_index_pubkey = t_index_key.public_key() 60 | p2pkh_bytes = t_index_pubkey.address() 61 | t_addr = base58.b58encode_check(bytes(constants["p2pkh_lead"]) + p2pkh_bytes).decode('utf-8') 62 | 63 | tex_addr = encode(constants["tex_hrp"], p2pkh_bytes) 64 | 65 | p2pkh_bytes_decoded = decode(constants["tex_hrp"], tex_addr) 66 | assert p2pkh_bytes_decoded == p2pkh_bytes 67 | 68 | test_vectors.append({ 69 | 't_addr': t_addr, 70 | 'p2pkh_bytes': p2pkh_bytes, 71 | 'tex_addr': tex_addr, 72 | 'account': account, 73 | 'child_index': j, 74 | }) 75 | 76 | render_tv( 77 | args, 78 | 'zcash_test_vectors/transparent/zip_0320', 79 | ( 80 | ('t_addr', {'rust_type': '&\'static str'}), 81 | ('p2pkh_bytes', '[u8; 20]'), 82 | ('tex_addr', {'rust_type': '&\'static str'}), 83 | ('account', 'u32'), 84 | ('child_index', 'u32'), 85 | ), 86 | test_vectors, 87 | ) 88 | 89 | 90 | if __name__ == "__main__": 91 | main() 92 | -------------------------------------------------------------------------------- /zcash_test_vectors/unified_encoding.py: -------------------------------------------------------------------------------- 1 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 2 | 3 | from random import Random 4 | 5 | from .zc_utils import write_compact_size, parse_compact_size 6 | from .bech32m import bech32_encode, bech32_decode, convertbits, Encoding 7 | from .f4jumble import f4jumble, f4jumble_inv 8 | 9 | P2PKH_ITEM = 0x00 10 | P2SH_ITEM = 0x01 11 | SAPLING_ITEM = 0x02 12 | ORCHARD_ITEM = 0x03 13 | 14 | def tlv(typecode, value): 15 | return b"".join([write_compact_size(typecode), write_compact_size(len(value)), value]) 16 | 17 | def padding(hrp): 18 | assert(len(hrp) <= 16) 19 | return bytes(hrp, "utf8") + bytes(16 - len(hrp)) 20 | 21 | def encode_unified(items, hrp): 22 | encoded_items = [] 23 | 24 | has_p2pkh = False 25 | has_p2sh = False 26 | for item in sorted(items): 27 | if item[1]: 28 | if item[0] == P2PKH_ITEM: 29 | has_p2pkh = True 30 | if item[0] == P2SH_ITEM: 31 | has_p2sh = True 32 | assert (not (has_p2pkh and has_p2sh)) 33 | encoded_items.append(tlv(item[0], item[1])) 34 | 35 | encoded_items.append(padding(hrp)) 36 | 37 | r_bytes = b"".join(encoded_items) 38 | converted = convertbits(f4jumble(r_bytes), 8, 5) 39 | return bech32_encode(hrp, converted, Encoding.BECH32M) 40 | 41 | def decode_unified(encoded, expected_hrp, expected_lengths): 42 | (hrp, data, encoding) = bech32_decode(encoded) 43 | assert hrp == expected_hrp and encoding == Encoding.BECH32M 44 | assert(len(data) >= 48) 45 | 46 | decoded = f4jumble_inv(bytes(convertbits(data, 5, 8, False))) 47 | suffix = decoded[-16:] 48 | # check trailing padding bytes 49 | assert suffix == padding(hrp) 50 | rest = decoded[:-16] 51 | 52 | result = {} 53 | prev_type = -1 54 | while len(rest) > 0: 55 | (item_type, rest) = parse_compact_size(rest) 56 | (item_len, rest) = parse_compact_size(rest) 57 | 58 | expected_len = expected_lengths.get(item_type) 59 | if expected_len is not None: 60 | assert item_len == expected_len, "incorrect item length" 61 | 62 | assert len(rest) >= item_len 63 | (item, rest) = (rest[:item_len], rest[item_len:]) 64 | 65 | if item_type == P2PKH_ITEM or item_type == P2SH_ITEM: 66 | assert not ('transparent' in result), "duplicate transparent item detected" 67 | result['transparent'] = item 68 | 69 | elif item_type == SAPLING_ITEM: 70 | assert not ('sapling' in result), "duplicate sapling item detected" 71 | result['sapling'] = item 72 | 73 | elif item_type == ORCHARD_ITEM: 74 | assert not ('orchard' in result), "duplicate orchard item detected" 75 | result['orchard'] = item 76 | 77 | else: 78 | assert not ('unknown' in result), "duplicate unknown item detected" 79 | result['unknown'] = (item_type, item) 80 | 81 | assert item_type > prev_type, "items out of order: typecodes %r and %r" % (prev_type, item_type) 82 | prev_type = item_type 83 | 84 | return result 85 | 86 | -------------------------------------------------------------------------------- /zcash_test_vectors/unified_full_viewing_keys.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from random import Random 5 | 6 | from .output import render_args, render_tv, Some 7 | from .rand import Rand, randbytes 8 | from .orchard import key_components as orchard_key_components 9 | from .sapling import zip32 as sapling_zip32 10 | from .transparent import bip_0032 11 | from .hd_common import ZCASH_MAIN_COINTYPE, hardened 12 | from .unified_encoding import encode_unified, decode_unified 13 | from .unified_encoding import P2PKH_ITEM, SAPLING_ITEM, ORCHARD_ITEM 14 | 15 | 16 | def main(): 17 | args = render_args() 18 | 19 | rng = Random(0xabad533d) 20 | rand = Rand(randbytes(rng)) 21 | seed = bytes(range(32)) 22 | 23 | t_root_key = bip_0032.ExtendedSecretKey.master(seed) 24 | t_purpose_key = t_root_key.child(hardened(44)) 25 | t_coin_key = t_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 26 | 27 | s_root_key = sapling_zip32.ExtendedSpendingKey.master(seed) 28 | s_purpose_key = s_root_key.child(hardened(32)) 29 | s_coin_key = s_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 30 | 31 | o_root_key = orchard_key_components.ExtendedSpendingKey.master(seed) 32 | o_purpose_key = o_root_key.child(hardened(32)) 33 | o_coin_key = o_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 34 | 35 | test_vectors = [] 36 | for account in range(0, 20): 37 | has_t_key = rand.bool() 38 | if has_t_key: 39 | rand.b(20) # discard, to match UA generation 40 | 41 | # 42 | # "However, the [Transparent P2PKH] FVK uses the key at the Account level, i.e. 43 | # at path m/44'/coin_type'/account', while the IVK uses the external (non-change) 44 | # child key at the Change level, i.e. at path m/44'/coin_type'/account'/0." 45 | t_account_key = t_coin_key.child(hardened(account)) 46 | t_key_bytes = bytes(t_account_key.public_key()) 47 | else: 48 | t_key_bytes = None 49 | 50 | has_s_key = rand.bool() 51 | if has_s_key: 52 | s_account_key = s_coin_key.child(hardened(account)) 53 | sapling_fvk = s_account_key.to_extended_fvk() 54 | sapling_fvk_bytes = b"".join([ 55 | bytes(sapling_fvk.ak()), 56 | bytes(sapling_fvk.nk()), 57 | sapling_fvk.ovk(), 58 | sapling_fvk.dk() 59 | ]) 60 | else: 61 | sapling_fvk_bytes = None 62 | 63 | has_o_key = (not has_s_key) or rand.bool() 64 | if has_o_key: 65 | o_account_key = o_coin_key.child(hardened(account)) 66 | orchard_fvk = orchard_key_components.FullViewingKey.from_spending_key(o_account_key) 67 | orchard_fvk_bytes = b"".join([ 68 | bytes(orchard_fvk.ak), 69 | bytes(orchard_fvk.nk), 70 | bytes(orchard_fvk.rivk) 71 | ]) 72 | else: 73 | orchard_fvk_bytes = None 74 | 75 | rand.bool() # discard, to match UA generation 76 | 77 | # include an unknown item 1/4 of the time 78 | has_unknown_item = rand.bool() and rand.bool() 79 | # use the range reserved for experimental typecodes for unknowns 80 | unknown_tc = rng.randrange(0xFFFA, 0xFFFF+1) 81 | unknown_len = rng.randrange(32, 256) 82 | if has_unknown_item: 83 | unknown_bytes = b"".join([rand.b(unknown_len)]) 84 | else: 85 | unknown_bytes = None 86 | 87 | receivers = [ 88 | (ORCHARD_ITEM, orchard_fvk_bytes), 89 | (SAPLING_ITEM, sapling_fvk_bytes), 90 | (P2PKH_ITEM, t_key_bytes), 91 | (unknown_tc, unknown_bytes), 92 | ] 93 | ufvk = encode_unified(receivers, "uview") 94 | 95 | expected_lengths = { 96 | P2PKH_ITEM: 65, 97 | SAPLING_ITEM: 128, 98 | ORCHARD_ITEM: 96, 99 | unknown_tc: unknown_len 100 | } 101 | decoded = decode_unified(ufvk, "uview", expected_lengths) 102 | assert decoded.get('orchard') == orchard_fvk_bytes 103 | assert decoded.get('sapling') == sapling_fvk_bytes 104 | assert decoded.get('transparent') == t_key_bytes 105 | assert decoded.get('unknown') == ((unknown_tc, unknown_bytes) if unknown_bytes else None) 106 | 107 | test_vectors.append({ 108 | 't_key_bytes': t_key_bytes, 109 | 'sapling_fvk_bytes': sapling_fvk_bytes, 110 | 'orchard_fvk_bytes': orchard_fvk_bytes, 111 | 'unknown_fvk_typecode': unknown_tc, 112 | 'unknown_fvk_bytes': unknown_bytes, 113 | 'unified_fvk': ufvk.encode(), 114 | 'root_seed': seed, 115 | 'account': account, 116 | }) 117 | 118 | render_tv( 119 | args, 120 | 'unified_full_viewing_keys', 121 | ( 122 | ('t_key_bytes', 'Option<[u8; 65]>'), 123 | ('sapling_fvk_bytes', 'Option<[u8; 128]>'), 124 | ('orchard_fvk_bytes', 'Option<[u8; 96]>'), 125 | ('unknown_fvk_typecode', 'u32'), 126 | ('unknown_fvk_bytes', {'rust_type': 'Option>', 'bitcoin_flavoured': False}), 127 | ('unified_fvk', {'rust_type': 'Vec', 'bitcoin_flavoured': False}), 128 | ('root_seed', {'rust_type': 'Vec', 'bitcoin_flavoured': False}), 129 | ('account', 'u32'), 130 | ), 131 | test_vectors, 132 | ) 133 | 134 | 135 | if __name__ == "__main__": 136 | main() 137 | -------------------------------------------------------------------------------- /zcash_test_vectors/unified_incoming_viewing_keys.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from random import Random 5 | 6 | from .output import render_args, render_tv, Some 7 | from .rand import Rand, randbytes 8 | from .orchard import key_components as orchard_key_components 9 | from .sapling import zip32 as sapling_zip32 10 | from .transparent import bip_0032 11 | from .hd_common import ZCASH_MAIN_COINTYPE, hardened 12 | from .unified_encoding import encode_unified, decode_unified 13 | from .unified_encoding import P2PKH_ITEM, SAPLING_ITEM, ORCHARD_ITEM 14 | 15 | 16 | def main(): 17 | args = render_args() 18 | 19 | rng = Random(0xabad533d) 20 | rand = Rand(randbytes(rng)) 21 | seed = bytes(range(32)) 22 | 23 | t_root_key = bip_0032.ExtendedSecretKey.master(seed) 24 | t_purpose_key = t_root_key.child(hardened(44)) 25 | t_coin_key = t_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 26 | 27 | s_root_key = sapling_zip32.ExtendedSpendingKey.master(seed) 28 | s_purpose_key = s_root_key.child(hardened(32)) 29 | s_coin_key = s_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 30 | 31 | o_root_key = orchard_key_components.ExtendedSpendingKey.master(seed) 32 | o_purpose_key = o_root_key.child(hardened(32)) 33 | o_coin_key = o_purpose_key.child(hardened(ZCASH_MAIN_COINTYPE)) 34 | 35 | test_vectors = [] 36 | for account in range(0, 20): 37 | has_t_key = rand.bool() 38 | if has_t_key: 39 | rand.b(20) # discard, to match UA generation 40 | 41 | # 42 | # "However, the [Transparent P2PKH] FVK uses the key at the Account level, i.e. 43 | # at path m/44'/coin_type'/account', while the IVK uses the external (non-change) 44 | # child key at the Change level, i.e. at path m/44'/coin_type'/account'/0." 45 | t_account_key = t_coin_key.child(hardened(account)) 46 | t_external_key = t_account_key.child(0) 47 | t_key_bytes = bytes(t_external_key.public_key()) 48 | else: 49 | t_key_bytes = None 50 | 51 | has_s_key = rand.bool() 52 | if has_s_key: 53 | s_account_key = s_coin_key.child(hardened(account)) 54 | sapling_fvk = s_account_key.to_extended_fvk() 55 | sapling_dk = sapling_fvk.dk() 56 | sapling_ivk = sapling_fvk.ivk() 57 | sapling_ivk_bytes = bytes(sapling_dk) + bytes(sapling_ivk) 58 | else: 59 | sapling_ivk_bytes = None 60 | 61 | has_o_key = (not has_s_key) or rand.bool() 62 | if has_o_key: 63 | o_account_key = o_coin_key.child(hardened(account)) 64 | orchard_fvk = orchard_key_components.FullViewingKey.from_spending_key(o_account_key) 65 | orchard_dk = orchard_fvk.dk 66 | orchard_ivk = orchard_fvk.ivk() 67 | orchard_ivk_bytes = bytes(orchard_dk) + bytes(orchard_ivk) 68 | else: 69 | orchard_ivk_bytes = None 70 | 71 | rand.bool() # discard, to match UA generation 72 | 73 | # include an unknown item 1/4 of the time 74 | has_unknown_item = rand.bool() and rand.bool() 75 | # use the range reserved for experimental typecodes for unknowns 76 | unknown_tc = rng.randrange(0xFFFA, 0xFFFF+1) 77 | unknown_len = rng.randrange(32, 256) 78 | if has_unknown_item: 79 | unknown_bytes = b"".join([rand.b(unknown_len)]) 80 | else: 81 | unknown_bytes = None 82 | 83 | receivers = [ 84 | (ORCHARD_ITEM, orchard_ivk_bytes), 85 | (SAPLING_ITEM, sapling_ivk_bytes), 86 | (P2PKH_ITEM, t_key_bytes), 87 | (unknown_tc, unknown_bytes), 88 | ] 89 | uivk = encode_unified(receivers, "uivk") 90 | 91 | expected_lengths = { 92 | P2PKH_ITEM: 65, 93 | SAPLING_ITEM: 64, 94 | ORCHARD_ITEM: 64, 95 | unknown_tc: unknown_len 96 | } 97 | decoded = decode_unified(uivk, "uivk", expected_lengths) 98 | assert decoded.get('orchard') == orchard_ivk_bytes 99 | assert decoded.get('sapling') == sapling_ivk_bytes 100 | assert decoded.get('transparent') == t_key_bytes 101 | assert decoded.get('unknown') == ((unknown_tc, unknown_bytes) if unknown_bytes else None) 102 | 103 | test_vectors.append({ 104 | 't_key_bytes': t_key_bytes, 105 | 'sapling_ivk_bytes': sapling_ivk_bytes, 106 | 'orchard_ivk_bytes': orchard_ivk_bytes, 107 | 'unknown_ivk_typecode': unknown_tc, 108 | 'unknown_ivk_bytes': unknown_bytes, 109 | 'unified_ivk': uivk.encode(), 110 | 'root_seed': seed, 111 | 'account': account, 112 | }) 113 | 114 | render_tv( 115 | args, 116 | 'unified_incoming_viewing_keys', 117 | ( 118 | ('t_key_bytes', 'Option<[u8; 65]>'), 119 | ('sapling_ivk_bytes', 'Option<[u8; 64]>'), 120 | ('orchard_ivk_bytes', 'Option<[u8; 64]>'), 121 | ('unknown_ivk_typecode', 'u32'), 122 | ('unknown_ivk_bytes', {'rust_type': 'Option>', 'bitcoin_flavoured': False}), 123 | ('unified_ivk', {'rust_type': 'Vec', 'bitcoin_flavoured': False}), 124 | ('root_seed', {'rust_type': 'Vec', 'bitcoin_flavoured': False}), 125 | ('account', 'u32'), 126 | ), 127 | test_vectors, 128 | ) 129 | 130 | 131 | if __name__ == "__main__": 132 | main() 133 | -------------------------------------------------------------------------------- /zcash_test_vectors/utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | def cldiv(n, divisor): 5 | return (n + (divisor - 1)) // divisor 6 | 7 | def i2lebsp(l, x): 8 | return [int(c) for c in format(x, '0%sb' % l)[::-1]] 9 | 10 | def leos2ip(S): 11 | return int.from_bytes(S, byteorder='little') 12 | 13 | def beos2ip(S): 14 | return int.from_bytes(S, byteorder='big') 15 | 16 | # This should be equivalent to LEBS2OSP(I2LEBSP(l, x)) 17 | def i2leosp(l, x): 18 | return x.to_bytes(cldiv(l, 8), byteorder='little') 19 | 20 | # This should be equivalent to BEBS2OSP(I2BEBSP(l, x)) 21 | def i2beosp(l, x): 22 | return x.to_bytes(cldiv(l, 8), byteorder='big') 23 | 24 | def bebs2ip(bits): 25 | ret = 0 26 | for b in bits: 27 | ret = ret * 2 28 | if b: 29 | ret += 1 30 | return ret 31 | 32 | def lebs2ip(bits): 33 | return bebs2ip(bits[::-1]) 34 | 35 | def i2bebsp(m, x): 36 | assert 0 <= x and x < (1 << m) 37 | return [(x >> (m-1-i)) & 1 for i in range(m)] 38 | 39 | def lebs2osp(bits): 40 | l = len(bits) 41 | bits = bits + [0] * (8 * cldiv(l, 8) - l) 42 | return bytes([lebs2ip(bits[i:i + 8]) for i in range(0, len(bits), 8)]) 43 | 44 | def leos2bsp(buf): 45 | return sum([[(c >> i) & 1 for i in range(8)] for c in buf], []) 46 | 47 | def bebs2osp(bits, m=None): 48 | l = len(bits) 49 | bits = [0] * (8 * cldiv(l, 8) - l) + bits 50 | return bytes([bebs2ip(bits[i:i + 8]) for i in range(0, len(bits), 8)]) 51 | 52 | assert i2leosp(5, 7) == lebs2osp(i2lebsp(5, 7)) 53 | assert i2leosp(32, 1234567890) == lebs2osp(i2lebsp(32, 1234567890)) 54 | 55 | assert i2beosp(5, 7) == bebs2osp(i2bebsp(5, 7)) 56 | assert i2beosp(32, 1234567890) == bebs2osp(i2bebsp(32, 1234567890)) 57 | 58 | assert leos2ip(bytes(range(256))) == lebs2ip(leos2bsp(bytes(range(256)))) 59 | 60 | assert bebs2ip(i2bebsp(5, 7)) == 7 61 | try: 62 | i2bebsp(3, 12) 63 | except AssertionError: 64 | pass 65 | else: 66 | raise AssertionError("invalid input not caught by i2bebsp") 67 | -------------------------------------------------------------------------------- /zcash_test_vectors/zc_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | import struct 5 | 6 | MAX_COMPACT_SIZE = 0x2000000 7 | 8 | def write_compact_size(n, allow_u64=False): 9 | assert allow_u64 or n <= MAX_COMPACT_SIZE 10 | if n < 253: 11 | return struct.pack('B', n) 12 | elif n <= 0xFFFF: 13 | return struct.pack('B', 253) + struct.pack('= 1 26 | b = rest[0] 27 | if b < 253: 28 | return (b, rest[1:]) 29 | elif b == 253: 30 | assert len(rest) >= 3 31 | n = struct.unpack('= 253 33 | return (n, rest[3:]) 34 | elif b == 254: 35 | assert len(rest) >= 5 36 | n = struct.unpack('= 0x10000 38 | return (n, rest[5:]) 39 | else: 40 | assert len(rest) >= 9 41 | n = struct.unpack('= 0x100000000 43 | return (n, rest[9:]) 44 | 45 | 46 | def assert_parse_fails(encoding, allow_u64): 47 | try: 48 | parse_compact_size(encoding, allow_u64) 49 | except AssertionError: 50 | pass 51 | else: 52 | raise AssertionError("parse_compact_size(%r) failed to raise AssertionError" % (encoding,)) 53 | 54 | def test_round_trip(n, encoding, allow_u64): 55 | assert write_compact_size(n, allow_u64) == encoding 56 | assert parse_compact_size(encoding, allow_u64) == (n, b'') 57 | assert parse_compact_size(encoding + b'*', allow_u64) == (n, b'*') 58 | assert_parse_fails(encoding[:-1], allow_u64) 59 | 60 | for allow_u64 in (False, True): 61 | test_round_trip(0, b'\x00', allow_u64) 62 | test_round_trip(1, b'\x01', allow_u64) 63 | test_round_trip(252, b'\xFC', allow_u64) 64 | test_round_trip(253, b'\xFD\xFD\x00', allow_u64) 65 | test_round_trip(254, b'\xFD\xFE\x00', allow_u64) 66 | test_round_trip(255, b'\xFD\xFF\x00', allow_u64) 67 | test_round_trip(256, b'\xFD\x00\x01', allow_u64) 68 | test_round_trip(0xFFFE, b'\xFD\xFE\xFF', allow_u64) 69 | test_round_trip(0xFFFF, b'\xFD\xFF\xFF', allow_u64) 70 | test_round_trip(0x010000, b'\xFE\x00\x00\x01\x00', allow_u64) 71 | test_round_trip(0x010001, b'\xFE\x01\x00\x01\x00', allow_u64) 72 | test_round_trip(0x02000000, b'\xFE\x00\x00\x00\x02', allow_u64) 73 | 74 | assert_parse_fails(b'\xFD\xFC\x00', allow_u64) 75 | assert_parse_fails(b'\xFE\xFF\xFF\x00\x00', allow_u64) 76 | assert_parse_fails(b'\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00', allow_u64) 77 | 78 | assert_parse_fails(b'\xFE\x01\x00\x00\x02', False) 79 | assert_parse_fails(b'\xFF\x00\x00\x00\x00\x01\x00\x00\x00', False) 80 | assert_parse_fails(b'\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF', False) 81 | 82 | test_round_trip(0xFFFFFFFE, b'\xFE\xFE\xFF\xFF\xFF', True) 83 | test_round_trip(0xFFFFFFFF, b'\xFE\xFF\xFF\xFF\xFF', True) 84 | test_round_trip(0x0100000000, b'\xFF\x00\x00\x00\x00\x01\x00\x00\x00', True) 85 | test_round_trip(0xFFFFFFFFFFFFFFFF, b'\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF', True) 86 | -------------------------------------------------------------------------------- /zcash_test_vectors/zip_0032.py: -------------------------------------------------------------------------------- 1 | from hashlib import blake2b 2 | 3 | from .sapling.key_components import prf_expand 4 | from .utils import i2leosp 5 | 6 | from .hd_common import hardened 7 | from .output import render_args, render_tv 8 | 9 | class HardenedOnlyContext(object): 10 | def __init__(self, MKGDomain, CKDDomain): 11 | assert type(MKGDomain) == bytes 12 | assert len(MKGDomain) == 16 13 | assert type(CKDDomain) == bytes 14 | assert len(CKDDomain) == 1 15 | 16 | self.MKGDomain = MKGDomain 17 | self.CKDDomain = CKDDomain 18 | 19 | def MKGh(Context, IKM): 20 | assert type(Context) == HardenedOnlyContext 21 | 22 | digest = blake2b(person=Context.MKGDomain) 23 | digest.update(IKM) 24 | I = digest.digest() 25 | I_L = I[:32] 26 | I_R = I[32:] 27 | return (I_L, I_R) 28 | 29 | def CKDh(Context, sk_par, c_par, i, lead, tag): 30 | assert type(Context) == HardenedOnlyContext 31 | assert 0x80000000 <= i and i <= 0xFFFFFFFF 32 | assert 0x00 <= lead and lead <= 0xFF 33 | assert type(tag) == bytes 34 | 35 | lead_enc = bytes([] if lead == 0 and tag == b"" else [lead]) 36 | I = prf_expand(c_par, Context.CKDDomain + sk_par + i2leosp(32, i) + lead_enc + tag) 37 | I_L = I[:32] 38 | I_R = I[32:] 39 | return (I_L, I_R) 40 | 41 | 42 | class RegisteredKey(object): 43 | Registered = HardenedOnlyContext(b'ZIPRegistered_KD', b'\xAC') 44 | 45 | def __init__(self, IKM, subpath, sk, chaincode, full_width=None): 46 | self.IKM = IKM 47 | self.subpath = subpath 48 | self.sk = sk 49 | self.chaincode = chaincode 50 | self.full_width = full_width # the full-width cryptovalue at this path 51 | 52 | @classmethod 53 | def subtree_root(cls, ContextString, S, ZipNumber): 54 | length_ContextString = len(ContextString) 55 | length_S = len(S) 56 | 57 | assert length_ContextString <= 252 58 | assert 32 <= length_S <= 252 59 | 60 | IKM = bytes([length_ContextString]) + ContextString + bytes([length_S]) + S 61 | (sk_m, c_m) = MKGh(cls.Registered, IKM) 62 | (sk, chaincode) = CKDh(cls.Registered, sk_m, c_m, hardened(ZipNumber), 0, b"") 63 | return cls(IKM, [], sk, chaincode) 64 | 65 | def child(self, i, tag): 66 | (sk_child, c_child) = CKDh(self.Registered, self.sk, self.chaincode, i, 0, tag) 67 | (I_L, I_R) = CKDh(self.Registered, self.sk, self.chaincode, i, 1, tag) 68 | return self.__class__(None, self.subpath + [(i, tag)], sk_child, c_child, I_L + I_R) 69 | 70 | 71 | def registered_key_derivation_tvs(): 72 | args = render_args() 73 | 74 | context_string = b'Zcash test vectors' 75 | seed = bytes(range(32)) 76 | m_1h = RegisteredKey.subtree_root(context_string, seed, 1) 77 | m_1h_2h = m_1h.child(hardened(2), b"trans rights are human rights") 78 | m_1h_2h_3h = m_1h_2h.child(hardened(3), b"") 79 | 80 | keys = [m_1h, m_1h_2h, m_1h_2h_3h] 81 | 82 | test_vectors = [ 83 | { 84 | 'context_string': context_string, 85 | 'seed': seed, 86 | 'zip_number': 1, 87 | 'subpath': k.subpath, 88 | 'sk': k.sk, 89 | 'c': k.chaincode, 90 | 'full_width': k.full_width, 91 | } 92 | for k in keys 93 | ] 94 | 95 | render_tv( 96 | args, 97 | 'zip_0032_registered', 98 | ( 99 | ('context_string', '&\'static [u8]'), 100 | ('seed', '[u8; 32]'), 101 | ('zip_number', 'u16'), 102 | ('subpath', '&\'static [(u32, &\'static [u8])]'), 103 | ('sk', '[u8; 32]'), 104 | ('c', '[u8; 32]'), 105 | ('full_width', 'Option<[u8; 64]>'), 106 | ), 107 | test_vectors, 108 | ) 109 | 110 | 111 | class ArbitraryKey(object): 112 | Adhoc = HardenedOnlyContext(b'ZcashArbitraryKD', b'\xAB') 113 | 114 | def __init__(self, IKM, path, sk, chaincode): 115 | self.IKM = IKM 116 | self.path = path 117 | self.sk = sk 118 | self.chaincode = chaincode 119 | 120 | @classmethod 121 | def master(cls, ContextString, S): 122 | length_ContextString = len(ContextString) 123 | length_S = len(S) 124 | 125 | assert length_ContextString <= 252 126 | assert 32 <= length_S <= 252 127 | 128 | IKM = bytes([length_ContextString]) + ContextString + bytes([length_S]) + S 129 | (sk, chaincode) = MKGh(cls.Adhoc, IKM) 130 | return cls(IKM, [], sk, chaincode) 131 | 132 | def child(self, i): 133 | (sk_i, c_i) = CKDh(self.Adhoc, self.sk, self.chaincode, i, 0, b"") 134 | return self.__class__(None, self.path + [i], sk_i, c_i) 135 | 136 | 137 | def arbitrary_key_derivation_tvs(): 138 | args = render_args() 139 | 140 | context_string = b'Zcash test vectors' 141 | seed = bytes(range(32)) 142 | m = ArbitraryKey.master(context_string, seed) 143 | m_1h = m.child(hardened(1)) 144 | m_1h_2h = m_1h.child(hardened(2)) 145 | m_1h_2h_3h = m_1h_2h.child(hardened(3)) 146 | 147 | # Derive a path matching Zcash mainnet account index 0. 148 | m_32h = m.child(hardened(32)) 149 | m_32h_133h = m_32h.child(hardened(133)) 150 | m_32h_133h_0h = m_32h_133h.child(hardened(0)) 151 | 152 | keys = [m, m_1h, m_1h_2h, m_1h_2h_3h, m_32h, m_32h_133h, m_32h_133h_0h] 153 | 154 | test_vectors = [ 155 | { 156 | 'context_string': context_string, 157 | 'seed': seed, 158 | 'ikm': k.IKM, 159 | 'path': k.path, 160 | 'sk': k.sk, 161 | 'c': k.chaincode, 162 | } 163 | for k in keys 164 | ] 165 | 166 | render_tv( 167 | args, 168 | 'zip_0032_arbitrary', 169 | ( 170 | ('context_string', '&\'static [u8]'), 171 | ('seed', '[u8; 32]'), 172 | ('ikm', 'Option<&\'static [u8]>'), 173 | ('path', '&\'static [u32]'), 174 | ('sk', '[u8; 32]'), 175 | ('c', '[u8; 32]'), 176 | ), 177 | test_vectors, 178 | ) 179 | -------------------------------------------------------------------------------- /zcash_test_vectors/zip_0143.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b 5 | import struct 6 | 7 | from .transaction import ( 8 | LegacyTransaction, 9 | MAX_MONEY, 10 | OVERWINTER_TX_VERSION, 11 | Script, 12 | ) 13 | from .output import render_args, render_tv, Some 14 | from .rand import Rand 15 | 16 | 17 | SIGHASH_ALL = 1 18 | SIGHASH_NONE = 2 19 | SIGHASH_SINGLE = 3 20 | SIGHASH_ANYONECANPAY = 0x80 21 | 22 | NOT_AN_INPUT = -1 # For portability of the test vectors; replaced with None for Rust 23 | 24 | def getHashPrevouts(tx, person=b'ZcashPrevoutHash'): 25 | digest = blake2b(digest_size=32, person=person) 26 | for x in tx.vin: 27 | digest.update(bytes(x.prevout)) 28 | return digest.digest() 29 | 30 | def getHashSequence(tx, person=b'ZcashSequencHash'): 31 | digest = blake2b(digest_size=32, person=person) 32 | for x in tx.vin: 33 | digest.update(struct.pack(' 0: 74 | hashJoinSplits = getHashJoinSplits(tx) 75 | 76 | digest = blake2b( 77 | digest_size=32, 78 | person=b'ZcashSigHash' + struct.pack('', 'bitcoin_flavoured': False}), 155 | ('script_code', 'Vec'), 156 | ('transparent_input', { 157 | 'rust_type': 'Option', 158 | 'rust_fmt': lambda x: None if x == -1 else Some(x), 159 | }), 160 | ('hash_type', 'u32'), 161 | ('amount', 'i64'), 162 | ('consensus_branch_id', 'u32'), 163 | ('sighash', '[u8; 32]'), 164 | ), 165 | test_vectors, 166 | ) 167 | 168 | 169 | if __name__ == '__main__': 170 | main() 171 | -------------------------------------------------------------------------------- /zcash_test_vectors/zip_0243.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys; assert sys.version_info[0] >= 3, "Python 3 required." 3 | 4 | from hashlib import blake2b 5 | import struct 6 | 7 | from .transaction import ( 8 | LegacyTransaction, 9 | MAX_MONEY, 10 | SAPLING_TX_VERSION, 11 | Script, 12 | ) 13 | from .output import render_args, render_tv, Some 14 | from .rand import Rand 15 | 16 | from .zip_0143 import ( 17 | getHashJoinSplits, 18 | getHashOutputs, 19 | getHashPrevouts, 20 | getHashSequence, 21 | NOT_AN_INPUT, 22 | SIGHASH_ALL, 23 | SIGHASH_ANYONECANPAY, 24 | SIGHASH_NONE, 25 | SIGHASH_SINGLE, 26 | ) 27 | 28 | 29 | def getHashShieldedSpends(tx): 30 | digest = blake2b(digest_size=32, person=b'ZcashSSpendsHash') 31 | for desc in tx.vShieldedSpends: 32 | # We don't pass in serialized form of desc as spendAuthSig is not part of the hash 33 | digest.update(bytes(desc.cv)) 34 | digest.update(bytes(desc.anchor)) 35 | digest.update(desc.nullifier) 36 | digest.update(bytes(desc.rk)) 37 | digest.update(bytes(desc.proof)) 38 | return digest.digest() 39 | 40 | def getHashShieldedOutputs(tx): 41 | digest = blake2b(digest_size=32, person=b'ZcashSOutputHash') 42 | for desc in tx.vShieldedOutputs: 43 | digest.update(bytes(desc)) 44 | return digest.digest() 45 | 46 | def signature_hash(scriptCode, tx, nIn, nHashType, amount, consensusBranchId): 47 | hashPrevouts = b'\x00'*32 48 | hashSequence = b'\x00'*32 49 | hashOutputs = b'\x00'*32 50 | hashJoinSplits = b'\x00'*32 51 | hashShieldedSpends = b'\x00'*32 52 | hashShieldedOutputs = b'\x00'*32 53 | 54 | if not (nHashType & SIGHASH_ANYONECANPAY): 55 | hashPrevouts = getHashPrevouts(tx) 56 | 57 | if (not (nHashType & SIGHASH_ANYONECANPAY)) and \ 58 | (nHashType & 0x1f) != SIGHASH_SINGLE and \ 59 | (nHashType & 0x1f) != SIGHASH_NONE: 60 | hashSequence = getHashSequence(tx) 61 | 62 | if (nHashType & 0x1f) != SIGHASH_SINGLE and \ 63 | (nHashType & 0x1f) != SIGHASH_NONE: 64 | hashOutputs = getHashOutputs(tx) 65 | elif (nHashType & 0x1f) == SIGHASH_SINGLE and \ 66 | 0 <= nIn and nIn < len(tx.vout): 67 | digest = blake2b(digest_size=32, person=b'ZcashOutputsHash') 68 | digest.update(bytes(tx.vout[nIn])) 69 | hashOutputs = digest.digest() 70 | 71 | if len(tx.vJoinSplit) > 0: 72 | hashJoinSplits = getHashJoinSplits(tx) 73 | 74 | if len(tx.vShieldedSpends) > 0: 75 | hashShieldedSpends = getHashShieldedSpends(tx) 76 | 77 | if len(tx.vShieldedOutputs) > 0: 78 | hashShieldedOutputs = getHashShieldedOutputs(tx) 79 | 80 | digest = blake2b( 81 | digest_size=32, 82 | person=b'ZcashSigHash' + struct.pack('', 'bitcoin_flavoured': False}), 162 | ('script_code', 'Vec'), 163 | ('transparent_input', { 164 | 'rust_type': 'Option', 165 | 'rust_fmt': lambda x: None if x == -1 else Some(x), 166 | }), 167 | ('hash_type', 'u32'), 168 | ('amount', 'i64'), 169 | ('consensus_branch_id', 'u32'), 170 | ('sighash', '[u8; 32]'), 171 | ), 172 | test_vectors, 173 | ) 174 | 175 | 176 | if __name__ == '__main__': 177 | main() 178 | --------------------------------------------------------------------------------