using sha512 after feedback from crypto team

AztecProtocol · Apr 12, 2024 · 2ccea7a · 2ccea7a
1 parent 7be4725
commit 2ccea7a
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 11 deletions.
diff --git a/yarn-project/foundation/src/crypto/sha256/index.ts b/yarn-project/foundation/src/crypto/sha256/index.ts
@@ -12,3 +12,15 @@ export const sha256ToField = (data: Bufferable[]) => {
   const buffer = serializeToBuffer(data);
   return Fr.fromBuffer(sha256Trunc(buffer));
 };
+
+export const sha512 = (data: Buffer) => Buffer.from(hash.sha512().update(data).digest());
+
+/**
+ * @dev We don't truncate in this function (unlike in sha256ToField) because this function is used in situations where
+ * we don't care only about collision resistance but we need the output to be uniformly distributed as well. This is
+ * because we use it as a pseudo-random function.
+ */
+export const sha512ToField = (data: Bufferable[]) => {
+  const buffer = serializeToBuffer(data);
+  return Fr.fromBufferReduce(sha512(buffer));
+};
diff --git a/yarn-project/key-store/src/new_test_key_store.test.ts b/yarn-project/key-store/src/new_test_key_store.test.ts
@@ -15,28 +15,28 @@ describe('NewTestKeyStore', () => {
 
     const accountAddress = await keyStore.addAccount(sk, partialAddress);
     expect(accountAddress.toString()).toMatchInlineSnapshot(
-      `"0x2ae5eeea29e4059842653d97864456c28fa53e4a823a8df65802090de1e85baa"`,
+      `"0x2be4a07a3c5b5d746cb3c312bce46ee844748039b5e772ddb8d0e961f1512bb9"`,
     );
 
     // TODO(#5714): The keys are currently the same here because separator is currently ignored in poseidon
     const masterNullifierPublicKey = await keyStore.getMasterNullifierPublicKey(accountAddress);
     expect(masterNullifierPublicKey.toString()).toMatchInlineSnapshot(
-      `"0x1b0b998b70b295ed14912584c64abfd402ee13511d0dcf05badef38e8c10acd00fce0a5909d612c9a2d2c9172ff3cf5ba6be3e314d66b05edd74f3d5d259110f"`,
+      `"0x03e81abc4e901640f7e3a2ad2058c94f17985bbb482774e9ec2c047c21ff25f30b7997c999ace8289fe5595cf0df6a038b73e3955241d6240263f73b51401911"`,
     );
 
     const masterIncomingViewingPublicKey = await keyStore.getMasterIncomingViewingPublicKey(accountAddress);
     expect(masterIncomingViewingPublicKey.toString()).toMatchInlineSnapshot(
-      `"0x1b0b998b70b295ed14912584c64abfd402ee13511d0dcf05badef38e8c10acd00fce0a5909d612c9a2d2c9172ff3cf5ba6be3e314d66b05edd74f3d5d259110f"`,
+      `"0x09c762a9e8da1471ca67eb9e150398cc8406aee86f397f842f6ef10a7a0fda32239588ed8e880e81000efd81c7a856ba063cdfaa6212e3a512ad59bff163c619"`,
     );
 
     const masterOutgoingViewingPublicKey = await keyStore.getMasterOutgoingViewingPublicKey(accountAddress);
     expect(masterOutgoingViewingPublicKey.toString()).toMatchInlineSnapshot(
-      `"0x1b0b998b70b295ed14912584c64abfd402ee13511d0dcf05badef38e8c10acd00fce0a5909d612c9a2d2c9172ff3cf5ba6be3e314d66b05edd74f3d5d259110f"`,
+      `"0x282f7a4242121b26a16a72228593db50de79bb312ce0825657a175ca8e7802100b161ab6f43d98fe6ecafaeeeeef8d1c0d77b220d5eb92d2bb2aee50b7558940"`,
     );
 
     const masterTaggingPublicKey = await keyStore.getMasterTaggingPublicKey(accountAddress);
     expect(masterTaggingPublicKey.toString()).toMatchInlineSnapshot(
-      `"0x1b0b998b70b295ed14912584c64abfd402ee13511d0dcf05badef38e8c10acd00fce0a5909d612c9a2d2c9172ff3cf5ba6be3e314d66b05edd74f3d5d259110f"`,
+      `"0x14348f7ca16a769fe76dfbeef2812a6b788b94952a39fcf10f78114a2a85c3e517387463d0b7fad7aac6f9f970a5533d919fbda66b537b7ce4544f13d497ffad"`,
     );
   });
 });
diff --git a/yarn-project/key-store/src/new_test_key_store.ts b/yarn-project/key-store/src/new_test_key_store.ts
@@ -1,7 +1,7 @@
 import { type NewKeyStore, type PublicKey } from '@aztec/circuit-types';
 import { AztecAddress, Fq, Fr, GeneratorIndex, type PartialAddress, Point } from '@aztec/circuits.js';
 import { type Grumpkin } from '@aztec/circuits.js/barretenberg';
-import { poseidonHash } from '@aztec/foundation/crypto';
+import { poseidonHash, sha512ToField } from '@aztec/foundation/crypto';
 import { type AztecKVStore, type AztecMap } from '@aztec/kv-store';
 
 /**
@@ -32,11 +32,12 @@ export class NewTestKeyStore implements NewKeyStore {
    * @returns The account's address.
    */
   public async addAccount(sk: Fr, partialAddress: PartialAddress): Promise<AztecAddress> {
-    // First we derive master secret keys
-    const masterNullifierSecretKey = poseidonHash([sk], GeneratorIndex.NSK_M);
-    const masterIncomingViewingSecretKey = poseidonHash([sk], GeneratorIndex.IVSK_M);
-    const masterOutgoingViewingSecretKey = poseidonHash([sk], GeneratorIndex.OVSK_M);
-    const masterTaggingSecretKey = poseidonHash([sk], GeneratorIndex.TSK_M);
+    // First we derive master secret keys -  we use sha512 here because this derivation will never take place
+    // in a circuit
+    const masterNullifierSecretKey = sha512ToField([sk, GeneratorIndex.NSK_M]);
+    const masterIncomingViewingSecretKey = sha512ToField([sk, GeneratorIndex.IVSK_M]);
+    const masterOutgoingViewingSecretKey = sha512ToField([sk, GeneratorIndex.OVSK_M]);
+    const masterTaggingSecretKey = sha512ToField([sk, GeneratorIndex.TSK_M]);
 
     // Then we derive master public keys
     // TODO: Is converting from Fr to Fq bellow an issue? Fr.MODULUS is < Fq.MODULUS so it shouldn't but should we refactor this anyway?