penumbra icon indicating copy to clipboard operation
penumbra copied to clipboard

Published 20 hours ago verified publisher icon penumbra-zone

split ovk and dk derivations

Open redshiftzero opened this issue 2 years ago • 0 comments

Currently in our key derivation we compute the ovk and dk from a single hash output as follows:

let (ovk, dk) = {
            let hash_result = prf::expand(b"Penumbra_ExpndVK", &nk.0.to_bytes(), ak.as_ref());

            let mut ovk = [0; 32];
            let mut dk = [0; 32];
            ovk.copy_from_slice(&hash_result.as_bytes()[0..32]);
            dk.copy_from_slice(&hash_result.as_bytes()[32..64]);

            (ovk, dk)
};

This ticket is to break up the derivation of the ovk and dk by using a separate hash output for each key, with a different domain separator for the ovk and dk derivations.

⚠️: this is a breaking change to addresses and should be coordinated with the other incoming changes that break the address format

redshiftzero avatar Jul 08 '22 05:07 redshiftzero