nox-core 0.1.0

Shared protocol types for the NOX mixnet (events, traits, models, fragmentation)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

use ark_bn254::Fr;
use ark_std::Zero;
use darkpool_crypto::error::CryptoError;
use darkpool_crypto::IPoseidonHasher;
use std::sync::Arc;

pub struct HisokaKdf {
    hasher: Arc<dyn IPoseidonHasher>,
}

impl HisokaKdf {
    pub fn new(hasher: Arc<dyn IPoseidonHasher>) -> Self {
        Self { hasher }
    }

    /// Derive a child key from a master key, purpose string, and optional nonce.
    ///
    /// Returns `Err` if `purpose` exceeds 32 bytes.
    ///
    /// **Collision note (M-04):** When `nonce` is `None` or `Some(Fr::zero())`,
    /// the hash input is identical: `[master, purpose_fr]`. This is intentional --
    /// the nonce-less derivation is used only once per purpose (e.g., `"hisoka.ephemeral"`).
    /// Callers that re-derive with different nonces MUST use nonce >= 1.
    pub fn derive(&self, purpose: &str, master: Fr, nonce: Option<Fr>) -> Result<Fr, CryptoError> {
        let purpose_fr = self.hasher.string_to_fr(purpose)?;

        let mut inputs = vec![master, purpose_fr];

        if let Some(n) = nonce {
            if !n.is_zero() {
                inputs.push(n);
            }
        }

        Ok(self.hasher.hash(&inputs))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use ark_ff::One;
    use darkpool_crypto::poseidon::NoxHasher;

    fn kdf() -> HisokaKdf {
        HisokaKdf::new(Arc::new(NoxHasher))
    }

    #[test]
    fn derive_is_deterministic() {
        let master = Fr::one();
        let k = kdf();
        let a = k.derive("test.purpose", master, None).unwrap();
        let b = k.derive("test.purpose", master, None).unwrap();
        assert_eq!(a, b);
    }

    #[test]
    fn different_purposes_yield_different_keys() {
        let master = Fr::one();
        let k = kdf();
        let a = k.derive("purpose.alpha", master, None).unwrap();
        let b = k.derive("purpose.beta", master, None).unwrap();
        assert_ne!(a, b);
    }

    #[test]
    fn different_nonces_yield_different_keys() {
        let master = Fr::one();
        let k = kdf();
        let a = k.derive("same", master, Some(Fr::from(1u64))).unwrap();
        let b = k.derive("same", master, Some(Fr::from(2u64))).unwrap();
        assert_ne!(a, b);
    }

    #[test]
    fn none_and_zero_nonce_are_equivalent() {
        let master = Fr::one();
        let k = kdf();
        let a = k.derive("same", master, None).unwrap();
        let b = k.derive("same", master, Some(Fr::zero())).unwrap();
        assert_eq!(
            a, b,
            "None and Some(Fr::zero()) must produce the same key (M-04 collision)"
        );
    }

    #[test]
    fn nonzero_nonce_differs_from_none() {
        let master = Fr::one();
        let k = kdf();
        let a = k.derive("same", master, None).unwrap();
        let b = k.derive("same", master, Some(Fr::from(1u64))).unwrap();
        assert_ne!(a, b);
    }

    #[test]
    fn different_masters_yield_different_keys() {
        let k = kdf();
        let a = k.derive("same", Fr::from(100u64), None).unwrap();
        let b = k.derive("same", Fr::from(200u64), None).unwrap();
        assert_ne!(a, b);
    }

    #[test]
    fn output_is_nonzero() {
        let k = kdf();
        let result = k.derive("test", Fr::one(), None).unwrap();
        assert!(!result.is_zero());
    }
}