sapling_crypto_ce/
constants.rs

1/// First 64 bytes of the BLAKE2s input during group hash.
2/// This is chosen to be some random string that we couldn't have anticipated when we designed
3/// the algorithm, for rigidity purposes.
4/// We deliberately use an ASCII hex string of 32 bytes here.
5pub const GH_FIRST_BLOCK: &'static [u8; 64]
6          = b"096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0";
7
8// BLAKE2s invocation personalizations
9/// BLAKE2s Personalization for CRH^ivk = BLAKE2s(ak | nk)
10pub const CRH_IVK_PERSONALIZATION: &'static [u8; 8]
11          = b"Zcashivk";
12
13/// BLAKE2s Personalization for PRF^nf = BLAKE2s(nk | rho)
14pub const PRF_NF_PERSONALIZATION: &'static [u8; 8]
15          = b"Zcash_nf";
16
17// Group hash personalizations
18/// BLAKE2s Personalization for Pedersen hash generators.
19pub const PEDERSEN_HASH_GENERATORS_PERSONALIZATION: &'static [u8; 8]
20          = b"Zcash_PH";
21
22/// BLAKE2s Personalization for the group hash for key diversification
23pub const KEY_DIVERSIFICATION_PERSONALIZATION: &'static [u8; 8]
24          = b"Zcash_gd";
25
26/// BLAKE2s Personalization for the spending key base point
27pub const SPENDING_KEY_GENERATOR_PERSONALIZATION: &'static [u8; 8]
28          = b"Zcash_G_";
29
30/// BLAKE2s Personalization for the proof generation key base point
31pub const PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION: &'static [u8; 8]
32          = b"Zcash_H_";
33
34/// BLAKE2s Personalization for the value commitment generator for the value
35pub const VALUE_COMMITMENT_GENERATOR_PERSONALIZATION: &'static [u8; 8]
36          = b"Zcash_cv";
37
38/// BLAKE2s Personalization for the nullifier position generator (for computing rho)
39pub const NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION: &'static [u8; 8]
40          = b"Zcash_J_";
41
42/// BLAKE2s Personalization hash of (R_x || message) in EdDSA variant with 256 bit hash
43pub const MATTER_EDDSA_BLAKE2S_PERSONALIZATION: &'static [u8; 8] 
44            = b"Matter_H";