From 43e368faf6bd79f47fc30974d80cd2777c6fbe3b Mon Sep 17 00:00:00 2001
From: Sam Kim <skim13@cs.stanford.edu>
Date: Tue, 12 Oct 2021 10:21:07 -0400
Subject: [PATCH] add ElGamal key derivation from Ed25519 signing key

---
 zk-token-sdk/src/encryption/elgamal.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/zk-token-sdk/src/encryption/elgamal.rs b/zk-token-sdk/src/encryption/elgamal.rs
index 265839bae8..dea26174c1 100644
--- a/zk-token-sdk/src/encryption/elgamal.rs
+++ b/zk-token-sdk/src/encryption/elgamal.rs
@@ -11,6 +11,7 @@ use {
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
     },
+    ed25519_dalek::SecretKey as SigningKey,
     serde::{Deserialize, Serialize},
     std::collections::HashMap,
     std::convert::TryInto,
@@ -20,6 +21,7 @@ use {
 #[cfg(not(target_arch = "bpf"))]
 use {
     rand::{rngs::OsRng, CryptoRng, RngCore},
+    sha3::Sha3_512,
     std::{
         fmt,
         fs::{self, File, OpenOptions},
@@ -217,6 +219,13 @@ impl ElGamalKeypair {
 #[derive(Serialize, Deserialize, Default, Clone, Copy, Debug, Eq, PartialEq)]
 pub struct ElGamalPubkey(RistrettoPoint);
 impl ElGamalPubkey {
+    /// Derive the `ElGamalPubkey` that uniquely corresponds to an `ElGamalSecretKey`
+    #[allow(non_snake_case)]
+    pub fn new(sk: ElGamalSecretKey) -> Self {
+        let H = PedersenBase::default().H;
+        ElGamalPubkey(sk.0 * H)
+    }
+
     pub fn get_point(&self) -> RistrettoPoint {
         self.0
     }
@@ -271,6 +280,11 @@ impl fmt::Display for ElGamalPubkey {
 #[zeroize(drop)]
 pub struct ElGamalSecretKey(Scalar);
 impl ElGamalSecretKey {
+    pub fn new(signing_key: SigningKey, label: &'static [u8]) -> Self {
+        let hashable = [&signing_key.to_bytes(), label].concat();
+        ElGamalSecretKey(Scalar::hash_from_bytes::<Sha3_512>(&hashable))
+    }
+
     pub fn get_scalar(&self) -> Scalar {
         self.0
     }