bind change address extensions to the primary address spend pubkey

src/seraphis_core/jamtis_account_secrets.cpp

@@ -153,21 +153,25 @@ void make_rct_spendkey(const crypto::secret_key &k_generate_image,
 }
 //-------------------------------------------------------------------------------------------------------------------
 void make_carrot_secret_change_spend_extension_g(const crypto::secret_key &k_view,
+    const crypto::public_key &primary_address_spend_pubkey,
     crypto::secret_key &k_secret_change_spend_extension_g_out)
 {
-    // k^change_g = H_n[k_v]("G")
-    SpKDFTranscript transcript{config::HASH_KEY_CARROT_CHANGE_SPEND_EXTENSION_G, 0};
+    // k^change_g = H_n[k_v]("G" || K_s)
+    SpKDFTranscript transcript{config::HASH_KEY_CARROT_CHANGE_SPEND_EXTENSION_G, sizeof(crypto::public_key)};
+    transcript.append("K_s", primary_address_spend_pubkey);
     sp_derive_key(to_bytes(k_view),
         transcript.data(),
         transcript.size(),
         to_bytes(k_secret_change_spend_extension_g_out));
 }
 //-------------------------------------------------------------------------------------------------------------------
 void make_carrot_secret_change_spend_extension_u(const crypto::secret_key &k_view,
+    const crypto::public_key &primary_address_spend_pubkey,
     crypto::secret_key &k_secret_change_spend_extension_u_out)
 {
-    // k^change_u = H_n[k_v]("U")
-    SpKDFTranscript transcript{config::HASH_KEY_CARROT_CHANGE_SPEND_EXTENSION_U, 0};
+    // k^change_u = H_n[k_v]("U" || K_s)
+    SpKDFTranscript transcript{config::HASH_KEY_CARROT_CHANGE_SPEND_EXTENSION_U, sizeof(crypto::public_key)};
+    transcript.append("K_s", primary_address_spend_pubkey);
     sp_derive_key(to_bytes(k_view),
         transcript.data(),
         transcript.size(),
@@ -178,14 +182,16 @@ void make_carrot_secret_change_spend_pubkey(const crypto::public_key &primary_ad
     const crypto::secret_key &k_view,
     crypto::public_key &secret_change_spend_pubkey_out)
 {
-    // k^change_g = H_n[k_v]("G")
+    // k^change_g = H_n[k_v]("G" || K_s)
     crypto::secret_key k_secret_change_spend_extension_g;
     make_carrot_secret_change_spend_extension_g(k_view,
+        primary_address_spend_pubkey,
         k_secret_change_spend_extension_g);
-    
-    // k^change_u = H_n[k_v]("U")
+
+    // k^change_u = H_n[k_v]("U" || K_s)
     crypto::secret_key k_secret_change_spend_extension_u;
     make_carrot_secret_change_spend_extension_u(k_view,
+        primary_address_spend_pubkey,
         k_secret_change_spend_extension_u);
 
     // K^change_s = K_s + k^change_g G + k^change_u U

src/seraphis_core/jamtis_account_secrets.h

@@ -158,19 +158,21 @@ void make_rct_spendkey(const crypto::secret_key &k_generate_image,
     rct::key &spend_pubkey_out);
 /**
  * brief: make_carrot_secret_change_spend_extension_g - spend pubkey extension for Janus-protected change (G)
- *   k^change_g = H_n[k_v]("G")
+ *   k^change_g = H_n[k_v]("G" || K_s)
  * param: k_view - k_v
  * outparam: k_secret_change_spend_extension_g_out - k^change_g
  */
 void make_carrot_secret_change_spend_extension_g(const crypto::secret_key &k_view,
+    const crypto::public_key &primary_address_spend_pubkey,
     crypto::secret_key &k_secret_change_spend_extension_g_out);
 /**
  * brief: make_carrot_secret_change_spend_extension_u - spend pubkey extension for Janus-protected change (U)
- *   k^change_u = H_n[k_v]("U")
+ *   k^change_u = H_n[k_v]("U" || K_s)
  * param: k_view - k_v
  * outparam: k_secret_change_spend_extension_g_out - k^change_u
  */
 void make_carrot_secret_change_spend_extension_u(const crypto::secret_key &k_view,
+    const crypto::public_key &primary_address_spend_pubkey,
     crypto::secret_key &k_secret_change_spend_extension_u_out);
 /**
  * brief: make_carrot_secret_change_spend_pubkey - carrot spend pubkey for Janus-protected change