From 7f5e9bc668099f87315eb8a0354b416af5127d3a Mon Sep 17 00:00:00 2001
From: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com>
Date: Thu, 30 Nov 2023 17:14:10 -0600
Subject: [PATCH] Speed up AEAD on wrong prekey

---
 src/libspark/aead.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/libspark/aead.cpp b/src/libspark/aead.cpp
index ada79bcc2c..c2c3428b66 100644
--- a/src/libspark/aead.cpp
+++ b/src/libspark/aead.cpp
@@ -44,15 +44,15 @@ AEADEncryptedData AEAD::encrypt(const GroupElement& prekey, const std::string ad
 
 // Perform authenticated decryption with ChaCha20-Poly1305 using key commitment
 CDataStream AEAD::decrypt_and_verify(const GroupElement& prekey, const std::string additional_data, AEADEncryptedData& data) {
-	// Derive the key and commitment
-	std::vector<unsigned char> key = SparkUtils::kdf_aead(prekey);
-	std::vector<unsigned char> key_commitment = SparkUtils::commit_aead(prekey);
-
 	// Assert that the key commitment is valid
+	std::vector<unsigned char> key_commitment = SparkUtils::commit_aead(prekey);
 	if (key_commitment != data.key_commitment) {
 		throw std::runtime_error("Bad AEAD key commitment");
 	}
 
+	// Derive the key
+	std::vector<unsigned char> key = SparkUtils::kdf_aead(prekey);
+
 	// Set up the result
 	CDataStream result(SER_NETWORK, PROTOCOL_VERSION);