Remove more from libsnark, and fix potential remote-DoS.
See https://github.com/zcash/libsnark/pull/1 as well.
[`59adbef`](59adbefcc8) removes a remote-DoS that can occur if proofs are not well-formed.
[`e3779f9`](e3779f9049) removes more files that we do not need from libsnark.
[`11242d8`](11242d8afe) replaces assertions that could be triggered by our verifier with exceptions.
Here in Zcash, we catch all exceptions from the verifier and return false.
Closes#459, Closes#69
When the difficulty adjustment algorithm was altered, the special testnet
min-difficulty case was maintained, but the difficulty adjustment for the
following block then adjusted from min-difficulty instead of from the last
non-min-difficulty block. This caused the difficulty on the testnet to sawtooth
instead of stabilising. The intended behaviour is restored here.
Bump the (minimum) protocol version to avoid invoking legacy behavior
This sets the current protocol version to `170002` (an order of magnitude larger than Bitcoin's) and the minimum to the same.
Closes#1107
Collect all permutations of final solutions
This fixes a small bug where if there was a three-way (or more) collision in the final step, one or more valid solutions would be left out.
Remove the constraint system from the alpha proving key.
This removes the constraint system from the `z5-proving.key`, shortening it by about 35%. It appeared at the end of the file, which is why we didn't need to change public parameters in #1104.
Add security warnings doc with warning about side channels.
Closes#5. Closes#785. Closes#488. Closes#784.
Let's only merge this once we're sure the warning is at least as strong as it needs to be (and thus sufficient to close those tickets).
New private/public key pairs for broadcasting alert messages
Implements #424
Fixes and integrates method of sending alerts as described by upstream here:
- https://gist.github.com/laanwj/0e689cfa37b52bcbbb44
To send an alert:
- Copy private keys into alertkeys.h.
- Modify alert parameters and message found in sendalert.cpp
- Build and run to send the alert e.g. ./zcashd -printtoconsole -sendalert
Tested and verified with local nodes on alpha 6 testnet.
Rename things to match protocol specification
This is a pass through the code to eliminate usage of "pour" and "serial" and any other outdated terminology.
Closes#602
Update libsnark
We have now forked libsnark's current master and applied the following patches:
* [`9216072`: Remove code that we don't use.](9216072c3b) (unblocks #69)
* [`dcb78b2`: Modify makefile to stop compiling things we removed.](dcb78b24d9)
* [`a6b0ad0`: Use libsodium's PRNG](a6b0ad0c80) (closes#780)
* [`4036716`: Don't (de)serialize the constraint system in the proving key.](403671675a) (closes#491)
* [`a703148`: Taylor's compilation patch](a7031481fd) (@defuse can you submit this to upstream?)
This PR adopts those changes, and makes the requisite changes to Zcash to support them. I have decided to not bring libsnark in tree for the time being, though it should be incredibly easy to do later if we're *absolutely* sure we should.
Simon
zkbot
Sean Bowe
Jack Grigg
Taylor Hornby
Daira Hopwood