librustzcash/zcash_primitives/benches/note_decryption.rs

use criterion::{criterion_group, criterion_main, Criterion};
use ff::Field;
use rand_core::OsRng;
use zcash_primitives::{
    consensus::{NetworkUpgrade::Canopy, Parameters, TestNetwork, TEST_NETWORK},
    memo::MemoBytes,
    sapling::{
        note_encryption::{sapling_note_encryption, try_sapling_note_decryption, Memo},
        util::generate_random_rseed,
        Diversifier, PaymentAddress, SaplingIvk, ValueCommitment,
    },
    transaction::components::{OutputDescription, GROTH_PROOF_SIZE},
};

fn bench_note_decryption(c: &mut Criterion) {
    let mut rng = OsRng;
    let height = TEST_NETWORK.activation_height(Canopy).unwrap();

    let valid_ivk = SaplingIvk(jubjub::Fr::random(&mut rng));
    let invalid_ivk = SaplingIvk(jubjub::Fr::random(&mut rng));

    // Construct a fake Sapling output as if we had just deserialized a transaction.
    let output = {
        let diversifier = Diversifier([0; 11]);
        let pk_d = diversifier.g_d().unwrap() * valid_ivk.0;
        let pa = PaymentAddress::from_parts(diversifier, pk_d).unwrap();

        let rseed = generate_random_rseed(&TEST_NETWORK, height, &mut rng);

        // Construct the value commitment for the proof instance
        let value = 100;
        let value_commitment = ValueCommitment {
            value,
            randomness: jubjub::Fr::random(&mut rng),
        };
        let cv = value_commitment.commitment().into();

        let note = pa.create_note(value, rseed).unwrap();
        let cmu = note.cmu();

        let mut ne =
            sapling_note_encryption::<_, TestNetwork>(None, note, pa, MemoBytes::empty(), &mut rng);
        let ephemeral_key = *ne.epk();
        let enc_ciphertext = ne.encrypt_note_plaintext();
        let out_ciphertext = ne.encrypt_outgoing_plaintext(&cv, &cmu, &mut rng);

        OutputDescription {
            cv,
            cmu,
            ephemeral_key,
            enc_ciphertext,
            out_ciphertext,
            zkproof: [0; GROTH_PROOF_SIZE],
        }
    };

    let mut group = c.benchmark_group("Sapling note decryption");

    group.bench_function("valid", |b| {
        b.iter(|| {
            try_sapling_note_decryption(
                &TEST_NETWORK,
                height,
                &valid_ivk,
                &output.ephemeral_key,
                &output.cmu,
                &output.enc_ciphertext,
            )
            .unwrap()
        })
    });

    group.bench_function("invalid", |b| {
        b.iter(|| {
            try_sapling_note_decryption(
                &TEST_NETWORK,
                height,
                &invalid_ivk,
                &output.ephemeral_key,
                &output.cmu,
                &output.enc_ciphertext,
            )
        })
    });
}

criterion_group!(benches, bench_note_decryption);
criterion_main!(benches);
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`use criterion::{criterion_group, criterion_main, Criterion};`
			`use ff::Field;`
			`use rand_core::OsRng;`
			`use zcash_primitives::{`
Generalize note encryption and decryption. This commit introduces a `Domain` trait which defines the types and operations that are shared between Sapling and Orchard note encryption and decryption processes. 2021-03-17 17:22:21 -07:00			`consensus::{NetworkUpgrade::Canopy, Parameters, TestNetwork, TEST_NETWORK},`
Split memo-handling into MemoBytes struct and Memo enum The MemoBytes struct is a minimal wrapper around the memo bytes, and only imposes the existence of null-padding for shorter memos. The only error case is attempting to construct a memo that is too long. MemoBytes is guaranteed to be round-trip encodable (modulo null padding). The Memo enum implements the additional memo rules defined in ZIP 302, interpreting the contents of a memo (for example, parsing it as text). 2020-10-29 09:48:26 -07:00			`memo::MemoBytes,`
Move sapling-specific primitives into the sapling module. 2021-03-04 13:26:39 -08:00			`sapling::{`
Generalize note encryption and decryption. This commit introduces a `Domain` trait which defines the types and operations that are shared between Sapling and Orchard note encryption and decryption processes. 2021-03-17 17:22:21 -07:00			`note_encryption::{sapling_note_encryption, try_sapling_note_decryption, Memo},`
			`util::generate_random_rseed,`
			`Diversifier, PaymentAddress, SaplingIvk, ValueCommitment,`
Move sapling-specific primitives into the sapling module. 2021-03-04 13:26:39 -08:00			`},`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`transaction::components::{OutputDescription, GROTH_PROOF_SIZE},`
			`};`

			`fn bench_note_decryption(c: &mut Criterion) {`
			`let mut rng = OsRng;`
Merge remote-tracking branch 'upstream/master' into zip-tzes Fix benchmark build issues. 2020-09-21 15:41:40 -07:00			`let height = TEST_NETWORK.activation_height(Canopy).unwrap();`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00
Introduce SaplingIvk newtype & use IVKs where possible. This includes making it possible to obtain a payment address from just the IVK + diversifier. 2020-11-20 11:31:29 -08:00			`let valid_ivk = SaplingIvk(jubjub::Fr::random(&mut rng));`
			`let invalid_ivk = SaplingIvk(jubjub::Fr::random(&mut rng));`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00
			`// Construct a fake Sapling output as if we had just deserialized a transaction.`
			`let output = {`
			`let diversifier = Diversifier([0; 11]);`
Introduce SaplingIvk newtype & use IVKs where possible. This includes making it possible to obtain a payment address from just the IVK + diversifier. 2020-11-20 11:31:29 -08:00			`let pk_d = diversifier.g_d().unwrap() * valid_ivk.0;`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`let pa = PaymentAddress::from_parts(diversifier, pk_d).unwrap();`

Merge remote-tracking branch 'upstream/master' into zip-tzes Fix benchmark build issues. 2020-09-21 15:41:40 -07:00			`let rseed = generate_random_rseed(&TEST_NETWORK, height, &mut rng);`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00
			`// Construct the value commitment for the proof instance`
			`let value = 100;`
			`let value_commitment = ValueCommitment {`
			`value,`
			`randomness: jubjub::Fr::random(&mut rng),`
			`};`
			`let cv = value_commitment.commitment().into();`

			`let note = pa.create_note(value, rseed).unwrap();`
			`let cmu = note.cmu();`

Generalize note encryption and decryption. This commit introduces a `Domain` trait which defines the types and operations that are shared between Sapling and Orchard note encryption and decryption processes. 2021-03-17 17:22:21 -07:00			`let mut ne =`
			`sapling_note_encryption::<_, TestNetwork>(None, note, pa, MemoBytes::empty(), &mut rng);`
			`let ephemeral_key = *ne.epk();`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`let enc_ciphertext = ne.encrypt_note_plaintext();`
Generalize note encryption and decryption. This commit introduces a `Domain` trait which defines the types and operations that are shared between Sapling and Orchard note encryption and decryption processes. 2021-03-17 17:22:21 -07:00			`let out_ciphertext = ne.encrypt_outgoing_plaintext(&cv, &cmu, &mut rng);`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00
			`OutputDescription {`
			`cv,`
			`cmu,`
			`ephemeral_key,`
			`enc_ciphertext,`
			`out_ciphertext,`
			`zkproof: [0; GROTH_PROOF_SIZE],`
			`}`
			`};`

			`let mut group = c.benchmark_group("Sapling note decryption");`

			`group.bench_function("valid", \|b\| {`
			`b.iter(\|\| {`
Merge remote-tracking branch 'upstream/master' into zip-tzes Fix benchmark build issues. 2020-09-21 15:41:40 -07:00			`try_sapling_note_decryption(`
			`&TEST_NETWORK,`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`height,`
			`&valid_ivk,`
Take epk as a jubjub::ExtendedPoint for note decryption We don't need to check if epk is in the prime-order subgroup before we trial-decrypt, which saves a third of the cost of trial-decrypting outputs that are not ours. 2020-09-09 16:39:21 -07:00			`&output.ephemeral_key,`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`&output.cmu,`
			`&output.enc_ciphertext,`
			`)`
			`.unwrap()`
			`})`
			`});`

			`group.bench_function("invalid", \|b\| {`
			`b.iter(\|\| {`
Merge remote-tracking branch 'upstream/master' into zip-tzes Fix benchmark build issues. 2020-09-21 15:41:40 -07:00			`try_sapling_note_decryption(`
			`&TEST_NETWORK,`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`height,`
			`&invalid_ivk,`
Take epk as a jubjub::ExtendedPoint for note decryption We don't need to check if epk is in the prime-order subgroup before we trial-decrypt, which saves a third of the cost of trial-decrypting outputs that are not ours. 2020-09-09 16:39:21 -07:00			`&output.ephemeral_key,`
zcash_primitives: Add benchmark for Sapling note decryption 2020-09-09 14:25:56 -07:00			`&output.cmu,`
			`&output.enc_ciphertext,`
			`)`
			`})`
			`});`
			`}`

			`criterion_group!(benches, bench_note_decryption);`
			`criterion_main!(benches);`