Merge pull request #1068 from zcash/post-sapling-crypto-extraction-cleanup

Post sapling crypto extraction cleanup
2023-12-12 21:00:53 +00:00 · 2023-12-12 21:00:53 +00:00 · 926c5dcb3f
parent 164e21dbd6 35ea2ff38b
commit 926c5dcb3f
38 changed files with 130 additions and 425 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -3011,6 +3011,7 @@ dependencies = [
 "prost",
 "rand_core",
 "rayon",
 "sapling-crypto",
 "secrecy",
 "shardtree",
 "subtle",
@ -3043,6 +3044,7 @@ dependencies = [
 "rand_core",
 "regex",
 "rusqlite",
 "sapling-crypto",
 "schemer",
 "schemer-rusqlite",
 "secrecy",
@ -3075,6 +3077,7 @@ dependencies = [
 "ff",
 "jubjub",
 "rand_core",
 "sapling-crypto",
 "zcash_address",
 "zcash_primitives",
 "zcash_proofs",
@ -3161,6 +3164,7 @@ dependencies = [
 "minreq",
 "rand_core",
 "redjubjub",
 "sapling-crypto",
 "tracing",
 "wagyu-zcash-parameters",
 "xdg",
--- a/zcash_client_backend/Cargo.toml
+++ b/zcash_client_backend/Cargo.toml
@ -57,6 +57,7 @@ subtle.workspace = true
 bls12_381.workspace = true
 group.workspace = true
 orchard.workspace = true
 sapling.workspace = true
 # - Note commitment trees
 incrementalmerkletree.workspace = true
--- a/zcash_client_backend/examples/diversify-address.rs
+++ b/zcash_client_backend/examples/diversify-address.rs
@ -1,8 +1,8 @@
 use gumdrop::Options;
 use sapling::zip32::ExtendedFullViewingKey;
 use zcash_client_backend::encoding::{decode_extended_full_viewing_key, encode_payment_address};
 use zcash_primitives::{
    constants::{mainnet, testnet},
    sapling::zip32::ExtendedFullViewingKey,
    zip32::DiversifierIndex,
 };
--- a/zcash_client_backend/src/address.rs
+++ b/zcash_client_backend/src/address.rs
@ -2,6 +2,7 @@
 use std::convert::TryFrom;
 use sapling::PaymentAddress;
 use zcash_address::{
    unified::{self, Container, Encoding},
    ConversionError, Network, ToAddress, TryFromRawAddress, ZcashAddress,
@ -9,7 +10,6 @@ use zcash_address::{
 use zcash_primitives::{
    consensus,
    legacy::TransparentAddress,
    sapling::PaymentAddress,
    zip32::{AccountId, DiversifierIndex},
 };
--- a/zcash_client_backend/src/data_api.rs
+++ b/zcash_client_backend/src/data_api.rs
@ -8,6 +8,7 @@ use std::{
 };
 use incrementalmerkletree::{frontier::Frontier, Retention};
 use sapling::{Node, NOTE_COMMITMENT_TREE_DEPTH};
 use secrecy::SecretVec;
 use shardtree::{error::ShardTreeError, store::ShardStore, ShardTree};
 use zcash_primitives::{
@ -15,7 +16,6 @@ use zcash_primitives::{
    consensus::BlockHeight,
    legacy::TransparentAddress,
    memo::{Memo, MemoBytes},
    sapling::{self, Node, NOTE_COMMITMENT_TREE_DEPTH},
    transaction::{
        components::{
            amount::{Amount, BalanceError, NonNegativeAmount},
@ -1066,7 +1066,6 @@ pub mod testing {
        consensus::{BlockHeight, Network},
        legacy::TransparentAddress,
        memo::Memo,
        sapling,
        transaction::{components::Amount, Transaction, TxId},
        zip32::{AccountId, Scope},
    };
--- a/zcash_client_backend/src/data_api/chain.rs
+++ b/zcash_client_backend/src/data_api/chain.rs
@ -8,7 +8,6 @@
 //! # {
 //! use zcash_primitives::{
 //!     consensus::{BlockHeight, Network, Parameters},
 //!     sapling
 //! };
 //!
 //! use zcash_client_backend::{
@ -146,9 +145,9 @@
 use std::ops::Range;
 use sapling::note_encryption::PreparedIncomingViewingKey;
 use zcash_primitives::{
    consensus::{self, BlockHeight},
    sapling::{self, note_encryption::PreparedIncomingViewingKey},
    zip32::Scope,
 };
--- a/zcash_client_backend/src/data_api/error.rs
+++ b/zcash_client_backend/src/data_api/error.rs
@ -6,7 +6,6 @@ use std::fmt::{self, Debug, Display};
 use shardtree::error::ShardTreeError;
 use zcash_primitives::transaction::components::amount::NonNegativeAmount;
 use zcash_primitives::{
    sapling,
    transaction::{
        builder,
        components::{amount::BalanceError, transparent},
--- a/zcash_client_backend/src/data_api/wallet.rs
+++ b/zcash_client_backend/src/data_api/wallet.rs
@ -1,12 +1,12 @@
 use std::num::NonZeroU32;
 use sapling::{
    note_encryption::{try_sapling_note_decryption, PreparedIncomingViewingKey},
    prover::{OutputProver, SpendProver},
 };
 use zcash_primitives::{
    consensus::{self, NetworkUpgrade},
    memo::MemoBytes,
    sapling::{
        note_encryption::{try_sapling_note_decryption, PreparedIncomingViewingKey},
        prover::{OutputProver, SpendProver},
    },
    transaction::{
        builder::Builder,
        components::amount::{Amount, NonNegativeAmount},
@ -39,11 +39,9 @@ use super::SaplingInputSource;
 #[cfg(feature = "transparent-inputs")]
 use {
-    super::TransparentInputSource,
+    super::TransparentInputSource, crate::wallet::WalletTransparentOutput,
-    crate::wallet::WalletTransparentOutput,
+    input_selection::ShieldingSelector, sapling::keys::OutgoingViewingKey,
-    input_selection::ShieldingSelector,
+    std::convert::Infallible, zcash_primitives::legacy::TransparentAddress,
    std::convert::Infallible,
    zcash_primitives::{legacy::TransparentAddress, sapling::keys::OutgoingViewingKey},
 };
 /// Scans a [`Transaction`] for any information that can be decrypted by the accounts in
@ -187,8 +185,8 @@ where
 /// # }
 /// ```
 ///
-/// [`sapling::SpendProver`]: zcash_primitives::sapling::prover::SpendProver
+/// [`sapling::SpendProver`]: sapling::prover::SpendProver
-/// [`sapling::OutputProver`]: zcash_primitives::sapling::prover::OutputProver
+/// [`sapling::OutputProver`]: sapling::prover::OutputProver
 #[allow(clippy::too_many_arguments)]
 #[allow(clippy::type_complexity)]
 #[deprecated(
@ -303,8 +301,8 @@ where
 ///   spent. A value of 10 confirmations is recommended and 0-conf transactions are
 ///   not supported.
 ///
-/// [`sapling::SpendProver`]: zcash_primitives::sapling::prover::SpendProver
+/// [`sapling::SpendProver`]: sapling::prover::SpendProver
-/// [`sapling::OutputProver`]: zcash_primitives::sapling::prover::OutputProver
+/// [`sapling::OutputProver`]: sapling::prover::OutputProver
 #[allow(clippy::too_many_arguments)]
 #[allow(clippy::type_complexity)]
 pub fn spend<DbT, ParamsT, InputsT>(
@ -825,8 +823,8 @@ where
 ///   spent. A value of 10 confirmations is recommended and 0-conf transactions are
 ///   not supported.
 ///
-/// [`sapling::SpendProver`]: zcash_primitives::sapling::prover::SpendProver
+/// [`sapling::SpendProver`]: sapling::prover::SpendProver
-/// [`sapling::OutputProver`]: zcash_primitives::sapling::prover::OutputProver
+/// [`sapling::OutputProver`]: sapling::prover::OutputProver
 #[cfg(feature = "transparent-inputs")]
 #[allow(clippy::too_many_arguments)]
 #[allow(clippy::type_complexity)]
--- a/zcash_client_backend/src/data_api/wallet/input_selection.rs
+++ b/zcash_client_backend/src/data_api/wallet/input_selection.rs
@ -450,7 +450,7 @@ impl sapling::OutputView for SaplingPayment {
 /// notes.
 ///
 /// This implementation performs input selection using methods available via the
-/// [`SaplingInputSource`] and [`TransparentInputSource`] interfaces.
+/// [`SaplingInputSource`] and `TransparentInputSource` interfaces.
 pub struct GreedyInputSelector<DbT, ChangeT> {
    change_strategy: ChangeT,
    dust_output_policy: DustOutputPolicy,
--- a/zcash_client_backend/src/decrypt.rs
+++ b/zcash_client_backend/src/decrypt.rs
@ -1,14 +1,11 @@
 use std::collections::HashMap;
 use sapling::note_encryption::{
    try_sapling_note_decryption, try_sapling_output_recovery, PreparedIncomingViewingKey,
 };
 use zcash_primitives::{
    consensus::{self, BlockHeight},
    memo::MemoBytes,
    sapling::{
        self,
        note_encryption::{
            try_sapling_note_decryption, try_sapling_output_recovery, PreparedIncomingViewingKey,
        },
    },
    transaction::Transaction,
    zip32::{AccountId, Scope},
 };
--- a/zcash_client_backend/src/encoding.rs
+++ b/zcash_client_backend/src/encoding.rs
@ -10,15 +10,10 @@ use bech32::{self, Error, FromBase32, ToBase32, Variant};
 use bs58::{self, decode::Error as Bs58Error};
 use std::fmt;
 use std::io::{self, Write};
 use sapling::zip32::{ExtendedFullViewingKey, ExtendedSpendingKey};
 use zcash_address::unified::{self, Encoding};
-use zcash_primitives::{
+use zcash_primitives::{consensus, legacy::TransparentAddress};
    consensus,
    legacy::TransparentAddress,
    sapling::{
        self,
        zip32::{ExtendedFullViewingKey, ExtendedSpendingKey},
    },
 };
 fn bech32_encode<F>(hrp: &str, write: F) -> String
 where
@ -188,14 +183,14 @@ impl<P: consensus::Parameters> AddressCodec<P> for UnifiedAddress {
 /// let extsk = sapling::spending_key(&[0; 32][..], COIN_TYPE, AccountId::ZERO);
 /// let encoded = encode_extended_spending_key(HRP_SAPLING_EXTENDED_SPENDING_KEY, &extsk);
 /// ```
-/// [`ExtendedSpendingKey`]: zcash_primitives::sapling::zip32::ExtendedSpendingKey
+/// [`ExtendedSpendingKey`]: sapling::zip32::ExtendedSpendingKey
 pub fn encode_extended_spending_key(hrp: &str, extsk: &ExtendedSpendingKey) -> String {
    bech32_encode(hrp, |w| extsk.write(w))
 }
 /// Decodes an [`ExtendedSpendingKey`] from a Bech32-encoded string.
 ///
-/// [`ExtendedSpendingKey`]: zcash_primitives::sapling::zip32::ExtendedSpendingKey
+/// [`ExtendedSpendingKey`]: sapling::zip32::ExtendedSpendingKey
 pub fn decode_extended_spending_key(
    hrp: &str,
    s: &str,
@ -208,9 +203,9 @@ pub fn decode_extended_spending_key(
 /// # Examples
 ///
 /// ```
 /// use ::sapling::zip32::ExtendedFullViewingKey;
 /// use zcash_primitives::{
 ///     constants::testnet::{COIN_TYPE, HRP_SAPLING_EXTENDED_FULL_VIEWING_KEY},
 ///     sapling::zip32::ExtendedFullViewingKey,
 ///     zip32::AccountId,
 /// };
 /// use zcash_client_backend::{
@ -222,14 +217,14 @@ pub fn decode_extended_spending_key(
 /// let extfvk = extsk.to_extended_full_viewing_key();
 /// let encoded = encode_extended_full_viewing_key(HRP_SAPLING_EXTENDED_FULL_VIEWING_KEY, &extfvk);
 /// ```
-/// [`ExtendedFullViewingKey`]: zcash_primitives::sapling::zip32::ExtendedFullViewingKey
+/// [`ExtendedFullViewingKey`]: sapling::zip32::ExtendedFullViewingKey
 pub fn encode_extended_full_viewing_key(hrp: &str, extfvk: &ExtendedFullViewingKey) -> String {
    bech32_encode(hrp, |w| extfvk.write(w))
 }
 /// Decodes an [`ExtendedFullViewingKey`] from a Bech32-encoded string.
 ///
-/// [`ExtendedFullViewingKey`]: zcash_primitives::sapling::zip32::ExtendedFullViewingKey
+/// [`ExtendedFullViewingKey`]: sapling::zip32::ExtendedFullViewingKey
 pub fn decode_extended_full_viewing_key(
    hrp: &str,
    s: &str,
@ -243,12 +238,12 @@ pub fn decode_extended_full_viewing_key(
 ///
 /// ```
 /// use group::Group;
 /// use sapling::{Diversifier, PaymentAddress};
 /// use zcash_client_backend::{
 ///     encoding::encode_payment_address,
 /// };
 /// use zcash_primitives::{
 ///     constants::testnet::HRP_SAPLING_PAYMENT_ADDRESS,
 ///     sapling::{Diversifier, PaymentAddress},
 /// };
 ///
 /// let pa = PaymentAddress::from_bytes(&[
@ -264,7 +259,7 @@ pub fn decode_extended_full_viewing_key(
 ///     "ztestsapling1qqqqqqqqqqqqqqqqqqcguyvaw2vjk4sdyeg0lc970u659lvhqq7t0np6hlup5lusxle75ss7jnk",
 /// );
 /// ```
-/// [`PaymentAddress`]: zcash_primitives::sapling::PaymentAddress
+/// [`PaymentAddress`]: sapling::PaymentAddress
 pub fn encode_payment_address(hrp: &str, addr: &sapling::PaymentAddress) -> String {
    bech32_encode(hrp, |w| w.write_all(&addr.to_bytes()))
 }
@ -273,7 +268,7 @@ pub fn encode_payment_address(hrp: &str, addr: &sapling::PaymentAddress) -> Stri
 /// using the human-readable prefix values defined in the specified
 /// network parameters.
 ///
-/// [`PaymentAddress`]: zcash_primitives::sapling::PaymentAddress
+/// [`PaymentAddress`]: sapling::PaymentAddress
 pub fn encode_payment_address_p<P: consensus::Parameters>(
    params: &P,
    addr: &sapling::PaymentAddress,
@ -287,12 +282,12 @@ pub fn encode_payment_address_p<P: consensus::Parameters>(
 ///
 /// ```
 /// use group::Group;
 /// use sapling::{Diversifier, PaymentAddress};
 /// use zcash_client_backend::{
 ///     encoding::decode_payment_address,
 /// };
 /// use zcash_primitives::{
 ///     consensus::{TEST_NETWORK, Parameters},
 ///     sapling::{Diversifier, PaymentAddress},
 /// };
 ///
 /// let pa = PaymentAddress::from_bytes(&[
@ -311,7 +306,7 @@ pub fn encode_payment_address_p<P: consensus::Parameters>(
 ///     Ok(pa),
 /// );
 /// ```
-/// [`PaymentAddress`]: zcash_primitives::sapling::PaymentAddress
+/// [`PaymentAddress`]: sapling::PaymentAddress
 pub fn decode_payment_address(
    hrp: &str,
    s: &str,
@ -451,10 +446,8 @@ pub fn decode_transparent_address(
 #[cfg(test)]
 mod tests {
-    use zcash_primitives::{
+    use sapling::{zip32::ExtendedSpendingKey, PaymentAddress};
-        constants,
+    use zcash_primitives::constants;
        sapling::{zip32::ExtendedSpendingKey, PaymentAddress},
    };
    use super::{
        decode_extended_full_viewing_key, decode_extended_spending_key, decode_payment_address,
--- a/zcash_client_backend/src/fees/sapling.rs
+++ b/zcash_client_backend/src/fees/sapling.rs
@ -3,10 +3,8 @@
 use std::convert::Infallible;
-use zcash_primitives::{
+use sapling::builder::{SaplingOutputInfo, SpendDescriptionInfo};
-    sapling::builder::{SaplingOutputInfo, SpendDescriptionInfo},
+use zcash_primitives::transaction::components::amount::NonNegativeAmount;
    transaction::components::amount::NonNegativeAmount,
 };
 /// A trait that provides a minimized view of a Sapling input suitable for use in
 /// fee and change calculation.
--- a/zcash_client_backend/src/keys.rs
+++ b/zcash_client_backend/src/keys.rs
@ -28,7 +28,7 @@ use {
 };
 pub mod sapling {
-    pub use zcash_primitives::sapling::zip32::{
+    pub use sapling::zip32::{
        DiversifiableFullViewingKey, ExtendedFullViewingKey, ExtendedSpendingKey,
    };
    use zcash_primitives::zip32::{AccountId, ChildIndex};
@ -53,7 +53,7 @@ pub mod sapling {
    ///
    /// let extsk = sapling::spending_key(&[0; 32][..], COIN_TYPE, AccountId::ZERO);
    /// ```
-    /// [`ExtendedSpendingKey`]: zcash_primitives::sapling::zip32::ExtendedSpendingKey
+    /// [`ExtendedSpendingKey`]: sapling::zip32::ExtendedSpendingKey
    pub fn spending_key(seed: &[u8], coin_type: u32, account: AccountId) -> ExtendedSpendingKey {
        if seed.len() < 32 {
            panic!("ZIP 32 seeds MUST be at least 32 bytes");
--- a/zcash_client_backend/src/proto.rs
+++ b/zcash_client_backend/src/proto.rs
@ -9,12 +9,12 @@ use std::{
 use incrementalmerkletree::frontier::CommitmentTree;
 use nonempty::NonEmpty;
 use sapling::{note::ExtractedNoteCommitment, Node, Nullifier, NOTE_COMMITMENT_TREE_DEPTH};
 use zcash_primitives::{
    block::{BlockHash, BlockHeader},
    consensus::{self, BlockHeight, Parameters},
    memo::{self, MemoBytes},
    merkle_tree::read_commitment_tree,
    sapling::{self, note::ExtractedNoteCommitment, Node, Nullifier, NOTE_COMMITMENT_TREE_DEPTH},
    transaction::{
        components::{amount::NonNegativeAmount, OutPoint},
        fees::StandardFeeRule,
--- a/zcash_client_backend/src/scanning.rs
+++ b/zcash_client_backend/src/scanning.rs
@ -5,17 +5,16 @@ use std::convert::TryFrom;
 use std::fmt::{self, Debug};
 use incrementalmerkletree::{Position, Retention};
 use sapling::{
    note_encryption::{CompactOutputDescription, PreparedIncomingViewingKey, SaplingDomain},
    zip32::DiversifiableFullViewingKey,
    SaplingIvk,
 };
 use subtle::{ConditionallySelectable, ConstantTimeEq, CtOption};
 use zcash_note_encryption::batch;
 use zcash_primitives::consensus::{BlockHeight, NetworkUpgrade};
 use zcash_primitives::{
    consensus,
    sapling::{
        self,
        note_encryption::{CompactOutputDescription, PreparedIncomingViewingKey, SaplingDomain},
        zip32::DiversifiableFullViewingKey,
        SaplingIvk,
    },
    zip32::{AccountId, Scope},
 };
@ -124,7 +123,7 @@ impl ScanningKey for (Scope, SaplingIvk, sapling::NullifierDerivingKey) {
 /// The [`ScanningKey`] implementation for [`SaplingIvk`]s.
 /// Nullifiers cannot be derived when scanning with these keys.
 ///
-/// [`SaplingIvk`]: zcash_primitives::sapling::SaplingIvk
+/// [`SaplingIvk`]: sapling::SaplingIvk
 impl ScanningKey for SaplingIvk {
    type Scope = ();
    type SaplingNk = ();
@ -244,12 +243,12 @@ impl fmt::Display for ScanError {
 /// [`WalletSaplingOutput`]s, whereas the implementation for [`SaplingIvk`] cannot
 /// do so and will return the unit value in those outputs instead.
 ///
-/// [`ExtendedFullViewingKey`]: zcash_primitives::sapling::zip32::ExtendedFullViewingKey
+/// [`ExtendedFullViewingKey`]: sapling::zip32::ExtendedFullViewingKey
-/// [`SaplingIvk`]: zcash_primitives::sapling::SaplingIvk
+/// [`SaplingIvk`]: sapling::SaplingIvk
 /// [`CompactBlock`]: crate::proto::compact_formats::CompactBlock
 /// [`ScanningKey`]: crate::scanning::ScanningKey
-/// [`CommitmentTree`]: zcash_primitives::sapling::CommitmentTree
+/// [`CommitmentTree`]: sapling::CommitmentTree
-/// [`IncrementalWitness`]: zcash_primitives::sapling::IncrementalWitness
+/// [`IncrementalWitness`]: sapling::IncrementalWitness
 /// [`WalletSaplingOutput`]: crate::wallet::WalletSaplingOutput
 /// [`WalletTx`]: crate::wallet::WalletTx
 pub fn scan_block<P: consensus::Parameters + Send + 'static, K: ScanningKey>(
@ -658,20 +657,19 @@ mod tests {
    };
    use incrementalmerkletree::{Position, Retention};
    use rand_core::{OsRng, RngCore};
    use sapling::{
        constants::SPENDING_KEY_GENERATOR,
        note_encryption::{sapling_note_encryption, PreparedIncomingViewingKey, SaplingDomain},
        util::generate_random_rseed,
        value::NoteValue,
        zip32::{DiversifiableFullViewingKey, ExtendedSpendingKey},
        Nullifier, SaplingIvk,
    };
    use zcash_note_encryption::Domain;
    use zcash_primitives::{
        block::BlockHash,
        consensus::{sapling_zip212_enforcement, BlockHeight, Network},
        memo::MemoBytes,
        sapling::{
            self,
            constants::SPENDING_KEY_GENERATOR,
            note_encryption::{sapling_note_encryption, PreparedIncomingViewingKey, SaplingDomain},
            util::generate_random_rseed,
            value::NoteValue,
            zip32::{DiversifiableFullViewingKey, ExtendedSpendingKey},
            Nullifier, SaplingIvk,
        },
        transaction::components::amount::NonNegativeAmount,
        zip32::AccountId,
    };
--- a/zcash_client_backend/src/wallet.rs
+++ b/zcash_client_backend/src/wallet.rs
@ -6,7 +6,6 @@ use zcash_note_encryption::EphemeralKeyBytes;
 use zcash_primitives::{
    consensus::BlockHeight,
    legacy::TransparentAddress,
    sapling,
    transaction::{
        components::{
            amount::NonNegativeAmount,
@ -333,7 +332,7 @@ pub enum OvkPolicy {
    /// Transaction outputs will be decryptable by the sender, in addition to the
    /// recipients.
    ///
-    /// [`ExtendedFullViewingKey`]: zcash_primitives::sapling::zip32::ExtendedFullViewingKey
+    /// [`ExtendedFullViewingKey`]: sapling::zip32::ExtendedFullViewingKey
    Sender,
    /// Use a custom outgoing viewing key. This might for instance be derived from a
--- a/zcash_client_backend/src/zip321.rs
+++ b/zcash_client_backend/src/zip321.rs
@ -749,9 +749,9 @@ pub mod testing {
    use proptest::option;
    use proptest::prelude::{any, prop_compose, prop_oneof};
    use proptest::strategy::Strategy;
    use sapling::testing::arb_payment_address;
    use zcash_primitives::{
        consensus::TEST_NETWORK, legacy::testing::arb_transparent_addr,
        sapling::testing::arb_payment_address,
        transaction::components::amount::testing::arb_nonnegative_amount,
    };
--- a/zcash_client_sqlite/Cargo.toml
+++ b/zcash_client_sqlite/Cargo.toml
@ -37,6 +37,9 @@ jubjub.workspace = true
 # - Secret management
 secrecy.workspace = true
 # - Shielded protocols
 sapling.workspace = true
 # - Note commitment trees
 incrementalmerkletree.workspace = true
 shardtree = { workspace = true, features = ["legacy-api"] }
--- a/zcash_client_sqlite/src/chain.rs
+++ b/zcash_client_sqlite/src/chain.rs
@ -324,9 +324,9 @@ where
 mod tests {
    use std::num::NonZeroU32;
    use sapling::zip32::ExtendedSpendingKey;
    use zcash_primitives::{
        block::BlockHash,
        sapling::zip32::ExtendedSpendingKey,
        transaction::{components::amount::NonNegativeAmount, fees::zip317::FeeRule},
    };
--- a/zcash_client_sqlite/src/lib.rs
+++ b/zcash_client_sqlite/src/lib.rs
@ -50,7 +50,6 @@ use zcash_primitives::{
    consensus::{self, BlockHeight},
    legacy::TransparentAddress,
    memo::{Memo, MemoBytes},
    sapling,
    transaction::{
        components::amount::{Amount, NonNegativeAmount},
        Transaction, TxId,
--- a/zcash_client_sqlite/src/testing.rs
+++ b/zcash_client_sqlite/src/testing.rs
@ -14,6 +14,13 @@ use tempfile::NamedTempFile;
 #[cfg(feature = "unstable")]
 use tempfile::TempDir;
 use sapling::{
    note_encryption::{sapling_note_encryption, SaplingDomain},
    util::generate_random_rseed,
    value::NoteValue,
    zip32::DiversifiableFullViewingKey,
    Note, Nullifier, PaymentAddress,
 };
 use zcash_client_backend::fees::{standard, DustOutputPolicy};
 #[allow(deprecated)]
 use zcash_client_backend::{
@ -42,13 +49,6 @@ use zcash_primitives::{
    block::BlockHash,
    consensus::{self, BlockHeight, Network, NetworkUpgrade, Parameters},
    memo::{Memo, MemoBytes},
    sapling::{
        note_encryption::{sapling_note_encryption, SaplingDomain},
        util::generate_random_rseed,
        value::NoteValue,
        zip32::DiversifiableFullViewingKey,
        Note, Nullifier, PaymentAddress,
    },
    transaction::{
        components::amount::NonNegativeAmount,
        fees::{zip317::FeeError as Zip317FeeError, FeeRule, StandardFeeRule},
--- a/zcash_client_sqlite/src/wallet.rs
+++ b/zcash_client_sqlite/src/wallet.rs
@ -197,14 +197,14 @@ pub(crate) fn add_account<P: consensus::Parameters>(
    // birthday frontier is the empty frontier, we don't need to do anything.
    if let Some(frontier) = birthday.sapling_frontier().value() {
        debug!("Inserting frontier into ShardTree: {:?}", frontier);
-        let shard_store = SqliteShardStore::<
+        let shard_store =
-            _,
+            SqliteShardStore::<_, ::sapling::Node, SAPLING_SHARD_HEIGHT>::from_connection(
-            zcash_primitives::sapling::Node,
+                conn,
-            SAPLING_SHARD_HEIGHT,
+                SAPLING_TABLES_PREFIX,
-        >::from_connection(conn, SAPLING_TABLES_PREFIX)?;
+            )?;
        let mut shard_tree: ShardTree<
            _,
-            { zcash_primitives::sapling::NOTE_COMMITMENT_TREE_DEPTH },
+            { ::sapling::NOTE_COMMITMENT_TREE_DEPTH },
            SAPLING_SHARD_HEIGHT,
        > = ShardTree::new(shard_store, PRUNING_DEPTH.try_into().unwrap());
        shard_tree.insert_frontier_nodes(
@ -977,9 +977,9 @@ fn parse_block_metadata<P: consensus::Parameters>(
        } else {
            // parse the legacy commitment tree data
            read_commitment_tree::<
-                zcash_primitives::sapling::Node,
+                ::sapling::Node,
                _,
-                { zcash_primitives::sapling::NOTE_COMMITMENT_TREE_DEPTH },
+                { ::sapling::NOTE_COMMITMENT_TREE_DEPTH },
            >(Cursor::new(sapling_tree))
            .map(|tree| tree.size().try_into().unwrap())
            .map_err(SqliteClientError::from)
@ -1989,6 +1989,7 @@ mod tests {
            testing::{AddressType, TestState},
            PRUNING_DEPTH,
        },
        sapling::zip32::ExtendedSpendingKey,
        zcash_client_backend::{
            data_api::{
                wallet::input_selection::GreedyInputSelector, TransparentInputSource, WalletWrite,
@ -1999,7 +2000,6 @@ mod tests {
        },
        zcash_primitives::{
            consensus::BlockHeight,
            sapling::zip32::ExtendedSpendingKey,
            transaction::{
                components::{amount::NonNegativeAmount, Amount, OutPoint, TxOut},
                fees::fixed::FeeRule as FixedFeeRule,
--- a/zcash_client_sqlite/src/wallet/init.rs
+++ b/zcash_client_sqlite/src/wallet/init.rs
@ -174,9 +174,9 @@ mod tests {
        keys::{sapling, UnifiedFullViewingKey, UnifiedSpendingKey},
    };
    use ::sapling::zip32::ExtendedFullViewingKey;
    use zcash_primitives::{
        consensus::{self, BlockHeight, BranchId, Network, NetworkUpgrade, Parameters},
        sapling::zip32::ExtendedFullViewingKey,
        transaction::{TransactionData, TxVersion},
        zip32::AccountId,
    };
--- a/zcash_client_sqlite/src/wallet/init/migrations/receiving_key_scopes.rs
+++ b/zcash_client_sqlite/src/wallet/init/migrations/receiving_key_scopes.rs
@ -8,12 +8,12 @@ use schemer_rusqlite::RusqliteMigration;
 use uuid::Uuid;
 use sapling::note_encryption::{
    try_sapling_note_decryption, PreparedIncomingViewingKey, Zip212Enforcement,
 };
 use zcash_client_backend::keys::UnifiedFullViewingKey;
 use zcash_primitives::{
    consensus::{self, sapling_zip212_enforcement, BlockHeight, BranchId},
    sapling::note_encryption::{
        try_sapling_note_decryption, PreparedIncomingViewingKey, Zip212Enforcement,
    },
    transaction::Transaction,
    zip32::Scope,
 };
--- a/zcash_client_sqlite/src/wallet/init/migrations/shardtree_support.rs
+++ b/zcash_client_sqlite/src/wallet/init/migrations/shardtree_support.rs
@ -19,7 +19,6 @@ use zcash_client_backend::data_api::{
 use zcash_primitives::{
    consensus::{self, BlockHeight, NetworkUpgrade},
    merkle_tree::{read_commitment_tree, read_incremental_witness},
    sapling,
 };
 use crate::{
--- a/zcash_client_sqlite/src/wallet/sapling.rs
+++ b/zcash_client_sqlite/src/wallet/sapling.rs
@ -5,10 +5,10 @@ use incrementalmerkletree::Position;
 use rusqlite::{named_params, params, types::Value, Connection, Row};
 use std::rc::Rc;
 use sapling::{Diversifier, Note, Nullifier, Rseed};
 use zcash_primitives::{
    consensus::{self, BlockHeight},
    memo::MemoBytes,
    sapling::{self, Diversifier, Note, Nullifier, Rseed},
    transaction::{
        components::{amount::NonNegativeAmount, Amount},
        TxId,
@ -470,17 +470,17 @@ pub(crate) mod tests {
    use secrecy::Secret;
    use zcash_proofs::prover::LocalTxProver;
    use sapling::{
        note_encryption::try_sapling_output_recovery,
        prover::{OutputProver, SpendProver},
        zip32::ExtendedSpendingKey,
        Node, Note, PaymentAddress,
    };
    use zcash_primitives::{
        block::BlockHash,
        consensus::{sapling_zip212_enforcement, BranchId},
        legacy::TransparentAddress,
        memo::{Memo, MemoBytes},
        sapling::{
            note_encryption::try_sapling_output_recovery,
            prover::{OutputProver, SpendProver},
            zip32::ExtendedSpendingKey,
            Node, Note, PaymentAddress,
        },
        transaction::{
            components::{amount::NonNegativeAmount, Amount},
            fees::{
--- a/zcash_client_sqlite/src/wallet/scanning.rs
+++ b/zcash_client_sqlite/src/wallet/scanning.rs
@ -501,6 +501,7 @@ pub(crate) fn update_chain_tip<P: consensus::Parameters>(
 pub(crate) mod tests {
    use incrementalmerkletree::{frontier::Frontier, Hashable, Level, Position};
    use sapling::{zip32::DiversifiableFullViewingKey, Node};
    use secrecy::SecretVec;
    use zcash_client_backend::data_api::{
        chain::CommitmentTreeRoot,
@ -511,7 +512,6 @@ pub(crate) mod tests {
    use zcash_primitives::{
        block::BlockHash,
        consensus::{BlockHeight, NetworkUpgrade, Parameters},
        sapling::{zip32::DiversifiableFullViewingKey, Node},
        transaction::components::amount::NonNegativeAmount,
    };
--- a/zcash_extensions/Cargo.toml
+++ b/zcash_extensions/Cargo.toml
@ -18,6 +18,7 @@ zcash_primitives = { workspace = true, features = ["zfuture" ] }
 ff.workspace = true
 jubjub.workspace = true
 rand_core.workspace = true
 sapling.workspace = true
 zcash_address.workspace = true
 zcash_proofs.workspace = true
--- a/zcash_extensions/src/transparent/demo.rs
+++ b/zcash_extensions/src/transparent/demo.rs
@ -480,12 +480,12 @@ mod tests {
    use ff::Field;
    use rand_core::OsRng;
    use sapling::{zip32::ExtendedSpendingKey, Node, Rseed};
    use zcash_primitives::{
        consensus::{BlockHeight, BranchId, NetworkUpgrade, Parameters},
        constants,
        extensions::transparent::{self as tze, Extension, FromPayload, ToPayload},
        legacy::TransparentAddress,
        sapling::{self, zip32::ExtendedSpendingKey, Node, Rseed},
        transaction::{
            builder::Builder,
            components::{
--- a/zcash_primitives/CHANGELOG.md
+++ b/zcash_primitives/CHANGELOG.md
@ -9,59 +9,6 @@ and this library adheres to Rust's notion of
 ### Added
 - Dependency on `bellman 0.14`.
 - `zcash_primitives::consensus::sapling_zip212_enforcement`
 - `zcash_primitives::sapling`:
  - `BatchValidator` (moved from `zcash_proofs::sapling`).
  - `SaplingVerificationContext` (moved from `zcash_proofs::sapling`).
  - `builder` (moved from
    `zcash_primitives::transaction::components::sapling::builder`).
  - `builder::UnauthorizedBundle`
  - `builder::InProgress`
  - `builder::{InProgressProofs, Unproven, Proven}`
  - `builder::{InProgressSignatures, Unsigned, PartiallyAuthorized}`
  - `builder::{MaybeSigned, SigningParts}`
  - `builder::SpendDescriptionInfo::value`
  - `builder::SaplingOutputInfo`
  - `builder::ProverProgress`
  - `bundle` module, containing the following types moved from
    `zcash_primitives::transaction::components::sapling`:
    - `Bundle`
    - `SpendDescription, SpendDescriptionV5`
    - `OutputDescription, OutputDescriptionV5`
    - `Authorization, Authorized, MapAuth`
    - `GrothProofBytes`
  - `bundle::Bundle::<InProgress<Unproven, _>>::create_proofs`
  - `bundle::Bundle::<InProgress<_, Unsigned>>::prepare`
  - `bundle::Bundle::<InProgress<_, PartiallyAuthorized>>::{sign, append_signatures}`
  - `bundle::Bundle::<InProgress<Proven, PartiallyAuthorized>>::finalize`
  - `bundle::Bundle::<InProgress<Proven, Unsigned>>::apply_signatures`
  - `bundle::Bundle::try_map_authorization`
  - `bundle::TryMapAuth`
  - `impl bundle::{MapAuth, TryMapAuth} for (FnMut, FnMut, FnMut, FnMut)`
    helpers to enable calling `Bundle::{map_authorization, try_map_authorization}`
    with a set of closures.
  - `bundle::testing` module, containing the following functions moved from
    `zcash_primitives::transaction::components::sapling::testing`:
    - `arb_output_description`
    - `arb_bundle`
  - `circuit` module (moved from `zcash_proofs::circuit::sapling`).
  - `circuit::{SpendParameters, OutputParameters}`
  - `circuit::{SpendVerifyingKey, PreparedSpendVerifyingKey}`
  - `circuit::{OutputVerifyingKey, PreparedOutputVerifyingKey}`
  - `constants` module.
  - `keys::SpendAuthorizingKey`
  - `keys::SpendValidatingKey`
  - `note_encryption::CompactOutputDescription` (moved from
    `zcash_primitives::transaction::components::sapling`).
  - `note_encryption::SaplingDomain::new`
  - `note_encryption::Zip212Enforcement`
  - `prover::{SpendProver, OutputProver}`
  - `tree::Node::{from_bytes, to_bytes}`
  - `value`:
    - `ValueCommitTrapdoor::from_bytes`
    - `impl Sub<TrapdoorSum> for TrapdoorSum`
    - `impl Sub<CommitmentSum> for CommitmentSum`
  - `zip32` module (moved from `zcash_primitives::zip32::sapling`).
  - `impl Debug for keys::{ExpandedSpendingKey, ProofGenerationKey}`
 - `zcash_primitives::transaction`:
  - `builder::get_fee`
  - `components::sapling`:
@ -86,8 +33,6 @@ and this library adheres to Rust's notion of
  - `ChainCode::new`
  - `ChainCode::as_bytes`
  - `impl From<AccountId> for ChildIndex`
 - Test helpers, behind the `test-dependencies` feature flag:
  - `zcash_primitives::sapling::prover::mock::{MockSpendProver, MockOutputProver}`
 - Additions related to `zcash_primitive::components::amount::Amount`
  and `zcash_primitive::components::amount::NonNegativeAmount`:
  - `impl TryFrom<Amount> for u64`
@ -106,80 +51,6 @@ and this library adheres to Rust's notion of
 - `impl From<TxId> for [u8; 32]`
 ### Changed
 - `zcash_primitives::sapling`:
  - `BatchValidator::validate` now takes the `SpendVerifyingKey` and
    `OutputVerifyingKey` newtypes.
  - `SaplingVerificationContext::new` now always creates a context with ZIP 216
    rules enforced, and no longer has a boolean for configuring this.
  - `SaplingVerificationContext::{check_spend, final_check}` now use the
    `redjubjub` crate types for `rk`, `spend_auth_sig`, and `binding_sig`.
  - `SaplingVerificationContext::{check_spend, check_output}` now take
    the `PreparedSpendVerifyingKey` and `PreparedOutputVerifyingKey`
    newtypes.
  - `SaplingVerificationContext::final_check` now takes its `value_balance`
    argument as `V: Into<i64>` instead of `Amount`.
  - `address::PaymentAddress::create_note` now takes its `value` argument as a
    `NoteValue` instead of as a bare `u64`.
  - `builder::SaplingBuilder` no longer has a `P: consensus::Parameters` type
    parameter.
  - `builder::SaplingBuilder::new` now takes a `Zip212Enforcement` argument
    instead of a `P: consensus::Parameters` argument and a target height.
  - `builder::SaplingBuilder::add_spend` now takes `extsk` by reference. Also,
    it no longer takes a `diversifier` argument as the diversifier may be obtained
    from the note.
  - `builder::SaplingBuilder::add_output` now takes an `Option<[u8; 512]>` memo
    instead of a `MemoBytes`.
  - `builder::SaplingBuilder::build` no longer takes a prover, proving context,
    progress notifier, or target height. Instead, it has `SpendProver, OutputProver`
    generic parameters and returns `(UnauthorizedBundle, SaplingMetadata)`. The
    caller can then use `Bundle::<InProgress<Unproven, _>>::create_proofs` to
    create spend and output proofs for the bundle.
  - `builder::Error` has new error variants:
    - `Error::DuplicateSignature`
    - `Error::InvalidExternalSignature`
    - `Error::MissingSignatures`
  - `bundle::Bundle` now has a second generic parameter `V`.
  - `bundle::Bundle::value_balance` now returns `&V` instead of `&Amount`.
  - `bundle::Authorized::binding_sig` now has type `redjubjub::Signature<Binding>`.
  - `bundle::Authorized::AuthSig` now has type `redjubjub::Signature<SpendAuth>`.
  - `bundle::SpendDescription::temporary_zcashd_from_parts` now takes `rk` as
    `redjubjub::VerificationKey<SpendAuth>` instead of
    `zcash_primitives::sapling::redjubjub::PublicKey`.
  - `bundle::SpendDescription::rk` now returns `&redjubjub::VerificationKey<SpendAuth>`.
  - `bundle::SpendDescriptionV5::into_spend_description` now takes
    `spend_auth_sig` as `redjubjub::Signature<SpendAuth>` instead of
    `zcash_primitives::sapling::redjubjub::Signature`.
  - `bundle::testing::arb_bundle` now takes a `value_balance: V` argument.
  - `bundle::MapAuth` trait methods now take `&mut self` instead of `&self`.
  - `circuit::ValueCommitmentOpening::value` is now represented as a `NoteValue`
    instead of as a bare `u64`.
  - `keys::DecodingError` has a new variant `UnsupportedChildIndex`.
  - `keys::ExpandedSpendingKey.ask` now has type `SpendAuthorizingKey`.
  - `keys::ProofGenerationKey.ak` now has type `SpendValidatingKey`.
  - `keys::ViewingKey.ak` now has type `SpendValidatingKey`.
  - `note_encryption`:
    - `SaplingDomain` no longer has a `P: consensus::Parameters` type parameter.
    - The following methods now take a `Zip212Enforcement` argument instead of a
      `P: consensus::Parameters` argument:
      - `plaintext_version_is_valid`
      - `try_sapling_note_decryption`
      - `try_sapling_compact_note_decryption`
      - `try_sapling_output_recovery_with_ock`
      - `try_sapling_output_recovery`
    - `SaplingDomain::Memo` now has type `[u8; 512]` instead of `MemoBytes`.
    - `sapling_note_encryption` now takes `memo` as a `[u8; 512]` instead of
      `MemoBytes`.
    - The following methods now return `[u8; 512]` instead of `MemoBytes`:
      - `try_sapling_note_decryption`
      - `try_sapling_output_recovery_with_ock`
      - `try_sapling_output_recovery`
  - `util::generate_random_rseed` now takes a `Zip212Enforcement` argument
    instead of a `P: consensus::Parameters` argument and a height.
  - `value::TrapdoorSum::into_bsk` now returns `redjubjub::SigningKey<Binding>`
    instead of `zcash_primitives::sapling::redjubjub::PrivateKey`.
  - `value::CommitmentSum::into_bvk` now returns
    `redjubjub::VerificationKey<Binding>` instead of
    `zcash_primitives::sapling::redjubjub::PublicKey`.
 - `zcash_primitives::transaction`:
  - `builder::Builder` now has a generic parameter for the type of progress
    notifier, which needs to implement `sapling::builder::ProverProgress` in
@ -220,37 +91,25 @@ and this library adheres to Rust's notion of
 ### Removed
 - `zcash_primitives::constants`:
-  - All `const` values (moved to `zcash_primitives::sapling::constants`).
+  - All `const` values (moved to `sapling_crypto::constants`).
 - `zcash_primitives::keys`:
  - `PRF_EXPAND_PERSONALIZATION`
  - `prf_expand, prf_expand_vec` (use `zcash_spec::PrfExpand` instead).
- `zcash_primitives::sapling`:
+- `zcash_primitives::sapling` module (use the `sapling-crypto` crate instead).
  - `bundle`:
    - `SpendDescription::{read, read_nullifier, read_rk, read_spend_auth_sig}`
    - `SpendDescription::{write_v4, write_v5_without_witness_data}`
    - `SpendDescriptionV5::read`
    - `OutputDescription::read`
    - `OutputDescription::{write_v4, write_v5_without_proof}`
    - `OutputDescriptionV5::read`
  - `note_encryption::SaplingDomain::for_height` (use `SaplingDomain::new`
    instead).
  - `redjubjub` module (use the `redjubjub` crate instead).
  - `spend_sig` (use `redjubjub::SigningKey::{randomize, sign}` instead).
 - `zcash_primitives::transaction::components::sapling`:
  - The following types were removed from this module (moved into
-    `zcash_primitives::sapling::bundle`):
+    `sapling_crypto::bundle`):
    - `Bundle`
    - `SpendDescription, SpendDescriptionV5`
    - `OutputDescription, OutputDescriptionV5`
    - `Authorization, Authorized, MapAuth`
    - `GrothProofBytes`
-  - `CompactOutputDescription` (moved to
+  - `CompactOutputDescription` (moved to `sapling_crypto::note_encryption`).
    `zcash_primitives::sapling::note_encryption`).
  - `Unproven`
-  - `builder` (moved to `zcash_primitives::sapling::builder`).
+  - `builder` (moved to `sapling_crypto::builder`).
  - `builder::Unauthorized` (use `builder::InProgress` instead).
  - `testing::{arb_bundle, arb_output_description}` (moved into
-    `zcash_primitives::sapling::bundle::testing`).
+    `sapling_crypto::bundle::testing`).
  - `SpendDescription::<Unauthorized>::apply_signature`
  - `Bundle::<Unauthorized>::apply_signatures` (use
    `Bundle::<InProgress<Proven, Unsigned>>::apply_signatures` instead).
@ -258,7 +117,7 @@ and this library adheres to Rust's notion of
    are now instead made available by `zcash_client_backend::fees::sapling`.
 - `impl From<zcash_primitive::components::transaction::Amount> for u64`
 - `zcash_primitives::zip32`:
-  - `sapling` module (moved from `zcash_primitives::sapling::zip32`).
+  - `sapling` module (moved to `sapling_crypto::zip32`).
  - `ChildIndex::Hardened` (use `ChildIndex::hardened` instead).
  - `ChildIndex::NonHardened`
  - `sapling::ExtendedFullViewingKey::derive_child`
--- a/zcash_primitives/Cargo.toml
+++ b/zcash_primitives/Cargo.toml
@ -116,14 +116,5 @@ bench = false
 name = "note_decryption"
 harness = false
 [[bench]]
 name = "pedersen_hash"
 harness = false
 [[bench]]
 name = "sapling_circuit"
 harness = false
 required-features = ["local-prover"]
 [badges]
 maintenance = { status = "actively-developed" }
--- a/zcash_primitives/benches/note_decryption.rs
+++ b/zcash_primitives/benches/note_decryption.rs
@ -3,19 +3,19 @@ use std::iter;
 use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion, Throughput};
 use ff::Field;
 use rand_core::OsRng;
 use sapling::{
    builder::SaplingBuilder,
    note_encryption::{
        try_sapling_compact_note_decryption, try_sapling_note_decryption, CompactOutputDescription,
        PreparedIncomingViewingKey, SaplingDomain,
    },
    prover::mock::{MockOutputProver, MockSpendProver},
    value::NoteValue,
    Diversifier, SaplingIvk,
 };
 use zcash_note_encryption::batch;
 use zcash_primitives::{
    consensus::{sapling_zip212_enforcement, NetworkUpgrade::Canopy, Parameters, TEST_NETWORK},
    sapling::{
        builder::SaplingBuilder,
        note_encryption::{
            try_sapling_compact_note_decryption, try_sapling_note_decryption,
            CompactOutputDescription, PreparedIncomingViewingKey, SaplingDomain,
        },
        prover::mock::{MockOutputProver, MockSpendProver},
        value::NoteValue,
        Diversifier, SaplingIvk,
    },
    transaction::components::Amount,
 };
--- a/zcash_primitives/benches/pedersen_hash.rs
+++ b/zcash_primitives/benches/pedersen_hash.rs
@ -1,28 +0,0 @@
 use criterion::{criterion_group, criterion_main, Criterion};
 use rand_core::{OsRng, RngCore};
 use zcash_primitives::sapling::pedersen_hash::{pedersen_hash, Personalization};
 #[cfg(unix)]
 use pprof::criterion::{Output, PProfProfiler};
 fn bench_pedersen_hash(c: &mut Criterion) {
    let rng = &mut OsRng;
    let bits = (0..510)
        .map(|_| (rng.next_u32() % 2) != 0)
        .collect::<Vec<_>>();
    let personalization = Personalization::MerkleTree(31);
    c.bench_function("pedersen-hash", |b| {
        b.iter(|| pedersen_hash(personalization, bits.clone()))
    });
 }
 #[cfg(unix)]
 criterion_group! {
    name = benches;
    config = Criterion::default().with_profiler(PProfProfiler::new(100, Output::Flamegraph(None)));
    targets = bench_pedersen_hash
 }
 #[cfg(not(unix))]
 criterion_group!(benches, bench_pedersen_hash);
 criterion_main!(benches);
--- a/zcash_primitives/benches/sapling_circuit.rs
+++ b/zcash_primitives/benches/sapling_circuit.rs
@ -1,106 +0,0 @@
 #[macro_use]
 extern crate criterion;
 use bellman::groth16::*;
 use bls12_381::Bls12;
 use criterion::Criterion;
 use group::{ff::Field, Group};
 use rand_core::{RngCore, SeedableRng};
 use rand_xorshift::XorShiftRng;
 use zcash_primitives::sapling::{
    circuit::{Spend, ValueCommitmentOpening},
    Diversifier, ProofGenerationKey,
 };
 #[cfg(unix)]
 use pprof::criterion::{Output, PProfProfiler};
 const TREE_DEPTH: usize = 32;
 fn criterion_benchmark(c: &mut Criterion) {
    let mut rng = XorShiftRng::from_seed([
        0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc,
        0xe5,
    ]);
    let groth_params = generate_random_parameters::<Bls12, _, _>(
        Spend {
            value_commitment_opening: None,
            proof_generation_key: None,
            payment_address: None,
            commitment_randomness: None,
            ar: None,
            auth_path: vec![None; TREE_DEPTH],
            anchor: None,
        },
        &mut rng,
    )
    .unwrap();
    c.bench_function("sapling-spend-prove", |b| {
        let value_commitment = ValueCommitmentOpening {
            value: 1,
            randomness: jubjub::Fr::random(&mut rng),
        };
        let proof_generation_key = ProofGenerationKey {
            ak: jubjub::SubgroupPoint::random(&mut rng),
            nsk: jubjub::Fr::random(&mut rng),
        };
        let viewing_key = proof_generation_key.to_viewing_key();
        let payment_address;
        loop {
            let diversifier = {
                let mut d = [0; 11];
                rng.fill_bytes(&mut d);
                Diversifier(d)
            };
            if let Some(p) = viewing_key.to_payment_address(diversifier) {
                payment_address = p;
                break;
            }
        }
        let commitment_randomness = jubjub::Fr::random(&mut rng);
        let auth_path =
            vec![Some((bls12_381::Scalar::random(&mut rng), rng.next_u32() % 2 != 0)); TREE_DEPTH];
        let ar = jubjub::Fr::random(&mut rng);
        let anchor = bls12_381::Scalar::random(&mut rng);
        b.iter(|| {
            create_random_proof(
                Spend {
                    value_commitment_opening: Some(value_commitment.clone()),
                    proof_generation_key: Some(proof_generation_key.clone()),
                    payment_address: Some(payment_address),
                    commitment_randomness: Some(commitment_randomness),
                    ar: Some(ar),
                    auth_path: auth_path.clone(),
                    anchor: Some(anchor),
                },
                &groth_params,
                &mut rng,
            )
        });
    });
 }
 #[cfg(unix)]
 criterion_group! {
    name = benches;
    config = Criterion::default()
        .sample_size(10)
        .with_profiler(PProfProfiler::new(100, Output::Flamegraph(None)));
    targets = criterion_benchmark
 }
 #[cfg(windows)]
 criterion_group! {
    name = benches;
    config = Criterion::default().sample_size(10);
    targets = criterion_benchmark
 }
 criterion_main!(benches);
--- a/zcash_primitives/src/lib.rs
+++ b/zcash_primitives/src/lib.rs
@ -8,6 +8,9 @@
 #![deny(rustdoc::broken_intra_doc_links)]
 // Temporary until we have addressed all Result<T, ()> cases.
 #![allow(clippy::result_unit_err)]
 // Present to reduce refactoring noise from changing all the imports inside this crate for
 // the `sapling` crate extraction.
 #![allow(clippy::single_component_path_imports)]
 pub mod block;
 pub mod consensus;
@ -16,7 +19,7 @@ pub mod keys;
 pub mod legacy;
 pub mod memo;
 pub mod merkle_tree;
-pub use sapling;
+use sapling;
 pub mod transaction;
 pub use zip32;
 pub mod zip339;
--- a/zcash_proofs/Cargo.toml
+++ b/zcash_proofs/Cargo.toml
@ -28,6 +28,7 @@ jubjub.workspace = true
 lazy_static.workspace = true
 minreq = { version = "2", features = ["https"], optional = true }
 rand_core.workspace = true
 sapling.workspace = true
 tracing.workspace = true
 # Dependencies used internally:
--- a/zcash_proofs/src/lib.rs
+++ b/zcash_proofs/src/lib.rs
@ -11,7 +11,7 @@
 use bellman::groth16::{prepare_verifying_key, PreparedVerifyingKey, VerifyingKey};
 use bls12_381::Bls12;
-use zcash_primitives::sapling::circuit::{
+use sapling::circuit::{
    OutputParameters, PreparedOutputVerifyingKey, PreparedSpendVerifyingKey, SpendParameters,
 };
--- a/zcash_proofs/src/prover.rs
+++ b/zcash_proofs/src/prover.rs
@ -3,16 +3,14 @@
 use bellman::groth16::Proof;
 use bls12_381::Bls12;
 use std::path::Path;
-use zcash_primitives::{
+
-    sapling::{
+use sapling::{
-        self,
+    bundle::GrothProofBytes,
-        bundle::GrothProofBytes,
+    prover::{OutputProver, SpendProver},
-        prover::{OutputProver, SpendProver},
+    value::{NoteValue, ValueCommitTrapdoor},
-        value::{NoteValue, ValueCommitTrapdoor},
+    Diversifier, MerklePath, PaymentAddress, ProofGenerationKey, Rseed,
        Diversifier, MerklePath, PaymentAddress, ProofGenerationKey, Rseed,
    },
    transaction::components::GROTH_PROOF_SIZE,
 };
 use zcash_primitives::transaction::components::GROTH_PROOF_SIZE;
 use crate::{load_parameters, parse_parameters, OutputParameters, SpendParameters};