This modifies wallet scanning to perform per-block batched
decryption. It also alters the structure of the `ScanningKey`
trait to correctly include internal (change) keys in the scan
process.
While it is necessary in the worst case to perform `m * n` decryptions,
where `m` is the number of outputs being decrypted and `n` is the number
of IVKs, it is possible to stop performing trial decryptions when the
first successful decryption is performed. Also, it's inconvenient and
unnecessary to return the full cartesian product of these results, as
only one IVK will decrypt a given output. This commit modifies batch
trial decryption to stop on the first successful decryption, and instead
of returning the cartesian product of results we return the index of the
input IVK along with the output it decrypted. Note that this means that
trial decryption is not constant-time with respect to the number and/or
order of IVKs.
This, along with the corresponding `TryFromRawAddress` trait, enables
converting `ZcashAddress` into a network-agnostic type.
Closeszcash/librustzcash#564.
This enables the user-defined conversions to be fallible, which they
will almost always want to be (as address data needs to be validated
before it can be used).
This provides the encoding corresponding to
`ZcashAddress::try_from_encoded` and documents the fact that the
`Display` instance can also provide this encoding.
Fixes#463
In a number of places, we transform other kinds of collections with
known length information into vectors simply to be able to use them with
`Vector::write` or `Vector::read`. We can avoid these extra allocations
by writing from iterators directly, and similarly by reading directly
into our desired collection types.
There are two canonical orderings for sealed items: preference
order and encoding order. Removing the `Ord` instances means
that a user can't accidentally choose the wrong ordering;
these orderings are replaced by explicit `preference_order`
and `encoding_order` comparison functions.
Several dependencies were copied over during the extraction of this
crate's logic from `zcash_primitives`, but are in fact only required for
the protocol-specific logic. We can also remove the `std` feature flag,
since we no longer have a dependency on `blake2b_simd` that needs its
`std` flag exposed for performance.
Previously we were returning the ciphertext as a slice, and then
asserting its length within the APIs the caller passed it into. Now
instead we require the caller to define whether or not the output is
compact, to make the API more predictable.
This doesn't place any additional constraints on users of this trait,
because the assertions already prevented a full output from being passed
to a compact trial decryption API.
`Domain::derive_esk` provides sufficient information to determine
whether or not we need to enforce `EphemeralSecretKey`-specific
decryption checks, as it returns `None` for pre-ZIP 212 notes.
`Domain::parse_note_plaintext_without_memo_ivk` is used with both full
note plaintexts and compact notes, so continues to accept a slice. For
all other `Domain` APIs, we constrain the input to `NotePlaintextBytes`
or `OutPlaintextBytes` as appropriate.
This renames the `FromReceivers` trait to `UnifiedEncoding` and makes
its public methods (as well as the private to_bytes method) function in
terms of network values rather than explicit HRP arguments. It also adds
high-level encoding and decoding methods that handle conversion to and
from the Bech32m-encoded transport format for all supported types, and
then delegates to these from locations that previously used lower-level
utilities.
This allows us to move to_bytes() into the private::SealedContainer
trait without introducing a circular dependency. This also lets us
move the Receivers type to a public trait.
The new `f4jumble_mut` and `f4jumble_inv_mut` functions take a `&mut [u8]`, and return a new `Error` type if the slice has an invalid length.
The original `f4jumble` and `f4jumble_inv` functions are now more efficient as they only allocate once.