mirror of https://github.com/zcash/orchard.git
Zsa builder (#4)
+ Updated test bsk_consistent_with_bvk to verify mixed note types. + Added NoteType support to the builder and the bundle. + added split_flag to SpentInfo and as input to the Circuit (currently commented out) + added conditional cv_sum calculation (currently commented out) + added padding to actions
This commit is contained in:
parent
088abc6de6
commit
1420f84932
|
@ -3,3 +3,5 @@
|
|||
Cargo.lock
|
||||
.vscode
|
||||
.idea
|
||||
action-circuit-layout.png
|
||||
proptest-regressions/*.txt
|
||||
|
|
|
@ -6,6 +6,7 @@ use criterion::{BenchmarkId, Criterion};
|
|||
#[cfg(unix)]
|
||||
use pprof::criterion::{Output, PProfProfiler};
|
||||
|
||||
use orchard::note::NoteType;
|
||||
use orchard::{
|
||||
builder::Builder,
|
||||
bundle::Flags,
|
||||
|
@ -32,7 +33,13 @@ fn criterion_benchmark(c: &mut Criterion) {
|
|||
);
|
||||
for _ in 0..num_recipients {
|
||||
builder
|
||||
.add_recipient(None, recipient, NoteValue::from_raw(10), None)
|
||||
.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(10),
|
||||
NoteType::native(),
|
||||
None,
|
||||
)
|
||||
.unwrap();
|
||||
}
|
||||
let bundle: Bundle<_, i64> = builder.build(rng).unwrap();
|
||||
|
|
|
@ -4,6 +4,7 @@ use orchard::{
|
|||
bundle::Flags,
|
||||
circuit::ProvingKey,
|
||||
keys::{FullViewingKey, PreparedIncomingViewingKey, Scope, SpendingKey},
|
||||
note::NoteType,
|
||||
note_encryption::{CompactAction, OrchardDomain},
|
||||
value::NoteValue,
|
||||
Anchor, Bundle,
|
||||
|
@ -52,10 +53,22 @@ fn bench_note_decryption(c: &mut Criterion) {
|
|||
// The builder pads to two actions, and shuffles their order. Add two recipients
|
||||
// so the first action is always decryptable.
|
||||
builder
|
||||
.add_recipient(None, recipient, NoteValue::from_raw(10), None)
|
||||
.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(10),
|
||||
NoteType::native(),
|
||||
None,
|
||||
)
|
||||
.unwrap();
|
||||
builder
|
||||
.add_recipient(None, recipient, NoteValue::from_raw(10), None)
|
||||
.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(10),
|
||||
NoteType::native(),
|
||||
None,
|
||||
)
|
||||
.unwrap();
|
||||
let bundle: Bundle<_, i64> = builder.build(rng).unwrap();
|
||||
bundle
|
||||
|
|
|
@ -126,7 +126,7 @@ pub(crate) mod testing {
|
|||
|
||||
use proptest::prelude::*;
|
||||
|
||||
use crate::note::NoteType;
|
||||
use crate::note::note_type::testing::arb_note_type;
|
||||
use crate::{
|
||||
note::{
|
||||
commitment::ExtractedNoteCommitment, nullifier::testing::arb_nullifier,
|
||||
|
@ -147,12 +147,13 @@ pub(crate) mod testing {
|
|||
nf in arb_nullifier(),
|
||||
rk in arb_spendauth_verification_key(),
|
||||
note in arb_note(output_value),
|
||||
note_type in arb_note_type()
|
||||
) -> Action<()> {
|
||||
let cmx = ExtractedNoteCommitment::from(note.commitment());
|
||||
let cv_net = ValueCommitment::derive(
|
||||
spend_value - output_value,
|
||||
ValueCommitTrapdoor::zero(),
|
||||
NoteType::native()
|
||||
note_type
|
||||
);
|
||||
// FIXME: make a real one from the note.
|
||||
let encrypted_note = TransmittedNoteCiphertext {
|
||||
|
@ -179,12 +180,13 @@ pub(crate) mod testing {
|
|||
note in arb_note(output_value),
|
||||
rng_seed in prop::array::uniform32(prop::num::u8::ANY),
|
||||
fake_sighash in prop::array::uniform32(prop::num::u8::ANY),
|
||||
note_type in arb_note_type()
|
||||
) -> Action<redpallas::Signature<SpendAuth>> {
|
||||
let cmx = ExtractedNoteCommitment::from(note.commitment());
|
||||
let cv_net = ValueCommitment::derive(
|
||||
spend_value - output_value,
|
||||
ValueCommitTrapdoor::zero(),
|
||||
NoteType::native()
|
||||
note_type
|
||||
);
|
||||
|
||||
// FIXME: make a real one from the note.
|
||||
|
|
131
src/builder.rs
131
src/builder.rs
|
@ -2,6 +2,7 @@
|
|||
|
||||
use core::fmt;
|
||||
use core::iter;
|
||||
use std::collections::HashMap;
|
||||
|
||||
use ff::Field;
|
||||
use nonempty::NonEmpty;
|
||||
|
@ -57,13 +58,15 @@ impl From<value::OverflowError> for Error {
|
|||
}
|
||||
|
||||
/// Information about a specific note to be spent in an [`Action`].
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct SpendInfo {
|
||||
pub(crate) dummy_sk: Option<SpendingKey>,
|
||||
pub(crate) fvk: FullViewingKey,
|
||||
pub(crate) scope: Scope,
|
||||
pub(crate) note: Note,
|
||||
pub(crate) merkle_path: MerklePath,
|
||||
// a flag to indicate whether the value of the note will be counted in the `ValueSum` of the action.
|
||||
pub(crate) split_flag: bool,
|
||||
}
|
||||
|
||||
impl SpendInfo {
|
||||
|
@ -84,14 +87,15 @@ impl SpendInfo {
|
|||
scope,
|
||||
note,
|
||||
merkle_path,
|
||||
split_flag: false,
|
||||
})
|
||||
}
|
||||
|
||||
/// Defined in [Zcash Protocol Spec § 4.8.3: Dummy Notes (Orchard)][orcharddummynotes].
|
||||
///
|
||||
/// [orcharddummynotes]: https://zips.z.cash/protocol/nu5.pdf#orcharddummynotes
|
||||
fn dummy(rng: &mut impl RngCore) -> Self {
|
||||
let (sk, fvk, note) = Note::dummy(rng, None);
|
||||
fn dummy(note_type: NoteType, rng: &mut impl RngCore) -> Self {
|
||||
let (sk, fvk, note) = Note::dummy(rng, None, note_type);
|
||||
let merkle_path = MerklePath::dummy(rng);
|
||||
|
||||
SpendInfo {
|
||||
|
@ -102,16 +106,26 @@ impl SpendInfo {
|
|||
scope: Scope::External,
|
||||
note,
|
||||
merkle_path,
|
||||
split_flag: false,
|
||||
}
|
||||
}
|
||||
|
||||
/// Duplicates the spend info and set the split flag to `true`.
|
||||
fn create_split_spend(&self) -> Self {
|
||||
let mut split_spend = SpendInfo::new(self.fvk.clone(), self.note, self.merkle_path.clone())
|
||||
.expect("The spend info is valid");
|
||||
split_spend.split_flag = true;
|
||||
split_spend
|
||||
}
|
||||
}
|
||||
|
||||
/// Information about a specific recipient to receive funds in an [`Action`].
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Clone)]
|
||||
struct RecipientInfo {
|
||||
ovk: Option<OutgoingViewingKey>,
|
||||
recipient: Address,
|
||||
value: NoteValue,
|
||||
note_type: NoteType,
|
||||
memo: Option<[u8; 512]>,
|
||||
}
|
||||
|
||||
|
@ -127,6 +141,7 @@ impl RecipientInfo {
|
|||
ovk: None,
|
||||
recipient,
|
||||
value: NoteValue::zero(),
|
||||
note_type: NoteType::native(),
|
||||
memo: None,
|
||||
}
|
||||
}
|
||||
|
@ -150,7 +165,17 @@ impl ActionInfo {
|
|||
}
|
||||
|
||||
/// Returns the value sum for this action.
|
||||
/// Split notes does not contribute to the value sum.
|
||||
fn value_sum(&self) -> ValueSum {
|
||||
// TODO: Aurel, uncomment when circuit for split flag is implemented.
|
||||
// let spent_value = self
|
||||
// .spend
|
||||
// .split_flag
|
||||
// .then(|| self.spend.note.value())
|
||||
// .unwrap_or_else(NoteValue::zero);
|
||||
//
|
||||
// spent_value - self.output.value
|
||||
|
||||
self.spend.note.value() - self.output.value
|
||||
}
|
||||
|
||||
|
@ -160,8 +185,15 @@ impl ActionInfo {
|
|||
///
|
||||
/// [orchardsend]: https://zips.z.cash/protocol/nu5.pdf#orchardsend
|
||||
fn build(self, mut rng: impl RngCore) -> (Action<SigningMetadata>, Circuit) {
|
||||
assert_eq!(
|
||||
self.output.note_type,
|
||||
self.spend.note.note_type(),
|
||||
"spend and recipient note types must be equal"
|
||||
);
|
||||
|
||||
let v_net = self.value_sum();
|
||||
let cv_net = ValueCommitment::derive(v_net, self.rcv, NoteType::native());
|
||||
let note_type = self.output.note_type;
|
||||
let cv_net = ValueCommitment::derive(v_net, self.rcv, note_type);
|
||||
|
||||
let nf_old = self.spend.note.nullifier(&self.spend.fvk);
|
||||
let ak: SpendValidatingKey = self.spend.fvk.clone().into();
|
||||
|
@ -275,6 +307,7 @@ impl Builder {
|
|||
scope,
|
||||
note,
|
||||
merkle_path,
|
||||
split_flag: false,
|
||||
});
|
||||
|
||||
Ok(())
|
||||
|
@ -286,6 +319,7 @@ impl Builder {
|
|||
ovk: Option<OutgoingViewingKey>,
|
||||
recipient: Address,
|
||||
value: NoteValue,
|
||||
note_type: NoteType,
|
||||
memo: Option<[u8; 512]>,
|
||||
) -> Result<(), &'static str> {
|
||||
if !self.flags.outputs_enabled() {
|
||||
|
@ -296,6 +330,7 @@ impl Builder {
|
|||
ovk,
|
||||
recipient,
|
||||
value,
|
||||
note_type,
|
||||
memo,
|
||||
});
|
||||
|
||||
|
@ -332,23 +367,31 @@ impl Builder {
|
|||
/// The returned bundle will have no proof or signatures; these can be applied with
|
||||
/// [`Bundle::create_proof`] and [`Bundle::apply_signatures`] respectively.
|
||||
pub fn build<V: TryFrom<i64>>(
|
||||
mut self,
|
||||
self,
|
||||
mut rng: impl RngCore,
|
||||
) -> Result<Bundle<InProgress<Unproven, Unauthorized>, V>, Error> {
|
||||
let mut pre_actions: Vec<_> = Vec::new();
|
||||
|
||||
// Pair up the spends and recipients, extending with dummy values as necessary.
|
||||
let pre_actions: Vec<_> = {
|
||||
let num_spends = self.spends.len();
|
||||
let num_recipients = self.recipients.len();
|
||||
for (note_type, (mut spends, mut recipients)) in partition(&self.spends, &self.recipients) {
|
||||
let num_spends = spends.len();
|
||||
let num_recipients = recipients.len();
|
||||
let num_actions = [num_spends, num_recipients, MIN_ACTIONS]
|
||||
.iter()
|
||||
.max()
|
||||
.cloned()
|
||||
.unwrap();
|
||||
|
||||
self.spends.extend(
|
||||
iter::repeat_with(|| SpendInfo::dummy(&mut rng)).take(num_actions - num_spends),
|
||||
// use the first spend to create split spend(s) or create a dummy if empty.
|
||||
let dummy_spend = spends.first().map_or_else(
|
||||
|| SpendInfo::dummy(note_type, &mut rng),
|
||||
|s| s.create_split_spend(),
|
||||
);
|
||||
self.recipients.extend(
|
||||
|
||||
// Extend the spends and recipients with dummy values.
|
||||
spends.extend(iter::repeat_with(|| dummy_spend.clone()).take(num_actions - num_spends));
|
||||
|
||||
recipients.extend(
|
||||
iter::repeat_with(|| RecipientInfo::dummy(&mut rng))
|
||||
.take(num_actions - num_recipients),
|
||||
);
|
||||
|
@ -356,15 +399,16 @@ impl Builder {
|
|||
// Shuffle the spends and recipients, so that learning the position of a
|
||||
// specific spent note or output note doesn't reveal anything on its own about
|
||||
// the meaning of that note in the transaction context.
|
||||
self.spends.shuffle(&mut rng);
|
||||
self.recipients.shuffle(&mut rng);
|
||||
spends.shuffle(&mut rng);
|
||||
recipients.shuffle(&mut rng);
|
||||
|
||||
self.spends
|
||||
.into_iter()
|
||||
.zip(self.recipients.into_iter())
|
||||
.map(|(spend, recipient)| ActionInfo::new(spend, recipient, &mut rng))
|
||||
.collect()
|
||||
};
|
||||
pre_actions.extend(
|
||||
spends
|
||||
.into_iter()
|
||||
.zip(recipients.into_iter())
|
||||
.map(|(spend, recipient)| ActionInfo::new(spend, recipient, &mut rng)),
|
||||
);
|
||||
}
|
||||
|
||||
// Move some things out of self that we will need.
|
||||
let flags = self.flags;
|
||||
|
@ -416,6 +460,30 @@ impl Builder {
|
|||
}
|
||||
}
|
||||
|
||||
/// partition a list of spends and recipients by note types.
|
||||
fn partition(
|
||||
spends: &[SpendInfo],
|
||||
recipients: &[RecipientInfo],
|
||||
) -> HashMap<NoteType, (Vec<SpendInfo>, Vec<RecipientInfo>)> {
|
||||
let mut hm = HashMap::new();
|
||||
|
||||
for s in spends.iter() {
|
||||
hm.entry(s.note.note_type())
|
||||
.or_insert((vec![], vec![]))
|
||||
.0
|
||||
.push(s.clone());
|
||||
}
|
||||
|
||||
for r in recipients.iter() {
|
||||
hm.entry(r.note_type)
|
||||
.or_insert((vec![], vec![]))
|
||||
.1
|
||||
.push(r.clone())
|
||||
}
|
||||
|
||||
hm
|
||||
}
|
||||
|
||||
/// Marker trait representing bundle signatures in the process of being created.
|
||||
pub trait InProgressSignatures: fmt::Debug {
|
||||
/// The authorization type of an Orchard action in the process of being authorized.
|
||||
|
@ -680,6 +748,7 @@ pub mod testing {
|
|||
use proptest::collection::vec;
|
||||
use proptest::prelude::*;
|
||||
|
||||
use crate::note::NoteType;
|
||||
use crate::{
|
||||
address::testing::arb_address,
|
||||
bundle::{Authorized, Bundle, Flags},
|
||||
|
@ -707,7 +776,7 @@ pub mod testing {
|
|||
sk: SpendingKey,
|
||||
anchor: Anchor,
|
||||
notes: Vec<(Note, MerklePath)>,
|
||||
recipient_amounts: Vec<(Address, NoteValue)>,
|
||||
recipient_amounts: Vec<(Address, NoteValue, NoteType)>,
|
||||
}
|
||||
|
||||
impl<R: RngCore + CryptoRng> ArbitraryBundleInputs<R> {
|
||||
|
@ -721,12 +790,12 @@ pub mod testing {
|
|||
builder.add_spend(fvk.clone(), note, path).unwrap();
|
||||
}
|
||||
|
||||
for (addr, value) in self.recipient_amounts.into_iter() {
|
||||
for (addr, value, note_type) in self.recipient_amounts.into_iter() {
|
||||
let scope = fvk.scope_for_address(&addr).unwrap();
|
||||
let ovk = fvk.to_ovk(scope);
|
||||
|
||||
builder
|
||||
.add_recipient(Some(ovk.clone()), addr, value, None)
|
||||
.add_recipient(Some(ovk.clone()), addr, value, note_type, None)
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
|
@ -760,9 +829,11 @@ pub mod testing {
|
|||
recipient_amounts in vec(
|
||||
arb_address().prop_flat_map(move |a| {
|
||||
arb_positive_note_value(MAX_NOTE_VALUE / n_recipients as u64)
|
||||
.prop_map(move |v| (a, v))
|
||||
.prop_map(move |v| {
|
||||
(a,v, NoteType::native())
|
||||
})
|
||||
}),
|
||||
n_recipients as usize
|
||||
n_recipients as usize,
|
||||
),
|
||||
rng_seed in prop::array::uniform32(prop::num::u8::ANY)
|
||||
) -> ArbitraryBundleInputs<StdRng> {
|
||||
|
@ -810,6 +881,8 @@ mod tests {
|
|||
use rand::rngs::OsRng;
|
||||
|
||||
use super::Builder;
|
||||
// use crate::keys::{IssuerAuthorizingKey, IssuerValidatingKey};
|
||||
use crate::note::NoteType;
|
||||
use crate::{
|
||||
bundle::{Authorized, Bundle, Flags},
|
||||
circuit::ProvingKey,
|
||||
|
@ -834,7 +907,13 @@ mod tests {
|
|||
);
|
||||
|
||||
builder
|
||||
.add_recipient(None, recipient, NoteValue::from_raw(5000), None)
|
||||
.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(5000),
|
||||
NoteType::native(),
|
||||
None,
|
||||
)
|
||||
.unwrap();
|
||||
let balance: i64 = builder.value_balance().unwrap();
|
||||
assert_eq!(balance, -5000);
|
||||
|
|
|
@ -977,7 +977,7 @@ mod tests {
|
|||
};
|
||||
|
||||
fn generate_circuit_instance<R: RngCore>(mut rng: R) -> (Circuit, Instance) {
|
||||
let (_, fvk, spent_note) = Note::dummy(&mut rng, None);
|
||||
let (_, fvk, spent_note) = Note::dummy(&mut rng, None, NoteType::native());
|
||||
|
||||
let sender_address = spent_note.recipient();
|
||||
let nk = *fvk.nk();
|
||||
|
@ -987,7 +987,7 @@ mod tests {
|
|||
let alpha = pallas::Scalar::random(&mut rng);
|
||||
let rk = ak.randomize(&alpha);
|
||||
|
||||
let (_, _, output_note) = Note::dummy(&mut rng, Some(nf_old));
|
||||
let (_, _, output_note) = Note::dummy(&mut rng, Some(nf_old), NoteType::native());
|
||||
let cmx = output_note.commitment().into();
|
||||
|
||||
let value = spent_note.value() - output_note.value();
|
||||
|
|
|
@ -176,6 +176,7 @@ impl Note {
|
|||
pub(crate) fn dummy(
|
||||
rng: &mut impl RngCore,
|
||||
rho: Option<Nullifier>,
|
||||
note_type: NoteType,
|
||||
) -> (SpendingKey, FullViewingKey, Self) {
|
||||
let sk = SpendingKey::random(rng);
|
||||
let fvk: FullViewingKey = (&sk).into();
|
||||
|
@ -184,7 +185,7 @@ impl Note {
|
|||
let note = Note::new(
|
||||
recipient,
|
||||
NoteValue::zero(),
|
||||
NoteType::native(),
|
||||
note_type,
|
||||
rho.unwrap_or_else(|| Nullifier::dummy(rng)),
|
||||
rng,
|
||||
);
|
||||
|
@ -202,7 +203,7 @@ impl Note {
|
|||
self.value
|
||||
}
|
||||
|
||||
/// Returns the note type
|
||||
/// Returns the note type of this note.
|
||||
pub fn note_type(&self) -> NoteType {
|
||||
self.note_type
|
||||
}
|
||||
|
@ -309,7 +310,7 @@ pub mod testing {
|
|||
}
|
||||
|
||||
prop_compose! {
|
||||
/// Generate an action without authorization data.
|
||||
/// Generate an arbitrary note
|
||||
pub fn arb_note(value: NoteValue)(
|
||||
recipient in arb_address(),
|
||||
rho in arb_nullifier(),
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
use group::GroupEncoding;
|
||||
use halo2_proofs::arithmetic::CurveExt;
|
||||
use pasta_curves::pallas;
|
||||
use std::hash::{Hash, Hasher};
|
||||
|
||||
use subtle::{Choice, ConstantTimeEq, CtOption};
|
||||
|
||||
use crate::constants::fixed_bases::{VALUE_COMMITMENT_PERSONALIZATION, VALUE_COMMITMENT_V_BYTES};
|
||||
use crate::keys::IssuerValidatingKey;
|
||||
|
||||
/// Note type identifier.
|
||||
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
|
||||
pub struct NoteType(pub(crate) pallas::Point);
|
||||
#[derive(Clone, Copy, Debug, Eq)]
|
||||
pub struct NoteType(pallas::Point);
|
||||
|
||||
const MAX_ASSET_DESCRIPTION_SIZE: usize = 512;
|
||||
pub const MAX_ASSET_DESCRIPTION_SIZE: usize = 512;
|
||||
|
||||
// the hasher used to derive the assetID
|
||||
#[allow(non_snake_case)]
|
||||
|
@ -62,16 +64,29 @@ impl NoteType {
|
|||
}
|
||||
}
|
||||
|
||||
impl Hash for NoteType {
|
||||
fn hash<H: Hasher>(&self, h: &mut H) {
|
||||
h.write(&self.to_bytes());
|
||||
h.finish();
|
||||
}
|
||||
}
|
||||
|
||||
impl PartialEq for NoteType {
|
||||
fn eq(&self, other: &Self) -> bool {
|
||||
bool::from(self.0.ct_eq(&other.0))
|
||||
}
|
||||
}
|
||||
|
||||
/// Generators for property testing.
|
||||
#[cfg(any(test, feature = "test-dependencies"))]
|
||||
#[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))]
|
||||
pub mod testing {
|
||||
use super::NoteType;
|
||||
|
||||
use proptest::prelude::*;
|
||||
|
||||
use crate::keys::{testing::arb_spending_key, IssuerAuthorizingKey, IssuerValidatingKey};
|
||||
|
||||
use super::NoteType;
|
||||
|
||||
prop_compose! {
|
||||
/// Generate a uniformly distributed note type
|
||||
pub fn arb_note_type()(
|
||||
|
@ -89,4 +104,12 @@ pub mod testing {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
prop_compose! {
|
||||
/// Generate the native note type
|
||||
pub fn native_note_type()(_i in 0..10) -> NoteType {
|
||||
// TODO: remove _i
|
||||
NoteType::native()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -409,6 +409,7 @@ mod tests {
|
|||
EphemeralKeyBytes,
|
||||
};
|
||||
|
||||
use super::{prf_ock_orchard, CompactAction, OrchardDomain, OrchardNoteEncryption};
|
||||
use crate::note::NoteType;
|
||||
use crate::{
|
||||
action::Action,
|
||||
|
@ -426,7 +427,6 @@ mod tests {
|
|||
};
|
||||
|
||||
use super::{get_note_version, orchard_parse_note_plaintext_without_memo};
|
||||
use super::{prf_ock_orchard, CompactAction, OrchardDomain, OrchardNoteEncryption};
|
||||
|
||||
proptest! {
|
||||
#[test]
|
||||
|
@ -453,6 +453,7 @@ mod tests {
|
|||
// Check.
|
||||
assert_eq!(parsed_note, note);
|
||||
assert_eq!(parsed_recipient, note.recipient());
|
||||
|
||||
if parsed_note.note_type().is_native().into() {
|
||||
assert_eq!(parsed_version, 0x02);
|
||||
assert_eq!(&parsed_memo, memo);
|
||||
|
@ -508,17 +509,13 @@ mod tests {
|
|||
assert_eq!(ock.as_ref(), tv.ock);
|
||||
|
||||
let recipient = Address::from_parts(d, pk_d);
|
||||
<<<<<<< HEAD
|
||||
let note = Note::from_parts(recipient, value, NoteType::native(), rho, rseed).unwrap();
|
||||
=======
|
||||
|
||||
let note_type = match tv.note_type {
|
||||
None => NoteType::native(),
|
||||
Some(type_bytes) => NoteType::from_bytes(&type_bytes).unwrap(),
|
||||
};
|
||||
|
||||
let note = Note::from_parts(recipient, value, note_type, rho, rseed);
|
||||
>>>>>>> ZSA note encryption in Orchard crate (#3)
|
||||
let note = Note::from_parts(recipient, value, note_type, rho, rseed).unwrap();
|
||||
assert_eq!(ExtractedNoteCommitment::from(note.commitment()), cmx);
|
||||
|
||||
let action = Action::from_parts(
|
||||
|
|
|
@ -77,7 +77,7 @@ impl Anchor {
|
|||
|
||||
/// The Merkle path from a leaf of the note commitment tree
|
||||
/// to its anchor.
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct MerklePath {
|
||||
position: u32,
|
||||
auth_path: [MerkleHashOrchard; MERKLE_DEPTH_ORCHARD],
|
||||
|
|
76
src/value.rs
76
src/value.rs
|
@ -40,6 +40,7 @@
|
|||
use core::fmt::{self, Debug};
|
||||
use core::iter::Sum;
|
||||
use core::ops::{Add, RangeInclusive, Sub};
|
||||
use std::ops::Neg;
|
||||
|
||||
use bitvec::{array::BitArray, order::Lsb0};
|
||||
use ff::{Field, PrimeField};
|
||||
|
@ -189,6 +190,18 @@ impl Add for ValueSum {
|
|||
}
|
||||
}
|
||||
|
||||
impl Neg for ValueSum {
|
||||
type Output = Option<ValueSum>;
|
||||
|
||||
#[allow(clippy::suspicious_arithmetic_impl)]
|
||||
fn neg(self) -> Self::Output {
|
||||
self.0
|
||||
.checked_neg()
|
||||
.filter(|v| VALUE_SUM_RANGE.contains(v))
|
||||
.map(ValueSum)
|
||||
}
|
||||
}
|
||||
|
||||
impl<'a> Sum<&'a ValueSum> for Result<ValueSum, OverflowError> {
|
||||
fn sum<I: Iterator<Item = &'a ValueSum>>(iter: I) -> Self {
|
||||
iter.fold(Ok(ValueSum(0)), |acc, v| (acc? + *v).ok_or(OverflowError))
|
||||
|
@ -423,7 +436,8 @@ pub mod testing {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crate::note::note_type::testing::arb_note_type;
|
||||
use crate::note::note_type::testing::{arb_note_type, native_note_type};
|
||||
|
||||
use crate::note::NoteType;
|
||||
use proptest::prelude::*;
|
||||
|
||||
|
@ -433,24 +447,42 @@ mod tests {
|
|||
};
|
||||
use crate::primitives::redpallas;
|
||||
|
||||
fn _bsk_consistent_with_bvk(values: &[(ValueSum, ValueCommitTrapdoor)], note_type: NoteType) {
|
||||
let value_balance = values
|
||||
fn _bsk_consistent_with_bvk(
|
||||
native_values: &[(ValueSum, ValueCommitTrapdoor, NoteType)],
|
||||
arb_values: &[(ValueSum, ValueCommitTrapdoor, NoteType)],
|
||||
neg_trapdoors: &[ValueCommitTrapdoor],
|
||||
) {
|
||||
// for each arb value, create a negative value with a different trapdoor
|
||||
let neg_arb_values: Vec<_> = arb_values
|
||||
.iter()
|
||||
.map(|(value, _)| value)
|
||||
.cloned()
|
||||
.zip(neg_trapdoors.iter().cloned())
|
||||
.map(|((value, _, note_type), rcv)| ((-value).unwrap(), rcv, note_type))
|
||||
.collect();
|
||||
|
||||
let native_value_balance = native_values
|
||||
.iter()
|
||||
.map(|(value, _, _)| value)
|
||||
.sum::<Result<ValueSum, OverflowError>>()
|
||||
.expect("we generate values that won't overflow");
|
||||
|
||||
let values = [native_values, arb_values, &neg_arb_values].concat();
|
||||
|
||||
let bsk = values
|
||||
.iter()
|
||||
.map(|(_, rcv)| rcv)
|
||||
.map(|(_, rcv, _)| rcv)
|
||||
.sum::<ValueCommitTrapdoor>()
|
||||
.into_bsk();
|
||||
|
||||
let bvk = (values
|
||||
.iter()
|
||||
.map(|(value, rcv)| ValueCommitment::derive(*value, *rcv, note_type))
|
||||
.map(|(value, rcv, note_type)| ValueCommitment::derive(*value, *rcv, *note_type))
|
||||
.sum::<ValueCommitment>()
|
||||
- ValueCommitment::derive(value_balance, ValueCommitTrapdoor::zero(), note_type))
|
||||
- ValueCommitment::derive(
|
||||
native_value_balance,
|
||||
ValueCommitTrapdoor::zero(),
|
||||
NoteType::native(),
|
||||
))
|
||||
.into_bvk();
|
||||
|
||||
assert_eq!(redpallas::VerificationKey::from(&bsk), bvk);
|
||||
|
@ -458,18 +490,34 @@ mod tests {
|
|||
|
||||
proptest! {
|
||||
#[test]
|
||||
fn bsk_consistent_with_bvk(
|
||||
values in (1usize..10).prop_flat_map(|n_values|
|
||||
fn bsk_consistent_with_bvk_native_only(
|
||||
native_values in (1usize..10).prop_flat_map(|n_values|
|
||||
arb_note_value_bounded(MAX_NOTE_VALUE / n_values as u64).prop_flat_map(move |bound|
|
||||
prop::collection::vec((arb_value_sum_bounded(bound), arb_trapdoor()), n_values)
|
||||
prop::collection::vec((arb_value_sum_bounded(bound), arb_trapdoor(), native_note_type()), n_values)
|
||||
)
|
||||
),
|
||||
arb_note_type in arb_note_type(),
|
||||
) {
|
||||
// Test with native note type (zec) only
|
||||
_bsk_consistent_with_bvk(&native_values, &[], &[]);
|
||||
}
|
||||
}
|
||||
|
||||
proptest! {
|
||||
#[test]
|
||||
fn bsk_consistent_with_bvk(
|
||||
native_values in (1usize..10).prop_flat_map(|n_values|
|
||||
arb_note_value_bounded(MAX_NOTE_VALUE / n_values as u64).prop_flat_map(move |bound|
|
||||
prop::collection::vec((arb_value_sum_bounded(bound), arb_trapdoor(), native_note_type()), n_values)
|
||||
)
|
||||
),
|
||||
(arb_values,neg_trapdoors) in (1usize..10).prop_flat_map(|n_values|
|
||||
(arb_note_value_bounded(MAX_NOTE_VALUE / n_values as u64).prop_flat_map(move |bound|
|
||||
prop::collection::vec((arb_value_sum_bounded(bound), arb_trapdoor(), arb_note_type()), n_values)
|
||||
), prop::collection::vec(arb_trapdoor(), n_values))
|
||||
),
|
||||
) {
|
||||
// Test with native note type (zec)
|
||||
_bsk_consistent_with_bvk(&values, NoteType::native());
|
||||
// Test with arbitrary note type
|
||||
_bsk_consistent_with_bvk(&values, arb_note_type);
|
||||
_bsk_consistent_with_bvk(&native_values, &arb_values, &neg_trapdoors);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use incrementalmerkletree::{bridgetree::BridgeTree, Hashable, Tree};
|
||||
use orchard::note::NoteType;
|
||||
use orchard::{
|
||||
builder::Builder,
|
||||
bundle::{Authorized, Flags},
|
||||
|
@ -43,7 +44,13 @@ fn bundle_chain() {
|
|||
|
||||
let mut builder = Builder::new(Flags::from_parts(false, true), anchor);
|
||||
assert_eq!(
|
||||
builder.add_recipient(None, recipient, NoteValue::from_raw(5000), None),
|
||||
builder.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(5000),
|
||||
NoteType::native(),
|
||||
None
|
||||
),
|
||||
Ok(())
|
||||
);
|
||||
let unauthorized = builder.build(&mut rng).unwrap();
|
||||
|
@ -85,7 +92,13 @@ fn bundle_chain() {
|
|||
let mut builder = Builder::new(Flags::from_parts(true, true), anchor);
|
||||
assert_eq!(builder.add_spend(fvk, note, merkle_path), Ok(()));
|
||||
assert_eq!(
|
||||
builder.add_recipient(None, recipient, NoteValue::from_raw(5000), None),
|
||||
builder.add_recipient(
|
||||
None,
|
||||
recipient,
|
||||
NoteValue::from_raw(5000),
|
||||
NoteType::native(),
|
||||
None
|
||||
),
|
||||
Ok(())
|
||||
);
|
||||
let unauthorized = builder.build(&mut rng).unwrap();
|
||||
|
|
Loading…
Reference in New Issue