From 7e6c53323a96dac762f8f01e6cb81b83fde95b5c Mon Sep 17 00:00:00 2001 From: Greg Pfeil Date: Tue, 6 Dec 2022 16:43:58 -0700 Subject: [PATCH] Improve PrivacyPolicy comments Co-authored-by: Daira Hopwood --- src/wallet/wallet.cpp | 4 ++-- src/wallet/wallet.h | 34 +++++++++++++++++++++++----------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp index 3723003eb..b1e74a2ad 100644 --- a/src/wallet/wallet.cpp +++ b/src/wallet/wallet.cpp @@ -7856,8 +7856,8 @@ bool TransactionStrategy::AllowLinkingAccountAddresses() const { return IsCompatibleWith(PrivacyPolicy::AllowLinkingAccountAddresses); } -bool TransactionStrategy::IsCompatibleWith(PrivacyPolicy requiredLevel) const { - return requestedLevel == PrivacyPolicyMeet(requestedLevel, requiredLevel); +bool TransactionStrategy::IsCompatibleWith(PrivacyPolicy policy) const { + return requestedLevel == PrivacyPolicyMeet(requestedLevel, policy); } bool ZTXOSelector::SelectsTransparent() const { diff --git a/src/wallet/wallet.h b/src/wallet/wallet.h index 041d73261..0b2e7b0b6 100644 --- a/src/wallet/wallet.h +++ b/src/wallet/wallet.h @@ -766,11 +766,15 @@ enum class PrivacyPolicy { NoPrivacy, }; -/** Returns the meet of two privacy policies. I.e., the strongest policy that is - * compatible with both of the provided policies. +/** + * Privacy policies form a lattice where the relation is “strictness”. I.e., + * `x ≤ y` means “Policy `x` allows at least everything that policy `y` allows.” * - * See https://github.com/zcash/zcash/issues/6240 for the graph that this - * models. + * This function returns the meet (greatest lower bound) of `a` and `b`, i.e. + * the strictest policy that allows everything allowed by `a` and also + * everything allowed by `b`. + * + * See #6240 for the graph that this models. */ PrivacyPolicy PrivacyPolicyMeet(PrivacyPolicy a, PrivacyPolicy b); @@ -795,13 +799,21 @@ public: bool AllowFullyTransparent() const; bool AllowLinkingAccountAddresses() const; - // A strategy is compatible with a given required level if - // it is as strong as, or weaker than, the required level. - // So, for example, if a transaction only requires FullPrivacy - // (the most restrictive policy) then that transaction can - // safely be constructed if the user specifies AllowRevealedRecipients, - // because the transaction will not reveal any recipients anyway. - bool IsCompatibleWith(PrivacyPolicy requiredLevel) const; + /** + * This strategy is compatible with a given policy if it is identical to or + * less strict than the policy. + * + * For example, if a transaction requires a policy no stricter than + * `AllowRevealedSenders`, then that transaction can safely be constructed + * if the user specifies `AllowLinkingAccountAddresses`, because + * `AllowLinkingAccountAddresses` is compatible with `AllowRevealedSenders` + * (the transaction will not link addresses anyway). However, if the + * transaction required `AllowRevealedRecipients`, it could not be + * constructed, because `AllowLinkingAccountAddresses` is _not_ compatible + * with `AllowRevealedRecipients` (the transaction reveals recipients, which + * is not allowed by `AllowLinkingAccountAddresses`. + */ + bool IsCompatibleWith(PrivacyPolicy policy) const; }; /**