Auto merge of #3691 - ebfull:printsproutr1cs, r=daira

Allow user to ask server to save the Sprout R1CS to a file during startup. This adds an experimental feature `-savesproutr1cs` which can be used to save the file `r1cs` containing the constraint system used in the original launch of Zcash. The file is written to the parameters directory. This can be used to recover this file for verification of the Sprout MPC transcript and parameters.
2018-12-18 23:28:06 -08:00 · 2018-12-18 23:28:06 -08:00 · abd55f27f2
parent e84b865a55 685c0ab07f
commit abd55f27f2
3 changed files with 22 additions and 0 deletions
--- a/src/init.cpp
+++ b/src/init.cpp
@ -843,6 +843,8 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
            return InitError(_("Payment disclosure requires -experimentalfeatures."));
        } else if (mapArgs.count("-zmergetoaddress")) {
            return InitError(_("RPC method z_mergetoaddress requires -experimentalfeatures."));
+        } else if (mapArgs.count("-savesproutr1cs")) {
+            return InitError(_("Saving the Sprout R1CS requires -experimentalfeatures."));
        }
    }

@ -1222,6 +1224,14 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
    // Initialize Zcash circuit parameters
    ZC_LoadParams(chainparams);

+    if (GetBoolArg("-savesproutr1cs", false)) {
+        boost::filesystem::path r1cs_path = ZC_GetParamsDir() / "r1cs";
+
+        LogPrintf("Saving Sprout R1CS to %s\n", r1cs_path.string());
+
+        pzcashParams->saveR1CS(r1cs_path.string());
+    }
+
    /* Start the RPC server already.  It will be started in "warmup" mode
     * and not really process calls already (but it will signify connections
     * that the server is there and will be ready later).  Warmup mode will
--- a/src/zcash/JoinSplit.cpp
+++ b/src/zcash/JoinSplit.cpp
@ -101,6 +101,16 @@ public:
        saveToFile(pkPath, keypair.pk);
    }

+    void saveR1CS(std::string path)
+    {
+        protoboard<FieldT> pb;
+        joinsplit_gadget<FieldT, NumInputs, NumOutputs> g(pb);
+        g.generate_r1cs_constraints();
+        r1cs_constraint_system<FieldT> r1cs = pb.get_constraint_system();
+
+        saveToFile(path, r1cs);
+    }
+
    bool verify(
        const PHGRProof& proof,
        ProofVerifier& verifier,
--- a/src/zcash/JoinSplit.hpp
+++ b/src/zcash/JoinSplit.hpp
@ -67,6 +67,8 @@ public:
                         const uint256& joinSplitPubKey
                        );

+    virtual void saveR1CS(std::string path) = 0;
+
    // Compute nullifiers, macs, note commitments & encryptions, and SNARK proof
    virtual SproutProof prove(
        bool makeGrothProof,