Improve/Fix variable names
ZCProof was too general. pubKeyHash was actually the JoinSplit pubkey itself.
This commit is contained in:
parent
847df81f09
commit
e1a3461cc2
|
@ -39,7 +39,7 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
uint256 randomSeed;
|
uint256 randomSeed;
|
||||||
uint64_t vpub_old = 10;
|
uint64_t vpub_old = 10;
|
||||||
uint64_t vpub_new = 0;
|
uint64_t vpub_new = 0;
|
||||||
uint256 pubKeyHash = random_uint256();
|
uint256 joinSplitPubKey = random_uint256();
|
||||||
std::array<uint256, 2> macs;
|
std::array<uint256, 2> macs;
|
||||||
std::array<uint256, 2> nullifiers;
|
std::array<uint256, 2> nullifiers;
|
||||||
std::array<uint256, 2> commitments;
|
std::array<uint256, 2> commitments;
|
||||||
|
@ -68,7 +68,7 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
output_notes,
|
output_notes,
|
||||||
ciphertexts,
|
ciphertexts,
|
||||||
ephemeralKey,
|
ephemeralKey,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -79,13 +79,13 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
auto sprout_proof = boost::get<ZCProof>(proof);
|
auto sprout_proof = boost::get<PHGRProof>(proof);
|
||||||
|
|
||||||
// Verify the transaction:
|
// Verify the transaction:
|
||||||
ASSERT_TRUE(js->verify(
|
ASSERT_TRUE(js->verify(
|
||||||
sprout_proof,
|
sprout_proof,
|
||||||
verifier,
|
verifier,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -97,7 +97,7 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
|
|
||||||
// Recipient should decrypt
|
// Recipient should decrypt
|
||||||
// Now the recipient should spend the money again
|
// Now the recipient should spend the money again
|
||||||
auto h_sig = js->h_sig(randomSeed, nullifiers, pubKeyHash);
|
auto h_sig = js->h_sig(randomSeed, nullifiers, joinSplitPubKey);
|
||||||
ZCNoteDecryption decryptor(recipient_key.receiving_key());
|
ZCNoteDecryption decryptor(recipient_key.receiving_key());
|
||||||
|
|
||||||
auto note_pt = SproutNotePlaintext::decrypt(
|
auto note_pt = SproutNotePlaintext::decrypt(
|
||||||
|
@ -120,7 +120,7 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
vpub_old = 0;
|
vpub_old = 0;
|
||||||
vpub_new = 1;
|
vpub_new = 1;
|
||||||
rt = tree.root();
|
rt = tree.root();
|
||||||
pubKeyHash = random_uint256();
|
joinSplitPubKey = random_uint256();
|
||||||
|
|
||||||
{
|
{
|
||||||
std::array<JSInput, 2> inputs = {
|
std::array<JSInput, 2> inputs = {
|
||||||
|
@ -146,7 +146,7 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
output_notes,
|
output_notes,
|
||||||
ciphertexts,
|
ciphertexts,
|
||||||
ephemeralKey,
|
ephemeralKey,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -157,13 +157,13 @@ void test_full_api(ZCJoinSplit* js)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
sprout_proof = boost::get<ZCProof>(proof);
|
sprout_proof = boost::get<PHGRProof>(proof);
|
||||||
|
|
||||||
// Verify the transaction:
|
// Verify the transaction:
|
||||||
ASSERT_TRUE(js->verify(
|
ASSERT_TRUE(js->verify(
|
||||||
sprout_proof,
|
sprout_proof,
|
||||||
verifier,
|
verifier,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -186,7 +186,7 @@ void invokeAPI(
|
||||||
) {
|
) {
|
||||||
uint256 ephemeralKey;
|
uint256 ephemeralKey;
|
||||||
uint256 randomSeed;
|
uint256 randomSeed;
|
||||||
uint256 pubKeyHash = random_uint256();
|
uint256 joinSplitPubKey = random_uint256();
|
||||||
std::array<uint256, 2> macs;
|
std::array<uint256, 2> macs;
|
||||||
std::array<uint256, 2> nullifiers;
|
std::array<uint256, 2> nullifiers;
|
||||||
std::array<uint256, 2> commitments;
|
std::array<uint256, 2> commitments;
|
||||||
|
@ -201,7 +201,7 @@ void invokeAPI(
|
||||||
output_notes,
|
output_notes,
|
||||||
ciphertexts,
|
ciphertexts,
|
||||||
ephemeralKey,
|
ephemeralKey,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -241,9 +241,9 @@ TEST(joinsplit, h_sig)
|
||||||
import pyblake2
|
import pyblake2
|
||||||
import binascii
|
import binascii
|
||||||
|
|
||||||
def hSig(randomSeed, nf1, nf2, pubKeyHash):
|
def hSig(randomSeed, nf1, nf2, joinSplitPubKey):
|
||||||
return pyblake2.blake2b(
|
return pyblake2.blake2b(
|
||||||
data=(randomSeed + nf1 + nf2 + pubKeyHash),
|
data=(randomSeed + nf1 + nf2 + joinSplitPubKey),
|
||||||
digest_size=32,
|
digest_size=32,
|
||||||
person=b"ZcashComputehSig"
|
person=b"ZcashComputehSig"
|
||||||
).digest()
|
).digest()
|
||||||
|
|
|
@ -241,7 +241,7 @@ TEST(proofs, sqrt_fq2)
|
||||||
|
|
||||||
TEST(proofs, size_is_expected)
|
TEST(proofs, size_is_expected)
|
||||||
{
|
{
|
||||||
ZCProof p;
|
PHGRProof p;
|
||||||
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
|
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
|
||||||
ss << p;
|
ss << p;
|
||||||
|
|
||||||
|
@ -444,7 +444,7 @@ TEST(proofs, zksnark_serializes_properly)
|
||||||
auto vkprecomp = libsnark::r1cs_ppzksnark_verifier_process_vk(kp.vk);
|
auto vkprecomp = libsnark::r1cs_ppzksnark_verifier_process_vk(kp.vk);
|
||||||
|
|
||||||
for (size_t i = 0; i < 20; i++) {
|
for (size_t i = 0; i < 20; i++) {
|
||||||
auto badproof = ZCProof::random_invalid();
|
auto badproof = PHGRProof::random_invalid();
|
||||||
auto proof = badproof.to_libsnark_proof<libsnark::r1cs_ppzksnark_proof<curve_pp>>();
|
auto proof = badproof.to_libsnark_proof<libsnark::r1cs_ppzksnark_proof<curve_pp>>();
|
||||||
|
|
||||||
auto verifierEnabled = ProofVerifier::Strict();
|
auto verifierEnabled = ProofVerifier::Strict();
|
||||||
|
@ -496,12 +496,12 @@ TEST(proofs, zksnark_serializes_properly)
|
||||||
proof
|
proof
|
||||||
));
|
));
|
||||||
|
|
||||||
ZCProof compressed_proof_0(proof);
|
PHGRProof compressed_proof_0(proof);
|
||||||
|
|
||||||
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
|
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
|
||||||
ss << compressed_proof_0;
|
ss << compressed_proof_0;
|
||||||
|
|
||||||
ZCProof compressed_proof_1;
|
PHGRProof compressed_proof_1;
|
||||||
ss >> compressed_proof_1;
|
ss >> compressed_proof_1;
|
||||||
|
|
||||||
ASSERT_TRUE(compressed_proof_0 == compressed_proof_1);
|
ASSERT_TRUE(compressed_proof_0 == compressed_proof_1);
|
||||||
|
|
|
@ -31,7 +31,7 @@ TEST(Transaction, JSDescriptionRandomized) {
|
||||||
auto witness = merkleTree.witness();
|
auto witness = merkleTree.witness();
|
||||||
|
|
||||||
// create JSDescription
|
// create JSDescription
|
||||||
uint256 pubKeyHash;
|
uint256 joinSplitPubKey;
|
||||||
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS> inputs = {
|
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS> inputs = {
|
||||||
libzcash::JSInput(witness, note, k),
|
libzcash::JSInput(witness, note, k),
|
||||||
libzcash::JSInput() // dummy input of zero value
|
libzcash::JSInput() // dummy input of zero value
|
||||||
|
@ -46,7 +46,7 @@ TEST(Transaction, JSDescriptionRandomized) {
|
||||||
{
|
{
|
||||||
auto jsdesc = JSDescription::Randomized(
|
auto jsdesc = JSDescription::Randomized(
|
||||||
false,
|
false,
|
||||||
*params, pubKeyHash, rt,
|
*params, joinSplitPubKey, rt,
|
||||||
inputs, outputs,
|
inputs, outputs,
|
||||||
inputMap, outputMap,
|
inputMap, outputMap,
|
||||||
0, 0, false);
|
0, 0, false);
|
||||||
|
@ -63,7 +63,7 @@ TEST(Transaction, JSDescriptionRandomized) {
|
||||||
{
|
{
|
||||||
auto jsdesc = JSDescription::Randomized(
|
auto jsdesc = JSDescription::Randomized(
|
||||||
false,
|
false,
|
||||||
*params, pubKeyHash, rt,
|
*params, joinSplitPubKey, rt,
|
||||||
inputs, outputs,
|
inputs, outputs,
|
||||||
inputMap, outputMap,
|
inputMap, outputMap,
|
||||||
0, 0, false, nullptr, GenZero);
|
0, 0, false, nullptr, GenZero);
|
||||||
|
@ -77,7 +77,7 @@ TEST(Transaction, JSDescriptionRandomized) {
|
||||||
{
|
{
|
||||||
auto jsdesc = JSDescription::Randomized(
|
auto jsdesc = JSDescription::Randomized(
|
||||||
false,
|
false,
|
||||||
*params, pubKeyHash, rt,
|
*params, joinSplitPubKey, rt,
|
||||||
inputs, outputs,
|
inputs, outputs,
|
||||||
inputMap, outputMap,
|
inputMap, outputMap,
|
||||||
0, 0, false, nullptr, GenMax);
|
0, 0, false, nullptr, GenMax);
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
JSDescription::JSDescription(
|
JSDescription::JSDescription(
|
||||||
bool makeGrothProof,
|
bool makeGrothProof,
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& anchor,
|
const uint256& anchor,
|
||||||
const std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
const std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
||||||
const std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
const std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
||||||
|
@ -33,7 +33,7 @@ JSDescription::JSDescription(
|
||||||
notes,
|
notes,
|
||||||
ciphertexts,
|
ciphertexts,
|
||||||
ephemeralKey,
|
ephemeralKey,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
randomSeed,
|
randomSeed,
|
||||||
macs,
|
macs,
|
||||||
nullifiers,
|
nullifiers,
|
||||||
|
@ -49,7 +49,7 @@ JSDescription::JSDescription(
|
||||||
JSDescription JSDescription::Randomized(
|
JSDescription JSDescription::Randomized(
|
||||||
bool makeGrothProof,
|
bool makeGrothProof,
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& anchor,
|
const uint256& anchor,
|
||||||
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
||||||
std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
||||||
|
@ -73,7 +73,7 @@ JSDescription JSDescription::Randomized(
|
||||||
|
|
||||||
return JSDescription(
|
return JSDescription(
|
||||||
makeGrothProof,
|
makeGrothProof,
|
||||||
params, pubKeyHash, anchor, inputs, outputs,
|
params, joinSplitPubKey, anchor, inputs, outputs,
|
||||||
vpub_old, vpub_new, computeProof,
|
vpub_old, vpub_new, computeProof,
|
||||||
esk // payment disclosure
|
esk // payment disclosure
|
||||||
);
|
);
|
||||||
|
@ -83,23 +83,23 @@ class SproutProofVerifier : public boost::static_visitor<bool>
|
||||||
{
|
{
|
||||||
ZCJoinSplit& params;
|
ZCJoinSplit& params;
|
||||||
libzcash::ProofVerifier& verifier;
|
libzcash::ProofVerifier& verifier;
|
||||||
const uint256& pubKeyHash;
|
const uint256& joinSplitPubKey;
|
||||||
const JSDescription& jsdesc;
|
const JSDescription& jsdesc;
|
||||||
|
|
||||||
public:
|
public:
|
||||||
SproutProofVerifier(
|
SproutProofVerifier(
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
libzcash::ProofVerifier& verifier,
|
libzcash::ProofVerifier& verifier,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const JSDescription& jsdesc
|
const JSDescription& jsdesc
|
||||||
) : params(params), jsdesc(jsdesc), verifier(verifier), pubKeyHash(pubKeyHash) {}
|
) : params(params), jsdesc(jsdesc), verifier(verifier), joinSplitPubKey(joinSplitPubKey) {}
|
||||||
|
|
||||||
bool operator()(const libzcash::ZCProof& proof) const
|
bool operator()(const libzcash::PHGRProof& proof) const
|
||||||
{
|
{
|
||||||
return params.verify(
|
return params.verify(
|
||||||
proof,
|
proof,
|
||||||
verifier,
|
verifier,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
jsdesc.randomSeed,
|
jsdesc.randomSeed,
|
||||||
jsdesc.macs,
|
jsdesc.macs,
|
||||||
jsdesc.nullifiers,
|
jsdesc.nullifiers,
|
||||||
|
@ -112,7 +112,7 @@ public:
|
||||||
|
|
||||||
bool operator()(const libzcash::GrothProof& proof) const
|
bool operator()(const libzcash::GrothProof& proof) const
|
||||||
{
|
{
|
||||||
uint256 h_sig = params.h_sig(jsdesc.randomSeed, jsdesc.nullifiers, pubKeyHash);
|
uint256 h_sig = params.h_sig(jsdesc.randomSeed, jsdesc.nullifiers, joinSplitPubKey);
|
||||||
|
|
||||||
return librustzcash_sprout_verify(
|
return librustzcash_sprout_verify(
|
||||||
proof.begin(),
|
proof.begin(),
|
||||||
|
@ -133,15 +133,15 @@ public:
|
||||||
bool JSDescription::Verify(
|
bool JSDescription::Verify(
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
libzcash::ProofVerifier& verifier,
|
libzcash::ProofVerifier& verifier,
|
||||||
const uint256& pubKeyHash
|
const uint256& joinSplitPubKey
|
||||||
) const {
|
) const {
|
||||||
auto pv = SproutProofVerifier(params, verifier, pubKeyHash, *this);
|
auto pv = SproutProofVerifier(params, verifier, joinSplitPubKey, *this);
|
||||||
return boost::apply_visitor(pv, proof);
|
return boost::apply_visitor(pv, proof);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint256 JSDescription::h_sig(ZCJoinSplit& params, const uint256& pubKeyHash) const
|
uint256 JSDescription::h_sig(ZCJoinSplit& params, const uint256& joinSplitPubKey) const
|
||||||
{
|
{
|
||||||
return params.h_sig(randomSeed, nullifiers, pubKeyHash);
|
return params.h_sig(randomSeed, nullifiers, joinSplitPubKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string COutPoint::ToString() const
|
std::string COutPoint::ToString() const
|
||||||
|
|
|
@ -154,7 +154,7 @@ class SproutProofSerializer : public boost::static_visitor<>
|
||||||
public:
|
public:
|
||||||
SproutProofSerializer(Stream& s, bool useGroth) : s(s), useGroth(useGroth) {}
|
SproutProofSerializer(Stream& s, bool useGroth) : s(s), useGroth(useGroth) {}
|
||||||
|
|
||||||
void operator()(const libzcash::ZCProof& proof) const
|
void operator()(const libzcash::PHGRProof& proof) const
|
||||||
{
|
{
|
||||||
if (useGroth) {
|
if (useGroth) {
|
||||||
throw std::ios_base::failure("Invalid Sprout proof for transaction format (expected GrothProof, found PHGRProof)");
|
throw std::ios_base::failure("Invalid Sprout proof for transaction format (expected GrothProof, found PHGRProof)");
|
||||||
|
@ -186,7 +186,7 @@ inline void SerReadWriteSproutProof(Stream& s, T& proof, bool useGroth, CSerActi
|
||||||
::Unserialize(s, grothProof);
|
::Unserialize(s, grothProof);
|
||||||
proof = grothProof;
|
proof = grothProof;
|
||||||
} else {
|
} else {
|
||||||
libzcash::ZCProof pghrProof;
|
libzcash::PHGRProof pghrProof;
|
||||||
::Unserialize(s, pghrProof);
|
::Unserialize(s, pghrProof);
|
||||||
proof = pghrProof;
|
proof = pghrProof;
|
||||||
}
|
}
|
||||||
|
@ -245,7 +245,7 @@ public:
|
||||||
JSDescription(
|
JSDescription(
|
||||||
bool makeGrothProof,
|
bool makeGrothProof,
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& rt,
|
const uint256& rt,
|
||||||
const std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
const std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
||||||
const std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
const std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
||||||
|
@ -258,7 +258,7 @@ public:
|
||||||
static JSDescription Randomized(
|
static JSDescription Randomized(
|
||||||
bool makeGrothProof,
|
bool makeGrothProof,
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& rt,
|
const uint256& rt,
|
||||||
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
|
||||||
std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
std::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
|
||||||
|
@ -275,11 +275,11 @@ public:
|
||||||
bool Verify(
|
bool Verify(
|
||||||
ZCJoinSplit& params,
|
ZCJoinSplit& params,
|
||||||
libzcash::ProofVerifier& verifier,
|
libzcash::ProofVerifier& verifier,
|
||||||
const uint256& pubKeyHash
|
const uint256& joinSplitPubKey
|
||||||
) const;
|
) const;
|
||||||
|
|
||||||
// Returns the calculated h_sig
|
// Returns the calculated h_sig
|
||||||
uint256 h_sig(ZCJoinSplit& params, const uint256& pubKeyHash) const;
|
uint256 h_sig(ZCJoinSplit& params, const uint256& joinSplitPubKey) const;
|
||||||
|
|
||||||
ADD_SERIALIZE_METHODS;
|
ADD_SERIALIZE_METHODS;
|
||||||
|
|
||||||
|
|
|
@ -188,7 +188,7 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle, uint32_t co
|
||||||
randombytes_buf(zkproof.begin(), zkproof.size());
|
randombytes_buf(zkproof.begin(), zkproof.size());
|
||||||
jsdesc.proof = zkproof;
|
jsdesc.proof = zkproof;
|
||||||
} else {
|
} else {
|
||||||
jsdesc.proof = libzcash::ZCProof::random_invalid();
|
jsdesc.proof = libzcash::PHGRProof::random_invalid();
|
||||||
}
|
}
|
||||||
jsdesc.macs[0] = GetRandHash();
|
jsdesc.macs[0] = GetRandHash();
|
||||||
jsdesc.macs[1] = GetRandHash();
|
jsdesc.macs[1] = GetRandHash();
|
||||||
|
|
|
@ -360,7 +360,7 @@ BOOST_AUTO_TEST_CASE(test_basic_joinsplit_verification)
|
||||||
auto witness = merkleTree.witness();
|
auto witness = merkleTree.witness();
|
||||||
|
|
||||||
// create JSDescription
|
// create JSDescription
|
||||||
uint256 pubKeyHash;
|
uint256 joinSplitPubKey;
|
||||||
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS> inputs = {
|
std::array<libzcash::JSInput, ZC_NUM_JS_INPUTS> inputs = {
|
||||||
libzcash::JSInput(witness, note, k),
|
libzcash::JSInput(witness, note, k),
|
||||||
libzcash::JSInput() // dummy input of zero value
|
libzcash::JSInput() // dummy input of zero value
|
||||||
|
@ -373,8 +373,8 @@ BOOST_AUTO_TEST_CASE(test_basic_joinsplit_verification)
|
||||||
auto verifier = libzcash::ProofVerifier::Strict();
|
auto verifier = libzcash::ProofVerifier::Strict();
|
||||||
|
|
||||||
{
|
{
|
||||||
JSDescription jsdesc(false, *pzcashParams, pubKeyHash, rt, inputs, outputs, 0, 0);
|
JSDescription jsdesc(false, *pzcashParams, joinSplitPubKey, rt, inputs, outputs, 0, 0);
|
||||||
BOOST_CHECK(jsdesc.Verify(*pzcashParams, verifier, pubKeyHash));
|
BOOST_CHECK(jsdesc.Verify(*pzcashParams, verifier, joinSplitPubKey));
|
||||||
|
|
||||||
CDataStream ss(SER_DISK, CLIENT_VERSION);
|
CDataStream ss(SER_DISK, CLIENT_VERSION);
|
||||||
ss << jsdesc;
|
ss << jsdesc;
|
||||||
|
@ -383,20 +383,20 @@ BOOST_AUTO_TEST_CASE(test_basic_joinsplit_verification)
|
||||||
ss >> jsdesc_deserialized;
|
ss >> jsdesc_deserialized;
|
||||||
|
|
||||||
BOOST_CHECK(jsdesc_deserialized == jsdesc);
|
BOOST_CHECK(jsdesc_deserialized == jsdesc);
|
||||||
BOOST_CHECK(jsdesc_deserialized.Verify(*pzcashParams, verifier, pubKeyHash));
|
BOOST_CHECK(jsdesc_deserialized.Verify(*pzcashParams, verifier, joinSplitPubKey));
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
// Ensure that the balance equation is working.
|
// Ensure that the balance equation is working.
|
||||||
BOOST_CHECK_THROW(JSDescription(false, *pzcashParams, pubKeyHash, rt, inputs, outputs, 10, 0), std::invalid_argument);
|
BOOST_CHECK_THROW(JSDescription(false, *pzcashParams, joinSplitPubKey, rt, inputs, outputs, 10, 0), std::invalid_argument);
|
||||||
BOOST_CHECK_THROW(JSDescription(false, *pzcashParams, pubKeyHash, rt, inputs, outputs, 0, 10), std::invalid_argument);
|
BOOST_CHECK_THROW(JSDescription(false, *pzcashParams, joinSplitPubKey, rt, inputs, outputs, 0, 10), std::invalid_argument);
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
// Ensure that it won't verify if the root is changed.
|
// Ensure that it won't verify if the root is changed.
|
||||||
auto test = JSDescription(false, *pzcashParams, pubKeyHash, rt, inputs, outputs, 0, 0);
|
auto test = JSDescription(false, *pzcashParams, joinSplitPubKey, rt, inputs, outputs, 0, 0);
|
||||||
test.anchor = GetRandHash();
|
test.anchor = GetRandHash();
|
||||||
BOOST_CHECK(!test.Verify(*pzcashParams, verifier, pubKeyHash));
|
BOOST_CHECK(!test.Verify(*pzcashParams, verifier, joinSplitPubKey));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2638,11 +2638,11 @@ UniValue zc_sample_joinsplit(const UniValue& params, bool fHelp)
|
||||||
|
|
||||||
LOCK(cs_main);
|
LOCK(cs_main);
|
||||||
|
|
||||||
uint256 pubKeyHash;
|
uint256 joinSplitPubKey;
|
||||||
uint256 anchor = ZCIncrementalMerkleTree().root();
|
uint256 anchor = ZCIncrementalMerkleTree().root();
|
||||||
JSDescription samplejoinsplit(true,
|
JSDescription samplejoinsplit(true,
|
||||||
*pzcashParams,
|
*pzcashParams,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
anchor,
|
anchor,
|
||||||
{JSInput(), JSInput()},
|
{JSInput(), JSInput()},
|
||||||
{JSOutput(), JSOutput()},
|
{JSOutput(), JSOutput()},
|
||||||
|
|
|
@ -102,9 +102,9 @@ public:
|
||||||
}
|
}
|
||||||
|
|
||||||
bool verify(
|
bool verify(
|
||||||
const ZCProof& proof,
|
const PHGRProof& proof,
|
||||||
ProofVerifier& verifier,
|
ProofVerifier& verifier,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& randomSeed,
|
const uint256& randomSeed,
|
||||||
const std::array<uint256, NumInputs>& macs,
|
const std::array<uint256, NumInputs>& macs,
|
||||||
const std::array<uint256, NumInputs>& nullifiers,
|
const std::array<uint256, NumInputs>& nullifiers,
|
||||||
|
@ -116,7 +116,7 @@ public:
|
||||||
try {
|
try {
|
||||||
auto r1cs_proof = proof.to_libsnark_proof<r1cs_ppzksnark_proof<ppzksnark_ppT>>();
|
auto r1cs_proof = proof.to_libsnark_proof<r1cs_ppzksnark_proof<ppzksnark_ppT>>();
|
||||||
|
|
||||||
uint256 h_sig = this->h_sig(randomSeed, nullifiers, pubKeyHash);
|
uint256 h_sig = this->h_sig(randomSeed, nullifiers, joinSplitPubKey);
|
||||||
|
|
||||||
auto witness = joinsplit_gadget<FieldT, NumInputs, NumOutputs>::witness_map(
|
auto witness = joinsplit_gadget<FieldT, NumInputs, NumOutputs>::witness_map(
|
||||||
rt,
|
rt,
|
||||||
|
@ -146,7 +146,7 @@ public:
|
||||||
std::array<SproutNote, NumOutputs>& out_notes,
|
std::array<SproutNote, NumOutputs>& out_notes,
|
||||||
std::array<ZCNoteEncryption::Ciphertext, NumOutputs>& out_ciphertexts,
|
std::array<ZCNoteEncryption::Ciphertext, NumOutputs>& out_ciphertexts,
|
||||||
uint256& out_ephemeralKey,
|
uint256& out_ephemeralKey,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
uint256& out_randomSeed,
|
uint256& out_randomSeed,
|
||||||
std::array<uint256, NumInputs>& out_macs,
|
std::array<uint256, NumInputs>& out_macs,
|
||||||
std::array<uint256, NumInputs>& out_nullifiers,
|
std::array<uint256, NumInputs>& out_nullifiers,
|
||||||
|
@ -209,7 +209,7 @@ public:
|
||||||
out_randomSeed = random_uint256();
|
out_randomSeed = random_uint256();
|
||||||
|
|
||||||
// Compute h_sig
|
// Compute h_sig
|
||||||
uint256 h_sig = this->h_sig(out_randomSeed, out_nullifiers, pubKeyHash);
|
uint256 h_sig = this->h_sig(out_randomSeed, out_nullifiers, joinSplitPubKey);
|
||||||
|
|
||||||
// Sample phi
|
// Sample phi
|
||||||
uint252 phi = random_uint252();
|
uint252 phi = random_uint252();
|
||||||
|
@ -321,7 +321,7 @@ public:
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!computeProof) {
|
if (!computeProof) {
|
||||||
return ZCProof();
|
return PHGRProof();
|
||||||
}
|
}
|
||||||
|
|
||||||
protoboard<FieldT> pb;
|
protoboard<FieldT> pb;
|
||||||
|
@ -359,7 +359,7 @@ public:
|
||||||
throw std::runtime_error(strprintf("could not load param file at %s", pkPath));
|
throw std::runtime_error(strprintf("could not load param file at %s", pkPath));
|
||||||
}
|
}
|
||||||
|
|
||||||
return ZCProof(r1cs_ppzksnark_prover_streaming<ppzksnark_ppT>(
|
return PHGRProof(r1cs_ppzksnark_prover_streaming<ppzksnark_ppT>(
|
||||||
fh,
|
fh,
|
||||||
primary_input,
|
primary_input,
|
||||||
aux_input,
|
aux_input,
|
||||||
|
@ -389,7 +389,7 @@ template<size_t NumInputs, size_t NumOutputs>
|
||||||
uint256 JoinSplit<NumInputs, NumOutputs>::h_sig(
|
uint256 JoinSplit<NumInputs, NumOutputs>::h_sig(
|
||||||
const uint256& randomSeed,
|
const uint256& randomSeed,
|
||||||
const std::array<uint256, NumInputs>& nullifiers,
|
const std::array<uint256, NumInputs>& nullifiers,
|
||||||
const uint256& pubKeyHash
|
const uint256& joinSplitPubKey
|
||||||
) {
|
) {
|
||||||
const unsigned char personalization[crypto_generichash_blake2b_PERSONALBYTES]
|
const unsigned char personalization[crypto_generichash_blake2b_PERSONALBYTES]
|
||||||
= {'Z','c','a','s','h','C','o','m','p','u','t','e','h','S','i','g'};
|
= {'Z','c','a','s','h','C','o','m','p','u','t','e','h','S','i','g'};
|
||||||
|
@ -400,7 +400,7 @@ uint256 JoinSplit<NumInputs, NumOutputs>::h_sig(
|
||||||
block.insert(block.end(), nullifiers[i].begin(), nullifiers[i].end());
|
block.insert(block.end(), nullifiers[i].begin(), nullifiers[i].end());
|
||||||
}
|
}
|
||||||
|
|
||||||
block.insert(block.end(), pubKeyHash.begin(), pubKeyHash.end());
|
block.insert(block.end(), joinSplitPubKey.begin(), joinSplitPubKey.end());
|
||||||
|
|
||||||
uint256 output;
|
uint256 output;
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ static constexpr size_t GROTH_PROOF_SIZE = (
|
||||||
48); // π_C
|
48); // π_C
|
||||||
|
|
||||||
typedef std::array<unsigned char, GROTH_PROOF_SIZE> GrothProof;
|
typedef std::array<unsigned char, GROTH_PROOF_SIZE> GrothProof;
|
||||||
typedef boost::variant<ZCProof, GrothProof> SproutProof;
|
typedef boost::variant<PHGRProof, GrothProof> SproutProof;
|
||||||
|
|
||||||
class JSInput {
|
class JSInput {
|
||||||
public:
|
public:
|
||||||
|
@ -64,9 +64,10 @@ public:
|
||||||
|
|
||||||
static uint256 h_sig(const uint256& randomSeed,
|
static uint256 h_sig(const uint256& randomSeed,
|
||||||
const std::array<uint256, NumInputs>& nullifiers,
|
const std::array<uint256, NumInputs>& nullifiers,
|
||||||
const uint256& pubKeyHash
|
const uint256& joinSplitPubKey
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Compute nullifiers, macs, note commitments & encryptions, and SNARK proof
|
||||||
virtual SproutProof prove(
|
virtual SproutProof prove(
|
||||||
bool makeGrothProof,
|
bool makeGrothProof,
|
||||||
const std::array<JSInput, NumInputs>& inputs,
|
const std::array<JSInput, NumInputs>& inputs,
|
||||||
|
@ -74,7 +75,7 @@ public:
|
||||||
std::array<SproutNote, NumOutputs>& out_notes,
|
std::array<SproutNote, NumOutputs>& out_notes,
|
||||||
std::array<ZCNoteEncryption::Ciphertext, NumOutputs>& out_ciphertexts,
|
std::array<ZCNoteEncryption::Ciphertext, NumOutputs>& out_ciphertexts,
|
||||||
uint256& out_ephemeralKey,
|
uint256& out_ephemeralKey,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
uint256& out_randomSeed,
|
uint256& out_randomSeed,
|
||||||
std::array<uint256, NumInputs>& out_hmacs,
|
std::array<uint256, NumInputs>& out_hmacs,
|
||||||
std::array<uint256, NumInputs>& out_nullifiers,
|
std::array<uint256, NumInputs>& out_nullifiers,
|
||||||
|
@ -90,9 +91,9 @@ public:
|
||||||
) = 0;
|
) = 0;
|
||||||
|
|
||||||
virtual bool verify(
|
virtual bool verify(
|
||||||
const ZCProof& proof,
|
const PHGRProof& proof,
|
||||||
ProofVerifier& verifier,
|
ProofVerifier& verifier,
|
||||||
const uint256& pubKeyHash,
|
const uint256& joinSplitPubKey,
|
||||||
const uint256& randomSeed,
|
const uint256& randomSeed,
|
||||||
const std::array<uint256, NumInputs>& hmacs,
|
const std::array<uint256, NumInputs>& hmacs,
|
||||||
const std::array<uint256, NumInputs>& nullifiers,
|
const std::array<uint256, NumInputs>& nullifiers,
|
||||||
|
|
|
@ -171,7 +171,7 @@ curve_G2 CompressedG2::to_libsnark_g2() const
|
||||||
}
|
}
|
||||||
|
|
||||||
template<>
|
template<>
|
||||||
ZCProof::ZCProof(const r1cs_ppzksnark_proof<curve_pp> &proof)
|
PHGRProof::PHGRProof(const r1cs_ppzksnark_proof<curve_pp> &proof)
|
||||||
{
|
{
|
||||||
g_A = CompressedG1(proof.g_A.g);
|
g_A = CompressedG1(proof.g_A.g);
|
||||||
g_A_prime = CompressedG1(proof.g_A.h);
|
g_A_prime = CompressedG1(proof.g_A.h);
|
||||||
|
@ -184,7 +184,7 @@ ZCProof::ZCProof(const r1cs_ppzksnark_proof<curve_pp> &proof)
|
||||||
}
|
}
|
||||||
|
|
||||||
template<>
|
template<>
|
||||||
r1cs_ppzksnark_proof<curve_pp> ZCProof::to_libsnark_proof() const
|
r1cs_ppzksnark_proof<curve_pp> PHGRProof::to_libsnark_proof() const
|
||||||
{
|
{
|
||||||
r1cs_ppzksnark_proof<curve_pp> proof;
|
r1cs_ppzksnark_proof<curve_pp> proof;
|
||||||
|
|
||||||
|
@ -200,9 +200,9 @@ r1cs_ppzksnark_proof<curve_pp> ZCProof::to_libsnark_proof() const
|
||||||
return proof;
|
return proof;
|
||||||
}
|
}
|
||||||
|
|
||||||
ZCProof ZCProof::random_invalid()
|
PHGRProof PHGRProof::random_invalid()
|
||||||
{
|
{
|
||||||
ZCProof p;
|
PHGRProof p;
|
||||||
p.g_A = curve_G1::random_element();
|
p.g_A = curve_G1::random_element();
|
||||||
p.g_A_prime = curve_G1::random_element();
|
p.g_A_prime = curve_G1::random_element();
|
||||||
p.g_B = curve_G2::random_element();
|
p.g_B = curve_G2::random_element();
|
||||||
|
|
|
@ -176,7 +176,7 @@ public:
|
||||||
};
|
};
|
||||||
|
|
||||||
// Compressed zkSNARK proof
|
// Compressed zkSNARK proof
|
||||||
class ZCProof {
|
class PHGRProof {
|
||||||
private:
|
private:
|
||||||
CompressedG1 g_A;
|
CompressedG1 g_A;
|
||||||
CompressedG1 g_A_prime;
|
CompressedG1 g_A_prime;
|
||||||
|
@ -188,18 +188,18 @@ private:
|
||||||
CompressedG1 g_H;
|
CompressedG1 g_H;
|
||||||
|
|
||||||
public:
|
public:
|
||||||
ZCProof() : g_A(), g_A_prime(), g_B(), g_B_prime(), g_C(), g_C_prime(), g_K(), g_H() { }
|
PHGRProof() : g_A(), g_A_prime(), g_B(), g_B_prime(), g_C(), g_C_prime(), g_K(), g_H() { }
|
||||||
|
|
||||||
// Produces a compressed proof using a libsnark zkSNARK proof
|
// Produces a compressed proof using a libsnark zkSNARK proof
|
||||||
template<typename libsnark_proof>
|
template<typename libsnark_proof>
|
||||||
ZCProof(const libsnark_proof& proof);
|
PHGRProof(const libsnark_proof& proof);
|
||||||
|
|
||||||
// Produces a libsnark zkSNARK proof out of this proof,
|
// Produces a libsnark zkSNARK proof out of this proof,
|
||||||
// or throws an exception if it is invalid.
|
// or throws an exception if it is invalid.
|
||||||
template<typename libsnark_proof>
|
template<typename libsnark_proof>
|
||||||
libsnark_proof to_libsnark_proof() const;
|
libsnark_proof to_libsnark_proof() const;
|
||||||
|
|
||||||
static ZCProof random_invalid();
|
static PHGRProof random_invalid();
|
||||||
|
|
||||||
ADD_SERIALIZE_METHODS;
|
ADD_SERIALIZE_METHODS;
|
||||||
|
|
||||||
|
@ -215,7 +215,7 @@ public:
|
||||||
READWRITE(g_H);
|
READWRITE(g_H);
|
||||||
}
|
}
|
||||||
|
|
||||||
friend bool operator==(const ZCProof& a, const ZCProof& b)
|
friend bool operator==(const PHGRProof& a, const PHGRProof& b)
|
||||||
{
|
{
|
||||||
return (
|
return (
|
||||||
a.g_A == b.g_A &&
|
a.g_A == b.g_A &&
|
||||||
|
@ -229,7 +229,7 @@ public:
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
friend bool operator!=(const ZCProof& a, const ZCProof& b)
|
friend bool operator!=(const PHGRProof& a, const PHGRProof& b)
|
||||||
{
|
{
|
||||||
return !(a == b);
|
return !(a == b);
|
||||||
}
|
}
|
||||||
|
|
|
@ -109,7 +109,7 @@ double benchmark_parameter_loading()
|
||||||
|
|
||||||
double benchmark_create_joinsplit()
|
double benchmark_create_joinsplit()
|
||||||
{
|
{
|
||||||
uint256 pubKeyHash;
|
uint256 joinSplitPubKey;
|
||||||
|
|
||||||
/* Get the anchor of an empty commitment tree. */
|
/* Get the anchor of an empty commitment tree. */
|
||||||
uint256 anchor = ZCIncrementalMerkleTree().root();
|
uint256 anchor = ZCIncrementalMerkleTree().root();
|
||||||
|
@ -118,7 +118,7 @@ double benchmark_create_joinsplit()
|
||||||
timer_start(tv_start);
|
timer_start(tv_start);
|
||||||
JSDescription jsdesc(true,
|
JSDescription jsdesc(true,
|
||||||
*pzcashParams,
|
*pzcashParams,
|
||||||
pubKeyHash,
|
joinSplitPubKey,
|
||||||
anchor,
|
anchor,
|
||||||
{JSInput(), JSInput()},
|
{JSInput(), JSInput()},
|
||||||
{JSOutput(), JSOutput()},
|
{JSOutput(), JSOutput()},
|
||||||
|
@ -127,7 +127,7 @@ double benchmark_create_joinsplit()
|
||||||
double ret = timer_stop(tv_start);
|
double ret = timer_stop(tv_start);
|
||||||
|
|
||||||
auto verifier = libzcash::ProofVerifier::Strict();
|
auto verifier = libzcash::ProofVerifier::Strict();
|
||||||
assert(jsdesc.Verify(*pzcashParams, verifier, pubKeyHash));
|
assert(jsdesc.Verify(*pzcashParams, verifier, joinSplitPubKey));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -156,9 +156,9 @@ double benchmark_verify_joinsplit(const JSDescription &joinsplit)
|
||||||
{
|
{
|
||||||
struct timeval tv_start;
|
struct timeval tv_start;
|
||||||
timer_start(tv_start);
|
timer_start(tv_start);
|
||||||
uint256 pubKeyHash;
|
uint256 joinSplitPubKey;
|
||||||
auto verifier = libzcash::ProofVerifier::Strict();
|
auto verifier = libzcash::ProofVerifier::Strict();
|
||||||
joinsplit.Verify(*pzcashParams, verifier, pubKeyHash);
|
joinsplit.Verify(*pzcashParams, verifier, joinSplitPubKey);
|
||||||
return timer_stop(tv_start);
|
return timer_stop(tv_start);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue