Closes#1097 so that zcash-cli displays license info like zcashd.
LicenseInfo is refactored from init.cpp to util.cpp so that the
bitcoin-cli makefile target does not need to be modified.
Previously the RPC interface allowed z_exportwallet, backupwallet and
dumpwallet to write data to an arbitrary filename. ZCA-009 demonstrates
how this is vulnerable. The resolution is to only allow data to
written when the -exportdir has been configured. Also filenames are
restricted to alphanumeric characters.
Write witness caches when writing the best block
For steady-state operation, this reduces the average time between wallet disk
writes from once per block to once per hour.
On -rescan, witness caches are only written out at the end along with the best
block, increasing speed while ensuring that on-disk state is kept consistent.
Witness caches are now never recreated during a -reindex, on the assumption that
the blocks themselves are not changing (the chain is just being reconstructed),
and so the witnesses will remain valid.
Part of #1749.
For steady-state operation, this reduces the average time between wallet disk
writes from once per block to once per hour.
On -rescan, witness caches are only written out at the end along with the best
block, increasing speed while ensuring that on-disk state is kept consistent.
Witness caches are now never recreated during a -reindex, on the assumption that
the blocks themselves are not changing (the chain is just being reconstructed),
and so the witnesses will remain valid.
Part of #1749.
Process verification keys to perform online verification
Checking proofs involves some arithmetic with pairings using components of the proof and the verification key. If you already have some curve points, like those in the verification key, you can amortize the cost of some of the more expensive arithmetic.
This PR adopts libsnark's precomputation of G2 elements in the verification key.
We *currently* call `r1cs_ppzksnark_verifier_strong_IC`:
```c++
template<typename ppT>
bool r1cs_ppzksnark_verifier_strong_IC(const r1cs_ppzksnark_verification_key<ppT> &vk,
const r1cs_ppzksnark_primary_input<ppT> &primary_input,
const r1cs_ppzksnark_proof<ppT> &proof)
{
enter_block("Call to r1cs_ppzksnark_verifier_strong_IC");
r1cs_ppzksnark_processed_verification_key<ppT> pvk = r1cs_ppzksnark_verifier_process_vk<ppT>(vk);
bool result = r1cs_ppzksnark_online_verifier_strong_IC<ppT>(pvk, primary_input, proof);
leave_block("Call to r1cs_ppzksnark_verifier_strong_IC");
return result;
}
```
Notice that this merely performs precomputation of the verification key, and then calls `r1cs_ppzksnark_online_verifier_strong_IC`. This PR merely performs the precomputation during verification key initialization, and calls that function directly.
Zcash zk-SNARK public parameters for 1.0 "Sprout".
Created in the ceremony this weekend! 🎉
We're writing a blog post about this, I'm going to publish the code shortly too.
Closes#1553
New private/public key pairs for broadcasting alert messages
Implements #424
Fixes and integrates method of sending alerts as described by upstream here:
- https://gist.github.com/laanwj/0e689cfa37b52bcbbb44
To send an alert:
- Copy private keys into alertkeys.h.
- Modify alert parameters and message found in sendalert.cpp
- Build and run to send the alert e.g. ./zcashd -printtoconsole -sendalert
Tested and verified with local nodes on alpha 6 testnet.
Final changes to the circuit
* Remove [redundant](https://github.com/scipr-lab/libsnark/issues/37) bitness constraints that I pointed out in #908.
* The depth is increased from 20 to 29. I chose 29 because the QAP degree ends up being a power of two, which is probably going to be useful for the FFT in our MPC. (Closes#16)
If we're happy with depth 29 (over 268 million possible joinsplits), this will probably be the final change to the constraint system before 1.0.