Zcash address encoding
We need to encode Zcash addresses so they aren't as large and unweildy. We're using Base58Check just like upstream does, and to ensure the first character is "z" in our addresses we must use two bytes for the version string. Two bytes gives us an extra character for free, so this PR targets the beginning of addresses to have "zc".
```
$ ./src/zcash-cli zcrawkeygen
{
"zcaddress" : "tnvaj4ZbZG83tj4RwZcFeLgJoSt8nw1ZvSCG8EMyowAsXTQgJPat77Y43BVdVCrwrbLy7GG9msJDYdn5hmreHmkXAkX17hb",
"zcsecretkey" : "SKzkxCRWvscKnroSFyhCqhY332KcDMH4LLNdK2TsSvbmr3CGAB8B",
"zcviewingkey" : "10aa74046f31cbe5eaa8965d1e104853234c3d6c6e45f9c497ca3a025d159755"
}
```
This PR also encodes the spending keys with a prefix that targets "SK". The spec needs to be updated with these changes.
Testnet addresses will start with "tn".
Closes#572
Final changes to the circuit
* Remove [redundant](https://github.com/scipr-lab/libsnark/issues/37) bitness constraints that I pointed out in #908.
* The depth is increased from 20 to 29. I chose 29 because the QAP degree ends up being a power of two, which is probably going to be useful for the FFT in our MPC. (Closes#16)
If we're happy with depth 29 (over 268 million possible joinsplits), this will probably be the final change to the constraint system before 1.0.
Enforce that coinbases must be protected
This PR forces miners to place their funds in the private value transfer system, making "transparent coins" opt-in for users, and increasing privacy for all participants on a systemic level.
Closes#101.
Includes a tweak to set the fixed-width of the rows based on whether the first
or last round is widest. This is necessary for some parameters, these ones
included.
Use depth-first scan for eliminating partial solutions instead of breadth-first
This reduces the peak number of lists in-memory from 2^k to k, and enables the
solver to eliminate most duplicates before it has instantiated the full set of
leaves.
Part of #857.