This missing was causing `hashBlockCommitments` to be incorrectly computed
in mined blocks, due to the specific way the coinbase transaction gets
constructed. This went unnoticed when the default `authDigest` for legacy
transactions was the null hash, but was exposed when that changed to
`[0xFF; 32]`.
We compute block commitments ahead of their usage to avoid deriving them
multiple times. However, we only want to derive them for blocks if they
are needed; in particular, deriving hashChainHistoryRoot prior to
Heartwood activation can result in an invalid empty tree being generated.
Move OrchardBundle to its own header file.
This is a prerequisite to the incremental merkle tree
work that otherwise would need to introduce a cyclic
dependency on transaction.h.
Implement Orchard signature validation consensus rules
Implemented via an `AuthValidator` class that internally uses batch validation.
- Currently, only RedPallas signatures are batch-validated. We can extend
this validator to cover Halo 2 proofs in the future.
- Signatures in a batch are not retried individually if the batch fails:
- For per-transaction batching (when adding to the mempool), we don't
care which signature within the transaction failed.
- For per-block batching, we currently don't care which transaction
failed. We might do so in future, at which point this behaviour can
be easily changed.
Closeszcash/zcash#5194.
The orchard crate was pinning a specific rev of zcash_note_encryption
which prevented CI from vendoring the crate dependencies. Now orchard
uses a patch, which enables us to similarly patch here to get the
correct crate versions throughout our tree (while the crates are still
in flux).
- Currently, only RedPallas signatures are batch-validated. We can extend
this validator to cover Halo 2 proofs in the future.
- Signatures in a batch are not retried individually if the batch fails:
- For per-transaction batching (when adding to the mempool), we don't
care which signature within the transaction failed.
- For per-block batching, we currently don't care which transaction
failed. We might do so in future, at which point this behaviour can
be easily changed.
The Rust parser is stricter than the C++ parser, so we can reach errors
now non-contextually that previously were thrown by the consensus rules.
Various tests have been updated to check for these exceptions, as they
can no longer instantiate these transactions to pass to the consensus
rules. The tests use an unsafe constructor so they can still check the
consensus rules.
The C++ parser only requires the various Sapling components to be 32-byte
arrays. The Rust parser enforces stricter type checks at parse time, and
we now unconditionally parse with the Rust parser for deriving txids.