`zcbenchmark` internally loops within the same process to run the same
benchmark multiple times. This meant it was being caught up in the
global validity cache, giving faster results for every iteration except
the first. This was not noticeable for the historic slow transparent
block, but became noticeable once we started caching Sapling and Orchard
bundle validity in zcash/zcash#6073.
As the intention of the benchmarks is to measure the worst case where
the block in question has not had any of its transactions observed
before (as is the case for IBD), we now disable cache storage if calling
`ConnectBlock` from a slow block benchmark.
The only source of transactions for `CreateNewBlock` is the mempool, and
every transaction added to the mempool goes through `AcceptToMemoryPool`
which checks proofs and signatures.
We maintain the ability to enable these checks in `TestBlockValidity`
because it is also used in an (undocumented) `getblocktemplate` mode to
check a proposed block (minus PoW), where we cannot assume the
transactions are valid.
Co-authored-by: Kris Nuttycombe <kris@nutty.land>
The `CWallet::AddToWallet` method had completely divergent
behavior depending upon the value of the fFromLoadWallet
flag, and `pwalletdb` was unused when this flag was set
to `true`, so this is better represented as two distinct
methods on CWallet.
The ZIP 244 changes mean that we're going to need to alter every
callsite to pass through all of the transparent `CTxOut`s being spent.
Given that we need to pass it over to Rust, it makes more sense to just
have `PrecomputedTransactionData` be the vehicle for conveying this data
across.
Remove IncrementalSinsemillaTree; this will be replaced by
a more full-featured OrchardWallet type which embeds the
incremental merkle tree used in wallet operations.
In addition to the specified consensus rules, we unconditionally enable
ZIP 216 in the following situations:
- Wallet code
- Transaction building
- Nullifiers for wallet notes
- Tests
- Benchmarks
Closeszcash/zcash#5201.
When creating randomized JoinSplits, the caller passes in references to
arrays in which the mapping from original to randomised position is
stored. However, in the old JSDescription constructors, the caller also
passed the inputs and outputs themselves by reference, and those arrays
were also randomised. The JSDescriptionInfo constructor was instead
taking these by value, meaning that its internal copies were being
randomised, but not the caller's arrays. This caused the Sprout payment
disclosure logic to (with 1/2 probability) store the incorrect output
in a payment disclosure key.
This commit restores the previous behaviour, by storing references to
the input and output arrays in JSDescriptionInfo instead of copying them.
This matches the existing transaction builder structs:
- SpendDescriptionInfo
- OutputDescriptionInfo
- TransparentInputInfo
It also removes the dependency of the transaction format on the proving
system.
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
No functional change.
Assignments from CChainParams::GetConsensus() shouldn't
be auto, or else the copy constructor runs, which is
slow for this structure. Where possible, replace auto
with const Consensus::Params&
crypto_sign_verify_detached is still used within the consensus rules
until Canopy activation. ed25519-zebra generates signatures that are
valid under both pre- and post-Canopy rules (for our honest usage),
so we can use it to generate transaction signatures now. Then once
Canopy activates, we can remove the remaining usages of crypto_sign.
Refactor ProofVerifier
`ProofVerifier` was previously used to conditionally verify pre-Sapling Sprout
proofs (based on `ProofVerifier::Strict` or `ProofVerifier::Disabled` being
used), but hybrid Sprout proofs bypassed it (so were being verified multiple
times during block verification), and once `libsnark` was removed in
zcash/zcash#4060 `ProofVerifier::check` was doing nothing.
This PR refactors `ProofVerifier`, moving it out of the `libzcash` compilation
unit (so that it can depend on `primitives/transaction.h`), and moving Sprout
verification from `JSDescription::Verify` to `ProofVerifier::VerifySprout`.
Verification-skipping for Sprout proofs is re-introduced.
Additionally, the `ZCJoinSplit` global is removed from the codebase, and
`ZCJoinSplit::prove` is converted into a static function. We load the hybrid
Sprout parameters dynamically at proving time within the Rust code, and no
longer require a C++ global for any proving parameters.
As a side-effect, `libzcashconsensus.la` building with `--with-libs` is fixed,
as `primitives/transaction.cpp` no longer depends on `librustzcash.h`.
This reverts commit 49f9584613.
Now that we are depending unconditionally on the Rust Equihash
validator, CheckEquihashSolution() can revert to being a non-contextual
check.
This also fixes a segfault that would occur during reindexing if the
consensus rules were altered such that a previously-valid block would
become invalid, and the node's block files contained blocks in a
specific order. It was encountered while testing the Canopy NU on
testnet (due to a bug in the implementation of ZIP 212 that was
separately fixed in zcash/zcash#4604).
It needs to be closer to the root of our dependency tree, so that it can
depend on the transaction format. The libzcash compilation unit is
further from the dependency tree root than the transaction format.
We don't support making pre-Sapling JoinSplit proofs, and we load the
parameters for post-Sapling JoinSplit proofs at proving time, so there
is no need for a global ZCJoinSplit to be passed through the APIs.