The min-difficulty blocks are incompatible with difficulty averaging.
Network difficulty is also now defined as the difficulty the network is
currently working to solve, rather than the last non-min-difficulty block
difficulty.
Deallocate the public parameters during Shutdown.
This also has it deallocated in `GenerateParams` and `test_bitcoin`. The virtual destructor probably isn't necessary but I added it just in case we need it some other time.
Separate concepts of block difficulty and network difficulty in RPC
"Block difficulty" is the difficulty listed in a block's header, which in the
testnet can sometimes be min-difficulty (if time-since-last-block is too large).
"Network difficulty" is the difficulty that the network was trying to satisfy
at a particular block height. In mainnet this is always equal to the difficulty
of the solved block for that height, but in testnet the network difficulty is
derived from the last non-min-difficulty block difficulty.
This commit fixes the RPC APIs that are intended to show network difficulty, so
that on testnet they don't sometimes drop to 1.0, confusing users.
Closes#1181
"Block difficulty" is the difficulty listed in a block's header, which in the
testnet can sometimes be min-difficulty (if time-since-last-block is too large).
"Network difficulty" is the difficulty that the network was trying to satisfy
at a particular block height. In mainnet this is always equal to the difficulty
of the solved block for that height, but in testnet the network difficulty is
derived from the last non-min-difficulty block difficulty.
This commit fixes the RPC APIs that are intended to show network difficulty, so
that on testnet they don't sometimes drop to 1.0, confusing users.
Closes#1181
Closes#1315 - change to RPC getblocksubsidy
For #1315
RPC getblocksubsidy height parameter is now optional
Returns result for future block
Test has been added to verify parameter input and results
The anchor is obtained from the returned witnesses; since all witnesses are to
the same point (the latest blockchain tip), they all have the same root.
Output Equihash solution in RPC results as a hex string
When the Equihash solution was changed to a compact form in #1175, the block header changed from storing a vector of indices to a vector of chars. `blockToJSON()` was not updated, which meant that RPC calls like `getblock` returned the solution as a list of 1344 integers.
This PR changes `blockToJSON()` to output the Equihash solution as a hex string, identical to how it appears in the block header.
Undo debugging change from 5be6abbf84
This was unintentionally committed, and caused Equihash verification of blocks
without parents to be skipped. This only affects the genesis block on the test
network, but also causes the "time verifyequihash" benchmark to incorrectly
appear instantaneous.
This was unintentionally committed, and caused Equihash verification of blocks
without parents to be skipped. This only affects the genesis block on the test
network, but also causes the "time verifyequihash" benchmark to incorrectly
appear instantaneous.
Fix inconsistent -O1/-O2, fix libzcash flags, add -fwrapv -fno-strict-aliasing
Closes#1168. In that ticket I decided the optimization flags for dependencies are out of scope, i.e. we go with whatever the upstream package maintainer chose.
The genesis blocks and miner tests have been regenerated, because changing the
block header serialisation format changes the block hash, and thus validity.
The Equihash solutions have been removed from the bloom test inputs for
simplicity (block validity is not checked there; only a valid serialisation is
necessary).
`nMinPingUsecTime` was left uninitialized in CNode.
The correct initialization for a minimum-until-now is int64_t's max value, so initialize it to that.
Thanks @MarcoFalke for noticing.
Changes:
- floor(512/n)*n/8 bytes of BLAKE2b output is split between floor(512/n)
adjacent indices, instead of using one hash call per index.
- Parameters with n/(k+1) mod 8 != 0 will expand the BLAKE2b output to byte
boundaries for colliding, instead of using a longer output and clearing bits.
- The genesis blocks have been regenerated.
- The test vectors have been regenerated.
- The Equihash inputs for the cancellation tests were modified to ensure that
valid solutions were available to exercise the full solver.
Add gtest for non-malleable txids.
1. Test txid of normal transaction is double sha256 with sigscript input data removed
2. Test txid of coinbase transaction is double sha256 over whole tx
You can run a single test with:
./zcash-gtest --gtest_filter="txid_tests*"
A fix for transaction malleability
This PR fixes transaction malleability by not including the sigscript of transaction inputs and joinsplit sigs when hashing the txid.
This PR supercedes PR #1101 which was a minimal solution based on a new serialization flag.
This PR introduces GetTxid() to distinguish between getting a transaction id and the double sha256 hash.
The key changes are:
- Adding GetTxid() method to CTransaction which makes a copy of the transaction, clearing out the sigscript and joinsplitsig fields, before hashing.
- Verifying that every call to GetHash() actually wants a txid, and replacing with GetTxid().
- Renaming GetHash() to GetSerializeHash()
- Rationale: In future, upstream code we want to merge will use GetHash() but we don't know the intent. We should check to see if the intent is to receive a txid (most likely) in which case we replace with GetTxid(), or if upstream actually wants a double hash of the transaction we can use GetSerializeHash().
- Updated genesis data in chainparams.cpp
Note that coinbase transactions are excluded as they need the sigscript hashed to help avoid duplicate txids per BIP34:
- This modification is related to a question from @ebfull on PR #1101 - "Can we think of a way this change allows us to construct two transactions with the same txid which can simultaneously appear in the blockchain? My guess is it would be possible to construct a coinbase transaction of such a form... this surely breaks invariants."
This PR Passes all tests in test_bitcoin (test data was updated in bloom_tests, miner_tests and script_tests).
This version works, but generates the initial rows in a way that is not what we
want to specify. See #1175 for resolving this.
Co-author: Daira Hopwood <daira@jacaranda.org>
Extend try catch block around call to libsnark verifier
As discussed in #1126.
@daira Per your [comment](https://github.com/zcash/zcash/pull/1126#issuecomment-234714939):
> I would like assertion errors during tests to cause a test failure (unless the test explicitly expects them). Can we split this into verify and verify_internal, where the former does the try/catch around a call to verify_internal, and the latter is called by verification unit tests?
Did you mean move everything inside the extended try/catch to verify_internal, or just the call to r1cs_ppzksnark_verifier_strong_IC?
Sean Bowe
Jack Grigg
zkbot
Simon
Daira Hopwood
Lars-Magnus Skog
Gaurav Rana
Taylor Hornby
Tom Ritter
Wladimir J. van der Laan
Patrick Strateman
Robert C. Seacord
Robert C. Seacord