2018-08-01 23:06:03 -07:00
|
|
|
// Copyright (c) 2018 The Bitcoin Private developers
|
|
|
|
// Copyright (c) 2016 The Zcash developers
|
|
|
|
// Distributed under the MIT software license, see the accompanying
|
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
#ifndef BITCOIN_ZCASH_JOINSPLIT_H
|
|
|
|
#define BITCOIN_ZCASH_JOINSPLIT_H
|
2018-03-31 06:39:58 -07:00
|
|
|
|
|
|
|
#include "Zcash.h"
|
|
|
|
#include "Proof.hpp"
|
|
|
|
#include "Address.hpp"
|
|
|
|
#include "Note.hpp"
|
|
|
|
#include "IncrementalMerkleTree.hpp"
|
|
|
|
#include "NoteEncryption.hpp"
|
|
|
|
|
|
|
|
#include "uint256.h"
|
|
|
|
#include "uint252.h"
|
|
|
|
|
2018-06-04 09:54:07 -07:00
|
|
|
#include <array>
|
2018-03-31 06:39:58 -07:00
|
|
|
|
|
|
|
namespace libzcash {
|
|
|
|
|
|
|
|
class JSInput {
|
|
|
|
public:
|
|
|
|
ZCIncrementalWitness witness;
|
|
|
|
Note note;
|
|
|
|
SpendingKey key;
|
|
|
|
|
|
|
|
JSInput();
|
|
|
|
JSInput(ZCIncrementalWitness witness,
|
|
|
|
Note note,
|
|
|
|
SpendingKey key) : witness(witness), note(note), key(key) { }
|
|
|
|
|
|
|
|
uint256 nullifier() const {
|
|
|
|
return note.nullifier(key);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class JSOutput {
|
|
|
|
public:
|
|
|
|
PaymentAddress addr;
|
|
|
|
uint64_t value;
|
2018-04-03 20:14:22 -07:00
|
|
|
std::array<unsigned char, ZC_MEMO_SIZE> memo = {{0xF6}}; // 0xF6 is invalid UTF8 as per spec, rest of array is 0x00
|
2018-03-31 06:39:58 -07:00
|
|
|
|
|
|
|
JSOutput();
|
|
|
|
JSOutput(PaymentAddress addr, uint64_t value) : addr(addr), value(value) { }
|
|
|
|
|
|
|
|
Note note(const uint252& phi, const uint256& r, size_t i, const uint256& h_sig) const;
|
|
|
|
};
|
|
|
|
|
|
|
|
template<size_t NumInputs, size_t NumOutputs>
|
|
|
|
class JoinSplit {
|
|
|
|
public:
|
|
|
|
virtual ~JoinSplit() {}
|
|
|
|
|
|
|
|
static void Generate(const std::string r1csPath,
|
|
|
|
const std::string vkPath,
|
|
|
|
const std::string pkPath);
|
|
|
|
static JoinSplit<NumInputs, NumOutputs>* Prepared(const std::string vkPath,
|
|
|
|
const std::string pkPath);
|
|
|
|
|
|
|
|
static uint256 h_sig(const uint256& randomSeed,
|
2018-04-03 20:14:22 -07:00
|
|
|
const std::array<uint256, NumInputs>& nullifiers,
|
2018-03-31 06:39:58 -07:00
|
|
|
const uint256& pubKeyHash
|
|
|
|
);
|
|
|
|
|
|
|
|
virtual ZCProof prove(
|
2018-04-03 20:14:22 -07:00
|
|
|
const std::array<JSInput, NumInputs>& inputs,
|
|
|
|
const std::array<JSOutput, NumOutputs>& outputs,
|
|
|
|
std::array<Note, NumOutputs>& out_notes,
|
|
|
|
std::array<ZCNoteEncryption::Ciphertext, NumOutputs>& out_ciphertexts,
|
2018-03-31 06:39:58 -07:00
|
|
|
uint256& out_ephemeralKey,
|
|
|
|
const uint256& pubKeyHash,
|
|
|
|
uint256& out_randomSeed,
|
2018-04-03 20:14:22 -07:00
|
|
|
std::array<uint256, NumInputs>& out_hmacs,
|
|
|
|
std::array<uint256, NumInputs>& out_nullifiers,
|
|
|
|
std::array<uint256, NumOutputs>& out_commitments,
|
2018-03-31 06:39:58 -07:00
|
|
|
uint64_t vpub_old,
|
|
|
|
uint64_t vpub_new,
|
|
|
|
const uint256& rt,
|
|
|
|
bool computeProof = true,
|
|
|
|
// For paymentdisclosure, we need to retrieve the esk.
|
|
|
|
// Reference as non-const parameter with default value leads to compile error.
|
|
|
|
// So use pointer for simplicity.
|
|
|
|
uint256 *out_esk = nullptr
|
|
|
|
) = 0;
|
|
|
|
|
|
|
|
virtual bool verify(
|
|
|
|
const ZCProof& proof,
|
|
|
|
ProofVerifier& verifier,
|
|
|
|
const uint256& pubKeyHash,
|
|
|
|
const uint256& randomSeed,
|
2018-04-03 20:14:22 -07:00
|
|
|
const std::array<uint256, NumInputs>& hmacs,
|
|
|
|
const std::array<uint256, NumInputs>& nullifiers,
|
|
|
|
const std::array<uint256, NumOutputs>& commitments,
|
2018-03-31 06:39:58 -07:00
|
|
|
uint64_t vpub_old,
|
|
|
|
uint64_t vpub_new,
|
|
|
|
const uint256& rt
|
|
|
|
) = 0;
|
|
|
|
|
|
|
|
protected:
|
|
|
|
JoinSplit() {}
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
typedef libzcash::JoinSplit<ZC_NUM_JS_INPUTS,
|
|
|
|
ZC_NUM_JS_OUTPUTS> ZCJoinSplit;
|
|
|
|
|
2018-08-01 23:06:03 -07:00
|
|
|
#endif // BITCOIN_ZCASH_JOINSPLIT_H
|