libzcash and new zkSNARK circuit implementation
This PR completes [`libzcash`](https://github.com/zcash/zcash/tree/zc.v0.11.2.latest/src/zcash), the implementation of the [Zcash protocol specification](9bb4410e45/protocol/protocol.pdf) and replacement of [`libzerocash`](https://github.com/Zerocash/libzerocash), our old Zerocash protocol implementation. The new spec comes with some improvements to security and terminology, with minimal differences from the original academic design.
This implementation includes:
* A rewrite of the zkSNARK circuit for `JoinSplit` operations. This rewrite is cleaner, broken up into separate gadgets, easier to audit and review, and fixes some security bugs. (Closes#822, Closes#809, Closes#500, Closes#854)
* A minimal API for interacting with `JoinSplit`s and surrounding primitives. This PR removes almost twice as much code as it introduces. (Closes#877, Closes#315, Closes#824, Closes#798, Closes#707, Closes#512, Closes#247, Closes#128, Closes#514)
Initialize libsodium in the gtest suite.
We left behind this initialization routine when we switched to gtest. I would rather we had moved those tests over in a separate PR instead of changing existing PRs at the last second -- we would have paid more attention to the consequences.
Run `zcash-gtest` in `make check` and fix performance tests.
* gtest tests weren't being run by make check
* performance tests were broken
* We need to automatically upload graphs of performance, [see this PR](https://github.com/Electric-Coin-Company/bbotzc/pull/15).
* Moves zerocash tests into `zcash`'s full test suite, we're removing them anyway later and it'd be nice to remove them in the PR instead of from buildbot
Implement and integrate new Incremental Merkle Tree
This supersedes #823.
----
This is an implementation of a new incremental merkle tree with
* no memory safety issues
* a more sensible internal design
* better space efficiency (tree representation, witnessing)
* simpler API
It is intended that this tracks the behavior of the previous tree, which it does, as verified by tests. I even wrote a little circuit for testing that all the paths work.
This PR also integrates the tree into the codebase and deprecates the old tree in almost all of our code. (I left it alone in `zerocashTest` but everything else has been changed.)
This change is compatible with the testnet but you will need to clear your *local* blockchain data out since the serialized representation of the merkle tree is now different.
Closes#517, Closes#519, Closes#591, Closes#460, Closes#473
Sean Bowe
Taylor Hornby
zkbot
Daira Hopwood
Nathan Wilcox