zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

zcash_proofs: Remove immediate verification of created Spend proofs 

It can be useful to verify proofs after they have been created, but we
were only doing this for spend proofs, not output proofs. It also
duplicated code from the verifier logic. Once the prover and verifier
have been refactored, it will be easier to just call the verifier
immediately after the prover.
This commit is contained in:
Jack Grigg 2023-10-02 13:33:33 +00:00
parent eca7112963
commit 2bfeef9430
3 changed files with 11 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
zcash_proofs/CHANGELOG.md
View File

@ -6,6 +6,12 @@ and this library adheres to Rust's notion of
[Semantic Versioning](https://semver.org/spec/v2.0.0.html). [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased] ## [Unreleased]
### Changed
- `zcash_proofs::sapling::prover`:
- The `verifying_key` argument `SaplingProvingContext::spend_proof` has been
removed. Callers should instead use `SaplingVerifyingContext` to verify
proofs after they have been created.
### Removed ### Removed
- `zcash_proofs::circuit::sapling` (moved to `zcash_primitives::sapling::circuit`). - `zcash_proofs::circuit::sapling` (moved to `zcash_primitives::sapling::circuit`).
- `zcash_proofs::circuit::{ecc, pedersen_hash}` - `zcash_proofs::circuit::{ecc, pedersen_hash}`

4
zcash_proofs/src/prover.rs
View File

@ -22,6 +22,9 @@ use crate::{default_params_folder, SAPLING_OUTPUT_NAME, SAPLING_SPEND_NAME};
/// locally-accessible paths. /// locally-accessible paths.
pub struct LocalTxProver { pub struct LocalTxProver {
spend_params: Parameters<Bls12>, spend_params: Parameters<Bls12>,
// TODO: Either re-introduce verification-after-proving (once the verifier is
// refactored), or remove this.
#[allow(unused)]
spend_vk: PreparedVerifyingKey<Bls12>, spend_vk: PreparedVerifyingKey<Bls12>,
output_params: Parameters<Bls12>, output_params: Parameters<Bls12>,
} }
@ -164,7 +167,6 @@ impl TxProver for LocalTxProver {
anchor, anchor,
merkle_path, merkle_path,
&self.spend_params, &self.spend_params,
&self.spend_vk,
)?; )?;
let mut zkproof = [0u8; GROTH_PROOF_SIZE]; let mut zkproof = [0u8; GROTH_PROOF_SIZE];

45
zcash_proofs/src/sapling/prover.rs
View File

@ -1,9 +1,6 @@
use bellman::{ use bellman::groth16::{create_random_proof, Parameters, Proof};
gadgets::multipack,
groth16::{create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof},
};
use bls12_381::Bls12; use bls12_381::Bls12;
use group::{Curve, GroupEncoding}; use group::GroupEncoding;
use rand_core::OsRng; use rand_core::OsRng;
use zcash_primitives::{ use zcash_primitives::{
sapling::{ sapling::{
@ -52,7 +49,6 @@ impl SaplingProvingContext {
anchor: bls12_381::Scalar, anchor: bls12_381::Scalar,
merkle_path: MerklePath, merkle_path: MerklePath,
proving_key: &Parameters<Bls12>, proving_key: &Parameters<Bls12>,
verifying_key: &PreparedVerifyingKey<Bls12>,
) -> Result<(Proof<Bls12>, ValueCommitment, PublicKey), ()> { ) -> Result<(Proof<Bls12>, ValueCommitment, PublicKey), ()> {
// Initialize secure RNG // Initialize secure RNG
let mut rng = OsRng; let mut rng = OsRng;
@ -82,12 +78,6 @@ impl SaplingProvingContext {
// Let's compute the nullifier while we have the position // Let's compute the nullifier while we have the position
let note = Note::from_parts(payment_address, NoteValue::from_raw(value), rseed); let note = Note::from_parts(payment_address, NoteValue::from_raw(value), rseed);
let nullifier = note.nf(
&viewing_key.nk,
u64::try_from(merkle_path.position())
.expect("Sapling note commitment tree position must fit into a u64"),
);
// We now have the full witness for our circuit // We now have the full witness for our circuit
let pos: u64 = merkle_path.position().into(); let pos: u64 = merkle_path.position().into();
let instance = Spend { let instance = Spend {
@ -109,37 +99,6 @@ impl SaplingProvingContext {
let proof = let proof =
create_random_proof(instance, proving_key, &mut rng).expect("proving should not fail"); create_random_proof(instance, proving_key, &mut rng).expect("proving should not fail");
// Try to verify the proof:
// Construct public input for circuit
let mut public_input = [bls12_381::Scalar::zero(); 7];
{
let affine = rk.0.to_affine();
let (u, v) = (affine.get_u(), affine.get_v());
public_input[0] = u;
public_input[1] = v;
}
{
let affine = value_commitment.as_inner().to_affine();
let (u, v) = (affine.get_u(), affine.get_v());
public_input[2] = u;
public_input[3] = v;
}
public_input[4] = anchor;
// Add the nullifier through multiscalar packing
{
let nullifier = multipack::bytes_to_bits_le(&nullifier.0);
let nullifier = multipack::compute_multipacking(&nullifier);
assert_eq!(nullifier.len(), 2);
public_input[5] = nullifier[0];
public_input[6] = nullifier[1];
}
// Verify the proof
verify_proof(verifying_key, &proof, &public_input[..]).map_err(|_| ())?;
// Accumulate the value commitment in the context // Accumulate the value commitment in the context
self.cv_sum += &value_commitment; self.cv_sum += &value_commitment;