This adds tests that verifies that migrations can run successfully
against databases in the following states:
* created by release version 0.3.0
* created by the `autoshielding_poc` branch
* created by current `main` prior to addition of migrations
This replaces the current wallet initialization code with a migration
that brings the database up to the state produced by release 0.3.0.
A subsequent commit will add migrations that correctly produce the
database state as of zcash/librustzcash@602270cb1f.
Fixes#369
* Download sprout parameters in-memory
* Add download_sapling_parameters and deprecate download_parameters
* This avoids confusion between sprout and sapling downloads,
while maintaining backward compatibility.
* Download a single file, rather than parts
* This is more efficient, because TCP adjusts its transfer speed
in the first ~20 seconds of each new connection.
* Only download files if needed, but always check the hashes
* Allow the caller to specify a response timeout
* Stream downloads from server to disk
* Refactor file loads to use the same verifying function as downloads
* Check file sizes to help debug parameter load failures
* Remove downloaded files on error (but leave existing files alone)
* Add a sprout and sapling download example
* Move the download Read impl into its own module
* Derive standard traits on SaplingParameterPaths
* Require features for the load parameters method
This modifies wallet scanning to perform per-block batched
decryption. It also alters the structure of the `ScanningKey`
trait to correctly include internal (change) keys in the scan
process.
Nullifier computation only requires the nullifier deriving key,
not the entire Sapling viewing key. This separation of concerns
will be needed for batch decryption when wallet-internal keys
will need to be considered.
While it is necessary in the worst case to perform `m * n` decryptions,
where `m` is the number of outputs being decrypted and `n` is the number
of IVKs, it is possible to stop performing trial decryptions when the
first successful decryption is performed. Also, it's inconvenient and
unnecessary to return the full cartesian product of these results, as
only one IVK will decrypt a given output. This commit modifies batch
trial decryption to stop on the first successful decryption, and instead
of returning the cartesian product of results we return the index of the
input IVK along with the output it decrypted. Note that this means that
trial decryption is not constant-time with respect to the number and/or
order of IVKs.
We use the `redjubjub` crate for batch validation, because the demo
batch validation API in `zcash_primitives::redjubjub` cannot be used
outside that crate, and using `redjubjub` enables this to be published
as a point release of `zcash_proofs`.
The new `SaplingVerificationContextInner` struct handles accumulation of
`cv`, and preparation of the inputs to proof and signature verification.
`SaplingVerificationContext` uses it to maintain its existing inline
unbatched verification API.
Kris Nuttycombe
str4d
Kris Nuttycombe
Aditya Kulkarni
dependabot[bot]
teor
ebfull
Daira Hopwood