This removes the path-based dependencies on the `zcash_note_encryption`
crate in favor of using versioned dependencies locally. This better
reflects the future state in which `zcash_note_encryption` is factored
out of the workspace and maintained in a separate repository.
Extracted from: c696069f93
The `Domain::Note` type is now expected to contain information about the
recipient of the note, eliminating the need to pass this information in
via the encryption context.
Extracted from: c88f3e1b9d
These were mostly detected with `cargo-udeps`, for which I've also added
exclusions for the dependencies it can't detect are used in doc-tests.
Extracted from: 8842de18cc
This was only used to provide example code for Sapling usage of
the `NoteEncryption` struct; this example code has been moved
to `sapling::note_encryption`.
Extracted from: 29220c716f
This modifies wallet scanning to perform per-block batched
decryption. It also alters the structure of the `ScanningKey`
trait to correctly include internal (change) keys in the scan
process.
Extracted from: 73314dc682
While it is necessary in the worst case to perform `m * n` decryptions,
where `m` is the number of outputs being decrypted and `n` is the number
of IVKs, it is possible to stop performing trial decryptions when the
first successful decryption is performed. Also, it's inconvenient and
unnecessary to return the full cartesian product of these results, as
only one IVK will decrypt a given output. This commit modifies batch
trial decryption to stop on the first successful decryption, and instead
of returning the cartesian product of results we return the index of the
input IVK along with the output it decrypted. Note that this means that
trial decryption is not constant-time with respect to the number and/or
order of IVKs.
Extracted from: 5873950648
Several dependencies were copied over during the extraction of this
crate's logic from `zcash_primitives`, but are in fact only required for
the protocol-specific logic. We can also remove the `std` feature flag,
since we no longer have a dependency on `blake2b_simd` that needs its
`std` flag exposed for performance.
Extracted from: e8a755f633
Previously we were returning the ciphertext as a slice, and then
asserting its length within the APIs the caller passed it into. Now
instead we require the caller to define whether or not the output is
compact, to make the API more predictable.
This doesn't place any additional constraints on users of this trait,
because the assertions already prevented a full output from being passed
to a compact trial decryption API.
Extracted from: 4fcd83d74e
`Domain::derive_esk` provides sufficient information to determine
whether or not we need to enforce `EphemeralSecretKey`-specific
decryption checks, as it returns `None` for pre-ZIP 212 notes.
Extracted from: d54e1f0bf7