mirror of https://github.com/zcash/zips.git
143 lines
13 KiB
HTML
143 lines
13 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<title>ZIP 2003: Disallow version 4 transactions</title>
|
||
<meta charset="utf-8" />
|
||
<meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="css/style.css"></head>
|
||
<body>
|
||
<section>
|
||
<pre>ZIP: 2003
|
||
Title: Disallow version 4 transactions
|
||
Owners: Daira-Emma Hopwood <daira-emma@electriccoin.co>
|
||
Status: Draft
|
||
Category: Consensus
|
||
License: MIT
|
||
Discussions-To: <<a href="https://github.com/zcash/zips/issues/825">https://github.com/zcash/zips/issues/825</a>>
|
||
Pull-Request: <<a href="https://github.com/zcash/zips/pull/927">https://github.com/zcash/zips/pull/927</a>></pre>
|
||
<section id="terminology"><h2><span class="section-heading">Terminology</span><span class="section-anchor"> <a rel="bookmark" href="#terminology"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>The key word "MUST" in this document is to be interpreted as described in BCP 14 <a id="footnote-reference-1" class="footnote_reference" href="#bcp14">1</a> when, and only when, it appears in all capitals.</p>
|
||
<p>The term "network upgrade" in this document is to be interpreted as described in ZIP 200. <a id="footnote-reference-2" class="footnote_reference" href="#zip-0200">5</a></p>
|
||
<p>The character § is used when referring to sections of the Zcash Protocol Specification. <a id="footnote-reference-3" class="footnote_reference" href="#protocol">2</a></p>
|
||
<p>The terms "Mainnet" and "Testnet" are to be interpreted as described in § 3.12 ‘Mainnet and Testnet’. <a id="footnote-reference-4" class="footnote_reference" href="#protocol-networks">3</a></p>
|
||
</section>
|
||
<section id="abstract"><h2><span class="section-heading">Abstract</span><span class="section-anchor"> <a rel="bookmark" href="#abstract"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>This proposal disallows v4 transactions. The v5 transaction format introduced in the NU5 network upgrade <a id="footnote-reference-5" class="footnote_reference" href="#zip-0225">7</a> does not support Sprout, and so this will have the effect of disabling the ability to spend Sprout funds.</p>
|
||
<p>It is not proposed in this ZIP to unissue, burn, or otherwise make Sprout funds permanently unavailable. This leaves open the possibility of re-enabling v4 transactions, or of adding another facility to retrieve these funds if the Zcash community considers it worthwhile. However, since it is possible the ability to spend Sprout funds will never be re-enabled, holders of these funds should move them out of the Sprout pool without delay.</p>
|
||
</section>
|
||
<section id="motivation"><h2><span class="section-heading">Motivation</span><span class="section-anchor"> <a rel="bookmark" href="#motivation"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>Zcash is an extremely complex protocol. Some of that complexity comes from functionality that is now obsolete.</p>
|
||
<p>The Sprout shielded protocol was the first large-scale deployment of general-purpose zero-knowledge proofs, but suffered from long proving times and high memory requirements that limited its practicality. Its successors, the Sapling and Orchard shielded protocols, made substantial optimizations <a id="footnote-reference-6" class="footnote_reference" href="#cultivating-sapling">10</a> and added new functionality such as viewing keys and diversified addresses. As a result, Sprout is essentially unused at this point.</p>
|
||
<p>In the Sapling network upgrade, the proving system and the pairing-friendly curves used for Sprout were changed to be the same as for the Sapling shielded protocol, i.e. Groth16 and BLS12-381. So that part of the attack surface is shared between Sprout and Sapling. The magnitude of potential balance violation due to any weakness in Sprout’s cryptography is also limited by the “turnstile” mechanism defined in ZIP 209 <a id="footnote-reference-7" class="footnote_reference" href="#zip-0209">6</a>.</p>
|
||
<p>Nevertheless, the parts of Sprout that are not shared with Sapling, such as the JoinSplit circuit and the handling of Sprout nullifiers and note commitments, still impose a substantial burden on the complexity and attack surface of the Zcash protocol and of full node implementations. For instance, verification of transactions involving Sprout JoinSplit descriptions also has to be taken into account for potential denial-of-service attacks. Because of Sprout’s lack of use, there is little incentive for node implementations to optimize its verification, which may lead to such attacks imposing greater cost than they otherwise would.</p>
|
||
<p>The deprecation of zcashd, planned to be in advance of NU7, will also remove the only maintained software that still provides wallet functionality for Sprout, which would in any case make it impractical to move funds out of the Sprout pool. It is therefore necessary in any case to give holders of Sprout funds sufficient warning that they may be unable to retrieve them after zcashd deprecation.</p>
|
||
</section>
|
||
<section id="requirements"><h2><span class="section-heading">Requirements</span><span class="section-anchor"> <a rel="bookmark" href="#requirements"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>It must become possible to remove the complexity and attack surface of Sprout from Zcash specifications and node implementations.</p>
|
||
</section>
|
||
<section id="specification"><h2><span class="section-heading">Specification</span><span class="section-anchor"> <a rel="bookmark" href="#specification"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>In § 7.1.2 ‘Transaction Consensus Rules’ <a id="footnote-reference-8" class="footnote_reference" href="#protocol-txnconsensus">4</a>, change the applicability of the following rule:</p>
|
||
<blockquote>
|
||
<ul>
|
||
<li>[NU5 onward] The transaction version number MUST be 4 or 5. If the transaction version number is 4 then the version group ID MUST be <code>0x892F2085</code>. If the transaction version number is 5 then the version group ID MUST be <code>0x26A7270A</code>.</li>
|
||
</ul>
|
||
</blockquote>
|
||
<p>to be “[NU5 and NU6, pre-NU7]”, and ensure that the corresponding rule that applies from NU7 onward does not allow version 4.</p>
|
||
<p>These changes apply identically to Mainnet and Testnet.</p>
|
||
<section id="interaction-with-the-proposed-network-sustainability-mechanism"><h3><span class="section-heading">Interaction with the proposed Network Sustainability Mechanism</span><span class="section-anchor"> <a rel="bookmark" href="#interaction-with-the-proposed-network-sustainability-mechanism"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h3>
|
||
<p>For clarity, the Sprout chain value pool balance as of activation of this ZIP remains issued. If the Network Sustainability Mechanism ZIPs that affect issuance (<a id="footnote-reference-9" class="footnote_reference" href="#zip-0233">8</a> and <a id="footnote-reference-10" class="footnote_reference" href="#zip-0234">9</a>) are also activated, then this ZIP would not cause the Sprout chain value pool to be considered part of the “Money Reserve”.</p>
|
||
</section>
|
||
</section>
|
||
<section id="deployment"><h2><span class="section-heading">Deployment</span><span class="section-anchor"> <a rel="bookmark" href="#deployment"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>This ZIP is proposed to be deployed with NU7.</p>
|
||
</section>
|
||
<section id="reference-implementation"><h2><span class="section-heading">Reference implementation</span><span class="section-anchor"> <a rel="bookmark" href="#reference-implementation"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>TBD</p>
|
||
</section>
|
||
<section id="acknowledgements"><h2><span class="section-heading">Acknowledgements</span><span class="section-anchor"> <a rel="bookmark" href="#acknowledgements"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<p>The author would like to thank Jack Grigg and Kris Nuttycombe for discussions leading to the submission of this ZIP, and everyone else whose work made it feasible to deprecate Sprout. Particular credit goes to the four people who were put under a unique kind of stress during Sapling’s development: Ariel Gabizon, Sean Bowe, Nathan Wilcox, and Zooko Wilcox.</p>
|
||
</section>
|
||
<section id="references"><h2><span class="section-heading">References</span><span class="section-anchor"> <a rel="bookmark" href="#references"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h2>
|
||
<table id="bcp14" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>1</th>
|
||
<td><a href="https://www.rfc-editor.org/info/bcp14">Information on BCP 14 — "RFC 2119: Key words for use in RFCs to Indicate Requirement Levels" and "RFC 8174: Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="protocol" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>2</th>
|
||
<td><a href="protocol/protocol.pdf">Zcash Protocol Specification, Version 2024.5.1 [NU6] or later</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="protocol-networks" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>3</th>
|
||
<td><a href="protocol/protocol.pdf#networks">Zcash Protocol Specification, Version 2024.5.1 [NU6]. Section 3.12: Mainnet and Testnet</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="protocol-txnconsensus" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>4</th>
|
||
<td><a href="protocol/protocol.pdf#txnconsensus">Zcash Protocol Specification, Version 2024.5.1 [NU6]. Section 7.1.2: Transaction Consensus Rules</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="zip-0200" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>5</th>
|
||
<td><a href="zip-0200">ZIP 200: Network Upgrade Mechanism</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="zip-0209" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>6</th>
|
||
<td><a href="zip-0209">ZIP 209: Prohibit Negative Shielded Chain Value Pool Balances</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="zip-0225" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>7</th>
|
||
<td><a href="zip-0225">ZIP 225: Version 5 Transaction Format</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="zip-0233" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>8</th>
|
||
<td><a href="zip-0233">ZIP 233: Network Sustainability Mechanism: Burning</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="zip-0234" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>9</th>
|
||
<td><a href="zip-0234">ZIP 234: Network Sustainability Mechanism: Issuance Smoothing</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<table id="cultivating-sapling" class="footnote">
|
||
<tbody>
|
||
<tr>
|
||
<th>10</th>
|
||
<td><a href="https://electriccoin.co/blog/cultivating-sapling-faster-zksnarks/">Cultivating Sapling: Faster zk-SNARKs. Sean Bowe, September 13, 2017.</a></td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</section>
|
||
</section>
|
||
</body>
|
||
</html> |