2021-03-07 02:15:38 -08:00
|
|
|
|
//! Note Commitment Trees.
|
|
|
|
|
//!
|
|
|
|
|
//! A note commitment tree is an incremental Merkle tree of fixed depth
|
2021-07-15 06:58:36 -07:00
|
|
|
|
//! used to store note commitments that Action
|
2021-03-07 02:15:38 -08:00
|
|
|
|
//! transfers produce. Just as the unspent transaction output set (UTXO
|
|
|
|
|
//! set) used in Bitcoin, it is used to express the existence of value and
|
|
|
|
|
//! the capability to spend it. However, unlike the UTXO set, it is not
|
|
|
|
|
//! the job of this tree to protect against double-spending, as it is
|
|
|
|
|
//! append-only.
|
|
|
|
|
//!
|
|
|
|
|
//! A root of a note commitment tree is associated with each treestate.
|
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
#![allow(clippy::derive_hash_xor_eq)]
|
2021-03-15 00:16:49 -07:00
|
|
|
|
#![allow(dead_code)]
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
use std::{
|
|
|
|
|
fmt,
|
|
|
|
|
hash::{Hash, Hasher},
|
|
|
|
|
io,
|
2022-03-09 15:26:49 -08:00
|
|
|
|
ops::Deref,
|
2022-05-12 00:00:12 -07:00
|
|
|
|
sync::Arc,
|
2021-06-25 09:27:47 -07:00
|
|
|
|
};
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
|
|
|
|
use bitvec::prelude::*;
|
2022-04-18 17:14:16 -07:00
|
|
|
|
use halo2::pasta::{group::ff::PrimeField, pallas};
|
2021-07-15 06:58:36 -07:00
|
|
|
|
use incrementalmerkletree::{bridgetree, Frontier};
|
2021-03-07 02:15:38 -08:00
|
|
|
|
use lazy_static::lazy_static;
|
2021-07-15 06:58:36 -07:00
|
|
|
|
use thiserror::Error;
|
2022-05-12 00:00:12 -07:00
|
|
|
|
use zcash_primitives::merkle_tree::{self, CommitmentTree};
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
use super::sinsemilla::*;
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
use crate::serialization::{
|
|
|
|
|
serde_helpers, ReadZcashExt, SerializationError, ZcashDeserialize, ZcashSerialize,
|
|
|
|
|
};
|
2021-05-20 17:42:06 -07:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
pub(super) const MERKLE_DEPTH: usize = 32;
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-03-10 13:39:31 -08:00
|
|
|
|
/// MerkleCRH^Orchard Hash Function
|
2021-03-07 02:15:38 -08:00
|
|
|
|
///
|
2021-03-10 13:39:31 -08:00
|
|
|
|
/// Used to hash incremental Merkle tree hash values for Orchard.
|
2021-03-07 02:15:38 -08:00
|
|
|
|
///
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// MerkleCRH^Orchard: {0..MerkleDepth^Orchard − 1} × P𝑥 × P𝑥 → P𝑥
|
2021-06-25 09:27:47 -07:00
|
|
|
|
///
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// MerkleCRH^Orchard(layer, left, right) := 0 if hash == ⊥; hash otherwise
|
2021-03-07 02:15:38 -08:00
|
|
|
|
///
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// where hash = SinsemillaHash("z.cash:Orchard-MerkleCRH", l || left || right),
|
|
|
|
|
/// l = I2LEBSP_10(MerkleDepth^Orchard − 1 − layer), and left, right, and
|
2021-06-25 09:27:47 -07:00
|
|
|
|
/// the output are the x-coordinates of Pallas affine points.
|
2021-03-10 13:39:31 -08:00
|
|
|
|
///
|
2021-06-25 09:27:47 -07:00
|
|
|
|
/// https://zips.z.cash/protocol/protocol.pdf#orchardmerklecrh
|
|
|
|
|
/// https://zips.z.cash/protocol/protocol.pdf#constants
|
2021-07-15 06:58:36 -07:00
|
|
|
|
fn merkle_crh_orchard(layer: u8, left: pallas::Base, right: pallas::Base) -> pallas::Base {
|
2022-05-18 18:03:55 -07:00
|
|
|
|
let mut s = bitvec![u8, Lsb0;];
|
2021-07-15 06:58:36 -07:00
|
|
|
|
|
|
|
|
|
// Prefix: l = I2LEBSP_10(MerkleDepth^Orchard − 1 − layer)
|
|
|
|
|
let l = MERKLE_DEPTH - 1 - layer as usize;
|
2022-05-18 18:03:55 -07:00
|
|
|
|
s.extend_from_bitslice(&BitArray::<_, Lsb0>::from([l, 0])[0..10]);
|
|
|
|
|
s.extend_from_bitslice(&BitArray::<_, Lsb0>::from(left.to_repr())[0..255]);
|
|
|
|
|
s.extend_from_bitslice(&BitArray::<_, Lsb0>::from(right.to_repr())[0..255]);
|
2021-07-15 06:58:36 -07:00
|
|
|
|
|
|
|
|
|
match sinsemilla_hash(b"z.cash:Orchard-MerkleCRH", &s) {
|
|
|
|
|
Some(h) => h,
|
|
|
|
|
None => pallas::Base::zero(),
|
2021-06-25 09:27:47 -07:00
|
|
|
|
}
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lazy_static! {
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// List of "empty" Orchard note commitment nodes, one for each layer.
|
2021-03-07 02:15:38 -08:00
|
|
|
|
///
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// The list is indexed by the layer number (0: root; MERKLE_DEPTH: leaf).
|
|
|
|
|
///
|
|
|
|
|
/// https://zips.z.cash/protocol/protocol.pdf#constants
|
|
|
|
|
pub(super) static ref EMPTY_ROOTS: Vec<pallas::Base> = {
|
|
|
|
|
// The empty leaf node. This is layer 32.
|
2021-06-25 09:27:47 -07:00
|
|
|
|
let mut v = vec![NoteCommitmentTree::uncommitted()];
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
// Starting with layer 31 (the first internal layer, after the leaves),
|
|
|
|
|
// generate the empty roots up to layer 0, the root.
|
2021-07-15 06:58:36 -07:00
|
|
|
|
for layer in (0..MERKLE_DEPTH).rev()
|
2021-06-25 09:27:47 -07:00
|
|
|
|
{
|
2021-07-15 06:58:36 -07:00
|
|
|
|
// The vector is generated from the end, pushing new nodes to its beginning.
|
|
|
|
|
// For this reason, the layer below is v[0].
|
|
|
|
|
let next = merkle_crh_orchard(layer as u8, v[0], v[0]);
|
|
|
|
|
v.insert(0, next);
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 13:39:31 -08:00
|
|
|
|
/// Orchard note commitment tree root node hash.
|
2021-03-07 02:15:38 -08:00
|
|
|
|
///
|
2021-03-10 13:39:31 -08:00
|
|
|
|
/// The root hash in LEBS2OSP256(rt) encoding of the Orchard note commitment
|
|
|
|
|
/// tree corresponding to the final Orchard treestate of this block. A root of a
|
|
|
|
|
/// note commitment tree is associated with each treestate.
|
2021-06-25 09:27:47 -07:00
|
|
|
|
#[derive(Clone, Copy, Default, Eq, PartialEq, Serialize, Deserialize)]
|
|
|
|
|
pub struct Root(#[serde(with = "serde_helpers::Base")] pub(crate) pallas::Base);
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
|
|
|
|
impl fmt::Debug for Root {
|
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2021-06-25 09:27:47 -07:00
|
|
|
|
f.debug_tuple("Root")
|
2022-04-18 17:14:16 -07:00
|
|
|
|
.field(&hex::encode(&self.0.to_repr()))
|
2021-06-25 09:27:47 -07:00
|
|
|
|
.finish()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<Root> for [u8; 32] {
|
|
|
|
|
fn from(root: Root) -> Self {
|
|
|
|
|
root.0.into()
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-29 06:37:18 -07:00
|
|
|
|
impl From<&Root> for [u8; 32] {
|
|
|
|
|
fn from(root: &Root) -> Self {
|
|
|
|
|
(*root).into()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
impl Hash for Root {
|
|
|
|
|
fn hash<H: Hasher>(&self, state: &mut H) {
|
2022-04-18 17:14:16 -07:00
|
|
|
|
self.0.to_repr().hash(state)
|
2021-05-20 17:42:06 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-25 09:27:47 -07:00
|
|
|
|
impl TryFrom<[u8; 32]> for Root {
|
|
|
|
|
type Error = SerializationError;
|
|
|
|
|
|
|
|
|
|
fn try_from(bytes: [u8; 32]) -> Result<Self, Self::Error> {
|
2022-04-18 17:14:16 -07:00
|
|
|
|
let possible_point = pallas::Base::from_repr(bytes);
|
2021-06-25 09:27:47 -07:00
|
|
|
|
|
|
|
|
|
if possible_point.is_some().into() {
|
|
|
|
|
Ok(Self(possible_point.unwrap()))
|
|
|
|
|
} else {
|
|
|
|
|
Err(SerializationError::Parse(
|
|
|
|
|
"Invalid pallas::Base value for Orchard note commitment tree root",
|
|
|
|
|
))
|
|
|
|
|
}
|
2021-05-20 17:42:06 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ZcashSerialize for Root {
|
|
|
|
|
fn zcash_serialize<W: io::Write>(&self, mut writer: W) -> Result<(), io::Error> {
|
|
|
|
|
writer.write_all(&<[u8; 32]>::from(*self)[..])?;
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ZcashDeserialize for Root {
|
|
|
|
|
fn zcash_deserialize<R: io::Read>(mut reader: R) -> Result<Self, SerializationError> {
|
2021-06-25 09:27:47 -07:00
|
|
|
|
Self::try_from(reader.read_32_bytes()?)
|
2021-05-20 17:42:06 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// A node of the Orchard Incremental Note Commitment Tree.
|
2022-05-12 00:00:12 -07:00
|
|
|
|
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
|
2021-07-15 06:58:36 -07:00
|
|
|
|
struct Node(pallas::Base);
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2022-05-12 00:00:12 -07:00
|
|
|
|
/// Required to convert [`NoteCommitmentTree`] into [`SerializedTree`].
|
|
|
|
|
///
|
|
|
|
|
/// Zebra stores Orchard note commitment trees as [`Frontier`][1]s while the
|
|
|
|
|
/// [`z_gettreestate`][2] RPC requires [`CommitmentTree`][3]s. Implementing
|
|
|
|
|
/// [`merkle_tree::Hashable`] for [`Node`]s allows the conversion.
|
|
|
|
|
///
|
|
|
|
|
/// [1]: bridgetree::Frontier
|
|
|
|
|
/// [2]: https://zcash.github.io/rpc/z_gettreestate.html
|
|
|
|
|
/// [3]: merkle_tree::CommitmentTree
|
|
|
|
|
impl merkle_tree::Hashable for Node {
|
|
|
|
|
fn read<R: io::Read>(mut reader: R) -> io::Result<Self> {
|
|
|
|
|
let mut repr = [0u8; 32];
|
|
|
|
|
reader.read_exact(&mut repr)?;
|
|
|
|
|
let maybe_node = pallas::Base::from_repr(repr).map(Self);
|
|
|
|
|
|
|
|
|
|
<Option<_>>::from(maybe_node).ok_or_else(|| {
|
|
|
|
|
io::Error::new(
|
|
|
|
|
io::ErrorKind::InvalidInput,
|
|
|
|
|
"Non-canonical encoding of Pallas base field value.",
|
|
|
|
|
)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn write<W: io::Write>(&self, mut writer: W) -> io::Result<()> {
|
|
|
|
|
writer.write_all(&self.0.to_repr())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn combine(level: usize, a: &Self, b: &Self) -> Self {
|
|
|
|
|
let level = u8::try_from(level).expect("level must fit into u8");
|
|
|
|
|
let layer = (MERKLE_DEPTH - 1) as u8 - level;
|
|
|
|
|
Self(merkle_crh_orchard(layer, a.0, b.0))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn blank() -> Self {
|
|
|
|
|
Self(NoteCommitmentTree::uncommitted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn empty_root(level: usize) -> Self {
|
|
|
|
|
let layer_below: usize = MERKLE_DEPTH - level;
|
|
|
|
|
Self(EMPTY_ROOTS[layer_below])
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl incrementalmerkletree::Hashable for Node {
|
|
|
|
|
fn empty_leaf() -> Self {
|
|
|
|
|
Self(NoteCommitmentTree::uncommitted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Combine two nodes to generate a new node in the given level.
|
|
|
|
|
/// Level 0 is the layer above the leaves (layer 31).
|
|
|
|
|
/// Level 31 is the root (layer 0).
|
|
|
|
|
fn combine(level: incrementalmerkletree::Altitude, a: &Self, b: &Self) -> Self {
|
|
|
|
|
let layer = (MERKLE_DEPTH - 1) as u8 - u8::from(level);
|
|
|
|
|
Self(merkle_crh_orchard(layer, a.0, b.0))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the node for the level below the given level. (A quirk of the API)
|
|
|
|
|
fn empty_root(level: incrementalmerkletree::Altitude) -> Self {
|
|
|
|
|
let layer_below: usize = MERKLE_DEPTH - usize::from(level);
|
|
|
|
|
Self(EMPTY_ROOTS[layer_below])
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl From<pallas::Base> for Node {
|
|
|
|
|
fn from(x: pallas::Base) -> Self {
|
|
|
|
|
Node(x)
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-07-29 06:37:18 -07:00
|
|
|
|
impl serde::Serialize for Node {
|
|
|
|
|
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
|
|
|
|
|
where
|
|
|
|
|
S: serde::Serializer,
|
|
|
|
|
{
|
2022-04-18 17:14:16 -07:00
|
|
|
|
self.0.to_repr().serialize(serializer)
|
2021-07-29 06:37:18 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl<'de> serde::Deserialize<'de> for Node {
|
|
|
|
|
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
|
|
|
|
|
where
|
|
|
|
|
D: serde::Deserializer<'de>,
|
|
|
|
|
{
|
|
|
|
|
let bytes = <[u8; 32]>::deserialize(deserializer)?;
|
2022-04-18 17:14:16 -07:00
|
|
|
|
Option::<pallas::Base>::from(pallas::Base::from_repr(bytes))
|
2021-07-29 06:37:18 -07:00
|
|
|
|
.map(Node)
|
|
|
|
|
.ok_or_else(|| serde::de::Error::custom("invalid Pallas field element"))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
#[allow(dead_code, missing_docs)]
|
2021-08-09 10:22:26 -07:00
|
|
|
|
#[derive(Error, Debug, Clone, PartialEq, Eq)]
|
2021-07-15 06:58:36 -07:00
|
|
|
|
pub enum NoteCommitmentTreeError {
|
|
|
|
|
#[error("The note commitment tree is full")]
|
|
|
|
|
FullTree,
|
|
|
|
|
}
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// Orchard Incremental Note Commitment Tree
|
2022-03-09 15:26:49 -08:00
|
|
|
|
#[derive(Debug, Serialize, Deserialize)]
|
2021-07-15 06:58:36 -07:00
|
|
|
|
pub struct NoteCommitmentTree {
|
|
|
|
|
/// The tree represented as a Frontier.
|
|
|
|
|
///
|
|
|
|
|
/// A Frontier is a subset of the tree that allows to fully specify it.
|
|
|
|
|
/// It consists of nodes along the rightmost (newer) branch of the tree that
|
|
|
|
|
/// has non-empty nodes. Upper (near root) empty nodes of the branch are not
|
|
|
|
|
/// stored.
|
2022-01-13 17:28:35 -08:00
|
|
|
|
///
|
|
|
|
|
/// # Consensus
|
|
|
|
|
///
|
|
|
|
|
/// > [NU5 onward] A block MUST NOT add Orchard note commitments that would result in the Orchard note
|
|
|
|
|
/// > commitment tree exceeding its capacity of 2^(MerkleDepth^Orchard) leaf nodes.
|
|
|
|
|
///
|
|
|
|
|
/// <https://zips.z.cash/protocol/protocol.pdf#merkletree>
|
|
|
|
|
///
|
|
|
|
|
/// Note: MerkleDepth^Orchard = MERKLE_DEPTH = 32.
|
2021-07-15 06:58:36 -07:00
|
|
|
|
inner: bridgetree::Frontier<Node, { MERKLE_DEPTH as u8 }>,
|
2022-01-13 17:28:35 -08:00
|
|
|
|
|
2021-08-10 06:33:34 -07:00
|
|
|
|
/// A cached root of the tree.
|
|
|
|
|
///
|
|
|
|
|
/// Every time the root is computed by [`Self::root`] it is cached here,
|
|
|
|
|
/// and the cached value will be returned by [`Self::root`] until the tree is
|
|
|
|
|
/// changed by [`Self::append`]. This greatly increases performance
|
|
|
|
|
/// because it avoids recomputing the root when the tree does not change
|
|
|
|
|
/// between blocks. In the finalized state, the tree is read from
|
|
|
|
|
/// disk for every block processed, which would also require recomputing
|
|
|
|
|
/// the root even if it has not changed (note that the cached root is
|
|
|
|
|
/// serialized with the tree). This is particularly important since we decided
|
|
|
|
|
/// to instantiate the trees from the genesis block, for simplicity.
|
|
|
|
|
///
|
2022-03-09 15:26:49 -08:00
|
|
|
|
/// We use a [`RwLock`] for this cache, because it is only written once per tree update.
|
|
|
|
|
/// Each tree has its own cached root, a new lock is created for each clone.
|
|
|
|
|
cached_root: std::sync::RwLock<Option<Root>>,
|
2021-07-15 06:58:36 -07:00
|
|
|
|
}
|
2021-03-07 02:15:38 -08:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl NoteCommitmentTree {
|
|
|
|
|
/// Adds a note commitment x-coordinate to the tree.
|
|
|
|
|
///
|
|
|
|
|
/// The leaves of the tree are actually a base field element, the
|
|
|
|
|
/// x-coordinate of the commitment, the data that is actually stored on the
|
|
|
|
|
/// chain and input into the proof.
|
|
|
|
|
///
|
|
|
|
|
/// Returns an error if the tree is full.
|
|
|
|
|
pub fn append(&mut self, cm_x: pallas::Base) -> Result<(), NoteCommitmentTreeError> {
|
|
|
|
|
if self.inner.append(&cm_x.into()) {
|
2021-08-10 06:33:34 -07:00
|
|
|
|
// Invalidate cached root
|
2022-03-09 15:26:49 -08:00
|
|
|
|
let cached_root = self
|
|
|
|
|
.cached_root
|
|
|
|
|
.get_mut()
|
|
|
|
|
.expect("a thread that previously held exclusive lock access panicked");
|
|
|
|
|
|
|
|
|
|
*cached_root = None;
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
Ok(())
|
|
|
|
|
} else {
|
|
|
|
|
Err(NoteCommitmentTreeError::FullTree)
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
/// Returns the current root of the tree, used as an anchor in Orchard
|
|
|
|
|
/// shielded transactions.
|
|
|
|
|
pub fn root(&self) -> Root {
|
2022-03-09 15:26:49 -08:00
|
|
|
|
if let Some(root) = self
|
|
|
|
|
.cached_root
|
|
|
|
|
.read()
|
|
|
|
|
.expect("a thread that previously held exclusive lock access panicked")
|
|
|
|
|
.deref()
|
|
|
|
|
{
|
|
|
|
|
// Return cached root.
|
|
|
|
|
return *root;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get exclusive access, compute the root, and cache it.
|
|
|
|
|
let mut write_root = self
|
|
|
|
|
.cached_root
|
|
|
|
|
.write()
|
|
|
|
|
.expect("a thread that previously held exclusive lock access panicked");
|
|
|
|
|
match write_root.deref() {
|
|
|
|
|
// Another thread got write access first, return cached root.
|
|
|
|
|
Some(root) => *root,
|
2021-08-10 06:33:34 -07:00
|
|
|
|
None => {
|
2022-03-09 15:26:49 -08:00
|
|
|
|
// Compute root and cache it.
|
2021-08-10 06:33:34 -07:00
|
|
|
|
let root = Root(self.inner.root().0);
|
2022-03-09 15:26:49 -08:00
|
|
|
|
*write_root = Some(root);
|
2021-08-10 06:33:34 -07:00
|
|
|
|
root
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-15 06:58:36 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the Pallas-based Sinsemilla hash / root node of this merkle tree of
|
2021-06-25 09:27:47 -07:00
|
|
|
|
/// note commitments.
|
2021-03-07 02:15:38 -08:00
|
|
|
|
pub fn hash(&self) -> [u8; 32] {
|
2021-07-15 06:58:36 -07:00
|
|
|
|
self.root().into()
|
2021-06-25 09:27:47 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// An as-yet unused Orchard note commitment tree leaf node.
|
|
|
|
|
///
|
|
|
|
|
/// Distinct for Orchard, a distinguished hash value of:
|
|
|
|
|
///
|
|
|
|
|
/// Uncommitted^Orchard = I2LEBSP_l_MerkleOrchard(2)
|
|
|
|
|
pub fn uncommitted() -> pallas::Base {
|
|
|
|
|
pallas::Base::one().double()
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
2021-07-15 06:58:36 -07:00
|
|
|
|
|
|
|
|
|
/// Count of note commitments added to the tree.
|
|
|
|
|
///
|
|
|
|
|
/// For Orchard, the tree is capped at 2^32.
|
|
|
|
|
pub fn count(&self) -> u64 {
|
2021-10-05 18:08:41 -07:00
|
|
|
|
self.inner.position().map_or(0, |pos| u64::from(pos) + 1)
|
2021-07-15 06:58:36 -07:00
|
|
|
|
}
|
2021-03-07 02:15:38 -08:00
|
|
|
|
}
|
|
|
|
|
|
2022-03-09 15:26:49 -08:00
|
|
|
|
impl Clone for NoteCommitmentTree {
|
|
|
|
|
/// Clones the inner tree, and creates a new `RwLock` with the cloned root data.
|
|
|
|
|
fn clone(&self) -> Self {
|
|
|
|
|
let cached_root = *self
|
|
|
|
|
.cached_root
|
|
|
|
|
.read()
|
|
|
|
|
.expect("a thread that previously held exclusive lock access panicked");
|
|
|
|
|
|
|
|
|
|
Self {
|
|
|
|
|
inner: self.inner.clone(),
|
|
|
|
|
cached_root: std::sync::RwLock::new(cached_root),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl Default for NoteCommitmentTree {
|
|
|
|
|
fn default() -> Self {
|
|
|
|
|
Self {
|
2021-10-05 18:08:41 -07:00
|
|
|
|
inner: bridgetree::Frontier::empty(),
|
2021-08-10 06:33:34 -07:00
|
|
|
|
cached_root: Default::default(),
|
2021-07-15 06:58:36 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Eq for NoteCommitmentTree {}
|
2021-06-25 09:27:47 -07:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl PartialEq for NoteCommitmentTree {
|
|
|
|
|
fn eq(&self, other: &Self) -> bool {
|
|
|
|
|
self.hash() == other.hash()
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-06-25 09:27:47 -07:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
impl From<Vec<pallas::Base>> for NoteCommitmentTree {
|
|
|
|
|
/// Compute the tree from a whole bunch of note commitments at once.
|
|
|
|
|
fn from(values: Vec<pallas::Base>) -> Self {
|
|
|
|
|
let mut tree = Self::default();
|
2021-06-25 09:27:47 -07:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
if values.is_empty() {
|
|
|
|
|
return tree;
|
|
|
|
|
}
|
2021-06-25 09:27:47 -07:00
|
|
|
|
|
2021-07-15 06:58:36 -07:00
|
|
|
|
for cm_x in values {
|
|
|
|
|
let _ = tree.append(cm_x);
|
2021-06-25 09:27:47 -07:00
|
|
|
|
}
|
2021-07-15 06:58:36 -07:00
|
|
|
|
|
|
|
|
|
tree
|
2021-06-25 09:27:47 -07:00
|
|
|
|
}
|
|
|
|
|
}
|
2022-05-12 00:00:12 -07:00
|
|
|
|
|
|
|
|
|
/// A serialized Orchard note commitment tree.
|
|
|
|
|
///
|
|
|
|
|
/// The format of the serialized data is compatible with
|
|
|
|
|
/// [`CommitmentTree`](merkle_tree::CommitmentTree) from `librustzcash` and not
|
|
|
|
|
/// with [`Frontier`](bridgetree::Frontier) from the crate
|
|
|
|
|
/// [`incrementalmerkletree`]. Zebra follows the former format in order to stay
|
|
|
|
|
/// consistent with `zcashd` in RPCs. Note that [`NoteCommitmentTree`] itself is
|
|
|
|
|
/// represented as [`Frontier`](bridgetree::Frontier).
|
|
|
|
|
///
|
|
|
|
|
/// The formats are semantically equivalent. The primary difference between them
|
|
|
|
|
/// is that in [`Frontier`](bridgetree::Frontier), the vector of parents is
|
|
|
|
|
/// dense (we know where the gaps are from the position of the leaf in the
|
|
|
|
|
/// overall tree); whereas in [`CommitmentTree`](merkle_tree::CommitmentTree),
|
|
|
|
|
/// the vector of parent hashes is sparse with [`None`] values in the gaps.
|
|
|
|
|
///
|
|
|
|
|
/// The sparse format, used in this implementation, allows representing invalid
|
|
|
|
|
/// commitment trees while the dense format allows representing only valid
|
|
|
|
|
/// commitment trees.
|
|
|
|
|
///
|
|
|
|
|
/// It is likely that the dense format will be used in future RPCs, in which
|
|
|
|
|
/// case the current implementation will have to change and use the format
|
|
|
|
|
/// compatible with [`Frontier`](bridgetree::Frontier) instead.
|
|
|
|
|
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
|
|
|
|
|
pub struct SerializedTree(Vec<u8>);
|
|
|
|
|
|
|
|
|
|
impl From<&NoteCommitmentTree> for SerializedTree {
|
|
|
|
|
fn from(tree: &NoteCommitmentTree) -> Self {
|
|
|
|
|
let mut serialized_tree = vec![];
|
|
|
|
|
|
|
|
|
|
// Skip the serialization of empty trees.
|
|
|
|
|
//
|
|
|
|
|
// Note: This ensures compatibility with `zcashd` in the
|
|
|
|
|
// [`z_gettreestate`][1] RPC.
|
|
|
|
|
//
|
|
|
|
|
// [1]: https://zcash.github.io/rpc/z_gettreestate.html
|
|
|
|
|
if tree.inner == bridgetree::Frontier::empty() {
|
|
|
|
|
return Self(serialized_tree);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Convert the note commitment tree from
|
|
|
|
|
// [`Frontier`](bridgetree::Frontier) to
|
|
|
|
|
// [`CommitmentTree`](merkle_tree::CommitmentTree).
|
|
|
|
|
let tree = CommitmentTree::from_frontier(&tree.inner);
|
|
|
|
|
tree.write(&mut serialized_tree)
|
|
|
|
|
.expect("note commitment tree should be serializable");
|
|
|
|
|
Self(serialized_tree)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<Option<Arc<NoteCommitmentTree>>> for SerializedTree {
|
|
|
|
|
fn from(maybe_tree: Option<Arc<NoteCommitmentTree>>) -> Self {
|
|
|
|
|
match maybe_tree {
|
|
|
|
|
Some(tree) => tree.as_ref().into(),
|
|
|
|
|
None => Self(Vec::new()),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl AsRef<[u8]> for SerializedTree {
|
|
|
|
|
fn as_ref(&self) -> &[u8] {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|