Skip to content

Commit 8d7f0c5

Browse files
OttoAllmendingerllm-git
OttoAllmendinger
and
llm-git
committed
feat(crypto): add Zcash ZIP-243 sighash implementation
Add support for Zcash transaction signature validation following ZIP-243 standard. The implementation uses BLAKE2b-256 with personalization strings for computing signature hashes for transparent inputs in Zcash transactions. Key features: - Implement ZIP-243 sighash algorithm for Zcash transactions - Add SighashCacheZcashExt trait for computing Zcash sighashes - Support both P2PKH and P2SH inputs in Zcash transparent transactions - Provide PSBT signing extension for Zcash inputs - Include test vectors from ZIP-243 specification Issue: BTC-2555 Co-authored-by: llm-git <[email protected]>
1 parent e1eb843 commit 8d7f0c5

File tree

8 files changed

+1512
-2
lines changed

8 files changed

+1512
-2
lines changed

altcoins/zcash/ZIP-243-TEST-VECTORS.md

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
# ZIP-243 Test Vectors
2+
3+
Source: https://zips.z.cash/zip-0243
4+
5+
## Test Vector 1 (Shielded-only, no transparent inputs)
6+
7+
This transaction has NO transparent inputs (vin: 00), so it's not useful for testing
8+
transparent sighash computation.
9+
10+
**Expected sighash** (with nIn = NOT_AN_INPUT, SIGHASH_ALL): `63d18534de5f2d1c9e169b73f9c783718adbef5c8a7d55b5e7a37affa1dd3ff3`
11+
12+
---
13+
14+
## Test Vector 2 (Mixed: 2 transparent inputs + shielded outputs)
15+
16+
**Transaction Header:**
17+
- header: `04000080`
18+
- nVersionGroupId: `85202f89`
19+
- nLockTime: `d7034302` (0x020343d7 = 33866711)
20+
- nExpiryHeight: `011b9a07` (0x079a1b01 = 127671041)
21+
- valueBalance: `6620edc067ff0200`
22+
23+
**Transparent Inputs (vin: 02):**
24+
1. Input 0:
25+
- txid: `0bbe32a598c22adfb48cef72ba5d4287c0cefbacfd8ce195b4963c34a94bba7a`
26+
- vout: `175dae4b` (little-endian: 0x4bae5d17)
27+
- scriptSig: `0465ac6563`
28+
- nSequence: `53708915`
29+
30+
2. Input 1:
31+
- txid: `090f47a068e227433f9e49d3aa09e356d8d66d0c0121e91a3c4aa3f27fa1b633`
32+
- vout: `96e2b41d` (little-endian: 0x1db4e296)
33+
- scriptSig: `090063535300ac53ac51`
34+
- nSequence: `4e970568`
35+
36+
**Expected values (nIn = 0, SIGHASH_NONE = 2):**
37+
- hashPrevouts: `cacf0f5210cce5fa65a59f314292b3111d299e7d9d582753cf61e1e408552ae4`
38+
- hashSequence: zeros (due to SIGHASH_NONE)
39+
- hashOutputs: zeros (due to SIGHASH_NONE)
40+
- **sighash**: `bbe6d84f57c56b29b914c694baaccb891297e961de3eb46c68e3c89c47b1a1db`
41+
42+
---
43+
44+
## Test Vector 3 (Transparent-only) ⭐ BEST FOR TESTING
45+
46+
**Testnet transaction** with txid `97d8814886d07fc12bbac90c089a10f90906cbb53402ee26e576ef99276c492d`
47+
48+
This is a **transparent-only** transaction (no shielded components), perfect for testing.
49+
50+
**Raw Transaction:**
51+
```
52+
0400008085202f8901a8c685478265f4c14dada651969c45a65e1aeb8cd6791f2f5bb6a1d9952104d9010000006b483045022100a61e5d557568c2ddc1d9b03a7173c6ce7c996c4daecab007ac8f34bee01e6b9702204d38fdc0bcf2728a69fde78462a10fb45a9baa27873e6a5fc45fb5c76764202a01210365ffea3efa3908918a8b8627724af852fc9b86d7375b103ab0543cf418bcaa7ffeffffff02005a6202000000001976a9148132712c3ff19f3a151234616777420a6d7ef22688ac8b959800000000001976a9145453e4698f02a38abdaa521cd1ff2dee6fac187188ac29b0040048b004000000000000000000000000
53+
```
54+
55+
**Transaction Fields:**
56+
- header: `04000080` (version 4 with fOverwintered)
57+
- nVersionGroupId: `85202f89` (Sapling)
58+
- nLockTime: `29b00400` = 307241 (little-endian: 0x0004b029)
59+
- nExpiryHeight: `48b00400` = 307272 (little-endian: 0x0004b048)
60+
- valueBalance: `0000000000000000` (zeros for transparent-only)
61+
62+
**Transparent Input (vin: 01):**
63+
- txid: `a8c685478265f4c14dada651969c45a65e1aeb8cd6791f2f5bb6a1d9952104d9`
64+
- vout: `01000000` = 1
65+
- scriptSig (signed): `6b483045022100a61e5d557568c2ddc1d9b03a7173c6ce7c996c4daecab007ac8f34bee01e6b9702204d38fdc0bcf2728a69fde78462a10fb45a9baa27873e6a5fc45fb5c76764202a01210365ffea3efa3908918a8b8627724af852fc9b86d7375b103ab0543cf418bcaa7f`
66+
- nSequence: `feffffff` = 4294967294 (0xfffffffe)
67+
68+
**Transparent Outputs (vout: 02):**
69+
1. Output 0:
70+
- value: `005a620200000000` = 40000000 satoshis (0.4 ZEC)
71+
- scriptPubKey: `1976a9148132712c3ff19f3a151234616777420a6d7ef22688ac`
72+
73+
2. Output 1:
74+
- value: `8b95980000000000` = 9999755 satoshis
75+
- scriptPubKey: `1976a9145453e4698f02a38abdaa521cd1ff2dee6fac187188ac`
76+
77+
**Sighash Input Data (for computing sighash of input 0):**
78+
- prevout txid: `a8c685478265f4c14dada651969c45a65e1aeb8cd6791f2f5bb6a1d9952104d9`
79+
- prevout vout: `01000000` = 1
80+
- scriptCode: `1976a914507173527b4c3318a2aecd793bf1cfed705950cf88ac` (P2PKH)
81+
- amount: `80f0fa0200000000` = 50000000 satoshis (0.5 ZEC)
82+
- nSequence: `feffffff`
83+
84+
**Intermediate Hashes (SIGHASH_ALL):**
85+
- hashPrevouts: `fae31b8dec7b0b77e2c8d6b6eb0e7e4e55abc6574c26dd44464d9408a8e33f11`
86+
- hashSequence: `6c80d37f12d89b6f17ff198723e7db1247c4811d1a695d74d930f99e98418790`
87+
- hashOutputs: `d2b04118469b7810a0d1cc59568320aad25a84f407ecac40b4f605a4e6868454`
88+
- hashJoinSplits: zeros
89+
- hashShieldedSpends: zeros
90+
- hashShieldedOutputs: zeros
91+
92+
**Expected Sighash (nIn = 0, SIGHASH_ALL = 1):**
93+
```
94+
f3148f80dfab5e573d5edfe7a850f5fd39234f80b5429d3a57edcc11e34c585b
95+
```
96+
97+
---
98+
99+
## Consensus Branch IDs
100+
101+
| Network Upgrade | Branch ID | Transaction Version |
102+
|-----------------|--------------|---------------------|
103+
| Overwinter | 0x5ba81b19 | 3 |
104+
| Sapling | 0x76b809bb | 4 |
105+
| Blossom | 0x2bb40e60 | 4 |
106+
| Heartwood | 0xf5b9230b | 4 |
107+
| Canopy | 0xe9ff75a6 | 4 |
108+
| NU5 | 0xc2d6d0b4 | 5 |
109+
110+
## Personalization Strings
111+
112+
| Purpose | Personalization (16 bytes) |
113+
|----------|------------------------------|
114+
| Sighash | "ZcashSigHash" + branch_id |
115+
| Prevouts | "ZcashPrevoutHash" |
116+
| Sequence | "ZcashSequencHash" |
117+
| Outputs | "ZcashOutputsHash" |
118+

0 commit comments

Comments
 (0)