Conversation
* Added .circleci/config.yml
Implements the issuer keys as
IssuerAuthorizingKey -> isk
IssuerVerifyingKey -> ik
Test vectors generated with zcash_test_vectors repo
* Added NoteType to Notes * Added NoteType to value commitment derivation
* Circleci project setup (#1) * Added .circleci/config.yml * Added NoteType to Notes * reformated file * updated `derive` for NoteType * added note_type to value commit derivation * rustfmt * updated ci config * updated ci config * updated ci config * updated derive for note_type * added test for arb note_type * added test for `native` note type * zsa-note-encryption: introduce AssetType and encode and decode it in note plaintexts * zsa-note-encryption: extend the size of compact notes to include asset_type * fixed clippy warrnings * rustfmt * zsa-note-encryption: document parsing requirement * zsa-note-encryption: revert support of ZSA compact action * zsa_value: add NoteType method is_native * zsa-note-encryption: remove dependency on changes in the other crate * zsa-note-encryption: extract memo of ZSA notes * zsa-note-encryption: tests (zcash_test_vectors 77c73492) * zsa-note-encryption: simplify roundtrip test * zsa-note-encryption: more test vectors (zcash_test_vectors c10da464) * Circleci project setup (#1) * Added .circleci/config.yml * issuer keys implementation (#5) Implements the issuer keys as IssuerAuthorizingKey -> isk IssuerVerifyingKey -> ik Test vectors generated with zcash_test_vectors repo * Added NoteType to Notes (#2) * Added NoteType to Notes * Added NoteType to value commitment derivation * zsa-note-encryption: use both native and ZSA in proptests * zsa-note-encryption: test vector commit 51398c93 * zsa-note-encryption: fix after merge Co-authored-by: Paul <3682187+PaulLaux@users.noreply.github.com> Co-authored-by: Paul <lauxpaul@protonmail.com> Co-authored-by: Aurélien Nicolas <info@nau.re> Co-authored-by: Daniel Benarroch <danielbenarroch92@gmail.com>
+ Updated test bsk_consistent_with_bvk to verify mixed note types. + Added NoteType support to the builder and the bundle. + added split_flag to SpentInfo and as input to the Circuit (currently commented out) + added conditional cv_sum calculation (currently commented out) + added padding to actions
- added IssueBundle and IssueAction - added a builder for IssueBundle - added verify_issue_bundle() for consensus verification. - unit tests.
added tests in `tests/zsa.rs`
* disabled split notes and proof check for zsa transfer
* fixes and suggestions * changed "issuer" to "issuance" as per zcash#356 (comment) * terminology fixes * updated naming
* rename 2 note_type -> asset as per zcash#356 (comment) * added a dedicated type for "IssuanceAuth" * disabled codecov github action due to bad behavior. * extracted "is_asset_desc_of_valid_size()" into asset_id.rs
* improved `verify_issue_bundle()`
PaulLaux
force-pushed
the
zsa1
branch
2 times, most recently
from
5ec6aee to
9405f80
Compare
Added a method to add assets to burn to the Builder bvk computation now includes the burnt assets Added Tests for bsk/bvk consistency for burning Added E2E tests for assets burning
Added CI badge to README
Added `OrchardDomainV3` on top of the encryption generalization (QED-it/librustzcash#18). not for review: note_encryption.rs, note_encryptionv2v3.rs and src/test_vectors/note_encryption.rs. These files represent two possible approaches for backward compatibility and will be finalized down the road. (the files were excluded from the build).
Make IVK::from_bytes public
When split_flag is set, the following values are modified * v_net is equal to -v_new instead of v_old - v_new * cv_net is evaluated with this new value of v_net The following constraints are modified * (v_old - v_new = magnitude * sign) becomes (v_old * (1-split_flag) - v_new = magnitude * sign) to take into account the new value of v_net * nf_old = nf_old_pub is only checked when split_flag=0 * the new constraint asset_old = asset_new is always checked regardless of the value of split_flag
- Renamed AssetId to AssetBase - Changed the AssetBase implementation to support the zip update. - Updated visibility for various members of issuance.rs
…#49) This PR updates the test-vectors from the updates to the zcash-test-vectors repository (see here). The keys test is also updated to now use the asset base from the test vectors instead of just using the native asset.
In the circuit, we update value_commit_orchard to take into account asset.
Previously, value_commit_orchard returns cv_net = [v_net] ValueCommitV + [rcv] ValueCommitR..
Now, value_commit_orchard returns cv_net = [v_net] asset + [rcv] ValueCommitR.
ValueCommitV and ValueCommitR are constants
v_net is equal to sign * magnitude where sign is in {-1, 1} and magnitude is an unsigned integer on 64 bits.
To evaluate [v_net] asset where v_net = sign * magnitude, we perform the following steps
1. verify that magnitude is on 64 bits
2. evaluate commitment=[magnitude]asset with the variable-base long-scalar multiplication
3. evaluate result=[sign]commitment with the new mul_sign gate
We would like to have a constant-time evaluation of the note commitment for both ZEC and ZSA. ZEC_note_commitment=Extract_P(SinsemillaHashToPoint(zec_personalization, common_bits) + [rcm]R) ZSA_note_commitment=Extract_P(SinsemillaHashToPoint(zsa_personalization, common_bits || asset) + [rcm]R) R is the same constant for ZEC and ZSA note commitments.
1. Added a new error, `ValueSumOverflow`, that occurs if the sum value overflows when adding new supply amounts. 2. Created a new `supply_info` module containing `SupplyInfo` and `AssetSupply` structures, with `add_supply` function and unit tests for it. 3. Renamed the `are_note_asset_ids_derived_correctly` function to `verify_supply`, changed its behavior to verify and compute asset supply, added unit tests for it. 4. Updated the `verify_issue_bundle` function to use the changes mentioned above, updated its description, and added new unit tests. 5. Renamed errors with `...NoteType` suffix in the name to `...AssetBase`. 6. Added `update_finalization_set` method to `SupplyInfo` and use after the calls of `verify_issue_bundle function` (if needed), instead of mutating the finalization set inside `verify_issue_bundle`.
Address the following review comments: r2602342339 r2602343402 r2602349839 r2602350657 r2602362960 r2602363436
Address the following review comments: r2542313926 r2550287842 r2602977967 r2543702226 r2542907997 r2585555720 r2602558531
…text (#229) Address the following review comments: r2542655700 r2542668676 This PR introduces a dedicated ZIP-227 issuance key derivation using hardened-only ZIP-32, separate from Orchard spending keys.
Address the following review comments: r2602563105
…Issue)SighashKind (#231) Address the following review comments: r2550076032 r2550178094 r2585689194 r2602328317
The current CI fails due to a new blake2b_simd release using edition = 2024, which breaks the MSRV toolchain
…ntu steps (#205) 1. Disable LTO for cargo test --release in CI to avoid very slow / stuck macOS builds (rustc/LLVM during release test compilation). 2. Run apt-get update before installing libfontconfig1-dev on Ubuntu to prevent intermittent 404s from stale package indexes.
Address the following review comments: r2550615705
Address the following review comments: r2599737628 Ensures the note plaintext lead byte matches 0x02 for Orchard V5 transactions (OrchardVanilla) and 0x03 for Orchard V6 transactions (OrchardZSA).
Replace `impl Add for NoteValue` with a dedicated helper function Update `ValueSum::from_raw` - Introduce a `pub(crate) ValueSum::from_raw_inner` helper - Gate `ValueSum::from_raw` behind the `temporary-zebra` feature flag Update the `sighash_info_for_kind` closure used when evaluating digests - Change the return type from `&'static [u8]` to `Vec<u8>`
updated comment to address zcash#471 (comment) and zcash#471 (comment)
- Expose ReferenceKeys as orchard::issuance::ReferenceKeys for consensus verification of reference notes - Update tests to use ReferenceKeys::recipient() instead of manually recreating the reference recipient from well-known seed
Added MAX_BURN_VALUE to be u63 in order to fit both u64 and i64 as requested in zcash#471 (comment)
Removed #[allow(clippy::suspicious_arithmetic_impl)] that does not seems to be needed.
signature. as requested in zcash#471 (comment)
…AULT)` test to make sure we can create an OrchardZSA bundle with DEFAULT flags
During `Bundle` creation in `build_bundle`, update the order of dummy spend/output creation and shuffling to ensure backward compatibility with zcash/orchard. --------- Co-authored-by: Paul <3682187+PaulLaux@users.noreply.github.com>
This ability is not needed. The only time we need to pad with a non-zatoshi asset, it is done using `OutputInfo::dummy()`
…ors` (#238) QED-it/zcash-test-vectors#47 expands the sample set of Unicode code points, which leads to a different random selection of asset description strings, and therefore different asset base values in `src/test_vectors/asset_base.rs`. This PR copies those changes in, along with some CI locking for tests to pass. --------- Co-authored-by: Dmitry Demin <dmitry@qed-it.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements draft ZIP 226 and draft ZIP 227
What's included:
burnfield inside the Orchardbundleand the ability utilize it. In addition the changes tobvkandbskto support this change. See ZSA burn functionality #35 for full list of changes.Domaintrait in thezcash_note_encryptioncrate to support various lengths forCOMPACT_NOTE_SIZEby converting the relevant constants into trait specific types. Later, implementedOrchardDomainV3to support the new note structure. See the supporting PR for more details: zcash_note_encryption generalization zcash/librustzcash#746 and V3 encryption #38zsa1branch for full details.AssetIDderivation AssetID test vectors #34AssetID, split notes, and all other new functionality.The proposed changes should be considered as a Draft and should not be considered as final.