Change ciphertext length to match protocol spec, and refactor the use of constants.

8 years ago · 5961dcb6da
11 changed files with 60 additions and 44 deletions
--- a/src/gtest/test_noteencryption.cpp
+++ b/src/gtest/test_noteencryption.cpp
@ -5,6 +5,7 @@

 #include "zcash/NoteEncryption.hpp"
 #include "zcash/prf.h"
+#include "crypto/sha256.h"

 class TestNoteDecryption : public ZCNoteDecryption {
 public:
@ -28,8 +29,8 @@ TEST(noteencryption, api)
        ASSERT_TRUE(b.get_epk() != c.get_epk());
    }

-    boost::array<unsigned char, 216> message;
-    for (unsigned char i = 0; i < 216; i++) {
+    boost::array<unsigned char, 201> message;
+    for (unsigned char i = 0; i < 201; i++) {
        // Fill the message with dummy data
        message[i] = (unsigned char) i;
    }
--- a/src/primitives/transaction.cpp
+++ b/src/primitives/transaction.cpp
@ -35,8 +35,8 @@ boost::array<uint256, N> unsigned_char_vector_array_to_uint256_array(const boost
 CPourTx::CPourTx(ZerocashParams& params,
            const CScript& scriptPubKey,
            const uint256& anchor,
-            const boost::array<PourInput, NUM_POUR_INPUTS>& inputs,
-            const boost::array<PourOutput, NUM_POUR_OUTPUTS>& outputs,
+            const boost::array<PourInput, ZC_NUM_JS_INPUTS>& inputs,
+            const boost::array<PourOutput, ZC_NUM_JS_OUTPUTS>& outputs,
            CAmount vpub_old,
            CAmount vpub_new) : scriptSig(), scriptPubKey(scriptPubKey), vpub_old(vpub_old), vpub_new(vpub_new), anchor(anchor)
 {
@ -55,9 +55,9 @@ CPourTx::CPourTx(ZerocashParams& params,
                           vpub_old,
                           vpub_new);

-    boost::array<std::vector<unsigned char>, NUM_POUR_INPUTS> serials_bv;
-    boost::array<std::vector<unsigned char>, NUM_POUR_OUTPUTS> commitments_bv;
-    boost::array<std::vector<unsigned char>, NUM_POUR_INPUTS> macs_bv;
+    boost::array<std::vector<unsigned char>, ZC_NUM_JS_INPUTS> serials_bv;
+    boost::array<std::vector<unsigned char>, ZC_NUM_JS_OUTPUTS> commitments_bv;
+    boost::array<std::vector<unsigned char>, ZC_NUM_JS_INPUTS> macs_bv;

    proof = pourtx.unpack(serials_bv, commitments_bv, macs_bv, ciphertexts, ephemeralKey);
    serials = unsigned_char_vector_array_to_uint256_array(serials_bv);
@ -80,9 +80,9 @@ bool CPourTx::Verify(ZerocashParams& params) const {
        std::vector<unsigned char>(anchor.begin(), anchor.end()),
        vpub_old,
        vpub_new,
-        uint256_to_array<NUM_POUR_INPUTS>(serials),
-        uint256_to_array<NUM_POUR_OUTPUTS>(commitments),
-        uint256_to_array<NUM_POUR_INPUTS>(macs),
+        uint256_to_array<ZC_NUM_JS_INPUTS>(serials),
+        uint256_to_array<ZC_NUM_JS_OUTPUTS>(commitments),
+        uint256_to_array<ZC_NUM_JS_INPUTS>(macs),
        proof
    );
 }
--- a/src/primitives/transaction.h
+++ b/src/primitives/transaction.h
@ -18,12 +18,10 @@
 #include "zerocash/PourOutput.h"

 #include "zcash/NoteEncryption.hpp"
+#include "zcash/Zcash.h"

 using namespace libzerocash;

-static const unsigned int NUM_POUR_INPUTS = 2;
-static const unsigned int NUM_POUR_OUTPUTS = 2;
-
 class CPourTx
 {
 public:
@ -50,20 +48,20 @@ public:
    // are derived from the secrets placed in the bucket
    // and the secret spend-authority key known by the
    // spender.
-    boost::array<uint256, NUM_POUR_INPUTS> serials;
+    boost::array<uint256, ZC_NUM_JS_INPUTS> serials;

    // Bucket commitments are introduced into the commitment
    // tree, blinding the public about the values and
    // destinations involved in the Pour. The presence of a
    // commitment in the bucket commitment tree is required
    // to spend it.
-    boost::array<uint256, NUM_POUR_OUTPUTS> commitments;
+    boost::array<uint256, ZC_NUM_JS_OUTPUTS> commitments;

    // Ciphertexts
    // These contain trapdoors, values and other information
    // that the recipient needs, including a memo field. It
    // is encrypted using the scheme implemented in crypto/NoteEncryption.cpp
-    boost::array<ZCNoteEncryption::Ciphertext, NUM_POUR_OUTPUTS> ciphertexts;
+    boost::array<ZCNoteEncryption::Ciphertext, ZC_NUM_JS_OUTPUTS> ciphertexts;

    // Ephemeral key
    uint256 ephemeralKey;
@ -71,7 +69,7 @@ public:
    // MACs
    // The verification of the pour requires these MACs
    // to be provided as an input.
-    boost::array<uint256, NUM_POUR_INPUTS> macs;
+    boost::array<uint256, ZC_NUM_JS_INPUTS> macs;

    // Pour proof
    // This is a zk-SNARK which ensures that this pour is valid.
@ -82,8 +80,8 @@ public:
    CPourTx(ZerocashParams& params,
            const CScript& scriptPubKey,
            const uint256& rt,
-            const boost::array<PourInput, NUM_POUR_INPUTS>& inputs,
-            const boost::array<PourOutput, NUM_POUR_OUTPUTS>& outputs,
+            const boost::array<PourInput, ZC_NUM_JS_INPUTS>& inputs,
+            const boost::array<PourOutput, ZC_NUM_JS_OUTPUTS>& outputs,
            CAmount vpub_old,
            CAmount vpub_new
    );
--- a/src/test/transaction_tests.cpp
+++ b/src/test/transaction_tests.cpp
@ -336,11 +336,11 @@ BOOST_AUTO_TEST_CASE(test_basic_pour_verification)

    // create CPourTx
    CScript scriptPubKey;
-    boost::array<PourInput, NUM_POUR_INPUTS> inputs = {
+    boost::array<PourInput, ZC_NUM_JS_INPUTS> inputs = {
        PourInput(coin, addr, path),
        PourInput(INCREMENTAL_MERKLE_TREE_DEPTH) // dummy input of zero value
    };
-    boost::array<PourOutput, NUM_POUR_OUTPUTS> outputs = {
+    boost::array<PourOutput, ZC_NUM_JS_OUTPUTS> outputs = {
        PourOutput(50),
        PourOutput(50)
    };
--- a/src/wallet/rpcwallet.cpp
+++ b/src/wallet/rpcwallet.cpp
@ -2610,7 +2610,7 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
        vpourin.push_back(PourInput(input_coin, zcaddress, path));
    }

-    while (vpourin.size() < NUM_POUR_INPUTS) {
+    while (vpourin.size() < ZC_NUM_JS_INPUTS) {
        vpourin.push_back(PourInput(INCREMENTAL_MERKLE_TREE_DEPTH));
    }

@ -2637,12 +2637,12 @@ Value zc_raw_pour(const json_spirit::Array& params, bool fHelp)
        vpourout.push_back(output);
    }

-    while (vpourout.size() < NUM_POUR_OUTPUTS) {
+    while (vpourout.size() < ZC_NUM_JS_OUTPUTS) {
        vpourout.push_back(PourOutput(0));
    }

    // TODO
-    if (vpourout.size() != NUM_POUR_INPUTS || vpourin.size() != NUM_POUR_OUTPUTS) {
+    if (vpourout.size() != ZC_NUM_JS_INPUTS || vpourin.size() != ZC_NUM_JS_OUTPUTS) {
        throw runtime_error("unsupported pour input/output counts");
    }

--- a/src/zcash/IncrementalMerkleTree.hpp
+++ b/src/zcash/IncrementalMerkleTree.hpp
@ -8,8 +8,7 @@
 #include "uint256.h"
 #include "serialize.h"

-static const unsigned int INCREMENTAL_MERKLE_TREE_DEPTH = 20;
-static const unsigned int INCREMENTAL_MERKLE_TREE_DEPTH_TESTING = 4;
+#include "Zcash.h"

 namespace libzcash {

--- a/src/zcash/NoteEncryption.cpp
+++ b/src/zcash/NoteEncryption.cpp
@ -165,7 +165,7 @@ uint256 random_uint256()
    return ret;
 }

-template class NoteEncryption<ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
-template class NoteDecryption<ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE>;
+template class NoteEncryption<ZCASH_NOTEPLAINTEXT_LEADING + ZCASH_V_SIZE + ZCASH_RHO_SIZE + ZCASH_R_SIZE + ZCASH_MEMO_SIZE>;
+template class NoteDecryption<ZCASH_NOTEPLAINTEXT_LEADING + ZCASH_V_SIZE + ZCASH_RHO_SIZE + ZCASH_R_SIZE + ZCASH_MEMO_SIZE>;

 }
--- a/src/zcash/NoteEncryption.hpp
+++ b/src/zcash/NoteEncryption.hpp
@ -9,7 +9,7 @@ https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
 #include <boost/array.hpp>
 #include "uint256.h"

-#include "zerocash/Zerocash.h"
+#include "zcash/Zcash.h"

 namespace libzcash {

@ -73,7 +73,7 @@ uint256 random_uint256();

 }

-typedef libzcash::NoteEncryption<ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE> ZCNoteEncryption;
-typedef libzcash::NoteDecryption<ZC_V_SIZE + ZC_RHO_SIZE + ZC_R_SIZE + ZC_MEMO_SIZE> ZCNoteDecryption;
+typedef libzcash::NoteEncryption<ZCASH_NOTEPLAINTEXT_LEADING + ZCASH_V_SIZE + ZCASH_RHO_SIZE + ZCASH_R_SIZE + ZCASH_MEMO_SIZE> ZCNoteEncryption;
+typedef libzcash::NoteDecryption<ZCASH_NOTEPLAINTEXT_LEADING + ZCASH_V_SIZE + ZCASH_RHO_SIZE + ZCASH_R_SIZE + ZCASH_MEMO_SIZE> ZCNoteDecryption;

-#endif /* ZC_NOTE_ENCRYPTION_H_ */
+#endif /* ZC_NOTE_ENCRYPTION_H_ */
--- a/src/zcash/Zcash.h
+++ b/src/zcash/Zcash.h
@ -0,0 +1,18 @@
+#ifndef _ZCCONSTANTS_H_
+#define _ZCCONSTANTS_H_
+
+#define ZC_NUM_JS_INPUTS 2
+#define ZC_NUM_JS_OUTPUTS 2
+#define INCREMENTAL_MERKLE_TREE_DEPTH 20
+#define INCREMENTAL_MERKLE_TREE_DEPTH_TESTING 4
+
+// TODO: these constants should be 'ZC'
+// for consistency, but I didn't want to
+// interfere with the old constants
+#define ZCASH_NOTEPLAINTEXT_LEADING 1
+#define ZCASH_V_SIZE 8
+#define ZCASH_RHO_SIZE 32
+#define ZCASH_R_SIZE 32
+#define ZCASH_MEMO_SIZE 128
+
+#endif // _ZCCONSTANTS_H_
--- a/src/zcbenchmarks.cpp
+++ b/src/zcbenchmarks.cpp
@ -2,6 +2,7 @@

 #include <unistd.h>
 #include <boost/filesystem.hpp>
+#include "zcash/Zcash.h"
 #include "zerocash/ZerocashParams.h"
 #include "coins.h"
 #include "util.h"
@ -69,19 +70,16 @@ double benchmark_create_joinsplit()
    std::vector<PourInput> vpourin;
    std::vector<PourOutput> vpourout;

-    while (vpourin.size() < NUM_POUR_INPUTS) {
+    while (vpourin.size() < ZC_NUM_JS_INPUTS) {
        vpourin.push_back(PourInput(INCREMENTAL_MERKLE_TREE_DEPTH));
    }

-    while (vpourout.size() < NUM_POUR_OUTPUTS) {
+    while (vpourout.size() < ZC_NUM_JS_OUTPUTS) {
        vpourout.push_back(PourOutput(0));
    }

    /* Get the anchor of an empty commitment tree. */
-    IncrementalMerkleTree blank_tree(INCREMENTAL_MERKLE_TREE_DEPTH);
-    std::vector<unsigned char> newrt_v(32);
-    blank_tree.getRootValue(newrt_v);
-    uint256 anchor = uint256(newrt_v);
+    uint256 anchor = ZCIncrementalMerkleTree().root();

    timer_start();
    CPourTx pourtx(*pzerocashParams,
--- a/src/zerocash/PourTransaction.cpp
+++ b/src/zerocash/PourTransaction.cpp
@ -301,10 +301,11 @@ void PourTransaction::init(uint16_t version_num,
        std::vector<unsigned char> memo(ZC_MEMO_SIZE, 0x00);
        plaintext_internals.insert(plaintext_internals.end(), memo.begin(), memo.end());

-        assert(plaintext_internals.size() == 216);
+        // This is all going away.
+        assert(plaintext_internals.size() >= 201);

-        boost::array<unsigned char, 216> pt;
-        memcpy(&pt[0], &plaintext_internals[0], 216);
+        boost::array<unsigned char, 201> pt;
+        memcpy(&pt[0], &plaintext_internals[0], 201);

        this->ciphertext_1 = encryptor.encrypt(addr_1_new.getEncryptionPublicKey(),
                                               pt);
@ -318,10 +319,11 @@ void PourTransaction::init(uint16_t version_num,
        std::vector<unsigned char> memo(ZC_MEMO_SIZE, 0x00);
        plaintext_internals.insert(plaintext_internals.end(), memo.begin(), memo.end());

-        assert(plaintext_internals.size() == 216);
+        // This is all going away.
+        assert(plaintext_internals.size() >= 201);

-        boost::array<unsigned char, 216> pt;
-        memcpy(&pt[0], &plaintext_internals[0], 216);
+        boost::array<unsigned char, 201> pt;
+        memcpy(&pt[0], &plaintext_internals[0], 201);

        this->ciphertext_2 = encryptor.encrypt(addr_2_new.getEncryptionPublicKey(),
                                               pt);