Auto merge of #3272 - bitcartel:3061_sapling_add_notes, r=bitcartel

Add SaplingNote class Part of #3061, adding SaplingNote class.
6 years ago · 4f18c693c3
5 changed files with 149 additions and 7 deletions
--- a/depends/packages/librustzcash.mk
+++ b/depends/packages/librustzcash.mk
@ -3,8 +3,8 @@ $(package)_version=0.1
 $(package)_download_path=https://github.com/zcash/$(package)/archive/
 $(package)_file_name=$(package)-$($(package)_git_commit).tar.gz
 $(package)_download_file=$($(package)_git_commit).tar.gz
-$(package)_sha256_hash=b96a0646d4c4856bc6171dc26cce10644a6129ac92b73a91f94246fb6b7f3516
-$(package)_git_commit=18f4945d942cc53e336c40bf13080934179a9047
+$(package)_sha256_hash=5231145ea6abf61092c21b6770baf3af65994f83dff96b10118ba5dd53451f26
+$(package)_git_commit=0af1ce8bf121e1ad367db907c39d214581e270a6
 $(package)_dependencies=rust $(rust_crates)
 $(package)_patches=cargo.config

--- a/src/Makefile.gtest.include
+++ b/src/Makefile.gtest.include
@ -32,6 +32,7 @@ zcash_gtest_SOURCES += \
 	gtest/test_pow.cpp \
 	gtest/test_random.cpp \
 	gtest/test_rpc.cpp \
+	gtest/test_sapling_note.cpp \
 	gtest/test_transaction.cpp \
 	gtest/test_upgrades.cpp \
 	gtest/test_validation.cpp \
--- a/src/gtest/test_sapling_note.cpp
+++ b/src/gtest/test_sapling_note.cpp
@ -0,0 +1,72 @@
+#include <gtest/gtest.h>
+
+#include "zcash/Address.hpp"
+#include "zcash/Note.hpp"
+
+#include "amount.h"
+#include "random.h"
+#include "librustzcash.h"
+
+#include <array>
+
+using namespace libzcash;
+
+// Test data from https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_key_components.py
+TEST(SaplingNote, TestVectors)
+{
+    uint64_t v = 0;
+    uint64_t note_pos = 0;
+    std::array<uint8_t, 11> diversifier{0xf1, 0x9d, 0x9b, 0x79, 0x7e, 0x39, 0xf3, 0x37, 0x44, 0x58, 0x39};
+    std::vector<uint8_t> v_sk{
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00};
+    std::vector<uint8_t> v_pk_d{
+        0xdb, 0x4c, 0xd2, 0xb0, 0xaa, 0xc4, 0xf7, 0xeb, 0x8c, 0xa1, 0x31, 0xf1, 0x65, 0x67,
+        0xc4, 0x45, 0xa9, 0x55, 0x51, 0x26, 0xd3, 0xc2, 0x9f, 0x14, 0xe3, 0xd7, 0x76, 0xe8,
+        0x41, 0xae, 0x74, 0x15};
+    std::vector<uint8_t> v_r{
+        0x39, 0x17, 0x6d, 0xac, 0x39, 0xac, 0xe4, 0x98, 0x0e, 0xcc, 0x8d, 0x77, 0x8e, 0x89,
+        0x86, 0x02, 0x55, 0xec, 0x36, 0x15, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00};
+    std::vector<uint8_t> v_cm{
+        0xcb, 0x3c, 0xf9, 0x15, 0x32, 0x70, 0xd5, 0x7e, 0xb9, 0x14, 0xc6, 0xc2, 0xbc, 0xc0,
+        0x18, 0x50, 0xc9, 0xfe, 0xd4, 0x4f, 0xce, 0x08, 0x06, 0x27, 0x8f, 0x08, 0x3e, 0xf2,
+        0xdd, 0x07, 0x64, 0x39};
+    std::vector<uint8_t> v_nf{
+        0x44, 0xfa, 0xd6, 0x56, 0x4f, 0xfd, 0xec, 0x9f, 0xa1, 0x9c, 0x43, 0xa2, 0x8f, 0x86,
+        0x1d, 0x5e, 0xbf, 0x60, 0x23, 0x46, 0x00, 0x7d, 0xe7, 0x62, 0x67, 0xd9, 0x75, 0x27,
+        0x47, 0xab, 0x40, 0x63};
+    uint256 sk(v_sk);
+    uint256 pk_d(v_pk_d);
+    uint256 r(v_r);
+    uint256 cm(v_cm);
+    uint256 nf(v_nf);
+
+    // Test commitment
+    SaplingNote note = SaplingNote(diversifier, pk_d, v, r);
+    ASSERT_EQ(note.cm().get(), cm);
+
+    // Test nullifier
+    SaplingSpendingKey spendingKey(sk);
+    ASSERT_EQ(note.nullifier(spendingKey, note_pos), nf);
+}
+
+
+TEST(SaplingNote, Random)
+{
+    // Test creating random notes using the same spending key
+    auto address = SaplingSpendingKey::random().default_address().get();
+    SaplingNote note1(address, GetRand(MAX_MONEY));
+    SaplingNote note2(address, GetRand(MAX_MONEY));
+
+    ASSERT_EQ(note1.d, note2.d);
+    ASSERT_EQ(note1.pk_d, note2.pk_d);
+    ASSERT_NE(note1.value(), note2.value());
+    ASSERT_NE(note1.r, note2.r);
+
+    // Test diversifier and pk_d are not the same for different spending keys
+    SaplingNote note3(SaplingSpendingKey::random().default_address().get(), GetRand(MAX_MONEY));
+    ASSERT_NE(note1.d, note3.d);
+    ASSERT_NE(note1.pk_d, note3.pk_d);
+}
--- a/src/zcash/Note.cpp
+++ b/src/zcash/Note.cpp
@ -2,12 +2,14 @@
 #include "prf.h"
 #include "crypto/sha256.h"

+#include "random.h"
 #include "version.h"
 #include "streams.h"

 #include "zcash/util.h"
+#include "librustzcash.h"

-namespace libzcash {
+using namespace libzcash;

 SproutNote::SproutNote() {
    a_pk = random_uint256();
@ -38,6 +40,55 @@ uint256 SproutNote::nullifier(const SproutSpendingKey& a_sk) const {
    return PRF_nf(a_sk, rho);
 }

+// Construct and populate Sapling note for a given payment address and value.
+SaplingNote::SaplingNote(const SaplingPaymentAddress& address, const uint64_t value) : BaseNote(value) {
+    d = address.d;
+    pk_d = address.pk_d;
+    librustzcash_sapling_generate_r(r.begin());
+}
+
+// Call librustzcash to compute the commitment
+boost::optional<uint256> SaplingNote::cm() const {
+    uint256 result;
+    if (!librustzcash_sapling_compute_cm(
+            d.data(),
+            pk_d.begin(),
+            value(),
+            r.begin(),
+            result.begin()
+        ))
+    {
+        return boost::none;
+    }
+
+    return result;
+}
+
+// Call librustzcash to compute the nullifier
+boost::optional<uint256> SaplingNote::nullifier(const SaplingSpendingKey& sk, const uint64_t position) const
+{
+    auto vk = sk.full_viewing_key();
+    auto ak = vk.ak;
+    auto nk = vk.nk;
+
+    uint256 result;
+    if (!librustzcash_sapling_compute_nf(
+            d.data(),
+            pk_d.begin(),
+            value(),
+            r.begin(),
+            ak.begin(),
+            nk.begin(),
+            position,
+            result.begin()
+    ))
+    {
+        return boost::none;
+    }
+
+    return result;
+}
+
 SproutNotePlaintext::SproutNotePlaintext(
    const SproutNote& note,
    std::array<unsigned char, ZC_MEMO_SIZE> memo) : BaseNotePlaintext(note, memo)
@ -86,5 +137,3 @@ ZCNoteEncryption::Ciphertext SproutNotePlaintext::encrypt(ZCNoteEncryption& encr

    return encryptor.encrypt(pk_enc, pt);
 }
-
-}
--- a/src/zcash/Note.hpp
+++ b/src/zcash/Note.hpp
@ -7,6 +7,7 @@
 #include "NoteEncryption.hpp"

 #include <array>
+#include <boost/optional.hpp>

 namespace libzcash {

@ -18,7 +19,6 @@ public:
    BaseNote(uint64_t value) : value_(value) {};
    virtual ~BaseNote() {};

-    virtual uint256 cm() const = 0;
    inline uint64_t value() const { return value_; };
 };

@ -35,11 +35,31 @@ public:

    virtual ~SproutNote() {};

-    virtual uint256 cm() const override;
+    uint256 cm() const;

    uint256 nullifier(const SproutSpendingKey& a_sk) const;
 };

+
+class SaplingNote : public BaseNote {
+public:
+    diversifier_t d;
+    uint256 pk_d;
+    uint256 r;
+
+    SaplingNote(diversifier_t d, uint256 pk_d, uint64_t value, uint256 r)
+            : BaseNote(value), d(d), pk_d(pk_d), r(r) {}
+
+    SaplingNote() {};
+
+    SaplingNote(const SaplingPaymentAddress &address, uint64_t value);
+
+    virtual ~SaplingNote() {};
+
+    boost::optional<uint256> cm() const;
+    boost::optional<uint256> nullifier(const SaplingSpendingKey &sk, const uint64_t position) const;
+};
+
 class BaseNotePlaintext {
 protected:
    uint64_t value_ = 0;