Auto merge of #954 - ebfull:fix-cpourtx-structure, r=ebfull

CPourTx structural changes * Enable binary serialization of proofs and the proving key (closes #799) and make the proofs fixed-size. * Reorder fields of CPourTx to match the spec (closes #927)
8 years ago · 8ff7c0752e
15 changed files with 539 additions and 537 deletions
--- a/configure.ac
+++ b/configure.ac
@ -39,10 +39,8 @@ else
  CXXFLAGS_overridden=no
 fi

-# Zerocash requries C++11 compatibility; set it early:
+# Zcash requries C++11 compatibility; set it early:
 CXXFLAGS="-std=c++11 $CXXFLAGS"
-# Zerocash uses this libsnark curve:
-CPPFLAGS="-DCURVE_ALT_BN128 $CPPFLAGS"

 AC_PROG_CXX
 m4_ifdef([AC_PROG_OBJCXX],[AC_PROG_OBJCXX])
--- a/depends/packages/libsnark.mk
+++ b/depends/packages/libsnark.mk
@ -15,7 +15,7 @@ define $(package)_preprocess_cmds
 endef

 define $(package)_build_cmds
-  CXXFLAGS="-fPIC -DNO_PT_COMPRESSION=1" $(MAKE) lib DEPINST=$(host_prefix) CURVE=ALT_BN128 NO_PROCPS=1 NO_GTEST=1 NO_DOCS=1 STATIC=1 NO_SUPERCOP=1
+  CXXFLAGS="-fPIC -DBINARY_OUTPUT -DNO_PT_COMPRESSION=1" $(MAKE) lib DEPINST=$(host_prefix) CURVE=ALT_BN128 NO_PROCPS=1 NO_GTEST=1 NO_DOCS=1 STATIC=1 NO_SUPERCOP=1
 endef

 define $(package)_stage_cmds
--- a/qa/zcash/performance-measurements.sh
+++ b/qa/zcash/performance-measurements.sh
@ -34,7 +34,7 @@ function zcashd_massif_stop {
    ms_print massif.out
 }

-RAWTXWITHPOUR=020000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024c7ec193fc98ef10d3cf232d795dd44a8f2c8ab94fd25d136ccc86d118d412ff17838c9497c3d388ec07fbdc99a37c2854a3b6b87b1b4d68bfa7c35bab45aeaf1e34486be8d6b2e0d98a063c277001914ef50dddee4e2215ee58eb3416ffdfdead5ddb03804822868b676fb87d56a34c24b6f7facc476fa3acba6bfe81f7d7dda6be52f7ce9c7e863a1d9177907521f4cf3012b5534edeeb391c92207269a08c3bea8ebc33ab251a6a0ae8407fc1a7ab6e8be36e04dfa8f143a58963133c775f04b154ef7b41107d73d6f2a8fc3cab14ffc44376b712ec7714b4e121dd418f51ed8c6a599ac50ff3e696781bec94ac11d8065f915a0abd6656439f4a7fbc55ff0efcae1403a9d9001504cd167ca97c4ecf9d8f8904ab4d310ac84084c62f04a100423dd933be1c7b33d13bbe22f93aaccb0f79854a739fc1ce38bd13e0a6b6ad3eddac4d457eeb6dff47bc4ebc04428437a9e7e2dd71ac1f631b619c30361f7045aefe8cac34d9bd1f47e8f598cea7b4fe212d81cfcdd69f29e543e846cba4c1a6bae736e85b76f33d3431cbca19bd2243ccac6c30434d564f8920fc597bec7d202d95d010a920df18df9c3e8e15950d105809c7e5d57eb780875df5cc22f9aece88561c03a3da4d70cceef7ade85ed071ebc5e0ca3e166d6d82dfcf79bdef0ac0c02b9b716ea10d9d5daa4af992660c7128191d5487edc9a0951ee3c65a14baa1974db470e783d91e5114e4579608a1bdcce715050650231a952890cce01226f5d6f2c8b1d8868ee51deeaecef0da4f291df1e4e6d2a1e7fc9c00bef293f458f9e4391b396c03e453522f3188d8d0cf12f1d7f69780563ff449592c9b0249ffe6f8ae9f2167acf5094a6fa08f07f5bb36fbe0a94139a090305488923ba108213916f8d3b9de21586b952938b5a2563c3055fc3804581abc9dad45fb3721ea000f835dd7560bf686b057736710106113006fd88053020313436373432373635323732303533373131313331313437363032353839383932363036333330313738353230313030303933373539373534333233363030363530363833303136323538363720313732373130363635383738303430393731313235353835363637383734363934373030393830323731303036313532353732303437393539333437313236373330323734353136393337353720302032303831383832343535373436343637313436323832373235363234393531303135393935343736383438363836383638393133323136373337393239343737353032353533373639383932302031343537363435373732313933313534383536333934303732333434343431313731363130393935313436303035343138323939383036333039313735373039313230353237333636373634350a3020313837333133313335393838363137383534313838333832313234303539363438333132373935313637323436313734363133353930323235383536323436353938323037373136363739353120373731303539343839353436353331343133353635323631363637383731333832363139323534333033353333303230343038353532353435373936343330323238383038353936333035372033393238323630343737373833363032333631383533393033303532383933393434343639383238313430343235303637373630303232393931303339383538323436313031323932393832203231353835373031383531313237343139373433383336383538353733393333323238313230343538343437393833343735393537393736363530373433343731343330383036373331343039203020323037303431373036353339393033313034353239313333393435343035353132383737363534363335303837333334343636343630373930383534343139333334353738343337363538363220343938303931373435383431353030373738343035323137393136333836303031373634313737303433313530343538333637323939373935313736313430383037323933333935363334320a3020313734373431323532313139313134303139323333373338363330373430313233333634363136353539373831333735393639383135313532353934383634383235383036393930363437343620313430393930383734353239353830393935373937393830333038363439313232303132343230393138353332353735393632333832303933383438363636373435373237343739303439383820302031313535303936313835373236323531303431343530393633383238313537363737393233303838383231303632343931363433323032353035393039313630363737333538303236383430392031333537363330343835343433323031353937373136363735343430333233313033393830313734363739333035393630363933393635303931393436353038373130363732303132393531340a302032313737383334373037373231393833313033323139383636353536353838393039313934303138303939393537363830333435383838353232383735373336343231343538343436353731362031333531363133333832303232393737353734363930393130393832383932313435303238313134333539343930383433343137373135363635353135313736303536313437373131383638340a3020313939343535383534323238373237313134353535393633303332353932373130313136323337343831333731333931323838383538343530383933343236333238383039363231333337343020393631333030303238303530383434343630373235353637353935333130393431323539313435343637393338393838333533353434313635313239353434383034363238323939363934350a
+RAWTXWITHPOUR=0200000000000000000001000000000000000000000000000000000323f2850bf3444f4b4c5c09a6057ec7169190f45acb9e46984ab3dfcec4f06a8d79e396e84944d99b460d3754333077a928a3c5f14ec09caa0fdd673c7fc15081dc0f4fe0d4857f4358196c95851726e04e4a95ec3611296cf420a8c71d2049981e9dc335c795cfadf4d95c4b9202a921258359fd7fd4f7850d0a806cd7e209f70177da93e9cdc2d07d20828ff131d848cc73e6f3886dfd40f0838d9374f2745f782a6cfc7aa298cc202c4db4c59dd39cda9fcedd4b2aae54686870c7c8b003b51b5451a453f8c6b9f55b3b981e978d7715a7080895f1ae2f7bbb9e8496faee51830df988fe808e3ef5f38d225cb71cb0f60a88cd921d3430a059b081fd5601148f7ca17825ad331ed5c7fdf4c17e15240ae85f762c97bba31d8dcf51753b067d1052890a55f9d83ae6e603af1d192dd0ac5d25b65c933627b615d76c34656452e4e9e19c7a414ca2cc9b66a4900d039021506a078a532d2487e752a854434246d8f5ac93d148b90dcf3b024d6d4df16ddaafb651079150fcd50b3dd2f680c0d80f7b2617426de29aa7f792c41d6f0d5552fde7eddc18d6795a9767d69e2ffcc5d6d1d0ae71a6386f12bb7df9c9d5169855805f31f42bc04d313e414ae1c4794d8079b174a2fc05f70677e8e008cd267ba71bf44c0829ec033b757cb426097f260ebbb29ed331168e1a8572473e3cfa421671f5d2b69187f17475d485f7ae0bdefdfce7af74fe2b8ffb4bbe3e1c7ab17e0f666d0c738ada456e1abc8c1dae24ed0e0791b3d7fd037c17b00f5d25abbe96c6ab0a7aecee5bc7520ae74dcc8acfde6c734b9cfae0085998ef16431b90fad0614fe67e48d859a86efdea236566350ffbf519932462df325cba7f9d7c5ad5279169de710ff6eceed2248eab72838200d249fc7ef9c429d7f774ff5e37a65f5572cf4c7956953e763e7e5b439d5cd0db5ddbaefe2943bebac008b555fd96b9425ac3d320378d7423f488ed14754894399776f7c13578e2a00d3289a82813a2718c30f3b267cb441a5dd217302c447747cb1c592b5e0ccfdc7d36e0f4150650f7b10d0336050c3e444729ab0d5e8cd860ad442d25517474c1ec5a7d1a47fab6c7190a3056a83d83525ac2d20bb462b0d57447b61fecc9c905204dda0a99d1580d757121e63c53fd6ac8364ca4caf0b1b646c51f317637725df2687c2e4dfb6587f16d1d303dc568bf6419df13b5a342bdce8ad531befaef8deee524fe81b0503e0b338812e2e1db117f13adfd9bd362021832f7e5d983687e15f13dd654251d7eb768ac17dd282065004071e472c756a8ab577eb1db77afc56d6f2466aca110d7815d8016707e7fc7e96c049112428b41627f1f456bee4fe833f48e4d9729ffa23025e31230711efd6f5fd254c076a73c2d0822267076d5fe6dc3548e423de7d1259b03d309775378033b5eaabc0c683f9d4088beb4848706a175caf9ce81cf794542259c2b3097370ae0ea118c1be181ee48703bdb7a72672d1a4e95dd562cad6207ed9201276f63557110e965ea018f3f73965aec10e4719952c2020081fc91a7b594f9c20830c7aed6b45c5dcd8b7f6f7feb66c47e5fd66d77d300b8892407ca26cef4c3061d17b291577892711bb3fba39c638113275087eb033b33ceb1a6eff0ef3023770530b93375d746f4b16f33e8d5ac8874f06cd02310dfa2949564a11e76c0b07f030ea112adacf5a0660208e182934547b1369145c103f34ba0056e76bcaf5be9091030937e784c03b28557749d3937b175fca117be92e139faf2cbab8225251ac4eb2c898f7177c21bd2abf7e6149b79fb95647975e2b6d97ecd5f854d5de5a9d52208

 case "$1" in
    time)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -416,7 +416,7 @@ libzcash_a_SOURCES = \
  zcash/prf.cpp \
  zcash/util.cpp

-libzcash_a_CPPFLAGS = -fPIC -DCURVE_ALT_BN128 -DBOOST_SPIRIT_THREADSAFE -DHAVE_BUILD_INFO -D__STDC_FORMAT_MACROS $(HARDENED_CPPFLAGS) -std=c++11 -pipe -O2 -O0 -g -Wstack-protector -fstack-protector-all -fPIE -fvisibility=hidden -DSTATIC $(BITCOIN_INCLUDES)
+libzcash_a_CPPFLAGS = -fPIC -DBINARY_OUTPUT -DCURVE_ALT_BN128 -DBOOST_SPIRIT_THREADSAFE -DHAVE_BUILD_INFO -D__STDC_FORMAT_MACROS $(HARDENED_CPPFLAGS) -pipe -O2 -O0 -g -Wstack-protector -fstack-protector-all -fPIE -fvisibility=hidden -DSTATIC $(BITCOIN_INCLUDES)

 # bitcoinconsensus library #
 if BUILD_BITCOIN_LIBS
--- a/src/Makefile.gtest.include
+++ b/src/Makefile.gtest.include
@ -11,6 +11,8 @@ zcash_gtest_SOURCES = \
 	gtest/test_merkletree.cpp \
 	gtest/test_circuit.cpp

+zcash_gtest_CPPFLAGS = -DBINARY_OUTPUT -DCURVE_ALT_BN128 -DSTATIC
+
 zcash_gtest_LDADD = -lgtest $(LIBBITCOIN_SERVER) $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CRYPTO) $(LIBBITCOIN_UNIVALUE) $(LIBLEVELDB) $(LIBMEMENV) \
  $(BOOST_LIBS) $(BOOST_UNIT_TEST_FRAMEWORK_LIB) $(LIBSECP256K1)
 if ENABLE_WALLET
--- a/src/gtest/test_joinsplit.cpp
+++ b/src/gtest/test_joinsplit.cpp
@ -33,7 +33,7 @@ void test_full_api(ZCJoinSplit* js)
    boost::array<uint256, 2> commitments;
    uint256 rt = tree.root();
    boost::array<ZCNoteEncryption::Ciphertext, 2> ciphertexts;
-    std::string proof;
+    boost::array<unsigned char, ZKSNARK_PROOF_SIZE> proof;

    {
        boost::array<JSInput, 2> inputs = {
--- a/src/init.cpp
+++ b/src/init.cpp
@ -603,8 +603,8 @@ static void ZC_LoadParams()
    struct timeval tv_start, tv_end;
    float elapsed;

-    boost::filesystem::path pk_path = ZC_GetParamsDir() / "z3-proving.key";
-    boost::filesystem::path vk_path = ZC_GetParamsDir() / "z3-verification.key";
+    boost::filesystem::path pk_path = ZC_GetParamsDir() / "z4-proving.key";
+    boost::filesystem::path vk_path = ZC_GetParamsDir() / "z4-verification.key";

    pzcashParams = ZCJoinSplit::Unopened();

--- a/src/primitives/transaction.h
+++ b/src/primitives/transaction.h
@ -44,15 +44,15 @@ public:
    // to spend it.
    boost::array<uint256, ZC_NUM_JS_OUTPUTS> commitments;

+    // Ephemeral key
+    uint256 ephemeralKey;
+
    // Ciphertexts
    // These contain trapdoors, values and other information
    // that the recipient needs, including a memo field. It
    // is encrypted using the scheme implemented in crypto/NoteEncryption.cpp
    boost::array<ZCNoteEncryption::Ciphertext, ZC_NUM_JS_OUTPUTS> ciphertexts;

-    // Ephemeral key
-    uint256 ephemeralKey;
-
    // Random seed
    uint256 randomSeed;

@ -63,7 +63,7 @@ public:

    // Pour proof
    // This is a zk-SNARK which ensures that this pour is valid.
-    std::string proof;
+    boost::array<unsigned char, ZKSNARK_PROOF_SIZE> proof;

    CPourTx(): vpub_old(0), vpub_new(0) { }

@ -91,8 +91,8 @@ public:
        READWRITE(anchor);
        READWRITE(serials);
        READWRITE(commitments);
-        READWRITE(ciphertexts);
        READWRITE(ephemeralKey);
+        READWRITE(ciphertexts);
        READWRITE(randomSeed);
        READWRITE(macs);
        READWRITE(proof);
@ -106,8 +106,8 @@ public:
            a.anchor == b.anchor &&
            a.serials == b.serials &&
            a.commitments == b.commitments &&
-            a.ciphertexts == b.ciphertexts &&
            a.ephemeralKey == b.ephemeralKey &&
+            a.ciphertexts == b.ciphertexts &&
            a.randomSeed == b.randomSeed &&
            a.macs == b.macs &&
            a.proof == b.proof
--- a/src/test/data/sighash.json
+++ b/src/test/data/sighash.json
--- a/src/test/sighash_tests.cpp
+++ b/src/test/sighash_tests.cpp
@ -133,16 +133,9 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle) {
            pourtx.randomSeed = GetRandHash();
            randombytes_buf(pourtx.ciphertexts[0].begin(), pourtx.ciphertexts[0].size());
            randombytes_buf(pourtx.ciphertexts[1].begin(), pourtx.ciphertexts[1].size());
+            randombytes_buf(pourtx.proof.begin(), pourtx.proof.size());
            pourtx.macs[0] = GetRandHash();
            pourtx.macs[1] = GetRandHash();
-            {
-                std::vector<unsigned char> txt;
-                int prooflen = insecure_rand() % 1000;
-                for (int i = 0; i < prooflen; i++) {
-                    txt.push_back(insecure_rand() % 256);
-                }
-                pourtx.proof = std::string(txt.begin(), txt.end());
-            }

            tx.vpour.push_back(pourtx);
        }
--- a/src/zcash/JoinSplit.cpp
+++ b/src/zcash/JoinSplit.cpp
@ -126,7 +126,7 @@ public:
    JoinSplitCircuit() {}

    bool verify(
-        const std::string& proof,
+        const boost::array<unsigned char, ZKSNARK_PROOF_SIZE>& proof,
        const uint256& pubKeyHash,
        const uint256& randomSeed,
        const boost::array<uint256, NumInputs>& macs,
@ -142,7 +142,8 @@ public:

        r1cs_ppzksnark_proof<ppzksnark_ppT> r1cs_proof;
        std::stringstream ss;
-        ss.str(proof);
+        std::string proof_str(proof.begin(), proof.end());
+        ss.str(proof_str);
        ss >> r1cs_proof;

        uint256 h_sig = this->h_sig(randomSeed, nullifiers, pubKeyHash);
@ -160,7 +161,7 @@ public:
        return r1cs_ppzksnark_verifier_strong_IC<ppzksnark_ppT>(*vk, witness, r1cs_proof);
    }

-    std::string prove(
+    boost::array<unsigned char, ZKSNARK_PROOF_SIZE> prove(
        const boost::array<JSInput, NumInputs>& inputs,
        const boost::array<JSOutput, NumOutputs>& outputs,
        boost::array<Note, NumOutputs>& out_notes,
@ -266,8 +267,14 @@ public:

        std::stringstream ss;
        ss << proof;
+        std::string serialized_proof = ss.str();

-        return ss.str();
+        boost::array<unsigned char, ZKSNARK_PROOF_SIZE> result_proof;
+        //std::cout << "proof size in bytes when serialized: " << serialized_proof.size() << std::endl;
+        assert(serialized_proof.size() == ZKSNARK_PROOF_SIZE);
+        memcpy(&result_proof[0], &serialized_proof[0], ZKSNARK_PROOF_SIZE);
+
+        return result_proof;
    }
 };

--- a/src/zcash/JoinSplit.hpp
+++ b/src/zcash/JoinSplit.hpp
@ -59,7 +59,7 @@ public:
    virtual void loadVerifyingKey(std::string path) = 0;
    virtual void saveVerifyingKey(std::string path) = 0;

-    virtual std::string prove(
+    virtual boost::array<unsigned char, ZKSNARK_PROOF_SIZE> prove(
        const boost::array<JSInput, NumInputs>& inputs,
        const boost::array<JSOutput, NumOutputs>& outputs,
        boost::array<Note, NumOutputs>& out_notes,
@ -76,7 +76,7 @@ public:
    ) = 0;

    virtual bool verify(
-        const std::string& proof,
+        const boost::array<unsigned char, ZKSNARK_PROOF_SIZE>& proof,
        const uint256& pubKeyHash,
        const uint256& randomSeed,
        const boost::array<uint256, NumInputs>& hmacs,
--- a/src/zcash/Zcash.h
+++ b/src/zcash/Zcash.h
@ -12,4 +12,6 @@
 #define ZC_R_SIZE 32
 #define ZC_MEMO_SIZE 128

+#define ZKSNARK_PROOF_SIZE 584
+
 #endif // _ZCCONSTANTS_H_
--- a/src/zcbenchmarks.cpp
+++ b/src/zcbenchmarks.cpp
@ -44,8 +44,8 @@ double benchmark_sleep()
 double benchmark_parameter_loading()
 {
    // FIXME: this is duplicated with the actual loading code
-    boost::filesystem::path pk_path = ZC_GetParamsDir() / "z3-proving.key";
-    boost::filesystem::path vk_path = ZC_GetParamsDir() / "z3-verification.key";
+    boost::filesystem::path pk_path = ZC_GetParamsDir() / "z4-proving.key";
+    boost::filesystem::path vk_path = ZC_GetParamsDir() / "z4-verification.key";

    timer_start();

--- a/zcutil/fetch-params.sh
+++ b/zcutil/fetch-params.sh
@ -4,8 +4,8 @@ set -eu

 PARAMS_DIR="$HOME/.zcash-params"

-REGTEST_PKEY_NAME='z3-proving.key'
-REGTEST_VKEY_NAME='z3-verification.key'
+REGTEST_PKEY_NAME='z4-proving.key'
+REGTEST_VKEY_NAME='z4-verification.key'
 REGTEST_PKEY_URL="https://z.cash/downloads/$REGTEST_PKEY_NAME"
 REGTEST_VKEY_URL="https://z.cash/downloads/$REGTEST_VKEY_NAME"
 REGTEST_DIR="$PARAMS_DIR/regtest"
@ -86,9 +86,9 @@ cd "$PARAMS_DIR"
 # Now verify their hashes:
 echo 'Verifying parameter file integrity via sha256sum...'
 shasum -a 256 --check <<EOF
-1f16beeafe4f0a22cc6d0ea07bdacb083dd10bfd5ce755f72fb5eaeba0ba7286  regtest/$REGTEST_PKEY_NAME
-1f16beeafe4f0a22cc6d0ea07bdacb083dd10bfd5ce755f72fb5eaeba0ba7286  testnet3/$REGTEST_PKEY_NAME
-3840f3192c987a032fc1855e0a6081b62ae9df98172c9d68e7ecf8bb38b18426  regtest/$REGTEST_VKEY_NAME
-3840f3192c987a032fc1855e0a6081b62ae9df98172c9d68e7ecf8bb38b18426  testnet3/$REGTEST_VKEY_NAME
+25014d1a836b180b9afc847b98feb9fadf43afd2875ecf1a026c2aed0d74f5d0  regtest/$REGTEST_PKEY_NAME
+25014d1a836b180b9afc847b98feb9fadf43afd2875ecf1a026c2aed0d74f5d0  testnet3/$REGTEST_PKEY_NAME
+e6b1afb87d24b41a9abc9e3500c0758f377c172505cd5795bac713b5de737388  regtest/$REGTEST_VKEY_NAME
+e6b1afb87d24b41a9abc9e3500c0758f377c172505cd5795bac713b5de737388  testnet3/$REGTEST_VKEY_NAME
 EOF