This commit drastically improves the privacy of the HUSH anonymity set
under attacks which ingest wallet.dat's which have been obtained by
seizure, i.e. stealing someones HUSH wallet.dat and putting it into
chain analysis software. Ciphertrace is known to do this to ZEC and XMR
and we can assume all chain analysis companies are implementing new
ways to de-anonymize privacy coins with any data they can obtain.
Instead of randomly sending to a randomly chosen static address,
hushd Sietch zdust addresses are now randomly generated at run-time. These
addresses are not stored in wallet.dat in any way and their private keys
are not known except by the internal memory of hushd for a few milliseconds.
This data is not stored in long-lived data structures of hushd, only as long
as the RPC z_getnewaddress is running or the equivalent function for internals
code paths. The seeds or private keys of these addresses are never stored on disk.
This now brings hushd on par with SDL, which already does this via a
different but equivalent seed phrase technique.
With this technique, if a HUSH wallet.dat is seized, it's impossible to tell
if any of the shielded outputs are random Sietch zdust with random data payload
or a one-time-use zaddr with encrypted payload.
These new CLI args control the interval of the 1st halving (between
1st and 2nd halving blocks) and the 2nd halving (between 2nd and 3rd
halving blocks). -ac_halving2 is used for all subsequent halvings.
This allows devs to simulate things via the CLI without changing code,
to verify things work as expected at halvings in the far future.
This extremely important consensus-changing code takes into account
that with our new 75s block time, which gives us twice as many blocks
per day, we must divide our block reward by two in the next
halving interval, becoming 3.125 HUSH per block insted of 6.25 HUSH
under the old rules of 150s blocks.
Subsequent halving intervals do not change block times, and so they
follow the normal pattern of halving.
This commit has a number of rough edges:
* Final BR height is still incorrect
* Due to above, exact number of halvings is unknown under new
75s blocktime
Duke Leto
DenioD