Changes to TXID generation to account for ZSA additions

pyproject.toml

@@ -40,6 +40,7 @@ unified_incoming_viewing_keys = "zcash_test_vectors.unified_incoming_viewing_key
 zip_0143 = "zcash_test_vectors.zip_0143:main"
 zip_0243 = "zcash_test_vectors.zip_0243:main"
 zip_0244 = "zcash_test_vectors.zip_0244:main"
+zip_0244_zsa = "zcash_test_vectors.zip_0244_zsa:main"
 
 # Transparent test vectors
 bip_0032 = "zcash_test_vectors.transparent.bip_0032:main"

regenerate.sh

@@ -30,6 +30,7 @@ tv_scripts=(
     zip_0143
     zip_0243
     zip_0244
+    zip_0244_zsa
     zip_0316
     zip_0320)
 

zcash_test_vectors/orchard_zsa/asset_base.py

@@ -7,7 +7,7 @@
 
 from hashlib import blake2b
 from ..orchard.group_hash import group_hash
-from ..output import render_args, render_tv, option
+from ..output import render_args, render_tv
 
 
 def native_asset():
@@ -29,13 +29,11 @@ def zsa_value_base(asset_digest_value):
     return group_hash(b"z.cash:OrchardZSA", asset_digest_value)
 
 
-def get_random_unicode_bytes(length):
-    try:
-        get_char = unichr
-    except NameError:
-        get_char = chr
+def get_random_unicode_bytes(length, rand):
 
-    random.seed(0xabad533d)
+    get_char = chr
+
+    random.seed(rand.u8())
 
     # Update this to include code point ranges to be sampled
     include_ranges = [
@@ -84,7 +82,7 @@ def randbytes(l):
         isk = IssuanceKeys(rand.b(32))
 
         key_bytes = bytes(isk.ik)
-        description_bytes = get_random_unicode_bytes(512)
+        description_bytes = get_random_unicode_bytes(512, rand)
         asset_base = zsa_value_base(asset_digest(encode_asset_id(key_bytes, description_bytes)))
 
         test_vectors.append({

zcash_test_vectors/transaction.py

@@ -158,16 +158,16 @@ def __bytes__(self):
             bytes(self.proof)
         )
 
-class OrchardActionDescription(object):
-    def __init__(self, rand):
+class OrchardActionBase(object):
+    def __init__(self, enc_ciphertext_size, rand):
         # We don't need to take account of whether this is a coinbase transaction,
         # because we're only generating random fields.
         self.cv = pallas_group_hash(b'TVRandPt', rand.b(32))
         self.nullifier = PallasBase(leos2ip(rand.b(32)))
         self.rk = pallas_group_hash(b'TVRandPt', rand.b(32))
         self.cmx = PallasBase(leos2ip(rand.b(32)))
         self.ephemeralKey = pallas_group_hash(b'TVRandPt', rand.b(32))
-        self.encCiphertext = rand.b(ZC_SAPLING_ENCCIPHERTEXT_SIZE)
+        self.encCiphertext = rand.b(enc_ciphertext_size)
         self.outCiphertext = rand.b(ZC_SAPLING_OUTCIPHERTEXT_SIZE)
         self.spendAuthSig = RedPallasSignature(rand)
 
@@ -182,6 +182,10 @@ def __bytes__(self):
             self.outCiphertext
         )
 
+class OrchardActionDescription(OrchardActionBase):
+    def __init__(self, rand):
+        super().__init__(ZC_SAPLING_ENCCIPHERTEXT_SIZE, rand)
+
 class JoinSplit(object):
     def __init__(self, rand, fUseGroth = False):
         self.vpub_old = 0
@@ -311,7 +315,6 @@ def __init__(self, rand):
     def __bytes__(self):
         return struct.pack('<Q', self.nValue) + bytes(self.scriptPubKey)
 
-
 class LegacyTransaction(object):
     def __init__(self, rand, version):
         if version == OVERWINTER_TX_VERSION:
@@ -411,20 +414,17 @@ def __bytes__(self):
 
         return ret
 
-
-class TransactionV5(object):
-    def __init__(self, rand, consensus_branch_id):
+# Creating a base transaction class with common fields that V5 and subsequent versions can inherit.
+class TransactionBase(object):
+    def __init__(self, rand, have_orchard=True):
         # Decide which transaction parts will be generated.
         flip_coins = rand.u8()
         have_transparent_in = (flip_coins >> 0) % 2
         have_transparent_out = (flip_coins >> 1) % 2
         have_sapling = (flip_coins >> 2) % 2
-        have_orchard = (flip_coins >> 3) % 2
         is_coinbase = (not have_transparent_in) and (flip_coins >> 4) % 2
 
         # Common Transaction Fields
-        self.nVersionGroupId = NU5_VERSION_GROUP_ID
-        self.nConsensusBranchId = consensus_branch_id
         self.nLockTime = rand.u32()
         self.nExpiryHeight = rand.u32() % TX_EXPIRY_HEIGHT_THRESHOLD
 
@@ -462,15 +462,12 @@ def __init__(self, rand, consensus_branch_id):
             # v^balanceSapling is defined to be 0.
             self.valueBalanceSapling = 0
 
-        # Orchard Transaction Fields
+        assert is_coinbase == self.is_coinbase()
+
+        # Orchard Transaction Fields that are present in both V5 and V6
         self.vActionsOrchard = []
         if have_orchard:
-            for _ in range(rand.u8() % 5):
-                self.vActionsOrchard.append(OrchardActionDescription(rand))
-            self.flagsOrchard = rand.u8() & 3 # Only two flag bits are currently defined.
-            if is_coinbase:
-                # set enableSpendsOrchard = 0
-                self.flagsOrchard &= 2
+            self.flagsOrchard = rand.u8()  # This needs to be constrained correctly in the child classes.
             self.valueBalanceOrchard = rand.u64() % (MAX_MONEY + 1)
             self.anchorOrchard = PallasBase(leos2ip(rand.b(32)))
             self.proofsOrchard = rand.b(rand.u8() + 32) # Proof will always contain at least one element
@@ -480,23 +477,17 @@ def __init__(self, rand, consensus_branch_id):
             # v^balanceOrchard is defined to be 0.
             self.valueBalanceOrchard = 0
 
-        assert is_coinbase == self.is_coinbase()
-
-    def version_bytes(self):
-        return NU5_TX_VERSION | (1 << 31)
-
     def is_coinbase(self):
         # <https://github.com/zcash/zcash/blob/d8c818bfa507adb845e527f5beb38345c490b330/src/primitives/transaction.h#L969-L972>
         return len(self.vin) == 1 and bytes(self.vin[0].prevout.txid) == b'\x00'*32 and self.vin[0].prevout.n == 0xFFFFFFFF
 
-    # TODO: Update ZIP 225 to document endianness
-    def __bytes__(self):
+    def __bytes__(self, version_bytes, nVersionGroupId, nConsensusBranchId):
         ret = b''
 
         # Common Transaction Fields
-        ret += struct.pack('<I', self.version_bytes())
-        ret += struct.pack('<I', self.nVersionGroupId)
-        ret += struct.pack('<I', self.nConsensusBranchId)
+        ret += struct.pack('<I', version_bytes)
+        ret += struct.pack('<I', nVersionGroupId)
+        ret += struct.pack('<I', nConsensusBranchId)
         ret += struct.pack('<I', self.nLockTime)
         ret += struct.pack('<I', self.nExpiryHeight)
 
@@ -545,10 +536,44 @@ def __bytes__(self):
             ret += self.proofsOrchard
             for desc in self.vActionsOrchard:
                 ret += bytes(desc.spendAuthSig)
-            ret += bytes(self.bindingSigOrchard)
 
         return ret
 
+class TransactionV5(TransactionBase):
+    def __init__(self, rand, consensus_branch_id):
+
+        have_orchard = rand.bool()
+        # All Transparent and Sapling Transaction Fields are initialized in the super class.
+        # The super class will also initialize some of the Orchard Transaction Fields.
+        super().__init__(rand, have_orchard)
+
+        # Common Transaction Fields
+        self.nVersionGroupId = NU5_VERSION_GROUP_ID
+        self.nConsensusBranchId = consensus_branch_id
+
+        # Orchard Transaction Fields
+        if have_orchard:
+            for _ in range(rand.u8() % 5):
+                self.vActionsOrchard.append(OrchardActionDescription(rand))
+            self.flagsOrchard &= 3  # Only two flag bits are currently defined.
+            if self.is_coinbase():
+                # set enableSpendsOrchard = 0
+                self.flagsOrchard &= 2
+
+    def version_bytes(self):
+        return NU5_TX_VERSION | (1 << 31)
+
+    def __bytes__(self):
+        ret = b''
+
+        # Fields that are in TransactionBase: Common, Transparent, Sapling, most Orchard
+        ret += super().__bytes__(self.version_bytes(), self.nVersionGroupId, self.nConsensusBranchId)
+
+        # Orchard remaining Transaction Fields (if the Orchard bundle exists)
+        if len(self.vActionsOrchard) > 0:
+            ret += bytes(self.bindingSigOrchard)
+
+        return ret
 
 class Transaction(object):
     def __init__(self, rand, version, consensus_branch_id=None):

zcash_test_vectors/transaction_zsa.py

@@ -0,0 +1,157 @@
+import struct
+
+from .orchard.key_components import FullViewingKey, SpendingKey
+from .orchard_zsa.key_components import IssuanceKeys
+from .orchard.pallas import Fp as PallasBase, Point
+from .orchard.sinsemilla import group_hash as pallas_group_hash
+from .orchard_zsa.asset_base import zsa_value_base, asset_digest, encode_asset_id, get_random_unicode_bytes
+from .utils import leos2ip
+from .zc_utils import write_compact_size
+from .transaction import (
+    MAX_MONEY, NOTEENCRYPTION_AUTH_BYTES,
+    ZC_SAPLING_ENCPLAINTEXT_SIZE, ZC_SAPLING_OUTCIPHERTEXT_SIZE,
+    OrchardActionBase,
+    RedPallasSignature,
+    TransactionBase,
+)
+
+NU7_VERSION_GROUP_ID = 0x124A69F8
+NU7_TX_VERSION = 7
+
+# Orchard ZSA note values
+ZC_ORCHARD_ZSA_ASSET_SIZE = 32
+ZC_ORCHARD_ZSA_ENCPLAINTEXT_SIZE = ZC_SAPLING_ENCPLAINTEXT_SIZE + ZC_ORCHARD_ZSA_ASSET_SIZE
+ZC_ORCHARD_ZSA_ENCCIPHERTEXT_SIZE = ZC_ORCHARD_ZSA_ENCPLAINTEXT_SIZE + NOTEENCRYPTION_AUTH_BYTES
+
+class OrchardZSAActionDescription(OrchardActionBase):
+    def __init__(self, rand):
+        super().__init__(ZC_ORCHARD_ZSA_ENCCIPHERTEXT_SIZE, rand)
+
+class AssetBurnDescription(object):
+    def __init__(self, rand):
+        isk = IssuanceKeys(rand.b(32))
+        desc_size = rand.u32() % 512 + 1
+        desc_bytes = get_random_unicode_bytes(desc_size, rand)
+        asset_digest_bytes = asset_digest(encode_asset_id(isk.ik, desc_bytes))
+        self.assetBase : Point = zsa_value_base(asset_digest_bytes)
+        self.valueBurn = rand.u64()
+
+    def __bytes__(self):
+        return bytes(self.assetBase) + struct.pack('<Q', self.valueBurn)
+
+class IssueActionDescription(object):
+    def __init__(self, rand, ik):
+        self.assetDescSize = rand.u32() % 512 + 1
+        self.asset_desc = get_random_unicode_bytes(self.assetDescSize, rand)
+        self.vNotes = []
+        for _ in range(rand.u8() % 5):
+            self.vNotes.append(IssueNote(rand, ik, self.asset_desc))
+        self.flagsIssuance = rand.u8() & 1    # Only one bit is reserved for the finalize flag currently
+
+    def __bytes__(self):
+        ret = b''
+
+        ret += write_compact_size(self.assetDescSize)
+        ret += bytes(self.asset_desc)
+        ret += write_compact_size(len(self.vNotes))
+        if len(self.vNotes) > 0:
+            for note in self.vNotes:
+                ret += bytes(note)
+        ret += struct.pack('B', self.flagsIssuance)
+
+        return ret
+
+class IssueNote(object):
+    def __init__(self, rand, ik, asset_desc):
+        fvk_r = FullViewingKey.from_spending_key(SpendingKey(rand.b(32)))
+        self.recipient = fvk_r.default_d() + bytes(fvk_r.default_pkd())
+        self.value = rand.u64()
+        asset_digest_bytes = asset_digest(encode_asset_id(ik, asset_desc))
+        self.assetBase = zsa_value_base(asset_digest_bytes)
+        self.rho = Point.rand(rand).extract()
+        self.rseed = rand.b(32)
+
+    def __bytes__(self):
+        ret = b''
+        ret += bytes(self.recipient)
+        ret += struct.pack('<Q', self.value)
+        ret += bytes(self.assetBase)
+        ret += bytes(self.rho)
+        ret += self.rseed
+
+        return ret
+
+
+class TransactionZSA(TransactionBase):
+    def __init__(self, rand, consensus_branch_id, have_orchard_zsa = True, have_burn = True, have_issuance = True):
+
+        # Since burn is part of the OrchardZSA bundle, ensure that there are no burn fields
+        # when there are no OrchardZSA fields
+        assert have_orchard_zsa or not have_burn
+
+        # All the Transparent and Sapling Transaction Fields are initialized in the super (TransactionBase) class.
+        super().__init__(rand, have_orchard_zsa)
+
+        # Common Transaction Fields
+        self.nVersionGroupId = NU7_VERSION_GROUP_ID
+        self.nConsensusBranchId = consensus_branch_id
+
+        # Orchard-ZSA Transaction Fields
+        if have_orchard_zsa:
+            for _ in range(rand.u8() % 5):
+                self.vActionsOrchard.append(OrchardZSAActionDescription(rand))
+            self.flagsOrchard = (self.flagsOrchard & 7) | 4  # Only three flag bits are currently defined, and we set enableZSA to true.
+            if self.is_coinbase():
+                # set enableSpendsOrchard = 0
+                self.flagsOrchard &= 2
+
+        # OrchardZSA Burn Fields
+        self.vAssetBurnOrchardZSA = []
+        if have_burn:
+            for _ in range(rand.u8() % 5):
+                self.vAssetBurnOrchardZSA.append(AssetBurnDescription(rand))
+
+        # ZSA Issuance Fields
+        self.vIssueActions = []
+        if have_issuance:
+            self.ik = IssuanceKeys(rand.b(32)).ik
+            for _ in range(rand.u8() % 5):
+                self.vIssueActions.append(IssueActionDescription(rand, self.ik))
+            self.issueAuthSig = rand.b(64)
+
+    def version_bytes(self):
+        return NU7_TX_VERSION | (1 << 31)
+
+    def orchard_zsa_burn_field_bytes(self):
+        ret = b''
+        ret += write_compact_size(len(self.vAssetBurnOrchardZSA))
+        if len(self.vAssetBurnOrchardZSA) > 0:
+            for desc in self.vAssetBurnOrchardZSA:
+                ret += bytes(desc)
+        return ret
+
+    def issuance_field_bytes(self):
+        ret = b''
+        ret += write_compact_size(len(self.vIssueActions))
+        if len(self.vIssueActions) > 0:
+            for desc in self.vIssueActions:
+                ret += bytes(desc)
+            ret += self.ik
+            ret += bytes(self.issueAuthSig)
+        return ret
+
+    def __bytes__(self):
+        ret = b''
+
+        # Fields that are in TransactionBase: Common, Transparent, Sapling, most Orchard
+        ret += super().__bytes__(self.version_bytes(), self.nVersionGroupId, self.nConsensusBranchId)
+
+        # OrchardZSA remaining Transaction Fields (if the Orchard bundle exists)
+        if len(self.vActionsOrchard) > 0:
+            ret += self.orchard_zsa_burn_field_bytes()
+            ret += bytes(self.bindingSigOrchard)
+
+        # ZSA Issuance Fields
+        ret += self.issuance_field_bytes()
+
+        return ret