Changes to TXID generation to account for ZSA additions

pyproject.toml

@@ -71,3 +71,4 @@ orchard_zsa_asset_base="zcash_test_vectors.orchard_zsa.asset_base:main"
 orchard_zsa_issuance_auth_sig="zcash_test_vectors.orchard_zsa.issuance_auth_sig:main"
 orchard_zsa_key_components = "zcash_test_vectors.orchard_zsa.key_components:main"
 orchard_zsa_note_encryption = "zcash_test_vectors.orchard_zsa.note_encryption:main"
+orchard_zsa_digests = "zcash_test_vectors.transaction_zsa:main"

regenerate.sh

@@ -30,6 +30,7 @@ tv_scripts=(
     zip_0143
     zip_0243
     zip_0244
+    orchard_zsa_digests
     zip_0316
     zip_0320)
 

zcash_test_vectors/orchard_zsa/asset_base.py

@@ -7,7 +7,7 @@
 
 from hashlib import blake2b
 from ..orchard.group_hash import group_hash
-from ..output import render_args, render_tv, option
+from ..output import render_args, render_tv
 
 
 def native_asset():
@@ -29,13 +29,11 @@ def zsa_value_base(asset_digest_value):
     return group_hash(b"z.cash:OrchardZSA", asset_digest_value)
 
 
-def get_random_unicode_bytes(length):
-    try:
-        get_char = unichr
-    except NameError:
-        get_char = chr
+def get_random_unicode_bytes(length, rand):
 
-    random.seed(0xabad533d)
+    get_char = chr
+
+    random.seed(rand.u8())
 
     # Update this to include code point ranges to be sampled
     include_ranges = [
@@ -84,7 +82,7 @@ def randbytes(l):
         isk = IssuanceKeys(rand.b(32))
 
         key_bytes = bytes(isk.ik)
-        description_bytes = get_random_unicode_bytes(512)
+        description_bytes = get_random_unicode_bytes(512, rand)
         asset_base = zsa_value_base(asset_digest(encode_asset_id(key_bytes, description_bytes)))
 
         test_vectors.append({

zcash_test_vectors/orchard_zsa/digests.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import sys; assert sys.version_info[0] >= 3, "Python 3 required."
+
+from hashlib import blake2b
+import struct
+
+NU7_VERSION_GROUP_ID = 0x124A69F8
+NU7_TX_VERSION = 6
+
+
+def orchard_zsa_burn_digest(tx):
+    digest = blake2b(digest_size=32, person=b'ZTxIdOrcBurnHash')
+
+    if len(tx.vAssetBurnOrchardZSA) > 0:
+        for desc in tx.vAssetBurnOrchardZSA:
+            digest.update(bytes(desc.assetBase))
+            digest.update(struct.pack('<Q', desc.valueBurn))
+
+    return digest.digest()
+
+
+def issuance_digest(tx):
+    digest = blake2b(digest_size=32, person=b'ZTxIdSAIssueHash')
+
+    if len(tx.vIssueActions) > 0:
+        digest.update(issue_actions_digest(tx))
+        digest.update(tx.ik)
+
+    return digest.digest()
+
+
+def issuance_auth_digest(tx):
+    digest = blake2b(digest_size=32, person=b'ZTxAuthZSAOrHash')
+    if len(tx.vIssueActions) > 0:
+        digest.update(tx.issueAuthSig)
+    return digest.digest()
+
+
+def issue_actions_digest(tx):
+    digest = blake2b(digest_size=32, person=b'ZTxIdIssuActHash')
+
+    for action in tx.vIssueActions:
+        digest.update(issue_notes_digest(action))
+        digest.update(action.asset_desc)
+        digest.update(struct.pack('<B', action.flagsIssuance))
+
+    return digest.digest()
+
+
+def issue_notes_digest(action):
+    digest = blake2b(digest_size=32, person=b'ZTxIdIAcNoteHash')
+
+    for note in action.vNotes:
+        digest.update(bytes(note.recipient))
+        digest.update(struct.pack('<Q', note.value))
+        digest.update(bytes(note.assetBase))
+        digest.update(bytes(note.rho))
+        digest.update(note.rseed)
+
+    return digest.digest()

zcash_test_vectors/transaction.py

@@ -158,16 +158,16 @@ def __bytes__(self):
             bytes(self.proof)
         )
 
-class OrchardActionDescription(object):
-    def __init__(self, rand):
+class OrchardActionBase(object):
+    def __init__(self, enc_ciphertext_size, rand):
         # We don't need to take account of whether this is a coinbase transaction,
         # because we're only generating random fields.
         self.cv = pallas_group_hash(b'TVRandPt', rand.b(32))
         self.nullifier = PallasBase(leos2ip(rand.b(32)))
         self.rk = pallas_group_hash(b'TVRandPt', rand.b(32))
         self.cmx = PallasBase(leos2ip(rand.b(32)))
         self.ephemeralKey = pallas_group_hash(b'TVRandPt', rand.b(32))
-        self.encCiphertext = rand.b(ZC_SAPLING_ENCCIPHERTEXT_SIZE)
+        self.encCiphertext = rand.b(enc_ciphertext_size)
         self.outCiphertext = rand.b(ZC_SAPLING_OUTCIPHERTEXT_SIZE)
         self.spendAuthSig = RedPallasSignature(rand)
 
@@ -182,6 +182,10 @@ def __bytes__(self):
             self.outCiphertext
         )
 
+class OrchardActionDescription(OrchardActionBase):
+    def __init__(self, rand):
+        super().__init__(ZC_SAPLING_ENCCIPHERTEXT_SIZE, rand)
+
 class JoinSplit(object):
     def __init__(self, rand, fUseGroth = False):
         self.vpub_old = 0
@@ -411,20 +415,17 @@ def __bytes__(self):
 
         return ret
 
-
-class TransactionV5(object):
-    def __init__(self, rand, consensus_branch_id):
+# Creating a base transaction class with common fields that V5 and subsequent versions can inherit.
+class TransactionBase(object):
+    def __init__(self, rand, have_orchard=True):
         # Decide which transaction parts will be generated.
         flip_coins = rand.u8()
         have_transparent_in = (flip_coins >> 0) % 2
         have_transparent_out = (flip_coins >> 1) % 2
         have_sapling = (flip_coins >> 2) % 2
-        have_orchard = (flip_coins >> 3) % 2
         is_coinbase = (not have_transparent_in) and (flip_coins >> 4) % 2
 
         # Common Transaction Fields
-        self.nVersionGroupId = NU5_VERSION_GROUP_ID
-        self.nConsensusBranchId = consensus_branch_id
         self.nLockTime = rand.u32()
         self.nExpiryHeight = rand.u32() % TX_EXPIRY_HEIGHT_THRESHOLD
 
@@ -462,15 +463,9 @@ def __init__(self, rand, consensus_branch_id):
             # v^balanceSapling is defined to be 0.
             self.valueBalanceSapling = 0
 
-        # Orchard Transaction Fields
+        # Orchard Transaction Fields that are present in both V5 and V6
         self.vActionsOrchard = []
         if have_orchard:
-            for _ in range(rand.u8() % 5):
-                self.vActionsOrchard.append(OrchardActionDescription(rand))
-            self.flagsOrchard = rand.u8() & 3 # Only two flag bits are currently defined.
-            if is_coinbase:
-                # set enableSpendsOrchard = 0
-                self.flagsOrchard &= 2
             self.valueBalanceOrchard = rand.u64() % (MAX_MONEY + 1)
             self.anchorOrchard = PallasBase(leos2ip(rand.b(32)))
             self.proofsOrchard = rand.b(rand.u8() + 32) # Proof will always contain at least one element
@@ -482,21 +477,17 @@ def __init__(self, rand, consensus_branch_id):
 
         assert is_coinbase == self.is_coinbase()
 
-    def version_bytes(self):
-        return NU5_TX_VERSION | (1 << 31)
-
     def is_coinbase(self):
         # <https://github.com/zcash/zcash/blob/d8c818bfa507adb845e527f5beb38345c490b330/src/primitives/transaction.h#L969-L972>
         return len(self.vin) == 1 and bytes(self.vin[0].prevout.txid) == b'\x00'*32 and self.vin[0].prevout.n == 0xFFFFFFFF
 
-    # TODO: Update ZIP 225 to document endianness
-    def __bytes__(self):
+    def to_bytes(self, version_bytes, nVersionGroupId, nConsensusBranchId):
         ret = b''
 
         # Common Transaction Fields
-        ret += struct.pack('<I', self.version_bytes())
-        ret += struct.pack('<I', self.nVersionGroupId)
-        ret += struct.pack('<I', self.nConsensusBranchId)
+        ret += struct.pack('<I', version_bytes)
+        ret += struct.pack('<I', nVersionGroupId)
+        ret += struct.pack('<I', nConsensusBranchId)
         ret += struct.pack('<I', self.nLockTime)
         ret += struct.pack('<I', self.nExpiryHeight)
 
@@ -545,10 +536,44 @@ def __bytes__(self):
             ret += self.proofsOrchard
             for desc in self.vActionsOrchard:
                 ret += bytes(desc.spendAuthSig)
-            ret += bytes(self.bindingSigOrchard)
 
         return ret
 
+class TransactionV5(TransactionBase):
+    def __init__(self, rand, consensus_branch_id):
+        have_orchard = rand.bool()
+        # All Transparent, Sapling, and part of the Orchard Transaction Fields are initialized in the super class.
+        super().__init__(rand, have_orchard)
+
+        # Common Transaction Fields
+        self.nVersionGroupId = NU5_VERSION_GROUP_ID
+        self.nConsensusBranchId = consensus_branch_id
+
+        # Orchard Transaction Fields
+        if have_orchard:
+            for _ in range(rand.u8() % 5):
+                self.vActionsOrchard.append(OrchardActionDescription(rand))
+            self.flagsOrchard = rand.u8()
+            self.flagsOrchard &= 3  # Only two flag bits are currently defined.
+            if self.is_coinbase():
+                # set enableSpendsOrchard = 0
+                self.flagsOrchard &= 2
+
+    @staticmethod
+    def version_bytes():
+        return NU5_TX_VERSION | (1 << 31)
+
+    def __bytes__(self):
+        ret = b''
+
+        # Fields that are in TransactionBase: Common, Transparent, Sapling, most Orchard
+        ret += super().to_bytes(self.version_bytes(), self.nVersionGroupId, self.nConsensusBranchId)
+
+        # Orchard remaining Transaction Fields (if the Orchard bundle exists)
+        if len(self.vActionsOrchard) > 0:
+            ret += bytes(self.bindingSigOrchard)
+
+        return ret
 
 class Transaction(object):
     def __init__(self, rand, version, consensus_branch_id=None):