diff --git a/masp_primitives/src/transaction/txid.rs b/masp_primitives/src/transaction/txid.rs index 2bb14780..abede069 100644 --- a/masp_primitives/src/transaction/txid.rs +++ b/masp_primitives/src/transaction/txid.rs @@ -11,7 +11,7 @@ use group::GroupEncoding; use crate::consensus::{BlockHeight, BranchId}; use super::{ - sapling::{self, OutputDescription, SpendDescription}, + sapling::{self, ConvertDescription, OutputDescription, SpendDescription}, transparent::{self, TxIn, TxOut}, Authorization, Authorized, TransactionDigest, TransparentDigests, TxDigests, TxId, TxVersion, }; @@ -33,6 +33,8 @@ const ZCASH_SAPLING_SPENDS_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSSpendsHash" const ZCASH_SAPLING_SPENDS_COMPACT_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSSpendCHash"; const ZCASH_SAPLING_SPENDS_NONCOMPACT_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSSpendNHash"; +const ZCASH_SAPLING_CONVERTS_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdConvertHash"; + const ZCASH_SAPLING_OUTPUTS_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSOutputHash"; const ZCASH_SAPLING_OUTPUTS_COMPACT_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSOutC__Hash"; const ZCASH_SAPLING_OUTPUTS_MEMOS_HASH_PERSONALIZATION: &[u8; 16] = b"ZTxIdSOutM__Hash"; @@ -109,6 +111,24 @@ pub(crate) fn hash_sapling_spends( h.finalize() } +/// Implements ZIP 244-like hashing of MASP convert descriptions. +/// +/// Write disjoint parts of each MASP shielded convert to a hash: +/// * \[(cv, anchor)*\] - personalized with ZCASH_SAPLING_CONVERTS_HASH_PERSONALIZATION +/// +pub(crate) fn hash_sapling_converts( + shielded_converts: &[ConvertDescription], +) -> Blake2bHash { + let mut h = hasher(ZCASH_SAPLING_CONVERTS_HASH_PERSONALIZATION); + if !shielded_converts.is_empty() { + for s_convert in shielded_converts { + h.write_all(&s_convert.cv.to_bytes()).unwrap(); + h.write_all(&s_convert.anchor.to_repr()).unwrap(); + } + } + h.finalize() +} + /// Implements [ZIP 244 section T.3b](https://zips.z.cash/zip-0244#t-3b-sapling-outputs-digest) /// /// Write disjoint parts of each Sapling shielded output as 3 separate hashes: @@ -128,12 +148,18 @@ pub(crate) fn hash_sapling_outputs( for s_out in shielded_outputs { ch.write_all(s_out.cmu.to_repr().as_ref()).unwrap(); ch.write_all(s_out.ephemeral_key.as_ref()).unwrap(); - ch.write_all(&s_out.enc_ciphertext[..52]).unwrap(); + ch.write_all(&s_out.enc_ciphertext[..masp_note_encryption::COMPACT_NOTE_SIZE]) + .unwrap(); - mh.write_all(&s_out.enc_ciphertext[52..564]).unwrap(); + mh.write_all( + &s_out.enc_ciphertext[masp_note_encryption::COMPACT_NOTE_SIZE + ..masp_note_encryption::NOTE_PLAINTEXT_SIZE], + ) + .unwrap(); nh.write_all(&s_out.cv.to_bytes()).unwrap(); - nh.write_all(&s_out.enc_ciphertext[564..]).unwrap(); + nh.write_all(&s_out.enc_ciphertext[masp_note_encryption::NOTE_PLAINTEXT_SIZE..]) + .unwrap(); nh.write_all(&s_out.out_ciphertext).unwrap(); } @@ -194,10 +220,14 @@ fn hash_sapling_txid_data< bundle: &sapling::Bundle, ) -> Blake2bHash { let mut h = hasher(ZCASH_SAPLING_HASH_PERSONALIZATION); - if !(bundle.shielded_spends.is_empty() && bundle.shielded_outputs.is_empty()) { + if !(bundle.shielded_spends.is_empty() + && bundle.shielded_converts.is_empty() + && bundle.shielded_outputs.is_empty()) + { h.write_all(hash_sapling_spends(&bundle.shielded_spends).as_bytes()) .unwrap(); - + h.write_all(hash_sapling_converts(&bundle.shielded_converts).as_bytes()) + .unwrap(); h.write_all(hash_sapling_outputs(&bundle.shielded_outputs).as_bytes()) .unwrap(); diff --git a/masp_proofs/Cargo.toml b/masp_proofs/Cargo.toml index b7b90d08..e7618e95 100644 --- a/masp_proofs/Cargo.toml +++ b/masp_proofs/Cargo.toml @@ -36,7 +36,6 @@ tracing = "0.1" blake2b_simd = "1" directories = { version = "4", optional = true } redjubjub = "0.5" -wagyu-zcash-parameters = { version = "0.2", optional = true } getrandom = { version = "0.2", features = ["js"] } itertools = "0.10.1" @@ -50,7 +49,7 @@ pprof = { version = "0.11", features = ["criterion", "flamegraph"] } # MSRV 1.56 [features] default = ["local-prover", "multicore"] -bundled-prover = ["wagyu-zcash-parameters"] +bundled-prover = [] download-params = ["minreq", "directories"] local-prover = ["directories"] multicore = ["bellman/multicore"] diff --git a/masp_proofs/src/prover.rs b/masp_proofs/src/prover.rs index f9621f6e..355fb350 100644 --- a/masp_proofs/src/prover.rs +++ b/masp_proofs/src/prover.rs @@ -150,7 +150,7 @@ impl LocalTxProver { // spend_vk: p.spend_vk, // output_params: p.output_params, // } - // } + //} } impl TxProver for LocalTxProver {