Encryption generalization

[PaulLaux]

In order to support note encryption for zsa, we suggest extending the current zcash_note_encryption implementation. Currently, the COMPACT_NOTE_SIZE is a constant, however we need to support variable note sizes to include the AssetId field for zsa notes.

Currently, in zcash_note_encryption:

/// The size of a compact note.
pub const COMPACT_NOTE_SIZE: usize = 1 + // version
    11 + // diversifier
    8  + // value
    32; // rseed (or rcm prior to ZIP 212)
/// The size of [`NotePlaintextBytes`].
pub const NOTE_PLAINTEXT_SIZE: usize = COMPACT_NOTE_SIZE + 512;

and

pub const ENC_CIPHERTEXT_SIZE: usize = NOTE_PLAINTEXT_SIZE + AEAD_TAG_SIZE;

We suggest moving the constants into the specific implementation (impl Domain for OrchardDomain and Sapling) of the Domain trait by adding abstract types to NotePlaintextBytes, NoteCiphertextBytes, CompactNotePlaintextBytes, CompactNoteCiphertextBytes.

We get

pub trait Domain {
    type EphemeralSecretKey: ConstantTimeEq;
    type EphemeralPublicKey;
    type PreparedEphemeralPublicKey;
    type SharedSecret;
    type SymmetricKey: AsRef<[u8]>;
    type Note;
    type Recipient;
    type DiversifiedTransmissionKey;
    type IncomingViewingKey;
    type OutgoingViewingKey;
    type ValueCommitment;
    type ExtractedCommitment;
    type ExtractedCommitmentBytes: Eq + for<'a> From<&'a Self::ExtractedCommitment>;
    type Memo;

    // Types for variable note size handling:
    type NotePlaintextBytes: AsMut<[u8]> + for<'a> From<&'a [u8]>;
    type NoteCiphertextBytes: AsRef<[u8]> + for<'a> From<&'a [u8]>;
    type CompactNotePlaintextBytes: AsMut<[u8]> + for<'a> From<&'a [u8]>;
    type CompactNoteCiphertextBytes: AsRef<[u8]>;

Also, the constant will be removed from functions' signatures since they are unknown during the compilation time. For example:

pub fn try_note_decryption<D: Domain, Output: ShieldedOutput<D, ENC_CIPHERTEXT_SIZE>>(

Will be replaced with simply

pub fn try_note_decryption<D: Domain, Output: ShieldedOutput<D>>(

We provided our initial implementation to be complemented by the appropriate changes in Orchard::note_encryption.rs

The changes will allow us to implement an Orchard::Domain for V3 notes while keeping compatibility with the existing Orchard Domain ( for V2 notes ) and Sapling.

[alexeykoren]

Looks good to me, although I agree with old Vivec's comments about variables naming

[vivek-arte]

We should bump this up to the commit that is the latest eventually, (currently 49a7775eccdd74ebaaa30aabc42fccf063b25ec1), but this is not functionality-critical.

This also seems like a cycle with the dependency requirement in Orchard though...

[vivek-arte]

Suggested change

	orchard = { version = "0.3", git = "https://github.com/QED-it/orchard", rev = "c6e048a4474f0bef5182ed56e5d2ecff6fea0389" }
	orchard = { version = "0.3", git = "https://github.com/QED-it/orchard", rev = "49a7775eccdd74ebaaa30aabc42fccf063b25ec1" }

[PaulLaux]

yes, due to the cycle, it is not possible to provide the correct rev for both repos.

[vivek-arte]

output already is &mut [u8], so output.as_mut() seems unnecessary.

Suggested change

	.encrypt_in_place_detached([0u8; 12][..].into(), &[], output.as_mut())
	.encrypt_in_place_detached([0u8; 12][..].into(), &[], output)

[PaulLaux]

good catch.done.

[vivek-arte]

This is V3 specific at the moment, would need updating along with backward compatibility