Updating the encoding of the Issuance Authorization keys and signatures

[vivek-arte]

This PR makes the updates to the encoding of the issuance validating key and the issuance authorization signature, as done in the specification in zcash/zips#1042, along with the further updates in zcash/zips#1048 and zcash/zips#1053.

The test vectors are updated in QED-it/zcash-test-vectors#31.

[ConstanceBeguier]

I am surprised that only asset_base.rs was modified in the test_vectors folder.
I think keys.rs should also be modified.

[ConstanceBeguier]

Approved pending the following comments

• Please add a description to the PR
• Check which files into test_vectors folder should be updated
• Check with Pablo whether the current trait architecture is acceptable (I was not able to simplify it)

[PaulLaux]

Let's remove

fn try_sign_with_aux(
        isk: &Self::IskType,
        msg: &[u8; 32],
        aux_data: &[u8; 32],
    ) -> Result<Self::IssueAuthSigType, Error>;

    /// Verifies a signature over a message and auxiliary data using the issuance validating key.
    fn verify_with_aux(
        ik: &Self::IkType,
        msg: &[u8],
        aux_data: &[u8; 32],
        signature: &Self::IssueAuthSigType,
    ) -> Result<(), Error>;

from the trait. I don't see a reason to keep it since we are providing this functions directly from the keys. this will simplify more unless I miss somthing.
+ fix the aux_random misunderstanding.

[ConstanceBeguier]

Let's remove

fn try_sign_with_aux(...)
fn verify_with_aux(...)

from the trait. I don't see a reason to keep it since we are providing this functions directly from the keys. this will simplify more unless I miss somthing.

• fix the aux_random misunderstanding

In the trait, I replaced try_with_with_aux and verify_with_aux with try_sign and verify.
I prefer to keep try_sign and verify in the trait to emphasize that any new scheme must implement them.
I fixed the aux_data misunderstanding.

[PaulLaux]

I think we should remove to_bytes() and from_bytes() and keep just encode() and decode() (potentialy encode_bytes() and decode_bytes()).

I don't want two options to go to bytes. What do you think?
(x3)

[ConstanceBeguier]

I agree with you that we will have some confusion if we keep both the to/from_bytes and encode/decode functions.
For IssueAuthSig and IssueValidatingKey, I kept only the encode/decode functions because in the specs, ik and sig are always used with the ALGORITHM_BYTE.
For IssueAuthKey, I kept only the to/from_bytes functions because it is never used with ALGORITHM_BYTE in the spec.

[ConstanceBeguier]

We have to update orchard_zsa_issuance_auth_sig.rs test vector file to add ALGORITHM_BYTE 0x00 at the beginning of ik and sig.

[ConstanceBeguier]

Updated orchard_zsa_issuance_auth_sig test vectors

[PaulLaux]

Approved with minor comments

[PaulLaux]

We are using verify_prehash(), is this the best fit?
The lib has also fn verify_digest(() and fn verify()

If we stick to verify_prehash, our API +Docs should reflect it: limit the parameters to the correct size/type

[ConstanceBeguier]

I will keep verify_prehash because we will verify a SIGHASH that is already a finalized digest.
verify_digest does not fit because it takes as input a digest that is not finalized
verify does not fit because it hashes the message before verifying it

[ConstanceBeguier]

I will fix the size of the msg to the size of SIGHASH (32 bytes)

[ConstanceBeguier]

Done