Skip to content

Add versioned signatures for Sapling transactions #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ConstanceBeguier merged 6 commits into from
Oct 29, 2025
Merged

Add versioned signatures for Sapling transactions #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4758392
Add versioned signatures for Sapling
ConstanceBeguier Sep 9, 2025
2fa1138
Update test vectors
ConstanceBeguier Sep 9, 2025
67e8620
Add hasSighashInfo argument
ConstanceBeguier Sep 11, 2025
8c2eab9
Take into account review comments
ConstanceBeguier Sep 11, 2025
6828f66
Remove TODO
ConstanceBeguier Oct 7, 2025
949acfc
Remove hasSighashInfo
ConstanceBeguier Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions test-vectors/json/orchard_zsa_digests.json
View file
Open in desktop

Large diffs are not rendered by default.

1,726 changes: 863 additions & 863 deletions test-vectors/rust/orchard_zsa_digests.rs
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions test-vectors/zcash/orchard_zsa_digests.json
View file
Open in desktop

Large diffs are not rendered by default.

7 changes: 7 additions & 0 deletions zcash_test_vectors/transaction.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
Scalar as PallasScalar,
)
from .orchard.sinsemilla import group_hash as pallas_group_hash
from .orchard_zsa.digests import NU7_TX_VERSION_BYTES
from .sapling.generators import find_group_hash, SPENDING_KEY_BASE
from .sapling.jubjub import (
Fq,
Expand Down Expand Up @@ -516,10 +517,16 @@ def to_bytes(self, version_bytes, nVersionGroupId, nConsensusBranchId):
for desc in self.vSpendsSapling: # vSpendProofsSapling
ret += bytes(desc.proof)
for desc in self.vSpendsSapling: # vSpendAuthSigsSapling
if version_bytes == NU7_TX_VERSION_BYTES:
ret += write_compact_size(len(desc.spendAuthSigInfo))
ret += bytes(desc.spendAuthSigInfo)
ret += bytes(desc.spendAuthSig)
for desc in self.vOutputsSapling: # vOutputProofsSapling
ret += bytes(desc.proof)
if hasSapling:
if version_bytes == NU7_TX_VERSION_BYTES:
ret += write_compact_size(len(self.bindingSigSaplingInfo))
ret += bytes(self.bindingSigSaplingInfo)
ret += bytes(self.bindingSigSapling)

return ret
Expand Down
5 changes: 4 additions & 1 deletion zcash_test_vectors/transaction_v6.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,10 +145,13 @@ def __init__(self, rand, consensus_branch_id, sighash_info, have_orchard_zsa=Tru
assert have_orchard_zsa or not have_burn

# We cannot have issuance without an OrchardZSA bundle.
assert have_orchard_zsa or not have_issuance #TODO: VA: Combine this with the above?
assert have_orchard_zsa or not have_issuance

# All Transparent, Sapling, and part of the Orchard Transaction Fields are initialized in the super class.
super().__init__(rand, have_orchard_zsa)
for desc in self.vSpendsSapling:
desc.spendAuthSigInfo = sighash_info
self.bindingSigSaplingInfo = sighash_info
self.bindingSigOrchardInfo = sighash_info


Expand Down
27 changes: 25 additions & 2 deletions zcash_test_vectors/zip_0244.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
SIGHASH_SINGLE,
)

from .zc_utils import write_compact_size


# Transparent

Expand Down Expand Up @@ -57,16 +59,36 @@ def sapling_digest(tx):

return digest.digest()

SAPLING_AUTH_DIGEST_PERSONALIZAION = b'ZTxAuthSapliHash'

def sapling_auth_digest(tx):
digest = blake2b(digest_size=32, person=b'ZTxAuthSapliHash')
digest = blake2b(digest_size=32, person=SAPLING_AUTH_DIGEST_PERSONALIZAION)

if len(tx.vSpendsSapling) + len(tx.vOutputsSapling) > 0:
for desc in tx.vSpendsSapling:
digest.update(bytes(desc.proof))
for desc in tx.vSpendsSapling:
digest.update(bytes(desc.spendAuthSig))
for desc in tx.vOutputsSapling:
digest.update(bytes(desc.proof))
digest.update(bytes(tx.bindingSigSapling))

return digest.digest()

def sapling_auth_digest_v6(tx):
digest = blake2b(digest_size=32, person=SAPLING_AUTH_DIGEST_PERSONALIZAION)

if len(tx.vSpendsSapling) + len(tx.vOutputsSapling) > 0:
for desc in tx.vSpendsSapling:
digest.update(bytes(desc.proof))
for desc in tx.vSpendsSapling:
digest.update(write_compact_size(len(desc.spendAuthSigInfo)))
digest.update(bytes(desc.spendAuthSigInfo))
digest.update(bytes(desc.spendAuthSig))
for desc in tx.vOutputsSapling:
digest.update(bytes(desc.proof))
digest.update(write_compact_size(len(tx.bindingSigSaplingInfo)))
digest.update(bytes(tx.bindingSigSaplingInfo))
digest.update(bytes(tx.bindingSigSapling))

return digest.digest()
Expand Down Expand Up @@ -222,11 +244,12 @@ def auth_digest(tx):
)

digest.update(transparent_scripts_digest(tx))
digest.update(sapling_auth_digest(tx))
if tx.version_bytes() == NU7_TX_VERSION_BYTES:
digest.update(sapling_auth_digest_v6(tx))
digest.update(orchard_zsa_auth_digest(tx))
digest.update(issuance_auth_digest(tx))
else:
digest.update(sapling_auth_digest(tx))
digest.update(orchard_auth_digest(tx))

return digest.digest()
Expand Down