Migrate voting recovery state to SQLite DB#3
Merged
Conversation
This was referenced Mar 17, 2026
Add FFI + Swift wrappers for voting recovery state DB operations
valargroup/zcash-swift-wallet-sdk#4
Merged
Move crash-recovery data (delegation TX hashes, vote TX hashes, vote commitment bundles, Keystone signatures) from Swift-side JSON files into the existing voting SQLite database. Schema v5: adds delegation_tx_hash to bundles, tx_hash + vc_tree_position + commitment_bundle_json to votes, new keystone_signatures and share_delegations tables.
czarcas7ic
force-pushed
the
adam/recovery-state-to-db
branch
from
2eb98b3 to
c0e543e
Compare
greg0x
approved these changes
Mar 17, 2026
Contributor
greg0x
left a comment
greg0x
left a comment
There was a problem hiding this comment.
Nice! I was worried about the migration, but you got it right.
Note: when we go live, we will need to start using the incremental migrations.
p0mvn
added a commit
that referenced
this pull request
Mar 21, 2026
…ipt lifecycle Add the Rust-side infrastructure for the fire-persist-poll share reveal confirmation system. After CastVote TX confirms, the wallet delegates encrypted shares to helpers and polls for on-chain reveal confirmation using deterministic share nullifiers. Schema (migration v6): - votes: add `van_authority_spent` column, separate from `submitted` — tracks CastVote TX confirmation for proposal_authority bitmask while `submitted` tracks share-reveal completion. - share_delegations: PK now includes `helper_url` (one receipt per helper per share); renamed nullifier→share_nullifier, confirmed→reveal_confirmed; added `seq`, `submit_at` columns. Storage operations: - ShareDelegationReceipt and PendingShareRevealGroup types with serde. - CRUD: store/list/clear receipts, mark_share_revealed_for_helper, list_pending_share_reveal_groups (joins votes.submitted=0). - mark_van_authority_spent with rows-affected guard. - store_vote uses ON CONFLICT to preserve submitted/van_authority_spent on crash-retry re-insert. - Release DB mutex during long-running ZKP #1 proof generation so share-polling callers aren't blocked. Nullifier derivation: - compute_share_nullifier() chains vote_commitment_hash → share_nullifier_hash (Poseidon, same domain tags as ZKP #3 circuit). - build_share_payloads includes share_nullifier in each SharePayload. - round_id_bytes_from_hex rejects inputs >32 bytes. Also fixes pre-existing build error in zkp2.rs (upstream voting-circuits removed single_share parameter from build_vote_proof_from_delegation). Made-with: Cursor
6 tasks
p0mvn
added a commit
that referenced
this pull request
Mar 21, 2026
…ipt lifecycle Add the Rust-side infrastructure for the fire-persist-poll share reveal confirmation system. After CastVote TX confirms, the wallet delegates encrypted shares to helpers and polls for on-chain reveal confirmation using deterministic share nullifiers. Schema (migration v6): - votes: add `van_authority_spent` column, separate from `submitted` — tracks CastVote TX confirmation for proposal_authority bitmask while `submitted` tracks share-reveal completion. - share_delegations: PK now includes `helper_url` (one receipt per helper per share); renamed nullifier→share_nullifier, confirmed→reveal_confirmed; added `seq`, `submit_at` columns. Storage operations: - ShareDelegationReceipt and PendingShareRevealGroup types with serde. - CRUD: store/list/clear receipts, mark_share_revealed_for_helper, list_pending_share_reveal_groups (joins votes.submitted=0). - mark_van_authority_spent with rows-affected guard. - store_vote uses ON CONFLICT to preserve submitted/van_authority_spent on crash-retry re-insert. - Release DB mutex during long-running ZKP #1 proof generation so share-polling callers aren't blocked. Nullifier derivation: - compute_share_nullifier() chains vote_commitment_hash → share_nullifier_hash (Poseidon, same domain tags as ZKP #3 circuit). - build_share_payloads includes share_nullifier in each SharePayload. - round_id_bytes_from_hex rejects inputs >32 bytes. Also fixes pre-existing build error in zkp2.rs (upstream voting-circuits removed single_share parameter from build_vote_proof_from_delegation). Made-with: Cursor
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Move crash-recovery data (delegation TX hashes, vote TX hashes, vote commitment bundles, Keystone signatures) from Swift-side JSON files into the existing voting SQLite database.
delegation_tx_hashtobundles,tx_hash/vc_tree_position/commitment_bundle_jsontovoteskeystone_signaturestable for Keystone signing recoveryshare_delegationstable (schema only — populated by upcoming share status feature)KeystoneSignatureRecordtype for reading back stored signatures