Skip to content

zcash_primitives: Replace sapling::redjubjub with redjubjub crate#1056

Merged
daira merged 3 commits into
mainfrom
581-use-redjubjub-crate
Dec 4, 2023
Merged

zcash_primitives: Replace sapling::redjubjub with redjubjub crate#1056
daira merged 3 commits into
mainfrom
581-use-redjubjub-crate

Conversation

@str4d
Copy link
Copy Markdown
Contributor

@str4d str4d commented Nov 30, 2023
edited by daira
Loading

As a side-effect, we remove the ability to verify individual transactions with pre-ZIP 216 rules (which we already removed from zcashd consensus nodes in zcash/zcash#6000 and zcash/zcash#6399, as all pre-ZIP 216 transactions on mainnet and testnet are also valid under ZIP 216).

@str4d
zcash_primitives: Replace sapling::redjubjub with redjubjub crate
de1ed21 
As a side-effect, we remove the ability to verify individual
transactions with pre-ZIP 216 rules (which we already removed from
`zcashd` consensus nodes in zcash/zcash#6000 and zcash/zcash#6399, as
all pre-ZIP 216 transactions on mainnet are also valid under ZIP 216).
@str4d str4d force-pushed the 581-use-redjubjub-crate branch from 3878654 to de1ed21 Compare November 30, 2023 17:52
str4d
str4d commented Nov 30, 2023
View reviewed changes
Comment thread zcash_primitives/src/sapling/builder.rs
Comment on lines -755 to +745
binding_signature: auth.sigs.bsk.sign(
&sighash,
&mut rng,
VALUE_COMMITMENT_RANDOMNESS_GENERATOR,
),
binding_signature: auth.sigs.bsk.sign(&mut rng, &sighash),
Copy link
Copy Markdown
Contributor Author

@str4d str4d Nov 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was a bug here previously in that this didn't include key prefixing, because we never implemented that inside our redjubjub module (as the original RedDSA draft spec lacked it). I should have used the equivalent of the sapling::spend_sig method here when I added this in #1023 (not that exact method because it also handled re-randomization), but as we haven't cut a release including this API yet, the bug is not in deployed code. The redjubjub crate includes key prefixing.

str4d
str4d commented Nov 30, 2023
View reviewed changes
Comment thread zcash_primitives/src/transaction/builder.rs Outdated
@str4d str4d requested review from daira and nuttycom November 30, 2023 18:02
@str4d str4d added this to the Extract sapling-crypto milestone Nov 30, 2023
@codecov
Copy link
Copy Markdown

codecov Bot commented Nov 30, 2023
edited
Loading

Codecov Report

Attention: 24 lines in your changes are missing coverage. Please review.

Comparison is base (764127f) 70.62% compared to head (ded09f9) 70.79%.

Files Patch % Lines
zcash_primitives/src/sapling/verifier/batch.rs 0.00% 7 Missing ⚠️
zcash_primitives/src/sapling/builder.rs 64.28% 5 Missing ⚠️
zcash_primitives/src/sapling/keys.rs 93.93% 4 Missing ⚠️
zcash_primitives/src/sapling/verifier.rs 0.00% 4 Missing ⚠️
zcash_primitives/src/sapling/verifier/single.rs 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1056      +/-   ##
==========================================
+ Coverage   70.62%   70.79%   +0.16%     
==========================================
  Files         140      138       -2     
  Lines       13786    13698      -88     
==========================================
- Hits         9737     9698      -39     
+ Misses       4049     4000      -49

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

nuttycom
nuttycom reviewed Nov 30, 2023
View reviewed changes
Comment thread zcash_primitives/src/sapling/verifier/batch.rs
nuttycom
nuttycom previously approved these changes Nov 30, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nuttycom nuttycom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK de1ed21

Comment thread zcash_primitives/src/transaction/builder.rs Outdated
daira
daira reviewed Dec 1, 2023
View reviewed changes
Comment thread zcash_primitives/src/sapling/builder.rs Outdated
@str4d str4d force-pushed the 581-use-redjubjub-crate branch from 4cbeeb9 to cb72231 Compare December 1, 2023 09:59
@str4d
zcash_primitives: Introduce newtypes for ask and ak
5ccba3e 
The Sapling key components specification places more constraints on the
values of `ask` and `ak` than general RedJubjub signing and verification
keys.
@str4d str4d force-pushed the 581-use-redjubjub-crate branch from cb72231 to 5ccba3e Compare December 1, 2023 11:19
@str4d str4d mentioned this pull request Dec 1, 2023
Merged
@str4d
Copy link
Copy Markdown
Contributor Author

str4d commented Dec 1, 2023
edited
Loading

There's a somewhat concerning test vector failure in zcashd (zcash/zcash#6784 (review)) that I need to debug. EDIT: Nope, it was just a bug in the test vectors.

@str4d str4d force-pushed the 581-use-redjubjub-crate branch from f9b4c53 to ded09f9 Compare December 1, 2023 14:22
nuttycom
nuttycom approved these changes Dec 1, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nuttycom nuttycom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK ded09f9

daira
daira reviewed Dec 4, 2023
View reviewed changes
Comment thread zcash_primitives/src/sapling/keys.rs
#[derive(Clone, Debug)]
pub struct SpendValidatingKey(redjubjub::VerificationKey<SpendAuth>);

impl From<&SpendAuthorizingKey> for SpendValidatingKey {
Copy link
Copy Markdown
Contributor

@daira daira Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change this to an explicitly named method.

Copy link
Copy Markdown
Contributor

@daira daira Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filed #1056 .

daira
daira reviewed Dec 4, 2023
View reviewed changes
Comment thread zcash_primitives/src/sapling/test_vectors/signatures.rs
@daira daira mentioned this pull request Dec 4, 2023
Open
daira
daira approved these changes Dec 4, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@daira daira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@daira daira merged commit acf1462 into main Dec 4, 2023
@daira daira deleted the 581-use-redjubjub-crate branch December 4, 2023 18:27
@str4d str4d added the C-tech-debt Category: Technical debt that needs to be paid off label Dec 8, 2023
@daira daira mentioned this pull request Dec 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nuttycom nuttycom nuttycom approved these changes

@daira daira daira approved these changes

Assignees

No one assigned

Labels

C-tech-debt Category: Technical debt that needs to be paid off

Projects

None yet

Milestone

Extract sapling-crypto

Development

Successfully merging this pull request may close these issues.

3 participants

@str4d @nuttycom @daira