[#1661] Add voting generate-note-witnesses FFI#1717
Merged
nullcopy merged 7 commits intoMay 8, 2026
Conversation
p0mvn
force-pushed
the
roman/voting-generate-note-witnesses
branch
2 times, most recently
from
a39c263 to
91fb3e8
Compare
p0mvn
commented
May 7, 2026
| checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" | ||
| dependencies = [ | ||
| "bitflags 2.11.1", | ||
| "bitflags", |
Collaborator
Author
There was a problem hiding this comment.
Note to reviewer: the diff in Cargo.lock is an outcome of cargo check.
This stems from the fact that we added incrementalmerkletree. The new dependency has resulted in updating the graph.
To validate, switch to main, add the diff in Cargo.toml. Run cargo check. The diff may be slightly different, depending on the versions in your local environment. But you should see that related deps are changed.
We use incrementalmerkletree to generate witnesses for a balance proof. So that, the Zcash mainnet note value can be proven for use in voting on a separate L2.
p0mvn
force-pushed
the
roman/voting-generate-note-witnesses
branch
3 times, most recently
from
2418cfe to
23c0d72
Compare
czarcas7ic
reviewed
May 7, 2026
czarcas7ic
reviewed
May 7, 2026
p0mvn
force-pushed
the
roman/voting-generate-note-witnesses
branch
4 times, most recently
from
7cda4ad to
29c0ce3
Compare
Adds `zcashlc_voting_generate_note_witnesses`, the next FFI step in the shielded voting wiring (zcash#1661). It generates Orchard Merkle inclusion witnesses for the notes in a voting bundle, anchored at the round's snapshot height, caches them in the voting DB via `VotingDb::store_witnesses`, and returns them JSON-encoded as `Vec<WitnessData>` in a `*mut FfiBoxedSlice`. Implementation notes: - Loads the cached `TreeState` and `RoundParams` from the voting DB inside a scoped block, decodes the protobuf, and takes the Orchard frontier from the snapshot. - Rejects stale cached `TreeState` values whose decoded height or Orchard root do not match the round's `snapshot_height` and `nc_root`. - Opens the wallet DB with the caller-supplied `network_id` (parsed via `parse_network`) and calls `WalletDb::generate_orchard_witnesses_at_historical_height` for the bundle's note positions. - `RoundParams.snapshot_height` is `u64`; `BlockHeight` is `u32`-backed. Uses a checked `u32::try_from` rather than silently truncating. - Empty `notes_json` is treated as the empty notes list (no JSON parsing), matching the contract of `zcashlc_voting_precompute_delegation_pir`. - `# Safety` block documents every `(ptr, len)` pair, the empty-input rule, and the `network_id` enum. Adds `incrementalmerkletree 0.8` as a direct Rust dependency (used for `Position` and the `MerklePath` returned by the wallet DB). Adds a `JsonWitnessData` shape and `From<voting::WitnessData>` impl in `voting/json.rs`. Tests: `generate_note_witnesses_rejects_null_db`, `generate_note_witnesses_rejects_invalid_network_id`, and cached `TreeState` validation coverage for matching state, height mismatch, and root mismatch. The focused `cargo test voting::delegation` suite passes. No Swift API surface is added in this step; the Swift wrapper will land in a follow-up PR, matching the per-step pattern used for the other voting FFI symbols on this branch.
p0mvn
force-pushed
the
roman/voting-generate-note-witnesses
branch
from
7b2b53b to
7d58600
Compare
Collaborator
Author
|
Resolving conflict |
nullcopy
requested changes
May 8, 2026
nullcopy
left a comment
nullcopy
left a comment
Contributor
There was a problem hiding this comment.
In addition to the comments below, I think it'd be good to tighten up test coverage. Notable gaps:
- no test for multi-note bundles
- end-to-end stale-TreeState rejection through the FFI
- empty-frontier rejection
- notes_json_len == 0 happy path against a fully-set-up DB.
Collaborator
Author
|
Thanks, addressing |
Adds FFI-level coverage for multi-note witnesses, stale TreeState rejection, empty-frontier handling, and empty notes input so witness generation cannot silently regress.
nullcopy
approved these changes
May 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tracks #1661
Summary
Adds
zcashlc_voting_generate_note_witnesses, the next FFI step in the shielded voting wiring (#1661). It generates Orchard Merkle inclusion witnesses for the notes in a voting bundle, anchored at the round's snapshot height, caches them in the voting DB, and returns them JSON-encoded asVec<WitnessData>.Dependencies
Adds
incrementalmerkletree 0.8(default-features = false) as a direct Rust dependency, used forPositionand theMerklePathreturned by the wallet DB. The crate was already in the transitive graph viazcash_client_sqlite/zcash_voting; this just makes the use site explicit.API surface
zcashlc_voting_generate_note_witnesses(Rust FFI only).JsonWitnessDataandFrom<voting::WitnessData> for JsonWitnessDataimpl invoting/json.rs.