Skip to content

Commit

Permalink
Remove Sighash
Browse files Browse the repository at this point in the history
  • Loading branch information
Duddino committed Sep 13, 2023
1 parent b09c23e commit b63f9da
Show file tree
Hide file tree
Showing 8 changed files with 146 additions and 37 deletions.
123 changes: 117 additions & 6 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ byteorder = "1.4.3"
group = "0.13"
rand_core = "0.6.4"
jubjub = "0.10.0"
zcash_primitives = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
zcash_proofs = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
zcash_primitives = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
zcash_proofs = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
zcash_note_encryption = "0.3.0"

3 changes: 0 additions & 3 deletions src/primitives/block.h
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,6 @@ class ShieldStakeProof
CAmount amount;
uint256 inputCv;
uint256 rk;
SpendDescription::spend_auth_sig_t spendSig;
libzcash::GrothProof inputProof = {{0}};

uint256 outputCv;
Expand All @@ -96,7 +95,6 @@ class ShieldStakeProof
{
amount = 0;
inputCv.SetNull();
spendSig = {{0}};
rk.SetNull();
inputProof = {{0}};
outputCv.SetNull();
Expand All @@ -110,7 +108,6 @@ class ShieldStakeProof
READWRITE(obj.amount);
READWRITE(obj.inputCv);
READWRITE(obj.rk);
READWRITE(obj.spendSig);
READWRITE(obj.inputProof);
READWRITE(obj.epk);
READWRITE(obj.cmu);
Expand Down
1 change: 1 addition & 0 deletions src/rust/include/librustzcash.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#ifndef LIBRUSTZCASH_INCLUDE_H_
#define LIBRUSTZCASH_INCLUDE_H_

#include <cstddef>
#include <stdint.h>

extern "C" {
Expand Down
27 changes: 22 additions & 5 deletions src/rust/src/rustzcash.rs
Original file line number Diff line number Diff line change
Expand Up @@ -588,9 +588,12 @@ pub extern "system" fn librustzcash_sapling_check_spend(
};

// Deserialize the signature
let spend_auth_sig = match Signature::read(&(unsafe { &*spend_auth_sig })[..]) {
Ok(sig) => sig,
Err(_) => return false,
// Spend auth sig is not needed in shield stake proofs.
// See #2836 for details
let spend_auth_sig = if spend_auth_sig.is_null() {
None
} else {
Signature::read(&(unsafe { &*spend_auth_sig })[..]).ok()
};

// Deserialize the proof
Expand All @@ -599,12 +602,18 @@ pub extern "system" fn librustzcash_sapling_check_spend(
Err(_) => return false,
};

let sighash_value = if sighash_value.is_null() {
[0u8; 32]
} else {
unsafe { *sighash_value }
};

unsafe { &mut *ctx }.check_spend(
&cv,
anchor,
unsafe { &*nullifier },
rk.clone(),
unsafe { &*sighash_value },
&sighash_value,
spend_auth_sig,
zkproof.clone(),
unsafe { SAPLING_SPEND_VK.as_ref() }.unwrap(),
Expand Down Expand Up @@ -684,7 +693,15 @@ pub extern "system" fn librustzcash_sapling_final_check(
Err(_) => return false,
};

unsafe { &*ctx }.final_check(value_balance, unsafe { &*sighash_value }, binding_sig)
// Sighash is not needed in Shield stake proof.
// See #2836 for details.
let sighash_value = if sighash_value.is_null() {
[0u8; 32]
} else {
unsafe { *sighash_value }
};

unsafe { &*ctx }.final_check(value_balance, &sighash_value, binding_sig)
}

#[no_mangle]
Expand Down
3 changes: 1 addition & 2 deletions src/rust/src/tests/notes.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
use crate::librustzcash_sapling_compute_cm;
use crate::librustzcash_sapling_compute_nf;
use crate::{librustzcash_sapling_compute_cm, librustzcash_sapling_compute_nf};

#[test]
fn notes() {
Expand Down
15 changes: 2 additions & 13 deletions src/sapling/sapling_validation.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -240,18 +240,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
const auto& p = block.shieldStakeProof;
const int DOS_LEVEL_BLOCK = 100;

uint256 dataToBeSigned;
try {
// TODO: write signature for shield
// dataToBeSigned = SignatureHash(scriptCode, tx, NOT_AN_INPUT, SIGHASH_ALL, 0, SIGVERSION_SAPLING);
} catch (const std::logic_error& ex) {
// A logic error should never occur because we pass NOT_AN_INPUT and
// SIGHASH_ALL to SignatureHash().
return state.DoS(100, error("%s: error computing signature hash", __func__),
REJECT_INVALID, "error-computing-signature-hash");
}

if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), p.spendSig.begin(), dataToBeSigned.begin())) {
if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), nullptr, nullptr)) {
librustzcash_sapling_verification_ctx_free(ctx);
return state.DoS(
DOS_LEVEL_BLOCK,
Expand All @@ -265,7 +254,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
REJECT_INVALID, "bad-txns-sapling-output-description-invalid");
}

if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), dataToBeSigned.begin())) {
if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), nullptr)) {
librustzcash_sapling_verification_ctx_free(ctx);
return state.DoS(
100,
Expand Down
7 changes: 1 addition & 6 deletions src/sapling/saplingscriptpubkeyman.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1362,12 +1362,6 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
ss << witnesses[0]->path();
std::vector<unsigned char> witness(ss.begin(), ss.end());
assert(anchor == spendNote.anchor);
librustzcash_sapling_spend_sig(
sk.expsk.ask.begin(),
alpha.begin(),
dataToBeSigned.begin(),
block.shieldStakeProof.spendSig.data());

if (!librustzcash_sapling_spend_proof(ctx, sk.expsk.full_viewing_key().ak.begin(),
sk.expsk.nsk.begin(),
note.note.d.data(),
Expand Down Expand Up @@ -1410,6 +1404,7 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
librustzcash_sapling_proving_ctx_free(ctx);
return false;
}

librustzcash_sapling_proving_ctx_free(ctx);
block.shieldStakeProof.amount = suggestedValue;
LogPrintf("%s : Shield Stake proof generated with value %d\n", __func__, suggestedValue);
Expand Down

0 comments on commit b63f9da

Please sign in to comment.