Basic Sapling transaction primitive data.

furszy · furszy · commit abba85de0cda · 2020-09-14T21:57:55.000-03:00
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -135,7 +135,8 @@ LIBSAPLING_H = \
   sapling/note.hpp \
   sapling/zip32.h \
   sapling/saplingscriptpubkeyman.h \
-  sapling/proof.hpp
+  sapling/proof.hpp \
+  sapling/sapling_transaction.h
 
 .PHONY: FORCE cargo-build check-symbols check-security
 # pivx core #
diff --git a/src/primitives/transaction.cpp b/src/primitives/transaction.cpp
@@ -115,7 +115,7 @@ std::string CTxOut::ToString() const
 }
 
 CMutableTransaction::CMutableTransaction() : nVersion(CTransaction::CURRENT_VERSION), nLockTime(0) {}
-CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {}
+CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime), sapData(tx.sapData) {}
 
 uint256 CMutableTransaction::GetHash() const
 {
@@ -149,7 +149,7 @@ size_t CTransaction::DynamicMemoryUsage() const
 
 CTransaction::CTransaction() : nVersion(CTransaction::CURRENT_VERSION), vin(), vout(), nLockTime(0) { }
 
-CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {
+CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime), sapData(tx.sapData) {
     UpdateHash();
 }
 
@@ -159,6 +159,7 @@ CTransaction& CTransaction::operator=(const CTransaction &tx) {
     *const_cast<std::vector<CTxOut>*>(&vout) = tx.vout;
     *const_cast<unsigned int*>(&nLockTime) = tx.nLockTime;
     *const_cast<uint256*>(&hash) = tx.hash;
+    *const_cast<SaplingTxData*>(&sapData) = tx.sapData;
     return *this;
 }
 
diff --git a/src/primitives/transaction.h b/src/primitives/transaction.h
@@ -13,6 +13,8 @@
 #include "serialize.h"
 #include "uint256.h"
 
+#include "sapling/sapling_transaction.h"
+
 #include <list>
 
 class CTransaction;
@@ -71,6 +73,16 @@ class COutPoint : public BaseOutPoint
     std::string ToString() const;
 };
 
+/** An outpoint - a combination of a transaction hash and an index n into its sapling
+ * output description (vShieldedOutput) */
+class SaplingOutPoint : public BaseOutPoint
+{
+public:
+    SaplingOutPoint() : BaseOutPoint() {};
+    SaplingOutPoint(uint256 hashIn, uint32_t nIn) : BaseOutPoint(hashIn, nIn) {};
+    std::string ToString() const;
+};
+
 /** An input of a transaction.  It contains the location of the previous
  * transaction's output that it claims and a signature that matches the
  * output's public key.
@@ -230,7 +242,10 @@ class CTransaction
     void UpdateHash() const;
 
 public:
-    static const int32_t CURRENT_VERSION=1;
+    static const int32_t STANDARD_VERSION = 1;
+    static const int32_t SAPLING_VERSION = 2;
+
+    static const int32_t CURRENT_VERSION = STANDARD_VERSION;
 
     // The local variables are made const to prevent unintended modification
     // without updating the cached hash value. However, CTransaction is not
@@ -241,7 +256,7 @@ class CTransaction
     std::vector<CTxIn> vin;
     std::vector<CTxOut> vout;
     const uint32_t nLockTime;
-    //const unsigned int nTime;
+    SaplingTxData sapData;
 
     /** Construct a CTransaction that qualifies as IsNull() */
     CTransaction();
@@ -259,6 +274,11 @@ class CTransaction
         READWRITE(*const_cast<std::vector<CTxIn>*>(&vin));
         READWRITE(*const_cast<std::vector<CTxOut>*>(&vout));
         READWRITE(*const_cast<uint32_t*>(&nLockTime));
+
+        if (nVersion >= CTransaction::SAPLING_VERSION) {
+            READWRITE(*const_cast<SaplingTxData*>(&sapData));
+        }
+
         if (ser_action.ForRead())
             UpdateHash();
     }
@@ -327,6 +347,7 @@ struct CMutableTransaction
     std::vector<CTxIn> vin;
     std::vector<CTxOut> vout;
     uint32_t nLockTime;
+    SaplingTxData sapData;
 
     CMutableTransaction();
     CMutableTransaction(const CTransaction& tx);
@@ -339,6 +360,10 @@ struct CMutableTransaction
         READWRITE(vin);
         READWRITE(vout);
         READWRITE(nLockTime);
+
+        if (nVersion >= CTransaction::SAPLING_VERSION) {
+            READWRITE(*const_cast<SaplingTxData*>(&sapData));
+        }
     }
 
     /** Compute the hash of this CMutableTransaction. This is computed on the
diff --git a/src/sapling/sapling_transaction.h b/src/sapling/sapling_transaction.h
@@ -0,0 +1,152 @@
+// Copyright (c) 2016-2020 The ZCash developers
+// Copyright (c) 2020 The PIVX developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef PIVX_SAPLING_TRANSACTION_H
+#define PIVX_SAPLING_TRANSACTION_H
+
+#include "serialize.h"
+#include "streams.h"
+#include "uint256.h"
+#include "consensus/consensus.h"
+
+#include "sapling/noteencryption.hpp"
+#include "sapling/sapling.h"
+#include "sapling/proof.hpp"
+
+#include <boost/variant.hpp>
+
+// These constants are defined in the protocol § 7.1:
+// https://zips.z.cash/protocol/protocol.pdf#txnencoding
+#define OUTPUTDESCRIPTION_SIZE 948
+#define SPENDDESCRIPTION_SIZE 384
+
+namespace libzcash {
+    static constexpr size_t GROTH_PROOF_SIZE = (
+            48 + // π_A
+            96 + // π_B
+            48); // π_C
+
+    typedef std::array<unsigned char, GROTH_PROOF_SIZE> GrothProof;
+}
+
+/**
+ * A shielded input to a transaction. It contains data that describes a Spend transfer.
+ */
+class SpendDescription
+{
+public:
+    typedef std::array<unsigned char, 64> spend_auth_sig_t;
+
+    uint256 cv;                    //!< A value commitment to the value of the input note.
+    uint256 anchor;                //!< A Merkle root of the Sapling note commitment tree at some block height in the past.
+    uint256 nullifier;             //!< The nullifier of the input note.
+    uint256 rk;                    //!< The randomized public key for spendAuthSig.
+    libzcash::GrothProof zkproof;  //!< A zero-knowledge proof using the spend circuit.
+    spend_auth_sig_t spendAuthSig; //!< A signature authorizing this spend.
+
+    SpendDescription() { }
+
+    ADD_SERIALIZE_METHODS;
+
+    template <typename Stream, typename Operation>
+    inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) {
+        READWRITE(cv);
+        READWRITE(anchor);
+        READWRITE(nullifier);
+        READWRITE(rk);
+        READWRITE(zkproof);
+        READWRITE(spendAuthSig);
+    }
+
+    friend bool operator==(const SpendDescription& a, const SpendDescription& b)
+    {
+        return (
+                a.cv == b.cv &&
+                a.anchor == b.anchor &&
+                a.nullifier == b.nullifier &&
+                a.rk == b.rk &&
+                a.zkproof == b.zkproof &&
+                a.spendAuthSig == b.spendAuthSig
+        );
+    }
+
+    friend bool operator!=(const SpendDescription& a, const SpendDescription& b)
+    {
+        return !(a == b);
+    }
+};
+
+/**
+ * A shielded output to a transaction. It contains data that describes an Output transfer.
+ */
+class OutputDescription
+{
+public:
+    uint256 cv;                     //!< A value commitment to the value of the output note.
+    uint256 cmu;                     //!< The u-coordinate of the note commitment for the output note.
+    uint256 ephemeralKey;           //!< A Jubjub public key.
+    libzcash::SaplingEncCiphertext encCiphertext; //!< A ciphertext component for the encrypted output note.
+    libzcash::SaplingOutCiphertext outCiphertext; //!< A ciphertext component for the encrypted output note.
+    libzcash::GrothProof zkproof;   //!< A zero-knowledge proof using the output circuit.
+
+    OutputDescription() { }
+
+    ADD_SERIALIZE_METHODS;
+
+    template <typename Stream, typename Operation>
+    inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) {
+        READWRITE(cv);
+        READWRITE(cmu);
+        READWRITE(ephemeralKey);
+        READWRITE(encCiphertext);
+        READWRITE(outCiphertext);
+        READWRITE(zkproof);
+    }
+
+    friend bool operator==(const OutputDescription& a, const OutputDescription& b)
+    {
+        return (
+                a.cv == b.cv &&
+                a.cmu == b.cmu &&
+                a.ephemeralKey == b.ephemeralKey &&
+                a.encCiphertext == b.encCiphertext &&
+                a.outCiphertext == b.outCiphertext &&
+                a.zkproof == b.zkproof
+        );
+    }
+
+    friend bool operator!=(const OutputDescription& a, const OutputDescription& b)
+    {
+        return !(a == b);
+    }
+};
+
+class SaplingTxData
+{
+public:
+    typedef std::array<unsigned char, 64> binding_sig_t;
+
+    CAmount valueBalance{0};
+    std::vector<SpendDescription> vShieldedSpend;
+    std::vector<OutputDescription> vShieldedOutput;
+    binding_sig_t bindingSig = {{0}};
+
+    ADD_SERIALIZE_METHODS;
+
+    template <typename Stream, typename Operation>
+    inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion)
+    {
+        READWRITE(*const_cast<CAmount*>(&valueBalance));
+        READWRITE(*const_cast<std::vector<SpendDescription>*>(&vShieldedSpend));
+        READWRITE(*const_cast<std::vector<OutputDescription>*>(&vShieldedOutput));
+        READWRITE(*const_cast<binding_sig_t*>(&bindingSig));
+    }
+
+    explicit SaplingTxData() : valueBalance(0), vShieldedSpend(), vShieldedOutput() { }
+    explicit SaplingTxData(const SaplingTxData& from) : valueBalance(from.valueBalance), vShieldedSpend(from.vShieldedSpend), vShieldedOutput(from.vShieldedOutput), bindingSig(from.bindingSig) {}
+};
+
+
+#endif //PIVX_SAPLING_TRANSACTION_H

Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ std::string CTxOut::ToString() const`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`CMutableTransaction::CMutableTransaction() : nVersion(CTransaction::CURRENT_VERSION), nLockTime(0) {}`
`118`		`-CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {}`
	`118`	`+CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime), sapData(tx.sapData) {}`
`119`	`119`
`120`	`120`	`uint256 CMutableTransaction::GetHash() const`
`121`	`121`	`{`
`@@ -149,7 +149,7 @@ size_t CTransaction::DynamicMemoryUsage() const`
`149`	`149`
`150`	`150`	`CTransaction::CTransaction() : nVersion(CTransaction::CURRENT_VERSION), vin(), vout(), nLockTime(0) { }`
`151`	`151`
`152`		`-CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {`
	`152`	`+CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime), sapData(tx.sapData) {`
`153`	`153`	`UpdateHash();`
`154`	`154`	`}`
`155`	`155`
`@@ -159,6 +159,7 @@ CTransaction& CTransaction::operator=(const CTransaction &tx) {`
`159`	`159`	`const_cast<std::vector<CTxOut>>(&vout) = tx.vout;`
`160`	`160`	`const_cast<unsigned int>(&nLockTime) = tx.nLockTime;`
`161`	`161`	`const_cast<uint256>(&hash) = tx.hash;`
	`162`	`+ const_cast<SaplingTxData>(&sapData) = tx.sapData;`
`162`	`163`	`return *this;`
`163`	`164`	`}`
`164`	`165`