diff --git a/librustzcash/src/rustzcash.rs b/librustzcash/src/rustzcash.rs index 9878bec..084d5b0 100644 --- a/librustzcash/src/rustzcash.rs +++ b/librustzcash/src/rustzcash.rs @@ -50,7 +50,7 @@ use zcash_primitives::{ fs::{Fs, FsRepr}, FixedGenerators, JubjubEngine, JubjubParams, PrimeOrder, ToUniform, Unknown, }, - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, note_encryption::sapling_ka_agree, primitives::{Diversifier, Note, PaymentAddress, ProofGenerationKey, ViewingKey}, redjubjub::{self, Signature}, @@ -980,7 +980,7 @@ pub extern "C" fn librustzcash_sapling_spend_proof( ar: *const [c_uchar; 32], value: u64, anchor: *const [c_uchar; 32], - witness: *const [c_uchar; 1 + 33 * SAPLING_TREE_DEPTH + 8], + merkle_path: *const [c_uchar; 1 + 33 * SAPLING_TREE_DEPTH + 8], cv: *mut [c_uchar; 32], rk_out: *mut [c_uchar; 32], zkproof: *mut [c_uchar; GROTH_PROOF_SIZE], @@ -1030,9 +1030,8 @@ pub extern "C" fn librustzcash_sapling_spend_proof( Err(_) => return false, }; - // The witness contains the incremental tree witness information, in a - // weird serialized format. - let witness = match CommitmentTreeWitness::from_slice(unsafe { &(&*witness)[..] }) { + // Parse the Merkle path from the caller + let merkle_path = match MerklePath::from_slice(unsafe { &(&*merkle_path)[..] }) { Ok(w) => w, Err(_) => return false, }; @@ -1046,7 +1045,7 @@ pub extern "C" fn librustzcash_sapling_spend_proof( ar, value, anchor, - witness, + merkle_path, unsafe { SAPLING_SPEND_PARAMS.as_ref() }.unwrap(), unsafe { SAPLING_SPEND_VK.as_ref() }.unwrap(), &JUBJUB, diff --git a/zcash_primitives/src/merkle_tree.rs b/zcash_primitives/src/merkle_tree.rs index 016f2a3..53600e5 100644 --- a/zcash_primitives/src/merkle_tree.rs +++ b/zcash_primitives/src/merkle_tree.rs @@ -375,11 +375,11 @@ impl IncrementalWitness { } /// Returns the current witness, or None if the tree is empty. - pub fn path(&self) -> Option> { + pub fn path(&self) -> Option> { self.path_inner(SAPLING_COMMITMENT_TREE_DEPTH) } - fn path_inner(&self, depth: usize) -> Option> { + fn path_inner(&self, depth: usize) -> Option> { let mut filler = self.filler(); let mut auth_path = Vec::new(); @@ -406,31 +406,27 @@ impl IncrementalWitness { } assert_eq!(auth_path.len(), depth); - Some(CommitmentTreeWitness::from_path( - auth_path, - self.position() as u64, - )) + Some(MerklePath::from_path(auth_path, self.position() as u64)) } } -/// A witness to a path from a position in a particular commitment tree to the root of -/// that tree. +/// A path from a position in a particular commitment tree to the root of that tree. #[derive(Clone, Debug, PartialEq)] -pub struct CommitmentTreeWitness { +pub struct MerklePath { pub auth_path: Vec<(Node, bool)>, pub position: u64, } -impl CommitmentTreeWitness { - /// Constructs a witness directly from its path and position. +impl MerklePath { + /// Constructs a Merkle path directly from a path and position. pub fn from_path(auth_path: Vec<(Node, bool)>, position: u64) -> Self { - CommitmentTreeWitness { + MerklePath { auth_path, position, } } - /// Reads a witness from its serialized form. + /// Reads a Merkle path from its serialized form. pub fn from_slice(witness: &[u8]) -> Result { Self::from_slice_with_depth(witness, SAPLING_COMMITMENT_TREE_DEPTH) } @@ -486,7 +482,7 @@ impl CommitmentTreeWitness { // have provided more information than they should have, indicating // a bug downstream if witness.is_empty() { - Ok(CommitmentTreeWitness { + Ok(MerklePath { auth_path, position, }) @@ -495,7 +491,7 @@ impl CommitmentTreeWitness { } } - /// Returns the root of the tree corresponding to the witness. + /// Returns the root of the tree corresponding to this path applied to `leaf`. pub fn root(&self, leaf: Node) -> Node { self.auth_path .iter() @@ -512,7 +508,7 @@ impl CommitmentTreeWitness { #[cfg(test)] mod tests { - use super::{CommitmentTree, CommitmentTreeWitness, Hashable, IncrementalWitness, PathFiller}; + use super::{CommitmentTree, Hashable, IncrementalWitness, MerklePath, PathFiller}; use crate::sapling::Node; use ff::PrimeFieldRepr; @@ -611,7 +607,7 @@ mod tests { self.0.root_inner(TESTING_DEPTH) } - fn path(&self) -> Option> { + fn path(&self) -> Option> { self.0.path_inner(TESTING_DEPTH) } } @@ -1047,7 +1043,7 @@ mod tests { if let Some(leaf) = leaf { let path = witness.path().expect("should be able to create a path"); - let expected = CommitmentTreeWitness::from_slice_with_depth( + let expected = MerklePath::from_slice_with_depth( &mut hex::decode(paths[paths_i]).unwrap(), TESTING_DEPTH, ) diff --git a/zcash_primitives/src/prover.rs b/zcash_primitives/src/prover.rs index d071816..932573d 100644 --- a/zcash_primitives/src/prover.rs +++ b/zcash_primitives/src/prover.rs @@ -7,7 +7,7 @@ use crate::{ use pairing::bls12_381::{Bls12, Fr}; use crate::{ - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, redjubjub::{PublicKey, Signature}, sapling::Node, transaction::components::{Amount, GROTH_PROOF_SIZE}, @@ -35,7 +35,7 @@ pub trait TxProver { ar: Fs, value: u64, anchor: Fr, - witness: CommitmentTreeWitness, + merkle_path: MerklePath, ) -> Result< ( [u8; GROTH_PROOF_SIZE], @@ -82,7 +82,7 @@ pub(crate) mod mock { }; use crate::{ - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, redjubjub::{PublicKey, Signature}, sapling::Node, transaction::components::{Amount, GROTH_PROOF_SIZE}, @@ -108,7 +108,7 @@ pub(crate) mod mock { ar: Fs, value: u64, _anchor: Fr, - _witness: CommitmentTreeWitness, + _merkle_path: MerklePath, ) -> Result< ( [u8; GROTH_PROOF_SIZE], diff --git a/zcash_primitives/src/transaction/builder.rs b/zcash_primitives/src/transaction/builder.rs index 4a6246c..ba2be5b 100644 --- a/zcash_primitives/src/transaction/builder.rs +++ b/zcash_primitives/src/transaction/builder.rs @@ -13,7 +13,7 @@ use crate::{ consensus, keys::OutgoingViewingKey, legacy::TransparentAddress, - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, note_encryption::{generate_esk, Memo, SaplingNoteEncryption}, prover::TxProver, redjubjub::PrivateKey, @@ -53,7 +53,7 @@ struct SpendDescriptionInfo { diversifier: Diversifier, note: Note, alpha: Fs, - witness: CommitmentTreeWitness, + merkle_path: MerklePath, } pub struct SaplingOutput { @@ -334,24 +334,24 @@ impl Builder { /// Adds a Sapling note to be spent in this transaction. /// - /// Returns an error if the given witness does not have the same anchor as previous - /// witnesses, or has no path. + /// Returns an error if the given Merkle path does not have the same anchor as the + /// paths for previous Sapling notes. pub fn add_sapling_spend( &mut self, extsk: ExtendedSpendingKey, diversifier: Diversifier, note: Note, - witness: CommitmentTreeWitness, + merkle_path: MerklePath, ) -> Result<(), Error> { // Consistency check: all anchors must equal the first one let cm = Node::new(note.cm(&JUBJUB).into()); if let Some(anchor) = self.anchor { - let witness_root: Fr = witness.root(cm).into(); - if witness_root != anchor { + let path_root: Fr = merkle_path.root(cm).into(); + if path_root != anchor { return Err(Error::AnchorMismatch); } } else { - self.anchor = Some(witness.root(cm).into()) + self.anchor = Some(merkle_path.root(cm).into()) } let alpha = Fs::random(&mut self.rng); @@ -363,7 +363,7 @@ impl Builder { diversifier, note, alpha, - witness, + merkle_path, }); Ok(()) @@ -521,7 +521,7 @@ impl Builder { let mut nullifier = [0u8; 32]; nullifier.copy_from_slice(&spend.note.nf( &proof_generation_key.to_viewing_key(&JUBJUB), - spend.witness.position, + spend.merkle_path.position, &JUBJUB, )); @@ -534,7 +534,7 @@ impl Builder { spend.alpha, spend.note.value, anchor, - spend.witness.clone(), + spend.merkle_path.clone(), ) .map_err(|()| Error::SpendProof)?; diff --git a/zcash_proofs/src/prover.rs b/zcash_proofs/src/prover.rs index 6dd5767..c4608f7 100644 --- a/zcash_proofs/src/prover.rs +++ b/zcash_proofs/src/prover.rs @@ -9,7 +9,7 @@ use zcash_primitives::{ primitives::{Diversifier, PaymentAddress, ProofGenerationKey}, }; use zcash_primitives::{ - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, prover::TxProver, redjubjub::{PublicKey, Signature}, sapling::Node, @@ -127,7 +127,7 @@ impl TxProver for LocalTxProver { ar: Fs, value: u64, anchor: Fr, - witness: CommitmentTreeWitness, + merkle_path: MerklePath, ) -> Result< ( [u8; GROTH_PROOF_SIZE], @@ -143,7 +143,7 @@ impl TxProver for LocalTxProver { ar, value, anchor, - witness, + merkle_path, &self.spend_params, &self.spend_vk, &JUBJUB, diff --git a/zcash_proofs/src/sapling/prover.rs b/zcash_proofs/src/sapling/prover.rs index 6bf43d3..32e4229 100644 --- a/zcash_proofs/src/sapling/prover.rs +++ b/zcash_proofs/src/sapling/prover.rs @@ -10,7 +10,7 @@ use zcash_primitives::{ primitives::{Diversifier, Note, PaymentAddress, ProofGenerationKey, ValueCommitment}, }; use zcash_primitives::{ - merkle_tree::CommitmentTreeWitness, + merkle_tree::MerklePath, redjubjub::{PrivateKey, PublicKey, Signature}, sapling::Node, transaction::components::Amount, @@ -46,7 +46,7 @@ impl SaplingProvingContext { ar: Fs, value: u64, anchor: Fr, - witness: CommitmentTreeWitness, + merkle_path: MerklePath, proving_key: &Parameters, verifying_key: &PreparedVerifyingKey, params: &JubjubBls12, @@ -104,7 +104,7 @@ impl SaplingProvingContext { r: rcm, }; - let nullifier = note.nf(&viewing_key, witness.position, params); + let nullifier = note.nf(&viewing_key, merkle_path.position, params); // We now have the full witness for our circuit let instance = Spend { @@ -114,7 +114,7 @@ impl SaplingProvingContext { payment_address: Some(payment_address), commitment_randomness: Some(rcm), ar: Some(ar), - auth_path: witness + auth_path: merkle_path .auth_path .iter() .map(|(node, b)| Some(((*node).into(), *b)))