Remove Sighash

PIVX-Project · Sep 13, 2023 · b63f9da · b63f9da
1 parent b09c23e
commit b63f9da
Show file tree

Hide file tree

Showing 8 changed files with 146 additions and 37 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ byteorder = "1.4.3"
 group = "0.13"
 rand_core = "0.6.4"
 jubjub = "0.10.0"
-zcash_primitives = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
-zcash_proofs = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
+zcash_primitives = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
+zcash_proofs = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
 zcash_note_encryption = "0.3.0"
 
diff --git a/src/primitives/block.h b/src/primitives/block.h
@@ -83,7 +83,6 @@ class ShieldStakeProof
  CAmount amount;
  uint256 inputCv;
  uint256 rk;
- SpendDescription::spend_auth_sig_t spendSig;
  libzcash::GrothProof inputProof = {{0}};
 
  uint256 outputCv;
@@ -96,7 +95,6 @@ class ShieldStakeProof
  {
  amount = 0;
  inputCv.SetNull();
- spendSig = {{0}};
  rk.SetNull();
  inputProof = {{0}};
  outputCv.SetNull();
@@ -110,7 +108,6 @@ class ShieldStakeProof
  READWRITE(obj.amount);
  READWRITE(obj.inputCv);
  READWRITE(obj.rk);
- READWRITE(obj.spendSig);
  READWRITE(obj.inputProof);
  READWRITE(obj.epk);
  READWRITE(obj.cmu);

diff --git a/src/rust/include/librustzcash.h b/src/rust/include/librustzcash.h
@@ -1,6 +1,7 @@
 #ifndef LIBRUSTZCASH_INCLUDE_H_
 #define LIBRUSTZCASH_INCLUDE_H_
 
+#include <cstddef>
 #include <stdint.h>
 
 extern "C" {

diff --git a/src/rust/src/rustzcash.rs b/src/rust/src/rustzcash.rs
@@ -588,9 +588,12 @@ pub extern "system" fn librustzcash_sapling_check_spend(
  };
 
  // Deserialize the signature
- let spend_auth_sig = match Signature::read(&(unsafe { &*spend_auth_sig })[..]) {
- Ok(sig) => sig,
- Err(_) => return false,
+ // Spend auth sig is not needed in shield stake proofs.
+ // See #2836 for details
+ let spend_auth_sig = if spend_auth_sig.is_null() {
+ None
+ } else {
+ Signature::read(&(unsafe { &*spend_auth_sig })[..]).ok()
  };
 
  // Deserialize the proof
@@ -599,12 +602,18 @@ pub extern "system" fn librustzcash_sapling_check_spend(
  Err(_) => return false,
  };
 
+ let sighash_value = if sighash_value.is_null() {
+ [0u8; 32]
+ } else {
+ unsafe { *sighash_value }
+ };
+
  unsafe { &mut *ctx }.check_spend(
  &cv,
  anchor,
  unsafe { &*nullifier },
  rk.clone(),
- unsafe { &*sighash_value },
+ &sighash_value,
  spend_auth_sig,
  zkproof.clone(),
  unsafe { SAPLING_SPEND_VK.as_ref() }.unwrap(),
@@ -684,7 +693,15 @@ pub extern "system" fn librustzcash_sapling_final_check(
  Err(_) => return false,
  };
 
- unsafe { &*ctx }.final_check(value_balance, unsafe { &*sighash_value }, binding_sig)
+ // Sighash is not needed in Shield stake proof.
+ // See #2836 for details.
+ let sighash_value = if sighash_value.is_null() {
+ [0u8; 32]
+ } else {
+ unsafe { *sighash_value }
+ };
+
+ unsafe { &*ctx }.final_check(value_balance, &sighash_value, binding_sig)
 }
 
 #[no_mangle]

diff --git a/src/rust/src/tests/notes.rs b/src/rust/src/tests/notes.rs
@@ -1,5 +1,4 @@
-use crate::librustzcash_sapling_compute_cm;
-use crate::librustzcash_sapling_compute_nf;
+use crate::{librustzcash_sapling_compute_cm, librustzcash_sapling_compute_nf};
 
 #[test]
 fn notes() {

diff --git a/src/sapling/sapling_validation.cpp b/src/sapling/sapling_validation.cpp
@@ -240,18 +240,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
  const auto& p = block.shieldStakeProof;
  const int DOS_LEVEL_BLOCK = 100;
 
- uint256 dataToBeSigned;
- try {
- // TODO: write signature for shield
- // dataToBeSigned = SignatureHash(scriptCode, tx, NOT_AN_INPUT, SIGHASH_ALL, 0, SIGVERSION_SAPLING);
- } catch (const std::logic_error& ex) {
- // A logic error should never occur because we pass NOT_AN_INPUT and
- // SIGHASH_ALL to SignatureHash().
- return state.DoS(100, error("%s: error computing signature hash", __func__),
- REJECT_INVALID, "error-computing-signature-hash");
- }
-
- if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), p.spendSig.begin(), dataToBeSigned.begin())) {
+ if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), nullptr, nullptr)) {
  librustzcash_sapling_verification_ctx_free(ctx);
  return state.DoS(
  DOS_LEVEL_BLOCK,
@@ -265,7 +254,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
  REJECT_INVALID, "bad-txns-sapling-output-description-invalid");
  }
 
- if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), dataToBeSigned.begin())) {
+ if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), nullptr)) {
  librustzcash_sapling_verification_ctx_free(ctx);
  return state.DoS(
  100,

diff --git a/src/sapling/saplingscriptpubkeyman.cpp b/src/sapling/saplingscriptpubkeyman.cpp
@@ -1362,12 +1362,6 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
  ss << witnesses[0]->path();
  std::vector<unsigned char> witness(ss.begin(), ss.end());
  assert(anchor == spendNote.anchor);
- librustzcash_sapling_spend_sig(
- sk.expsk.ask.begin(),
- alpha.begin(),
- dataToBeSigned.begin(),
- block.shieldStakeProof.spendSig.data());
-
  if (!librustzcash_sapling_spend_proof(ctx, sk.expsk.full_viewing_key().ak.begin(),
  sk.expsk.nsk.begin(),
  note.note.d.data(),
@@ -1410,6 +1404,7 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
  librustzcash_sapling_proving_ctx_free(ctx);
  return false;
  }
+
  librustzcash_sapling_proving_ctx_free(ctx);
  block.shieldStakeProof.amount = suggestedValue;
  LogPrintf("%s : Shield Stake proof generated with value %d\n", __func__, suggestedValue);