Switch to Ed25519 for cryptographic binding of joinsplits to transactions.

src/test/sighash_tests.cpp

@@ -13,7 +13,6 @@
 #include "util.h"
 #include "version.h"
 #include "sodium.h"
-#include "key.h"
 
 #include <iostream>
 
@@ -82,7 +81,8 @@ uint256 static SignatureHashOld(CScript scriptCode, const CTransaction& txTo, un
         txTmp.vin.resize(1);
     }
 
-    txTmp.joinSplitSig = {};
+    // Blank out the joinsplit signature.
+    memset(&txTmp.joinSplitSig[0], 0, 64);
 
     // Serialize and hash
     CHashWriter ss(SER_GETHASH, 0);
@@ -143,20 +143,21 @@ void static RandomTransaction(CMutableTransaction &tx, bool fSingle) {
             tx.vpour.push_back(pourtx);
         }
 
-        CKey joinSplitPrivKey;
-        joinSplitPrivKey.MakeNewKey(true);
-        CCompressedPubKey joinSplitPubKey(joinSplitPrivKey.GetPubKey());
-        tx.joinSplitPubKey = joinSplitPubKey;
-        CTransaction signTx(tx);
+        unsigned char joinSplitPrivKey[crypto_sign_SECRETKEYBYTES];
+        crypto_sign_keypair(tx.joinSplitPubKey.begin(), joinSplitPrivKey);
 
-        // TODO: #966
+        // TODO: #966.
         static const uint256 one(uint256S("0000000000000000000000000000000000000000000000000000000000000001"));
+        // Empty output script.
         CScript scriptCode;
+        CTransaction signTx(tx);
         uint256 dataToBeSigned = SignatureHash(scriptCode, signTx, NOT_AN_INPUT, SIGHASH_ALL);
         BOOST_CHECK(dataToBeSigned != one);
 
-        // Add the signature
-        joinSplitPrivKey.Sign(dataToBeSigned, tx.joinSplitSig);
+        assert(crypto_sign_detached(&tx.joinSplitSig[0], NULL,
+                                    dataToBeSigned.begin(), 32,
+                                    joinSplitPrivKey
+                                    ) == 0);
     }
 }