Integrate Groth16 verification and proving.

src/primitives/transaction.cpp

@@ -9,20 +9,25 @@
 #include "tinyformat.h"
 #include "utilstrencodings.h"
 
-JSDescription::JSDescription(ZCJoinSplit& params,
-            const uint256& pubKeyHash,
-            const uint256& anchor,
-            const boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
-            const boost::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
-            CAmount vpub_old,
-            CAmount vpub_new,
-            bool computeProof,
-            uint256 *esk // payment disclosure
-            ) : vpub_old(vpub_old), vpub_new(vpub_new), anchor(anchor)
+#include "librustzcash.h"
+
+JSDescription::JSDescription(
+    bool makeGrothProof,
+    ZCJoinSplit& params,
+    const uint256& pubKeyHash,
+    const uint256& anchor,
+    const boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
+    const boost::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
+    CAmount vpub_old,
+    CAmount vpub_new,
+    bool computeProof,
+    uint256 *esk // payment disclosure
+) : vpub_old(vpub_old), vpub_new(vpub_new), anchor(anchor)
 {
     boost::array<libzcash::SproutNote, ZC_NUM_JS_OUTPUTS> notes;
 
     proof = params.prove(
+        makeGrothProof,
         inputs,
         outputs,
         notes,
@@ -42,19 +47,20 @@ JSDescription::JSDescription(ZCJoinSplit& params,
 }
 
 JSDescription JSDescription::Randomized(
-            ZCJoinSplit& params,
-            const uint256& pubKeyHash,
-            const uint256& anchor,
-            boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
-            boost::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
-            boost::array<size_t, ZC_NUM_JS_INPUTS>& inputMap,
-            boost::array<size_t, ZC_NUM_JS_OUTPUTS>& outputMap,
-            CAmount vpub_old,
-            CAmount vpub_new,
-            bool computeProof,
-            uint256 *esk, // payment disclosure
-            std::function<int(int)> gen
-        )
+    bool makeGrothProof,
+    ZCJoinSplit& params,
+    const uint256& pubKeyHash,
+    const uint256& anchor,
+    boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
+    boost::array<libzcash::JSOutput, ZC_NUM_JS_OUTPUTS>& outputs,
+    boost::array<size_t, ZC_NUM_JS_INPUTS>& inputMap,
+    boost::array<size_t, ZC_NUM_JS_OUTPUTS>& outputMap,
+    CAmount vpub_old,
+    CAmount vpub_new,
+    bool computeProof,
+    uint256 *esk, // payment disclosure
+    std::function<int(int)> gen
+)
 {
     // Randomize the order of the inputs and outputs
     inputMap = {0, 1};
@@ -66,6 +72,7 @@ JSDescription JSDescription::Randomized(
     MappedShuffle(outputs.begin(), outputMap.begin(), ZC_NUM_JS_OUTPUTS, gen);
 
     return JSDescription(
+        makeGrothProof,
         params, pubKeyHash, anchor, inputs, outputs,
         vpub_old, vpub_new, computeProof,
         esk // payment disclosure
@@ -105,7 +112,21 @@ public:
 
     bool operator()(const libzcash::GrothProof& proof) const
     {
-        return false;
+        uint256 h_sig = params.h_sig(jsdesc.randomSeed, jsdesc.nullifiers, pubKeyHash);
+
+        return librustzcash_sprout_verify(
+            proof.begin(),
+            jsdesc.anchor.begin(),
+            h_sig.begin(),
+            jsdesc.macs[0].begin(),
+            jsdesc.macs[1].begin(),
+            jsdesc.nullifiers[0].begin(),
+            jsdesc.nullifiers[1].begin(),
+            jsdesc.commitments[0].begin(),
+            jsdesc.commitments[1].begin(),
+            jsdesc.vpub_old,
+            jsdesc.vpub_new
+        );
     }
 };
 

src/primitives/transaction.h

@@ -36,15 +36,6 @@ static_assert(SAPLING_TX_VERSION >= SAPLING_MIN_TX_VERSION,
 static_assert(SAPLING_TX_VERSION <= SAPLING_MAX_TX_VERSION,
     "Sapling tx version must not be higher than maximum");
 
-static constexpr size_t GROTH_PROOF_SIZE = (
-    48 + // π_A
-    96 + // π_B
-    48); // π_C
-
-namespace libzcash {
-    typedef boost::array<unsigned char, GROTH_PROOF_SIZE> GrothProof;
-}
-
 /**
  * A shielded input to a transaction. It contains data that describes a Spend transfer.
  */
@@ -246,11 +237,13 @@ public:
 
     // JoinSplit proof
     // This is a zk-SNARK which ensures that this JoinSplit is valid.
-    boost::variant<libzcash::ZCProof, libzcash::GrothProof> proof;
+    libzcash::SproutProof proof;
 
     JSDescription(): vpub_old(0), vpub_new(0) { }
 
-    JSDescription(ZCJoinSplit& params,
+    JSDescription(
+            bool makeGrothProof,
+            ZCJoinSplit& params,
             const uint256& pubKeyHash,
             const uint256& rt,
             const boost::array<libzcash::JSInput, ZC_NUM_JS_INPUTS>& inputs,
@@ -262,6 +255,7 @@ public:
     );
 
     static JSDescription Randomized(
+            bool makeGrothProof,
             ZCJoinSplit& params,
             const uint256& pubKeyHash,
             const uint256& rt,