Sapling merkle tree implementation
Closes#3056.
Please also review https://github.com/zcash/librustzcash/pull/8
This PR:
1. Introduces ZCSaplingIncrementalMerkleTree using Pedersen hashes.
2. Adds support for Sapling anchors into consensus rules. (Adds commitments, checks anchors are correct, handles block (dis)connects, etc.)
3. Handles mempool eviction for obsolete anchors.
4. Enforces correctness of block's Sapling root field
5. Changes miner to correctly apply the Sapling root to the block header
6. Handles mempool consistency checks for anchors
Refactor t-address encoding
Includes code cherry-picked from the following upstream PRs:
- bitcoin/bitcoin#11117
- bitcoin/bitcoin#11259
- Only the second commit (first is for QT code)
- bitcoin/bitcoin#11167
- Only the first commit (the rest are not part of the t-address encoding refactor).
Part of #3058. Precursor to #3202.
This patch removes the need for the intermediary Base58 type
CBitcoinAddress, by providing {Encode,Decode,IsValid}Destination
function that directly operate on the conversion between strings
and CTxDestination.
Add Note Locking to z_mergetoaddress
Adds note locking to `z_mergetoaddress` allowing it to be invoked multiple times before previous `z_mergetoaddress` operations have finished.
Reference issue [#3046](https://github.com/zcash/zcash/issues/3046)
Co-authored-by: Eirik Ogilvie-Wigley <eirik@z.cash>
Ignore -mempooltxinputlimit once Overwinter activates
Overwinter changes the SignatureHash function to solve the quadratic hashing problem, so this option will no longer be needed.
We do not need to be able to calculate multiple SignatureHash versions for a
single transaction format; instead, we use the transaction format to determine
the SigVersion.
The consensus branch ID *does* need to be passed in from the outside, as only
the caller knows the context in which the SignatureHash is being calculated
(ie. mempool acceptance vs. block validation).
JoinSplit signature verification has been moved into ContextualCheckTransaction,
where the consensus branch ID can be obtained.
The argument to the sign command for zcash-tx has been modified to take a height
in addition to the optional sigtype flags.
The wallet code previously assumed that an unlocked wallet would always
have a spending key associated with a note decryptor. Viewing keys break
this assumption.
For steady-state operation, this reduces the average time between wallet disk
writes from once per block to once per hour.
On -rescan, witness caches are only written out at the end along with the best
block, increasing speed while ensuring that on-disk state is kept consistent.
Witness caches are now never recreated during a -reindex, on the assumption that
the blocks themselves are not changing (the chain is just being reconstructed),
and so the witnesses will remain valid.
Part of #1749.
