9e387120eb
libzcash and new zkSNARK circuit implementation
This PR completes [`libzcash`](https://github.com/zcash/zcash/tree/zc.v0.11.2.latest/src/zcash), the implementation of the [Zcash protocol specification](9bb4410e45/protocol/protocol.pdf) and replacement of [`libzerocash`](https://github.com/Zerocash/libzerocash), our old Zerocash protocol implementation. The new spec comes with some improvements to security and terminology, with minimal differences from the original academic design.
This implementation includes:
* A rewrite of the zkSNARK circuit for `JoinSplit` operations. This rewrite is cleaner, broken up into separate gadgets, easier to audit and review, and fixes some security bugs. (Closes #822, Closes #809, Closes #500, Closes #854)
* A minimal API for interacting with `JoinSplit`s and surrounding primitives. This PR removes almost twice as much code as it introduces. (Closes #877, Closes #315, Closes #824, Closes #798, Closes #707, Closes #512, Closes #247, Closes #128, Closes #514)
Zcash Core integration/staging tree
Where do I begin?
We have a guide for joining the public testnet: https://github.com/zcash/zcash/wiki/Public-Alpha-Guide
What is Zcash?
Zcash is an implementation of the "Zerocash" protocol. Based on Bitcoin's code, it intends to offer a far higher standard of privacy and anonymity through a sophisticiated zero-knowledge proving scheme which preserves confidentiality of transaction metadata.
Zcash is unfinished and highly experimental. Use at your own risk.
Participation in the Zcash project is subject to a Code of Conduct.
License
Zcash Core is released under the terms of the MIT license. See COPYING for more information or see http://opensource.org/licenses/MIT.