Remove Sighash

Author: Duddino

Cargo.lock

@@ -29,7 +29,7 @@ byteorder = "1.4.3"
 group = "0.13"
 rand_core = "0.6.4"
 jubjub = "0.10.0"
-zcash_primitives = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
-zcash_proofs = { git="https://github.com/PIVX-Project/librustzcash", rev="e7662b23d16c38595ef9ad1f3ae683b1f54dc732" }
+zcash_primitives = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
+zcash_proofs = { git="https://github.com/Duddino/librustzcash", branch="shielstake" }
 zcash_note_encryption = "0.3.0"
 

Cargo.toml

@@ -83,7 +83,6 @@ class ShieldStakeProof
     CAmount amount;
     uint256 inputCv;
     uint256 rk;
-    SpendDescription::spend_auth_sig_t spendSig;
     libzcash::GrothProof inputProof = {{0}};
 
     uint256 outputCv;
@@ -96,7 +95,6 @@ class ShieldStakeProof
     {
         amount = 0;
         inputCv.SetNull();
-        spendSig = {{0}};
         rk.SetNull();
         inputProof = {{0}};
         outputCv.SetNull();
@@ -110,7 +108,6 @@ class ShieldStakeProof
         READWRITE(obj.amount);
         READWRITE(obj.inputCv);
         READWRITE(obj.rk);
-        READWRITE(obj.spendSig);
         READWRITE(obj.inputProof);
         READWRITE(obj.epk);
         READWRITE(obj.cmu);

src/primitives/block.h

@@ -1,6 +1,7 @@
 #ifndef LIBRUSTZCASH_INCLUDE_H_
 #define LIBRUSTZCASH_INCLUDE_H_
 
+#include <cstddef>
 #include <stdint.h>
 
 extern "C" {

src/rust/include/librustzcash.h

@@ -588,9 +588,12 @@ pub extern "system" fn librustzcash_sapling_check_spend(
     };
 
     // Deserialize the signature
-    let spend_auth_sig = match Signature::read(&(unsafe { &*spend_auth_sig })[..]) {
-        Ok(sig) => sig,
-        Err(_) => return false,
+    // Spend auth sig is not needed in shield stake proofs.
+    // See #2836 for details
+    let spend_auth_sig = if spend_auth_sig.is_null() {
+        None
+    } else {
+        Signature::read(&(unsafe { &*spend_auth_sig })[..]).ok()
     };
 
     // Deserialize the proof
@@ -599,12 +602,18 @@ pub extern "system" fn librustzcash_sapling_check_spend(
         Err(_) => return false,
     };
 
+    let sighash_value = if sighash_value.is_null() {
+        [0u8; 32]
+    } else {
+        unsafe { *sighash_value }
+    };
+
     unsafe { &mut *ctx }.check_spend(
         &cv,
         anchor,
         unsafe { &*nullifier },
         rk.clone(),
-        unsafe { &*sighash_value },
+        &sighash_value,
         spend_auth_sig,
         zkproof.clone(),
         unsafe { SAPLING_SPEND_VK.as_ref() }.unwrap(),
@@ -684,7 +693,15 @@ pub extern "system" fn librustzcash_sapling_final_check(
         Err(_) => return false,
     };
 
-    unsafe { &*ctx }.final_check(value_balance, unsafe { &*sighash_value }, binding_sig)
+    // Sighash is not needed in Shield stake proof.
+    // See #2836 for details.
+    let sighash_value = if sighash_value.is_null() {
+        [0u8; 32]
+    } else {
+        unsafe { *sighash_value }
+    };
+
+    unsafe { &*ctx }.final_check(value_balance, &sighash_value, binding_sig)
 }
 
 #[no_mangle]

src/rust/src/rustzcash.rs

@@ -1,5 +1,4 @@
-use crate::librustzcash_sapling_compute_cm;
-use crate::librustzcash_sapling_compute_nf;
+use crate::{librustzcash_sapling_compute_cm, librustzcash_sapling_compute_nf};
 
 #[test]
 fn notes() {

src/rust/src/tests/notes.rs

@@ -240,18 +240,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
     const auto& p = block.shieldStakeProof;
     const int DOS_LEVEL_BLOCK = 100;
 
-    uint256 dataToBeSigned;
-    try {
-        // TODO: write signature for shield
-        // dataToBeSigned = SignatureHash(scriptCode, tx, NOT_AN_INPUT, SIGHASH_ALL, 0, SIGVERSION_SAPLING);
-    } catch (const std::logic_error& ex) {
-        // A logic error should never occur because we pass NOT_AN_INPUT and
-        // SIGHASH_ALL to SignatureHash().
-        return state.DoS(100, error("%s: error computing signature hash", __func__),
-            REJECT_INVALID, "error-computing-signature-hash");
-    }
-
-    if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), p.spendSig.begin(), dataToBeSigned.begin())) {
+    if (!librustzcash_sapling_check_spend(ctx, p.inputCv.begin(), inputNote.anchor.begin(), inputNote.nullifier.begin(), p.rk.begin(), p.inputProof.begin(), nullptr, nullptr)) {
         librustzcash_sapling_verification_ctx_free(ctx);
         return state.DoS(
             DOS_LEVEL_BLOCK,
@@ -265,7 +254,7 @@ bool CheckShieldStake(const CBlock& block, CValidationState& state, const CChain
             REJECT_INVALID, "bad-txns-sapling-output-description-invalid");
     }
 
-    if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), dataToBeSigned.begin())) {
+    if (!librustzcash_sapling_final_check(ctx, block.shieldStakeProof.amount, block.shieldStakeProof.sig.data(), nullptr)) {
         librustzcash_sapling_verification_ctx_free(ctx);
         return state.DoS(
             100,

src/sapling/sapling_validation.cpp

@@ -1362,12 +1362,6 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
     ss << witnesses[0]->path();
     std::vector<unsigned char> witness(ss.begin(), ss.end());
     assert(anchor == spendNote.anchor);
-    librustzcash_sapling_spend_sig(
-        sk.expsk.ask.begin(),
-        alpha.begin(),
-        dataToBeSigned.begin(),
-        block.shieldStakeProof.spendSig.data());
-
     if (!librustzcash_sapling_spend_proof(ctx, sk.expsk.full_viewing_key().ak.begin(),
             sk.expsk.nsk.begin(),
             note.note.d.data(),
@@ -1410,6 +1404,7 @@ bool SaplingScriptPubKeyMan::ComputeShieldStakeProof(CBlock& block, CStakeableSh
         librustzcash_sapling_proving_ctx_free(ctx);
         return false;
     }
+
     librustzcash_sapling_proving_ctx_free(ctx);
     block.shieldStakeProof.amount = suggestedValue;
     LogPrintf("%s : Shield Stake proof generated with value %d\n", __func__, suggestedValue);