Sapling Integration: Chain + Wallet transaction manager.

[furszy]

Sapling integration, milestone 3 and 4.

Essentially, Sapling running on the regtest network -- yeah :), 🎉 🎉 -- and being covered by a good amount of unit and functional tests . (Still, not enough tests. We definitely need more).
This is the last big PR for Sapling work that have (fulfilling the complete base protocol functionality). All of the remaining work can be covered in smaller PRs.

Covering the following points:

1. Sapling transaction data:

• Signature hash personalization + sigversion (custom ZIP243).

• Sapling transaction primitive data (OutputsDescription, SpendDescription, value and bindingSig)
• Transaction version bump, Sapling will be using version 2.


2. Sapling transactions management:


• Wallet: notes, nullifiers and witnesses data management.
• Shielded transaction builder.

• Wallet Shielded transaction creation flow.
• Wallet's transactions in-chain detection (note decryption + addToWalletIfInvolveMe).
• Wallet's transactions rescan.
• SaplingOperation class to decouple the Shielded tx creation + broadcast flow from the wallet sources.

3. Blockchain:


• Incremental merkle integration for Sapling notes (sapling tree root hash stored on the block header).

• Chain: final merkle tree root calculation.

• Nullifiers & Anchors db, coins view integration.
• Block version bump + miner v8 block generation.

• spent/unspent notes validation.
• sapling transaction validation (sapling_validation.h).

• Negative shielded pool value detection (zip209).

• Coins: check transaction shielded requirements validation.


4. RPC Server:


New Commands:

• getshieldedbalance
• listshieldedunspent
• shielded_sendmany
• exportsaplingkey
• importsaplingkey
• importsaplingkey
• importsaplingviewingkey
• exportsaplingviewingkey
• listreceivedbyshieldedaddress
• viewshieldedtransaction
• getsaplingnotescount

Modified Commands:

• dumpwallet
• importwallet

5. Unit test coverage:

• Sapling test fixture.

• Coins nullifiers & anchors check in coins_tests.

• sighash_tests checking the Sapling signature.
• transaction builder tests.

• rpc wallet sapling tests.
• wallet import/export keys test.
• wallet keys encryption/decryption test.
• sapling_wallet_tests (coverage for internal wallet methods: FindMySaplingNotes, SetSaplingNoteAddrsInCWalletTx, GetConflictedSaplingNotes, SaplingNullifierIsSpent, NavigateFromSaplingNullifierToNote, SpentSaplingNoteIsFromMe, CachedWitnessesEmptyChain, CachedWitnessesChainTip, CachedWitnessesDecrementFirst, CachedWitnessesCleanIndex, ClearNoteWitnessCache, UpdatedSaplingNoteData, MarkAffectedSaplingTransactionsDirty).


6. Functional tests:


• sapling_wallet
• sapling_wallet_anchorfork

• sapling_wallet_nullifiers

• sapling_wallet_listreceived

• sapling_key_import_export
• sapling_changeaddresses

TODO, upcoming work:

• Connect txmempool nullifiers.

• Fix memo field issues.

• Cache shielded credit/debit amounts.
• Main.cpp validations further review.
• Wallet: implement locked notes.

• Wallet: back port clear witness caches.
• Rewind to last NU functionality.
• Cleanup sprout code (remnant, not used).
• Connect GUI.

Need further discussion:

• Shielded transactions fees (current placeholder hardcoded to 1 PIV).
• Mixed transactions validation (Transaction with transparent and shielded inputs/outputs). Currently these type of transaction are being checked on the sapling_validation file, as well as the version 2 tx with purely transparent inputs and outputs.
• We need to think whether should decouple the net validations commits from this PR or not (those who touches the network consensus). It's a hard choice as the vast majority of unit and functional tests validating the correct behavior comes by the middle-end of this work. --- Hopefully commits are atomically enough to make the review process easier ---

...........................................................................

Work based on the ECC implementation. It's NOT one-to-one. Have adapted it into our network + modified the architecture and improved specific areas of the sources. There is still lot of work to do, plenty of space for improvements :) .

...........................................................................

Sorry for the massive PR but couldn't resist myself 🙏 . We can definitely think on how to decouple it in smaller PRs if things get hard to review. As said above, commits should be atomic enough but i know that it's not, commit wise, a 100% incremental work.

[furszy]

Rebased on top of master, solved the conflicts and adapted the code to all new changes on master.

Linux travis job will continue failing in two unit test here for now, the solutions were directly included in #1870 and #1884 PRs. (1) json ser/deser, (2) boost filesystem error.

Once them get merged, will rebase it again.

[random-zebra]

Really awesome stuff, left some more comments, but most of them can be tackled later.

ACK 50bcaa8

[random-zebra]

nit: UINT256_ZERO

[random-zebra]

same style nit as in the other test

[random-zebra]

why bidirectional connection?

[furszy]

that is a good question for the entire test suite after a node shutdown/restart actually.

[random-zebra]

no need to verify again, as we already ensured (line 106) that ipk_addr["address"] and ipk_addr2["address"] are equal.

[furszy]

Updated per feedback, left only few nit comments for another PR.
Ready to finally merge this one ☕ ☕ .

[random-zebra]

re-utACK 1b6f701 after last push

[Fuzzbawls]

ACK 1b6f701