Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[zPIV] PublicCoinSpend v4 - Coin Randomness Schnorr Signature #936

Merged
merged 16 commits into from Oct 22, 2019
Merged

[zPIV] PublicCoinSpend v4 - Coin Randomness Schnorr Signature #936

merged 16 commits into from Oct 22, 2019

Conversation

random-zebra
Copy link

@random-zebra random-zebra commented Jun 28, 2019
edited

This PR proposes (as hard fork) a new PublicCoinSpend protocol suitable to be used also with zerocoins version 1. Closes #937

Motivation and overview in the following document:
https://github.com/random-zebra/PIVX-Wiki/blob/master/Developer-Documentation/Specs/zPIV/CoinRandomnessSchnorrSignature.mediawiki

Enforcement height uses placeholder values (one million blocks after the activation of spends v3 for main net and testnet, and 100 blocks for regnet).

Changes

  • replaces many instances of CBigNum(0), CBigNum(1), CBigNum(2) throughout the code with fixed constants defined in bignum.h.

  • defines the CoinRandomnessSchnorrSignature using the algorithm described in the wiki.

  • defines the temporary activation height and also defines an helper function Zerocoin_PublicSpendVersion which returns the version active at a given block height.

  • defines a convenient method to retrieve the coin version from a PublicCoinSpend class (now that coin version and spend version are different).

  • defines PublicCoinSpend behaviour for v4.

  • enforces the PublicCoinSpend version in ContextualCheckZerocoinSpendNoSerialCheck.

  • provides unit tests for the new v4 PublicCoinSpend class.

@furszy
Copy link

furszy commented Jun 28, 2019

There we go 👌 , concept ACK.

@furszy furszy self-requested a review June 28, 2019 16:49
@random-zebra random-zebra self-assigned this Jun 28, 2019
furszy
furszy reviewed Jun 28, 2019
View reviewed changes
src/zpiv/zpivmodule.cpp Outdated Show resolved Hide resolved
src/zpiv/zpivmodule.cpp Show resolved Hide resolved
@random-zebra
Copy link
Author

random-zebra commented Jun 30, 2019
edited

Thinking more about it, we can also remove the coin serial number from the coinSpend serialization of v2 coins.
We already have the pubkey. With that, the verifier can compute independently the serial number. This saves other 32 bytes of space and is even more practical (the verifier doesn't need to check that the hashed pubkey matches the serial).

cc2a3ab implements the new spend serialization. A new ExtractSerialFromPubKey method is provided.
The coin version is added (just one byte) to the serialization in order to differentiate v1 coins (I think this is preferable over try-catching for missing fields).
The wiki document has been updated to reflect these changes.

Unit tests show:

Spend v3 size: 218 bytes
Spend v4 (coin v2) size: 221 bytes
Spend v4 (coin v1) size: 148 bytes

@Fuzzbawls Fuzzbawls mentioned this pull request Jun 30, 2019
Closed
@Fuzzbawls
Copy link
Collaborator

the p2p_pos_doublespend.py regression test needs to be adjusted for this.

@random-zebra
Copy link
Author

@Fuzzbawls I don't think it's because of this, since that particular test doesn't involve zerocoins and even ends at block 330 (while CoinSpend activation is 350 for v3 and 450 for v4).

Restarting the Travis job seems to have fixed it.

On a related matter, functional tests on regnet for this change will be provided soon.

@Fuzzbawls Fuzzbawls added this to the 4.0.0 milestone Jul 14, 2019
@Fuzzbawls
Copy link
Collaborator

Needs Rebase

@random-zebra random-zebra force-pushed the 2019_randomness-schnorr branch 3 times, most recently from a534e47 to 45415f4 Compare July 27, 2019 05:37
@random-zebra
Copy link
Author

Rebased.

@Fuzzbawls Fuzzbawls added the Needs Release Notes Placeholder tag for anything needing mention in the "Notable Changes" section of release notes label Jul 28, 2019
Warrows
Warrows reviewed Jul 31, 2019
View reviewed changes
Copy link

@Warrows Warrows left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept and code ACK with a few minor nits.
As discussed, keeping the signature for v2 mints in v4 spends is not strictly necessary but given the space available in our blocks and the huge improvements public spends are it is not a problem either.
Unit tests are passing nicely.

src/libzerocoin/ParamGeneration.cpp Outdated Show resolved Hide resolved
src/libzerocoin/ParamGeneration.cpp Outdated Show resolved Hide resolved
src/zpiv/zpivmodule.h Show resolved Hide resolved
@random-zebra random-zebra changed the title [WIP][zPIV] PublicCoinSpend v4 - Coin Randomness Schnorr Signature [zPIV] PublicCoinSpend v4 - Coin Randomness Schnorr Signature Aug 5, 2019
Mrs-X
Mrs-X previously approved these changes Aug 5, 2019
View reviewed changes
Copy link

@Mrs-X Mrs-X left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 764f4d6 with 2 nits:

  • the indenting changes make it unnecessarily hard to review this PR
  • why no const CBigNum BN_THREE = CBigNum(3); ?

Is there a 'real-life' way to test this or is all we can do to rely on the tests?

@random-zebra
Copy link
Author

the indenting changes make it unnecessarily hard to review this PR

It's easier for review to check the commits individually. The indenting change is only in the first commit (which is tagged with [Refactor]).

why no const CBigNum BN_THREE = CBigNum(3); ?

There weren't as many instances. There are still 8 of them tough (in AccumulatorProofOfKnowledge and ParamGeneration) and, since we are at it, it makes sense to do this here too.

Is there a 'real-life' way to test this or is all we can do to rely on the tests?

RegTest has no v1 functionality unfortunately (if anyone wants to add it is more than welcome to do so). I'm updating the publicSpend test to include v4 spends at least for v2 coins.

Other than that, we'll soon protobump a "segregated" testnet to do more functional testing there.

@random-zebra
Copy link
Author

Rebased on top of #976 to be able to add the functional test.

@random-zebra random-zebra force-pushed the 2019_randomness-schnorr branch 2 times, most recently from 3dcdf3a to 3bd8974 Compare August 6, 2019 19:06
@furszy furszy mentioned this pull request Aug 9, 2019
Merged
@random-zebra random-zebra force-pushed the 2019_randomness-schnorr branch 4 times, most recently from cfb829e to 01086b5 Compare October 9, 2019 22:38
@random-zebra random-zebra force-pushed the 2019_randomness-schnorr branch 3 times, most recently from e8b39bc to c97c8d1 Compare October 18, 2019 17:41
@random-zebra
[Refactor] Use hardcoded constants for CBigNum 0, 1, 2
5f9de6d
@random-zebra
[zPIV] CoinRandomnessSchnorrSignature class definition
e346308
@random-zebra
[Consensus] set placeholder for nPublicZCSpendsV4
5a2ab57 
sets temporarily the activation height for zerocoin public spends v4. Also defines an helper function Zerocoin_PublicSpendVersion which returns the version active at a given block height
@random-zebra
[zPIV] CoinSpend: define getCoinVersion()
0f1f881 
now that coinSpend has not the same version of the PublicCoin (extracted from the serial) we need a convenient way to retrieve the latter. This has to be used in HasValidSignature.
@random-zebra
[zPIV] PublicCoinSpend v4 definition
ecd9bcd
@random-zebra
[Consensus] PublicCoinSpend v4 enforcement
a9b8aa0 
Instead of rejecting v1 serials, enforce the proper spend version. v1 serial will fail spend version 3 validation.
@random-zebra
[zPIV] Remove v2 serials from serialized v4 PublicCoinSpend
7b81e54
@random-zebra
[Tests] PublicCoinSpend v4 / CRSchnorrSig unit tests
6288bb7
@random-zebra
[Cleanup] Fix non UTF-8 chars in ParamGeneration comments
95952f1
@random-zebra
[Refactor] add BN_THREE hardcoded constant for CBigNum(3)
3398090
@random-zebra
[Tests] Add v4 Spends to zerocoin_valid_public_spend functional test
64efc69
@random-zebra
[Tests] Additional cases for zc public spends v4
0178bbc
@random-zebra
[zPIV] Add schnorr pk to challenge hash
183bce4
@random-zebra
[Build] Add CoinRandomnessSchnorrSignature to CMakeLists.txt
46f1e53
@random-zebra
[Build] Fix CMake linking order
95c1532
@random-zebra
[Bug][Wallet] Guard chainActive access in GetMintMaturityHeight
6cf4922
furszy
furszy approved these changes Oct 22, 2019
View reviewed changes
Copy link

@furszy furszy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can merge this already, ACK 6cf4922 .

Mrs-X
Mrs-X approved these changes Oct 22, 2019
View reviewed changes
Copy link

@Mrs-X Mrs-X left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 6cf4922 (unfortunately cannot really test it)

random-zebra added a commit that referenced this pull request Oct 22, 2019
@random-zebra
Merge #936: [zPIV] PublicCoinSpend v4 - Coin Randomness Schnorr Signa…
12a6b70 
…ture

6cf4922 [Bug][Wallet] Guard chainActive access in GetMintMaturityHeight (random-zebra)
95c1532 [Build] Fix CMake linking order (random-zebra)
46f1e53 [Build] Add CoinRandomnessSchnorrSignature to CMakeLists.txt (random-zebra)
183bce4 [zPIV] Add schnorr pk to challenge hash (random-zebra)
0178bbc [Tests] Additional cases for zc public spends v4 (random-zebra)
64efc69 [Tests] Add v4 Spends to zerocoin_valid_public_spend functional test (random-zebra)
3398090 [Refactor] add BN_THREE hardcoded constant for CBigNum(3) (random-zebra)
95952f1 [Cleanup] Fix non UTF-8 chars in ParamGeneration comments (random-zebra)
6288bb7 [Tests] PublicCoinSpend v4 / CRSchnorrSig unit tests (random-zebra)
7b81e54 [zPIV] Remove v2 serials from serialized v4 PublicCoinSpend (random-zebra)
a9b8aa0 [Consensus] PublicCoinSpend v4 enforcement (random-zebra)
ecd9bcd [zPIV] PublicCoinSpend v4 definition (random-zebra)
0f1f881 [zPIV] CoinSpend: define getCoinVersion() (random-zebra)
5a2ab57 [Consensus] set placeholder for nPublicZCSpendsV4 (random-zebra)
e346308 [zPIV] CoinRandomnessSchnorrSignature class definition (random-zebra)
5f9de6d [Refactor] Use hardcoded constants for CBigNum 0, 1, 2 (random-zebra)

Pull request description:

  This PR proposes (as hard fork) a new PublicCoinSpend protocol suitable to be used also with zerocoins version 1. Closes #937

  Motivation and overview in the following document:
  https://github.com/random-zebra/PIVX-Wiki/blob/master/Developer-Documentation/Specs/zPIV/CoinRandomnessSchnorrSignature.mediawiki

  Enforcement height uses placeholder values (one million blocks after the activation of spends v3 for main net and testnet, and 100 blocks for regnet).

  Changes
  - replaces many instances of `CBigNum(0)`, `CBigNum(1)`, `CBigNum(2)` throughout the code with fixed constants defined in bignum.h.

  - defines the `CoinRandomnessSchnorrSignature` using the algorithm described in the [wiki](https://github.com/random-zebra/PIVX-Wiki/blob/master/Developer-Documentation/Specs/zPIV/CoinRandomnessSchnorrSignature.mediawiki).

  - defines the temporary activation height and also defines an helper function `Zerocoin_PublicSpendVersion` which returns the version active at a given block height.

  - defines a convenient method to retrieve the coin version from a `PublicCoinSpend` class (now that coin version and spend version are different).

  - defines `PublicCoinSpend` behaviour for v4.

  - enforces the PublicCoinSpend version in `ContextualCheckZerocoinSpendNoSerialCheck`.

  - provides unit tests for the new v4 `PublicCoinSpend` class.

ACKs for top commit:
  furszy:
    We can merge this already, ACK 6cf4922 .
  Mrs-X:
    utACK 6cf4922 (unfortunately cannot really test it)

Tree-SHA512: 56a4e796323862453e593035d2ee9c1148e67db85bd90af015916c5e2be71e586aad289ebcfa63dc076bd4a6be9a5430ae01b5d42c8f9df7027bfee908dfdb99
@random-zebra random-zebra merged commit 6cf4922 into PIVX-Project:master Oct 22, 2019
furszy added a commit that referenced this pull request Oct 24, 2019
@furszy
Merge #995: [Consensus] Define SPORK_18
8f2217d 
e06f7b6 [Tests] Minor optimizations in zerocoin_valid_public_spend test (random-zebra)
cdc18ea [RPC] fix parameters check for spendzerocoin (missing ispublicspend) (random-zebra)
72bc39a [Tests] Add zerocoin_valid_public_spend to testRunner (random-zebra)
26045d3 [Consensus] Set zc PublicSpend version v3/v4 via SPORK (random-zebra)

Pull request description:

  This follows #936
  It sets the required version for zerocoin PublicSpends via SPORK instead of having it height-based.

  When `SPORK_18_ZEROCOIN_PUBLICSPEND_V4` is not active (default), the required version is v3 (where old version 1 serials cannot be spent. ref: #891 ).

  It also fixes the relative functional test `zerocoin_valid_public_spend.py` and adds it to the test_runner.

ACKs for top commit:
  furszy:
    utACK e06f7b6
  Warrows:
    utACK e06f7b6

Tree-SHA512: 07f18e77a91503f5d48dafad32364cc6292ffd1f9a3f9286a78de72dafc98b07342e6abd96eaabe55d20193f10be383c8d5bbac1b33c45712ade8c522e457b3f
@Fuzzbawls Fuzzbawls removed the Needs Release Notes Placeholder tag for anything needing mention in the "Notable Changes" section of release notes label Dec 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@furszy furszy furszy approved these changes

@Mrs-X Mrs-X Mrs-X approved these changes

@Warrows Warrows Awaiting requested review from Warrows

@Fuzzbawls Fuzzbawls Awaiting requested review from Fuzzbawls

Assignees

@random-zebra random-zebra

Labels
Protocol-Update Tests Wallet zPiv
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

Fix Version 1 zPIV public Spends
5 participants
@random-zebra @furszy @Fuzzbawls @Warrows @Mrs-X