Experimental feature: remote proving service

[str4d]

This implements proving service support in z_sendmany and adds two new binaries:

• zcash-proving-service: listens on (one or both of) ZMQ and WebSocket ports for witness data, and returns the corresponding proof.
• ExampleProvingServiceClient (in src/zcash): creates five new JSDescriptions using the proving service to calculate the proofs, and validates each proof.

To build: CONFIGURE_FLAGS="--with-proving-service-daemon" ./zcutil/build.sh

This is an experimental feature, and the network protocol is likely to change. Until the protocol has been specified in a ZIP, do not rely on it for interoperation.

Part of #1113. Closes #2066.

[str4d]

Side note: I expect we will move, rename, or remove zcash-prover-client, as it is only an example. What we will want is to bundle its contents into the z_sendmany backend.

[str4d]

Renamed the binaries and added a conditional compilation flag.

[str4d]

Adjusted the wire protocol to take a list of JSProofWitness objects, made the number of JSDescriptions in the example client configurable, and added an env var for setting ./configure flags so that we can easily build this on the CI (per #1113 (comment)).

[zkbot]

☔ The latest upstream changes (presumably #1636) made this pull request unmergeable. Please resolve the merge conflicts.

[str4d]

@nathan-at-least as-is, this protocol still enables DP-Z with trusted proving services. I know you wanted what we land as DP-T to not support trusted proving services, but given that there will be a client library in front, is it sufficient for that library to provide a DP-T-only API?

[zkbot]

☔ The latest upstream changes (presumably #2183) made this pull request unmergeable. Please resolve the merge conflicts.

[str4d]

@nathan-at-least I can't remember whether you wanted to bump this from 1.0.8; if yes, then the merge conflict above should resolve itself once the --disable-rust commit from #2183 is reverted.

[daira]

@arcalinea and I bumped this from 1.0.8, and @nathan-at-least concurred on #zcash-dev.

As far as I understand, that commit (802ea76) will not be reverted for 1.0.9, but payment offloading is in the 1.0.9 milestone, so this conflict does need to be resolved.

[str4d]

Non-blocking: Just spotted this should be default=no 😝

[str4d]

Rebased on master.

[str4d]

Addressed comments by @arielgabizon and @bitcartel.

[bitcartel]

@zkbot retry

[str4d]

@zkbot try

[zkbot]

⌛ Trying commit 1bfe584 with merge 2ab81dd...

[zkbot]

☀️ Test successful - pr-try
State: approved= try=True

[arielgabizon]

I'm not getting the zcash-proving-service executable when compiling as instructed.

[str4d]

@arielgabizon the file should be generated as src/zcash-proving-service. Check the build output to ensure that it is enabled in configure, and compiled / linked?

[str4d]

Unfortunately, this still does not have any ACKs, and there are now only three work days until the 1.0.14 release, so I'm bumping this to 1.0.15.

[arielgabizon]

My mistake I did have zcash-proving-service

What exactly do I copy as the public key?

+YR%:NhHPZOa6=8RrjVYX82s%@.nVAh]?/Re{yog gave an error

[arielgabizon]

I should be able to ack today/monday, if I manage to run the code.
Also I strongly feel JSProofWitness should be changed to JSWitness

[daira]

I really like this being an explicit class, I think it makes things clearer.

[daira]

No opinion. The spec doesn't have a name for this (it's not the same as the primary input or the auxiliary input, because those have more redundancy).

[daira]

Add this to contrib/debian/copyright:

Files: build-aux/m4/ax_boost_regex.m4
Copyright: 2008 Thomas Porschberg <thomas@randspringer.de>;
 2008 Michael Tindal
License: GNU-All-permissive-License

Actually there should be similar entries for all of the files under build-aux/m4:

Files: build-aux/m4/ax_boost_base.m4
Copyright: 2008 Thomas Porschberg <thomas@randspringer.de>;
 2009 Peter Adolphs
License: GNU-All-permissive-License

Files: build-aux/m4/ax_boost_chrono.m4
Copyright: 2012 Xiyue Deng <manphiz@gmail.com>
License: GNU-All-permissive-License

Files: build-aux/m4/ax_boost_filesystem.m4
Copyright: 2008 Thomas Porschberg <thomas@randspringer.de>;
 2009 Michael Tindal;
 2009 Roman Rybalko <libtorrent@romanr.info>
License: GNU-All-permissive-License

Files: build-aux/m4/ax_boost_program_options.m4;
 build-aux/m4/ax_boost_unit_test_framework.m4
Copyright: 2008 Thomas Porschberg <thomas@randspringer.de>
License: GNU-All-permissive-License

Files: build-aux/m4/ax_boost_system.m4
Copyright: 2008 Thomas Porschberg <thomas@randspringer.de>;
 2008 Michael Tindal;
 2008 Daniel Casimiro <dan.casimiro@gmail.com>
License: GNU-All-permissive-License

Files: build-aux/m4/ax_cxx_compile_stdcxx.m4
Copyright: 2008 Benjamin Kosnik <bkoz@redhat.com>;
 2012 Zack Weinberg <zackw@panix.com>;
 2013 Roy Stogner <roystgnr@ices.utexas.edu>;
 2014, 2015 Google Inc. contributed by Alexey Sokolov <sokolov@google.com>;
 2015 Paul Norman <penorman@mac.com>;
 2015 Moritz Klammler <moritz@klammler.eu>
License: GNU-All-permissive-License

Files: build-aux/m4/ax_gcc_func_attribute.m4
Copyright: 2013 Gabriele Svelto <gabriele.svelto@gmail.com>
License: GNU-All-permissive-License

Files: build-aux/m4/l_atomic.m4
Copyright: 2004-2017 Tim Kosse
License: GPLv2

Files: build-aux/m4/ax_check_compile_flag.m4;
 build-aux/m4/ax_check_link_flag.m4;
 build-aux/m4/ax_check_preproc_flag.m4
Copyright: 2008 Guido U. Draheim <guidod@gmx.de>;
 2011 Maarten Bosmans <mkbosmans@gmail.com>
License: GPLv3-with-Autoconf-Macro-exception

Files: build-aux/m4/ax_openmp.m4
Copyright: 2008 Steven G. Johnson <stevenj@alum.mit.edu>;
 2015 John W. Peterson <jwpeterson@gmail.com>;
 2016 Nick R. Papior <nickpapior@gmail.com>
License: GPLv3-with-Autoconf-Macro-exception

Files: build-aux/m4/ax_pthread.m4
Copyright: 2008 Steven G. Johnson <stevenj@alum.mit.edu>;
 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
License: GPLv3-with-Autoconf-Macro-exception

License: GPLv3-with-Autoconf-Macro-exception
 This program is free software: you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by the
 Free Software Foundation, either version 3 of the License, or (at your
 option) any later version.
 .
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 See the GNU General Public License for more details.
 .
 You should have received a copy of the GNU General Public License along
 with this program. If not, see <http://www.gnu.org/licenses/>.
 .
 As a special exception, the respective Autoconf Macro's copyright owner
 gives unlimited permission to copy, distribute and modify the configure
 scripts that are the output of Autoconf when processing the Macro. You
 need not follow the terms of the GNU General Public License when using
 or distributing such scripts, even though portions of the text of the
 Macro appear in them. The GNU General Public License (GPL) does govern
 all other use of the material that constitutes the Autoconf Macro.
 .
 This special exception to the GPL applies to versions of the Autoconf
 Macro released by the Autoconf Archive. When you make and distribute a
 modified version of the Autoconf Macro, you may extend this special
 exception to the GPL to apply to your modified version as well.

build-aux/m4/l_atomic.m4 comes from Filezilla which is GPLv2. This is a problem, which I will file another ticket for.

[daira]

That other ticket is #2827.

[daira]

I may be misinterpreting, but this recently fixed ticket looks like a memory safety bug: zeromq/azmq#111

Not to worry, that was before the 1.0 release.

[daira]

zeromq/azmq#129 is a reliability bug.

[daira]

Does this change make the witness stay in memory longer (than needed)?

[daira]

Is this binding to all interfaces? Do we want to do that by default?

[daira]

Is this enough margin? I'd suggest 10% plus 5 seconds.

[daira]

Was that fixed?

[daira]

utACK

[saleemrashid]

From what I can tell, this doesn't support trustless (i.e. without having the private keys) Z proving, right?

Is this still a limitation in Sapling or could this be updated to support it after Sapling activates?

Edit: Disregard this, I have found the DP-Z proposal here #2171 (comment) 😄

Edit 2: On second thoughts, that looks like an abandoned feature?

[str4d]

This is definitely an abandoned feature; Sapling is fast enough that this isn't needed in practice, and if it were in some context (which likely wouldn't be zcashd), we'd write that as a separate Rust binary.

A fun experiment, consigned to the dustbin of history 😄