build(ecc):Upgrade remaining ECC dependencies (#8568)

* upgrade zcash_client_backend for zebra-scan

* leave zebra-utils untouched

* remove unused

* upgrade zcash_primitives and orchard only for zebra-chain crate

* update and use TryFrom for amounts

* fix imports in serialize

* leave doc as it was

* leave doc as it was 2

* use `try_into` for amount

* use `zip_212_enforcement`

* updgrades primitives in zebra-rpc

* upgrade ecc dependencies for cargo-utils

* fix threading issue

* remove non needed Arc

* update deny.toml

* update primitives for zebra-grpc

* fix doc

* remove non needed single thread code in test

* cleanup some tests

* improve a bit the `ready_scan_block_keys` function

* clippy

* add spawn back in `scan_height_and_store_results`

* remove todo

* add note comment

* use a more explicit import of sapling stuff in serialize

* change(scan): Refactor scanning keys (#8577)

* Refactor converting dfvks to scanning keys

* Simplify handling of scanning keys

* Remove `test-dependencies` from the scanner reader

* Add comments

---------

Co-authored-by: Marek <mail@marek.onl>

Cargo.lock

@@ -2839,9 +2839,9 @@ checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
 
 [[package]]
 name = "orchard"
-version = "0.6.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d31e68534df32024dcc89a8390ec6d7bef65edd87d91b45cfb481a2eb2d77c5"
+checksum = "1fb255c3ffdccd3c84fe9ebed72aef64fdc72e6a3e4180dd411002d47abaad42"
 dependencies = [
  "aes",
  "bitvec",
@@ -2863,13 +2863,15 @@ dependencies = [
  "subtle",
  "tracing",
  "zcash_note_encryption",
+ "zcash_spec",
+ "zip32",
 ]
 
 [[package]]
 name = "orchard"
-version = "0.7.1"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fb255c3ffdccd3c84fe9ebed72aef64fdc72e6a3e4180dd411002d47abaad42"
+checksum = "0462569fc8b0d1b158e4d640571867a4e4319225ebee2ab6647e60c70af19ae3"
 dependencies = [
  "aes",
  "bitvec",
@@ -4232,9 +4234,9 @@ dependencies = [
 
 [[package]]
 name = "shardtree"
-version = "0.1.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c19f96dde3a8693874f7e7c53d95616569b4009379a903789efbd448f4ea9cc7"
+checksum = "3b3cdd24424ce0b381646737fedddc33c4dcf7dcd2d545056b53f7982097bef5"
 dependencies = [
  "bitflags 2.5.0",
  "either",
@@ -5743,24 +5745,27 @@ dependencies = [
 
 [[package]]
 name = "zcash_client_backend"
-version = "0.10.0"
+version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6a382af39be9ee5a3788157145c404b7cd19acc440903f6c34b09fb44f0e991"
+checksum = "0364e69c446fcf96a1f73f342c6c3fa697ea65ae7eeeae7d76ca847b9c442e40"
 dependencies = [
  "base64 0.21.7",
  "bech32",
  "bls12_381",
  "bs58",
  "crossbeam-channel",
+ "document-features",
  "group",
  "hex",
  "incrementalmerkletree",
  "memuse",
  "nom",
- "orchard 0.6.0",
+ "nonempty",
  "percent-encoding",
  "prost",
+ "rand_core 0.6.4",
  "rayon",
+ "sapling-crypto",
  "secrecy",
  "shardtree",
  "subtle",
@@ -5770,8 +5775,11 @@ dependencies = [
  "which",
  "zcash_address",
  "zcash_encoding",
+ "zcash_keys",
  "zcash_note_encryption",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.15.0",
+ "zcash_protocol",
+ "zip32",
 ]
 
 [[package]]
@@ -5795,6 +5803,32 @@ dependencies = [
  "primitive-types",
 ]
 
+[[package]]
+name = "zcash_keys"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "663489ffb4e51bc4436ff8796832612a9ff3c6516f1c620b5a840cb5dcd7b866"
+dependencies = [
+ "bech32",
+ "blake2b_simd",
+ "bls12_381",
+ "bs58",
+ "document-features",
+ "group",
+ "memuse",
+ "nonempty",
+ "rand_core 0.6.4",
+ "sapling-crypto",
+ "secrecy",
+ "subtle",
+ "tracing",
+ "zcash_address",
+ "zcash_encoding",
+ "zcash_primitives 0.15.0",
+ "zcash_protocol",
+ "zip32",
+]
+
 [[package]]
 name = "zcash_note_encryption"
 version = "0.4.0"
@@ -5810,17 +5844,15 @@ dependencies = [
 
 [[package]]
 name = "zcash_primitives"
-version = "0.13.0"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d17e4c94ca8d69d2fcf2be97522da5732a580eb2125cda3b150761952f8df8e6"
+checksum = "9070e084570bb78aed4f8d71fd6254492e62c87a5d01e084183980e98117092d"
 dependencies = [
  "aes",
  "bip0039",
- "bitvec",
  "blake2b_simd",
- "blake2s_simd",
- "bls12_381",
  "byteorder",
+ "document-features",
  "equihash",
  "ff",
  "fpe",
@@ -5829,26 +5861,30 @@ dependencies = [
  "hex",
  "incrementalmerkletree",
  "jubjub",
- "lazy_static",
  "memuse",
  "nonempty",
- "orchard 0.6.0",
+ "orchard 0.7.1",
  "rand 0.8.5",
  "rand_core 0.6.4",
+ "redjubjub",
  "ripemd",
+ "sapling-crypto",
  "secp256k1",
  "sha2",
  "subtle",
+ "tracing",
  "zcash_address",
  "zcash_encoding",
  "zcash_note_encryption",
+ "zcash_spec",
+ "zip32",
 ]
 
 [[package]]
 name = "zcash_primitives"
-version = "0.14.0"
+version = "0.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9070e084570bb78aed4f8d71fd6254492e62c87a5d01e084183980e98117092d"
+checksum = "b5a8d812efec385ecbcefc862c0005bb1336474ea7dd9b671d5bbddaadd04be2"
 dependencies = [
  "aes",
  "bip0039",
@@ -5859,25 +5895,23 @@ dependencies = [
  "ff",
  "fpe",
  "group",
- "hdwallet",
  "hex",
  "incrementalmerkletree",
  "jubjub",
  "memuse",
  "nonempty",
- "orchard 0.7.1",
+ "orchard 0.8.0",
  "rand 0.8.5",
  "rand_core 0.6.4",
  "redjubjub",
- "ripemd",
  "sapling-crypto",
- "secp256k1",
  "sha2",
  "subtle",
  "tracing",
  "zcash_address",
  "zcash_encoding",
  "zcash_note_encryption",
+ "zcash_protocol",
  "zcash_spec",
  "zip32",
 ]
@@ -5991,7 +6025,7 @@ dependencies = [
  "jubjub",
  "lazy_static",
  "num-integer",
- "orchard 0.6.0",
+ "orchard 0.7.1",
  "primitive-types",
  "proptest",
  "proptest-derive",
@@ -6002,6 +6036,7 @@ dependencies = [
  "reddsa",
  "redjubjub",
  "ripemd",
+ "sapling-crypto",
  "secp256k1",
  "serde",
  "serde-big-array",
@@ -6021,7 +6056,7 @@ dependencies = [
  "zcash_encoding",
  "zcash_history",
  "zcash_note_encryption",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.14.0",
  "zcash_protocol",
  "zebra-test",
 ]
@@ -6088,7 +6123,7 @@ dependencies = [
  "tonic-build 0.11.0",
  "tonic-reflection",
  "tower",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.14.0",
  "zebra-chain",
  "zebra-node-services",
  "zebra-state",
@@ -6171,7 +6206,7 @@ dependencies = [
  "tower",
  "tracing",
  "zcash_address",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.14.0",
  "zebra-chain",
  "zebra-consensus",
  "zebra-network",
@@ -6198,14 +6233,17 @@ dependencies = [
  "proptest",
  "proptest-derive",
  "rand 0.8.5",
+ "sapling-crypto",
  "semver 1.0.23",
  "serde",
  "tokio",
  "tower",
  "tracing",
+ "zcash_address",
  "zcash_client_backend",
+ "zcash_keys",
  "zcash_note_encryption",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.14.0",
  "zebra-chain",
  "zebra-grpc",
  "zebra-node-services",
@@ -6321,7 +6359,8 @@ dependencies = [
  "tracing-error",
  "tracing-subscriber",
  "zcash_client_backend",
- "zcash_primitives 0.13.0",
+ "zcash_primitives 0.15.0",
+ "zcash_protocol",
  "zebra-chain",
  "zebra-node-services",
  "zebra-rpc",

deny.toml

@@ -84,9 +84,8 @@ skip-tree = [
     # ECC crates
 
     # wait for zcash_client_backend
-    { name = "orchard", version = "=0.6.0" },
-    { name = "zcash_primitives", version = "=0.13.0" },
-    { name = "zcash_proofs", version = "=0.13.0" },
+    { name = "orchard", version = "=0.7.0" },
+    { name = "zcash_primitives", version = "=0.14.0" },
 
     # wait for hdwallet to upgrade
     { name = "ring", version = "=0.16.20" },

zebra-chain/Cargo.toml

@@ -93,11 +93,12 @@ x25519-dalek = { version = "2.0.1", features = ["serde"] }
 
 # ECC deps
 halo2 = { package = "halo2_proofs", version = "0.3.0" }
-orchard = "0.6.0"
+orchard = "0.7.0"
 zcash_encoding = "0.2.0"
 zcash_history = "0.4.0"
 zcash_note_encryption = "0.4.0"
-zcash_primitives = { version = "0.13.0", features = ["transparent-inputs"] }
+zcash_primitives = { version = "0.14.0", features = ["transparent-inputs"] }
+sapling = { package = "sapling-crypto", version = "0.1" }
 zcash_protocol = { version = "0.1.1" }
 zcash_address = { version = "0.3.2" }
 
@@ -134,7 +135,7 @@ serde_json = { version = "1.0.117", optional = true }
 tokio = { version = "1.37.0", optional = true }
 
 # Experimental feature shielded-scan
-zcash_client_backend = { version = "0.10.0-rc.1", optional = true }
+zcash_client_backend = { version = "0.12.1", optional = true }
 
 # Optional testing dependencies
 proptest = { version = "1.4.0", optional = true }

zebra-chain/src/parameters/network_upgrade.rs

@@ -30,7 +30,7 @@ pub const NETWORK_UPGRADES_IN_ORDER: [NetworkUpgrade; 8] = [
 ///
 /// Network upgrades can change the Zcash network protocol or consensus rules in
 /// incompatible ways.
-#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, Serialize, Deserialize)]
+#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, Serialize, Deserialize, Ord, PartialOrd)]
 #[cfg_attr(any(test, feature = "proptest-impl"), derive(Arbitrary))]
 pub enum NetworkUpgrade {
     /// The Zcash protocol for a Genesis block.

zebra-chain/src/primitives/address.rs

@@ -3,7 +3,6 @@
 //! Usage: <https://docs.rs/zcash_address/0.2.0/zcash_address/trait.TryFromAddress.html#examples>
 
 use zcash_address::unified::{self, Container};
-use zcash_primitives::sapling;
 
 use crate::{parameters::NetworkKind, transparent, BoxError};
 

zebra-chain/src/primitives/viewing_key/sapling.rs

@@ -1,11 +1,11 @@
 //! Defines types and implements methods for parsing Sapling viewing keys and converting them to `zebra-chain` types
 
-use zcash_client_backend::encoding::decode_extended_full_viewing_key;
-use zcash_primitives::{
-    constants::*,
-    sapling::keys::{FullViewingKey as SaplingFvk, SaplingIvk},
-    zip32::DiversifiableFullViewingKey as SaplingDfvk,
+use sapling::keys::{FullViewingKey as SaplingFvk, SaplingIvk};
+use zcash_client_backend::{
+    encoding::decode_extended_full_viewing_key,
+    keys::sapling::DiversifiableFullViewingKey as SaplingDfvk,
 };
+use zcash_primitives::constants::*;
 
 use crate::parameters::Network;
 

zebra-chain/src/primitives/zcash_note_encryption.rs

@@ -20,16 +20,22 @@ pub fn decrypts_successfully(transaction: &Transaction, network: &Network, heigh
     let alt_tx = convert_tx_to_librustzcash(transaction, network_upgrade)
         .expect("zcash_primitives and Zebra transaction formats must be compatible");
 
-    let alt_height = height.0.into();
-    let null_sapling_ovk = zcash_primitives::keys::OutgoingViewingKey([0u8; 32]);
+    let null_sapling_ovk = sapling::keys::OutgoingViewingKey([0u8; 32]);
+
+    // Note that, since this function is used to validate coinbase transactions, we can ignore
+    // the "grace period" mentioned in ZIP-212.
+    let zip_212_enforcement = if network_upgrade >= NetworkUpgrade::Canopy {
+        sapling::note_encryption::Zip212Enforcement::On
+    } else {
+        sapling::note_encryption::Zip212Enforcement::Off
+    };
 
     if let Some(bundle) = alt_tx.sapling_bundle() {
         for output in bundle.shielded_outputs().iter() {
-            let recovery = zcash_primitives::sapling::note_encryption::try_sapling_output_recovery(
-                network,
-                alt_height,
+            let recovery = sapling::note_encryption::try_sapling_output_recovery(
                 &null_sapling_ovk,
                 output,
+                zip_212_enforcement,
             );
             if recovery.is_none() {
                 return false;