ZcashFoundation · dconnolly · Jul 29, 2021 · Jul 7, 2021 · Jul 7, 2021 · Jul 7, 2021
@@ -15,10 +15,12 @@ bench = ["zebra-test"]
 [dependencies]
 aes = "0.6"
 bech32 = "0.8.1"
+bigint = "4"
 bitflags = "1.2.1"
 bitvec = "0.22"
 blake2b_simd = "0.5.11"
 blake2s_simd = "0.5.11"
+bls12_381 = "0.5.0"
 bs58 = { version = "0.4", features = ["check"] }
 byteorder = "1.4"
 chrono = { version = "0.4", features = ["serde"] }
@@ -30,6 +32,7 @@ group = "0.10"
 # Note: if updating this, also update the workspace Cargo.toml to match.
 halo2 = { git = "https://github.com/zcash/halo2.git", rev = "236115917df9db45282fec24d1e1e36f275f71ab" }
 hex = "0.4"
+incrementalmerkletree = "0.1.0"
 jubjub = "0.7.0"
 lazy_static = "1.4.0"
 rand_core = "0.6"
@@ -40,13 +43,10 @@ serde-big-array = "0.3.2"
 sha2 = { version = "0.9.5", features=["compress"] }
 subtle = "2.4"
 thiserror = "1"
+uint = "0.9.1"
 x25519-dalek = { version = "1.1", features = ["serde"] }
 zcash_history = { git = "https://github.com/zcash/librustzcash.git", rev = "0c3ed159985affa774e44d10172d4471d798a85a" }
 zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "0c3ed159985affa774e44d10172d4471d798a85a" }
-bigint = "4"
-uint = "0.9.1"
-bls12_381 = "0.5.0"
-incrementalmerkletree = "0.1.0"
 
 proptest = { version = "0.10", optional = true }
 proptest-derive = { version = "0.3.0", optional = true }

@@ -1,5 +1,14 @@
 //! Orchard shielded data for `V5` `Transaction`s.
 
+use std::{
+    cmp::{Eq, PartialEq},
+    fmt::Debug,
+    io,
+};
+
+use byteorder::{ReadBytesExt, WriteBytesExt};
+use halo2::pasta::pallas;
+
 use crate::{
     amount::Amount,
     block::MAX_BLOCK_BYTES,
@@ -13,14 +22,6 @@ use crate::{
     },
 };
 
-use byteorder::{ReadBytesExt, WriteBytesExt};
-
-use std::{
-    cmp::{Eq, PartialEq},
-    fmt::Debug,
-    io,
-};
-
 /// A bundle of [`Action`] descriptions and signature data.
 #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
 pub struct ShieldedData {
@@ -32,14 +33,15 @@ pub struct ShieldedData {
     pub shared_anchor: tree::Root,
     /// The aggregated zk-SNARK proof for all the actions in this transaction.
     pub proof: Halo2Proof,
-    /// The Orchard Actions.
+    /// The Orchard Actions, in the order they appear in the transaction.
     pub actions: AtLeastOne<AuthorizedAction>,
     /// A signature on the transaction `sighash`.
     pub binding_sig: Signature<Binding>,
 }
 
 impl ShieldedData {
-    /// Iterate over the [`Action`]s for the [`AuthorizedAction`]s in this transaction.
+    /// Iterate over the [`Action`]s for the [`AuthorizedAction`]s in this
+    /// transaction, in the order they appear in it.
     pub fn actions(&self) -> impl Iterator<Item = &Action> {
         self.actions.actions()
     }
@@ -48,6 +50,12 @@ impl ShieldedData {
     pub fn nullifiers(&self) -> impl Iterator<Item = &Nullifier> {
         self.actions().map(|action| &action.nullifier)
     }
+
+    /// Collect the cm_x's for this transaction, if it contains [`Action`]s with
+    /// outputs, in the order they appear in the transaction.
+    pub fn note_commitments(&self) -> impl Iterator<Item = &pallas::Base> {
+        self.actions().map(|action| &action.cm_x)
+    }
 }
 
 impl AtLeastOne<AuthorizedAction> {

@@ -111,6 +111,12 @@ impl From<Root> for [u8; 32] {
     }
 }
 
+impl From<&Root> for [u8; 32] {
+    fn from(root: &Root) -> Self {
+        (*root).into()
+    }
+}
+
 impl Hash for Root {
     fn hash<H: Hasher>(&self, state: &mut H) {
         self.0.to_bytes().hash(state)
@@ -177,15 +183,36 @@ impl From<pallas::Base> for Node {
     }
 }
 
+impl serde::Serialize for Node {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        self.0.to_bytes().serialize(serializer)
+    }
+}
+
+impl<'de> serde::Deserialize<'de> for Node {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        let bytes = <[u8; 32]>::deserialize(deserializer)?;
+        Option::<pallas::Base>::from(pallas::Base::from_bytes(&bytes))
+            .map(Node)
+            .ok_or_else(|| serde::de::Error::custom("invalid Pallas field element"))
+    }
+}
+
 #[allow(dead_code, missing_docs)]
-#[derive(Error, Debug, PartialEq)]
+#[derive(Error, Debug, PartialEq, Eq)]
 pub enum NoteCommitmentTreeError {
     #[error("The note commitment tree is full")]
     FullTree,
 }
 
 /// Orchard Incremental Note Commitment Tree
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct NoteCommitmentTree {
     /// The tree represented as a Frontier.
     ///

@@ -104,7 +104,7 @@ where
     pub value_balance: Amount,
 
     /// A bundle of spends and outputs, containing at least one spend or
-    /// output.
+    /// output, in the order they appear in the transaction.
     ///
     /// In V5 transactions, also contains a shared anchor, if there are any
     /// spends.
@@ -154,7 +154,8 @@ where
         /// [`Spend`]s in this `TransferData`.
         spends: AtLeastOne<Spend<AnchorV>>,
 
-        /// Maybe some outputs (can be empty).
+        /// Maybe some outputs (can be empty), in the order they appear in the
+        /// transaction.
         ///
         /// Use the [`ShieldedData::outputs`] method to get an iterator over the
         /// [`Outputs`]s in this `TransferData`.
@@ -167,7 +168,7 @@ where
     /// In Transaction::V5, if there are no spends, there must not be a shared
     /// anchor.
     JustOutputs {
-        /// At least one output.
+        /// At least one output, in the order they appear in the transaction.
         ///
         /// Use the [`ShieldedData::outputs`] method to get an iterator over the
         /// [`Outputs`]s in this `TransferData`.
@@ -205,7 +206,8 @@ where
         self.transfers.spends()
     }
 
-    /// Iterate over the [`Output`]s for this transaction.
+    /// Iterate over the [`Output`]s for this transaction, in the order they
+    /// appear in it.
     pub fn outputs(&self) -> impl Iterator<Item = &Output> {
         self.transfers.outputs()
     }
@@ -225,7 +227,8 @@ where
         self.spends().map(|spend| &spend.nullifier)
     }
 
-    /// Collect the cm_u's for this transaction, if it contains [`Output`]s.
+    /// Collect the cm_u's for this transaction, if it contains [`Output`]s,
+    /// in the order they appear in the transaction.
     pub fn note_commitments(&self) -> impl Iterator<Item = &jubjub::Fq> {
         self.outputs().map(|output| &output.cm_u)
     }

@@ -1,7 +1,17 @@
+use std::sync::Arc;
+
+use color_eyre::eyre;
+use eyre::Result;
 use hex::FromHex;
 
-use crate::sapling::tests::test_vectors;
-use crate::sapling::tree::*;
+use crate::block::Block;
+use crate::parameters::NetworkUpgrade;
+use crate::sapling::{self, tree::*};
+use crate::serialization::ZcashDeserializeInto;
+use crate::{parameters::Network, sapling::tests::test_vectors};
+use zebra_test::vectors::{
+    MAINNET_BLOCKS, MAINNET_FINAL_SAPLING_ROOTS, TESTNET_BLOCKS, TESTNET_FINAL_SAPLING_ROOTS,
+};
 
 #[test]
 fn empty_roots() {
@@ -41,3 +51,83 @@ fn incremental_roots() {
         );
     }
 }
+
+#[test]
+fn incremental_roots_with_blocks() -> Result<()> {
+    incremental_roots_with_blocks_for_network(Network::Mainnet)?;
+    incremental_roots_with_blocks_for_network(Network::Testnet)?;
+    Ok(())
+}
+
+fn incremental_roots_with_blocks_for_network(network: Network) -> Result<()> {
+    let (blocks, sapling_roots) = match network {
+        Network::Mainnet => (&*MAINNET_BLOCKS, &*MAINNET_FINAL_SAPLING_ROOTS),
+        Network::Testnet => (&*TESTNET_BLOCKS, &*TESTNET_FINAL_SAPLING_ROOTS),
+    };
+    let height = NetworkUpgrade::Sapling
+        .activation_height(network)
+        .unwrap()
+        .0;
+
+    // Load Block 0 (activation block of the given network upgrade)
+    let block0 = Arc::new(
+        blocks
+            .get(&height)
+            .expect("test vector exists")
+            .zcash_deserialize_into::<Block>()
+            .expect("block is structurally valid"),
+    );
+    // Build initial MMR tree with only Block 0
+    let sapling_root0 =
+        sapling::tree::Root(**sapling_roots.get(&height).expect("test vector exists"));
+
+    let mut tree = sapling::tree::NoteCommitmentTree::default();
+
+    // Add note commitments in Block 0 to the tree
+    for transaction in block0.transactions.iter() {
+        for sapling_note_commitment in transaction.sapling_note_commitments() {
+            tree.append(*sapling_note_commitment)
+                .expect("test vector is correct");
+        }
+    }
+
+    // Check if root is correct
+    assert_eq!(sapling_root0, tree.root());
+
+    // Load Block 1 (activation + 1)
+    let block1 = Arc::new(
+        blocks
+            .get(&(height + 1))
+            .expect("test vector exists")
+            .zcash_deserialize_into::<Block>()
+            .expect("block is structurally valid"),
+    );
+    let sapling_root1 = sapling::tree::Root(
+        **sapling_roots
+            .get(&(height + 1))
+            .expect("test vector exists"),
+    );
+
+    // Add note commitments in Block 1 to the tree
+    let mut appended_count = 0;
+    for transaction in block1.transactions.iter() {
+        for sapling_note_commitment in transaction.sapling_note_commitments() {
+            tree.append(*sapling_note_commitment)
+                .expect("test vector is correct");
+            appended_count += 1;
+        }
+    }
+    // We also want to make sure that sapling_note_commitments() is returning
+    // the commitments in the right order. But this will only be actually tested
+    // if there are more than one note commitment in a block.
+    // In the test vectors this applies only for the block 1 in mainnet,
+    // so we make this explicit in this assert.
+    if network == Network::Mainnet {
+        assert!(appended_count > 1);
+    }
+
+    // Check if root is correct
+    assert_eq!(sapling_root1, tree.root());
+
+    Ok(())
+}
@@ -147,15 +147,36 @@ impl From<jubjub::Fq> for Node {
     }
 }
 
+impl serde::Serialize for Node {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        self.0.serialize(serializer)
+    }
+}
+
+impl<'de> serde::Deserialize<'de> for Node {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        let bytes = <[u8; 32]>::deserialize(deserializer)?;
+        Option::<jubjub::Fq>::from(jubjub::Fq::from_bytes(&bytes))
+            .map(Node::from)
+            .ok_or_else(|| serde::de::Error::custom("invalid JubJub field element"))
+    }
+}
+
 #[allow(dead_code, missing_docs)]
-#[derive(Error, Debug, PartialEq)]
+#[derive(Error, Debug, PartialEq, Eq)]
 pub enum NoteCommitmentTreeError {
     #[error("The note commitment tree is full")]
     FullTree,
 }
 
 /// Sapling Incremental Note Commitment Tree.
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct NoteCommitmentTree {
     /// The tree represented as a Frontier.
     ///