package tezos-protocol-008-PtEdo2Zk

  1. Overview
  2. Docs
Tezos protocol 008-PtEdo2Zk package

Install

dune-project
 Dependency

Authors

Maintainers

Sources

tezos-18.1.tar.gz
sha256=aa2f5bc99cc4ca2217c52a1af2a2cdfd3b383208cb859ca2e79ca0903396ca1d
sha512=d68bb3eb615e3dcccc845fddfc9901c95b3c6dc8e105e39522ce97637b1308a7fa7aa1d271351d5933febd7476b2819e1694f31198f1f0919681f1f9cc97cb3a

doc/src/tezos_raw_protocol_008_PtEdo2Zk/sapling_validator.ml.html

Source file sapling_validator.ml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
(* The MIT License (MIT)
 *
 * Copyright (c) 2019-2020 Nomadic Labs <contact@nomadic-labs.com>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. *)

(* Check that each nullifier is not already present in the state and add it.
   Important to avoid spending the same input twice in a transaction. *)
let rec check_and_update_nullifiers ctxt state inputs =
  match inputs with
  | [] ->
      return (ctxt, Some state)
  | input :: inputs -> (
      Sapling_storage.nullifiers_mem ctxt state Sapling.UTXO.(input.nf)
      >>=? function
      | (ctxt, true) ->
          return (ctxt, None)
      | (ctxt, false) ->
          let state =
            Sapling_storage.nullifiers_add state Sapling.UTXO.(input.nf)
          in
          check_and_update_nullifiers ctxt state inputs )

let verify_update :
    Raw_context.t ->
    Sapling_storage.state ->
    Sapling_repr.transaction ->
    string ->
    (Raw_context.t * (Int64.t * Sapling_storage.state) option) tzresult Lwt.t =
 fun ctxt state transaction key ->
  (* Check the transaction *)
  (* To avoid overflowing the balance, the number of inputs and outputs must be
     bounded.
     Ciphertexts' memo_size must match the state's memo_size.
     These constraints are already enforced at the encoding level. *)
  assert (Compare.Int.(List.compare_length_with transaction.inputs 5208 <= 0)) ;
  assert (Compare.Int.(List.compare_length_with transaction.outputs 2019 <= 0)) ;
  let pass =
    List.for_all
      (fun output ->
        Compare.Int.(
          Sapling.Ciphertext.get_memo_size Sapling.UTXO.(output.ciphertext)
          = state.memo_size))
      transaction.outputs
  in
  if not pass then return (ctxt, None)
  else
    (* Check the root is a recent state *)
    Sapling_storage.root_mem ctxt state transaction.root
    >>=? fun pass ->
    if not pass then return (ctxt, None)
    else
      check_and_update_nullifiers ctxt state transaction.inputs
      >|=? function
      | (ctxt, None) ->
          (ctxt, None)
      | (ctxt, Some state) ->
          Sapling.Verification.with_verification_ctx (fun vctx ->
              let pass =
                (* Check all the output ZK proofs *)
                List.for_all
                  (fun output -> Sapling.Verification.check_output vctx output)
                  transaction.outputs
              in
              if not pass then (ctxt, None)
              else
                let pass =
                  (* Check all the input Zk proofs and signatures *)
                  List.for_all
                    (fun input ->
                      Sapling.Verification.check_spend
                        vctx
                        input
                        transaction.root
                        key)
                    transaction.inputs
                in
                if not pass then (ctxt, None)
                else
                  let pass =
                    (* Check the signature and balance of the whole transaction *)
                    Sapling.Verification.final_check vctx transaction key
                  in
                  if not pass then (ctxt, None)
                  else
                    (* update tree *)
                    let list_to_add =
                      List.map
                        (fun output ->
                          Sapling.UTXO.(output.cm, output.ciphertext))
                        transaction.outputs
                    in
                    let state = Sapling_storage.add state list_to_add in
                    (ctxt, Some (transaction.balance, state)))