zebra
zebra copied to clipboard
Use a `bellman::Proof` instead of a byte array in `Groth16Proof`
Motivation
We use a byte array in the Groth16Proof
struct. However, not every byte array is a well-formed proof (i.e. the encoding of three field elements, as enforced by the bellman
package). For improved type safety, it would be better to use bellman::Proof
inside it and parse the proof while parsing the transaction.
However, this requires a lot of code changes:
- A lot of tests expect it to be a byte array
- The tests vectors from https://github.com/zcash-hackworks/zcash-test-vectors/ generate random byte array as proofs. We'd need to change the test vector generators to generate random well-formed proofs.
- In the same way, the
Arbitrary
implementation must be changed to generate random well-formed proofs.
For this reason, it was postponed for later.
Specifications
Designs
To generate a well-formed proof, you will need to generate 3 field elements: one in G1, second in G2, third in G1 again. See this snippet for reference: https://github.com/ZcashFoundation/zebra/blob/81727d7df0ee57e6d4f2172c287e52e414c4e6a0/zebra-consensus/src/transaction/tests.rs#L1956-L1960
Related Work
Hey team! Please add your planning poker estimate with ZenHub @conradoplg @dconnolly @jvff @oxarbitrage @teor2345 @upbqdn
Making this change would increase the cost of serving blocks to peers, because the proofs would be redundantly re-validated when deserializing from the database.
We're already having this performance problem with some curve types.
So I think it's ok for now.