Skip to content

zcash_proofs: Extract separate verifiers for proofs, spendAuthSigs, and bindingSig from SaplingVerificationContext #115

@str4d

Description

@str4d

Currently, we have a single SaplingVerificationContext which we initialize, use to verify each Spend and Output description, and then call final_check to verify bindingSig. The reason for this workflow was that there is a data dependency on the entire transaction to fully verify it. However, this data dependency is only a blocker on bindingSig; the remaining components can be verified independently of the whole transaction (after computing sigHash), and also batch-verified.

Furthermore, the data dependency for bindingSig is effectively just on computing bvk. Once we have that, verification of bindingSig is equivalent to verifying a spendAuthSig.

We should extract the per-proof and per-signature verifiers from SaplingVerificationContext, so they can be run independently or batched. SaplingVerificationContext would continue to apply the various consensus checks on each spend and output, and final_check would return bvk, which could then be used to e.g. batch-verify bindingSig alongside the spendAuthSigs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions