Crate pczt

Source
Expand description

The Partially Created Zcash Transaction (PCZT) format.

Goal is to split up the parts of creating a transaction across distinct entities. The entity roles roughly match BIP 174: Partially Signed Bitcoin Transaction Format.

  • Creator (single entity)
    • Creates the base PCZT with no information about spends or outputs.
  • Constructor (anyone can contribute)
    • Adds spends and outputs to the PCZT.
    • Before any input or output may be added, the constructor must check the Global.tx_modifiable field. Inputs may only be added if the Inputs Modifiable flag is True. Outputs may only be added if the Outputs Modifiable flag is True.
    • A single entity is likely to be both a Creator and Constructor.
  • IO Finalizer (anyone can execute)
    • Sets the appropriate bits in Global.tx_modifiable to 0.
    • Updates the various bsk values using the rcv information from spends and outputs.
  • Updater (anyone can contribute)
    • Adds information necessary for subsequent entities to proceed, such as key paths for signing spends.
  • Redactor (anyone can execute)
    • Removes information that is unnecessary for subsequent entities to proceed.
    • This can be useful e.g. when creating a transaction that has inputs from multiple independent Signers; each can receive a PCZT with just the information they need to sign, but (e.g.) not the alpha values for other Signers.
  • Prover (capability holders can contribute)
    • Needs all private information for a single spend or output.
    • In practice, the Updater that adds a given spend or output will either act as the Prover themselves, or add the necessary data, offload to the Prover, and then receive back the PCZT with private data stripped and proof added.
  • Signer (capability holders can contribute)
    • Needs the spend authorization randomizers to create signatures.
    • Needs sufficient information to verify that the proof is over the correct data, without needing to verify the proof itself.
    • A Signer should only need to implement:
      • Pedersen commitments using Jubjub / Pallas arithmetic (for note and value commitments)
      • BLAKE2b and BLAKE2s (and the various PRFs / CRHs they are used in)
      • Nullifier check (using Jubjub / Pallas arithmetic)
      • KDF plus note decryption (AEAD_CHACHA20_POLY1305)
      • SignatureHash algorithm
      • Signatures (RedJubjub / RedPallas)
      • A source of randomness.
  • Combiner (anyone can execute)
    • Combines several PCZTs that represent the same transaction into a single PCZT.
  • Spend Finalizer (anyone can execute)
    • Combines partial transparent signatures into script_sigs.
  • Transaction Extractor (anyone can execute)
    • Creates bindingSig and extracts the final transaction.

Modules§

common
orchard
roles
sapling
transparent

Structs§

Pczt
A partially-created Zcash transaction.

Enums§

ParseError
Errors that can occur while parsing a PCZT.