Struct Spend 

pub struct Spend { /* private fields */ }

Information about a Sapling spend within a transaction.

This struct is for representing Sapling spends in a partially-created transaction. If you have a fully-created transaction, use the regular SpendDescription struct.

Implementations

impl Spend

pub fn parse( cv: [u8; 32], nullifier: [u8; 32], rk: [u8; 32], zkproof: Option<GrothProofBytes>, spend_auth_sig: Option<[u8; 64]>, recipient: Option<[u8; 43]>, value: Option<u64>, rcm: Option<[u8; 32]>, rseed: Option<[u8; 32]>, rcv: Option<[u8; 32]>, proof_generation_key: Option<([u8; 32], [u8; 32])>, witness: Option<(u32, [[u8; 32]; 32])>, alpha: Option<[u8; 32]>, zip32_derivation: Option<Zip32Derivation>, dummy_ask: Option<[u8; 32]>, proprietary: BTreeMap<String, Vec<u8>>, ) -> Result<Self, ParseError>

Parses a PCZT spend from its component parts.

impl Spend

pub fn verify_cv(&self) -> Result<(), VerifyError>

Verifies that the cv field is consistent with the note fields.

Requires that the following optional fields are set:

• value
• rcv

pub fn verify_nullifier( &self, expected_fvk: Option<&FullViewingKey>, ) -> Result<(), VerifyError>

Verifies that the nullifier field is consistent with the note fields.

Requires that the following optional fields are set:

• recipient
• value
• rseed
• witness

In addition, at least one of the proof_generation_key field or expected_fvk must be provided.

The provided FullViewingKey is ignored if the spent note is a dummy note. Otherwise, it will be checked against the proof_generation_key field (if both are set).

pub fn verify_rk( &self, expected_fvk: Option<&FullViewingKey>, ) -> Result<(), VerifyError>

Verifies that the rk field is consistent with the given FVK.

Requires that the following optional fields are set:

• alpha

The provided FullViewingKey is ignored if the spent note is a dummy note (which can only be determined if the value field is set). Otherwise, it will be checked against the proof_generation_key field (if set).

impl Spend

pub fn sign<R: RngCore + CryptoRng>( &mut self, sighash: [u8; 32], ask: &SpendAuthorizingKey, rng: R, ) -> Result<(), SignerError>

Signs the Sapling spend with the given spend authorizing key.

It is the caller’s responsibility to perform any semantic validity checks on the PCZT (for example, comfirming that the change amounts are correct) before calling this method.

pub fn apply_signature( &mut self, sighash: [u8; 32], signature: Signature<SpendAuth>, ) -> Result<(), SignerError>

Applies the given signature to the Sapling spend, if valid.

It is the caller’s responsibility to perform any semantic validity checks on the PCZT (for example, comfirming that the change amounts are correct) before calling this method.

impl Spend

pub fn cv(&self) -> &ValueCommitment

A commitment to the value consumed by this spend.

pub fn nullifier(&self) -> &Nullifier

The nullifier of the note being spent.

pub fn rk(&self) -> &VerificationKey<SpendAuth>

The randomized verification key for the note being spent.

pub fn zkproof(&self) -> &Option<GrothProofBytes>

The Spend proof.

This is set by the Prover.

pub fn spend_auth_sig(&self) -> &Option<Signature<SpendAuth>>

The spend authorization signature.

This is set by the Signer.

pub fn recipient(&self) -> &Option<PaymentAddress>

The address that received the note being spent.

• This is set by the Constructor (or Updater?).
• This is required by the Prover.

pub fn value(&self) -> &Option<NoteValue>

The value of the input being spent.

This may be used by Signers to verify that the value matches cv, and to confirm the values and change involved in the transaction.

This exposes the input value to all participants. For Signers who don’t need this information, or after signatures have been applied, this can be redacted.

pub fn rseed(&self) -> &Option<Rseed>

The seed randomness for the note being spent.

• This is set by the Constructor.
• This is required by the Prover.

pub fn rcv(&self) -> &Option<ValueCommitTrapdoor>

The value commitment randomness.

• This is set by the Constructor.
• The IO Finalizer compresses it into the bsk.
• This is required by the Prover.
• This may be used by Signers to verify that the value correctly matches cv.

This opens cv for all participants. For Signers who don’t need this information, or after proofs / signatures have been applied, this can be redacted.

pub fn proof_generation_key(&self) -> &Option<ProofGenerationKey>

The proof generation key (ak, nsk) corresponding to the recipient that received the note being spent.

• This is set by the Updater.
• This is required by the Prover.

pub fn witness(&self) -> &Option<MerklePath>

A witness from the note to the bundle’s anchor.

• This is set by the Updater.
• This is required by the Prover.

pub fn alpha(&self) -> &Option<Scalar>

The spend authorization randomizer.

• This is chosen by the Constructor.
• This is required by the Signer for creating spend_auth_sig, and may be used to validate rk.
• Afterzkproof / spend_auth_sig has been set, this can be redacted.

pub fn zip32_derivation(&self) -> &Option<Zip32Derivation>

The ZIP 32 derivation path at which the spending key can be found for the note being spent.

pub fn dummy_ask(&self) -> &Option<SpendAuthorizingKey>

The spend authorizing key for this spent note, if it is a dummy note.

• This is chosen by the Constructor.
• This is required by the IO Finalizer, and is cleared by it once used.
• Signers MUST reject PCZTs that contain dummy_ask values.

pub fn proprietary(&self) -> &BTreeMap<String, Vec<u8>>

Proprietary fields related to the note being spent.

Trait Implementations

impl Debug for Spend

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.