sapling_crypto/verifier/
single.rs

1use bellman::groth16::{verify_proof, Proof};
2use bls12_381::Bls12;
3use redjubjub::{Binding, SpendAuth};
4
5use super::SaplingVerificationContextInner;
6use crate::{
7    circuit::{PreparedOutputVerifyingKey, PreparedSpendVerifyingKey},
8    note::ExtractedNoteCommitment,
9    value::ValueCommitment,
10};
11
12/// A context object for verifying the Sapling components of a single Zcash transaction.
13pub struct SaplingVerificationContext {
14    inner: SaplingVerificationContextInner,
15}
16
17impl SaplingVerificationContext {
18    /// Construct a new context to be used with a single transaction.
19    #[allow(clippy::new_without_default)]
20    pub fn new() -> Self {
21        SaplingVerificationContext {
22            inner: SaplingVerificationContextInner::new(),
23        }
24    }
25
26    /// Perform consensus checks on a Sapling SpendDescription, while
27    /// accumulating its value commitment inside the context for later use.
28    #[allow(clippy::too_many_arguments)]
29    pub fn check_spend(
30        &mut self,
31        cv: &ValueCommitment,
32        anchor: bls12_381::Scalar,
33        nullifier: &[u8; 32],
34        rk: redjubjub::VerificationKey<SpendAuth>,
35        sighash_value: &[u8; 32],
36        spend_auth_sig: redjubjub::Signature<SpendAuth>,
37        zkproof: Proof<Bls12>,
38        verifying_key: &PreparedSpendVerifyingKey,
39    ) -> bool {
40        self.inner.check_spend(
41            cv,
42            anchor,
43            nullifier,
44            &rk,
45            zkproof,
46            &mut (),
47            |_, rk| rk.verify(sighash_value, &spend_auth_sig).is_ok(),
48            |_, proof, public_inputs| {
49                verify_proof(&verifying_key.0, &proof, &public_inputs[..]).is_ok()
50            },
51        )
52    }
53
54    /// Perform consensus checks on a Sapling OutputDescription, while
55    /// accumulating its value commitment inside the context for later use.
56    pub fn check_output(
57        &mut self,
58        cv: &ValueCommitment,
59        cmu: ExtractedNoteCommitment,
60        epk: jubjub::ExtendedPoint,
61        zkproof: Proof<Bls12>,
62        verifying_key: &PreparedOutputVerifyingKey,
63    ) -> bool {
64        self.inner
65            .check_output(cv, cmu, epk, zkproof, |proof, public_inputs| {
66                verify_proof(&verifying_key.0, &proof, &public_inputs[..]).is_ok()
67            })
68    }
69
70    /// Perform consensus checks on the valueBalance and bindingSig parts of a
71    /// Sapling transaction. All SpendDescriptions and OutputDescriptions must
72    /// have been checked before calling this function.
73    pub fn final_check<V: Into<i64>>(
74        &self,
75        value_balance: V,
76        sighash_value: &[u8; 32],
77        binding_sig: redjubjub::Signature<Binding>,
78    ) -> bool {
79        self.inner.final_check(value_balance, |bvk| {
80            bvk.verify(sighash_value, &binding_sig).is_ok()
81        })
82    }
83}