Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Release #133

Merged
merged 3 commits into from
Dec 9, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
update docs (#134)
* chore: update wrong names on docs

* chore: remove unused instructions

* chore: remove instruction code not implemented

* chore: update docs again

* fix: mermaid diagrams
emmanuelm41 authored Nov 28, 2024
commit 82b96ad5338eb8dc08fab30d3f741d9939b7600b
6 changes: 0 additions & 6 deletions app/src/apdu_handler.c
Original file line number Diff line number Diff line change
@@ -145,12 +145,6 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
break;
}

case INS_SIGN_SAPLING: {
CHECK_PIN_VALIDATED()
handleSignSapling();
break;
}

default:
THROW(APDU_CODE_INS_NOT_SUPPORTED);
}
4 changes: 0 additions & 4 deletions app/src/coin.h
Original file line number Diff line number Diff line change
@@ -66,15 +66,12 @@ extern "C" {

#define INS_GET_VERSION 0x00
#define INS_GET_ADDR_SECP256K1 0x01
#define INS_SIGN_SECP256K1 0x02
#define INS_GET_ADDR_SAPLING_DIV 0x10
#define INS_GET_ADDR_SAPLING 0x11
#define INS_SIGN_SAPLING 0x12

#define INS_GET_DIV_LIST 0x09

#define INS_INIT_TX 0xa0
#define INS_KEY_EXCHANGE 0xaa
#define INS_EXTRACT_SPEND 0xa1
#define INS_EXTRACT_OUTPUT 0xa2
#define INS_CHECKANDSIGN 0xa3
@@ -85,7 +82,6 @@ extern "C" {
#define INS_GET_OVK 0xf1
#define INS_GET_NF 0xf2
#define INS_GET_FVK 0xf3
#define INS_CRASH_TEST 0xff

typedef enum { key_ivk = 0, key_ovk = 1, key_fvk = 2, nf = 3 } key_type_e;

4 changes: 0 additions & 4 deletions app/src/handlers/handler_signing.h
Original file line number Diff line number Diff line change
@@ -333,7 +333,3 @@ __Z_INLINE void handleCheckandSign(volatile uint32_t *tx, uint32_t rx) {
*tx = 32;
THROW(APDU_CODE_OK);
}

__Z_INLINE void handleSignSapling() {
THROW(APDU_CODE_COMMAND_NOT_ALLOWED);
}
16 changes: 8 additions & 8 deletions docs/APDUSPEC.md
Original file line number Diff line number Diff line change
@@ -68,7 +68,7 @@ The general structure of commands and responses is as follows:

---

### GET_VERSION
### INS_GET_VERSION

#### Command

@@ -198,7 +198,7 @@ If a diversifier was not valid, zero-bytes are returned (so always 220 bytes are

---

### INS_GET_IVK_SAPLING
### INS_GET_IVK

Returns a sapling incoming viewing key.
Forced user confirmation (So P1 needs to be 0x01).
@@ -225,7 +225,7 @@ Also returns the default diversifier (starting from index 0).

---

### INS_GET_OVK_SAPLING
### INS_GET_OVK

Returns a sapling outgoing viewing key. Forced user confirmation (So P1 needs to be 0x01).

@@ -249,7 +249,7 @@ Returns a sapling outgoing viewing key. Forced user confirmation (So P1 needs to

---

### INS_GET_FVK_SAPLING
### INS_GET_FVK

Returns a sapling full viewing key fvk = (ak, nk, ovk). Forced user confirmation (So P1 needs to be 0x01).

@@ -275,7 +275,7 @@ Returns a sapling full viewing key fvk = (ak, nk, ovk). Forced user confirmation

---

### INS_GET_NF_SAPLING
### INS_GET_NF

Returns a sapling nullifier. TODO: Forced user confirmation (So P1 needs to be 0x01).

@@ -397,7 +397,7 @@ Data is defined as:

Returns a proof generating key (PGK) and randomness (rcv and alpha) for a sapling spend.

- This command requires you already called the INS_INIT_TX_SAPLING.
- This command requires you already called the INS_INIT_TX.
- This command requires that it is needed to extract spendinfo.

#### Command
@@ -425,7 +425,7 @@ Returns a proof generating key (PGK) and randomness (rcv and alpha) for a saplin

Returns randomness (rcv and rseed (after ZIP202) and optional Hash_Seed) for a sapling output.

- This command requires you already called the INS_INIT_TX_SAPLING.
- This command requires you already called the INS_INIT_TX.
- This command requires you already called the correct number of INS_GET_SPENDINFO.
- This command requires that it is needed to extract outputinfo.

@@ -560,7 +560,7 @@ Data is defined as:

---

### INS_GET_EXTRACT_TRANSSSIG
### INS_EXTRACT_TRANSSIG

Returns a SECP256K1 signature for a sapling transparent input if available. Othrewise, it returns only an error code.

199 changes: 199 additions & 0 deletions docs/previuos/zcash_workflow_v1.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
Zcash ledger, first connect:
- Address generation
- Sharing address with host
- Sharing IVK with host
//TODO: change to APDU API
```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network
H ->> LC: compute_address(path: u32)
activate LC
LC -->> LF: store_ivk(ivk) ?
Note over LF: potentially store (path, IVK)
LC ->> H: address: (diversifier, pk_d)
LC ->> H: incoming viewing key: ivk
deactivate LC
Note over H,LC: show address on both screens?
```

Zcash ledger, syncing
- Sharing IVK with host
- Decrypt incoming notes and verification note commitments
- TODO: what to do with matching notes?
```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network
H ->> LC: get_ivk(path: u32)
#add minor confirmation
activate LC
LC -->> LF: retrieve_ivk(path) ?
LF -->> LC: ivk ?
Note over LC: compute_ivk(path)
LC ->> H: ivk
deactivate LC
activate H
H ->> N: get_unspend_notes()
N ->> H: [unspend_notes]
Note over H: [matching_notes] = decrypt_all_unspend_notes(ivk, [unspend_notes])
Note over H: store [matching_notes] (d, pk_d, v, rcm)
deactivate H
```

Zcash ledger, make shielded transaction phase 1
- Verify outputs on screen

```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network

Note over H: show amount, address, memo-fields per output
Note over H: validate amount <= total_amount
H ->> LC: initiate_transaction()
N ->> H: anchor of note?
N ->> H: metadata
Note over H: input note selection (path, note)

activate LC
loop Every output note
H ->> LC: verify_output(d, pk_d, value, memo)
Note over H,LC: approve amount and address and verify on screens
Note over H,LC: approve hash of memo and verify on screens
LC ->> H: approval of output
LC ->> LF: store_output_data(d,pk_d,value,memo)
end
deactivate LC
#compute value balance and approve
Note over LC,H: continue if all approved
```

Zcash ledger, make shielded transaction phase 2
- Process outputs and store in flash
- Compute hash of all outputs

```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network
activate LC
loop Every output note
H ->> LC: make_transaction(path) #TODO: which path??? fixed one makes sense??
Note over LC: compute random rcm
LC ->> LF: update_rcmnew(rcm)
LF ->> LC: (d,pk_d,value)
Note over LC: compute value/note commitments
LC ->> LF: update_valuecommitsum(vc)
LC ->> LF: value/note commitments
LC ->> H: value/note commitments
LF ->> LC: d,pk_d, value, memo
Note over LC: compute eph, c_out, c_enc
LC ->> LF: eph, c_out, c_enc
LC ->> H: eph, c_out, c_enc
deactivate LC
activate H
H -->> LC: get_proof_key(path) #is this necessary?
LC -->> H: proof_key
Note over H: ZK proof of output note
H ->> LC: zk_proof
deactivate H
activate LC
LC ->> LF: zk_proof
end
Note over LC: perform shieldedoutput_hash
LC ->> H: shielded_output_hash
LC ->> LF: shielded_output_hash
deactivate LC
```

Zcash ledger, make shielded transaction phase 3
- Process spends and store in flash
- Store RCM values in flash
- Compute hash of all outputs

```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network
loop Every spend note
N ->> H: anchor of note?
H ->> LC: spend_this_note(path, valuecommit, rcm, anchor) # Do we need to verify here that rcm is correct? Is the zkproof of the spend the old one in the blockchain? #what about the valuecommit?
LC ->> LF: (path, valuecommit, anchor)
LC -->> H: proof_gen_key(path) ? #is this needed

activate LC
LC ->> LF: update_rcmvalue(rcm)
LC ->> LF: update_valuecommitsum(vc) #???

note over LC: compute nullifier
LC ->> H: nullifier
LC ->> LF: nullifier

note over LC: compute randomized verification key
LC ->> H: randomized verification key
LC ->> LF: (path, randomizer value, randomized verification key)
deactivate LC

Note over H: ZK proof of spend note
H ->> LC: zk_proof
LC ->> LF: zk_proof

end
Note over LC: perform shieldedspend_hash
LC ->> LF: shieldedspend_hash #does the host actually need this?
LC ->> H: shieldedspend_hash
```

Zcash ledger, make shielded transaction phase 4
- Host gives all remaining transaction (meta) data
- Ledger does the complete TX_HASH_ALL
- Final approval of transaction?
- Ledger signs the necessary parts and shares with host
- Host sends transaction blob to network

```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
participant H as Host
participant N as Network

H -->> N: retrieve meta_data from network?
N -->> H: meta_data

H ->> LC: meta_data transaction
LC ->> LF: meta_data transaction

Note over LC: compute valuebalance and commitment
LC ->> LF: valuebalance and commitment
Note over LF,LC: verify rcm_secretkey/publickey

Note over LF,LC: perform_tx_hash_all over all data in flash

LC ->> H: tx_hash_all

Note over LC,H: final verification/approval of tx before signing?

LC ->> H: sign(rcm_secretkey, tx_hash_all)
loop Every spend note
LF ->> LC: randomized value
Note over LC: get_secret_key(path)
Note over LC: sign(sk, randomized value, tx_hash_all)
LC ->> H: spend_auth_sign
end

Note over H: make raw transaction blob
H ->> N: raw_transaction_blob

```
Original file line number Diff line number Diff line change
@@ -74,7 +74,7 @@ Zcash ledger, make shielded transaction phase 1
end
deactivate LC
Note over LC,H: continue if all approved
```
```

Zcash ledger, make shielded transaction phase 2
- Process outputs and store in flash
@@ -114,14 +114,14 @@ Zcash ledger, make shielded transaction phase 1
LC ->> H: shielded_output_hash
LC ->> LF: shielded_output_hash
deactivate LC
```
```

Zcash ledger, make shielded transaction phase 3
- Process spends and store in flash
- Store RCM values in flash
- Compute hash of all outputs

```mermaid
```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
@@ -162,7 +162,7 @@ Zcash ledger, make shielded transaction phase 4
- Ledger signs the necessary parts and shares with host
- Host sends transaction blob to network

```mermaid
```mermaid
sequenceDiagram
participant LF as Ledger flash storage
participant LC as Ledger computation
Loading