anoma / masp Goto Github PK
View Code? Open in Web Editor NEWThe multi-asset shielded pool (MASP) provides a unified privacy set for all assets on Namada.
Home Page: https://namada.net
License: Apache License 2.0
The multi-asset shielded pool (MASP) provides a unified privacy set for all assets on Namada.
Home Page: https://namada.net
License: Apache License 2.0
There is a feature "bundled-prover" which embeds the generated proving params into the binary using wagyu-zcash-parameters (obviously this will need to be updated with different parameters)
There should be a similar feature which bundles or embeds the verifying key in the binary (particularly WASM binaries).
There are two ways to do this: embed the small VerifyingKey (approximately 1.6kB per circuit), or serialize the PreparedVerifyingKey (approximately 40 kB per circuit).
Embedding the small VerifyingKey has the disadvantage that every time the binary is reloaded, the VerifyingKey must be "prepared" for pairing which may waste CPU, particularly in a WASM binary that is reloaded frequently.
However, embedding the PreparedVerifyingKey results in a larger binary, and requires some changes (visibility and serialization) in the upstream bellman
crate.
Initial work is located at joe/embed-verifier and joe/embedded-verifier
Unlike Zcash Sapling, notes are not limited to MAX_MONEY
. The logic needs to be checked thoroughly, and tests written, to make sure that there are no overflow or other issues when the value
is close to i64 or u64 limits.
Currently, the specifications for MASP are divided among several places:
This makes it a bit difficult to review the entire protocol. It may be useful to merge everything into a single comprehensive spec.
libmasp is the forked crate of FFI bindings, which makes sense if calling from C/C++ or Ocaml, but not necessary for Rust.
Is the test-output-params updated?
The hash check is failed and it will get a parse error when downloading the output-params
The Convert
circuit is prototyped, but there are some missing parts:
Convert
Convert
description in transaction building and verificationConvert
the Convert
circuit can be used to provide incentives in the following way. When asset type A
is shielded during epoch i
, the MASP asset name is defined to be A's address || i
, essentially timestamping the shielding time. To distribute 1 unit of asset type B
for every unit of asset A
inside the shielded pool during the entire epoch i+1
, then at the end of epoch i+1
(at the beginning of epoch i+2
) an allowed conversion of the form: -1 units of A's address || i
, 1 unit of A's address || i+1
, 1 unit of B's address
. This allows the conversion of the timestamp from epoch i
to epoch i+1
. When the asset A
is unshielded, it can be converted to the newest epoch, avoiding the need to leak the original shielding epoch.
To prevent the need for sequentially Convert
ing across many epochs, during fixed epoch j
the allowed conversions are between A's address || i
and A's address || j
for all i < j, allowing direct conversion to the latest epoch in one transaction.
Let's just add a quick README explaining what the MASP is and linking to the spec.
It has large parameters for circuits we don't even use.
If we want to keep the bundled prover, I have anoma/namada-masp-params, though it lacks wagyu-zcash-parameters' hack to be compatible with crates.io.
Currently, final_check
prepends the public key for signature verification to the sighash to construct the actual msg on which the signature should be verified. This is the correct logic for the single verifier but the batch one doesn't need this because it will reconstruct the correct message on its own. This lead to a signature verification error when using the batch verifier. We should change final_check
to expect the correct msg and let the caller pass the correct value to support both verifications.
Can we update the README file to reflect:
Mini task:
Currently the circuit tests could be refined a little bit. Right now it tries many random inputs, which takes a long time and doesn't really test edge cases.
Currently MASP depends directly on the latest librustzcash. The current principle behind this is that librustzcash is a mature, well tested implementation and the more code reuse that is possible, the more the MASP benefits from this. MASP depends on librustzcash in two ways:
In the long run, it would be nice to reduce (2) if librustzcash natively supports different constants.
There are some tasks which should be done:
When compiled for wasm32
, the append
method of CommitmentTree
crashes after the first two insertions, i.e. the first time the function Node::combine
is called
Title it and change the filename to "multi-asset shielded pool" in some form.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.