Async Halo2 verifier service (#2645)

* First pass at async Halo2 verification service

Stubs out a batch verifier for the future.
The dependencies for orchard, halo2, librustzcash, zcash_primitives, have
not been resolved.

* Halo2 verifier service and test

* Remove redundant conversion

* Test async halo2 verifier service with pre-computed Orchard shielded data test vectors

* Fix typo

Co-authored-by: Conrado Gouvea <[email protected]>

* Assert future result is_ok() in Halo2 verifier test

Co-authored-by: Janito Vaqueiro Ferreira Filho <[email protected]>

* Shorten tower::Service trait constraints for Halo2 verifier tests

* Remove commented out trait constraints

* .expect() vs .unwrap() to parse orchard::redpallas::VerificationKey

* Use .to_vec() for some test vectors

* Fix self-referential Display impl

* Fix deps

* Distinguish orchard vs zebra_chain::orchard imports

* Add test that halo2 verifier fails with malformed proof inputs

* Use thiserror for Halo2Error

* Use ZcashFoundation/orchard instead of dconnolly/orchard

* Add a link to the issue to remove the zfnd fork of orchard crate

* Update zebra-consensus/Cargo.toml

Co-authored-by: teor <[email protected]>

* Add note

* Move artificial Orchard shielded data test vectors to zebra-test

* Align brackets

* Tidy some trait constraints and debug statements

Co-authored-by: Janito Vaqueiro Ferreira Filho <[email protected]>

Co-authored-by: Conrado Gouvea <[email protected]>
Co-authored-by: Janito Vaqueiro Ferreira Filho <[email protected]>
Co-authored-by: teor <[email protected]>

Cargo.toml

@@ -25,6 +25,8 @@ panic = "abort"
 # TODO: remove these after a new librustzcash release.
 # These are librustzcash requirements specified in its workspace Cargo.toml that we must replicate here
 incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" }
-orchard = { git = "https://github.com/zcash/orchard.git", rev = "2c8241f25b943aa05203eacf9905db117c69bd29" }
+# TODO: replace with upstream orchard when these changes are merged
+# https://github.com/ZcashFoundation/zebra/issues/3056
+orchard = { git = "https://github.com/ZcashFoundation/orchard.git", rev = "568e24cd5f129158375d7ac7d98c89ebff4f982f" }
 zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "53d0a51d33a421cb76d3e3124d1e4c1c9036068e" }
 zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "53d0a51d33a421cb76d3e3124d1e4c1c9036068e" }

zebra-chain/Cargo.toml

@@ -33,7 +33,7 @@ hex = "0.4"
 incrementalmerkletree = "0.1.0"
 jubjub = "0.8.0"
 lazy_static = "1.4.0"
-orchard = { git = "https://github.com/zcash/orchard.git", rev = "2c8241f25b943aa05203eacf9905db117c69bd29" }
+orchard = "0.0"
 rand_core = "0.6"
 ripemd160 = "0.9"
 secp256k1 = { version = "0.20.3", features = ["serde"] }

zebra-chain/src/orchard/keys.rs

@@ -1064,6 +1064,12 @@ impl fmt::Debug for EphemeralPublicKey {
 
 impl Eq for EphemeralPublicKey {}
 
+impl From<EphemeralPublicKey> for [u8; 32] {
+    fn from(epk: EphemeralPublicKey) -> [u8; 32] {
+        epk.0.to_bytes()
+    }
+}
+
 impl From<&EphemeralPublicKey> for [u8; 32] {
     fn from(epk: &EphemeralPublicKey) -> [u8; 32] {
         epk.0.to_bytes()

zebra-chain/src/orchard/note/ciphertexts.rs

@@ -6,15 +6,7 @@ use crate::serialization::{serde_helpers, SerializationError, ZcashDeserialize,
 ///
 /// Corresponds to the Orchard 'encCiphertext's
 #[derive(Deserialize, Serialize)]
-pub struct EncryptedNote(#[serde(with = "serde_helpers::BigArray")] pub [u8; 580]);
-
-impl fmt::Debug for EncryptedNote {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        f.debug_tuple("EncryptedNote")
-            .field(&hex::encode(&self.0[..]))
-            .finish()
-    }
-}
+pub struct EncryptedNote(#[serde(with = "serde_helpers::BigArray")] pub(crate) [u8; 580]);
 
 // These impls all only exist because of array length restrictions.
 // TODO: use const generics https://github.com/ZcashFoundation/zebra/issues/2042
@@ -29,14 +21,34 @@ impl Clone for EncryptedNote {
     }
 }
 
+impl fmt::Debug for EncryptedNote {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        f.debug_tuple("EncryptedNote")
+            .field(&hex::encode(&self.0[..]))
+            .finish()
+    }
+}
+
+impl Eq for EncryptedNote {}
+
+impl From<[u8; 580]> for EncryptedNote {
+    fn from(bytes: [u8; 580]) -> Self {
+        EncryptedNote(bytes)
+    }
+}
+
+impl From<EncryptedNote> for [u8; 580] {
+    fn from(enc_ciphertext: EncryptedNote) -> Self {
+        enc_ciphertext.0
+    }
+}
+
 impl PartialEq for EncryptedNote {
     fn eq(&self, other: &Self) -> bool {
         self.0[..] == other.0[..]
     }
 }
 
-impl Eq for EncryptedNote {}
-
 impl ZcashSerialize for EncryptedNote {
     fn zcash_serialize<W: io::Write>(&self, mut writer: W) -> Result<(), io::Error> {
         writer.write_all(&self.0[..])?;
@@ -56,7 +68,7 @@ impl ZcashDeserialize for EncryptedNote {
 ///
 /// Corresponds to Orchard's 'outCiphertext'
 #[derive(Deserialize, Serialize)]
-pub struct WrappedNoteKey(#[serde(with = "serde_helpers::BigArray")] pub [u8; 80]);
+pub struct WrappedNoteKey(#[serde(with = "serde_helpers::BigArray")] pub(crate) [u8; 80]);
 
 impl fmt::Debug for WrappedNoteKey {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -78,6 +90,18 @@ impl Clone for WrappedNoteKey {
     }
 }
 
+impl From<[u8; 80]> for WrappedNoteKey {
+    fn from(bytes: [u8; 80]) -> Self {
+        WrappedNoteKey(bytes)
+    }
+}
+
+impl From<WrappedNoteKey> for [u8; 80] {
+    fn from(out_ciphertext: WrappedNoteKey) -> Self {
+        out_ciphertext.0
+    }
+}
+
 impl PartialEq for WrappedNoteKey {
     fn eq(&self, other: &Self) -> bool {
         self.0[..] == other.0[..]

zebra-chain/src/sapling/note/ciphertexts.rs

@@ -6,7 +6,7 @@ use crate::serialization::{serde_helpers, SerializationError, ZcashDeserialize,
 ///
 /// Corresponds to the Sapling 'encCiphertext's
 #[derive(Deserialize, Serialize)]
-pub struct EncryptedNote(#[serde(with = "serde_helpers::BigArray")] pub [u8; 580]);
+pub struct EncryptedNote(#[serde(with = "serde_helpers::BigArray")] pub(crate) [u8; 580]);
 
 impl fmt::Debug for EncryptedNote {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -55,7 +55,7 @@ impl ZcashDeserialize for EncryptedNote {
 ///
 /// Corresponds to Sapling's 'outCiphertext'
 #[derive(Deserialize, Serialize)]
-pub struct WrappedNoteKey(#[serde(with = "serde_helpers::BigArray")] pub [u8; 80]);
+pub struct WrappedNoteKey(#[serde(with = "serde_helpers::BigArray")] pub(crate) [u8; 80]);
 
 impl fmt::Debug for WrappedNoteKey {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {

zebra-consensus/Cargo.toml

@@ -15,9 +15,13 @@ bellman = "0.11.1"
 bls12_381 = "0.6.0"
 chrono = "0.4.19"
 displaydoc = "0.2.2"
+halo2 = "=0.1.0-beta.1"
 jubjub = "0.8.0"
 lazy_static = "1.4.0"
 once_cell = "1.8"
+# TODO: replace with upstream orchard when these changes are merged
+# https://github.com/ZcashFoundation/zebra/issues/3056
+orchard = "0.0.0"
 rand = "0.8"
 serde = { version = "1", features = ["serde_derive"] }
 
@@ -42,7 +46,7 @@ proptest-derive = { version = "0.3.0", optional = true }
 
 [dev-dependencies]
 color-eyre = "0.5.11"
-halo2 = "=0.1.0-beta.1"
+hex = "0.4.3"
 proptest = "0.10"
 proptest-derive = "0.3.0"
 rand07 = { package = "rand", version = "0.7" }

zebra-consensus/src/primitives.rs

@@ -2,6 +2,7 @@
 
 pub mod ed25519;
 pub mod groth16;
+pub mod halo2;
 pub mod redjubjub;
 pub mod redpallas;