ZcashFoundation · mergify · May 19, 2022 · May 13, 2022 · May 13, 2022 · May 13, 2022
@@ -65,17 +65,5 @@ lto = "thin"
 
 [patch.crates-io]
 
-# TODO: replace with upstream librustzcash when these changes are merged (#3037)
-#       remove these after a new librustzcash release (#2982)
-
-# These are librustzcash file requirements specified in its workspace Cargo.toml,
-# that we must replace with git requirements
-equihash = { git = "https://github.com/zcash/librustzcash.git", rev = "d14e7a707ce01cefcbc82651dad48f002185dded" }
-hdwallet = { git = "https://github.com/nuttycom/hdwallet", rev = "9b4c1bdbe0517e3a7a8f285d6048a37d472ba3bc" }
-zcash_encoding = { git = "https://github.com/zcash/librustzcash.git", rev = "d14e7a707ce01cefcbc82651dad48f002185dded" }
-zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "d14e7a707ce01cefcbc82651dad48f002185dded" }
-zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "d14e7a707ce01cefcbc82651dad48f002185dded" }
-# Currently pointing to `download-sprout-params-new` branch which contains the
-# changes from `download-sprout-params-d14e7a70` rebased on top of d14e7a70 as
-# required by `zcash/Cargo.toml`.
-zcash_proofs = { git = "https://github.com/ZcashFoundation/librustzcash.git", rev = "c3ff94134b472ba90af665e5454983dc12de1338" }
+# Currently pointing to `download-sprout-params` branch.
+zcash_proofs = { git = "https://github.com/ZcashFoundation/librustzcash.git", rev = "6d75718076e592a41b6bd6ec916dc15420e4cc3c" }
@@ -27,9 +27,9 @@ skip = [
     #  wait for zcash_proofs fork be merged back into upstream
     # https://github.com/ZcashFoundation/zebra/issues/3831
     { name = "equihash", version = "=0.1.0" },
-    { name = "zcash_encoding", version = "=0.0.0" },
+    { name = "zcash_encoding", version = "=0.1.0" },
     { name = "zcash_note_encryption", version = "=0.1.0" },
-    { name = "zcash_primitives", version = "=0.5.0" },
+    { name = "zcash_primitives", version = "=0.6.0" },
 ]
 # Similarly to `skip` allows you to skip certain crates during duplicate
 # detection. Unlike skip, it also includes the entire tree of transitive
@@ -51,9 +51,6 @@ skip-tree = [
     # wait for structopt upgrade (or upgrade to clap 3)
     { name = "heck", version = "=0.3.3" },
 
-    # wait for bellman to upgrade
-    { name = "blake2s_simd", version = "=0.5.11" },
-
     # wait for halo2 to upgrade
     { name = "blake2b_simd", version = "=0.5.11" },
 
@@ -64,9 +61,6 @@ skip-tree = [
     # wait for insta to remove duplicated dependencies
     { name = "sha-1", version = "=0.8.2" },
 
-    # wait for orchard -> bigint to upgrade
-    { name = "crunchy", version = "=0.1.6" },
-
     # wait for curve25519-dalek to upgrade
     { name = "digest", version = "=0.9.0" },
 
@@ -83,6 +77,8 @@ skip-tree = [
     # upgrade abscissa and arti
     { name = "darling", version = "=0.12.4" },
     { name = "darling", version = "=0.13.4" },
+
+    { name = "proc-macro-crate", version = "=0.1.5" },
 ]
 
 # This section is considered when running `cargo deny check sources`.
@@ -100,11 +96,9 @@ unknown-git = "deny"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
 # List of URLs for allowed Git repositories
 allow-git = [
-    "https://github.com/nuttycom/hdwallet",
 ]
 
 [sources.allow-org]
 github = [
     "ZcashFoundation",
-    "zcash",
 ]
@@ -15,25 +15,25 @@ bench = ["zebra-test"]
 [dependencies]
 aes = "0.7.5"
 bech32 = "0.9.0"
-bigint = "4.4.3"
-bitvec = "0.22"
+bitvec = "1.0"
 bitflags = "1.3.2"
 blake2b_simd = "1.0.0"
 blake2s_simd = "1.0.0"
-bls12_381 = "0.6.0"
+bls12_381 = "0.7"
 bs58 = { version = "0.4.0", features = ["check"] }
 byteorder = "1.4.3"
 chrono = { version = "0.4.19", features = ["serde"] }
 displaydoc = "0.2.3"
 fpe = "0.5.1"
 futures = "0.3.21"
-group = "0.11.0"
-halo2 = { package = "halo2_proofs", version = "=0.1.0-beta.4" }
+group = "0.12"
+halo2 = { package = "halo2_proofs", version = "0.1" }
 hex = { version = "0.4.3", features = ["serde"] }
-incrementalmerkletree = "0.3.0-beta.2"
+incrementalmerkletree = "0.3"
 itertools = "0.10.3"
-jubjub = "0.8.0"
+jubjub = "0.9"
 lazy_static = "1.4.0"
+primitive-types = "0.11"
 rand_core = "0.6.3"
 ripemd = "0.1.1"
 
@@ -49,13 +49,13 @@ thiserror = "1.0.31"
 uint = "0.9.1"
 x25519-dalek = { version = "1.2.0", features = ["serde"] }
 
-orchard = "=0.1.0-beta.3"
+orchard = "0.1"
 
 equihash = "0.1.0"
 zcash_note_encryption = "0.1"
-zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "d5c5f04", features = ["transparent-inputs"] }
-zcash_encoding = { git = "https://github.com/zcash/librustzcash.git", rev = "d5c5f04" }
-zcash_history = { git = "https://github.com/ZcashFoundation/librustzcash.git", tag = "0.5.1-zebra-v1.0.0-beta.4" }
+zcash_primitives = { version = "0.6", features = ["transparent-inputs"] }
+zcash_encoding = "0.1"
+zcash_history = "0.3"
 
 proptest = { version = "0.10.1", optional = true }
 proptest-derive = { version = "0.3.0", optional = true }
@@ -67,7 +67,7 @@ tokio = { version = "1.18.2", optional = true }
 # ZF deps
 ed25519-zebra = "3.0.0"
 # TODO: Update to 0.5 release when published
-redjubjub = { git = "https://github.com/ZcashFoundation/redjubjub.git", rev = "a32ae3fc871bc72558ac2ce7eac933d1ad5f4a9c" }
+redjubjub = { git = "https://github.com/ZcashFoundation/redjubjub.git", rev = "c285d1d381a86d6ae66f3b78b8db278526d76dd8" }
 
 zebra-test = { path = "../zebra-test/", optional = true }
 

@@ -117,7 +117,7 @@ impl NoteCommitment {
     #[allow(non_snake_case)]
     pub fn new(note: Note) -> Option<Self> {
         // s as in the argument name for WindowedPedersenCommit_r(s)
-        let mut s: BitVec<Lsb0, u8> = BitVec::new();
+        let mut s: BitVec<u8, Lsb0> = BitVec::new();
 
         // Prefix
         s.append(&mut bitvec![1; 6]);

@@ -653,17 +653,17 @@ impl From<FullViewingKey> for IncomingViewingKey {
     /// <https://zips.z.cash/protocol/nu5.pdf#concreteprfs>
     #[allow(non_snake_case)]
     fn from(fvk: FullViewingKey) -> Self {
-        let mut M: BitVec<Lsb0, u8> = BitVec::new();
+        let mut M: BitVec<u8, Lsb0> = BitVec::new();
 
         // I2LEBSP_l^Orchard_base(ak)︁
         let ak_bytes =
             extract_p(pallas::Point::from_bytes(&fvk.spend_validating_key.into()).unwrap())
                 .to_repr();
-        M.extend_from_bitslice(&BitArray::<Lsb0, _>::from(ak_bytes)[0..255]);
+        M.extend_from_bitslice(&BitArray::<_, Lsb0>::from(ak_bytes)[0..255]);
 
         // I2LEBSP_l^Orchard_base(nk)︁
         let nk_bytes: [u8; 32] = fvk.nullifier_deriving_key.into();
-        M.extend_from_bitslice(&BitArray::<Lsb0, _>::from(nk_bytes)[0..255]);
+        M.extend_from_bitslice(&BitArray::<_, Lsb0>::from(nk_bytes)[0..255]);
 
         // Commit^ivk_rivk
         // rivk needs to be 255 bits long

@@ -64,14 +64,14 @@ fn Q(D: &[u8]) -> pallas::Point {
 ///
 /// <https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash>
 #[allow(non_snake_case)]
-fn S(j: &BitSlice<Lsb0, u8>) -> pallas::Point {
+fn S(j: &BitSlice<u8, Lsb0>) -> pallas::Point {
     // The value of j is a 10-bit value, therefore must never exceed 2^10 in
     // value.
     assert_eq!(j.len(), 10);
 
     // I2LEOSP_32(𝑗)
     let mut leosp_32_j = [0u8; 4];
-    leosp_32_j[..2].copy_from_slice(j.as_raw_slice());
+    leosp_32_j[..2].copy_from_slice(j.to_bitvec().as_raw_slice());
 
     pallas_group_hash(b"z.cash:SinsemillaS", &leosp_32_j)
 }
@@ -114,7 +114,7 @@ fn incomplete_addition(
 ///
 /// If `M` is greater than `k*c = 2530` bits.
 #[allow(non_snake_case)]
-pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Point> {
+pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<u8, Lsb0>) -> Option<pallas::Point> {
     let k = 10;
     let c = 253;
 
@@ -129,8 +129,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas
     for chunk in M.chunks(k) {
         // Pad each chunk with zeros.
         let mut store = [0u8; 2];
-        let bits =
-            BitSlice::<Lsb0, _>::from_slice_mut(&mut store).expect("must work for small slices");
+        let bits = BitSlice::<_, Lsb0>::from_slice_mut(&mut store);
         bits[..chunk.len()].copy_from_bitslice(chunk);
 
         acc = incomplete_addition(incomplete_addition(acc, Some(S(&bits[..k]))), acc);
@@ -156,7 +155,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas
 ///
 /// If `M` is greater than `k*c = 2530` bits in `sinsemilla_hash_to_point`.
 #[allow(non_snake_case)]
-pub fn sinsemilla_hash(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Base> {
+pub fn sinsemilla_hash(D: &[u8], M: &BitVec<u8, Lsb0>) -> Option<pallas::Base> {
     extract_p_bottom(sinsemilla_hash_to_point(D, M))
 }
 
@@ -173,7 +172,7 @@ pub fn sinsemilla_hash(D: &[u8], M: &BitVec<Lsb0, u8>) -> Option<pallas::Base> {
 pub fn sinsemilla_commit(
     r: pallas::Scalar,
     D: &[u8],
-    M: &BitVec<Lsb0, u8>,
+    M: &BitVec<u8, Lsb0>,
 ) -> Option<pallas::Point> {
     sinsemilla_hash_to_point(&[D, b"-M"].concat(), M)
         .map(|point| point + pallas_group_hash(&[D, b"-r"].concat(), b"") * r)
@@ -186,7 +185,7 @@ pub fn sinsemilla_commit(
 pub fn sinsemilla_short_commit(
     r: pallas::Scalar,
     D: &[u8],
-    M: &BitVec<Lsb0, u8>,
+    M: &BitVec<u8, Lsb0>,
 ) -> Option<pallas::Base> {
     extract_p_bottom(sinsemilla_commit(r, D, M))
 }
@@ -215,7 +214,7 @@ mod tests {
 
         let D = b"z.cash:test-Sinsemilla";
         let M = bitvec![
-            Lsb0, u8; 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0,
+            u8, Lsb0; 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0,
             1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0,
         ];
 
@@ -247,7 +246,7 @@ mod tests {
 
         for tv in tests::vectors::SINSEMILLA.iter() {
             let D = tv.domain.as_slice();
-            let M: &BitVec<Lsb0, u8> = &tv.msg.iter().collect();
+            let M: &BitVec<u8, Lsb0> = &tv.msg.iter().collect();
 
             assert_eq!(
                 sinsemilla_hash_to_point(D, M).expect("should not fail per Theorem 5.4.4"),

@@ -51,13 +51,13 @@ pub(super) const MERKLE_DEPTH: usize = 32;
 /// https://zips.z.cash/protocol/protocol.pdf#orchardmerklecrh
 /// https://zips.z.cash/protocol/protocol.pdf#constants
 fn merkle_crh_orchard(layer: u8, left: pallas::Base, right: pallas::Base) -> pallas::Base {
-    let mut s = bitvec![Lsb0, u8;];
+    let mut s = bitvec![u8, Lsb0;];
 
     // Prefix: l = I2LEBSP_10(MerkleDepth^Orchard − 1 − layer)
     let l = MERKLE_DEPTH - 1 - layer as usize;
-    s.extend_from_bitslice(&BitArray::<Lsb0, _>::from([l, 0])[0..10]);
-    s.extend_from_bitslice(&BitArray::<Lsb0, _>::from(left.to_repr())[0..255]);
-    s.extend_from_bitslice(&BitArray::<Lsb0, _>::from(right.to_repr())[0..255]);
+    s.extend_from_bitslice(&BitArray::<_, Lsb0>::from([l, 0])[0..10]);
+    s.extend_from_bitslice(&BitArray::<_, Lsb0>::from(left.to_repr())[0..255]);
+    s.extend_from_bitslice(&BitArray::<_, Lsb0>::from(right.to_repr())[0..255]);
 
     match sinsemilla_hash(b"z.cash:Orchard-MerkleCRH", &s) {
         Some(h) => h,

@@ -277,7 +277,7 @@ impl Version for zcash_history::V1 {
             .to_work()
             .expect("work must be valid during contextual verification");
         // There is no direct `std::primitive::u128` to `bigint::U256` conversion
-        let work = bigint::U256::from_big_endian(&work.as_u128().to_be_bytes());
+        let work = primitive_types::U256::from_big_endian(&work.as_u128().to_be_bytes());
 
         let sapling_tx_count = block.sapling_transactions_count();
 

@@ -110,7 +110,7 @@ impl NoteCommitment {
         T: RngCore + CryptoRng,
     {
         // s as in the argument name for WindowedPedersenCommit_r(s)
-        let mut s: BitVec<Lsb0, u8> = BitVec::new();
+        let mut s: BitVec<u8, Lsb0> = BitVec::new();
 
         // Prefix
         s.append(&mut bitvec![1; 6]);

@@ -20,13 +20,13 @@ fn I_i(domain: [u8; 8], i: u32) -> jubjub::ExtendedPoint {
 ///
 /// https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash
 #[allow(non_snake_case)]
-fn M_i(segment: &BitSlice<Lsb0, u8>) -> jubjub::Fr {
+fn M_i(segment: &BitSlice<u8, Lsb0>) -> jubjub::Fr {
     let mut m_i = jubjub::Fr::zero();
 
     for (j, chunk) in segment.chunks(3).enumerate() {
         // Pad each chunk with zeros.
         let mut store = 0u8;
-        let bits = BitSlice::<Lsb0, _>::from_element_mut(&mut store);
+        let bits = BitSlice::<_, Lsb0>::from_element_mut(&mut store);
         chunk
             .iter()
             .enumerate()
@@ -68,7 +68,7 @@ fn M_i(segment: &BitSlice<Lsb0, u8>) -> jubjub::Fr {
 ///
 /// https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash
 #[allow(non_snake_case)]
-pub fn pedersen_hash_to_point(domain: [u8; 8], M: &BitVec<Lsb0, u8>) -> jubjub::ExtendedPoint {
+pub fn pedersen_hash_to_point(domain: [u8; 8], M: &BitVec<u8, Lsb0>) -> jubjub::ExtendedPoint {
     let mut result = jubjub::ExtendedPoint::identity();
 
     // Split M into n segments of 3 * c bits, where c = 63, padding the last
@@ -94,7 +94,7 @@ pub fn pedersen_hash_to_point(domain: [u8; 8], M: &BitVec<Lsb0, u8>) -> jubjub::
 ///
 /// https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash
 #[allow(non_snake_case)]
-pub fn pedersen_hash(domain: [u8; 8], M: &BitVec<Lsb0, u8>) -> jubjub::Fq {
+pub fn pedersen_hash(domain: [u8; 8], M: &BitVec<u8, Lsb0>) -> jubjub::Fq {
     jubjub::AffinePoint::from(pedersen_hash_to_point(domain, M)).get_u()
 }
 
@@ -121,7 +121,7 @@ pub fn mixing_pedersen_hash(P: jubjub::ExtendedPoint, x: jubjub::Fr) -> jubjub::
 ///   PedersenHashToPoint("Zcash_PH", s) + [r]FindGroupHash^J^(r)("Zcash_PH", "r")
 ///
 /// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
-pub fn windowed_pedersen_commitment(r: jubjub::Fr, s: &BitVec<Lsb0, u8>) -> jubjub::ExtendedPoint {
+pub fn windowed_pedersen_commitment(r: jubjub::Fr, s: &BitVec<u8, Lsb0>) -> jubjub::ExtendedPoint {
     const D: [u8; 8] = *b"Zcash_PH";
 
     pedersen_hash_to_point(D, s) + find_group_hash(D, b"r") * r