Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Avoid a redundant check containing curve point multiplication #840

Closed
wants to merge 1 commit into from
Closed

fix: Avoid a redundant check containing curve point multiplication #840

wants to merge 1 commit into from

Conversation

upbqdn
Copy link
Contributor

@upbqdn upbqdn commented May 15, 2023
edited
Loading

Motivation

The function try_output_recovery_with_ock calls parse_note_plaintext_without_memo_ovk from here. The second function validates the ephemeral keys. The first function then calls check_note_validity, which also contains the same check of the same ephemeral keys. These checks both contain a curve point multiplication, and since the second check is redundant, removing it increases performance.

Closes #802.

Solution

  • Don't call check_note_validity, but still check the commitment bytes.

As mentioned in ZcashFoundation/zebra#6392 (comment), I initially thought of refactoring check_note_validity directly, which wouldn't be worth it since it's called in other places. Only then I thought of not calling check_note_validity at all, which is a much simpler solution that avoids the redundant check.

@codecov
Copy link

codecov bot commented May 15, 2023

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.01 ⚠️

Comparison is base (bc55893) 71.58% compared to head (dce52ab) 71.58%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #840      +/-   ##
==========================================
- Coverage   71.58%   71.58%   -0.01%     
==========================================
  Files         125      125              
  Lines       11847    11846       -1     
==========================================
- Hits         8481     8480       -1     
  Misses       3366     3366
Impacted Files Coverage Δ
components/zcash_note_encryption/src/lib.rs 88.66% <100.00%> (-0.08%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mpguerra mpguerra mentioned this pull request May 16, 2023
Closed
36 tasks
@daira
Copy link
Contributor

daira commented May 19, 2023

This will require three ACKs since try_output_recovery_with_ock is used in consensus code.

@daira daira requested review from nuttycom, daira, ebfull and str4d May 19, 2023 11:17
@str4d str4d mentioned this pull request May 19, 2023
Merged
@str4d
Copy link
Contributor

str4d commented May 19, 2023
edited
Loading

In a gardening PR today, @daira, @nuttycom and I looked at this. We determined that while this change is correct, it leaves the burden of enforcing this necessary check on the domain implementations. I've opened #848 and zcash/orchard#394 with an alternative approach that instead reduces the requirements on the domain implementations, and relies on the central check instead.

@nuttycom
Copy link
Contributor

Subsumed by #848

@nuttycom nuttycom closed this May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nuttycom nuttycom Awaiting requested review from nuttycom

@daira daira Awaiting requested review from daira

@ebfull ebfull Awaiting requested review from ebfull

@str4d str4d Awaiting requested review from str4d

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redundant Computation in Sapling and Orchard Note Validation
4 participants
@upbqdn @daira @str4d @nuttycom