refactor(single_proof): Disallow update of coinbase-transactions

This prevents a composer that wants to collect block subsidies from reusing block transactions across blocks -- i.e. using the same block transaction modulo an update across multiple blocks. The reason a composer would want to do this is to compose faster as an update is faster than the PrimitiveWitness -> ProofCollection -> SingleProof ->(via merge) SingleProof pipeline. The reason we disallow this is to remove an incentive to mine empty blocks and to remove an incentive to reduce the anonymity-set by using repeated addition records. Anyone who wants to collect block subsidies will have to follow the long pipeline shown above. See discussion on: #322
Neptune-Crypto · Jan 14, 2025 · 3fca68b · 3fca68b
1 parent 0abca09
commit 3fca68b
Showing 1 changed file with 40 additions and 5 deletions.
diff --git a/src/models/blockchain/transaction/validity/tasm/single_proof/update_branch.rs b/src/models/blockchain/transaction/validity/tasm/single_proof/update_branch.rs
@@ -1,3 +1,4 @@
+use itertools::Itertools;
 use strum::EnumCount;
 use tasm_lib::data_type::DataType;
 use tasm_lib::field;
@@ -25,6 +26,7 @@ use crate::models::blockchain::transaction::validity::tasm::authenticate_txk_fie
 use crate::models::blockchain::transaction::BFieldCodec;
 use crate::models::blockchain::transaction::Proof;
 use crate::models::blockchain::transaction::TransactionKernel;
+use crate::models::blockchain::type_scripts::neptune_coins::NeptuneCoins;
 use crate::models::proof_abstractions::mast_hash::MastHash;
 use crate::models::proof_abstractions::tasm::builtins as tasmlib;
 use crate::models::proof_abstractions::tasm::program::ConsensusProgram;
@@ -289,8 +291,9 @@ impl UpdateWitness {
             TransactionKernel::MAST_HEIGHT as u32,
         );
 
-        // coinbases are identical
-        let coinbase_hash: Digest = Hash::hash(&uw.new_kernel.coinbase);
+        // coinbases is both transaction is `None`
+        let coinbase: Option<NeptuneCoins> = None;
+        let coinbase_hash: Digest = Tip5::hash(&coinbase);
         tasmlib::tasmlib_hashing_merkle_verify(
             old_txk_digest,
             TransactionKernelField::Coinbase as u32,
@@ -452,6 +455,28 @@ impl BasicSnippet for UpdateBranch {
                 }
             };
 
+        let verify_coinbase_is_none = {
+            let coinbase: Option<NeptuneCoins> = None;
+            let hash_of_none = Tip5::hash(&coinbase);
+            let push_hash_none = hash_of_none
+                .values()
+                .into_iter()
+                .rev()
+                .map(|b| triton_instr!(push b))
+                .collect_vec();
+            triton_asm! {
+                // _ [txk_mhash]
+
+                push {TransactionKernel::MAST_HEIGHT}
+                push {TransactionKernelField::Coinbase as u32}
+
+                {&push_hash_none}
+
+                call {merkle_verify}
+                // _
+            }
+        };
+
         let update_witness_field_old_proof = field!(UpdateWitness::old_proof);
 
         let new_aocl_mmr_field = field!(UpdateWitness::new_aocl);
@@ -470,7 +495,6 @@ impl BasicSnippet for UpdateBranch {
         let public_announcements_field_with_size =
             field_with_size!(TransactionKernel::public_announcements);
         let fee_field_with_size = field_with_size!(TransactionKernel::fee);
-        let coinbase_field_with_size = field_with_size!(TransactionKernel::coinbase);
 
         let authenticate_merge_bit = triton_asm! {
                 // _ [txk_mh] merge_bit
@@ -691,8 +715,19 @@ impl BasicSnippet for UpdateBranch {
                 {&authenticate_field_twice_with_no_change(&fee_field_with_size, TransactionKernelField::Fee)}
                 // _ witness_size *update_witness [program_digest] [new_txk_mhash] *old_kernel *new_kernel
 
-                /* Authenticate coinbase and verify no-change */
-                {&authenticate_field_twice_with_no_change(&coinbase_field_with_size, TransactionKernelField::Coinbase)}
+                /* Authenticate coinbase and verify None in old and new tx */
+                push {old_txk_digest_alloc.read_address()}
+                read_mem {Digest::LEN}
+                pop 1
+                {&verify_coinbase_is_none}
+                // _ witness_size *update_witness [program_digest] [new_txk_mhash] *old_kernel *new_kernel
+
+                dup 6
+                dup 6
+                dup 6
+                dup 6
+                dup 6
+                {&verify_coinbase_is_none}
                 // _ witness_size *update_witness [program_digest] [new_txk_mhash] *old_kernel *new_kernel
 
                 /* Authenticate timestamps and verify gte */