New component: zcash_address crate

[str4d]

The idea is that zcash_address encapsulates parsing and serialization logic for Zcash address encodings, in such a way that downstream users:

• get automatic parsing support for future Zcash address formats simply by upgrading the dependency;
• get separate error messages for "invalid / unknown" vs "unsupported" addresses.
  • From past experience, these error messages are often just directly displayed to the user, so this helps to inform the user about why the address they pasted is not working.

Part of #371.

[codecov]

Codecov Report

Merging #352 (1af7b01) into master (05bd98b) will decrease coverage by 0.29%.
The diff coverage is 36.42%.

❗ Current head 1af7b01 differs from pull request most recent head af02e11. Consider uploading reports for the commit af02e11 to get more accurate results

@@            Coverage Diff             @@
##           master     #352      +/-   ##
==========================================
- Coverage   64.46%   64.17%   -0.30%     
==========================================
  Files          73       72       -1     
  Lines        7229     7212      -17     
==========================================
- Hits         4660     4628      -32     
- Misses       2569     2584      +15     

Impacted Files	Coverage Δ
components/zcash_address/src/convert.rs	0.00% <0.00%> (ø)
components/zcash_address/src/lib.rs	0.00% <0.00%> (ø)
components/zcash_address/src/encoding.rs	50.49% <50.49%> (ø)
zcash_client_backend/src/address.rs	63.15% <0.00%> (-15.79%)	⬇️
zcash_client_backend/src/zip321.rs	63.66% <0.00%> (-5.32%)	⬇️
zcash_client_sqlite/src/lib.rs	51.69% <0.00%> (-2.93%)	⬇️
zcash_primitives/src/consensus.rs	19.44% <0.00%> (-2.78%)	⬇️
...sh_primitives/src/transaction/components/amount.rs	43.75% <0.00%> (-2.09%)	⬇️
zcash_history/src/node_data.rs	64.81% <0.00%> (-1.54%)	⬇️
zcash_history/src/tree.rs	59.83% <0.00%> (-0.98%)	⬇️
... and 58 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6fab0c8...af02e11. Read the comment docs.

[daira]

It's quite possible that we may want to add transparent address formats that use bech32[m] encoding. I would suggest that we allow "t" followed by any single character as an HRP for transparent addresses.

[daira]

utACK.

Is it intended that this be able to parse address bundles/unified addresses? I think the API is already compatible with that.

[str4d]

Yes; if/when we decide to use Unified Addresses, the Orchard key type would be replaced by UA parsing and serialization.

[str4d]

• Rebased PR.
• Removed draft Orchard address encoding (which no longer exists).
• Added initial Unified Address encoding.
• Removed the future-address heuristics from this PR, as we now have the Unified Address format that we plan to use going forward.

I'm not sure whether this is the ideal API now that it includes UA support; I'm going to do some more thinking about it. But this should be mergeable as-is.

[nuttycom]

I think that the point at which f4jumble is being applied in the encoding process is incorrect. Otherwise, this looks good.

[nuttycom]

Does sprout not exist on regtest or something? Why is this different from sapling? As a third-party user, I think the impls that are written like this are rather surprising; if I pass in Network::Regtest and get back Network::Test I'll be rather confused as to what's going on.

[nuttycom]

Addendum: I later found the comment where Network::Regtest was defined; I think that the correct thing to do is handle the network values separately at the use site, not to rewrite them in this location.

[daira]

Electric Coin Company, or "Zcash developers"?

[str4d]

ECC (matches the license text in zcash_primitives/LICENSE-MIT which is where the F4Jumble impl was moved from, and also matches ECC having copyright assignment for the rest of the code I've written in this module).

[daira]

OK, but it'll need to be changed as soon as we get any external contributions, unless we intend to require copyright assignment (which we don't do for any of our other MIT/Apache code).

[str4d]

We've been accepting external contributions for quite some time with the rest of the repo licensed in this way. If there's a change that needs making, it should be made uniformly.

[daira]

We've been accepting external contributions for quite some time with the rest of the repo licensed in this way.

I think this is violating the external contributors' copyrights, strictly speaking.

If there's a change that needs making, it should be made uniformly.

Agreed. Filed #393.

[nuttycom]

utACK ff94f66

[nuttycom]

Oh, this is a nice technique for larger byte arrays, I should have thought of this before! I've used vec(any::<u8>(), size) before but then had to convert.

[str4d]

One downside to this is the separate halves shrink separately (though that's less of an issue here given that these addresses are composite types). In theory we can implement our own custom array sizes directly, but I couldn't figure out how to set up the UniformArrayStrategy type properly.

[daira]

New code is ideally supposed to be constructing only unified, P2SH, and P2PKH addresses, right?

[str4d]

True; I added these for maximum compatibility (so you could replace your current parsing and serialization stack with zcash_address), but I guess until the old addresses go away, devs can use their existing serialization code.

[daira]

I don't object to including them, but let's document that they are not preferred.

[daira]

I think it's possible that we will. For instance, we may find a way to reduce the overhead currently imposed by the 16 bytes of redundancy, or some other way to mitigate address replacement attacks that doesn't use F4Jumble. Or there could be some cryptographic flaw in that design that we need to fix later.

[str4d]

Mmk, I'll remove this comment. But since there's no way to predict how we might make that kind of change, I can't do what I was previously doing (returning ParseError::MaybeZcash).

[daira]

I think that we should reserve another Bech32m HRP for such purposes (just one for each network should be sufficient).

[daira]

I believe this could panic if the length of encoded were greater than 16448 bytes.

[str4d]

Currently there is no way to construct a unified::Address other than decoding one (which checks the length), so this cannot panic. When we add other constructors, we can similarly enforce correctness there.

[daira]

utACK modulo previous comments.