anoma · XuyangSong · Sep 25, 2023 · Sep 20, 2023
diff --git a/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs b/taiga_halo2/examples/tx_examples/cascaded_partial_transactions.rs
@@ -19,7 +19,7 @@ use taiga_halo2::{
     note::{InputNoteProvingInfo, OutputNoteProvingInfo},
     nullifier::{Nullifier, NullifierKeyContainer},
     shielded_ptx::ShieldedPartialTransaction,
-    transaction::{ShieldedPartialTxBundle, Transaction},
+    transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle},
 };
 
 pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
@@ -71,7 +71,7 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
     // The first partial transaction:
     // Alice consumes 1 "BTC" and 2 "ETH".
     // Alice creates a cascade intent note and 1 "BTC" to Bob.
-    let (ptx_1, r_1) = {
+    let ptx_1 = {
         let input_notes = [input_note_1, input_note_2];
         let output_notes = [output_note_1, cascade_intent_note];
         // Create the input note proving info
@@ -128,7 +128,7 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
     // The second partial transaction:
     // Alice consumes the intent note and 3 "XAN";
     // Alice creates 2 "ETH" and 3 "XAN" to Bob
-    let (ptx_2, r_2) = {
+    let ptx_2 = {
         let input_notes = [cascade_intent_note, input_note_3];
         let output_notes = [output_note_2, output_note_3];
         // Create the input note proving info
@@ -185,7 +185,8 @@ pub fn create_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
 
     // Create the final transaction
     let shielded_tx_bundle = ShieldedPartialTxBundle::build(vec![ptx_1, ptx_2]);
-    Transaction::build(&mut rng, Some(shielded_tx_bundle), None, vec![r_1, r_2])
+    let transparent_ptx_bundle = TransparentPartialTxBundle::default();
+    Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
 }
 
 #[test]

diff --git a/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs b/taiga_halo2/examples/tx_examples/partial_fulfillment_token_swap.rs
@@ -24,7 +24,7 @@ use taiga_halo2::{
     note::{InputNoteProvingInfo, Note, OutputNoteProvingInfo},
     nullifier::{Nullifier, NullifierKeyContainer},
     shielded_ptx::ShieldedPartialTransaction,
-    transaction::{ShieldedPartialTxBundle, Transaction},
+    transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle},
 };
 
 pub fn create_token_intent_ptx<R: RngCore>(
@@ -35,7 +35,6 @@ pub fn create_token_intent_ptx<R: RngCore>(
     input_nk: NullifierKeyContainer, // NullifierKeyContainer::Key
 ) -> (
     ShieldedPartialTransaction,
-    pallas::Scalar,
     NullifierKeyContainer,
     pallas::Base,
     pallas::Base,
@@ -114,15 +113,14 @@ pub fn create_token_intent_ptx<R: RngCore>(
     );
 
     // Create shielded partial tx
-    let (ptx, r) = ShieldedPartialTransaction::build(
+    let ptx = ShieldedPartialTransaction::build(
         [input_note_proving_info, padding_input_note_proving_info],
         [intent_note_proving_info, padding_output_note_proving_info],
         &mut rng,
     );
 
     (
         ptx,
-        r,
         input_nk,
         input_note_nk_com,
         input_note.app_data_dynamic,
@@ -142,7 +140,7 @@ pub fn consume_token_intent_ptx<R: RngCore>(
     receiver_nk_com: pallas::Base,
     receiver_app_data_dynamic: pallas::Base,
     output_auth_pk: pallas::Point,
-) -> (ShieldedPartialTransaction, pallas::Scalar) {
+) -> ShieldedPartialTransaction {
     // input intent note
     let intent_note = create_intent_note(
         &mut rng,
@@ -255,15 +253,15 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
         name: "eth".to_string(),
         value: 10u64,
     };
-    let (alice_ptx, alice_r, intent_nk, receiver_nk_com, receiver_app_data_dynamic, intent_rho) =
+    let (alice_ptx, intent_nk, receiver_nk_com, receiver_app_data_dynamic, intent_rho) =
         create_token_intent_ptx(&mut rng, sell.clone(), buy.clone(), alice_auth_sk, alice_nk);
 
     // Bob creates the partial transaction with 1 DOLPHIN input and 5 BTC output
     let bob_auth_sk = pallas::Scalar::random(&mut rng);
     let bob_auth_pk = generator * bob_auth_sk;
     let bob_nk = NullifierKeyContainer::random_key(&mut rng);
 
-    let (bob_ptx, bob_r) = create_token_swap_ptx(
+    let bob_ptx = create_token_swap_ptx(
         &mut rng,
         "eth",
         5,
@@ -277,7 +275,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
 
     // Solver/Bob creates the partial transaction to consume the intent note
     // The bob_ptx and solver_ptx can be merged to one ptx.
-    let (solver_ptx, solver_r) = consume_token_intent_ptx(
+    let solver_ptx = consume_token_intent_ptx(
         &mut rng,
         sell,
         buy,
@@ -292,12 +290,8 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
 
     // Solver creates the final transaction
     let shielded_tx_bundle = ShieldedPartialTxBundle::build(vec![alice_ptx, bob_ptx, solver_ptx]);
-    Transaction::build(
-        &mut rng,
-        Some(shielded_tx_bundle),
-        None,
-        vec![alice_r, bob_r, solver_r],
-    )
+    let transparent_ptx_bundle = TransparentPartialTxBundle::default();
+    Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
 }
 
 #[test]

diff --git a/taiga_halo2/examples/tx_examples/token.rs b/taiga_halo2/examples/tx_examples/token.rs
@@ -52,7 +52,7 @@ pub fn create_token_swap_ptx<R: RngCore>(
     output_value: u64,
     output_auth_pk: pallas::Point,
     output_nk_com: NullifierKeyContainer, // NullifierKeyContainer::Commitment
-) -> (ShieldedPartialTransaction, pallas::Scalar) {
+) -> ShieldedPartialTransaction {
     let input_auth = TokenAuthorization::from_sk_vk(&input_auth_sk, &COMPRESSED_TOKEN_AUTH_VK);
 
     // input note

diff --git a/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs b/taiga_halo2/examples/tx_examples/token_swap_with_intent.rs
@@ -24,7 +24,7 @@ use taiga_halo2::{
     note::{InputNoteProvingInfo, Note, OutputNoteProvingInfo},
     nullifier::{Nullifier, NullifierKeyContainer},
     shielded_ptx::ShieldedPartialTransaction,
-    transaction::{ShieldedPartialTxBundle, Transaction},
+    transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle},
 };
 
 pub fn create_token_intent_ptx<R: RngCore>(
@@ -37,7 +37,6 @@ pub fn create_token_intent_ptx<R: RngCore>(
     input_nk: NullifierKeyContainer, // NullifierKeyContainer::Key
 ) -> (
     ShieldedPartialTransaction,
-    pallas::Scalar,
     NullifierKeyContainer,
     pallas::Base,
     pallas::Base,
@@ -122,15 +121,14 @@ pub fn create_token_intent_ptx<R: RngCore>(
     );
 
     // Create shielded partial tx
-    let (ptx, r) = ShieldedPartialTransaction::build(
+    let ptx = ShieldedPartialTransaction::build(
         [input_note_proving_info, padding_input_note_proving_info],
         [intent_note_proving_info, padding_output_note_proving_info],
         &mut rng,
     );
 
     (
         ptx,
-        r,
         input_nk,
         input_note_nk_com,
         input_note.app_data_dynamic,
@@ -150,7 +148,7 @@ pub fn consume_token_intent_ptx<R: RngCore>(
     output_token: &str,
     output_value: u64,
     output_auth_pk: pallas::Point,
-) -> (ShieldedPartialTransaction, pallas::Scalar) {
+) -> ShieldedPartialTransaction {
     // input intent note
     let intent_note = create_intent_note(
         &mut rng,
@@ -252,7 +250,7 @@ pub fn create_token_swap_intent_transaction<R: RngCore + CryptoRng>(mut rng: R)
         token_name: "monkey".to_string(),
         token_value: 2u64,
     };
-    let (alice_ptx, alice_r, intent_nk, receiver_nk_com, receiver_app_data_dynamic, intent_rho) =
+    let (alice_ptx, intent_nk, receiver_nk_com, receiver_app_data_dynamic, intent_rho) =
         create_token_intent_ptx(
             &mut rng,
             condition1.clone(),
@@ -268,7 +266,7 @@ pub fn create_token_swap_intent_transaction<R: RngCore + CryptoRng>(mut rng: R)
     let bob_auth_pk = generator * bob_auth_sk;
     let bob_nk = NullifierKeyContainer::random_key(&mut rng);
 
-    let (bob_ptx, bob_r) = create_token_swap_ptx(
+    let bob_ptx = create_token_swap_ptx(
         &mut rng,
         "dolphin",
         1,
@@ -282,7 +280,7 @@ pub fn create_token_swap_intent_transaction<R: RngCore + CryptoRng>(mut rng: R)
 
     // Solver/Bob creates the partial transaction to consume the intent note
     // The bob_ptx and solver_ptx can be merged to one ptx.
-    let (solver_ptx, solver_r) = consume_token_intent_ptx(
+    let solver_ptx = consume_token_intent_ptx(
         &mut rng,
         condition1,
         condition2,
@@ -297,12 +295,8 @@ pub fn create_token_swap_intent_transaction<R: RngCore + CryptoRng>(mut rng: R)
 
     // Solver creates the final transaction
     let shielded_tx_bundle = ShieldedPartialTxBundle::build(vec![alice_ptx, bob_ptx, solver_ptx]);
-    Transaction::build(
-        &mut rng,
-        Some(shielded_tx_bundle),
-        None,
-        vec![alice_r, bob_r, solver_r],
-    )
+    let transparent_ptx_bundle = TransparentPartialTxBundle::default();
+    Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
 }
 
 #[test]

diff --git a/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs b/taiga_halo2/examples/tx_examples/token_swap_without_intent.rs
@@ -10,7 +10,7 @@ use pasta_curves::{group::Curve, pallas};
 use rand::{CryptoRng, RngCore};
 use taiga_halo2::{
     nullifier::NullifierKeyContainer,
-    transaction::{ShieldedPartialTxBundle, Transaction},
+    transaction::{ShieldedPartialTxBundle, Transaction, TransparentPartialTxBundle},
 };
 
 pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Transaction {
@@ -21,7 +21,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
     let alice_auth_pk = generator * alice_auth_sk;
     let alice_nk = NullifierKeyContainer::random_key(&mut rng);
 
-    let (alice_ptx, alice_r) = create_token_swap_ptx(
+    let alice_ptx = create_token_swap_ptx(
         &mut rng,
         "btc",
         5,
@@ -38,7 +38,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
     let bob_auth_pk = generator * bob_auth_sk;
     let bob_nk = NullifierKeyContainer::random_key(&mut rng);
 
-    let (bob_ptx, bob_r) = create_token_swap_ptx(
+    let bob_ptx = create_token_swap_ptx(
         &mut rng,
         "eth",
         10,
@@ -55,7 +55,7 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
     let carol_auth_pk = generator * carol_auth_sk;
     let carol_nk = NullifierKeyContainer::random_key(&mut rng);
 
-    let (carol_ptx, carol_r) = create_token_swap_ptx(
+    let carol_ptx = create_token_swap_ptx(
         &mut rng,
         "xan",
         15,
@@ -69,12 +69,8 @@ pub fn create_token_swap_transaction<R: RngCore + CryptoRng>(mut rng: R) -> Tran
 
     // Solver creates the final transaction
     let shielded_tx_bundle = ShieldedPartialTxBundle::build(vec![alice_ptx, bob_ptx, carol_ptx]);
-    Transaction::build(
-        &mut rng,
-        Some(shielded_tx_bundle),
-        None,
-        vec![alice_r, bob_r, carol_r],
-    )
+    let transparent_ptx_bundle = TransparentPartialTxBundle::default();
+    Transaction::build(&mut rng, shielded_tx_bundle, transparent_ptx_bundle)
 }
 
 #[test]

diff --git a/taiga_halo2/src/shielded_ptx.rs b/taiga_halo2/src/shielded_ptx.rs
@@ -23,13 +23,16 @@ use serde;
 
 #[cfg(feature = "borsh")]
 use borsh::{BorshDeserialize, BorshSerialize};
+#[cfg(feature = "borsh")]
+use ff::PrimeField;
 
 #[derive(Debug, Clone)]
 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
 pub struct ShieldedPartialTransaction {
     actions: [ActionVerifyingInfo; NUM_NOTE],
     inputs: [NoteVPVerifyingInfoSet; NUM_NOTE],
     outputs: [NoteVPVerifyingInfoSet; NUM_NOTE],
+    binding_sig_r: pallas::Scalar,
 }
 
 #[derive(Debug, Clone)]
@@ -62,14 +65,15 @@ struct ShieldedPartialTransactionProxy {
     actions: Vec<ActionVerifyingInfo>,
     inputs: Vec<NoteVPVerifyingInfoSet>,
     outputs: Vec<NoteVPVerifyingInfoSet>,
+    binding_sig_r: pallas::Scalar,
 }
 
 impl ShieldedPartialTransaction {
     pub fn build<R: RngCore>(
         input_info: [InputNoteProvingInfo; NUM_NOTE],
         output_info: [OutputNoteProvingInfo; NUM_NOTE],
         mut rng: R,
-    ) -> (Self, pallas::Scalar) {
+    ) -> Self {
         let inputs: Vec<NoteVPVerifyingInfoSet> = input_info
             .iter()
             .map(|input_note| {
@@ -99,14 +103,12 @@ impl ShieldedPartialTransaction {
             })
             .collect();
 
-        (
-            Self {
-                actions: actions.try_into().unwrap(),
-                inputs: inputs.try_into().unwrap(),
-                outputs: outputs.try_into().unwrap(),
-            },
-            rcv_sum,
-        )
+        Self {
+            actions: actions.try_into().unwrap(),
+            inputs: inputs.try_into().unwrap(),
+            outputs: outputs.try_into().unwrap(),
+            binding_sig_r: rcv_sum,
+        }
     }
 
     // verify zk proof
@@ -198,8 +200,13 @@ impl ShieldedPartialTransaction {
             actions: self.actions.to_vec(),
             inputs: self.inputs.to_vec(),
             outputs: self.outputs.to_vec(),
+            binding_sig_r: self.binding_sig_r,
         }
     }
+
+    pub fn get_binding_sig_r(&self) -> pallas::Scalar {
+        self.binding_sig_r
+    }
 }
 
 impl ShieldedPartialTransactionProxy {
@@ -211,6 +218,7 @@ impl ShieldedPartialTransactionProxy {
             actions,
             inputs,
             outputs,
+            binding_sig_r: self.binding_sig_r,
         })
     }
 }
@@ -267,6 +275,8 @@ impl BorshSerialize for ShieldedPartialTransaction {
             output.serialize(writer)?;
         }
 
+        writer.write_all(&self.binding_sig_r.to_repr())?;
+
         Ok(())
     }
 }
@@ -283,10 +293,19 @@ impl BorshDeserialize for ShieldedPartialTransaction {
         let outputs: Vec<_> = (0..NUM_NOTE)
             .map(|_| NoteVPVerifyingInfoSet::deserialize_reader(reader))
             .collect::<Result<_, _>>()?;
+        let binding_sig_r_bytes = <[u8; 32]>::deserialize_reader(reader)?;
+        let binding_sig_r = Option::from(pallas::Scalar::from_repr(binding_sig_r_bytes))
+            .ok_or_else(|| {
+                std::io::Error::new(
+                    std::io::ErrorKind::InvalidData,
+                    "binding_sig_r not in field",
+                )
+            })?;
         Ok(ShieldedPartialTransaction {
             actions: actions.try_into().unwrap(),
             inputs: inputs.try_into().unwrap(),
             outputs: outputs.try_into().unwrap(),
+            binding_sig_r,
         })
     }
 }
@@ -414,7 +433,7 @@ pub mod testing {
     use pasta_curves::pallas;
     use rand::rngs::OsRng;
 
-    pub fn create_shielded_ptx() -> (ShieldedPartialTransaction, pallas::Scalar) {
+    pub fn create_shielded_ptx() -> ShieldedPartialTransaction {
         let mut rng = OsRng;
 
         // Create empty VP circuit without note info