fix(verify): Only verify halo2 proofs once per transaction (#4752)

* Only verify halo2 proofs once per transaction (rather than once per action) * Update comments on how there is one aggregate Halo2 proof instead of one per Action Co-authored-by: Marek <mail@marek.onl> * cargo +stable fmt --all Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com> Co-authored-by: Marek <mail@marek.onl>
ZcashFoundation · Jul 6, 2022 · 383f83e · 383f83e
1 parent 42ef884
commit 383f83e
Showing 1 changed file with 17 additions and 17 deletions.
diff --git a/zebra-consensus/src/transaction.rs b/zebra-consensus/src/transaction.rs
@@ -909,26 +909,26 @@ where
         let mut async_checks = AsyncChecks::new();
 
         if let Some(orchard_shielded_data) = orchard_shielded_data {
+            // # Consensus
+            //
+            // > The proof 𝜋 MUST be valid given a primary input (cv, rt^{Orchard},
+            // > nf, rk, cm_x, enableSpends, enableOutputs)
+            //
+            // https://zips.z.cash/protocol/protocol.pdf#actiondesc
+            //
+            // Unlike Sapling, Orchard shielded transactions have a single
+            // aggregated Halo2 proof per transaction, even with multiple
+            // Actions in one transaction. So we queue it for verification
+            // only once instead of queuing it up for every Action description.
+            async_checks.push(
+                primitives::halo2::VERIFIER
+                    .clone()
+                    .oneshot(primitives::halo2::Item::from(orchard_shielded_data)),
+            );
+
             for authorized_action in orchard_shielded_data.actions.iter().cloned() {
                 let (action, spend_auth_sig) = authorized_action.into_parts();
 
-                // # Consensus
-                //
-                // > The proof 𝜋 MUST be valid given a primary input (cv, rt^{Orchard},
-                // > nf, rk, cm_x, enableSpends, enableOutputs)
-                //
-                // https://zips.z.cash/protocol/protocol.pdf#actiondesc
-                //
-                // Queue the verification of the Halo2 proof for each Action
-                // description while adding the resulting future to our
-                // collection of async checks that (at a minimum) must pass for
-                // the transaction to verify.
-                async_checks.push(
-                    primitives::halo2::VERIFIER
-                        .clone()
-                        .oneshot(primitives::halo2::Item::from(orchard_shielded_data)),
-                );
-
                 // # Consensus
                 //
                 // > - Let SigHash be the SIGHASH transaction hash of this transaction, not