Introduce `network_id` to DPC transactions about snarkos HOT 4 CLOSED

@gakonst pointed out that only the transaction needs to incorporate the network_id for replay prevention and support for multiple networks (similar to EIP155).

Thus, we propose the following architecture. Accounts will not include an is_testnet boolean or network_id byte. Instead, we update DPC as follows:

1. The inner_snark_gadget adds as public input one network_id byte, and
2. The Transaction struct adds one network_id byte, which miners will use as public input to verify the inner_snark proof.

For simplicity, we set the Aleo mainnet to ID 0 and the first Aleo testnet to ID 1.

from snarkos.

@kobigurk proposed using an integer instead of a boolean flag to differentiate mainnet from testnet accounts in order to allow support for multiple testnets.

In our architecture, to prevent replay attacks and support multiple testnets simultaneously, we can introduce one byte network_id to the account private key, where the MSB is set to 0 if the account is a mainnet account, and 1 if the account is a testnet account. Thus, mainnets would occupy 0-127 and testnets would occupy 128-255 as their network_id.

Then, the account public key would be produced as follows:

let commit_input = to_bytes![private_key.pk_sig, private_key.sk_prf, private_key.metadata, private_key.network_id]?;
let commitment = C::AccountCommitment::commit(parameters, &commit_input, &private_key.r_pk)?;

To prevent replay attacks across networks, we update DPC as follows:

1. The inner_snark_gadget adds as public input one network_id byte, and
2. The Transaction struct adds one network_id byte, which miners will use as public input to verify the inner_snark proof.

from snarkos.

#129

from snarkos.

Since #129 is merged, should this be closed? @howardwu

from snarkos.