wallet: complete hot-cold implementation for Carrot/FCMP++

[jeffro256]

Carrot/FCMP++ hot-cold wallets

Design goals

Protocol goals

• Compact exported Carrot outputs format
• Compact signed Carrot/FCMP++ transaction format (SA/L's and key image associations only)
• Deferred FCMP / BP+ proving to hot wallets at time of submission
• Allows for "state-less" transaction proposals and signing
• Allows for state-less, cold-initiated transaction proposals
• Allows for hot-cold setups for Carrot-key-hierarchy wallets
• Allows hiding of sender-receiver secrets from hot wallet

Wallet implementation goals

• New hot wallets backwards compatible with old cold wallets until FCMP++ hard fork activation
• New cold wallets backwards compatible with old hot wallets until FCMP++ hard fork activation
• User experience for hot-cold setups on CLI and RPC is unchanged before and after FCMP++ hard fork activation
• Wallet RPC interface completely backwards compatible until FCMP++ hard fork activation
• Wallet RPC interface only differs in fetching of transaction secret keys after FCMP++ hard fork activation

Testing

• Importing/exporting outputs, subaddress and coinbase included
• Carrot-key-hierarchy account signing
• State-less transaction proposals and signing
• Cold-initiated transaction proposals

New quirks

• Sender-receiver secrets for Carrot/FCMP++ transactions now need to fetched by the signable transaction hash, not TXID, from the cold wallet. The hot wallet RPC returns the signable transaction hash in the submit_transfer method. This is a breaking change.
• Because finalizing transaction proposals into pruned Carrot/FCMP++ transactions requires knowing the private view-incoming key, a hot wallet without a differing private view-incoming key will cryptographically not be able to submit a signed transaction set. This shouldn't be a breaking change since the signed transaction payloads are encrypted using the private view-incoming key anyways.

Depends: #74, #75, #76, #77, #97, #98, #214, #216, #296

Will break this PR up into smaller pieces once the above are merged.

[jeffro256]

Legacy cold_signing tests pass now (hard-fork table not updated). Also, src/wallet2.* are about ~1500 lines smaller ;)

[ComputeryPony]

OUTPUT_EXPORT_FILE_MAGIC

[jeffro256]

Thank you

[ComputeryPony]

Not sure if it's just not implemented yet or a bug but I can almost make and use an offline wallet with this PR but I get an error when running submit_transfer at the very end.

[wallet 55WeP6]: submit_transfer
Error: unexpected error: std::get: wrong index for variant

[jeffro256]

@ComputeryPony thanks for bringing that up, it was a bug. Does the latest commit fix it? It seems to work for me now

[ComputeryPony]

@ComputeryPony thanks for bringing that up, it was a bug. Does the latest commit fix it? It seems to work for me now

Yup, that fixed it. Thanks!

[jeffro256]

Rebased against fcmp++-stage and remove usage of tools::add_element().

[jeffro256]

Rebased

[jeffro256]

Rebased

[jeffro256]

Reworked to incorporate unbiased hash-to-point changes.

[jeffro256]

Unit test failure is unrelated

[jeffro256]

Rebased due to #296

[jeffro256]

Rebased due to fcmp++-stage rebase against master