v8: per byte fee, pad bulletproofs, fixed 11 ring size

src/ringct/rctSigs.cpp

@@ -758,7 +758,20 @@ namespace rct {
             std::vector<uint64_t> proof_amounts;
             size_t n_amounts = outamounts.size();
             size_t amounts_proved = 0;
-            while (amounts_proved < n_amounts)
+            if (range_proof_type == RangeProofPaddedBulletproof)
+            {
+                rct::keyV C, masks;
+                rv.p.bulletproofs.push_back(proveRangeBulletproof(C, masks, outamounts));
+                #ifdef DBG
+                CHECK_AND_ASSERT_THROW_MES(verBulletproof(rv.p.bulletproofs.back()), "verBulletproof failed on newly created proof");
+                #endif
+                for (i = 0; i < outamounts.size(); ++i)
+                {
+                    rv.outPk[i].mask = C[i];
+                    outSk[i].mask = masks[i];
+                }
+            }
+            else while (amounts_proved < n_amounts)
             {
                 size_t batch_size = 1;
                 if (range_proof_type == RangeProofMultiOutputBulletproof)

src/ringct/rctTypes.cpp

@@ -29,6 +29,7 @@
 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "misc_log_ex.h"
+#include "cryptonote_config.h"
 #include "rctTypes.h"
 using namespace crypto;
 using namespace std;
@@ -233,11 +234,29 @@ namespace rct {
         }
     }
 
+    bool is_rct_borromean(int type)
+    {
+        switch (type)
+        {
+            case RCTTypeSimple:
+            case RCTTypeFull:
+                return true;
+            default:
+                return false;
+        }
+    }
+
     size_t n_bulletproof_amounts(const Bulletproof &proof)
     {
         CHECK_AND_ASSERT_MES(proof.L.size() >= 6, 0, "Invalid bulletproof L size");
-        CHECK_AND_ASSERT_MES(proof.L.size() <= 31, 0, "Insane bulletproof L size");
-        return 1 << (proof.L.size() - 6);
+        CHECK_AND_ASSERT_MES(proof.L.size() == proof.R.size(), 0, "Mismatched bulletproof L/R size");
+        static const size_t extra_bits = 4;
+        static_assert((1 << extra_bits) == BULLETPROOF_MAX_OUTPUTS, "log2(BULLETPROOF_MAX_OUTPUTS) is out of date");
+        CHECK_AND_ASSERT_MES(proof.L.size() <= 6 + extra_bits, 0, "Invalid bulletproof L size");
+        CHECK_AND_ASSERT_MES(proof.V.size() <= (1u<<(proof.L.size()-6)), 0, "Invalid bulletproof V/L");
+        CHECK_AND_ASSERT_MES(proof.V.size() * 2 > (1u<<(proof.L.size()-6)), 0, "Invalid bulletproof V/L");
+        CHECK_AND_ASSERT_MES(proof.V.size() > 0, 0, "Empty bulletproof");
+        return proof.V.size();
     }
 
     size_t n_bulletproof_amounts(const std::vector<Bulletproof> &proofs)
@@ -254,4 +273,28 @@ namespace rct {
         return n;
     }
 
+    size_t n_bulletproof_max_amounts(const Bulletproof &proof)
+    {
+        CHECK_AND_ASSERT_MES(proof.L.size() >= 6, 0, "Invalid bulletproof L size");
+        CHECK_AND_ASSERT_MES(proof.L.size() == proof.R.size(), 0, "Mismatched bulletproof L/R size");
+        static const size_t extra_bits = 4;
+        static_assert((1 << extra_bits) == BULLETPROOF_MAX_OUTPUTS, "log2(BULLETPROOF_MAX_OUTPUTS) is out of date");
+        CHECK_AND_ASSERT_MES(proof.L.size() <= 6 + extra_bits, 0, "Invalid bulletproof L size");
+        return 1 << (proof.L.size() - 6);
+    }
+
+    size_t n_bulletproof_max_amounts(const std::vector<Bulletproof> &proofs)
+    {
+        size_t n = 0;
+        for (const Bulletproof &proof: proofs)
+        {
+            size_t n2 = n_bulletproof_max_amounts(proof);
+            CHECK_AND_ASSERT_MES(n2 < std::numeric_limits<uint32_t>::max() - n, 0, "Invalid number of bulletproofs");
+            if (n2 == 0)
+                return 0;
+            n += n2;
+        }
+        return n;
+    }
+
 }

src/ringct/rctTypes.h

@@ -214,7 +214,9 @@ namespace rct {
     };
 
     size_t n_bulletproof_amounts(const Bulletproof &proof);
+    size_t n_bulletproof_max_amounts(const Bulletproof &proof);
     size_t n_bulletproof_amounts(const std::vector<Bulletproof> &proofs);
+    size_t n_bulletproof_max_amounts(const std::vector<Bulletproof> &proofs);
 
     //A container to hold all signatures necessary for RingCT
     // rangeSigs holds all the rangeproof data of a transaction
@@ -229,7 +231,7 @@ namespace rct {
       RCTTypeSimple = 2,
       RCTTypeBulletproof = 3,
     };
-    enum RangeProofType { RangeProofBorromean, RangeProofBulletproof, RangeProofMultiOutputBulletproof };
+    enum RangeProofType { RangeProofBorromean, RangeProofBulletproof, RangeProofMultiOutputBulletproof, RangeProofPaddedBulletproof };
     struct rctSigBase {
         uint8_t type;
         key message;
@@ -324,7 +326,7 @@ namespace rct {
               if (nbp - i > 1)
                 ar.delimit_array();
             }
-            if (n_bulletproof_amounts(bulletproofs) != outputs)
+            if (n_bulletproof_max_amounts(bulletproofs) < outputs)
               return false;
             ar.end_array();
           }
@@ -528,6 +530,7 @@ namespace rct {
 
     bool is_rct_simple(int type);
     bool is_rct_bulletproof(int type);
+    bool is_rct_borromean(int type);
 
     static inline const rct::key &pk2rct(const crypto::public_key &pk) { return (const rct::key&)pk; }
     static inline const rct::key &sk2rct(const crypto::secret_key &sk) { return (const rct::key&)sk; }