Integrate CLSAGs into monero

They are allowed from v12, and MLSAGs are rejected from v13.
2025-05-02 12:36:06 -04:00 · 2019-06-09 13:02:16 +00:00 · 2019-06-09 13:02:16 +00:00 · 82ee01699c
commit 82ee01699c
parent 8cd1d6df8f
31 changed files with 1083 additions and 195 deletions
--- a/src/cryptonote_basic/cryptonote_boost_serialization.h
+++ b/src/cryptonote_basic/cryptonote_boost_serialization.h
@ -45,7 +45,6 @@
 #include "ringct/rctTypes.h"
 #include "ringct/rctOps.h"

-//namespace cryptonote {
 namespace boost
 {
  namespace serialization
@ -244,6 +243,15 @@ namespace boost
    // a & x.II; // not serialized, we can recover it from the tx vin
  }

+  template <class Archive>
+  inline void serialize(Archive &a, rct::clsag &x, const boost::serialization::version_type ver)
+  {
+    a & x.s;
+    a & x.c1;
+    // a & x.I; // not serialized, we can recover it from the tx vin
+    a & x.D;
+  }
+
  template <class Archive>
  inline void serialize(Archive &a, rct::ecdhTuple &x, const boost::serialization::version_type ver)
  {
@ -264,6 +272,9 @@ namespace boost
  inline void serialize(Archive &a, rct::multisig_out &x, const boost::serialization::version_type ver)
  {
    a & x.c;
+    if (ver < 1)
+      return;
+    a & x.mu_p;
  }

  template <class Archive>
@ -294,7 +305,7 @@ namespace boost
    a & x.type;
    if (x.type == rct::RCTTypeNull)
      return;
-    if (x.type != rct::RCTTypeFull && x.type != rct::RCTTypeSimple && x.type != rct::RCTTypeBulletproof && x.type != rct::RCTTypeBulletproof2)
+    if (x.type != rct::RCTTypeFull && x.type != rct::RCTTypeSimple && x.type != rct::RCTTypeBulletproof && x.type != rct::RCTTypeBulletproof2 && x.type != rct::RCTTypeCLSAG)
      throw boost::archive::archive_exception(boost::archive::archive_exception::other_exception, "Unsupported rct type");
    // a & x.message; message is not serialized, as it can be reconstructed from the tx data
    // a & x.mixRing; mixRing is not serialized, as it can be reconstructed from the offsets
@ -312,6 +323,8 @@ namespace boost
    if (x.rangeSigs.empty())
      a & x.bulletproofs;
    a & x.MGs;
+    if (ver >= 1u)
+      a & x.CLSAGs;
    if (x.rangeSigs.empty())
      a & x.pseudoOuts;
  }
@ -322,7 +335,7 @@ namespace boost
    a & x.type;
    if (x.type == rct::RCTTypeNull)
      return;
-    if (x.type != rct::RCTTypeFull && x.type != rct::RCTTypeSimple && x.type != rct::RCTTypeBulletproof && x.type != rct::RCTTypeBulletproof2)
+    if (x.type != rct::RCTTypeFull && x.type != rct::RCTTypeSimple && x.type != rct::RCTTypeBulletproof && x.type != rct::RCTTypeBulletproof2 && x.type != rct::RCTTypeCLSAG)
      throw boost::archive::archive_exception(boost::archive::archive_exception::other_exception, "Unsupported rct type");
    // a & x.message; message is not serialized, as it can be reconstructed from the tx data
    // a & x.mixRing; mixRing is not serialized, as it can be reconstructed from the offsets
@ -336,7 +349,9 @@ namespace boost
    if (x.p.rangeSigs.empty())
      a & x.p.bulletproofs;
    a & x.p.MGs;
-    if (x.type == rct::RCTTypeBulletproof || x.type == rct::RCTTypeBulletproof2)
+    if (ver >= 1u)
+      a & x.p.CLSAGs;
+    if (x.type == rct::RCTTypeBulletproof || x.type == rct::RCTTypeBulletproof2 || x.type == rct::RCTTypeCLSAG)
      a & x.p.pseudoOuts;
  }

@ -377,4 +392,6 @@ namespace boost
 }
 }

-//}
+BOOST_CLASS_VERSION(rct::rctSigPrunable, 1)
+BOOST_CLASS_VERSION(rct::rctSig, 1)
+BOOST_CLASS_VERSION(rct::multisig_out, 1)
--- a/src/cryptonote_basic/cryptonote_format_utils.cpp
+++ b/src/cryptonote_basic/cryptonote_format_utils.cpp
@ -436,7 +436,7 @@ namespace cryptonote
  {
    CHECK_AND_ASSERT_MES(tx.pruned, std::numeric_limits<uint64_t>::max(), "get_pruned_transaction_weight does not support non pruned txes");
    CHECK_AND_ASSERT_MES(tx.version >= 2, std::numeric_limits<uint64_t>::max(), "get_pruned_transaction_weight does not support v1 txes");
-    CHECK_AND_ASSERT_MES(tx.rct_signatures.type >= rct::RCTTypeBulletproof2,
+    CHECK_AND_ASSERT_MES(tx.rct_signatures.type >= rct::RCTTypeBulletproof2 || tx.rct_signatures.type == rct::RCTTypeCLSAG,
        std::numeric_limits<uint64_t>::max(), "get_pruned_transaction_weight does not support older range proof types");
    CHECK_AND_ASSERT_MES(!tx.vin.empty(), std::numeric_limits<uint64_t>::max(), "empty vin");
    CHECK_AND_ASSERT_MES(tx.vin[0].type() == typeid(cryptonote::txin_to_key), std::numeric_limits<uint64_t>::max(), "empty vin");
@ -458,9 +458,12 @@ namespace cryptonote
    extra = 32 * (9 + 2 * nrl) + 2;
    weight += extra;

-    // calculate deterministic MLSAG data size
+    // calculate deterministic CLSAG/MLSAG data size
    const size_t ring_size = boost::get<cryptonote::txin_to_key>(tx.vin[0]).key_offsets.size();
-    extra = tx.vin.size() * (ring_size * (1 + 1) * 32 + 32 /* cc */);
+    if (tx.rct_signatures.type == rct::RCTTypeCLSAG)
+      extra = tx.vin.size() * (ring_size + 2) * 32;
+    else
+      extra = tx.vin.size() * (ring_size * (1 + 1) * 32 + 32 /* cc */);
    weight += extra;

    // calculate deterministic pseudoOuts size