Compute h_0 correctly on Bob's side

2025-02-02 18:44:56 -05:00 · 2021-04-15 16:35:13 +10:00 · 2021-04-15 16:35:13 +10:00 · 085d95d07b
commit 085d95d07b
parent 4a5f32fe74
1 changed files with 8 additions and 0 deletions
--- a/monero-adaptor/src/lib.rs
+++ b/monero-adaptor/src/lib.rs
@ -361,7 +361,15 @@ impl Bob1 {
            .verify(RISTRETTO_BASEPOINT_POINT, T_a, self.H_p_pk, I_hat_a)?;

        let h_0 = {
+            let ring = self
+                .ring
+                .iter()
+                .flat_map(|pk| pk.compress().as_bytes().to_vec())
+                .collect::<Vec<u8>>();
+
            let h_0 = Sha512::new()
+                .chain("CLSAG_0".to_string())
+                .chain(ring)
                .chain(self.msg)
                .chain((T_a + self.T_b + self.R_a).compress().as_bytes())
                .chain(