Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2025-01-23 13:51:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

IT WORKS

Browse Source
This commit is contained in:
Thomas Eizinger 2021-05-11 17:21:16 +10:00
parent ddddc4d1ac
commit 08e591f54c
No known key found for this signature in database
GPG Key ID: 651AC83A6C6C8B96
2 changed files with 41 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
monero-adaptor/src/clsag.rs
View File

@ -32,11 +32,12 @@ pub fn sign(
let commitment_ring = Ring::new(commitment_ring); let commitment_ring = Ring::new(commitment_ring);
let mu_P = hash_to_scalar!( let mu_P = hash_to_scalar!(
b"CLSAG_agg_0" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment b"CLSAG_agg_0" || ring || commitment_ring || I || D_inv_8 || pseudo_output_commitment
); );
let mu_C = hash_to_scalar!( let mu_C = hash_to_scalar!(
b"CLSAG_agg_1" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment b"CLSAG_agg_1" || ring || commitment_ring || I || D_inv_8 || pseudo_output_commitment
); );
let adjusted_commitment_ring = &commitment_ring - pseudo_output_commitment; let adjusted_commitment_ring = &commitment_ring - pseudo_output_commitment;
let compute_ring_element = |L: EdwardsPoint, R: EdwardsPoint| { let compute_ring_element = |L: EdwardsPoint, R: EdwardsPoint| {
@ -47,14 +48,16 @@ pub fn sign(
let h_0 = compute_ring_element(L_0, R_0); let h_0 = compute_ring_element(L_0, R_0);
dbg!(h_0);
let h_last = fake_responses let h_last = fake_responses
.iter() .iter()
.enumerate() .enumerate()
.fold(h_0, |h_prev, (i, s_i)| { .fold(h_0, |h_prev, (i, s_i)| {
let pk_i = ring[i + 1]; let pk_i = ring[i + 1];
let L_i = compute_L(h_prev, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_ring[i]); let L_i = compute_L(h_prev, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_ring[i + 1]);
let R_i = compute_R(h_prev, mu_P, mu_C, pk_i, *s_i, I, D_inv_8); let R_i = compute_R(h_prev, mu_P, mu_C, *s_i, pk_i, I, D_inv_8);
compute_ring_element(L_i, R_i) compute_ring_element(L_i, R_i)
}); });
@ -77,7 +80,7 @@ pub fn sign(
], ],
h_0, h_0,
I, I,
D, D: D_inv_8,
} }
} }
@ -86,7 +89,7 @@ pub fn verify(
&Signature { &Signature {
I, I,
h_0, h_0,
D, D: D_inv_8,
responses, responses,
.. ..
}: &Signature, }: &Signature,
@ -94,17 +97,18 @@ pub fn verify(
ring: &[EdwardsPoint; RING_SIZE], ring: &[EdwardsPoint; RING_SIZE],
commitment_ring: &[EdwardsPoint; RING_SIZE], commitment_ring: &[EdwardsPoint; RING_SIZE],
pseudo_output_commitment: EdwardsPoint, pseudo_output_commitment: EdwardsPoint,
H_p_pk: EdwardsPoint,
) -> bool { ) -> bool {
let ring = Ring::new(ring); let ring = Ring::new(ring);
let commitment_ring = Ring::new(commitment_ring); let commitment_ring = Ring::new(commitment_ring);
let D = D_inv_8 * Scalar::from(8u8);
let mu_P = hash_to_scalar!( let mu_P = hash_to_scalar!(
b"CLSAG_agg_0" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment b"CLSAG_agg_0" || ring || commitment_ring || I || D_inv_8 || pseudo_output_commitment
); );
let mu_C = hash_to_scalar!( let mu_C = hash_to_scalar!(
b"CLSAG_agg_1" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment b"CLSAG_agg_1" || ring || commitment_ring || I || D_inv_8 || pseudo_output_commitment
); );
let adjusted_commitment_ring = &commitment_ring - pseudo_output_commitment; let adjusted_commitment_ring = &commitment_ring - pseudo_output_commitment;
let mut h = h_0; let mut h = h_0;
@ -112,8 +116,8 @@ pub fn verify(
for (i, s_i) in responses.iter().enumerate() { for (i, s_i) in responses.iter().enumerate() {
let pk_i = ring[(i + 1) % RING_SIZE]; let pk_i = ring[(i + 1) % RING_SIZE];
let L_i = compute_L(h, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_ring[i]); let L_i = compute_L(h, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_ring[(i + 1) % RING_SIZE]);
let R_i = compute_R(h, mu_P, mu_C, pk_i, *s_i, I, D); let R_i = compute_R(h, mu_P, mu_C, *s_i, pk_i, I, D);
h = hash_to_scalar!( h = hash_to_scalar!(
b"CLSAG_round" b"CLSAG_round"
@ -157,8 +161,8 @@ fn compute_R(
h_prev: Scalar, h_prev: Scalar,
mu_P: Scalar, mu_P: Scalar,
mu_C: Scalar, mu_C: Scalar,
pk_i: EdwardsPoint,
s_i: Scalar, s_i: Scalar,
pk_i: EdwardsPoint,
I: EdwardsPoint, I: EdwardsPoint,
D: EdwardsPoint, D: EdwardsPoint,
) -> EdwardsPoint { ) -> EdwardsPoint {
@ -252,55 +256,35 @@ mod tests {
fn sign_and_verify() { fn sign_and_verify() {
let msg_to_sign = b"hello world, monero is amazing!!"; let msg_to_sign = b"hello world, monero is amazing!!";
let s_prime_a = Scalar::random(&mut OsRng); let signing_key = Scalar::random(&mut OsRng);
let s_b = Scalar::random(&mut OsRng); let signing_pk = signing_key * ED25519_BASEPOINT_POINT;
let H_p_pk = hash_point_to_point(signing_pk);
let pk = (s_prime_a + s_b) * ED25519_BASEPOINT_POINT; let alpha = Scalar::random(&mut OsRng);
let (r_a, R_a, R_prime_a) = { let mut ring = random_array(|| Scalar::random(&mut OsRng) * ED25519_BASEPOINT_POINT);
let r_a = Scalar::random(&mut OsRng); ring[0] = signing_pk;
let R_a = r_a * ED25519_BASEPOINT_POINT;
let pk_hashed_to_point = hash_point_to_point(pk);
let R_prime_a = r_a * pk_hashed_to_point;
(r_a, R_a, R_prime_a)
};
let mut ring = [EdwardsPoint::default(); RING_SIZE];
ring[0] = pk;
ring[1..].fill_with(|| {
let x = Scalar::random(&mut OsRng);
x * ED25519_BASEPOINT_POINT
});
let mut commitment_ring = [EdwardsPoint::default(); RING_SIZE];
let real_commitment_blinding = Scalar::random(&mut OsRng); let real_commitment_blinding = Scalar::random(&mut OsRng);
commitment_ring[0] = real_commitment_blinding * ED25519_BASEPOINT_POINT; // + 0 * H let mut commitment_ring = random_array(|| Scalar::random(&mut OsRng) * ED25519_BASEPOINT_POINT);
commitment_ring[1..].fill_with(|| { commitment_ring[0] = real_commitment_blinding * ED25519_BASEPOINT_POINT; /* + 0 * H */
let x = Scalar::random(&mut OsRng);
x * ED25519_BASEPOINT_POINT
});
// TODO: document // TODO: document
let pseudo_output_commitment = commitment_ring[0]; let pseudo_output_commitment = commitment_ring[0];
let signature = sign( let signature = sign(
msg_to_sign, msg_to_sign,
s_prime_a, signing_key,
todo!(), H_p_pk,
todo!(), alpha,
&ring, &ring,
&commitment_ring, &commitment_ring,
todo!(), random_array(|| Scalar::random(&mut OsRng)),
todo!(), Scalar::zero(),
pseudo_output_commitment, pseudo_output_commitment,
todo!(), alpha * ED25519_BASEPOINT_POINT,
todo!(), alpha * H_p_pk,
todo!(), signing_key * H_p_pk,
); );
assert!(verify( assert!(verify(
@ -308,8 +292,14 @@ mod tests {
msg_to_sign, msg_to_sign,
&ring, &ring,
&commitment_ring, &commitment_ring,
pseudo_output_commitment, pseudo_output_commitment
todo!()
)) ))
} }
fn random_array<T: Default + Copy, const N: usize>(rng: impl FnMut() -> T) -> [T; N] {
let mut ring = [T::default(); N];
ring[..].fill_with(rng);
ring
}
} }

3
monero-adaptor/src/lib.rs
View File

@ -630,8 +630,7 @@ mod tests {
msg_to_sign, msg_to_sign,
&ring, &ring,
&commitment_ring, &commitment_ring,
pseudo_output_commitment, pseudo_output_commitment
todo!()
)); ));
} }
} }