Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2025-07-28 09:14:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

Compute s_prime_a properly and make rng configurable

Browse source
This commit is contained in:
Thomas Eizinger 2021-05-07 17:48:07 +10:00
parent d9e30b903e
commit 22ff99b65f
No known key found for this signature in database
GPG key ID: 651AC83A6C6C8B96
2 changed files with 25 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

19
monero-adaptor/src/lib.rs
View file

@ -7,9 +7,9 @@ use curve25519_dalek::constants::ED25519_BASEPOINT_POINT;
use curve25519_dalek::edwards::EdwardsPoint; use curve25519_dalek::edwards::EdwardsPoint;
use curve25519_dalek::scalar::Scalar; use curve25519_dalek::scalar::Scalar;
use hash_edwards_to_edwards::hash_point_to_point; use hash_edwards_to_edwards::hash_point_to_point;
use rand::rngs::OsRng;
use std::convert::TryInto; use std::convert::TryInto;
use tiny_keccak::{Hasher, Keccak}; use tiny_keccak::{Hasher, Keccak};
use rand::{Rng, CryptoRng};
pub const RING_SIZE: usize = 11; pub const RING_SIZE: usize = 11;
const DOMAIN_TAG: &str = "CSLAG_c"; const DOMAIN_TAG: &str = "CSLAG_c";
@ -198,12 +198,13 @@ impl Alice0 {
R_a: EdwardsPoint, R_a: EdwardsPoint,
R_prime_a: EdwardsPoint, R_prime_a: EdwardsPoint,
s_prime_a: Scalar, s_prime_a: Scalar,
rng: &mut (impl Rng + CryptoRng)
) -> Result<Self> { ) -> Result<Self> {
let mut fake_responses = [Scalar::zero(); RING_SIZE - 1]; let mut fake_responses = [Scalar::zero(); RING_SIZE - 1];
for response in fake_responses.iter_mut().take(RING_SIZE - 1) { for response in fake_responses.iter_mut().take(RING_SIZE - 1) {
*response = Scalar::random(&mut OsRng); *response = Scalar::random(rng);
} }
let alpha_a = Scalar::random(&mut OsRng); let alpha_a = Scalar::random(rng);
let p_k = ring[0]; let p_k = ring[0];
let H_p_pk = hash_point_to_point(p_k); let H_p_pk = hash_point_to_point(p_k);
@ -227,7 +228,7 @@ impl Alice0 {
}) })
} }
pub fn next_message(&self) -> Message0 { pub fn next_message(&self, rng: &mut (impl Rng + CryptoRng)) -> Message0 {
Message0 { Message0 {
pi_a: DleqProof::new( pi_a: DleqProof::new(
ED25519_BASEPOINT_POINT, ED25519_BASEPOINT_POINT,
@ -235,6 +236,7 @@ impl Alice0 {
self.H_p_pk, self.H_p_pk,
self.I_hat_a, self.I_hat_a,
self.alpha_a, self.alpha_a,
rng
), ),
c_a: Commitment::new(self.fake_responses, self.I_a, self.I_hat_a, self.T_a), c_a: Commitment::new(self.fake_responses, self.I_a, self.I_hat_a, self.T_a),
} }
@ -331,8 +333,9 @@ impl Bob0 {
R_a: EdwardsPoint, R_a: EdwardsPoint,
R_prime_a: EdwardsPoint, R_prime_a: EdwardsPoint,
s_b: Scalar, s_b: Scalar,
rng: &mut (impl Rng + CryptoRng)
) -> Result<Self> { ) -> Result<Self> {
let alpha_b = Scalar::random(&mut OsRng); let alpha_b = Scalar::random(rng);
let p_k = ring[0]; let p_k = ring[0];
let H_p_pk = hash_point_to_point(p_k); let H_p_pk = hash_point_to_point(p_k);
@ -393,7 +396,7 @@ pub struct Bob1 {
} }
impl Bob1 { impl Bob1 {
pub fn next_message(&self) -> Message1 { pub fn next_message(&self, rng: &mut (impl Rng + CryptoRng)) -> Message1 {
Message1 { Message1 {
I_b: self.I_b, I_b: self.I_b,
T_b: self.T_b, T_b: self.T_b,
@ -404,6 +407,7 @@ impl Bob1 {
self.H_p_pk, self.H_p_pk,
self.I_hat_b, self.I_hat_b,
self.alpha_b, self.alpha_b,
rng
), ),
} }
} }
@ -465,8 +469,9 @@ impl DleqProof {
H: EdwardsPoint, H: EdwardsPoint,
xH: EdwardsPoint, xH: EdwardsPoint,
x: Scalar, x: Scalar,
rng: &mut (impl Rng + CryptoRng)
) -> Self { ) -> Self {
let r = Scalar::random(&mut OsRng); let r = Scalar::random(rng);
let rG = r * G; let rG = r * G;
let rH = r * H; let rH = r * H;

23
monero-adaptor/tests/integration_test.rs
View file

@ -17,7 +17,7 @@ use monero_rpc::monerod;
use monero_rpc::monerod::{GetOutputsOut, MonerodRpc}; use monero_rpc::monerod::{GetOutputsOut, MonerodRpc};
use monero_wallet::{MonerodClientExt}; use monero_wallet::{MonerodClientExt};
use rand::rngs::OsRng; use rand::rngs::OsRng;
use rand::{Rng, SeedableRng, thread_rng}; use rand::{Rng, SeedableRng, thread_rng, CryptoRng};
use std::convert::TryInto; use std::convert::TryInto;
use std::iter; use std::iter;
@ -37,11 +37,11 @@ async fn monerod_integration_test() {
let client = monerod::Client::localhost(18081).unwrap(); let client = monerod::Client::localhost(18081).unwrap();
let mut rng = rand::rngs::StdRng::from_seed([0u8; 32]); let mut rng = rand::rngs::StdRng::from_seed([0u8; 32]);
let s_prime_a = curve25519_dalek::scalar::Scalar::random(&mut rng); let s_a = curve25519_dalek::scalar::Scalar::random(&mut rng);
let s_b = curve25519_dalek::scalar::Scalar::random(&mut rng); let s_b = curve25519_dalek::scalar::Scalar::random(&mut rng);
let lock_kp = monero::KeyPair { let lock_kp = monero::KeyPair {
view: monero::PrivateKey::from_scalar(curve25519_dalek::scalar::Scalar::random(&mut rng)), view: monero::PrivateKey::from_scalar(curve25519_dalek::scalar::Scalar::random(&mut rng)),
spend: monero::PrivateKey::from_scalar(s_prime_a + s_b), spend: monero::PrivateKey::from_scalar(s_a + s_b),
}; };
let lock_amount = 1_000_000_000_000; let lock_amount = 1_000_000_000_000;
@ -155,7 +155,7 @@ async fn monerod_integration_test() {
target_address.public_spend, target_address.public_spend,
ecdh_key_0, ecdh_key_0,
) )
.one_time_key(0), // TODO: It works with 1 output, but we must choose it based on the output index .one_time_key(0)// TODO: This must be the output index
}, },
}, TxOut { }, TxOut {
amount: VarInt(0), amount: VarInt(0),
@ -165,7 +165,7 @@ async fn monerod_integration_test() {
target_address.public_spend, target_address.public_spend,
ecdh_key_1, ecdh_key_1,
) )
.one_time_key(1), // TODO: It works with 1 output, but we must choose it based on the output index .one_time_key(1), // TODO: This must be the output index
}, },
}], }],
extra: ExtraField(vec![SubField::TxPublicKey(PublicKey::from_private_key( extra: ExtraField(vec![SubField::TxPublicKey(PublicKey::from_private_key(
@ -177,8 +177,10 @@ async fn monerod_integration_test() {
// assert_eq!(prefix.hash(), "c3ded4d1a8cddd4f76c09b63edff4e312e759b3afc46beda4e1fd75c9c68d997".parse().unwrap()); // assert_eq!(prefix.hash(), "c3ded4d1a8cddd4f76c09b63edff4e312e759b3afc46beda4e1fd75c9c68d997".parse().unwrap());
let s_prime_a = s_a + KeyGenerator::from_key(&viewpair, our_output.tx_pubkey).get_rvn_scalar(our_output.index).scalar;
let (adaptor_sig, adaptor) = let (adaptor_sig, adaptor) =
single_party_adaptor_sig(s_prime_a, s_b, ring, &prefix.hash().to_bytes()); single_party_adaptor_sig(s_prime_a, s_b, ring, &prefix.hash().to_bytes(), &mut rng);
let sig = adaptor_sig.adapt(adaptor); let sig = adaptor_sig.adapt(adaptor);
@ -243,6 +245,7 @@ fn single_party_adaptor_sig(
s_b: Scalar, s_b: Scalar,
ring: [EdwardsPoint; monero_adaptor::RING_SIZE], ring: [EdwardsPoint; monero_adaptor::RING_SIZE],
msg: &[u8; 32], msg: &[u8; 32],
rng: &mut (impl Rng + CryptoRng)
) -> (monero_adaptor::AdaptorSignature, Scalar) { ) -> (monero_adaptor::AdaptorSignature, Scalar) {
let (r_a, R_a, R_prime_a) = { let (r_a, R_a, R_prime_a) = {
let r_a = Scalar::random(&mut OsRng); let r_a = Scalar::random(&mut OsRng);
@ -255,13 +258,13 @@ fn single_party_adaptor_sig(
(r_a, R_a, R_prime_a) (r_a, R_a, R_prime_a)
}; };
let alice = monero_adaptor::Alice0::new(ring, *msg, R_a, R_prime_a, s_prime_a).unwrap(); let alice = monero_adaptor::Alice0::new(ring, *msg, R_a, R_prime_a, s_prime_a, rng).unwrap();
let bob = monero_adaptor::Bob0::new(ring, *msg, R_a, R_prime_a, s_b).unwrap(); let bob = monero_adaptor::Bob0::new(ring, *msg, R_a, R_prime_a, s_b, rng).unwrap();
let msg = alice.next_message(); let msg = alice.next_message(rng);
let bob = bob.receive(msg); let bob = bob.receive(msg);
let msg = bob.next_message(); let msg = bob.next_message(rng);
let alice = alice.receive(msg).unwrap(); let alice = alice.receive(msg).unwrap();
let msg = alice.next_message(); let msg = alice.next_message();